From 9e35e2ef8ae14d899a381fb956c31164249b40b2 Mon Sep 17 00:00:00 2001 From: Crowdin Bot Date: Sat, 11 Mar 2023 14:57:24 +0000 Subject: [PATCH] New Crowdin Translations (#2074) Signed-off-by: Daniel Gray --- i18n/ar/404.md | 16 +- i18n/ar/about/criteria.md | 2 - i18n/ar/about/donate.md | 2 - i18n/ar/about/index.md | 38 +- i18n/ar/about/notices.md | 2 - i18n/ar/about/privacy-policy.md | 2 - i18n/ar/about/privacytools.md | 2 - i18n/ar/about/services.md | 2 - i18n/ar/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/ar/advanced/dns-overview.md | 3 +- i18n/ar/advanced/payments.md | 84 +++ i18n/ar/advanced/tor-overview.md | 3 +- i18n/ar/android.md | 8 +- i18n/ar/basics/account-creation.md | 3 +- i18n/ar/basics/account-deletion.md | 3 +- i18n/ar/basics/common-misconceptions.md | 3 +- i18n/ar/basics/common-threats.md | 3 +- i18n/ar/basics/email-security.md | 3 +- i18n/ar/basics/multi-factor-authentication.md | 3 +- i18n/ar/basics/passwords-overview.md | 3 +- i18n/ar/basics/threat-modeling.md | 3 +- i18n/ar/basics/vpn-overview.md | 5 +- i18n/ar/calendar.md | 3 +- i18n/ar/cloud.md | 4 +- i18n/ar/cryptocurrency.md | 53 ++ i18n/ar/data-redaction.md | 3 +- i18n/ar/desktop-browsers.md | 3 +- i18n/ar/desktop.md | 3 +- i18n/ar/dns.md | 9 +- i18n/ar/email-clients.md | 3 +- i18n/ar/email.md | 199 ++++--- i18n/ar/encryption.md | 3 +- i18n/ar/file-sharing.md | 3 +- i18n/ar/financial-services.md | 94 ++++ i18n/ar/frontends.md | 3 +- i18n/ar/index.md | 2 - i18n/ar/kb-archive.md | 3 +- i18n/ar/meta/brand.md | 2 - i18n/ar/meta/git-recommendations.md | 2 - i18n/ar/meta/uploading-images.md | 2 - i18n/ar/meta/writing-style.md | 2 - i18n/ar/mobile-browsers.md | 3 +- i18n/ar/multi-factor-authentication.md | 3 +- i18n/ar/news-aggregators.md | 5 +- i18n/ar/notebooks.md | 3 +- i18n/ar/os/android-overview.md | 42 +- i18n/ar/os/linux-overview.md | 5 +- i18n/ar/os/qubes-overview.md | 3 +- i18n/ar/passwords.md | 3 +- i18n/ar/productivity.md | 3 +- i18n/ar/real-time-communication.md | 3 +- i18n/ar/router.md | 3 +- i18n/ar/search-engines.md | 3 +- i18n/ar/tools.md | 40 +- i18n/ar/tor.md | 11 +- i18n/ar/video-streaming.md | 3 +- i18n/ar/vpn.md | 252 ++++----- i18n/bn/404.md | 6 +- i18n/bn/about/criteria.md | 2 - i18n/bn/about/donate.md | 2 - i18n/bn/about/index.md | 38 +- i18n/bn/about/notices.md | 2 - i18n/bn/about/privacy-policy.md | 2 - i18n/bn/about/privacytools.md | 2 - i18n/bn/about/services.md | 2 - i18n/bn/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/bn/advanced/dns-overview.md | 3 +- i18n/bn/advanced/payments.md | 84 +++ i18n/bn/advanced/tor-overview.md | 3 +- i18n/bn/android.md | 8 +- i18n/bn/basics/account-creation.md | 3 +- i18n/bn/basics/account-deletion.md | 3 +- i18n/bn/basics/common-misconceptions.md | 3 +- i18n/bn/basics/common-threats.md | 3 +- i18n/bn/basics/email-security.md | 3 +- i18n/bn/basics/multi-factor-authentication.md | 3 +- i18n/bn/basics/passwords-overview.md | 3 +- i18n/bn/basics/threat-modeling.md | 3 +- i18n/bn/basics/vpn-overview.md | 5 +- i18n/bn/calendar.md | 3 +- i18n/bn/cloud.md | 4 +- i18n/bn/cryptocurrency.md | 53 ++ i18n/bn/data-redaction.md | 3 +- i18n/bn/desktop-browsers.md | 3 +- i18n/bn/desktop.md | 3 +- i18n/bn/dns.md | 9 +- i18n/bn/email-clients.md | 3 +- i18n/bn/email.md | 199 ++++--- i18n/bn/encryption.md | 3 +- i18n/bn/file-sharing.md | 3 +- i18n/bn/financial-services.md | 94 ++++ i18n/bn/frontends.md | 3 +- i18n/bn/index.md | 2 - i18n/bn/kb-archive.md | 3 +- i18n/bn/meta/brand.md | 2 - i18n/bn/meta/git-recommendations.md | 2 - i18n/bn/meta/uploading-images.md | 2 - i18n/bn/meta/writing-style.md | 2 - i18n/bn/mobile-browsers.md | 3 +- i18n/bn/multi-factor-authentication.md | 3 +- i18n/bn/news-aggregators.md | 5 +- i18n/bn/notebooks.md | 3 +- i18n/bn/os/android-overview.md | 42 +- i18n/bn/os/linux-overview.md | 5 +- i18n/bn/os/qubes-overview.md | 3 +- i18n/bn/passwords.md | 3 +- i18n/bn/productivity.md | 3 +- i18n/bn/real-time-communication.md | 3 +- i18n/bn/router.md | 3 +- i18n/bn/search-engines.md | 3 +- i18n/bn/tools.md | 40 +- i18n/bn/tor.md | 11 +- i18n/bn/video-streaming.md | 3 +- i18n/bn/vpn.md | 252 ++++----- i18n/de/404.md | 6 +- i18n/de/CODE_OF_CONDUCT.md | 26 +- i18n/de/about/criteria.md | 2 - i18n/de/about/donate.md | 2 - i18n/de/about/index.md | 44 +- i18n/de/about/notices.md | 2 - i18n/de/about/privacy-policy.md | 36 +- i18n/de/about/privacytools.md | 2 - i18n/de/about/services.md | 2 - i18n/de/about/statistics.md | 2 - .../advanced/communication-network-types.md | 5 +- i18n/de/advanced/dns-overview.md | 3 +- i18n/de/advanced/payments.md | 84 +++ i18n/de/advanced/tor-overview.md | 3 +- i18n/de/android.md | 8 +- i18n/de/basics/account-creation.md | 3 +- i18n/de/basics/account-deletion.md | 3 +- i18n/de/basics/common-misconceptions.md | 3 +- i18n/de/basics/common-threats.md | 3 +- i18n/de/basics/email-security.md | 3 +- i18n/de/basics/multi-factor-authentication.md | 5 +- i18n/de/basics/passwords-overview.md | 17 +- i18n/de/basics/threat-modeling.md | 3 +- i18n/de/basics/vpn-overview.md | 5 +- i18n/de/calendar.md | 3 +- i18n/de/cloud.md | 4 +- i18n/de/cryptocurrency.md | 53 ++ i18n/de/data-redaction.md | 3 +- i18n/de/desktop-browsers.md | 3 +- i18n/de/desktop.md | 3 +- i18n/de/dns.md | 75 ++- i18n/de/email-clients.md | 3 +- i18n/de/email.md | 237 ++++---- i18n/de/encryption.md | 3 +- i18n/de/file-sharing.md | 3 +- i18n/de/financial-services.md | 94 ++++ i18n/de/frontends.md | 3 +- i18n/de/index.md | 40 +- i18n/de/kb-archive.md | 5 +- i18n/de/meta/brand.md | 14 +- i18n/de/meta/git-recommendations.md | 6 +- i18n/de/meta/uploading-images.md | 78 ++- i18n/de/meta/writing-style.md | 52 +- i18n/de/mobile-browsers.md | 3 +- i18n/de/multi-factor-authentication.md | 3 +- i18n/de/news-aggregators.md | 5 +- i18n/de/notebooks.md | 3 +- i18n/de/os/android-overview.md | 42 +- i18n/de/os/linux-overview.md | 5 +- i18n/de/os/qubes-overview.md | 3 +- i18n/de/passwords.md | 3 +- i18n/de/productivity.md | 3 +- i18n/de/real-time-communication.md | 3 +- i18n/de/router.md | 3 +- i18n/de/search-engines.md | 3 +- i18n/de/tools.md | 40 +- i18n/de/tor.md | 19 +- i18n/de/video-streaming.md | 5 +- i18n/de/vpn.md | 330 ++++++------ i18n/el/404.md | 8 +- i18n/el/about/criteria.md | 2 - i18n/el/about/donate.md | 2 - i18n/el/about/index.md | 38 +- i18n/el/about/notices.md | 2 - i18n/el/about/privacy-policy.md | 2 - i18n/el/about/privacytools.md | 2 - i18n/el/about/services.md | 2 - i18n/el/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/el/advanced/dns-overview.md | 3 +- i18n/el/advanced/payments.md | 84 +++ i18n/el/advanced/tor-overview.md | 3 +- i18n/el/android.md | 8 +- i18n/el/basics/account-creation.md | 3 +- i18n/el/basics/account-deletion.md | 3 +- i18n/el/basics/common-misconceptions.md | 3 +- i18n/el/basics/common-threats.md | 3 +- i18n/el/basics/email-security.md | 3 +- i18n/el/basics/multi-factor-authentication.md | 3 +- i18n/el/basics/passwords-overview.md | 3 +- i18n/el/basics/threat-modeling.md | 3 +- i18n/el/basics/vpn-overview.md | 5 +- i18n/el/calendar.md | 3 +- i18n/el/cloud.md | 4 +- i18n/el/cryptocurrency.md | 53 ++ i18n/el/data-redaction.md | 3 +- i18n/el/desktop-browsers.md | 3 +- i18n/el/desktop.md | 3 +- i18n/el/dns.md | 9 +- i18n/el/email-clients.md | 3 +- i18n/el/email.md | 199 ++++--- i18n/el/encryption.md | 3 +- i18n/el/file-sharing.md | 3 +- i18n/el/financial-services.md | 94 ++++ i18n/el/frontends.md | 3 +- i18n/el/index.md | 2 - i18n/el/kb-archive.md | 3 +- i18n/el/meta/brand.md | 2 - i18n/el/meta/git-recommendations.md | 2 - i18n/el/meta/uploading-images.md | 2 - i18n/el/meta/writing-style.md | 2 - i18n/el/mobile-browsers.md | 3 +- i18n/el/multi-factor-authentication.md | 3 +- i18n/el/news-aggregators.md | 5 +- i18n/el/notebooks.md | 3 +- i18n/el/os/android-overview.md | 42 +- i18n/el/os/linux-overview.md | 5 +- i18n/el/os/qubes-overview.md | 3 +- i18n/el/passwords.md | 3 +- i18n/el/productivity.md | 3 +- i18n/el/real-time-communication.md | 3 +- i18n/el/router.md | 3 +- i18n/el/search-engines.md | 3 +- i18n/el/tools.md | 40 +- i18n/el/tor.md | 11 +- i18n/el/video-streaming.md | 3 +- i18n/el/vpn.md | 254 ++++----- i18n/eo/404.md | 6 +- i18n/eo/about/criteria.md | 2 - i18n/eo/about/donate.md | 2 - i18n/eo/about/index.md | 38 +- i18n/eo/about/notices.md | 2 - i18n/eo/about/privacy-policy.md | 2 - i18n/eo/about/privacytools.md | 2 - i18n/eo/about/services.md | 2 - i18n/eo/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/eo/advanced/dns-overview.md | 3 +- i18n/eo/advanced/payments.md | 84 +++ i18n/eo/advanced/tor-overview.md | 3 +- i18n/eo/android.md | 8 +- i18n/eo/basics/account-creation.md | 3 +- i18n/eo/basics/account-deletion.md | 3 +- i18n/eo/basics/common-misconceptions.md | 3 +- i18n/eo/basics/common-threats.md | 3 +- i18n/eo/basics/email-security.md | 3 +- i18n/eo/basics/multi-factor-authentication.md | 3 +- i18n/eo/basics/passwords-overview.md | 3 +- i18n/eo/basics/threat-modeling.md | 3 +- i18n/eo/basics/vpn-overview.md | 5 +- i18n/eo/calendar.md | 3 +- i18n/eo/cloud.md | 4 +- i18n/eo/cryptocurrency.md | 53 ++ i18n/eo/data-redaction.md | 3 +- i18n/eo/desktop-browsers.md | 3 +- i18n/eo/desktop.md | 3 +- i18n/eo/dns.md | 9 +- i18n/eo/email-clients.md | 3 +- i18n/eo/email.md | 199 ++++--- i18n/eo/encryption.md | 3 +- i18n/eo/file-sharing.md | 3 +- i18n/eo/financial-services.md | 94 ++++ i18n/eo/frontends.md | 3 +- i18n/eo/index.md | 2 - i18n/eo/kb-archive.md | 3 +- i18n/eo/meta/brand.md | 2 - i18n/eo/meta/git-recommendations.md | 2 - i18n/eo/meta/uploading-images.md | 2 - i18n/eo/meta/writing-style.md | 2 - i18n/eo/mobile-browsers.md | 3 +- i18n/eo/multi-factor-authentication.md | 3 +- i18n/eo/news-aggregators.md | 5 +- i18n/eo/notebooks.md | 3 +- i18n/eo/os/android-overview.md | 42 +- i18n/eo/os/linux-overview.md | 5 +- i18n/eo/os/qubes-overview.md | 3 +- i18n/eo/passwords.md | 3 +- i18n/eo/productivity.md | 3 +- i18n/eo/real-time-communication.md | 3 +- i18n/eo/router.md | 3 +- i18n/eo/search-engines.md | 3 +- i18n/eo/tools.md | 40 +- i18n/eo/tor.md | 11 +- i18n/eo/video-streaming.md | 3 +- i18n/eo/vpn.md | 252 ++++----- i18n/es/404.md | 6 +- i18n/es/about/criteria.md | 2 - i18n/es/about/donate.md | 2 - i18n/es/about/index.md | 38 +- i18n/es/about/notices.md | 2 - i18n/es/about/privacy-policy.md | 4 +- i18n/es/about/privacytools.md | 4 +- i18n/es/about/services.md | 2 - i18n/es/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/es/advanced/dns-overview.md | 3 +- i18n/es/advanced/payments.md | 84 +++ i18n/es/advanced/tor-overview.md | 3 +- i18n/es/android.md | 160 +++--- .../img/how-tor-works/tor-path-dark.svg | 4 +- i18n/es/assets/img/how-tor-works/tor-path.svg | 10 +- i18n/es/basics/account-creation.md | 5 +- i18n/es/basics/account-deletion.md | 3 +- i18n/es/basics/common-misconceptions.md | 5 +- i18n/es/basics/common-threats.md | 23 +- i18n/es/basics/email-security.md | 3 +- i18n/es/basics/multi-factor-authentication.md | 3 +- i18n/es/basics/passwords-overview.md | 3 +- i18n/es/basics/threat-modeling.md | 5 +- i18n/es/basics/vpn-overview.md | 35 +- i18n/es/calendar.md | 3 +- i18n/es/cloud.md | 4 +- i18n/es/cryptocurrency.md | 53 ++ i18n/es/data-redaction.md | 3 +- i18n/es/desktop-browsers.md | 3 +- i18n/es/desktop.md | 3 +- i18n/es/dns.md | 222 ++++---- i18n/es/email-clients.md | 3 +- i18n/es/email.md | 423 ++++++++------- i18n/es/encryption.md | 3 +- i18n/es/file-sharing.md | 19 +- i18n/es/financial-services.md | 94 ++++ i18n/es/frontends.md | 3 +- i18n/es/index.md | 40 +- i18n/es/kb-archive.md | 3 +- i18n/es/meta/brand.md | 2 - i18n/es/meta/git-recommendations.md | 2 - i18n/es/meta/uploading-images.md | 2 - i18n/es/meta/writing-style.md | 2 - i18n/es/mobile-browsers.md | 3 +- i18n/es/multi-factor-authentication.md | 3 +- i18n/es/news-aggregators.md | 5 +- i18n/es/notebooks.md | 9 +- i18n/es/os/android-overview.md | 42 +- i18n/es/os/linux-overview.md | 5 +- i18n/es/os/qubes-overview.md | 3 +- i18n/es/passwords.md | 3 +- i18n/es/productivity.md | 3 +- i18n/es/real-time-communication.md | 4 +- i18n/es/router.md | 3 +- i18n/es/search-engines.md | 3 +- i18n/es/tools.md | 47 +- i18n/es/tor.md | 11 +- i18n/es/video-streaming.md | 3 +- i18n/es/vpn.md | 252 ++++----- i18n/fa/404.md | 6 +- i18n/fa/about/criteria.md | 2 - i18n/fa/about/donate.md | 2 - i18n/fa/about/index.md | 38 +- i18n/fa/about/notices.md | 2 - i18n/fa/about/privacy-policy.md | 2 - i18n/fa/about/privacytools.md | 2 - i18n/fa/about/services.md | 2 - i18n/fa/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/fa/advanced/dns-overview.md | 3 +- i18n/fa/advanced/payments.md | 84 +++ i18n/fa/advanced/tor-overview.md | 3 +- i18n/fa/android.md | 8 +- i18n/fa/basics/account-creation.md | 3 +- i18n/fa/basics/account-deletion.md | 3 +- i18n/fa/basics/common-misconceptions.md | 3 +- i18n/fa/basics/common-threats.md | 3 +- i18n/fa/basics/email-security.md | 3 +- i18n/fa/basics/multi-factor-authentication.md | 3 +- i18n/fa/basics/passwords-overview.md | 3 +- i18n/fa/basics/threat-modeling.md | 3 +- i18n/fa/basics/vpn-overview.md | 5 +- i18n/fa/calendar.md | 3 +- i18n/fa/cloud.md | 4 +- i18n/fa/cryptocurrency.md | 53 ++ i18n/fa/data-redaction.md | 3 +- i18n/fa/desktop-browsers.md | 3 +- i18n/fa/desktop.md | 3 +- i18n/fa/dns.md | 9 +- i18n/fa/email-clients.md | 3 +- i18n/fa/email.md | 199 ++++--- i18n/fa/encryption.md | 3 +- i18n/fa/file-sharing.md | 3 +- i18n/fa/financial-services.md | 94 ++++ i18n/fa/frontends.md | 3 +- i18n/fa/index.md | 2 - i18n/fa/kb-archive.md | 3 +- i18n/fa/meta/brand.md | 2 - i18n/fa/meta/git-recommendations.md | 2 - i18n/fa/meta/uploading-images.md | 2 - i18n/fa/meta/writing-style.md | 2 - i18n/fa/mobile-browsers.md | 3 +- i18n/fa/multi-factor-authentication.md | 3 +- i18n/fa/news-aggregators.md | 5 +- i18n/fa/notebooks.md | 3 +- i18n/fa/os/android-overview.md | 42 +- i18n/fa/os/linux-overview.md | 5 +- i18n/fa/os/qubes-overview.md | 3 +- i18n/fa/passwords.md | 3 +- i18n/fa/productivity.md | 3 +- i18n/fa/real-time-communication.md | 3 +- i18n/fa/router.md | 3 +- i18n/fa/search-engines.md | 3 +- i18n/fa/tools.md | 40 +- i18n/fa/tor.md | 11 +- i18n/fa/video-streaming.md | 3 +- i18n/fa/vpn.md | 252 ++++----- i18n/fr/404.md | 6 +- i18n/fr/CODE_OF_CONDUCT.md | 60 +-- i18n/fr/about/criteria.md | 2 - i18n/fr/about/donate.md | 2 - i18n/fr/about/index.md | 38 +- i18n/fr/about/notices.md | 4 +- i18n/fr/about/privacy-policy.md | 2 - i18n/fr/about/privacytools.md | 2 - i18n/fr/about/services.md | 2 - i18n/fr/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/fr/advanced/dns-overview.md | 3 +- i18n/fr/advanced/payments.md | 84 +++ i18n/fr/advanced/tor-overview.md | 5 +- i18n/fr/android.md | 132 ++--- i18n/fr/basics/account-creation.md | 3 +- i18n/fr/basics/account-deletion.md | 3 +- i18n/fr/basics/common-misconceptions.md | 3 +- i18n/fr/basics/common-threats.md | 3 +- i18n/fr/basics/email-security.md | 3 +- i18n/fr/basics/multi-factor-authentication.md | 3 +- i18n/fr/basics/passwords-overview.md | 3 +- i18n/fr/basics/threat-modeling.md | 3 +- i18n/fr/basics/vpn-overview.md | 3 +- i18n/fr/calendar.md | 3 +- i18n/fr/cloud.md | 4 +- i18n/fr/cryptocurrency.md | 53 ++ i18n/fr/data-redaction.md | 3 +- i18n/fr/desktop-browsers.md | 5 +- i18n/fr/desktop.md | 3 +- i18n/fr/dns.md | 11 +- i18n/fr/email-clients.md | 3 +- i18n/fr/email.md | 313 ++++++----- i18n/fr/encryption.md | 5 +- i18n/fr/file-sharing.md | 3 +- i18n/fr/financial-services.md | 94 ++++ i18n/fr/frontends.md | 3 +- i18n/fr/index.md | 2 - i18n/fr/kb-archive.md | 3 +- i18n/fr/meta/brand.md | 16 +- i18n/fr/meta/git-recommendations.md | 26 +- i18n/fr/meta/uploading-images.md | 80 ++- i18n/fr/meta/writing-style.md | 92 ++-- i18n/fr/mobile-browsers.md | 3 +- i18n/fr/multi-factor-authentication.md | 3 +- i18n/fr/news-aggregators.md | 3 +- i18n/fr/notebooks.md | 3 +- i18n/fr/os/android-overview.md | 42 +- i18n/fr/os/linux-overview.md | 5 +- i18n/fr/os/qubes-overview.md | 5 +- i18n/fr/passwords.md | 5 +- i18n/fr/productivity.md | 3 +- i18n/fr/real-time-communication.md | 3 +- i18n/fr/router.md | 3 +- i18n/fr/search-engines.md | 3 +- i18n/fr/tools.md | 60 ++- i18n/fr/tor.md | 11 +- i18n/fr/video-streaming.md | 3 +- i18n/fr/vpn.md | 308 +++++------ i18n/he/404.md | 8 +- i18n/he/about/criteria.md | 2 - i18n/he/about/donate.md | 2 - i18n/he/about/index.md | 36 +- i18n/he/about/notices.md | 2 - i18n/he/about/privacy-policy.md | 2 - i18n/he/about/privacytools.md | 2 - i18n/he/about/services.md | 2 - i18n/he/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/he/advanced/dns-overview.md | 3 +- i18n/he/advanced/payments.md | 84 +++ i18n/he/advanced/tor-overview.md | 3 +- i18n/he/android.md | 60 +-- i18n/he/basics/account-creation.md | 3 +- i18n/he/basics/account-deletion.md | 3 +- i18n/he/basics/common-misconceptions.md | 3 +- i18n/he/basics/common-threats.md | 5 +- i18n/he/basics/email-security.md | 3 +- i18n/he/basics/multi-factor-authentication.md | 3 +- i18n/he/basics/passwords-overview.md | 3 +- i18n/he/basics/threat-modeling.md | 3 +- i18n/he/basics/vpn-overview.md | 5 +- i18n/he/calendar.md | 3 +- i18n/he/cloud.md | 4 +- i18n/he/cryptocurrency.md | 53 ++ i18n/he/data-redaction.md | 3 +- i18n/he/desktop-browsers.md | 3 +- i18n/he/desktop.md | 3 +- i18n/he/dns.md | 23 +- i18n/he/email-clients.md | 3 +- i18n/he/email.md | 199 ++++--- i18n/he/encryption.md | 3 +- i18n/he/file-sharing.md | 3 +- i18n/he/financial-services.md | 94 ++++ i18n/he/frontends.md | 3 +- i18n/he/index.md | 20 +- i18n/he/kb-archive.md | 3 +- i18n/he/meta/brand.md | 2 - i18n/he/meta/git-recommendations.md | 2 - i18n/he/meta/uploading-images.md | 8 +- i18n/he/meta/writing-style.md | 4 +- i18n/he/mobile-browsers.md | 3 +- i18n/he/multi-factor-authentication.md | 3 +- i18n/he/news-aggregators.md | 5 +- i18n/he/notebooks.md | 3 +- i18n/he/os/android-overview.md | 72 ++- i18n/he/os/linux-overview.md | 5 +- i18n/he/os/qubes-overview.md | 3 +- i18n/he/passwords.md | 7 +- i18n/he/productivity.md | 3 +- i18n/he/real-time-communication.md | 3 +- i18n/he/router.md | 3 +- i18n/he/search-engines.md | 3 +- i18n/he/tools.md | 42 +- i18n/he/tor.md | 11 +- i18n/he/video-streaming.md | 3 +- i18n/he/vpn.md | 254 ++++----- i18n/hi/404.md | 6 +- i18n/hi/about/criteria.md | 2 - i18n/hi/about/donate.md | 2 - i18n/hi/about/index.md | 38 +- i18n/hi/about/notices.md | 2 - i18n/hi/about/privacy-policy.md | 2 - i18n/hi/about/privacytools.md | 2 - i18n/hi/about/services.md | 2 - i18n/hi/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/hi/advanced/dns-overview.md | 3 +- i18n/hi/advanced/payments.md | 84 +++ i18n/hi/advanced/tor-overview.md | 3 +- i18n/hi/android.md | 8 +- i18n/hi/basics/account-creation.md | 3 +- i18n/hi/basics/account-deletion.md | 3 +- i18n/hi/basics/common-misconceptions.md | 3 +- i18n/hi/basics/common-threats.md | 3 +- i18n/hi/basics/email-security.md | 3 +- i18n/hi/basics/multi-factor-authentication.md | 3 +- i18n/hi/basics/passwords-overview.md | 3 +- i18n/hi/basics/threat-modeling.md | 3 +- i18n/hi/basics/vpn-overview.md | 5 +- i18n/hi/calendar.md | 3 +- i18n/hi/cloud.md | 4 +- i18n/hi/cryptocurrency.md | 53 ++ i18n/hi/data-redaction.md | 3 +- i18n/hi/desktop-browsers.md | 3 +- i18n/hi/desktop.md | 3 +- i18n/hi/dns.md | 9 +- i18n/hi/email-clients.md | 3 +- i18n/hi/email.md | 199 ++++--- i18n/hi/encryption.md | 3 +- i18n/hi/file-sharing.md | 3 +- i18n/hi/financial-services.md | 94 ++++ i18n/hi/frontends.md | 3 +- i18n/hi/index.md | 2 - i18n/hi/kb-archive.md | 3 +- i18n/hi/meta/brand.md | 2 - i18n/hi/meta/git-recommendations.md | 2 - i18n/hi/meta/uploading-images.md | 2 - i18n/hi/meta/writing-style.md | 2 - i18n/hi/mobile-browsers.md | 3 +- i18n/hi/multi-factor-authentication.md | 3 +- i18n/hi/news-aggregators.md | 5 +- i18n/hi/notebooks.md | 3 +- i18n/hi/os/android-overview.md | 42 +- i18n/hi/os/linux-overview.md | 5 +- i18n/hi/os/qubes-overview.md | 3 +- i18n/hi/passwords.md | 3 +- i18n/hi/productivity.md | 3 +- i18n/hi/real-time-communication.md | 3 +- i18n/hi/router.md | 3 +- i18n/hi/search-engines.md | 3 +- i18n/hi/tools.md | 40 +- i18n/hi/tor.md | 11 +- i18n/hi/video-streaming.md | 3 +- i18n/hi/vpn.md | 252 ++++----- i18n/hu/404.md | 6 +- i18n/hu/about/criteria.md | 2 - i18n/hu/about/donate.md | 4 +- i18n/hu/about/index.md | 38 +- i18n/hu/about/notices.md | 2 - i18n/hu/about/privacy-policy.md | 8 +- i18n/hu/about/privacytools.md | 2 - i18n/hu/about/services.md | 2 - i18n/hu/about/statistics.md | 2 - .../advanced/communication-network-types.md | 9 +- i18n/hu/advanced/dns-overview.md | 3 +- i18n/hu/advanced/payments.md | 84 +++ i18n/hu/advanced/tor-overview.md | 5 +- i18n/hu/android.md | 12 +- i18n/hu/basics/account-creation.md | 3 +- i18n/hu/basics/account-deletion.md | 3 +- i18n/hu/basics/common-misconceptions.md | 33 +- i18n/hu/basics/common-threats.md | 3 +- i18n/hu/basics/email-security.md | 3 +- i18n/hu/basics/multi-factor-authentication.md | 3 +- i18n/hu/basics/passwords-overview.md | 3 +- i18n/hu/basics/threat-modeling.md | 3 +- i18n/hu/basics/vpn-overview.md | 5 +- i18n/hu/calendar.md | 11 +- i18n/hu/cloud.md | 14 +- i18n/hu/cryptocurrency.md | 53 ++ i18n/hu/data-redaction.md | 93 ++-- i18n/hu/desktop-browsers.md | 7 +- i18n/hu/desktop.md | 7 +- i18n/hu/dns.md | 25 +- i18n/hu/email-clients.md | 9 +- i18n/hu/email.md | 237 ++++---- i18n/hu/encryption.md | 9 +- i18n/hu/file-sharing.md | 7 +- i18n/hu/financial-services.md | 94 ++++ i18n/hu/frontends.md | 7 +- i18n/hu/index.md | 2 - i18n/hu/kb-archive.md | 3 +- i18n/hu/meta/brand.md | 2 - i18n/hu/meta/git-recommendations.md | 2 - i18n/hu/meta/uploading-images.md | 2 - i18n/hu/meta/writing-style.md | 2 - i18n/hu/mobile-browsers.md | 7 +- i18n/hu/multi-factor-authentication.md | 11 +- i18n/hu/news-aggregators.md | 9 +- i18n/hu/notebooks.md | 57 +- i18n/hu/os/android-overview.md | 42 +- i18n/hu/os/linux-overview.md | 5 +- i18n/hu/os/qubes-overview.md | 3 +- i18n/hu/passwords.md | 13 +- i18n/hu/productivity.md | 19 +- i18n/hu/real-time-communication.md | 7 +- i18n/hu/router.md | 5 +- i18n/hu/search-engines.md | 7 +- i18n/hu/tools.md | 46 +- i18n/hu/tor.md | 21 +- i18n/hu/video-streaming.md | 9 +- i18n/hu/vpn.md | 388 ++++++------- i18n/id/404.md | 6 +- i18n/id/about/criteria.md | 42 +- i18n/id/about/donate.md | 40 +- i18n/id/about/index.md | 40 +- i18n/id/about/notices.md | 42 +- i18n/id/about/privacy-policy.md | 66 ++- i18n/id/about/privacytools.md | 124 +++-- i18n/id/about/services.md | 34 +- i18n/id/about/statistics.md | 12 +- .../advanced/communication-network-types.md | 5 +- i18n/id/advanced/dns-overview.md | 3 +- i18n/id/advanced/payments.md | 84 +++ i18n/id/advanced/tor-overview.md | 3 +- i18n/id/android.md | 8 +- .../img/how-tor-works/tor-encryption-dark.svg | 20 +- .../img/how-tor-works/tor-encryption.svg | 20 +- .../img/how-tor-works/tor-path-dark.svg | 6 +- i18n/id/assets/img/how-tor-works/tor-path.svg | 6 +- i18n/id/basics/account-creation.md | 59 +- i18n/id/basics/account-deletion.md | 25 +- i18n/id/basics/common-misconceptions.md | 3 +- i18n/id/basics/common-threats.md | 3 +- i18n/id/basics/email-security.md | 3 +- i18n/id/basics/multi-factor-authentication.md | 5 +- i18n/id/basics/passwords-overview.md | 3 +- i18n/id/basics/threat-modeling.md | 5 +- i18n/id/basics/vpn-overview.md | 7 +- i18n/id/calendar.md | 3 +- i18n/id/cloud.md | 4 +- i18n/id/cryptocurrency.md | 53 ++ i18n/id/data-redaction.md | 3 +- i18n/id/desktop-browsers.md | 3 +- i18n/id/desktop.md | 3 +- i18n/id/dns.md | 105 ++-- i18n/id/email-clients.md | 3 +- i18n/id/email.md | 281 +++++----- i18n/id/encryption.md | 3 +- i18n/id/file-sharing.md | 3 +- i18n/id/financial-services.md | 94 ++++ i18n/id/frontends.md | 3 +- i18n/id/index.md | 2 - i18n/id/kb-archive.md | 5 +- i18n/id/meta/brand.md | 10 +- i18n/id/meta/git-recommendations.md | 14 +- i18n/id/meta/uploading-images.md | 60 +-- i18n/id/meta/writing-style.md | 78 ++- i18n/id/mobile-browsers.md | 3 +- i18n/id/multi-factor-authentication.md | 3 +- i18n/id/news-aggregators.md | 5 +- i18n/id/notebooks.md | 3 +- i18n/id/os/android-overview.md | 42 +- i18n/id/os/linux-overview.md | 5 +- i18n/id/os/qubes-overview.md | 3 +- i18n/id/passwords.md | 3 +- i18n/id/productivity.md | 3 +- i18n/id/real-time-communication.md | 3 +- i18n/id/router.md | 3 +- i18n/id/search-engines.md | 3 +- i18n/id/tools.md | 40 +- i18n/id/tor.md | 11 +- i18n/id/video-streaming.md | 3 +- i18n/id/vpn.md | 410 +++++++------- i18n/it/404.md | 8 +- i18n/it/about/criteria.md | 2 - i18n/it/about/donate.md | 2 - i18n/it/about/index.md | 38 +- i18n/it/about/notices.md | 2 - i18n/it/about/privacy-policy.md | 2 - i18n/it/about/privacytools.md | 2 - i18n/it/about/services.md | 2 - i18n/it/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/it/advanced/dns-overview.md | 3 +- i18n/it/advanced/payments.md | 84 +++ i18n/it/advanced/tor-overview.md | 3 +- i18n/it/android.md | 136 ++--- i18n/it/basics/account-creation.md | 3 +- i18n/it/basics/account-deletion.md | 3 +- i18n/it/basics/common-misconceptions.md | 3 +- i18n/it/basics/common-threats.md | 3 +- i18n/it/basics/email-security.md | 3 +- i18n/it/basics/multi-factor-authentication.md | 3 +- i18n/it/basics/passwords-overview.md | 3 +- i18n/it/basics/threat-modeling.md | 3 +- i18n/it/basics/vpn-overview.md | 5 +- i18n/it/calendar.md | 3 +- i18n/it/cloud.md | 4 +- i18n/it/cryptocurrency.md | 62 +++ i18n/it/data-redaction.md | 3 +- i18n/it/desktop-browsers.md | 3 +- i18n/it/desktop.md | 3 +- i18n/it/dns.md | 9 +- i18n/it/email-clients.md | 3 +- i18n/it/email.md | 213 ++++---- i18n/it/encryption.md | 3 +- i18n/it/file-sharing.md | 3 +- i18n/it/financial-services.md | 112 ++++ i18n/it/frontends.md | 3 +- i18n/it/index.md | 2 - i18n/it/kb-archive.md | 3 +- i18n/it/meta/brand.md | 2 - i18n/it/meta/git-recommendations.md | 2 - i18n/it/meta/uploading-images.md | 2 - i18n/it/meta/writing-style.md | 2 - i18n/it/mobile-browsers.md | 7 +- i18n/it/multi-factor-authentication.md | 3 +- i18n/it/news-aggregators.md | 5 +- i18n/it/notebooks.md | 3 +- i18n/it/os/android-overview.md | 42 +- i18n/it/os/linux-overview.md | 5 +- i18n/it/os/qubes-overview.md | 3 +- i18n/it/passwords.md | 3 +- i18n/it/productivity.md | 3 +- i18n/it/real-time-communication.md | 3 +- i18n/it/router.md | 3 +- i18n/it/search-engines.md | 7 +- i18n/it/tools.md | 40 +- i18n/it/tor.md | 11 +- i18n/it/video-streaming.md | 3 +- i18n/it/vpn.md | 258 ++++----- i18n/ku/404.md | 19 + i18n/ku/CODE_OF_CONDUCT.md | 53 ++ i18n/ku/about/criteria.md | 40 ++ i18n/ku/about/donate.md | 50 ++ i18n/ku/about/index.md | 89 +++ i18n/ku/about/notices.md | 43 ++ i18n/ku/about/privacy-policy.md | 61 +++ i18n/ku/about/privacytools.md | 118 ++++ i18n/ku/about/services.md | 38 ++ i18n/ku/about/statistics.md | 61 +++ .../advanced/communication-network-types.md | 103 ++++ i18n/ku/advanced/dns-overview.md | 306 +++++++++++ i18n/ku/advanced/payments.md | 84 +++ i18n/ku/advanced/tor-overview.md | 80 +++ i18n/ku/android.md | 353 ++++++++++++ .../account-deletion/exposed_passwords.png | Bin 0 -> 27902 bytes i18n/ku/assets/img/android/rss-apk-dark.png | Bin 0 -> 51238 bytes i18n/ku/assets/img/android/rss-apk-light.png | Bin 0 -> 47866 bytes .../assets/img/android/rss-changes-dark.png | Bin 0 -> 97852 bytes .../assets/img/android/rss-changes-light.png | Bin 0 -> 94908 bytes .../img/how-tor-works/tor-encryption-dark.svg | 131 +++++ .../img/how-tor-works/tor-encryption.svg | 131 +++++ .../img/how-tor-works/tor-path-dark.svg | 79 +++ i18n/ku/assets/img/how-tor-works/tor-path.svg | 79 +++ .../img/multi-factor-authentication/fido.png | Bin 0 -> 133129 bytes .../yubico-otp.png | Bin 0 -> 117974 bytes .../qubes/qubes-trust-level-architecture.png | Bin 0 -> 113981 bytes .../qubes/r4.0-xfce-three-domains-at-work.png | Bin 0 -> 1469420 bytes i18n/ku/basics/account-creation.md | 81 +++ i18n/ku/basics/account-deletion.md | 62 +++ i18n/ku/basics/common-misconceptions.md | 60 +++ i18n/ku/basics/common-threats.md | 148 +++++ i18n/ku/basics/email-security.md | 41 ++ i18n/ku/basics/multi-factor-authentication.md | 165 ++++++ i18n/ku/basics/passwords-overview.md | 111 ++++ i18n/ku/basics/threat-modeling.md | 110 ++++ i18n/ku/basics/vpn-overview.md | 77 +++ i18n/ku/calendar.md | 70 +++ i18n/ku/cloud.md | 60 +++ i18n/ku/cryptocurrency.md | 53 ++ i18n/ku/data-redaction.md | 145 +++++ i18n/ku/desktop-browsers.md | 262 +++++++++ i18n/ku/desktop.md | 183 +++++++ i18n/ku/dns.md | 139 +++++ i18n/ku/email-clients.md | 238 ++++++++ i18n/ku/email.md | 510 ++++++++++++++++++ i18n/ku/encryption.md | 356 ++++++++++++ i18n/ku/file-sharing.md | 147 +++++ i18n/ku/financial-services.md | 94 ++++ i18n/ku/frontends.md | 267 +++++++++ i18n/ku/index.md | 42 ++ i18n/ku/kb-archive.md | 17 + i18n/ku/meta/brand.md | 22 + i18n/ku/meta/git-recommendations.md | 46 ++ i18n/ku/meta/uploading-images.md | 89 +++ i18n/ku/meta/writing-style.md | 87 +++ i18n/ku/mobile-browsers.md | 192 +++++++ i18n/ku/multi-factor-authentication.md | 143 +++++ i18n/ku/news-aggregators.md | 172 ++++++ i18n/ku/notebooks.md | 114 ++++ i18n/ku/os/android-overview.md | 169 ++++++ i18n/ku/os/linux-overview.md | 142 +++++ i18n/ku/os/qubes-overview.md | 55 ++ i18n/ku/passwords.md | 229 ++++++++ i18n/ku/productivity.md | 155 ++++++ i18n/ku/real-time-communication.md | 194 +++++++ i18n/ku/router.md | 50 ++ i18n/ku/search-engines.md | 108 ++++ i18n/ku/tools.md | 475 ++++++++++++++++ i18n/ku/tor.md | 117 ++++ i18n/ku/video-streaming.md | 51 ++ i18n/ku/vpn.md | 327 +++++++++++ i18n/nl/404.md | 6 +- i18n/nl/about/criteria.md | 2 - i18n/nl/about/donate.md | 2 - i18n/nl/about/index.md | 36 +- i18n/nl/about/notices.md | 2 - i18n/nl/about/privacy-policy.md | 2 - i18n/nl/about/privacytools.md | 3 - i18n/nl/about/services.md | 2 - i18n/nl/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/nl/advanced/dns-overview.md | 3 +- i18n/nl/advanced/payments.md | 84 +++ i18n/nl/advanced/tor-overview.md | 3 +- i18n/nl/android.md | 34 +- i18n/nl/basics/account-creation.md | 3 +- i18n/nl/basics/account-deletion.md | 3 +- i18n/nl/basics/common-misconceptions.md | 3 +- i18n/nl/basics/common-threats.md | 3 +- i18n/nl/basics/email-security.md | 3 +- i18n/nl/basics/multi-factor-authentication.md | 3 +- i18n/nl/basics/passwords-overview.md | 3 +- i18n/nl/basics/threat-modeling.md | 3 +- i18n/nl/basics/vpn-overview.md | 3 +- i18n/nl/calendar.md | 3 +- i18n/nl/cloud.md | 4 +- i18n/nl/cryptocurrency.md | 58 ++ i18n/nl/data-redaction.md | 3 +- i18n/nl/desktop-browsers.md | 3 +- i18n/nl/desktop.md | 3 +- i18n/nl/dns.md | 9 +- i18n/nl/email-clients.md | 3 +- i18n/nl/email.md | 203 ++++--- i18n/nl/encryption.md | 3 +- i18n/nl/file-sharing.md | 3 +- i18n/nl/financial-services.md | 94 ++++ i18n/nl/frontends.md | 3 +- i18n/nl/index.md | 4 +- i18n/nl/kb-archive.md | 5 +- i18n/nl/meta/brand.md | 2 - i18n/nl/meta/git-recommendations.md | 2 - i18n/nl/meta/uploading-images.md | 2 - i18n/nl/meta/writing-style.md | 2 - i18n/nl/mobile-browsers.md | 3 +- i18n/nl/multi-factor-authentication.md | 3 +- i18n/nl/news-aggregators.md | 3 +- i18n/nl/notebooks.md | 3 +- i18n/nl/os/android-overview.md | 42 +- i18n/nl/os/linux-overview.md | 3 +- i18n/nl/os/qubes-overview.md | 3 +- i18n/nl/passwords.md | 3 +- i18n/nl/productivity.md | 3 +- i18n/nl/real-time-communication.md | 3 +- i18n/nl/router.md | 3 +- i18n/nl/search-engines.md | 3 +- i18n/nl/tools.md | 46 +- i18n/nl/tor.md | 11 +- i18n/nl/video-streaming.md | 3 +- i18n/nl/vpn.md | 262 ++++----- i18n/pl/404.md | 20 +- i18n/pl/about/criteria.md | 2 - i18n/pl/about/donate.md | 2 - i18n/pl/about/index.md | 38 +- i18n/pl/about/notices.md | 2 - i18n/pl/about/privacy-policy.md | 4 +- i18n/pl/about/privacytools.md | 2 - i18n/pl/about/services.md | 2 - i18n/pl/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/pl/advanced/dns-overview.md | 3 +- i18n/pl/advanced/payments.md | 84 +++ i18n/pl/advanced/tor-overview.md | 3 +- i18n/pl/android.md | 24 +- i18n/pl/basics/account-creation.md | 3 +- i18n/pl/basics/account-deletion.md | 3 +- i18n/pl/basics/common-misconceptions.md | 3 +- i18n/pl/basics/common-threats.md | 3 +- i18n/pl/basics/email-security.md | 3 +- i18n/pl/basics/multi-factor-authentication.md | 3 +- i18n/pl/basics/passwords-overview.md | 3 +- i18n/pl/basics/threat-modeling.md | 3 +- i18n/pl/basics/vpn-overview.md | 5 +- i18n/pl/calendar.md | 3 +- i18n/pl/cloud.md | 4 +- i18n/pl/cryptocurrency.md | 53 ++ i18n/pl/data-redaction.md | 3 +- i18n/pl/desktop-browsers.md | 3 +- i18n/pl/desktop.md | 3 +- i18n/pl/dns.md | 29 +- i18n/pl/email-clients.md | 3 +- i18n/pl/email.md | 199 ++++--- i18n/pl/encryption.md | 3 +- i18n/pl/file-sharing.md | 3 +- i18n/pl/financial-services.md | 94 ++++ i18n/pl/frontends.md | 3 +- i18n/pl/index.md | 2 - i18n/pl/kb-archive.md | 3 +- i18n/pl/meta/brand.md | 2 - i18n/pl/meta/git-recommendations.md | 2 - i18n/pl/meta/uploading-images.md | 2 - i18n/pl/meta/writing-style.md | 2 - i18n/pl/mobile-browsers.md | 3 +- i18n/pl/multi-factor-authentication.md | 3 +- i18n/pl/news-aggregators.md | 5 +- i18n/pl/notebooks.md | 3 +- i18n/pl/os/android-overview.md | 42 +- i18n/pl/os/linux-overview.md | 5 +- i18n/pl/os/qubes-overview.md | 3 +- i18n/pl/passwords.md | 3 +- i18n/pl/productivity.md | 3 +- i18n/pl/real-time-communication.md | 3 +- i18n/pl/router.md | 3 +- i18n/pl/search-engines.md | 3 +- i18n/pl/tools.md | 40 +- i18n/pl/tor.md | 11 +- i18n/pl/video-streaming.md | 3 +- i18n/pl/vpn.md | 254 ++++----- i18n/pt-BR/404.md | 6 +- i18n/pt-BR/about/criteria.md | 2 - i18n/pt-BR/about/donate.md | 2 - i18n/pt-BR/about/index.md | 38 +- i18n/pt-BR/about/notices.md | 2 - i18n/pt-BR/about/privacy-policy.md | 14 +- i18n/pt-BR/about/privacytools.md | 2 - i18n/pt-BR/about/services.md | 2 - i18n/pt-BR/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/pt-BR/advanced/dns-overview.md | 3 +- i18n/pt-BR/advanced/payments.md | 85 +++ i18n/pt-BR/advanced/tor-overview.md | 3 +- i18n/pt-BR/android.md | 30 +- i18n/pt-BR/basics/account-creation.md | 3 +- i18n/pt-BR/basics/account-deletion.md | 3 +- i18n/pt-BR/basics/common-misconceptions.md | 3 +- i18n/pt-BR/basics/common-threats.md | 3 +- i18n/pt-BR/basics/email-security.md | 3 +- .../basics/multi-factor-authentication.md | 3 +- i18n/pt-BR/basics/passwords-overview.md | 3 +- i18n/pt-BR/basics/threat-modeling.md | 3 +- i18n/pt-BR/basics/vpn-overview.md | 11 +- i18n/pt-BR/calendar.md | 3 +- i18n/pt-BR/cloud.md | 4 +- i18n/pt-BR/cryptocurrency.md | 54 ++ i18n/pt-BR/data-redaction.md | 3 +- i18n/pt-BR/desktop-browsers.md | 3 +- i18n/pt-BR/desktop.md | 3 +- i18n/pt-BR/dns.md | 25 +- i18n/pt-BR/email-clients.md | 3 +- i18n/pt-BR/email.md | 235 ++++---- i18n/pt-BR/encryption.md | 3 +- i18n/pt-BR/file-sharing.md | 3 +- i18n/pt-BR/financial-services.md | 94 ++++ i18n/pt-BR/frontends.md | 3 +- i18n/pt-BR/index.md | 2 - i18n/pt-BR/kb-archive.md | 5 +- i18n/pt-BR/meta/brand.md | 2 - i18n/pt-BR/meta/git-recommendations.md | 2 - i18n/pt-BR/meta/uploading-images.md | 10 +- i18n/pt-BR/meta/writing-style.md | 2 - i18n/pt-BR/mobile-browsers.md | 3 +- i18n/pt-BR/multi-factor-authentication.md | 3 +- i18n/pt-BR/news-aggregators.md | 5 +- i18n/pt-BR/notebooks.md | 39 +- i18n/pt-BR/os/android-overview.md | 50 +- i18n/pt-BR/os/linux-overview.md | 5 +- i18n/pt-BR/os/qubes-overview.md | 3 +- i18n/pt-BR/passwords.md | 3 +- i18n/pt-BR/productivity.md | 3 +- i18n/pt-BR/real-time-communication.md | 3 +- i18n/pt-BR/router.md | 3 +- i18n/pt-BR/search-engines.md | 13 +- i18n/pt-BR/tools.md | 46 +- i18n/pt-BR/tor.md | 11 +- i18n/pt-BR/video-streaming.md | 3 +- i18n/pt-BR/vpn.md | 254 ++++----- i18n/pt/404.md | 22 +- i18n/pt/about/criteria.md | 2 - i18n/pt/about/donate.md | 2 - i18n/pt/about/index.md | 38 +- i18n/pt/about/notices.md | 2 - i18n/pt/about/privacy-policy.md | 2 - i18n/pt/about/privacytools.md | 2 - i18n/pt/about/services.md | 2 - i18n/pt/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/pt/advanced/dns-overview.md | 3 +- i18n/pt/advanced/payments.md | 84 +++ i18n/pt/advanced/tor-overview.md | 3 +- i18n/pt/android.md | 28 +- i18n/pt/basics/account-creation.md | 3 +- i18n/pt/basics/account-deletion.md | 3 +- i18n/pt/basics/common-misconceptions.md | 3 +- i18n/pt/basics/common-threats.md | 3 +- i18n/pt/basics/email-security.md | 3 +- i18n/pt/basics/multi-factor-authentication.md | 3 +- i18n/pt/basics/passwords-overview.md | 3 +- i18n/pt/basics/threat-modeling.md | 3 +- i18n/pt/basics/vpn-overview.md | 5 +- i18n/pt/calendar.md | 3 +- i18n/pt/cloud.md | 4 +- i18n/pt/cryptocurrency.md | 56 ++ i18n/pt/data-redaction.md | 3 +- i18n/pt/desktop-browsers.md | 3 +- i18n/pt/desktop.md | 3 +- i18n/pt/dns.md | 9 +- i18n/pt/email-clients.md | 3 +- i18n/pt/email.md | 206 +++---- i18n/pt/encryption.md | 3 +- i18n/pt/file-sharing.md | 3 +- i18n/pt/financial-services.md | 102 ++++ i18n/pt/frontends.md | 3 +- i18n/pt/index.md | 2 - i18n/pt/kb-archive.md | 3 +- i18n/pt/meta/brand.md | 2 - i18n/pt/meta/git-recommendations.md | 2 - i18n/pt/meta/uploading-images.md | 2 - i18n/pt/meta/writing-style.md | 2 - i18n/pt/mobile-browsers.md | 3 +- i18n/pt/multi-factor-authentication.md | 3 +- i18n/pt/news-aggregators.md | 5 +- i18n/pt/notebooks.md | 3 +- i18n/pt/os/android-overview.md | 42 +- i18n/pt/os/linux-overview.md | 5 +- i18n/pt/os/qubes-overview.md | 3 +- i18n/pt/passwords.md | 3 +- i18n/pt/productivity.md | 3 +- i18n/pt/real-time-communication.md | 3 +- i18n/pt/router.md | 3 +- i18n/pt/search-engines.md | 3 +- i18n/pt/tools.md | 52 +- i18n/pt/tor.md | 11 +- i18n/pt/video-streaming.md | 3 +- i18n/pt/vpn.md | 252 ++++----- i18n/ru/404.md | 6 +- i18n/ru/about/criteria.md | 2 - i18n/ru/about/donate.md | 2 - i18n/ru/about/index.md | 38 +- i18n/ru/about/notices.md | 2 - i18n/ru/about/privacy-policy.md | 2 - i18n/ru/about/privacytools.md | 2 - i18n/ru/about/services.md | 2 - i18n/ru/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/ru/advanced/dns-overview.md | 3 +- i18n/ru/advanced/payments.md | 84 +++ i18n/ru/advanced/tor-overview.md | 3 +- i18n/ru/android.md | 8 +- i18n/ru/basics/account-creation.md | 3 +- i18n/ru/basics/account-deletion.md | 3 +- i18n/ru/basics/common-misconceptions.md | 3 +- i18n/ru/basics/common-threats.md | 3 +- i18n/ru/basics/email-security.md | 3 +- i18n/ru/basics/multi-factor-authentication.md | 3 +- i18n/ru/basics/passwords-overview.md | 3 +- i18n/ru/basics/threat-modeling.md | 3 +- i18n/ru/basics/vpn-overview.md | 5 +- i18n/ru/calendar.md | 3 +- i18n/ru/cloud.md | 4 +- i18n/ru/cryptocurrency.md | 53 ++ i18n/ru/data-redaction.md | 3 +- i18n/ru/desktop-browsers.md | 3 +- i18n/ru/desktop.md | 3 +- i18n/ru/dns.md | 9 +- i18n/ru/email-clients.md | 3 +- i18n/ru/email.md | 202 ++++--- i18n/ru/encryption.md | 3 +- i18n/ru/file-sharing.md | 3 +- i18n/ru/financial-services.md | 94 ++++ i18n/ru/frontends.md | 3 +- i18n/ru/index.md | 2 - i18n/ru/kb-archive.md | 3 +- i18n/ru/meta/brand.md | 2 - i18n/ru/meta/git-recommendations.md | 2 - i18n/ru/meta/uploading-images.md | 2 - i18n/ru/meta/writing-style.md | 2 - i18n/ru/mobile-browsers.md | 3 +- i18n/ru/multi-factor-authentication.md | 3 +- i18n/ru/news-aggregators.md | 5 +- i18n/ru/notebooks.md | 3 +- i18n/ru/os/android-overview.md | 42 +- i18n/ru/os/linux-overview.md | 5 +- i18n/ru/os/qubes-overview.md | 3 +- i18n/ru/passwords.md | 3 +- i18n/ru/productivity.md | 3 +- i18n/ru/real-time-communication.md | 3 +- i18n/ru/router.md | 3 +- i18n/ru/search-engines.md | 3 +- i18n/ru/tools.md | 46 +- i18n/ru/tor.md | 11 +- i18n/ru/video-streaming.md | 3 +- i18n/ru/vpn.md | 252 ++++----- i18n/sv/404.md | 6 +- i18n/sv/CODE_OF_CONDUCT.md | 62 +-- i18n/sv/about/criteria.md | 50 +- i18n/sv/about/donate.md | 2 - i18n/sv/about/index.md | 38 +- i18n/sv/about/notices.md | 2 - i18n/sv/about/privacy-policy.md | 2 - i18n/sv/about/privacytools.md | 36 +- i18n/sv/about/services.md | 2 - i18n/sv/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/sv/advanced/dns-overview.md | 3 +- i18n/sv/advanced/payments.md | 84 +++ i18n/sv/advanced/tor-overview.md | 47 +- i18n/sv/android.md | 30 +- .../img/how-tor-works/tor-path-dark.svg | 4 +- i18n/sv/assets/img/how-tor-works/tor-path.svg | 12 +- i18n/sv/basics/account-creation.md | 7 +- i18n/sv/basics/account-deletion.md | 27 +- i18n/sv/basics/common-misconceptions.md | 5 +- i18n/sv/basics/common-threats.md | 135 +++-- i18n/sv/basics/email-security.md | 41 +- i18n/sv/basics/multi-factor-authentication.md | 89 ++- i18n/sv/basics/passwords-overview.md | 9 +- i18n/sv/basics/threat-modeling.md | 3 +- i18n/sv/basics/vpn-overview.md | 85 ++- i18n/sv/calendar.md | 19 +- i18n/sv/cloud.md | 66 ++- i18n/sv/cryptocurrency.md | 53 ++ i18n/sv/data-redaction.md | 107 ++-- i18n/sv/desktop-browsers.md | 72 ++- i18n/sv/desktop.md | 13 +- i18n/sv/dns.md | 21 +- i18n/sv/email-clients.md | 27 +- i18n/sv/email.md | 207 +++---- i18n/sv/encryption.md | 223 ++++---- i18n/sv/file-sharing.md | 123 +++-- i18n/sv/financial-services.md | 94 ++++ i18n/sv/frontends.md | 43 +- i18n/sv/index.md | 2 - i18n/sv/kb-archive.md | 3 +- i18n/sv/meta/brand.md | 18 +- i18n/sv/meta/git-recommendations.md | 8 +- i18n/sv/meta/uploading-images.md | 2 - i18n/sv/meta/writing-style.md | 2 - i18n/sv/mobile-browsers.md | 182 ++++--- i18n/sv/multi-factor-authentication.md | 115 ++-- i18n/sv/news-aggregators.md | 139 +++-- i18n/sv/notebooks.md | 93 ++-- i18n/sv/os/android-overview.md | 42 +- i18n/sv/os/linux-overview.md | 131 +++-- i18n/sv/os/qubes-overview.md | 61 ++- i18n/sv/passwords.md | 190 ++++--- i18n/sv/productivity.md | 47 +- i18n/sv/real-time-communication.md | 19 +- i18n/sv/router.md | 11 +- i18n/sv/search-engines.md | 21 +- i18n/sv/tools.md | 234 ++++---- i18n/sv/tor.md | 21 +- i18n/sv/video-streaming.md | 47 +- i18n/sv/vpn.md | 262 ++++----- i18n/tr/404.md | 10 +- i18n/tr/about/criteria.md | 2 - i18n/tr/about/donate.md | 2 - i18n/tr/about/index.md | 38 +- i18n/tr/about/notices.md | 2 - i18n/tr/about/privacy-policy.md | 4 +- i18n/tr/about/privacytools.md | 2 - i18n/tr/about/services.md | 2 - i18n/tr/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/tr/advanced/dns-overview.md | 3 +- i18n/tr/advanced/payments.md | 84 +++ i18n/tr/advanced/tor-overview.md | 3 +- i18n/tr/android.md | 8 +- i18n/tr/basics/account-creation.md | 3 +- i18n/tr/basics/account-deletion.md | 3 +- i18n/tr/basics/common-misconceptions.md | 3 +- i18n/tr/basics/common-threats.md | 3 +- i18n/tr/basics/email-security.md | 3 +- i18n/tr/basics/multi-factor-authentication.md | 3 +- i18n/tr/basics/passwords-overview.md | 3 +- i18n/tr/basics/threat-modeling.md | 3 +- i18n/tr/basics/vpn-overview.md | 5 +- i18n/tr/calendar.md | 3 +- i18n/tr/cloud.md | 4 +- i18n/tr/cryptocurrency.md | 53 ++ i18n/tr/data-redaction.md | 3 +- i18n/tr/desktop-browsers.md | 3 +- i18n/tr/desktop.md | 3 +- i18n/tr/dns.md | 53 +- i18n/tr/email-clients.md | 3 +- i18n/tr/email.md | 199 ++++--- i18n/tr/encryption.md | 3 +- i18n/tr/file-sharing.md | 3 +- i18n/tr/financial-services.md | 94 ++++ i18n/tr/frontends.md | 3 +- i18n/tr/index.md | 42 +- i18n/tr/kb-archive.md | 3 +- i18n/tr/meta/brand.md | 2 - i18n/tr/meta/git-recommendations.md | 2 - i18n/tr/meta/uploading-images.md | 2 - i18n/tr/meta/writing-style.md | 2 - i18n/tr/mobile-browsers.md | 3 +- i18n/tr/multi-factor-authentication.md | 3 +- i18n/tr/news-aggregators.md | 5 +- i18n/tr/notebooks.md | 3 +- i18n/tr/os/android-overview.md | 42 +- i18n/tr/os/linux-overview.md | 5 +- i18n/tr/os/qubes-overview.md | 3 +- i18n/tr/passwords.md | 3 +- i18n/tr/productivity.md | 3 +- i18n/tr/real-time-communication.md | 3 +- i18n/tr/router.md | 3 +- i18n/tr/search-engines.md | 3 +- i18n/tr/tools.md | 40 +- i18n/tr/tor.md | 11 +- i18n/tr/video-streaming.md | 3 +- i18n/tr/vpn.md | 304 +++++------ i18n/uk/404.md | 6 +- i18n/uk/about/criteria.md | 2 - i18n/uk/about/donate.md | 2 - i18n/uk/about/index.md | 38 +- i18n/uk/about/notices.md | 2 - i18n/uk/about/privacy-policy.md | 2 - i18n/uk/about/privacytools.md | 2 - i18n/uk/about/services.md | 2 - i18n/uk/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/uk/advanced/dns-overview.md | 3 +- i18n/uk/advanced/payments.md | 84 +++ i18n/uk/advanced/tor-overview.md | 3 +- i18n/uk/android.md | 8 +- i18n/uk/basics/account-creation.md | 3 +- i18n/uk/basics/account-deletion.md | 3 +- i18n/uk/basics/common-misconceptions.md | 3 +- i18n/uk/basics/common-threats.md | 3 +- i18n/uk/basics/email-security.md | 3 +- i18n/uk/basics/multi-factor-authentication.md | 3 +- i18n/uk/basics/passwords-overview.md | 3 +- i18n/uk/basics/threat-modeling.md | 3 +- i18n/uk/basics/vpn-overview.md | 5 +- i18n/uk/calendar.md | 3 +- i18n/uk/cloud.md | 4 +- i18n/uk/cryptocurrency.md | 53 ++ i18n/uk/data-redaction.md | 3 +- i18n/uk/desktop-browsers.md | 3 +- i18n/uk/desktop.md | 3 +- i18n/uk/dns.md | 9 +- i18n/uk/email-clients.md | 3 +- i18n/uk/email.md | 199 ++++--- i18n/uk/encryption.md | 3 +- i18n/uk/file-sharing.md | 3 +- i18n/uk/financial-services.md | 94 ++++ i18n/uk/frontends.md | 3 +- i18n/uk/index.md | 2 - i18n/uk/kb-archive.md | 3 +- i18n/uk/meta/brand.md | 2 - i18n/uk/meta/git-recommendations.md | 2 - i18n/uk/meta/uploading-images.md | 2 - i18n/uk/meta/writing-style.md | 2 - i18n/uk/mobile-browsers.md | 3 +- i18n/uk/multi-factor-authentication.md | 3 +- i18n/uk/news-aggregators.md | 5 +- i18n/uk/notebooks.md | 3 +- i18n/uk/os/android-overview.md | 42 +- i18n/uk/os/linux-overview.md | 5 +- i18n/uk/os/qubes-overview.md | 3 +- i18n/uk/passwords.md | 3 +- i18n/uk/productivity.md | 3 +- i18n/uk/real-time-communication.md | 3 +- i18n/uk/router.md | 3 +- i18n/uk/search-engines.md | 3 +- i18n/uk/tools.md | 40 +- i18n/uk/tor.md | 11 +- i18n/uk/video-streaming.md | 3 +- i18n/uk/vpn.md | 252 ++++----- i18n/vi/404.md | 6 +- i18n/vi/about/criteria.md | 2 - i18n/vi/about/donate.md | 2 - i18n/vi/about/index.md | 38 +- i18n/vi/about/notices.md | 2 - i18n/vi/about/privacy-policy.md | 2 - i18n/vi/about/privacytools.md | 2 - i18n/vi/about/services.md | 2 - i18n/vi/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/vi/advanced/dns-overview.md | 3 +- i18n/vi/advanced/payments.md | 84 +++ i18n/vi/advanced/tor-overview.md | 3 +- i18n/vi/android.md | 30 +- i18n/vi/basics/account-creation.md | 3 +- i18n/vi/basics/account-deletion.md | 3 +- i18n/vi/basics/common-misconceptions.md | 3 +- i18n/vi/basics/common-threats.md | 3 +- i18n/vi/basics/email-security.md | 3 +- i18n/vi/basics/multi-factor-authentication.md | 3 +- i18n/vi/basics/passwords-overview.md | 3 +- i18n/vi/basics/threat-modeling.md | 3 +- i18n/vi/basics/vpn-overview.md | 5 +- i18n/vi/calendar.md | 3 +- i18n/vi/cloud.md | 4 +- i18n/vi/cryptocurrency.md | 59 ++ i18n/vi/data-redaction.md | 3 +- i18n/vi/desktop-browsers.md | 3 +- i18n/vi/desktop.md | 3 +- i18n/vi/dns.md | 9 +- i18n/vi/email-clients.md | 3 +- i18n/vi/email.md | 199 ++++--- i18n/vi/encryption.md | 3 +- i18n/vi/file-sharing.md | 3 +- i18n/vi/financial-services.md | 106 ++++ i18n/vi/frontends.md | 3 +- i18n/vi/index.md | 2 - i18n/vi/kb-archive.md | 3 +- i18n/vi/meta/brand.md | 2 - i18n/vi/meta/git-recommendations.md | 2 - i18n/vi/meta/uploading-images.md | 2 - i18n/vi/meta/writing-style.md | 2 - i18n/vi/mobile-browsers.md | 3 +- i18n/vi/multi-factor-authentication.md | 3 +- i18n/vi/news-aggregators.md | 5 +- i18n/vi/notebooks.md | 3 +- i18n/vi/os/android-overview.md | 42 +- i18n/vi/os/linux-overview.md | 5 +- i18n/vi/os/qubes-overview.md | 3 +- i18n/vi/passwords.md | 3 +- i18n/vi/productivity.md | 3 +- i18n/vi/real-time-communication.md | 3 +- i18n/vi/router.md | 3 +- i18n/vi/search-engines.md | 3 +- i18n/vi/tools.md | 40 +- i18n/vi/tor.md | 11 +- i18n/vi/video-streaming.md | 3 +- i18n/vi/vpn.md | 252 ++++----- i18n/zh-Hant/404.md | 6 +- i18n/zh-Hant/about/criteria.md | 2 - i18n/zh-Hant/about/donate.md | 2 - i18n/zh-Hant/about/index.md | 38 +- i18n/zh-Hant/about/notices.md | 2 - i18n/zh-Hant/about/privacy-policy.md | 2 - i18n/zh-Hant/about/privacytools.md | 2 - i18n/zh-Hant/about/services.md | 2 - i18n/zh-Hant/about/statistics.md | 2 - .../advanced/communication-network-types.md | 3 +- i18n/zh-Hant/advanced/dns-overview.md | 3 +- i18n/zh-Hant/advanced/payments.md | 84 +++ i18n/zh-Hant/advanced/tor-overview.md | 3 +- i18n/zh-Hant/android.md | 8 +- i18n/zh-Hant/basics/account-creation.md | 3 +- i18n/zh-Hant/basics/account-deletion.md | 3 +- i18n/zh-Hant/basics/common-misconceptions.md | 3 +- i18n/zh-Hant/basics/common-threats.md | 3 +- i18n/zh-Hant/basics/email-security.md | 3 +- .../basics/multi-factor-authentication.md | 3 +- i18n/zh-Hant/basics/passwords-overview.md | 3 +- i18n/zh-Hant/basics/threat-modeling.md | 3 +- i18n/zh-Hant/basics/vpn-overview.md | 5 +- i18n/zh-Hant/calendar.md | 3 +- i18n/zh-Hant/cloud.md | 4 +- i18n/zh-Hant/cryptocurrency.md | 53 ++ i18n/zh-Hant/data-redaction.md | 3 +- i18n/zh-Hant/desktop-browsers.md | 3 +- i18n/zh-Hant/desktop.md | 3 +- i18n/zh-Hant/dns.md | 9 +- i18n/zh-Hant/email-clients.md | 3 +- i18n/zh-Hant/email.md | 199 ++++--- i18n/zh-Hant/encryption.md | 3 +- i18n/zh-Hant/file-sharing.md | 3 +- i18n/zh-Hant/financial-services.md | 94 ++++ i18n/zh-Hant/frontends.md | 3 +- i18n/zh-Hant/index.md | 2 - i18n/zh-Hant/kb-archive.md | 3 +- i18n/zh-Hant/meta/brand.md | 2 - i18n/zh-Hant/meta/git-recommendations.md | 2 - i18n/zh-Hant/meta/uploading-images.md | 2 - i18n/zh-Hant/meta/writing-style.md | 2 - i18n/zh-Hant/mobile-browsers.md | 3 +- i18n/zh-Hant/multi-factor-authentication.md | 3 +- i18n/zh-Hant/news-aggregators.md | 5 +- i18n/zh-Hant/notebooks.md | 3 +- i18n/zh-Hant/os/android-overview.md | 42 +- i18n/zh-Hant/os/linux-overview.md | 5 +- i18n/zh-Hant/os/qubes-overview.md | 3 +- i18n/zh-Hant/passwords.md | 3 +- i18n/zh-Hant/productivity.md | 3 +- i18n/zh-Hant/real-time-communication.md | 3 +- i18n/zh-Hant/router.md | 3 +- i18n/zh-Hant/search-engines.md | 3 +- i18n/zh-Hant/tools.md | 40 +- i18n/zh-Hant/tor.md | 11 +- i18n/zh-Hant/video-streaming.md | 3 +- i18n/zh-Hant/vpn.md | 254 ++++----- i18n/zh/404.md | 10 +- i18n/zh/about/criteria.md | 2 - i18n/zh/about/donate.md | 2 - i18n/zh/about/index.md | 38 +- i18n/zh/about/notices.md | 2 - i18n/zh/about/privacy-policy.md | 4 +- i18n/zh/about/privacytools.md | 3 - i18n/zh/about/services.md | 2 - i18n/zh/about/statistics.md | 2 - .../advanced/communication-network-types.md | 6 +- i18n/zh/advanced/dns-overview.md | 3 +- i18n/zh/advanced/payments.md | 84 +++ i18n/zh/advanced/tor-overview.md | 3 +- i18n/zh/android.md | 184 +++---- i18n/zh/basics/account-creation.md | 3 +- i18n/zh/basics/account-deletion.md | 3 +- i18n/zh/basics/common-misconceptions.md | 3 +- i18n/zh/basics/common-threats.md | 3 +- i18n/zh/basics/email-security.md | 3 +- i18n/zh/basics/multi-factor-authentication.md | 3 +- i18n/zh/basics/passwords-overview.md | 3 +- i18n/zh/basics/threat-modeling.md | 3 +- i18n/zh/basics/vpn-overview.md | 5 +- i18n/zh/calendar.md | 3 +- i18n/zh/cloud.md | 4 +- i18n/zh/cryptocurrency.md | 53 ++ i18n/zh/data-redaction.md | 3 +- i18n/zh/desktop-browsers.md | 3 +- i18n/zh/desktop.md | 3 +- i18n/zh/dns.md | 137 +++-- i18n/zh/email-clients.md | 3 +- i18n/zh/email.md | 253 +++++---- i18n/zh/encryption.md | 3 +- i18n/zh/file-sharing.md | 3 +- i18n/zh/financial-services.md | 94 ++++ i18n/zh/frontends.md | 3 +- i18n/zh/index.md | 4 +- i18n/zh/kb-archive.md | 3 +- i18n/zh/meta/brand.md | 2 - i18n/zh/meta/git-recommendations.md | 2 - i18n/zh/meta/uploading-images.md | 2 - i18n/zh/meta/writing-style.md | 2 - i18n/zh/mobile-browsers.md | 3 +- i18n/zh/multi-factor-authentication.md | 3 +- i18n/zh/news-aggregators.md | 5 +- i18n/zh/notebooks.md | 3 +- i18n/zh/os/android-overview.md | 42 +- i18n/zh/os/linux-overview.md | 5 +- i18n/zh/os/qubes-overview.md | 4 +- i18n/zh/passwords.md | 3 +- i18n/zh/productivity.md | 3 +- i18n/zh/real-time-communication.md | 3 +- i18n/zh/router.md | 3 +- i18n/zh/search-engines.md | 3 +- i18n/zh/tools.md | 55 +- i18n/zh/tor.md | 27 +- i18n/zh/video-streaming.md | 3 +- i18n/zh/vpn.md | 304 +++++------ includes/abbreviations.de.txt | 86 +-- includes/abbreviations.es.txt | 94 ++-- includes/abbreviations.he.txt | 6 +- includes/abbreviations.hu.txt | 2 +- includes/abbreviations.id.txt | 144 ++--- includes/abbreviations.ku.txt | 95 ++++ includes/abbreviations.pt-BR.txt | 4 +- includes/abbreviations.sv.txt | 156 +++--- includes/abbreviations.tr.txt | 24 +- theme/overrides/home.ar.html | 2 +- theme/overrides/home.bn.html | 2 +- theme/overrides/home.de.html | 2 +- theme/overrides/home.el.html | 8 +- theme/overrides/home.eo.html | 2 +- theme/overrides/home.es.html | 2 +- theme/overrides/home.fa.html | 2 +- theme/overrides/home.fr.html | 2 +- theme/overrides/home.he.html | 2 +- theme/overrides/home.hi.html | 2 +- theme/overrides/home.hu.html | 2 +- theme/overrides/home.id.html | 2 +- theme/overrides/home.it.html | 2 +- theme/overrides/home.ku.html | 25 + theme/overrides/home.nl.html | 2 +- theme/overrides/home.pl.html | 2 +- theme/overrides/home.pt-BR.html | 2 +- theme/overrides/home.pt.html | 2 +- theme/overrides/home.ru.html | 2 +- theme/overrides/home.sv.html | 14 +- theme/overrides/home.tr.html | 2 +- theme/overrides/home.uk.html | 2 +- theme/overrides/home.vi.html | 2 +- theme/overrides/home.zh-Hant.html | 2 +- theme/overrides/home.zh.html | 2 +- 1509 files changed, 27318 insertions(+), 12041 deletions(-) create mode 100644 i18n/ar/advanced/payments.md create mode 100644 i18n/ar/cryptocurrency.md create mode 100644 i18n/ar/financial-services.md create mode 100644 i18n/bn/advanced/payments.md create mode 100644 i18n/bn/cryptocurrency.md create mode 100644 i18n/bn/financial-services.md create mode 100644 i18n/de/advanced/payments.md create mode 100644 i18n/de/cryptocurrency.md create mode 100644 i18n/de/financial-services.md create mode 100644 i18n/el/advanced/payments.md create mode 100644 i18n/el/cryptocurrency.md create mode 100644 i18n/el/financial-services.md create mode 100644 i18n/eo/advanced/payments.md create mode 100644 i18n/eo/cryptocurrency.md create mode 100644 i18n/eo/financial-services.md create mode 100644 i18n/es/advanced/payments.md create mode 100644 i18n/es/cryptocurrency.md create mode 100644 i18n/es/financial-services.md create mode 100644 i18n/fa/advanced/payments.md create mode 100644 i18n/fa/cryptocurrency.md create mode 100644 i18n/fa/financial-services.md create mode 100644 i18n/fr/advanced/payments.md create mode 100644 i18n/fr/cryptocurrency.md create mode 100644 i18n/fr/financial-services.md create mode 100644 i18n/he/advanced/payments.md create mode 100644 i18n/he/cryptocurrency.md create mode 100644 i18n/he/financial-services.md create mode 100644 i18n/hi/advanced/payments.md create mode 100644 i18n/hi/cryptocurrency.md create mode 100644 i18n/hi/financial-services.md create mode 100644 i18n/hu/advanced/payments.md create mode 100644 i18n/hu/cryptocurrency.md create mode 100644 i18n/hu/financial-services.md create mode 100644 i18n/id/advanced/payments.md create mode 100644 i18n/id/cryptocurrency.md create mode 100644 i18n/id/financial-services.md create mode 100644 i18n/it/advanced/payments.md create mode 100644 i18n/it/cryptocurrency.md create mode 100644 i18n/it/financial-services.md create mode 100644 i18n/ku/404.md create mode 100644 i18n/ku/CODE_OF_CONDUCT.md create mode 100644 i18n/ku/about/criteria.md create mode 100644 i18n/ku/about/donate.md create mode 100644 i18n/ku/about/index.md create mode 100644 i18n/ku/about/notices.md create mode 100644 i18n/ku/about/privacy-policy.md create mode 100644 i18n/ku/about/privacytools.md create mode 100644 i18n/ku/about/services.md create mode 100644 i18n/ku/about/statistics.md create mode 100644 i18n/ku/advanced/communication-network-types.md create mode 100644 i18n/ku/advanced/dns-overview.md create mode 100644 i18n/ku/advanced/payments.md create mode 100644 i18n/ku/advanced/tor-overview.md create mode 100644 i18n/ku/android.md create mode 100644 i18n/ku/assets/img/account-deletion/exposed_passwords.png create mode 100644 i18n/ku/assets/img/android/rss-apk-dark.png create mode 100644 i18n/ku/assets/img/android/rss-apk-light.png create mode 100644 i18n/ku/assets/img/android/rss-changes-dark.png create mode 100644 i18n/ku/assets/img/android/rss-changes-light.png create mode 100644 i18n/ku/assets/img/how-tor-works/tor-encryption-dark.svg create mode 100644 i18n/ku/assets/img/how-tor-works/tor-encryption.svg create mode 100644 i18n/ku/assets/img/how-tor-works/tor-path-dark.svg create mode 100644 i18n/ku/assets/img/how-tor-works/tor-path.svg create mode 100644 i18n/ku/assets/img/multi-factor-authentication/fido.png create mode 100644 i18n/ku/assets/img/multi-factor-authentication/yubico-otp.png create mode 100644 i18n/ku/assets/img/qubes/qubes-trust-level-architecture.png create mode 100644 i18n/ku/assets/img/qubes/r4.0-xfce-three-domains-at-work.png create mode 100644 i18n/ku/basics/account-creation.md create mode 100644 i18n/ku/basics/account-deletion.md create mode 100644 i18n/ku/basics/common-misconceptions.md create mode 100644 i18n/ku/basics/common-threats.md create mode 100644 i18n/ku/basics/email-security.md create mode 100644 i18n/ku/basics/multi-factor-authentication.md create mode 100644 i18n/ku/basics/passwords-overview.md create mode 100644 i18n/ku/basics/threat-modeling.md create mode 100644 i18n/ku/basics/vpn-overview.md create mode 100644 i18n/ku/calendar.md create mode 100644 i18n/ku/cloud.md create mode 100644 i18n/ku/cryptocurrency.md create mode 100644 i18n/ku/data-redaction.md create mode 100644 i18n/ku/desktop-browsers.md create mode 100644 i18n/ku/desktop.md create mode 100644 i18n/ku/dns.md create mode 100644 i18n/ku/email-clients.md create mode 100644 i18n/ku/email.md create mode 100644 i18n/ku/encryption.md create mode 100644 i18n/ku/file-sharing.md create mode 100644 i18n/ku/financial-services.md create mode 100644 i18n/ku/frontends.md create mode 100644 i18n/ku/index.md create mode 100644 i18n/ku/kb-archive.md create mode 100644 i18n/ku/meta/brand.md create mode 100644 i18n/ku/meta/git-recommendations.md create mode 100644 i18n/ku/meta/uploading-images.md create mode 100644 i18n/ku/meta/writing-style.md create mode 100644 i18n/ku/mobile-browsers.md create mode 100644 i18n/ku/multi-factor-authentication.md create mode 100644 i18n/ku/news-aggregators.md create mode 100644 i18n/ku/notebooks.md create mode 100644 i18n/ku/os/android-overview.md create mode 100644 i18n/ku/os/linux-overview.md create mode 100644 i18n/ku/os/qubes-overview.md create mode 100644 i18n/ku/passwords.md create mode 100644 i18n/ku/productivity.md create mode 100644 i18n/ku/real-time-communication.md create mode 100644 i18n/ku/router.md create mode 100644 i18n/ku/search-engines.md create mode 100644 i18n/ku/tools.md create mode 100644 i18n/ku/tor.md create mode 100644 i18n/ku/video-streaming.md create mode 100644 i18n/ku/vpn.md create mode 100644 i18n/nl/advanced/payments.md create mode 100644 i18n/nl/cryptocurrency.md create mode 100644 i18n/nl/financial-services.md create mode 100644 i18n/pl/advanced/payments.md create mode 100644 i18n/pl/cryptocurrency.md create mode 100644 i18n/pl/financial-services.md create mode 100644 i18n/pt-BR/advanced/payments.md create mode 100644 i18n/pt-BR/cryptocurrency.md create mode 100644 i18n/pt-BR/financial-services.md create mode 100644 i18n/pt/advanced/payments.md create mode 100644 i18n/pt/cryptocurrency.md create mode 100644 i18n/pt/financial-services.md create mode 100644 i18n/ru/advanced/payments.md create mode 100644 i18n/ru/cryptocurrency.md create mode 100644 i18n/ru/financial-services.md create mode 100644 i18n/sv/advanced/payments.md create mode 100644 i18n/sv/cryptocurrency.md create mode 100644 i18n/sv/financial-services.md create mode 100644 i18n/tr/advanced/payments.md create mode 100644 i18n/tr/cryptocurrency.md create mode 100644 i18n/tr/financial-services.md create mode 100644 i18n/uk/advanced/payments.md create mode 100644 i18n/uk/cryptocurrency.md create mode 100644 i18n/uk/financial-services.md create mode 100644 i18n/vi/advanced/payments.md create mode 100644 i18n/vi/cryptocurrency.md create mode 100644 i18n/vi/financial-services.md create mode 100644 i18n/zh-Hant/advanced/payments.md create mode 100644 i18n/zh-Hant/cryptocurrency.md create mode 100644 i18n/zh-Hant/financial-services.md create mode 100644 i18n/zh/advanced/payments.md create mode 100644 i18n/zh/cryptocurrency.md create mode 100644 i18n/zh/financial-services.md create mode 100644 includes/abbreviations.ku.txt create mode 100644 theme/overrides/home.ku.html diff --git a/i18n/ar/404.md b/i18n/ar/404.md index 5cdf2201..89c966b1 100644 --- a/i18n/ar/404.md +++ b/i18n/ar/404.md @@ -1,17 +1,19 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- -# 404 - Not Found +# 404 - غير متوفر -We couldn't find the page you were looking for! Maybe you were looking for one of these? +لم نتمكن من العثور على الصفحة التي تبحث عنها! ربما كنت تبحث عن واحد من هؤلاء؟ -- [Introduction to Threat Modeling](basics/threat-modeling.md) -- [Recommended DNS Providers](dns.md) -- [Best Desktop Web Browsers](desktop-browsers.md) +- [مقدمة إلى نمذجة التهديدات](basics/threat-modeling.md) +- [خوادِم DNS الموصى بها](dns.md) +- [أفضل متصفحات الويب للكمبيوتر](desktop-browsers.md) - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/criteria.md b/i18n/ar/about/criteria.md index 64f2e021..3084230b 100644 --- a/i18n/ar/about/criteria.md +++ b/i18n/ar/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/donate.md b/i18n/ar/about/donate.md index f6dc68bd..a1deb3e0 100644 --- a/i18n/ar/about/donate.md +++ b/i18n/ar/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/index.md b/i18n/ar/about/index.md index cee6eb99..619406fe 100644 --- a/i18n/ar/about/index.md +++ b/i18n/ar/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/notices.md b/i18n/ar/about/notices.md index 4b5b7526..bb32edd5 100644 --- a/i18n/ar/about/notices.md +++ b/i18n/ar/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/privacy-policy.md b/i18n/ar/about/privacy-policy.md index 131bed6b..26c668d1 100644 --- a/i18n/ar/about/privacy-policy.md +++ b/i18n/ar/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/privacytools.md b/i18n/ar/about/privacytools.md index 8f230029..515c21f5 100644 --- a/i18n/ar/about/privacytools.md +++ b/i18n/ar/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/services.md b/i18n/ar/about/services.md index 837c1fa4..71f2c95b 100644 --- a/i18n/ar/about/services.md +++ b/i18n/ar/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/about/statistics.md b/i18n/ar/about/statistics.md index 07e29af8..8f17240c 100644 --- a/i18n/ar/about/statistics.md +++ b/i18n/ar/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/advanced/communication-network-types.md b/i18n/ar/advanced/communication-network-types.md index 33accb6e..1f07a2c4 100644 --- a/i18n/ar/advanced/communication-network-types.md +++ b/i18n/ar/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/advanced/dns-overview.md b/i18n/ar/advanced/dns-overview.md index 909de2ac..b47af280 100644 --- a/i18n/ar/advanced/dns-overview.md +++ b/i18n/ar/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/advanced/payments.md b/i18n/ar/advanced/payments.md new file mode 100644 index 00000000..7e046ecd --- /dev/null +++ b/i18n/ar/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/ar/advanced/tor-overview.md b/i18n/ar/advanced/tor-overview.md index 508d5e6a..dd9d2a95 100644 --- a/i18n/ar/advanced/tor-overview.md +++ b/i18n/ar/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.ar.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/ar/android.md b/i18n/ar/android.md index 6ddd0801..3da86daa 100644 --- a/i18n/ar/android.md +++ b/i18n/ar/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/basics/account-creation.md b/i18n/ar/basics/account-creation.md index b9428b85..afa5d429 100644 --- a/i18n/ar/basics/account-creation.md +++ b/i18n/ar/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/basics/account-deletion.md b/i18n/ar/basics/account-deletion.md index 05f04ceb..2498d604 100644 --- a/i18n/ar/basics/account-deletion.md +++ b/i18n/ar/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/basics/common-misconceptions.md b/i18n/ar/basics/common-misconceptions.md index b79b03fa..41997417 100644 --- a/i18n/ar/basics/common-misconceptions.md +++ b/i18n/ar/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.ar.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/ar/basics/common-threats.md b/i18n/ar/basics/common-threats.md index 752bccff..e278c0cb 100644 --- a/i18n/ar/basics/common-threats.md +++ b/i18n/ar/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.ar.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/ar/basics/email-security.md b/i18n/ar/basics/email-security.md index 6ec5133a..f0c2fb57 100644 --- a/i18n/ar/basics/email-security.md +++ b/i18n/ar/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/basics/multi-factor-authentication.md b/i18n/ar/basics/multi-factor-authentication.md index 8073f0d4..ae57848d 100644 --- a/i18n/ar/basics/multi-factor-authentication.md +++ b/i18n/ar/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/basics/passwords-overview.md b/i18n/ar/basics/passwords-overview.md index 528f55c8..6858d8b5 100644 --- a/i18n/ar/basics/passwords-overview.md +++ b/i18n/ar/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/basics/threat-modeling.md b/i18n/ar/basics/threat-modeling.md index ac365515..5dcd87aa 100644 --- a/i18n/ar/basics/threat-modeling.md +++ b/i18n/ar/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "تصميم التهديات" icon: 'المادة/الحساب-المستهدف' +description: موازنة الأمان، الخصوصية، وقابلية الاستخدام تعد واحدة من أول وأصعب المهام التي ستواجهها في رحلة الخصوصية. --- موازنة الأمان، الخصوصية، وقابلية الاستخدام تعد واحدة من أول وأصعب المهام التي ستواجهها في رحلة الخصوصية. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/basics/vpn-overview.md b/i18n/ar/basics/vpn-overview.md index ad6aaf23..a1a007f5 100644 --- a/i18n/ar/basics/vpn-overview.md +++ b/i18n/ar/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/calendar.md b/i18n/ar/calendar.md index f612bd8f..bbcb033a 100644 --- a/i18n/ar/calendar.md +++ b/i18n/ar/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/cloud.md b/i18n/ar/cloud.md index 72ae0a3f..2bcc2596 100644 --- a/i18n/ar/cloud.md +++ b/i18n/ar/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/cryptocurrency.md b/i18n/ar/cryptocurrency.md new file mode 100644 index 00000000..ba06ba1e --- /dev/null +++ b/i18n/ar/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/ar/data-redaction.md b/i18n/ar/data-redaction.md index 1cd1fc0c..961594a8 100644 --- a/i18n/ar/data-redaction.md +++ b/i18n/ar/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/desktop-browsers.md b/i18n/ar/desktop-browsers.md index 739a2e9f..1c21c296 100644 --- a/i18n/ar/desktop-browsers.md +++ b/i18n/ar/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.ar.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/ar/desktop.md b/i18n/ar/desktop.md index f97c1166..2db4d119 100644 --- a/i18n/ar/desktop.md +++ b/i18n/ar/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/dns.md b/i18n/ar/dns.md index 109f8b07..a8cc21da 100644 --- a/i18n/ar/dns.md +++ b/i18n/ar/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.ar.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/ar/email-clients.md b/i18n/ar/email-clients.md index ba679288..eec0e292 100644 --- a/i18n/ar/email-clients.md +++ b/i18n/ar/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/email.md b/i18n/ar/email.md index 08cd55fb..7ab4c31d 100644 --- a/i18n/ar/email.md +++ b/i18n/ar/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/encryption.md b/i18n/ar/encryption.md index 92179831..ded8533b 100644 --- a/i18n/ar/encryption.md +++ b/i18n/ar/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/file-sharing.md b/i18n/ar/file-sharing.md index 73c7f863..3e79d791 100644 --- a/i18n/ar/file-sharing.md +++ b/i18n/ar/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/financial-services.md b/i18n/ar/financial-services.md new file mode 100644 index 00000000..480c924c --- /dev/null +++ b/i18n/ar/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/ar/frontends.md b/i18n/ar/frontends.md index ece20287..7f245f41 100644 --- a/i18n/ar/frontends.md +++ b/i18n/ar/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/index.md b/i18n/ar/index.md index b8eee47b..c87697e4 100644 --- a/i18n/ar/index.md +++ b/i18n/ar/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/kb-archive.md b/i18n/ar/kb-archive.md index 501543e6..92daee33 100644 --- a/i18n/ar/kb-archive.md +++ b/i18n/ar/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/meta/brand.md b/i18n/ar/meta/brand.md index 29094256..53cb9ac4 100644 --- a/i18n/ar/meta/brand.md +++ b/i18n/ar/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/meta/git-recommendations.md b/i18n/ar/meta/git-recommendations.md index 7a740f1f..f59b5f81 100644 --- a/i18n/ar/meta/git-recommendations.md +++ b/i18n/ar/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/meta/uploading-images.md b/i18n/ar/meta/uploading-images.md index e6f60e70..55f136f8 100644 --- a/i18n/ar/meta/uploading-images.md +++ b/i18n/ar/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/meta/writing-style.md b/i18n/ar/meta/writing-style.md index 1b725ee2..b9e47a71 100644 --- a/i18n/ar/meta/writing-style.md +++ b/i18n/ar/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/mobile-browsers.md b/i18n/ar/mobile-browsers.md index f0ff4cd2..d7adee8f 100644 --- a/i18n/ar/mobile-browsers.md +++ b/i18n/ar/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/multi-factor-authentication.md b/i18n/ar/multi-factor-authentication.md index 62a364d8..41030fe3 100644 --- a/i18n/ar/multi-factor-authentication.md +++ b/i18n/ar/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/news-aggregators.md b/i18n/ar/news-aggregators.md index 84a93fae..2dad5ac0 100644 --- a/i18n/ar/news-aggregators.md +++ b/i18n/ar/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/notebooks.md b/i18n/ar/notebooks.md index 1f40aaa0..0739f668 100644 --- a/i18n/ar/notebooks.md +++ b/i18n/ar/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/os/android-overview.md b/i18n/ar/os/android-overview.md index d1e74d51..a78631a2 100644 --- a/i18n/ar/os/android-overview.md +++ b/i18n/ar/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/os/linux-overview.md b/i18n/ar/os/linux-overview.md index 937ae021..8ec2c9e7 100644 --- a/i18n/ar/os/linux-overview.md +++ b/i18n/ar/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/os/qubes-overview.md b/i18n/ar/os/qubes-overview.md index 294fa7af..17b286b9 100644 --- a/i18n/ar/os/qubes-overview.md +++ b/i18n/ar/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/passwords.md b/i18n/ar/passwords.md index dcfdf185..e81f1186 100644 --- a/i18n/ar/passwords.md +++ b/i18n/ar/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/productivity.md b/i18n/ar/productivity.md index 45a24c21..4490325d 100644 --- a/i18n/ar/productivity.md +++ b/i18n/ar/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/real-time-communication.md b/i18n/ar/real-time-communication.md index 57144134..68f9d767 100644 --- a/i18n/ar/real-time-communication.md +++ b/i18n/ar/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/router.md b/i18n/ar/router.md index 59839379..a494c017 100644 --- a/i18n/ar/router.md +++ b/i18n/ar/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/search-engines.md b/i18n/ar/search-engines.md index 99df76a9..911525d7 100644 --- a/i18n/ar/search-engines.md +++ b/i18n/ar/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/tools.md b/i18n/ar/tools.md index a2c26648..ef945a94 100644 --- a/i18n/ar/tools.md +++ b/i18n/ar/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/tor.md b/i18n/ar/tor.md index d4df42fc..ce93c961 100644 --- a/i18n/ar/tor.md +++ b/i18n/ar/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/video-streaming.md b/i18n/ar/video-streaming.md index 52db5be0..8f8ebd0b 100644 --- a/i18n/ar/video-streaming.md +++ b/i18n/ar/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/ar/vpn.md b/i18n/ar/vpn.md index 3aae1492..6bba2546 100644 --- a/i18n/ar/vpn.md +++ b/i18n/ar/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPNs do not provide anonymity" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.ar.txt" diff --git a/i18n/bn/404.md b/i18n/bn/404.md index 5e69100c..25c1c780 100644 --- a/i18n/bn/404.md +++ b/i18n/bn/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Not Found @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/criteria.md b/i18n/bn/about/criteria.md index fd7753d1..3084230b 100644 --- a/i18n/bn/about/criteria.md +++ b/i18n/bn/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/donate.md b/i18n/bn/about/donate.md index 10975cbd..8accd67a 100644 --- a/i18n/bn/about/donate.md +++ b/i18n/bn/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/index.md b/i18n/bn/about/index.md index 0fdd7d65..619406fe 100644 --- a/i18n/bn/about/index.md +++ b/i18n/bn/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/notices.md b/i18n/bn/about/notices.md index bd487e69..bb32edd5 100644 --- a/i18n/bn/about/notices.md +++ b/i18n/bn/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/privacy-policy.md b/i18n/bn/about/privacy-policy.md index 2cb20d13..26c668d1 100644 --- a/i18n/bn/about/privacy-policy.md +++ b/i18n/bn/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/privacytools.md b/i18n/bn/about/privacytools.md index c5bab16e..515c21f5 100644 --- a/i18n/bn/about/privacytools.md +++ b/i18n/bn/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/services.md b/i18n/bn/about/services.md index a6f2c070..71f2c95b 100644 --- a/i18n/bn/about/services.md +++ b/i18n/bn/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/about/statistics.md b/i18n/bn/about/statistics.md index b5923edf..8f17240c 100644 --- a/i18n/bn/about/statistics.md +++ b/i18n/bn/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/advanced/communication-network-types.md b/i18n/bn/advanced/communication-network-types.md index d451376a..1f07a2c4 100644 --- a/i18n/bn/advanced/communication-network-types.md +++ b/i18n/bn/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/advanced/dns-overview.md b/i18n/bn/advanced/dns-overview.md index 55454a86..b47af280 100644 --- a/i18n/bn/advanced/dns-overview.md +++ b/i18n/bn/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/advanced/payments.md b/i18n/bn/advanced/payments.md new file mode 100644 index 00000000..7e046ecd --- /dev/null +++ b/i18n/bn/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/bn/advanced/tor-overview.md b/i18n/bn/advanced/tor-overview.md index 89d7f76e..dd9d2a95 100644 --- a/i18n/bn/advanced/tor-overview.md +++ b/i18n/bn/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.bn.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/bn/android.md b/i18n/bn/android.md index 336d59d4..445af454 100644 --- a/i18n/bn/android.md +++ b/i18n/bn/android.md @@ -1,6 +1,7 @@ --- title: "অ্যান্ড্রয়েড" icon: 'ফন্টঅ্যাওসাম/ ব্র্যান্ড / অ্যান্ড্রয়েড' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. রেকমেন্ডেশন -- [সাধারণ অ্যান্ড্রয়েড ওভারভিউ এবং সুপারিশ :hero-arrow-circle-right-fill:](os/android-overview.md) -- [আমরা কেন GrapheneOS এর বদলে CalyxOS এর সুপারিশ করি :hero-arrow-circle-right-fill:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP এর ডেরিভেটিভস্ @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/basics/account-creation.md b/i18n/bn/basics/account-creation.md index dfba2416..afa5d429 100644 --- a/i18n/bn/basics/account-creation.md +++ b/i18n/bn/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/basics/account-deletion.md b/i18n/bn/basics/account-deletion.md index 1c83935c..2498d604 100644 --- a/i18n/bn/basics/account-deletion.md +++ b/i18n/bn/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/basics/common-misconceptions.md b/i18n/bn/basics/common-misconceptions.md index 2dc2b6f0..41997417 100644 --- a/i18n/bn/basics/common-misconceptions.md +++ b/i18n/bn/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.bn.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/bn/basics/common-threats.md b/i18n/bn/basics/common-threats.md index dd0c3989..e278c0cb 100644 --- a/i18n/bn/basics/common-threats.md +++ b/i18n/bn/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.bn.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/bn/basics/email-security.md b/i18n/bn/basics/email-security.md index 253a3157..f0c2fb57 100644 --- a/i18n/bn/basics/email-security.md +++ b/i18n/bn/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/basics/multi-factor-authentication.md b/i18n/bn/basics/multi-factor-authentication.md index 86e96cad..78659d10 100644 --- a/i18n/bn/basics/multi-factor-authentication.md +++ b/i18n/bn/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/basics/passwords-overview.md b/i18n/bn/basics/passwords-overview.md index 08871e37..6858d8b5 100644 --- a/i18n/bn/basics/passwords-overview.md +++ b/i18n/bn/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/basics/threat-modeling.md b/i18n/bn/basics/threat-modeling.md index b169f729..72d64044 100644 --- a/i18n/bn/basics/threat-modeling.md +++ b/i18n/bn/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: প্রাইভেসি সিকিউরিটি, এবং ব্যবহারযোগ্যতা এর মধ্যে ভারসাম্য রক্ষা করা আপনার প্রাইভেসি যাত্রার সবথেকে কঠিন কাজ। --- প্রাইভেসি সিকিউরিটি, এবং ব্যবহারযোগ্যতা এর মধ্যে ভারসাম্য রক্ষা করা আপনার প্রাইভেসি যাত্রার সবথেকে কঠিন কাজ। Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/basics/vpn-overview.md b/i18n/bn/basics/vpn-overview.md index 26a8eeac..a1a007f5 100644 --- a/i18n/bn/basics/vpn-overview.md +++ b/i18n/bn/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/calendar.md b/i18n/bn/calendar.md index a50c72ac..bbcb033a 100644 --- a/i18n/bn/calendar.md +++ b/i18n/bn/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/cloud.md b/i18n/bn/cloud.md index d01a476f..2bcc2596 100644 --- a/i18n/bn/cloud.md +++ b/i18n/bn/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/cryptocurrency.md b/i18n/bn/cryptocurrency.md new file mode 100644 index 00000000..ba06ba1e --- /dev/null +++ b/i18n/bn/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/bn/data-redaction.md b/i18n/bn/data-redaction.md index e8eed0b5..961594a8 100644 --- a/i18n/bn/data-redaction.md +++ b/i18n/bn/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/desktop-browsers.md b/i18n/bn/desktop-browsers.md index f7928a49..1c21c296 100644 --- a/i18n/bn/desktop-browsers.md +++ b/i18n/bn/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.bn.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/bn/desktop.md b/i18n/bn/desktop.md index 95b7f77f..2db4d119 100644 --- a/i18n/bn/desktop.md +++ b/i18n/bn/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/dns.md b/i18n/bn/dns.md index 551bd52f..7d24c217 100644 --- a/i18n/bn/dns.md +++ b/i18n/bn/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.bn.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/bn/email-clients.md b/i18n/bn/email-clients.md index e83a7eaa..eec0e292 100644 --- a/i18n/bn/email-clients.md +++ b/i18n/bn/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/email.md b/i18n/bn/email.md index 808077f4..7ab4c31d 100644 --- a/i18n/bn/email.md +++ b/i18n/bn/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/encryption.md b/i18n/bn/encryption.md index 47227a7b..ded8533b 100644 --- a/i18n/bn/encryption.md +++ b/i18n/bn/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/file-sharing.md b/i18n/bn/file-sharing.md index a13590e7..3e79d791 100644 --- a/i18n/bn/file-sharing.md +++ b/i18n/bn/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/financial-services.md b/i18n/bn/financial-services.md new file mode 100644 index 00000000..480c924c --- /dev/null +++ b/i18n/bn/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/bn/frontends.md b/i18n/bn/frontends.md index 056d952a..7f245f41 100644 --- a/i18n/bn/frontends.md +++ b/i18n/bn/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/index.md b/i18n/bn/index.md index 6c202359..a78b9f63 100644 --- a/i18n/bn/index.md +++ b/i18n/bn/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/kb-archive.md b/i18n/bn/kb-archive.md index 9151eb10..92daee33 100644 --- a/i18n/bn/kb-archive.md +++ b/i18n/bn/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/meta/brand.md b/i18n/bn/meta/brand.md index e2f6cc5f..53cb9ac4 100644 --- a/i18n/bn/meta/brand.md +++ b/i18n/bn/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/meta/git-recommendations.md b/i18n/bn/meta/git-recommendations.md index 2a3f81e1..f59b5f81 100644 --- a/i18n/bn/meta/git-recommendations.md +++ b/i18n/bn/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/meta/uploading-images.md b/i18n/bn/meta/uploading-images.md index 75d599fb..55f136f8 100644 --- a/i18n/bn/meta/uploading-images.md +++ b/i18n/bn/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/meta/writing-style.md b/i18n/bn/meta/writing-style.md index 50ac0182..b9e47a71 100644 --- a/i18n/bn/meta/writing-style.md +++ b/i18n/bn/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/mobile-browsers.md b/i18n/bn/mobile-browsers.md index f014aca5..768bcd15 100644 --- a/i18n/bn/mobile-browsers.md +++ b/i18n/bn/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/multi-factor-authentication.md b/i18n/bn/multi-factor-authentication.md index 5e1c1e30..41030fe3 100644 --- a/i18n/bn/multi-factor-authentication.md +++ b/i18n/bn/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/news-aggregators.md b/i18n/bn/news-aggregators.md index dc5f154d..2dad5ac0 100644 --- a/i18n/bn/news-aggregators.md +++ b/i18n/bn/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/notebooks.md b/i18n/bn/notebooks.md index 1d5c6d15..0739f668 100644 --- a/i18n/bn/notebooks.md +++ b/i18n/bn/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/os/android-overview.md b/i18n/bn/os/android-overview.md index 4cd3f7b2..4eefe344 100644 --- a/i18n/bn/os/android-overview.md +++ b/i18n/bn/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: ফন্টঅ্যাওসাম/ ব্র্যান্ড / অ্যান্ড্রয়েড +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/os/linux-overview.md b/i18n/bn/os/linux-overview.md index 13489c52..8ec2c9e7 100644 --- a/i18n/bn/os/linux-overview.md +++ b/i18n/bn/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/os/qubes-overview.md b/i18n/bn/os/qubes-overview.md index 1ced5418..17b286b9 100644 --- a/i18n/bn/os/qubes-overview.md +++ b/i18n/bn/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/passwords.md b/i18n/bn/passwords.md index 8ce00e78..e81f1186 100644 --- a/i18n/bn/passwords.md +++ b/i18n/bn/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/productivity.md b/i18n/bn/productivity.md index 8000471a..4490325d 100644 --- a/i18n/bn/productivity.md +++ b/i18n/bn/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/real-time-communication.md b/i18n/bn/real-time-communication.md index 9c8b56d3..68f9d767 100644 --- a/i18n/bn/real-time-communication.md +++ b/i18n/bn/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/router.md b/i18n/bn/router.md index 6b9b1b3b..a494c017 100644 --- a/i18n/bn/router.md +++ b/i18n/bn/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/search-engines.md b/i18n/bn/search-engines.md index cf9a3774..911525d7 100644 --- a/i18n/bn/search-engines.md +++ b/i18n/bn/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/tools.md b/i18n/bn/tools.md index 9f614711..ef945a94 100644 --- a/i18n/bn/tools.md +++ b/i18n/bn/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/tor.md b/i18n/bn/tor.md index e26da175..ce93c961 100644 --- a/i18n/bn/tor.md +++ b/i18n/bn/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/video-streaming.md b/i18n/bn/video-streaming.md index 993ccc67..8f8ebd0b 100644 --- a/i18n/bn/video-streaming.md +++ b/i18n/bn/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/bn/vpn.md b/i18n/bn/vpn.md index b5d2a6a1..6bba2546 100644 --- a/i18n/bn/vpn.md +++ b/i18n/bn/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPNs do not provide anonymity" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.bn.txt" diff --git a/i18n/de/404.md b/i18n/de/404.md index cf586962..a09b11b8 100644 --- a/i18n/de/404.md +++ b/i18n/de/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Seite nicht gefunden @@ -13,5 +17,3 @@ Wir konnten die Seite, nach der du gesucht hast, nicht finden! Vielleicht hast d - [Beste VPN-Anbieter](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Unser Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/CODE_OF_CONDUCT.md b/i18n/de/CODE_OF_CONDUCT.md index 88a0e910..c6f9e57f 100644 --- a/i18n/de/CODE_OF_CONDUCT.md +++ b/i18n/de/CODE_OF_CONDUCT.md @@ -1,22 +1,22 @@ -# Community Code of Conduct +# Verhaltenskodex der Gemeinschaft -**We pledge** to make our community a harassment-free experience for everyone. +**Wir verpflichten uns**, unsere Gemeinschaft zu einer belästigungsfreien Erfahrung für alle zu machen. -**We strive** to create a positive environment, using welcoming and inclusive language, and being respectful of the viewpoints of others. +**Wir bemühen uns,**, ein positives Umfeld zu schaffen, indem wir eine einladende und integrative Sprache verwenden und die Standpunkte anderer respektieren. -**We do not allow** inappropriate or otherwise unacceptable behavior, such as sexualized language, trolling and insulting comments, or otherwise promoting intolerance or harassment. +**Wir verbieten** unangemessenes oder anderweitig inakzeptables Verhalten, wie z. B. sexualisierte Sprache, Trolling und beleidigende Kommentare oder anderweitige Förderung von Intoleranz oder Belästigung. -## Community Standards +## Gemeinschaftsstandards -What we expect from members of our communities: +Was wir von den Mitgliedern unserer Gemeinschaften erwarten: -1. **Don't spread misinformation** +1. **Keine Fehlinformationen verbreiten** - We are creating an evidence-based educational community around information privacy and security, not a home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence. + Wir schaffen eine evidenzbasierte Bildungsgemeinschaft rund um Datenschutz und Informationssicherheit, keine Heimat für Verschwörungserzählungen. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence. 1. **Don't abuse our willingness to help** - Our community members are not your free tech support. We are happy to help you with specific steps on your privacy journey if you are willing to put in effort on your end. We are not willing to answer endlessly repeated questions about generic computer problems you could have answered yourself with a 30-second internet search. Don't be a [help vampire](https://slash7.com/2006/12/22/vampires/). + Unsere Community-Mitglieder sind kein kostenloser technischer Support. We are happy to help you with specific steps on your privacy journey if you are willing to put in effort on your end. We are not willing to answer endlessly repeated questions about generic computer problems you could have answered yourself with a 30-second internet search. Don't be a [help vampire](https://slash7.com/2006/12/22/vampires/). 1. **Behave in a positive and constructive manner** @@ -38,16 +38,16 @@ The following behaviors are considered harassment and are unacceptable within ou - Publishing others' private information, such as a physical or email address, without their explicit permission - Other conduct which could reasonably be considered inappropriate in a professional setting -## Scope +## Geltungsbereich -Our Code of Conduct applies within all project spaces, as well as when an individual is representing the Privacy Guides project in other communities. +Unser Verhaltenskodex gilt für alle Projektbereiche und auch dann, wenn eine Person das Privacy Guides Projekt in anderen Gemeinschaften vertritt. We are responsible for clarifying the standards of our community, and have the right to remove or alter the comments of those participating within our community, as necessary and at our discretion. -### Contact +### Kontakt If you observe a problem on a platform like Matrix or Reddit, please contact our moderators on that platform in chat, via DM, or through any designated "Modmail" system. If you have a problem elsewhere, or a problem our community moderators are unable to resolve, reach out to `jonah@privacyguides.org` and/or `dngray@privacyguides.org`. -All community leaders are obligated to respect the privacy and security of the reporter of any incident. +Alle Verantwortlichen der Community sind verpflichtet, die Privatsphäre und die Sicherheit der Person, die einen Vorfall meldet, zu respektieren. diff --git a/i18n/de/about/criteria.md b/i18n/de/about/criteria.md index f27f1e2b..c331aa56 100644 --- a/i18n/de/about/criteria.md +++ b/i18n/de/about/criteria.md @@ -38,5 +38,3 @@ Wir haben diese Anforderungen an Entwickler, die eigene Projekt oder Software zu - Must state what the exact threat model is with their project. - Den potenziellen Nutzern sollte klar sein, was das Projekt bieten kann und was nicht. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/about/donate.md b/i18n/de/about/donate.md index 462e3730..563b0d5a 100644 --- a/i18n/de/about/donate.md +++ b/i18n/de/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/about/index.md b/i18n/de/about/index.md index 7b21da87..07ffc87a 100644 --- a/i18n/de/about/index.md +++ b/i18n/de/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "Über Privacy Guides" +description: Privacy Guides ist eine sozial motivierte Website, die Informationen zum Schutz der eigenen Datensicherheit und Privatsphäre bereitstellt. --- -**Privacy Guides** ist ein sozial motivierte Website, die Informationen zum Schutz deiner Datensicherheit und Privatsphäre bereitstellt. Wir sind ein gemeinnütziges Kollektiv, welches ausschließlich von freiwilligen [Teammitgliedern](https://discuss.privacyguides.net/g/team) und Mitwirkenden betrieben wird. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Unterstütze das Projekts](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** ist eine sozial motivierte Website, die [Informationen](/kb) zum Schutz der eigenen Datensicherheit und Privatsphäre bereitstellt. Wir sind ein gemeinnütziges Kollektiv, welches ausschließlich von freiwilligen [Teammitgliedern](https://discuss.privacyguides.net/g/team) und Mitwirkenden betrieben wird. Unsere Website ist frei von Werbung und steht in keiner Verbindung zu den aufgeführten Anbieter*innen. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> Um [datenschutzfreundliche alternative] Apps zu finden, besuchen Sie Websites wie Good Reports und **Privacy Guides**, die datenschutzfreundliche Apps in einer Vielzahl von Kategorien auflisten, darunter auch E-Mail-Anbieter (in der Regel mit kostenpflichtigen Tarifen), die nicht von den großen Technologieunternehmen betrieben werden. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Unser Team @@ -48,16 +76,14 @@ title: "Über Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Darüber hinaus haben [viele Menschen](https://github.com/privacyguides/privacyguides.org/graphs/contributors) Beiträge zu dem Projekt geleistet. Du kannst das auch, wir sind Open Source auf GitHub! +Darüber hinaus haben [viele Menschen](https://github.com/privacyguides/privacyguides.org/graphs/contributors) Beiträge zu dem Projekt geleistet. Und du kannst auch, wir sind Open Source auf GitHub und nehmen Übersetzungsvorschläge auf [Crowdin](https://crowdin.com/project/privacyguides) an. -Unsere Teammitglieder überprüfen alle Änderungen, die an der Website vorgenommen werden, und kümmern sich um administrative Aufgaben wie Webhosting und Finanzen, allerdings profitieren sie nicht persönlich von den Beiträgen, die zu dieser Website geleistet werden. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Unsere Teammitglieder überprüfen alle Änderungen, die an der Website vorgenommen werden, und kümmern sich um administrative Aufgaben wie Webhosting und Finanzen, allerdings profitieren sie nicht persönlich von den Beiträgen, die zu dieser Website geleistet werden. Unsere Finanzdaten werden von der Open Collective Foundation 501(c)(3) unter [opencollective.com/privacyguides](https://opencollective.com/privacyguides)transparent veröffentlicht. Spenden an Privacy Guides sind in den Vereinigten Staaten generell von der Steuer absetzbar. -## Site License +## Website-Lizenz -*The following is a human-readable summary of (and not a substitute for) the [license](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE):* +*Das Folgende ist eine menschenlesbare Zusammenfassung (und kein Ersatz für) der [Lizenz](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE):* -:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. +:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Sofern nicht anders angegeben, werden die Originalinhalte auf dieser Website unter der [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE)zur Verfügung gestellt. Das bedeutet, dass es allen freisteht, das Material in jedem Medium oder Format für jeden Zweck, auch kommerziell, zu kopieren und weiterzugeben, solange `Privacy Guides (www.privacyguides.org)` in angemessener Anerkannt und ein Link zur Lizenz angeben wird. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/about/notices.md b/i18n/de/about/notices.md index 6b626371..bb32edd5 100644 --- a/i18n/de/about/notices.md +++ b/i18n/de/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/about/privacy-policy.md b/i18n/de/about/privacy-policy.md index 27f28742..68fcdf5f 100644 --- a/i18n/de/about/privacy-policy.md +++ b/i18n/de/about/privacy-policy.md @@ -1,31 +1,31 @@ --- -title: "Privacy Policy" +title: "Datenschutzerklärung" --- -Privacy Guides is a community project operated by a number of active volunteer contributors. The public list of team members [can be found on GitHub](https://github.com/orgs/privacyguides/people). +Privacy Guides ist ein Gemeinschaftsprojekt, das von einer Reihe aktiver freiwilliger Mitarbeiter*innen betrieben wird. Die öffentliche Liste der Teammitglieder [kann auf GitHub](https://github.com/orgs/privacyguides/people)eingesehen werden. -## Data We Collect From Visitors +## Daten, die wir von Besuchenden sammeln -The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to our website: +Die Privatsphäre unserer Website-Besuchenden ist uns wichtig, daher tracken wir keine Einzel Personen. Als Besuchende unserer Website: -- No personal information is collected -- No information such as cookies are stored in the browser -- No information is shared with, sent to or sold to third-parties -- No information is shared with advertising companies -- No information is mined and harvested for personal and behavioral trends -- No information is monetized +- Werden keine persönlichen Informationen gesammelt +- Werden keine Informationen wie Cookies im Browser gespeichert +- Werden keine Informationen an Dritte weitergegeben, gesendet oder verkauft +- Werden keine Informationen an Werbefirmen weitergegeben +- Werden keine Informationen über persönliche und verhaltensbezogene Trends gesammelt oder ausgewertet +- Werden keine Informationen monetarisiert -You can view the data we collect on our [statistics](statistics.md) page. +Die von uns gesammelten Daten können auf unserer [Statistikseite](statistics.md) einsehen werden. -We run a self-hosted installation of [Plausible Analytics](https://plausible.io) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected. +Wir betreiben eine selbst gehostete Installation von [Plausible Analytics](https://plausible.io), um einige anonyme Nutzungsdaten zu statistischen Zwecken zu sammeln. Das Ziel ist es, allgemeine Trends in unserem Website-Verkehr zu verfolgen, nicht aber, einzelne Besuchende zu verfolgen. Alle Daten sind nur in aggregierter Form vorhanden. Keine persönlichen Daten werden erfasst. -Data collected includes referral sources, top pages, visit duration, information from the devices (device type, operating system, country and browser) used during the visit and more. You can learn more about how Plausible works and collects information in a privacy-respecting manner [here](https://plausible.io/data-policy). +Zu den erfassten Daten gehören Verweisquellen, Top-Seiten, Besuchsdauer, Informationen über das während des Besuchs verwendete Gerät (Gerätetyp, Betriebssystem, Land und Browser) und mehr. Mehr über die Funktionsweise von Plausible und die datenschutzkonforme Erfassung von Informationen sind [hier](https://plausible.io/data-policy) zu erfahren. -## Data We Collect From Account Holders +## Daten, die wir von Kontoinhabenden sammeln -On some websites and services we provide, many features may require an account. For example, an account may be required to post and reply to topics on a forum platform. +Auf einigen Websites und Diensten, die wir anbieten, kann für viele Funktionen ein Konto erforderlich sein. So kann beispielsweise ein Konto erforderlich sein, um auf einer Forenplattform Themen zu veröffentlichen und zu beantworten. -To sign up for most accounts, we will collect a name, username, email, and password. In the event a website requires more information than just that data, that will be clearly marked and noted in a separate privacy statement per-site. +Um sich für die meisten Konten anzumelden, benötigen wir einen Namen, einen Benutzernamen, eine E-Mail-Adresse und ein Passwort. Falls eine Website mehr Informationen als nur diese Daten benötigt, wird dies deutlich gekennzeichnet und in einer separaten Datenschutzerklärung pro Website vermerkt. We use your account data to identify you on the website and to create pages specific to you, such as your profile page. We will also use your account data to publish a public profile for you on our services. @@ -42,7 +42,7 @@ We will store your account data as long as your account remains open. After clos ## Contacting Us -The Privacy Guides team generally does not have access to personal data outside of limited access granted via some moderation panels. Inquiries regarding your personal information should be sent directly to: +Das Team von Privacy Guides hat im Allgemeinen keinen Zugang zu personenbezogenen Daten, abgesehen von dem begrenzten Zugang, der über einige Moderationspanels gewährt wird. Inquiries regarding your personal information should be sent directly to: ```text Jonah Aragon @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/about/privacytools.md b/i18n/de/about/privacytools.md index 6161b3ef..515c21f5 100644 --- a/i18n/de/about/privacytools.md +++ b/i18n/de/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/about/services.md b/i18n/de/about/services.md index 2eeca9fe..71f2c95b 100644 --- a/i18n/de/about/services.md +++ b/i18n/de/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/about/statistics.md b/i18n/de/about/statistics.md index c0ca4f91..8f17240c 100644 --- a/i18n/de/about/statistics.md +++ b/i18n/de/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/advanced/communication-network-types.md b/i18n/de/advanced/communication-network-types.md index bdac295f..b65ff69f 100644 --- a/i18n/de/advanced/communication-network-types.md +++ b/i18n/de/advanced/communication-network-types.md @@ -1,11 +1,12 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. -[Recommended Instant Messengers](../real-time-communication.md ""){.md-button} +[Empfohlene Instant Messenger](../real-time-communication.md ""){.md-button} ## Centralized Networks @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/advanced/dns-overview.md b/i18n/de/advanced/dns-overview.md index 8b85b70f..b47af280 100644 --- a/i18n/de/advanced/dns-overview.md +++ b/i18n/de/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/advanced/payments.md b/i18n/de/advanced/payments.md new file mode 100644 index 00000000..7e046ecd --- /dev/null +++ b/i18n/de/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/de/advanced/tor-overview.md b/i18n/de/advanced/tor-overview.md index cf1311b1..dd9d2a95 100644 --- a/i18n/de/advanced/tor-overview.md +++ b/i18n/de/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.de.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/de/android.md b/i18n/de/android.md index dd54ed06..3da86daa 100644 --- a/i18n/de/android.md +++ b/i18n/de/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/basics/account-creation.md b/i18n/de/basics/account-creation.md index 7d353347..ee329f9c 100644 --- a/i18n/de/basics/account-creation.md +++ b/i18n/de/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Benutzerkontenerstellung" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Oft melden sich Menschen für Dienste an, ohne nachzudenken. Vielleicht ist es ein Streaming-Dienst, mit dem du die neue Serie, über die alle reden, sehen kannst, oder ein Konto, mit dem du einen Rabatt für dein Lieblingsrestaurant bekommst. In jedem Fall solltest du die Auswirkungen auf Ihre Daten jetzt und in Zukunft beachten. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/basics/account-deletion.md b/i18n/de/basics/account-deletion.md index d8f7cca2..2498d604 100644 --- a/i18n/de/basics/account-deletion.md +++ b/i18n/de/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/basics/common-misconceptions.md b/i18n/de/basics/common-misconceptions.md index e7a13f6a..41997417 100644 --- a/i18n/de/basics/common-misconceptions.md +++ b/i18n/de/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.de.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/de/basics/common-threats.md b/i18n/de/basics/common-threats.md index 44b5add0..e278c0cb 100644 --- a/i18n/de/basics/common-threats.md +++ b/i18n/de/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.de.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/de/basics/email-security.md b/i18n/de/basics/email-security.md index c3584818..f0c2fb57 100644 --- a/i18n/de/basics/email-security.md +++ b/i18n/de/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/basics/multi-factor-authentication.md b/i18n/de/basics/multi-factor-authentication.md index 5dc67b88..ce8f9530 100644 --- a/i18n/de/basics/multi-factor-authentication.md +++ b/i18n/de/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- -title: "Multi-Factor Authentication" +title: "Multi-Faktor-Authentifizierung" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/basics/passwords-overview.md b/i18n/de/basics/passwords-overview.md index b6526803..08574123 100644 --- a/i18n/de/basics/passwords-overview.md +++ b/i18n/de/basics/passwords-overview.md @@ -1,19 +1,20 @@ --- -title: "Introduction to Passwords" +title: "Einführung in Passwörter" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- -Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. +Passwörter sind ein wesentlicher Bestandteil unseres täglichen digitalen Lebens. Wir nutzen sie, um unsere Konten, unsere Geräte und unsere Geheimnisse zu schützen. Obwohl sie oft das Einzige sind, was zwischen uns und Angreifenden steht, die es auf unsere privaten Daten abgesehen haben, wird nicht viel über sie nachgedacht, was oft dazu führt, dass Passwörter verwendet werden, die leicht zu erraten oder mit roher Gewalt heraus findbar sind. -## Best Practices +## Bewährte Praktiken -### Use unique passwords for every service +### Verwendung einzigartiger Kennwörter Imagine this; you sign up for an account with the same e-mail and password on multiple online services. If one of those service providers is malicious, or their service has a data breach that exposes your password in an unencrypted format, all a bad actor would have to do is try that e-mail and password combination across multiple popular services until they get a hit. It doesn't matter how strong that one password is, because they already have it. This is called [credential stuffing](https://en.wikipedia.org/wiki/Credential_stuffing), and it is one of the most common ways that your accounts can be compromised by bad actors. To avoid this, make sure that you never re-use your passwords. -### Use randomly generated passwords +### Verwendung zufällig generierter Passwörter ==You should **never** rely on yourself to come up with a good password.== We recommend using [randomly generated passwords](#passwords) or [diceware passphrases](#diceware-passphrases) with sufficient entropy to protect your accounts and devices. @@ -87,9 +88,9 @@ We recommend using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/e To sum it up, diceware passphrases are your best option when you need something that is both easy to remember *and* exceptionally strong. -## Storing Passwords +## Passwörter speichern -### Password Managers +### Passwortverwaltung The best way to store your passwords is by using a password manager. They allow you to store your passwords in a file or in the cloud and protect them with a single master password. That way, you will only have to remember one strong password, which lets you access the rest of them. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/basics/threat-modeling.md b/i18n/de/basics/threat-modeling.md index 0d7ff8cf..fc1b3b41 100644 --- a/i18n/de/basics/threat-modeling.md +++ b/i18n/de/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/basics/vpn-overview.md b/i18n/de/basics/vpn-overview.md index c4f9bce1..a1a007f5 100644 --- a/i18n/de/basics/vpn-overview.md +++ b/i18n/de/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/calendar.md b/i18n/de/calendar.md index f050b6a0..bbcb033a 100644 --- a/i18n/de/calendar.md +++ b/i18n/de/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/cloud.md b/i18n/de/cloud.md index 69137bdd..2bcc2596 100644 --- a/i18n/de/cloud.md +++ b/i18n/de/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/cryptocurrency.md b/i18n/de/cryptocurrency.md new file mode 100644 index 00000000..ba06ba1e --- /dev/null +++ b/i18n/de/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/de/data-redaction.md b/i18n/de/data-redaction.md index fc71e3be..961594a8 100644 --- a/i18n/de/data-redaction.md +++ b/i18n/de/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/desktop-browsers.md b/i18n/de/desktop-browsers.md index 7b992e5a..1c21c296 100644 --- a/i18n/de/desktop-browsers.md +++ b/i18n/de/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.de.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/de/desktop.md b/i18n/de/desktop.md index f32584a2..2db4d119 100644 --- a/i18n/de/desktop.md +++ b/i18n/de/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/dns.md b/i18n/de/dns.md index 2704f0ba..867d1fd1 100644 --- a/i18n/de/dns.md +++ b/i18n/de/dns.md @@ -1,61 +1,60 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Verschlüsseltes DNS hilft dir nicht dabei, deine Browsing-Aktivitäten zu verbergen. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} -## Recommended Providers +## Empfohlene DNS-Anbieter -| DNS Provider | Privacy Policy | Protocols | Logging | ECS | Filtering | -| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------ | -| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH/3
DoT
DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | -| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH/3
DoT | Some[^2] | No | Based on server choice. | -| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH/3
DoT
DoQ | Optional[^3] | No | Based on server choice. | -| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | -| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH/3
DoT | Optional[^5] | Optional | Based on server choice. | -| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
DoH
DoT
DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. | +| DNS-Anbieter | Datenschutzerklärung | Protokolle | Logging | ECS | Filter | +| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------ | ------------ | -------- | -------------------------------------------------------------------------------------------------------------------------------------- | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Klartext
DoH/3
DoT
DNSCrypt | Some[^1] | Nein | Nach Server Wahl. Die verwendete Filterliste findest du hier. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Klartext
DoH/3
DoT | Some[^2] | Nein | Nach Server Wahl. | +| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Klartext
DoH/3
DoT
DoQ | Optional[^3] | Nein | Nach Server Wahl. | +| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | Nein[^4] | Nein | Nach Server Wahl. Die verwendete Filterliste findest du hier. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | +| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Klartext
DoH/3
DoT | Optional[^5] | Optional | Nach Server Wahl. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Klartext
DoH
DoT
DNSCrypt | Some[^6] | Optional | Nach Server Wahl, Schadware wird standardmäßig blockiert. | -## Criteria +## Kriterien -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Bitte beachte, dass wir mit keinem der Projekte, die wir empfehlen, verbunden sind.** Zusätzlich zu unseren [Standardkriterien](about/criteria.md) haben wir eine Reihe klarer Anforderungen entwickelt, die es uns ermöglichen, objektive Empfehlungen zu geben. Wir empfehlen, sich mit dieser Liste vertraut zu machen, bevor sich für ein Projekt entschieden wird und eigenen Nachforschungen anzustellen, um sicherzustellen, dass es die richtige Wahl ist. !!! example "This section is new" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Wir arbeiten daran, definierte Kriterien für jeden Bereich unserer Website festzulegen, daher kann dies sich noch ändern. Bei Fragen zu unseren Kriterien, können diese [in unserem Forum] (https://discuss.privacyguides.net/latest) gestellt werden. Und gehen Sie nicht davon aus, dass wir etwas bei unseren Empfehlungen nicht berücksichtigt haben, wenn es hier nicht aufgeführt ist. Es gibt viele Faktoren, die berücksichtigt und besprochen werden, wenn wir ein Projekt empfehlen, und die Dokumentation jedes einzelnen Faktors ist ein laufender Prozess. -- Must support [DNSSEC](advanced/dns-overview.md#what-is-dnssec). -- [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization). -- Allow for [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) to be disabled. -- Prefer [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support or geo-steering support. +- Muss [DNSSEC](advanced/dns-overview.md#what-is-dnssec) unterstützen. +- [QNAME Minimierung](advanced/dns-overview.md#what-is-qname-minimization). +- Erlaubt es [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) zu deaktivieren. +- Bevorzugt [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) Unterstützung oder Geo-Steering-Unterstützung. -## Native Operating System Support +## Unterstützung durch Betriebssysteme von Haus aus ### Android -Android 9 and above support DNS over TLS. The settings can be found in: **Settings** → **Network & Internet** → **Private DNS**. +Android 9 und höher unterstützen DNS über TLS. Die Einstellungen sind zu finden unter: **Einstellungen** → **Netzwerk & Internet** → **Privates DNS**. -### Apple Devices +### Apple-Geräte -The latest versions of iOS, iPadOS, tvOS, and macOS, support both DoT and DoH. Both protocols are supported natively via [configuration profiles](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) or through the [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings). +Die neuesten Versionen von iOS, iPadOS, tvOS und macOS unterstützen sowohl DoT als auch DoH. Beide Protokolle werden nativ über [Konfigurationsprofile](https://support.apple.com/de-de/guide/security/secf6fb9f053/web) oder über die [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings)unterstützt. -After installation of either a configuration profile or an app that uses the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings. +Nach der Installation eines Konfigurationsprofils oder einer Anwendung, die die DNS-Einstellungs-API verwendet, kann die DNS-Konfiguration ausgewählt werden. Wenn ein VPN aktiv ist, verwendet die DNS Auflösung innerhalb des VPN-Tunnels die DNS-Einstellungen des VPN und nicht deine systemweiten Einstellungen. -#### Signed Profiles +#### Signierte Profile -Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/). +Apple bietet keine native Schnittstelle zur Erstellung von Profilen mit verschlüsseltem DNS. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) ist ein inoffizielles Tool zur Erstellung eigener Profile mit verschlüsseltem DNS, diese sind jedoch nicht signiert. Signierte Profile sind zu bevorzugen; das Signieren bestätigt die Herkunft eines Profils und trägt dazu bei, die Integrität der Profile zu gewährleisten. Signierte Konfigurationsprofile erhalten ein grünes "Verifiziert"-Label. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/). !!! info - `systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. + `systemd-resolved`, das viele Linux-Distributionen für ihre DNS Abfragen verwenden, unterstützt noch nicht [DoH](https://github.com/systemd/systemd/issues/8639). Wenn trotzdem DoH verwendent werden soll, muss ein Proxy wie [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) installiert und [konfiguriert](https://wiki.archlinux.org/title/Dnscrypt-proxy) werden, um alle DNS-Anfragen vom System-Resolver entgegenzunehmen und sie über HTTPS weiterzuleiten. -## Encrypted DNS Proxies +## Verschlüsseltes DNS-Proxy -Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns). +Verschlüsseltes DNS-Proxy-Software bietet einen lokalen Proxy, an den der [unverschlüsselte DNS](advanced/dns-overview.md#unencrypted-dns) weitergeleitet wird. Normalerweise wird es auf Plattformen verwendet, die [verschlüsseltes DNS](advanced/dns-overview.md#what-is-encrypted-dns) nicht unterstützen. ### RethinkDNS @@ -64,7 +63,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right } ![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right } - **RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too. + **RethinkDNS** ist ein Open-Source Android-Client, der [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) und DNS-Proxy unterstützt, DNS-Antworten zwischenspeichert, DNS-Anfragen lokal protokolliert und auch als Firewall verwendet werden kann. [:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" } @@ -97,9 +96,9 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad - [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS) - [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux) -## Self-hosted Solutions +## Selbstgehostete Lösungen -A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed. +Eine selbst gehostete DNS-Lösung ist nützlich für die Filterung auf kontrollierten Plattformen wie Smart-TVs und anderen IoT-Geräten, da keine clientseitige Software erforderlich ist. ### AdGuard Home @@ -107,9 +106,9 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right } - **AdGuard Home** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements. + **AdGuard Home** ist ein Open-Source [DNS-Sinkhole](https://de.wikipedia.org/wiki/DNS-Sinkhole), das [DNS-Filterung](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) verwendet, um unerwünschte Webinhalte wie Werbung zu blockieren. - AdGuard Home features a polished web interface to view insights and manage blocked content. + AdGuard Home bietet eine ausgefeilte Weboberfläche, über die Einblicke erhalten und blockierte Inhalte verwalten werden können. [:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } [:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" } @@ -122,9 +121,9 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf ![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right } - **Pi-hole** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements. + **Pi-hole** ist ein Open-Source [DNS-Sinkhole](https://de.wikipedia.org/wiki/DNS-Sinkhole), das [DNS-Filterung](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) verwendet, um unerwünschte Webinhalte wie Werbung zu blockieren. - Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content. + Pi-hole ist für den Betrieb auf einem Raspberry Pi konzipiert, ist aber nicht auf diese Hardware beschränkt. The software features a friendly web interface to view insights and manage blocked content. [:octicons-home-16: Homepage](https://pi-hole.net/){ .md-button .md-button--primary } [:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Privacy Policy" } @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.de.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/de/email-clients.md b/i18n/de/email-clients.md index 4fe1374c..eec0e292 100644 --- a/i18n/de/email-clients.md +++ b/i18n/de/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/email.md b/i18n/de/email.md index 123f70a1..7dc5562b 100644 --- a/i18n/de/email.md +++ b/i18n/de/email.md @@ -1,23 +1,36 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- -Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. +E-Mail ist praktisch eine Notwendigkeit für die Nutzung aller Online-Dienste, wir empfehlen sie jedoch nicht für Gespräche von Mensch zu Mensch. Anstatt E-Mails für die Kontaktaufnahme mit anderen Personen zu verwenden, sollte ein Instant Messenger benutzt werden, der vorwärts gerichtete Geheimhaltung(forward secrecy) unterstützt. -[Recommended Instant Messengers](real-time-communication.md ""){.md-button} +[Empfohlene Instant Messenger](real-time-communication.md ""){.md-button} -For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +Für alles andere empfehlen wir eine Reihe von E-Mail-Anbietern, die auf nachhaltigen Geschäftsmodellen basieren und integrierten Sicherheits- und Datenschutzfunktionen bieten. -## OpenPGP Compatible Services +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +## OpenPGP-kompatible Dienste + +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. Zum Beispiel können Proton Mail-Benutzende eine E2EE-Nachricht an Mailbox.org-Benutzende senden, oder sie können OpenPGP-verschlüsselte Benachrichtigungen von Internetdiensten erhalten, die dies unterstützen. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning - When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about [email metadata](basics/email-security.md#email-metadata-overview). + Bei der Verwendung von E2EE-Technologien wie OpenPGP enthalten E-Mails immer noch einige Metadaten in der Kopfzeile der E-Mail die nicht verschlüsselt sind. Mehr über [E-Mail Medadaten](basics/email-security.md#email-metadata-overview). - OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys) + OpenPGP unterstützt auch keine vorwärts gerichtete Geheimhaltung, d.h. wenn entweder der eigene private Schlüssel oder der der Empfangenden gestohlen wird, sind alle vorher damit verschlüsselten Nachrichten offengelegt. [Wie schütze ich meine privaten Schlüssel?](basics/email-security.md#how-do-i-protect-my-private-keys) ### Proton Mail @@ -25,7 +38,7 @@ These providers natively support OpenPGP encryption/decryption, allowing for pro ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } - **Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan. + **Proton Mail** ist ein E-Mail-Dienst mit dem Schwerpunkt auf Datenschutz, Verschlüsselung, Sicherheit und Benutzerfreundlichkeit. Sie sind seit **2013** in Betrieb. Die Proton AG hat ihren Sitz in Genève, Schweiz. Konten im kostenlosen Tarif beginnen mit 500 MB Speicherplatz. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -43,47 +56,47 @@ These providers natively support OpenPGP encryption/decryption, allowing for pro - [:simple-linux: Linux](https://proton.me/mail/bridge#download) - [:octicons-browser-16: Web](https://mail.proton.me) -Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com). +Kostenlose Konten haben einige Einschränkungen, wie z. B. die fehlende Möglichkeit, Text zu durchsuchen, und keinen Zugang zu [Proton Mail Bridge](https://proton.me/mail/bridge), die für die Verwendung eines [empfohlenen Desktop-E-Mail-Programms](email-clients.md) (z. B. Thunderbird) erforderlich ist. Bezahlte Konten umfassen Funktionen wie Proton Mail Bridge, zusätzlichen Speicher und das Verwenden eigener Domains. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com). If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free. Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -376,11 +403,11 @@ For a more manual approach we've picked out these two articles: **Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you. -### Technology +### Technologie We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Encrypts email account data at rest with zero-access encryption. - Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) standard. @@ -398,11 +425,11 @@ We regard these features as important in order to provide a safe and optimal ser - Catch-all or alias functionality for those who own their own domains. - Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. -### Privacy +### Datenschutz -We prefer our recommended providers to collect as little data as possible. +Wir ziehen es vor, dass die von uns empfohlenen Anbieter*innen so wenig Daten wie möglich sammeln. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Protect sender's IP address. Filter it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. @@ -411,13 +438,13 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) -### Security +### Sicherheit Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Protection of webmail with 2FA, such as TOTP. - Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,13 +470,13 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) -### Trust +### Vertrauen You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Public-facing leadership or ownership. @@ -462,7 +489,7 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t With the email providers we recommend we like to see responsible marketing. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Must self-host analytics (no Google Analytics, Adobe Analytics, etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. @@ -478,8 +505,6 @@ Must not have any marketing which is irresponsible: - Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. -### Additional Functionality +### Zusätzliche Funktionalitäten While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/encryption.md b/i18n/de/encryption.md index 03e5431c..ded8533b 100644 --- a/i18n/de/encryption.md +++ b/i18n/de/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/file-sharing.md b/i18n/de/file-sharing.md index bed93f5f..3e79d791 100644 --- a/i18n/de/file-sharing.md +++ b/i18n/de/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/financial-services.md b/i18n/de/financial-services.md new file mode 100644 index 00000000..480c924c --- /dev/null +++ b/i18n/de/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/de/frontends.md b/i18n/de/frontends.md index 9e68622b..7f245f41 100644 --- a/i18n/de/frontends.md +++ b/i18n/de/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/index.md b/i18n/de/index.md index 1ca23af1..570c06fc 100644 --- a/i18n/de/index.md +++ b/i18n/de/index.md @@ -7,38 +7,36 @@ hide: --- -## Why should I care? +## Warum sollte mich das interessieren? -##### “I have nothing to hide. Why should I care about my privacy?” +##### "Ich habe nichts zu verbergen. Warum sollte ich mir Sorgen um meine Privatsphäre machen?" -Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, our right to privacy hasn't always been upheld. In several dictatorships, it still isn't. Generations before ours fought for our right to privacy. ==Privacy is a human right, inherent to all of us,== that we are entitled to (without discrimination). +Ähnlich wie das Recht auf gemischtrassige Ehen, das Frauenwahlrecht, das Recht auf freie Meinungsäußerung und viele andere wurde unser Recht auf Privatsphäre nicht immer gewährt. In einigen Diktaturen ist das immer noch der Fall. Generationen vor uns haben für unser Recht auf Privatsphäre gekämpft. ==Privatsphäre ist ein Menschenrecht, das uns allen innewohnt,== auf das wir (ohne Diskriminierung) Anspruch haben. -You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. **Everyone** has something to protect. Privacy is something that makes us human. +Privatsphäre sollte nicht mit Geheimhaltung verwechselt werden. Wir wissen, was auf der Toilette passiert, aber machen trotzdem die Tür zu. Das liegt daran, dass wir Privatsphäre wollen, keine Geheimhaltung. **Alle** haben etwas zu schützen. Privatsphäre ist etwas, das uns menschlich macht. -[:material-target-account: Common Internet Threats](basics/common-threats.md ""){.md-button.md-button--primary} +[:material-target-account: Häufige Internetbedrohungen](basics/common-threats.md ""){.md-button.md-button--primary} -## What should I do? +## Was kann ich tun? -##### First, you need to make a plan +##### Zunächst muss ein Plan erstellt werden -Trying to protect all your data from everyone all the time is impractical, expensive, and exhausting. But don't worry! Security is a process, and, by thinking ahead, you can put together a plan that's right for you. Security isn't just about the tools you use or the software you download. Rather, it begins by understanding the unique threats you face, and how you can mitigate them. +Der Versuch, alle unsere Daten ständig vor allen zu schützen, ist unpraktisch, teuer und anstrengend. Aber keine Sorge! Sicherheit ist ein Prozess, und durch vorausschauendes denken, kannst du einen Plan erstellen, der für dich geeignet ist. Bei Sicherheit geht es nicht nur um die Tools, die du verwendest, oder die Software, die du herunterlädst. Vielmehr geht es darum, die einzigartigen Bedrohungen zu verstehen, mit denen du konfrontiert bist, und herauszufinden, wie diese entschärft werden können. -==This process of identifying threats and defining countermeasures is called **threat modeling**==, and it forms the basis of every good security and privacy plan. +== Dieser Prozess der Identifizierung von Bedrohungen und der Festlegung von Gegenmaßnahmen wird als **Bedrohungsanalyse** bezeichnet== und bildet die Grundlage für jeden guten Sicherheits- und Datenschutzplan. -[:material-book-outline: Learn More About Threat Modeling](basics/threat-modeling.md ""){.md-button.md-button--primary} +[:material-book-outline: Mehr über die Bedrohungsanalyse erfahren](basics/threat-modeling.md ""){.md-button.md-button--primary} --- -## We need you! Here's how to get involved: +## Wir brauchen dich! Hier ist, wie man sich beteiligt: -[:simple-discourse:](https://discuss.privacyguides.net/){ title="Join our Forum" } -[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Follow us on Mastodon" } -[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Contribute to this website" } -[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Help translate this website" } -[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chat with us on Matrix" } -[:material-information-outline:](about/index.md){ title="Learn more about us" } -[:material-hand-coin-outline:](about/donate.md){ title="Support the project" } +[:simple-discourse:](https://discuss.privacyguides.net/){ title="Trete unserem Forum bei" } +[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Folge uns auf Mastodon" } +[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Trage zu dieser Website bei" } +[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Hilf diese Website zu Übersetze" } +[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chatte mit uns auf Matrix" } +[:material-information-outline:](about/index.md){ title="Erfahre mehr über uns" } +[:material-hand-coin-outline:](about/donate.md){ title="Unterstütze das Projekt" } -It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.de.txt" +Es ist wichtig, dass eine Website wie Privacy Guides immer auf dem neuesten Stand bleibt. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. Es ist schwer, mit der Schnelllebigkeit des Internets Schritt zu halten, aber wir versuchen unser Bestes. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. diff --git a/i18n/de/kb-archive.md b/i18n/de/kb-archive.md index f05d9780..92daee33 100644 --- a/i18n/de/kb-archive.md +++ b/i18n/de/kb-archive.md @@ -1,11 +1,12 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog -Einige Seiten, die früher in unserer Wissensdatenbank waren, sind jetzt in unserem Blog zu finden: +Some pages that used to be in our knowledge base can now be found on our blog: - [GrapheneOS vs. CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) - [Signal Configuration Hardening](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) @@ -14,5 +15,3 @@ Einige Seiten, die früher in unserer Wissensdatenbank waren, sind jetzt in unse - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/meta/brand.md b/i18n/de/meta/brand.md index 48e84900..25bb5035 100644 --- a/i18n/de/meta/brand.md +++ b/i18n/de/meta/brand.md @@ -2,7 +2,7 @@ title: Branding Guidelines --- -The name of the website is **Privacy Guides** and should **not** be changed to: +Der Name der Website lautet **Privacy Guides** und sollte **nicht** geändert werden zu:
- PrivacyGuides @@ -11,14 +11,12 @@ The name of the website is **Privacy Guides** and should **not** be changed to: - PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**. +Der Name des Subreddits lautet **r/PrivacyGuides** oder **the Privacy Guides Subreddit**. -Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand) +Weitere Branding-Richtlinien können unter [github.com/privacyguides/brand](https://github.com/privacyguides/brand) gefunden werden -## Trademark +## Markenzeichen -"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. +"Privacy Guides" und das Schild-Logo sind Markenzeichen von Jonah Aragon, die uneingeschränkte Nutzung wird dem Privacy Guides Projekt gewährt. -Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.de.txt" +Ohne auf seine Rechte zu verzichten, berät Privacy Guides andere nicht über den Umfang seiner geistigen Eigentumsrechte. Privacy Guides erlaubt oder genehmigt keine Verwendung seiner Markenzeichen in einer Art und Weise, die zu Verwechslungen führen kann, indem sie eine Verbindung mit oder ein Sponsoring durch Privacy Guides impliziert. Wenn Sie Kenntnis von einer solchen Nutzung haben, wenden Sie sich bitte an Jonah Aragon unter jonah@privacyguides.org. Wenden Sie sich an Ihren Rechtsbeistand, wenn Sie Fragen haben. diff --git a/i18n/de/meta/git-recommendations.md b/i18n/de/meta/git-recommendations.md index 0837d554..b154211b 100644 --- a/i18n/de/meta/git-recommendations.md +++ b/i18n/de/meta/git-recommendations.md @@ -1,10 +1,10 @@ --- -title: Git Recommendations +title: Git Empfehlungen --- If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations. -## Enable SSH Key Commit Signing +## SSH-Schlüssel Commit-Signierung aktivieren You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent). @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/meta/uploading-images.md b/i18n/de/meta/uploading-images.md index c9edf212..47fa880a 100644 --- a/i18n/de/meta/uploading-images.md +++ b/i18n/de/meta/uploading-images.md @@ -1,23 +1,23 @@ --- -title: Uploading Images +title: Bilder hochladen --- -Here are a couple of general rules for contributing to Privacy Guides: +Hier sind einige allgemeine Regeln um zu Privacy Guides beizutragen: -## Images +## Bilder -- We **prefer** SVG images, but if those do not exist we can use PNG images +- Wir **bevorzugen** SVG-Bilder, aber wenn diese nicht vorhanden sind, können wir PNG-Bilder verwenden -Company logos have canvas size of: +Firmenlogos haben eine Leinwandgröße von: - 128x128px - 384x128px -## Optimization +## Optimierung ### PNG -Use the [OptiPNG](https://sourceforge.net/projects/optipng/) to optimize the PNG image: +Verwende [OptiPNG](https://sourceforge.net/projects/optipng/) um das PNG-Bild zu optimieren: ```bash optipng -o7 file.png @@ -27,51 +27,51 @@ optipng -o7 file.png #### Inkscape -[Scour](https://github.com/scour-project/scour) all SVG images. +[Scour](https://github.com/scour-project/scour) alle SVG-Bilder. In Inkscape: -1. File Save As.. -2. Set type to Optimized SVG (*.svg) +1. Speichern unter... +2. Dateityp auf "Optimiertes SVG (*.svg)" setzen -In the **Options** tab: +In der **Optionen** Registerkarte: -- **Number of significant digits for coordinates** > **5** -- [x] Turn on **Shorten color values** -- [x] Turn on **Convert CSS attributes to XML attributes** -- [x] Turn on **Collapse groups** -- [x] Turn on **Create groups for similar attributes** -- [ ] Turn off **Keep editor data** -- [ ] Turn off **Keep unreferenced definitions** -- [x] Turn on **Work around renderer bugs** +- **Anzahl der signifikaten Stellen für Koordinaten** > **5** +- [x] Einschalten **Farbwerte kürzen** +- [x] Einschalten **CSS-Attribute in XML-Attribute umwandeln** +- [x] Einschalten **Gruppen zusammenklappen** +- [x] Einschalten **Gruppen für ähnliche Attribute erstellen** +- [ ] Ausschalten **Editor-Daten erhalten** +- [ ] Ausschalten **Unreferenzierte Definitionen erhalten** +- [x] Einschalten **Renderer-Fehler umgehen** -In the **SVG Output** tab under **Document options**: +In der **SVG-Ausgabe** Registerkarte unter **Dokumenteinstellungen**: -- [ ] Turn off **Remove the XML declaration** -- [x] Turn on **Remove metadata** -- [x] Turn on **Remove comments** -- [x] Turn on **Embeded raster images** -- [x] Turn on **Enable viewboxing** +- [ ] Ausschalten **XML-Deklaration entfernen** +- [x] Einschalten **Metadaten entfernen** +- [x] Einschalten **Kommentare entfernen** +- [x] Einschalten **Rasterbilder einbetten** +- [x] Einschalten **Viewbox aktivieren** -In the **SVG Output** under **Pretty-printing**: +In der **SVG-Ausgabe** Registerkarte unter **Formatierung**: -- [ ] Turn off **Format output with line-breaks and indentation** -- **Indentation characters** > Select **Space** -- **Depth of indentation** > **1** -- [ ] Turn off **Strip the "xml:space" attribute from the root SVG element** +- [ ] Ausschalten **Ausgabe mit Zeilenumbrüchen und Einrückungen formatieren** +- **Zeichen für Einrückungen** > Wähle **Leerzeichen** +- **Einrücktiefe** > **1** +- [ ] Ausschalten **"xml:space"-Attribut vom SVG-Wurzelelement entfernen** -In the **IDs** tab: +In der **IDs** Registerkarte: -- [x] Turn on **Remove unused IDs** -- [ ] Turn off **Shorten IDs** -- **Prefix shortened IDs with** > `leave blank` -- [x] Turn on **Preserve manually created IDs not ending with digits** -- **Preserve the following IDs** > `leave blank` -- **Preserve IDs starting with** > `leave blank` +- [x] Einschalten **Unbenutzte IDs entfernen** +- [ ] Ausschalten **IDs kürzen** +- **Präfix für gekürzte IDs** > `leer lassen` +- [x] Einschalten **Manuell erstellte IDs, die nicht mit Ziffern enden, erhalten** +- **Folgende IDs erhalten** > `leer lassen` +- **IDs mit folgendem Präfix erhalten** > `leer lassen` #### CLI -The same can be achieved with the [Scour](https://github.com/scour-project/scour) command: +Das Gleiche kann mit dem [Scour](https://github.com/scour-project/scour) Befehl erreicht werden: ```bash scour --set-precision=5 \ @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/meta/writing-style.md b/i18n/de/meta/writing-style.md index 6e387035..e422d4a6 100644 --- a/i18n/de/meta/writing-style.md +++ b/i18n/de/meta/writing-style.md @@ -8,68 +8,68 @@ In general the [United States federal plain language guidelines](https://www.pla ## Writing for our audience -Privacy Guides' intended [audience](https://www.plainlanguage.gov/guidelines/audience/) is primarily average, technology using adults. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with. +Das [Zielpublikum](https://www.plainlanguage.gov/guidelines/audience/) von Privacy Guides besteht hauptsächlich aus durchschnittlichen, Techniknutzenden Erwachsenen. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with. ### Address only what people want to know -People don't need overly complex articles with little relevance to them. Figure out what you want people to accomplish when writing an article, and only include those details. +Menschen brauchen keine übermäßig komplexen Artikel mit geringer Relevanz für sie. Figure out what you want people to accomplish when writing an article, and only include those details. > Tell your audience why the material is important to them. Say, “If you want a research grant, here’s what you have to do.” Or, “If you want to mine federal coal, here’s what you should know.” Or, “If you’re planning a trip to Rwanda, read this first.” -### Address people directly +### Personen direkt ansprechen -We're writing *for* a wide variety of people, but we are writing *to* the person who is actually reading it. Use "you" to address the reader directly. +Wir schreiben *für* für eine Vielzahl von Menschen, aber wir schreiben *an* die Person, die es tatsächlich liest. Use "you" to address the reader directly. > More than any other single technique, using “you” pulls users into the information and makes it relevant to them. > > When you use “you” to address users, they are more likely to understand what their responsibility is. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/) +Quelle: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/) ### Avoid "users" Avoid calling people "users", in favor of "people", or a more specific description of the group of people you are writing for. -## Organizing content +## Organisieren von Inhalten -Organization is key. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas. +Organisieren ist der Schlüssel. Inhalte sollten von den wichtigsten zu den am wenigsten wichtigen Informationen fließen und Kopfzeilen so oft wie nötig verwendet werden, um verschiedene Ideen logisch zu trennen. -- Limit the document to around five or six sections. Long documents should probably be broken up into separate pages. +- Limit the document to around five or six sections. Lange Dokumente sollten wahrscheinlich in einzelne Seiten aufgeteilt werden. - Mark important ideas with **bold** or *italics*. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/) +Quelle: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/) ### Begin with a topic sentence -> If you tell your reader what they’re going to read about, they’re less likely to have to read your paragraph again. Headings help, but they’re not enough. Establish a context for your audience before you provide them with the details. +> If you tell your reader what they’re going to read about, they’re less likely to have to read your paragraph again. Überschriften sind hilfreich, reichen aber nicht aus. Establish a context for your audience before you provide them with the details. > -> We often write the way we think, putting our premises first and then our conclusion. It may be the natural way to develop thoughts, but we wind up with the topic sentence at the end of the paragraph. Move it up front and let users know where you’re going. Don’t make readers hold a lot of information in their heads before getting to the point. +> Wir schreiben oft so, wie wir denken, indem wir zuerst unsere Prämissen und dann unsere Schlussfolgerung formulieren. Es mag die natürliche Art sein, Gedanken zu entwickeln, aber wir enden mit dem Themensatz am Ende des Absatzes. Move it up front and let users know where you’re going. Don’t make readers hold a lot of information in their heads before getting to the point. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/) +Quelle: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/) ## Choose your words carefully -> Words matter. They are the most basic building blocks of written and spoken communication. Don’t complicate things by using jargon, technical terms, or abbreviations that people won’t understand. +> Worte sind von Bedeutung. Sie sind die grundlegenden Bausteine der schriftlichen und mündlichen Kommunikation. Don’t complicate things by using jargon, technical terms, or abbreviations that people won’t understand. -We should try to avoid abbreviations where possible, but technology is full of abbreviations. In general, spell out the abbreviation/acronym the first time it is used on a page, and add the abbreviation to the abbreviation glossary file when it is used repeatedly. +Wir sollten versuchen, Abkürzungen so weit wie möglich zu vermeiden, aber Technologie ist voll von Abkürzungen. Im Allgemeinen sollte die Abkürzung/das Akronym ausgeschrieben werden, wenn sie/es zum ersten Mal auf einer Seite verwendet wird, und die Abkürzung in die Glossar-Datei für Abkürzungen aufgenommen werden, wenn sie wiederholt verwendet wird. > Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences: > > > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. on weekends. > -> And the original, using stronger, simpler words: +> Und das Original, mit stärkeren, einfacheren Worten: > -> > More night jobs would keep youths off the streets. +> > Mehr Nachtjobs würden die Jugendlichen von der Straße fernhalten. -## Be concise +## Prägnant sein -> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective. +> Unnecessary words waste your audience’s time. Gutes Schreiben ist wie ein Gespräch. Omit information that the audience doesn’t need to know. Als Fachexperte kann dies schwierig sein, daher ist es wichtig, dass jemand die Informationen aus der Perspektive des Publikums betrachtet. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) +Quelle: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) ## Keep text conversational -> Verbs are the fuel of writing. They give your sentences power and direction. They enliven your writing and make it more interesting. +> Verben sind der Treibstoff des Schreibens. Sie geben Sätzen Kraft und Richtung. They enliven your writing and make it more interesting. > > Verbs tell your audience what to do. Make sure it’s clear who does what. @@ -79,11 +79,9 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversational/use-active-voice/) -### Use "must" for requirements +### Verwendung von "muss" für Anforderungen -> - “must” for an obligation -> - “must not” for a prohibition -> - “may” for a discretionary action -> - “should” for a recommendation - ---8<-- "includes/abbreviations.de.txt" +> - "musst" für eine Verpflichtung +> - "darf nicht" für ein Verbot +> - "kann" für eine Ermessensentscheidung +> - "sollte" für eine Empfehlung diff --git a/i18n/de/mobile-browsers.md b/i18n/de/mobile-browsers.md index 5e891156..d7adee8f 100644 --- a/i18n/de/mobile-browsers.md +++ b/i18n/de/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/multi-factor-authentication.md b/i18n/de/multi-factor-authentication.md index 1a0e3c6f..41030fe3 100644 --- a/i18n/de/multi-factor-authentication.md +++ b/i18n/de/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/news-aggregators.md b/i18n/de/news-aggregators.md index 0f608abb..2dad5ac0 100644 --- a/i18n/de/news-aggregators.md +++ b/i18n/de/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/notebooks.md b/i18n/de/notebooks.md index 4cab1dc1..0739f668 100644 --- a/i18n/de/notebooks.md +++ b/i18n/de/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/os/android-overview.md b/i18n/de/os/android-overview.md index 36c303d3..a78631a2 100644 --- a/i18n/de/os/android-overview.md +++ b/i18n/de/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/os/linux-overview.md b/i18n/de/os/linux-overview.md index 8a7d874d..8ec2c9e7 100644 --- a/i18n/de/os/linux-overview.md +++ b/i18n/de/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/os/qubes-overview.md b/i18n/de/os/qubes-overview.md index c731f8a3..17b286b9 100644 --- a/i18n/de/os/qubes-overview.md +++ b/i18n/de/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/passwords.md b/i18n/de/passwords.md index c927cdb0..e81f1186 100644 --- a/i18n/de/passwords.md +++ b/i18n/de/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/productivity.md b/i18n/de/productivity.md index bce9403a..4490325d 100644 --- a/i18n/de/productivity.md +++ b/i18n/de/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/real-time-communication.md b/i18n/de/real-time-communication.md index 196ef5ab..68f9d767 100644 --- a/i18n/de/real-time-communication.md +++ b/i18n/de/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/router.md b/i18n/de/router.md index b14af0c7..64521da3 100644 --- a/i18n/de/router.md +++ b/i18n/de/router.md @@ -1,6 +1,7 @@ --- title: "Router-Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Nachstehend sind ein paar alternative Betriebssysteme gelistet, die auf Routern, WLAN-Zugangspunkten usw. eingesetzt werden können. @@ -47,5 +48,3 @@ OPNsense wurde ursprünglich als Fork von [pfSense](https://en.wikipedia.org/wik - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/search-engines.md b/i18n/de/search-engines.md index ff48997d..911525d7 100644 --- a/i18n/de/search-engines.md +++ b/i18n/de/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/tools.md b/i18n/de/tools.md index 46ddd66b..bc52a698 100644 --- a/i18n/de/tools.md +++ b/i18n/de/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/tor.md b/i18n/de/tor.md index 8352feb5..3d10ffb9 100644 --- a/i18n/de/tor.md +++ b/i18n/de/tor.md @@ -1,11 +1,12 @@ --- -title: "Tor Network" +title: "Tor-Netzwerk" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } -The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool. +Das **Tor** Netzwerk besteht aus von freiwillig betriebenen Servern, die es ermöglichen, kostenlos die eigene Privatsphäre und Sicherheit im Internet zu verbessern. Einzelpersonen und Organisationen können auch Informationen über das Tor-Netzwerk mit ".onion versteckten Diensten" austauschen, ohne ihre Privatsphäre zu gefährden. Da der Tor-Verkehr schwer zu blockieren und zurückzuverfolgen ist, ist Tor ein effektives Werkzeug zur Zensur Umgehung. [:octicons-home-16:](https://www.torproject.org){ .card-link title=Homepage } [:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" } @@ -13,17 +14,11 @@ The **Tor** network is a group of volunteer-operated servers that allows you to [:octicons-code-16:](https://gitweb.torproject.org/tor.git){ .card-link title="Source Code" } [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute } -Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. +Tor funktioniert, indem es deinen Internetverkehr über diese von Freiwilligen betriebenen Server leitet, anstatt eine direkte Verbindung zu der Website herzustellen, die du besuchen willst. Dadurch wird verschleiert, woher der Datenverkehr kommt, und kein Server im Verbindungspfad ist in der Lage, den vollständigen Pfad zu sehen, woher der Datenverkehr kommt und wohin er geht, was bedeutet, dass selbst die Server, die du für die Verbindung verwendest, deiner Anonymität nichts anhaben können. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
+[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) - -## Connecting to Tor +## Verbinden mit Tor There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for anonymous browsing for desktop computers and Android. In addition to the apps listed below, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser. @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/video-streaming.md b/i18n/de/video-streaming.md index e42141dc..e62ce3da 100644 --- a/i18n/de/video-streaming.md +++ b/i18n/de/video-streaming.md @@ -1,9 +1,10 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- -The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. +Die primäre Bedrohung bei der Nutzung einer Videostreaming-Plattform besteht darin, dass deine Streaming-Gewohnheiten und Abonnementlisten dazu verwendet werden könnten, um ein Profil von dir zu erstellen. Du solltest diese Tools zusammen mit einem [VPN](vpn.md) oder [Tor](https://www.torproject.org/) verwenden, damit nicht so leicht ein Nutzungsprofil von dir erstellt werden kann. ## LBRY @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/de/vpn.md b/i18n/de/vpn.md index b1576bda..b7f60687 100644 --- a/i18n/de/vpn.md +++ b/i18n/de/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPNs bieten keine Anonymität" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -13,82 +22,13 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices. - [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } + [Tor herunterladen](https://www.torproject.org/){ .md-button .md-button--primary } [Tor-Mythen & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +## Empfohlene Anbieter -## Recommended Providers - -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Die von uns empfohlenen Anbieter verwenden Verschlüsselung, akzeptieren Monero, unterstützen WireGuard & OpenVPN und haben eine No-Logging-Richtlinie. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -96,12 +36,12 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. ![IVPN logo](assets/img/vpn/ivpn.svg){ align=right } - **IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar. + **IVPN** ist ein weiterer Premium-VPN-Anbieter und ist seit 2009 aktiv. IVPN hat den Sitz in Gibraltar. [:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" } + [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Datenschutzrichtlinie" } + [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Quellcode" } ??? downloads @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Der Grund dafür ist eine kürzere Route (weniger Sprünge) zum Ziel. +{ .annotate } -1. Last checked: 2022-09-16 +1. Stand: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN unterstützt das WireGuard®-Protokoll. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Darüber hinaus zielt WireGuard darauf ab, einfacher und leistungsfähiger zu sein. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN-Clients unterstützen Zwei-Faktor-Authentifizierung (die Clients von Mullvad nicht). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -155,13 +96,13 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } - **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not have a free trial. + **Mullvad** ist ein schnelles und preiswertes VPN mit einem ernsthaften Fokus auf Transparenz und Sicherheit. Mullvad ist seit **2009** in Betrieb. Mullvad ist in Schweden ansässig und bietet keine kostenlose Testversion an. [:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary } - [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" } + [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Dienst" } + [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Datenschutzrichtlinie" } + [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Quellcode" } ??? downloads @@ -172,102 +113,167 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Der Grund dafür ist eine kürzere Route (weniger Sprünge) zum Ziel. +{ .annotate } + +1. Stand: 2023-01-19 + +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). + +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. Sie akzeptieren auch Swish- und Banküberweisungen. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad unterstützt das WireGuard®-Protokoll. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Darüber hinaus zielt WireGuard darauf ab, einfacher und leistungsfähiger zu sein. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2023-01-19 - -??? success "Independently Audited" - - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + **Proton VPN** ist ein starker Anwärter im VPN-Bereich und ist seit 2016 in Betrieb. Die Proton AG hat ihren Sitz in der Schweiz und bietet sowohl eine begrenzte kostenlose als auch eine umfangreichere Premium-Option an. - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Datenschutzrichtlinie" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Quellcode" } - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + ??? downloads - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. - - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Der Grund dafür ist eine kürzere Route (weniger Sprünge) zum Ziel. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Stand: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +Im Januar 2020 hat sich Proton VPN einem unabhängigen Audit durch SEC Consult unterzogen. SEC Consult fand einige Sicherheitslücken mit mittlerem und niedrigem Risiko in den Windows-, Android- und iOS-Anwendungen von Proton VPN, die alle von Proton VPN vor der Veröffentlichung der Berichte "ordnungsgemäß behoben" wurden. Keines der festgestellten Probleme hätte angreifenden Fernzugriff auf dein Gerät oder deinen Datenverkehr ermöglicht. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN unterstützt hauptsächlich das WireGuard®-Protokoll. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Darüber hinaus zielt WireGuard darauf ab, einfacher und leistungsfähiger zu sein. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding -## Criteria +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN Clients unterstützen Zwei-Faktor-Authentifizierung auf allen Plattformen außer Linux. Proton VPN hat eigene Server und Rechenzentren in der Schweiz, Island und Schweden. Sie bieten mit ihrem DNS-Dienst die Möglichkeit, Werbung und Schadware zu blockieren. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. Wenn du diese Funktion benötigst und einen Mac mit Intel-Chipsatz verwendest, solltest du einen anderen VPN-Dienst nutzen. + +## Kriterien !!! danger - It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy. + It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. Ein VPN ist kein Werkzeug für illegale Aktivitäten. Verlasse dich nicht auf "no Log" Richtlienen. -**Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible. +**Bitte beachte, dass wir mit keinem der Projekte, die wir empfehlen, verbunden sind. Dies ermöglicht es uns, völlig objektive Empfehlungen zu geben.** Zusätzlich zu unseren [Standardkriterien](about/criteria.md) haben wir eine Reihe klarer Anforderungen für alle VPN-Anbieter*innen entwickelt, die empfohlen werden wollen, darunter starke Verschlüsselung, unabhängige Sicherheitsprüfungen, moderne Technologie und mehr. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible. -### Technology +### Technologie We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** -- Support for strong protocols such as WireGuard & OpenVPN. -- Killswitch built in to clients. -- Multihop support. Multihopping is important to keep data private in case of a single node compromise. -- If VPN clients are provided, they should be [open-source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing. +- Unterstützung von starken Protokollen wie WireGuard & OpenVPN. +- Notaus ist in den Clients integriert. +- Multihop-Unterstützung. Multihopping ist wichtig, um Daten im Falle einer Kompromittierung eines einzelnen Knotens geheim zu halten. +- Wenn VPN-Clients zur Verfügung gestellt werden, sollten sie [Open Source](https://de.wikipedia.org/wiki/Open_Source)sein, wie die VPN-Software, die in der Regel in sie integriert ist. Wir sind der Meinung, dass [Quellcode](https://de.wikipedia.org/wiki/Quelltext) mehr Transparenz darüber bietet, was dein Gerät tatsächlich tut. **Best Case:** -- WireGuard and OpenVPN support. -- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.) -- Easy-to-use VPN clients -- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses. +- Unterstützung von WireGuard und OpenVPN. +- Notaus mit hochgradig konfigurierbaren Optionen (Aktivierung/Deaktivierung in bestimmten Netzen, beim Booten usw.) +- Einfach zu bedienende VPN-Clients +- Unterstützt [IPv6](https://de.wikipedia.org/wiki/IPv6). Wir erwarten, dass die Server eingehende Verbindungen über IPv6 zulassen und dir den Zugang zu Diensten ermöglichen, die auf IPv6-Adressen gehostet werden. - Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble). -### Privacy +### Datenschutz -We prefer our recommended providers to collect as little data as possible. Not collecting personal information on registration, and accepting anonymous forms of payment are required. +Wir ziehen es vor, dass die von uns empfohlenen Anbieter*innen so wenig Daten wie möglich sammeln. Der Verzicht auf die Erhebung personenbezogener Daten bei der Anmeldung und die Annahme anonymer Zahlungsformen sind erforderlich. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** -- Monero or cash payment option. -- No personal information required to register: Only username, password, and email at most. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. +- Für die Registrierung sind keine persönlichen Daten erforderlich: Höchstens Benutzername, Passwort und E-Mail. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). -### Security +### Sicherheit A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption. - Perfect Forward Secrecy (PFS). @@ -280,11 +286,11 @@ A VPN is pointless if it can't even provide adequate security. We require all ou - Comprehensive published security audits from a reputable third-party firm. - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. -### Trust +### Vertrauen You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Public-facing leadership or ownership. @@ -297,7 +303,7 @@ You wouldn't trust your finances to someone with a fake identity, so why trust t With the VPN providers we recommend we like to see responsible marketing. -**Minimum to Qualify:** +**Mindestvoraussetzung um zu qualifizieren:** - Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out. @@ -316,8 +322,6 @@ Responsible marketing that is both educational and useful to the consumer could - An accurate comparison to when [Tor](tor.md) should be used instead. - Availability of the VPN provider's website over a [.onion service](https://en.wikipedia.org/wiki/.onion) -### Additional Functionality +### Zusätzliche Funktionalitäten While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.de.txt" diff --git a/i18n/el/404.md b/i18n/el/404.md index c25b06d1..868dd7b6 100644 --- a/i18n/el/404.md +++ b/i18n/el/404.md @@ -1,11 +1,15 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Δε βρέθηκε -Δεν μπορέσαμε να βρούμε τη σελίδα που ψάχνατε! Ίσως ψάχνατε για ένα από αυτά; +We couldn't find the page you were looking for! Maybe you were looking for one of these? - [Εισαγωγή στα Μοντέλα Απειλών](basics/threat-modeling.md) - [Προτεινόμενοι Πάροχοι DNS](dns.md) @@ -13,5 +17,3 @@ hide: - [Οι καλύτεροι πάροχοι VPN](vpn.md) - [Φόρουμ Οδηγών Απορρήτου](https://discuss.privacyguides.net) - [Το Blog μας](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/criteria.md b/i18n/el/about/criteria.md index 2f6e0138..3084230b 100644 --- a/i18n/el/about/criteria.md +++ b/i18n/el/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/donate.md b/i18n/el/about/donate.md index ce55e01c..8accd67a 100644 --- a/i18n/el/about/donate.md +++ b/i18n/el/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/index.md b/i18n/el/about/index.md index 2ba94952..619406fe 100644 --- a/i18n/el/about/index.md +++ b/i18n/el/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/notices.md b/i18n/el/about/notices.md index 0d4aca09..bb32edd5 100644 --- a/i18n/el/about/notices.md +++ b/i18n/el/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/privacy-policy.md b/i18n/el/about/privacy-policy.md index 5e6c805f..26c668d1 100644 --- a/i18n/el/about/privacy-policy.md +++ b/i18n/el/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/privacytools.md b/i18n/el/about/privacytools.md index c8e9878a..515c21f5 100644 --- a/i18n/el/about/privacytools.md +++ b/i18n/el/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/services.md b/i18n/el/about/services.md index 7a8088af..71f2c95b 100644 --- a/i18n/el/about/services.md +++ b/i18n/el/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/about/statistics.md b/i18n/el/about/statistics.md index e00eda7c..8f17240c 100644 --- a/i18n/el/about/statistics.md +++ b/i18n/el/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/advanced/communication-network-types.md b/i18n/el/advanced/communication-network-types.md index 9e6d87cc..1f07a2c4 100644 --- a/i18n/el/advanced/communication-network-types.md +++ b/i18n/el/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/advanced/dns-overview.md b/i18n/el/advanced/dns-overview.md index a76c682f..b47af280 100644 --- a/i18n/el/advanced/dns-overview.md +++ b/i18n/el/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/advanced/payments.md b/i18n/el/advanced/payments.md new file mode 100644 index 00000000..7e046ecd --- /dev/null +++ b/i18n/el/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/el/advanced/tor-overview.md b/i18n/el/advanced/tor-overview.md index 1a7f7c41..dd9d2a95 100644 --- a/i18n/el/advanced/tor-overview.md +++ b/i18n/el/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.el.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/el/android.md b/i18n/el/android.md index 24c1c3d8..3da86daa 100644 --- a/i18n/el/android.md +++ b/i18n/el/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/basics/account-creation.md b/i18n/el/basics/account-creation.md index cd9942b2..afa5d429 100644 --- a/i18n/el/basics/account-creation.md +++ b/i18n/el/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/basics/account-deletion.md b/i18n/el/basics/account-deletion.md index f0a0f099..2498d604 100644 --- a/i18n/el/basics/account-deletion.md +++ b/i18n/el/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/basics/common-misconceptions.md b/i18n/el/basics/common-misconceptions.md index 8bdda952..41997417 100644 --- a/i18n/el/basics/common-misconceptions.md +++ b/i18n/el/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.el.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/el/basics/common-threats.md b/i18n/el/basics/common-threats.md index 93c32a77..e278c0cb 100644 --- a/i18n/el/basics/common-threats.md +++ b/i18n/el/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.el.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/el/basics/email-security.md b/i18n/el/basics/email-security.md index 76839778..f0c2fb57 100644 --- a/i18n/el/basics/email-security.md +++ b/i18n/el/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/basics/multi-factor-authentication.md b/i18n/el/basics/multi-factor-authentication.md index 851c8791..ae57848d 100644 --- a/i18n/el/basics/multi-factor-authentication.md +++ b/i18n/el/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/basics/passwords-overview.md b/i18n/el/basics/passwords-overview.md index f60aaf5a..6858d8b5 100644 --- a/i18n/el/basics/passwords-overview.md +++ b/i18n/el/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/basics/threat-modeling.md b/i18n/el/basics/threat-modeling.md index 3be5e402..fc1b3b41 100644 --- a/i18n/el/basics/threat-modeling.md +++ b/i18n/el/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/basics/vpn-overview.md b/i18n/el/basics/vpn-overview.md index 7ac0e668..a1a007f5 100644 --- a/i18n/el/basics/vpn-overview.md +++ b/i18n/el/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/calendar.md b/i18n/el/calendar.md index 8f1795ca..bbcb033a 100644 --- a/i18n/el/calendar.md +++ b/i18n/el/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/cloud.md b/i18n/el/cloud.md index 7c4c524a..2bcc2596 100644 --- a/i18n/el/cloud.md +++ b/i18n/el/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/cryptocurrency.md b/i18n/el/cryptocurrency.md new file mode 100644 index 00000000..ba06ba1e --- /dev/null +++ b/i18n/el/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/el/data-redaction.md b/i18n/el/data-redaction.md index ebb66770..961594a8 100644 --- a/i18n/el/data-redaction.md +++ b/i18n/el/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/desktop-browsers.md b/i18n/el/desktop-browsers.md index a29e6ffa..1c21c296 100644 --- a/i18n/el/desktop-browsers.md +++ b/i18n/el/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.el.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/el/desktop.md b/i18n/el/desktop.md index 492ef3a1..2db4d119 100644 --- a/i18n/el/desktop.md +++ b/i18n/el/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/dns.md b/i18n/el/dns.md index abb7c79a..a8cc21da 100644 --- a/i18n/el/dns.md +++ b/i18n/el/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.el.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/el/email-clients.md b/i18n/el/email-clients.md index 676e252b..eec0e292 100644 --- a/i18n/el/email-clients.md +++ b/i18n/el/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/email.md b/i18n/el/email.md index d039b722..7ab4c31d 100644 --- a/i18n/el/email.md +++ b/i18n/el/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/encryption.md b/i18n/el/encryption.md index f680e0ad..ded8533b 100644 --- a/i18n/el/encryption.md +++ b/i18n/el/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/file-sharing.md b/i18n/el/file-sharing.md index f499954b..3e79d791 100644 --- a/i18n/el/file-sharing.md +++ b/i18n/el/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/financial-services.md b/i18n/el/financial-services.md new file mode 100644 index 00000000..480c924c --- /dev/null +++ b/i18n/el/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/el/frontends.md b/i18n/el/frontends.md index c1c22761..7f245f41 100644 --- a/i18n/el/frontends.md +++ b/i18n/el/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/index.md b/i18n/el/index.md index 476ba4a0..a07da0cf 100644 --- a/i18n/el/index.md +++ b/i18n/el/index.md @@ -40,5 +40,3 @@ hide: [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/kb-archive.md b/i18n/el/kb-archive.md index b5680249..92daee33 100644 --- a/i18n/el/kb-archive.md +++ b/i18n/el/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/meta/brand.md b/i18n/el/meta/brand.md index 69575141..53cb9ac4 100644 --- a/i18n/el/meta/brand.md +++ b/i18n/el/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/meta/git-recommendations.md b/i18n/el/meta/git-recommendations.md index e9b9a719..f59b5f81 100644 --- a/i18n/el/meta/git-recommendations.md +++ b/i18n/el/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/meta/uploading-images.md b/i18n/el/meta/uploading-images.md index 69102f6d..55f136f8 100644 --- a/i18n/el/meta/uploading-images.md +++ b/i18n/el/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/meta/writing-style.md b/i18n/el/meta/writing-style.md index 9a1019ea..b9e47a71 100644 --- a/i18n/el/meta/writing-style.md +++ b/i18n/el/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/mobile-browsers.md b/i18n/el/mobile-browsers.md index d13bfb6a..d7adee8f 100644 --- a/i18n/el/mobile-browsers.md +++ b/i18n/el/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/multi-factor-authentication.md b/i18n/el/multi-factor-authentication.md index 045a019b..41030fe3 100644 --- a/i18n/el/multi-factor-authentication.md +++ b/i18n/el/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/news-aggregators.md b/i18n/el/news-aggregators.md index e6ca3a16..2dad5ac0 100644 --- a/i18n/el/news-aggregators.md +++ b/i18n/el/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/notebooks.md b/i18n/el/notebooks.md index 70b84743..0739f668 100644 --- a/i18n/el/notebooks.md +++ b/i18n/el/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/os/android-overview.md b/i18n/el/os/android-overview.md index 30ae41da..a78631a2 100644 --- a/i18n/el/os/android-overview.md +++ b/i18n/el/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/os/linux-overview.md b/i18n/el/os/linux-overview.md index 1c2376e6..8ec2c9e7 100644 --- a/i18n/el/os/linux-overview.md +++ b/i18n/el/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/os/qubes-overview.md b/i18n/el/os/qubes-overview.md index 590c2639..17b286b9 100644 --- a/i18n/el/os/qubes-overview.md +++ b/i18n/el/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/passwords.md b/i18n/el/passwords.md index ee998008..e81f1186 100644 --- a/i18n/el/passwords.md +++ b/i18n/el/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/productivity.md b/i18n/el/productivity.md index c53e341c..4490325d 100644 --- a/i18n/el/productivity.md +++ b/i18n/el/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/real-time-communication.md b/i18n/el/real-time-communication.md index 424b6c62..68f9d767 100644 --- a/i18n/el/real-time-communication.md +++ b/i18n/el/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/router.md b/i18n/el/router.md index 19734e7b..2d6ecba5 100644 --- a/i18n/el/router.md +++ b/i18n/el/router.md @@ -1,6 +1,7 @@ --- title: "Υλικολογισμικό Δρομολογητή" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Παρακάτω είναι μερικά εναλλακτικά λειτουργικά συστήματα τα οποία μπορούν να χρησιμοποιηθούν σε δρομολογητές, σημεία πρόσβασης Wi-Fi, κλπ. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/search-engines.md b/i18n/el/search-engines.md index 5f03536a..911525d7 100644 --- a/i18n/el/search-engines.md +++ b/i18n/el/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/tools.md b/i18n/el/tools.md index 3816fef5..6693ced3 100644 --- a/i18n/el/tools.md +++ b/i18n/el/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/tor.md b/i18n/el/tor.md index 8129b319..ce93c961 100644 --- a/i18n/el/tor.md +++ b/i18n/el/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/video-streaming.md b/i18n/el/video-streaming.md index 3d579fc2..8f8ebd0b 100644 --- a/i18n/el/video-streaming.md +++ b/i18n/el/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/el/vpn.md b/i18n/el/vpn.md index 625d3623..d1ea79e9 100644 --- a/i18n/el/vpn.md +++ b/i18n/el/vpn.md @@ -1,11 +1,20 @@ --- -title: "Υπηρεσίες VPN" +title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Βρείτε έναν πάροχο VPN χωρίς καταγραφή που δεν έχει σκοπό να πουλήσει ή να διαβάσει την κυκλοφορία σας στο διαδίκτυο. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? κίνδυνος "Τα VPN δεν παρέχουν ανωνυμία" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! κίνδυνος "Τα VPN δεν παρέχουν ανωνυμία" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ icon: material/vpn [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ icon: material/vpn - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ icon: material/vpn - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.el.txt" diff --git a/i18n/eo/404.md b/i18n/eo/404.md index 846e41b2..25c1c780 100644 --- a/i18n/eo/404.md +++ b/i18n/eo/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Not Found @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/criteria.md b/i18n/eo/about/criteria.md index edd3f3d9..3084230b 100644 --- a/i18n/eo/about/criteria.md +++ b/i18n/eo/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/donate.md b/i18n/eo/about/donate.md index 2f51128c..8accd67a 100644 --- a/i18n/eo/about/donate.md +++ b/i18n/eo/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/index.md b/i18n/eo/about/index.md index f8c7ce84..619406fe 100644 --- a/i18n/eo/about/index.md +++ b/i18n/eo/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/notices.md b/i18n/eo/about/notices.md index 7f22b4b2..bb32edd5 100644 --- a/i18n/eo/about/notices.md +++ b/i18n/eo/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/privacy-policy.md b/i18n/eo/about/privacy-policy.md index 8c2e3dc7..26c668d1 100644 --- a/i18n/eo/about/privacy-policy.md +++ b/i18n/eo/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/privacytools.md b/i18n/eo/about/privacytools.md index 7f1de598..515c21f5 100644 --- a/i18n/eo/about/privacytools.md +++ b/i18n/eo/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/services.md b/i18n/eo/about/services.md index aa4c6f2e..71f2c95b 100644 --- a/i18n/eo/about/services.md +++ b/i18n/eo/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/about/statistics.md b/i18n/eo/about/statistics.md index 2636d7b9..8f17240c 100644 --- a/i18n/eo/about/statistics.md +++ b/i18n/eo/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/advanced/communication-network-types.md b/i18n/eo/advanced/communication-network-types.md index f46da32d..1f07a2c4 100644 --- a/i18n/eo/advanced/communication-network-types.md +++ b/i18n/eo/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/advanced/dns-overview.md b/i18n/eo/advanced/dns-overview.md index ab70aabd..b47af280 100644 --- a/i18n/eo/advanced/dns-overview.md +++ b/i18n/eo/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/advanced/payments.md b/i18n/eo/advanced/payments.md new file mode 100644 index 00000000..7e046ecd --- /dev/null +++ b/i18n/eo/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/eo/advanced/tor-overview.md b/i18n/eo/advanced/tor-overview.md index c78d220b..dd9d2a95 100644 --- a/i18n/eo/advanced/tor-overview.md +++ b/i18n/eo/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.eo.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/eo/android.md b/i18n/eo/android.md index 11fc0ea1..3da86daa 100644 --- a/i18n/eo/android.md +++ b/i18n/eo/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/basics/account-creation.md b/i18n/eo/basics/account-creation.md index 3c8b01ee..afa5d429 100644 --- a/i18n/eo/basics/account-creation.md +++ b/i18n/eo/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/basics/account-deletion.md b/i18n/eo/basics/account-deletion.md index bd6c07fb..2498d604 100644 --- a/i18n/eo/basics/account-deletion.md +++ b/i18n/eo/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/basics/common-misconceptions.md b/i18n/eo/basics/common-misconceptions.md index db6ea35d..41997417 100644 --- a/i18n/eo/basics/common-misconceptions.md +++ b/i18n/eo/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.eo.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/eo/basics/common-threats.md b/i18n/eo/basics/common-threats.md index b325bdcb..e278c0cb 100644 --- a/i18n/eo/basics/common-threats.md +++ b/i18n/eo/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.eo.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/eo/basics/email-security.md b/i18n/eo/basics/email-security.md index c9391a1a..f0c2fb57 100644 --- a/i18n/eo/basics/email-security.md +++ b/i18n/eo/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/basics/multi-factor-authentication.md b/i18n/eo/basics/multi-factor-authentication.md index 11db5159..ae57848d 100644 --- a/i18n/eo/basics/multi-factor-authentication.md +++ b/i18n/eo/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/basics/passwords-overview.md b/i18n/eo/basics/passwords-overview.md index f464ddac..6858d8b5 100644 --- a/i18n/eo/basics/passwords-overview.md +++ b/i18n/eo/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/basics/threat-modeling.md b/i18n/eo/basics/threat-modeling.md index 4cee1776..fc1b3b41 100644 --- a/i18n/eo/basics/threat-modeling.md +++ b/i18n/eo/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/basics/vpn-overview.md b/i18n/eo/basics/vpn-overview.md index a0727def..a1a007f5 100644 --- a/i18n/eo/basics/vpn-overview.md +++ b/i18n/eo/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/calendar.md b/i18n/eo/calendar.md index 451b4ca5..bbcb033a 100644 --- a/i18n/eo/calendar.md +++ b/i18n/eo/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/cloud.md b/i18n/eo/cloud.md index 53133b8b..2bcc2596 100644 --- a/i18n/eo/cloud.md +++ b/i18n/eo/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/cryptocurrency.md b/i18n/eo/cryptocurrency.md new file mode 100644 index 00000000..ba06ba1e --- /dev/null +++ b/i18n/eo/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/eo/data-redaction.md b/i18n/eo/data-redaction.md index 16afe85d..961594a8 100644 --- a/i18n/eo/data-redaction.md +++ b/i18n/eo/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/desktop-browsers.md b/i18n/eo/desktop-browsers.md index 210429ed..1c21c296 100644 --- a/i18n/eo/desktop-browsers.md +++ b/i18n/eo/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.eo.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/eo/desktop.md b/i18n/eo/desktop.md index d938506d..2db4d119 100644 --- a/i18n/eo/desktop.md +++ b/i18n/eo/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/dns.md b/i18n/eo/dns.md index fdc95002..a8cc21da 100644 --- a/i18n/eo/dns.md +++ b/i18n/eo/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.eo.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/eo/email-clients.md b/i18n/eo/email-clients.md index 9239238d..eec0e292 100644 --- a/i18n/eo/email-clients.md +++ b/i18n/eo/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/email.md b/i18n/eo/email.md index 3a6847ca..7ab4c31d 100644 --- a/i18n/eo/email.md +++ b/i18n/eo/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/encryption.md b/i18n/eo/encryption.md index 3268a8a5..ded8533b 100644 --- a/i18n/eo/encryption.md +++ b/i18n/eo/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/file-sharing.md b/i18n/eo/file-sharing.md index 7039a986..3e79d791 100644 --- a/i18n/eo/file-sharing.md +++ b/i18n/eo/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/financial-services.md b/i18n/eo/financial-services.md new file mode 100644 index 00000000..480c924c --- /dev/null +++ b/i18n/eo/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/eo/frontends.md b/i18n/eo/frontends.md index 12162dc9..7f245f41 100644 --- a/i18n/eo/frontends.md +++ b/i18n/eo/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/index.md b/i18n/eo/index.md index 4cb10510..b24c23bd 100644 --- a/i18n/eo/index.md +++ b/i18n/eo/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/kb-archive.md b/i18n/eo/kb-archive.md index 514697e3..92daee33 100644 --- a/i18n/eo/kb-archive.md +++ b/i18n/eo/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/meta/brand.md b/i18n/eo/meta/brand.md index bb778841..53cb9ac4 100644 --- a/i18n/eo/meta/brand.md +++ b/i18n/eo/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/meta/git-recommendations.md b/i18n/eo/meta/git-recommendations.md index 6159e50d..f59b5f81 100644 --- a/i18n/eo/meta/git-recommendations.md +++ b/i18n/eo/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/meta/uploading-images.md b/i18n/eo/meta/uploading-images.md index 20b8a71f..55f136f8 100644 --- a/i18n/eo/meta/uploading-images.md +++ b/i18n/eo/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/meta/writing-style.md b/i18n/eo/meta/writing-style.md index 43c8df7f..b9e47a71 100644 --- a/i18n/eo/meta/writing-style.md +++ b/i18n/eo/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/mobile-browsers.md b/i18n/eo/mobile-browsers.md index c427f011..d7adee8f 100644 --- a/i18n/eo/mobile-browsers.md +++ b/i18n/eo/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/multi-factor-authentication.md b/i18n/eo/multi-factor-authentication.md index f30f3a36..41030fe3 100644 --- a/i18n/eo/multi-factor-authentication.md +++ b/i18n/eo/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/news-aggregators.md b/i18n/eo/news-aggregators.md index 4c609d2e..2dad5ac0 100644 --- a/i18n/eo/news-aggregators.md +++ b/i18n/eo/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/notebooks.md b/i18n/eo/notebooks.md index c17eb168..0739f668 100644 --- a/i18n/eo/notebooks.md +++ b/i18n/eo/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/os/android-overview.md b/i18n/eo/os/android-overview.md index a7eb6b06..a78631a2 100644 --- a/i18n/eo/os/android-overview.md +++ b/i18n/eo/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/os/linux-overview.md b/i18n/eo/os/linux-overview.md index 0ba653e0..8ec2c9e7 100644 --- a/i18n/eo/os/linux-overview.md +++ b/i18n/eo/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/os/qubes-overview.md b/i18n/eo/os/qubes-overview.md index e706713d..17b286b9 100644 --- a/i18n/eo/os/qubes-overview.md +++ b/i18n/eo/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/passwords.md b/i18n/eo/passwords.md index 9b09e848..e81f1186 100644 --- a/i18n/eo/passwords.md +++ b/i18n/eo/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/productivity.md b/i18n/eo/productivity.md index cb5d4e32..4490325d 100644 --- a/i18n/eo/productivity.md +++ b/i18n/eo/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/real-time-communication.md b/i18n/eo/real-time-communication.md index f2bcd2fc..68f9d767 100644 --- a/i18n/eo/real-time-communication.md +++ b/i18n/eo/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/router.md b/i18n/eo/router.md index 60026939..a494c017 100644 --- a/i18n/eo/router.md +++ b/i18n/eo/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/search-engines.md b/i18n/eo/search-engines.md index 8a0ed19a..911525d7 100644 --- a/i18n/eo/search-engines.md +++ b/i18n/eo/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/tools.md b/i18n/eo/tools.md index d523143c..ef945a94 100644 --- a/i18n/eo/tools.md +++ b/i18n/eo/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/tor.md b/i18n/eo/tor.md index d7df32e9..ce93c961 100644 --- a/i18n/eo/tor.md +++ b/i18n/eo/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/video-streaming.md b/i18n/eo/video-streaming.md index b2bcf05b..8f8ebd0b 100644 --- a/i18n/eo/video-streaming.md +++ b/i18n/eo/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/eo/vpn.md b/i18n/eo/vpn.md index 598bef03..6bba2546 100644 --- a/i18n/eo/vpn.md +++ b/i18n/eo/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPNs do not provide anonymity" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.eo.txt" diff --git a/i18n/es/404.md b/i18n/es/404.md index 673e55b0..66506efc 100644 --- a/i18n/es/404.md +++ b/i18n/es/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - No encontrado @@ -13,5 +17,3 @@ hide: - [Mejores proveedores de VPN](vpn.md) - [Foro de Privacy Guides](https://discuss.privacyguides.net) - [Nuestro blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/about/criteria.md b/i18n/es/about/criteria.md index c5acf096..e41e8fa8 100644 --- a/i18n/es/about/criteria.md +++ b/i18n/es/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/about/donate.md b/i18n/es/about/donate.md index d56cd8f6..d94cbcf7 100644 --- a/i18n/es/about/donate.md +++ b/i18n/es/about/donate.md @@ -48,5 +48,3 @@ Alojamos [servicios de internet](https://privacyguides.net) para probar y mostra Ocasionalmente compramos productos y servicios con el fin de probar nuestras [herramientas recomendadas](../tools.md). Seguimos trabajando con nuestro anfitrión fiscal (la Open Collective Foundation) para recibir donaciones de criptomonedas, por el momento la contabilidad es inviable para muchas transacciones más pequeñas, pero esto debería cambiar en el futuro. Mientras tanto, si desea hacer una donación considerable (> 100 dólares) en criptomoneda, por favor, póngase en contacto con [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/about/index.md b/i18n/es/about/index.md index 322ca826..2c3ba9d4 100644 --- a/i18n/es/about/index.md +++ b/i18n/es/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. Usted **no puede** utilizar la marca de Privacy Guides en su propio proyecto sin la aprobación expresa de este proyecto. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/about/notices.md b/i18n/es/about/notices.md index 3c02db33..32471c94 100644 --- a/i18n/es/about/notices.md +++ b/i18n/es/about/notices.md @@ -41,5 +41,3 @@ No debe llevar a cabo ninguna actividad de recopilación de datos sistemática o * Scraping * Minería de Datos * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/about/privacy-policy.md b/i18n/es/about/privacy-policy.md index fb78970a..d7e26c9d 100644 --- a/i18n/es/about/privacy-policy.md +++ b/i18n/es/about/privacy-policy.md @@ -58,6 +58,4 @@ Puede presentar reclamaciones acerca del RGPD ante sus autoridades locales de su Publicaremos cualquier versión nueva de esta declaración [aquí](privacy-policy.md). Es posible que cambiemos la forma de anunciar los cambios en futuras versiones de este documento. Mientras tanto, podemos actualizar nuestra información de contacto en cualquier momento sin anunciar ningún cambio. Consulte la [Política de privacidad](privacy-policy.md) para obtener la última información de contacto. -A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.es.txt" +En GitHub puede consultarse el [historial](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) completo de revisiones de esta página. diff --git a/i18n/es/about/privacytools.md b/i18n/es/about/privacytools.md index e5e84ecb..6bf4a801 100644 --- a/i18n/es/about/privacytools.md +++ b/i18n/es/about/privacytools.md @@ -103,7 +103,7 @@ Por lo tanto, los fondos de OpenCollective pertenecen a Privacy Guides, fueron e > Si algún patrocinador no está de acuerdo o se siente engañado por estos recientes acontecimientos y quiere solicitar un reembolso dadas estas circunstancias tan inusuales, por favor póngase en contacto con nuestro administrador del proyecto enviando un correo electrónico a jonah@triplebit.net. -## Further Reading +## Lecturas Adicionales Este tema se ha debatido ampliamente en nuestras comunidades en varios lugares, y parece probable que la mayoría de las personas que lean esta página ya estén familiarizadas con los acontecimientos que condujeron al cambio a Privacy Guides. Algunas de nuestras publicaciones anteriores sobre el tema pueden tener detalles adicionales que omitimos aquí por razones de brevedad. Se han enlazado a continuación para completarlo. @@ -116,5 +116,3 @@ Este tema se ha debatido ampliamente en nuestras comunidades en varios lugares, - [2 de abril de 2022: respuesta de u/dng99 a la publicación acusatoria en el blog de PrivacyTools](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [16 de mayo de 2022: respuesta de @TommyTran732 en Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [3 de septiembre de 2022: post en el foro de Techlore por @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/about/services.md b/i18n/es/about/services.md index bf426bf8..2adba1f1 100644 --- a/i18n/es/about/services.md +++ b/i18n/es/about/services.md @@ -36,5 +36,3 @@ Ejecutamos una serie de servicios web para probar las características y promove - Disponibilidad: Semipública Alojamos Indivious principalmente para servir videos de YouTube incrustados en nuestra página. Esta instancia no está destinada al público general y puede ser limitada en cualquier momento. - Código fuente: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/about/statistics.md b/i18n/es/about/statistics.md index d528e333..9d1d1765 100644 --- a/i18n/es/about/statistics.md +++ b/i18n/es/about/statistics.md @@ -59,5 +59,3 @@ title: Estadísticas de tráfico }) }) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/advanced/communication-network-types.md b/i18n/es/advanced/communication-network-types.md index f5cb21a0..05ff28ef 100644 --- a/i18n/es/advanced/communication-network-types.md +++ b/i18n/es/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Tipos de redes de comunicación" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- Existen varias arquitecturas de red utilizadas habitualmente para transmitir mensajes entre personas. Estas redes pueden ofrecer diferentes garantías de privacidad, por lo que conviene tener en cuenta tu [modelo de amenaza](../basics/threat-modeling.md) a la hora de decidir qué aplicación utilizar. @@ -100,5 +101,3 @@ El autoalojamiento de un nodo en una red de enrutamiento anónimo no proporciona - Menos fiable si los nodos se seleccionan mediante enrutamiento aleatorio, algunos nodos pueden estar muy lejos del emisor y del receptor, añadiendo latencia o incluso dejando de transmitir mensajes si uno de los nodos se desconecta. - Más complejo para empezar, ya que se requiere la creación y el respaldo seguro de una clave privada criptográfica. - Al igual que en otras plataformas descentralizadas, añadir funciones es más complejo para los desarrolladores que en una plataforma centralizada. Por lo tanto, pueden faltar funciones o estar implementadas de forma incompleta, como la retransmisión de mensajes fuera de línea o la eliminación de mensajes. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/advanced/dns-overview.md b/i18n/es/advanced/dns-overview.md index 35097c1f..7d3ed729 100644 --- a/i18n/es/advanced/dns-overview.md +++ b/i18n/es/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "Resumen DNS" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- El [Sistema de Nombres de Dominio](https://es.wikipedia.org/wiki/Sistema_de_nombres_de_dominio) es el 'directorio telefónico del Internet'. El DNS traduce los nombres de dominio a direcciones IP para que los navegadores y otros servicios puedan cargar los recursos de Internet, a través de una red descentralizada de servidores. @@ -303,5 +304,3 @@ La [Subred de Cliente EDNS](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) es Su objetivo es "acelerar" la entrega de datos dando al cliente una respuesta que pertenece a un servidor que está cerca de él, como una [red de distribución de contenidos](https://es.wikipedia.org/wiki/Red_de_distribuci%C3%B3n_de_contenidos), que se utilizan a menudo en la transmisión de vídeo y el servicio de aplicaciones web de JavaScript. Esta característica tiene un coste de privacidad, ya que indica al servidor DNS cierta información sobre la ubicación del cliente. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/advanced/payments.md b/i18n/es/advanced/payments.md new file mode 100644 index 00000000..6751ae46 --- /dev/null +++ b/i18n/es/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! peligro + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/es/advanced/tor-overview.md b/i18n/es/advanced/tor-overview.md index f5469218..df66019b 100644 --- a/i18n/es/advanced/tor-overview.md +++ b/i18n/es/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Resumen de Tor" icon: 'simple/torproject' +description: Tor es una red descentralizada y gratuita diseñada para utilizar Internet con la mayor privacidad posible. --- Tor es una red descentralizada y gratuita diseñada para utilizar Internet con la mayor privacidad posible. Si se utiliza correctamente, la red permite la navegación y las comunicaciones privadas y anónimas. @@ -74,8 +75,6 @@ Si deseas utilizar Tor para navegar por la web, sólo recomendamos el navegador - [¿Cómo funciona Tor? - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Servicios Onion de Tor - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.es.txt" - [^1]: El primer repetidor en tu circuito se llama "guardia de entrada" o "guardia". Es un repetidor rápido y estable que se mantiene como el primero en tu circuito durante 2-3 meses para protegerse de un ataque conocido de ruptura del anonimato. El resto de tu circuito cambia con cada nuevo sitio web que visitas, y todos juntos estos repetidores proporcionan las protecciones de privacidad completas de Tor. Para obtener más información sobre el funcionamiento de los repetidores de protección, consulta esta [entrada del blog](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) y el [documento](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) sobre los guardias de entrada. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Bandera de repetidor: una (des)calificación de los repetidores para las posiciones de los circuitos (por ejemplo, "Guardia", "Salida", "MalaSalida"), las propiedades de los circuitos (por ejemplo, "Rápido", "Estable"), o los roles (por ejemplo, "Autoridad", "HSDir"), tal y como los asignan las autoridades de los directorios y se definen con más detalle en la especificación del protocolo del directorio. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/es/android.md b/i18n/es/android.md index 85d51ee5..74816f4d 100644 --- a/i18n/es/android.md +++ b/i18n/es/android.md @@ -1,20 +1,22 @@ --- title: "Android" icon: 'fontawesome/brands/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } El **proyecto de código abierto de Android** es un sistema operativo móvil de código abierto liderado por Google, que está detrás de la mayor parte de los dispositivos móviles del mundo. La mayor parte de los teléfono vendidos con Android son modificados para incluir integraciones y aplicaciones invasivas como los servicios de Google Play, así que puedes mejorar la privacidad de tu dispositivo móvil de manera significativa al reemplazar la instalación predeterminada de tu teléfono con una versión de Android sin esas características invasivas. -[:octicons-home-16:](https://source.android.com/){ .card-link title=Homepage } -[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation} -[:octicons-code-16:](https://cs.android.com/android/platform/superproject/){ .card-link title="Source Code" } +[:octicons-home-16:](https://source.android.com/){ .card-link title=Inicio } +[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentación} +[:octicons-code-16:](https://cs.android.com/android/platform/superproject/){ .card-link title="Código fuente" } En particular, GrapheneOS admite [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play). Los Servicios de Google Play se pueden ejecutar completamente de manera aislada como una aplicación de usuario normal y se pueden incluir en un [perfil de trabajo o un perfil de usuario](#android-security-privacy) de su elección. -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Por qué recomendamos GrapheneOS sobre CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## Derivados de AOSP @@ -33,15 +35,15 @@ We recommend installing one of these custom Android operating systems on your de Los dispositivos de "soporte extendido" de GrapheneOS no tienen correcciones de seguridad completos (actualizaciones de firmware) debido a que el fabricante de equipos originales (OEM) suspende el soporte. - Estos dispositivos no pueden considerarse completamente seguros. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported. + Estos dispositivos no pueden considerarse completamente seguros. Dispone de un [asignador de memoria reforzado](https://github.com/GrapheneOS/hardened_malloc), permisos de red y de sensores, y otras [características de seguridad](https://grapheneos.org/features). GrapheneOS también incluye actualizaciones completas de firmware y compilaciones firmadas, por lo que el arranque verificado es totalmente compatible. - [:octicons-home-16: Homepage](https://grapheneos.org/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} - [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } - [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } + [:octicons-home-16: Inicio](https://grapheneos.org/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Política de privacidad" } + [:octicons-info-16:](https://grapheneos.org/faq/){ .card-link title=Documentación} + [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://grapheneos.org/donate/){ .card-link title=Contribuir } -Para complacer a los usuarios que necesitan Google Play Services, CalyxOS incluye de manera opcional [MicroG](https://microg.org/). Con MicroG, CalyxOS también se incluye en los servicios de localización de [Mozilla](https://location.services.mozilla.com/) y [DejaVu](https://github.com/n76/DejaVu). +GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). @@ -54,26 +56,26 @@ Google Pixel phones are the only devices that currently meet GrapheneOS's [hardw **CalyxOS** es una alternativa aceptable a GrapheneOS. Tiene algunas funciones de privacidad además de AOSP, que incluyen [Datura firewall](https://calyxos.org/docs/tech/datura-details), [Signal](https://signal.org) integración en la aplicación de marcación y un botón de pánico incorporado. CalyxOS también viene con actualizaciones de firmware y compilaciones firmadas, así que [el arranque verificado](https://source.android.com/security/verifiedboot) es completamente compatible. - [:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary } - [:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" } - [:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Contribute } + [:octicons-home-16: Inicio](https://divestos.org){ .md-button .md-button--primary } + [:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Servicio Onion" } + [:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Contribuir } -DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. recommendation DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. +DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. -DivestOS ha automatizado el [parchamiento vulnerabilidad del kernel](https://gitlab.com/divested-mobile/cve_checker) ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)), menos blobs propietarios, un archivo personalizado de [hosts](https://divested.dev/index.php?page=dnsbl), y [F-Droid](https://www.f-droid.org) como tienda de aplicaciones. Incluye [UnifiedNlp](https://github.com/microg/UnifiedNlp) para la localización de la red. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). +DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). -DivestOS también incluye parches de GrapheneOS para el kernel y habilita todas las características de seguridad del kernel disponibles a través de [endurecimiento defconfig](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). Todos los kernels más recientes que la versión 3.4 incluyen [saneamiento](https://lwn.net/Articles/334747/) página completa y todos los ~22 kernels compilados por Clang tienen [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) habilitado. However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. +DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. !!! warning - DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative. + La actualización del firmware de DivestOS [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) y el control de calidad varían según los dispositivos que soporta. Seguimos recomendando GrapheneOS en función de la compatibilidad de tu dispositivo. Para otros dispositivos, DivestOS es una buena alternativa. - Not all of the supported devices have verified boot, and some perform it better than others. + No todos los dispositivos compatibles tienen arranque verificado y algunos lo realizan mejor que otros. -## Android Devices +## Dispositivos Android When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. @@ -114,7 +116,7 @@ A few more tips for purchasing a Google Pixel: - Look at online community bargain sites in your country. These can alert you to good sales. - Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day. -## General Apps +## Aplicaciones generales We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality. @@ -122,40 +124,40 @@ We recommend a wide variety of Android apps throughout this site. The apps liste !!! recomendación - ![Shelter logo](assets/img/android/shelter.svg){ align=right } + ![Logotipo de Shelter](assets/img/android/shelter.svg){ align=right } - **Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device. + **Shelter** es una aplicación que te ayuda a aprovechar la funcionalidad perfil de trabajo de Android para aislar o duplicar aplicaciones en tu dispositivo. - Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)). + Shelter permite bloquear la búsqueda de contactos entre perfiles y compartir archivos entre perfiles a través del gestor de archivos predeterminado ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)). - [:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary } - [:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" } - [:octicons-heart-16:](https://www.patreon.com/PeterCxy){ .card-link title=Contribute } + [:octicons-repo-16: Repositorio](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary } + [:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://www.patreon.com/PeterCxy){ .card-link title=Contribuir } - ??? downloads + ??? descargas - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.typeblog.shelter) !!! warning - Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular/) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html). + Se recomienda Shelter en lugar de [Insular](https://secure-system.gitlab.io/Insular/) e [Island](https://github.com/oasisfeng/island), ya que admite [bloqueo de búsqueda de contactos](https://secure-system.gitlab.io/Insular/faq.html). - When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile. + Al usar Shelter, está depositando toda su confianza en su desarrollador, ya que Shelter actúa como [Administrador de dispositivos](https://developer.android.com/guide/topics/admin/device-admin) para crear el perfil de trabajo, y tiene un amplio acceso a los datos almacenados en él. ### Perfil de trabajo !!! recomendación - ![Auditor logo](assets/img/android/auditor.svg#only-light){ align=right } - ![Auditor logo](assets/img/android/auditor-dark.svg#only-dark){ align=right } + ![Logo Auditor](assets/img/android/auditor.svg#only-light){ align=right } + ![Logo Auditor ](assets/img/android/auditor-dark.svg#only-dark){ align=right } - **Auditor** is an app which leverages hardware security features to provide device integrity monitoring for [supported devices](https://attestation.app/about#device-support). Currently, it only works with GrapheneOS and the device's stock operating system. + **Auditor** es una aplicación que aprovecha las funciones de seguridad del hardware para supervisar la integridad de los dispositivos [compatibles](https://attestation.app/about#device-support). Actualmente, sólo funciona con GrapheneOS y con el sistema operativo original del dispositivo. - [:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary } - [:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentation} - [:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" } - [:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute } + [:octicons-home-16: Inicio](https://attestation.app){ .md-button .md-button--primary } + [:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentación} + [:octicons-code-16:](https://attestation.app/source){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribuir } ??? downloads @@ -179,17 +181,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co !!! recomendación - ![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right } - ![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right } + ![Logo de Secure Camera](assets/img/android/secure_camera.svg#only-light){ align=right } + ![Logo de Secure camera](assets/img/android/secure_camera-dark.svg#only-dark){ align=right } - **Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices. + **Secure Camera** es una aplicación de cámara centrada en la privacidad y la seguridad que puede capturar imágenes, vídeos y códigos QR. Las extensiones de proveedor de CameraX (Retrato, HDR, Visión nocturna, Retoque facial y Auto) también son compatibles con los dispositivos disponibles. - [:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary } - [:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" } - [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } + [:octicons-repo-16: Repositorio](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary } + [:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuir } - ??? downloads + ??? descargas - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play) - [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases) @@ -203,34 +205,34 @@ Main privacy features include: !!! note - Metadata is not currently deleted from video files but that is planned. + Actualmente no se eliminan los metadatos de los archivos de vídeo, pero está previsto hacerlo. - The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser). + Los metadatos de orientación de la imagen no se borran. Si habilitas la ubicación (en la cámara segura), * * tampoco se eliminará * *. Si quieres borrarlo más tarde tendrás que utilizar una aplicación externa como [ExifEraser](data-redaction.md#exiferaser). -### Secure PDF Viewer +### Visor seguro de PDF !!! recomendación ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right } ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right } - **Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files. + **Secure PDF Viewer** es un visor de PDF basado en [pdf.js](https://en.wikipedia.org/wiki/PDF.js) que no requiere permisos. El PDF se introduce en un [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(desarrollo_software)) [webview](https://developer.android.com/guide/webapps/webview). Esto significa que no necesita permiso para acceder directamente a contenidos o archivos. - [Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content. + [Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) se utiliza para garantizar que las propiedades de JavaScript y de estilo dentro de WebView sean enteramente de contenido estático. - [:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary } - [:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" } - [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } + [:octicons-repo-16: Repositorio](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary } + [:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuir } - ??? downloads + ??? descargas - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play) - [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases) - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases) -## Obtaining Applications +## Obteniendo Aplicaciones -### Interruptores globales +### Tienda de aplicaciones GrapheneOS GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to. @@ -240,14 +242,14 @@ The Google Play Store requires a Google account to login which is not great for !!! recomendación - ![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right } + ![Logo Aurora Store](assets/img/android/aurora-store. ebp){ align=right } - **Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps. + **Aurora Store** es un cliente de Google Play Store que no requiere de una cuenta de Google, Servicios Google Play, o microG para descargar aplicaciones. - [:octicons-home-16: Homepage](https://auroraoss.com/){ .md-button .md-button--primary } - [:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" } + [:octicons-home-16: Página del proyecto](https://auroraoss.com/){ .md-button .md-button--primary } + [:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Código fuente" } - ??? downloads + ??? Descarga - [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases) @@ -271,15 +273,15 @@ On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate `https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom` -#### Verifying APK Fingerprints +#### Comprobando Firmas de las APK If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools). -1. Install [Java JDK](https://www.oracle.com/java/technologies/downloads/). +1. Instala [Java JDK](https://www.oracle.com/java/technologies/downloads/). -2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools). +2. Descarga las [herramientas de línea de comandos de Android Studio](https://developer.android.com/studio#command-tools). -3. Extract the downloaded archive: +3. Extrae el archivo descargado: ```bash unzip commandlinetools-*.zip @@ -287,13 +289,13 @@ If you download APK files to install manually, you can verify their signature wi ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3" ``` -4. Run the signature verification command: +4. Ejecuta el comando de verificación de firmas: ```bash ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk ``` -5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk/) on their website. +5. Los hashes resultantes pueden compararse con otra fuente. Algunos desarrolladores como Signal [muestran las firmas](https://signal.org/android/apk/) en su sitio web. ```bash Signer #1 certificate DN: CN=GrapheneOS @@ -316,17 +318,17 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt !!! note - In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org/) is one example of this). If you really need an app like that, we recommend using [Neo Store](https://github.com/NeoApplications/Neo-Store/) instead of the official F-Droid app to obtain it. + En algunos raros casos, el desarrollador de una aplicación sólo la distribuirá a través de F-Droid ([Gadgetbridge](https://gadgetbridge.org/) es un ejemplo de ello). Si realmente necesitas una aplicación como esa, te recomendamos que utilices [Neo Store](https://github.com/NeoApplications/Neo-Store/) en lugar de la aplicación oficial F-Droid para obtenerla. -## Criteria +## Criterios **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. !!! example "This section is new" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Estamos trabajando para establecer criterios definidos para cada sección de nuestro sitio, y esto puede estar sujeto a cambios. Si tienes alguna duda sobre nuestros criterios, por favor [pregunta en nuestro foro](https://discuss.privacyguides.net/latest) y no asumas que no hemos tenido en cuenta algo a la hora de hacer nuestras recomendaciones si no aparece aquí. Son muchos los factores que se tienen en cuenta y se debaten cuando recomendamos un proyecto, y documentar cada uno de ellos es un trabajo en curso. -### Software +### Sistema Operativo - Must be open-source software. - Must support bootloader locking with custom AVB key support. @@ -337,17 +339,15 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Must **not** enable Google Play Services by default. - Must **not** require system modification to support Google Play Services. -### Devices +### Dispositivo - Must support at least one of our recommended custom operating systems. - Must be currently sold new in stores. - Must receive a minimum of 5 years of security updates. - Must have dedicated secure element hardware. -### Applications +### Aplicaciones - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/assets/img/how-tor-works/tor-path-dark.svg b/i18n/es/assets/img/how-tor-works/tor-path-dark.svg index 9002c9b1..f62866cd 100644 --- a/i18n/es/assets/img/how-tor-works/tor-path-dark.svg +++ b/i18n/es/assets/img/how-tor-works/tor-path-dark.svg @@ -24,8 +24,8 @@ - Your - Device + Su + dispositivo diff --git a/i18n/es/assets/img/how-tor-works/tor-path.svg b/i18n/es/assets/img/how-tor-works/tor-path.svg index cb53d8b1..a6659739 100644 --- a/i18n/es/assets/img/how-tor-works/tor-path.svg +++ b/i18n/es/assets/img/how-tor-works/tor-path.svg @@ -24,22 +24,22 @@ - Your - Device + Su + dispositivo - Entry + Entrada - Middle + Medio - Exit + Salida diff --git a/i18n/es/basics/account-creation.md b/i18n/es/basics/account-creation.md index aa3894b3..1938e358 100644 --- a/i18n/es/basics/account-creation.md +++ b/i18n/es/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Creación De Cuenta" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- A menudo la gente se inscribe en servicios sin pensar. Tal vez sea un servicio de streaming para que puedas ver ese nuevo show del que todo el mundo habla, o una cuenta que te da un descuento para tu lugar de comida rápida favorito. Sea cual sea el caso, debes tener en cuenta las implicaciones que tednrá para tus datos ahora y más adelante. @@ -43,7 +44,7 @@ Si un servicio es hackeado, puede que usted comience a recibir correos engañoso [Servicios recomendados de alias de correo electrónico](../email.md#email-aliasing-services ""){.md-button} -### Single sign-on +### Inicio de sesión único !!! note @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/basics/account-deletion.md b/i18n/es/basics/account-deletion.md index d9d81118..3244b465 100644 --- a/i18n/es/basics/account-deletion.md +++ b/i18n/es/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Eliminación de cuenta" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Con el tiempo, puede ser fácil acumular varias cuentas en línea, muchas de las cuales puede que ya no utilices. Eliminar estas cuentas que no utilizas es un paso importante para recuperar tu privacidad, ya que las cuentas inactivas son vulnerables a las filtraciones de datos. Una filtración de datos se da cuando la seguridad de un servicio se ve comprometida y la información protegida es vista, transmitida o robada por actores no autorizados. Desafortunadamente, las filtraciones de datos son [demasiado comunes](https://haveibeenpwned.com/PwnedWebsites) en estos días, por lo que practicar una buena higiene digital es la mejor manera de minimizar el impacto que tienen en tu vida. El objetivo de esta guía es ayudarte a atravesar el fastidioso proceso de eliminación de cuentas para mejorar tu presencia en línea, lo que es a menudo dificultado por [un diseño engañoso](https://www.deceptive.design/). @@ -59,5 +60,3 @@ Aunque puedas eliminar una cuenta, no hay garantía de que toda tu información ## Evitar cuentas nuevas Como dice el refrán, "más vale prevenir que lamentar" Siempre que sientas la tentación de crear una nueva cuenta, pregúntate "¿realmente lo necesito? ¿Puedo lograr lo que necesito sin una cuenta?" A menudo puede ser mucho más difícil eliminar una cuenta que crearla. E incluso después de borrar o cambiar la información de tu cuenta, puede haber una versión en caché de un tercero, como en el [Internet Archive](https://archive.org/). Evita la tentación cuando puedas, ¡tu futuro yo te lo agradecerá! - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/basics/common-misconceptions.md b/i18n/es/basics/common-misconceptions.md index 9ffa5cd6..61b65eb9 100644 --- a/i18n/es/basics/common-misconceptions.md +++ b/i18n/es/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Conceptos erróneos comunes" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "El software de código abierto es siempre seguro" o "El software propietario es más seguro" @@ -44,7 +45,7 @@ Uno de los modelos de amenaza más claros es aquel en el que la gente *sabe qui No sugerimos usar una VPN o Tor para ninguna de estas cosas, ya que tu identidad ya es conocida por otros medios. - !!! tip + !!! consejo Al comprar en línea, el uso de un [casillero de paquetes](https://en.wikipedia.org/wiki/Parcel_locker) puede ayudar a mantener la privacidad de tu dirección física. @@ -56,6 +57,4 @@ Uno de los modelos de amenaza más claros es aquel en el que la gente *sabe qui Usar Tor puede ayudar con esto. También cabe destacar que es posible un mayor anonimato mediante la comunicación asíncrona: La comunicación en tiempo real es vulnerable al análisis de los patrones de escritura (es decir, más de un párrafo de texto, distribuido en un foro, por correo electrónico, etc.) ---8<-- "includes/abbreviations.es.txt" - [^1]: Un ejemplo notable de esto es [el incidente de 2021 en el que investigadores de la Universidad de Minnesota introdujeron tres vulnerabilidades en el proyecto de desarrollo del kernel de Linux](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/es/basics/common-threats.md b/i18n/es/basics/common-threats.md index eef40a37..23db3b14 100644 --- a/i18n/es/basics/common-threats.md +++ b/i18n/es/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Amenazas comunes" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- En términos generales, clasificamos nuestras recomendaciones en las [amenazas](threat-modeling.md) u objetivos que se aplican a la mayoría de las personas. ==Puede que no te preocupe ninguna, una, varias o todas estas posibilidades==, y las herramientas y servicios que utilices dependerán de cuáles sean tus objetivos. Es posible que también tengas amenazas específicas fuera de estas categorías, ¡lo cual está perfectamente bien! Lo importante es desarrollar una comprensión de los beneficios y las deficiencias de las herramientas que elijas utilizar, porque prácticamente ninguna de ellas te protegerá de todas las amenazas. @@ -34,7 +35,7 @@ En lo que respecta a la seguridad de las aplicaciones, generalmente no sabemos ( Para minimizar el daño que una pieza maliciosa de software *podría hacer*, deberías emplear la seguridad por compartimentación. Por ejemplo, esto podría darse en la forma de usar diferentes ordenadores para diferentes trabajos, usar máquinas virtuales para separar diferentes grupos de aplicaciones relacionadas, o usar un sistema operativo seguro con un fuerte enfoque en el aislamiento de aplicaciones y el control de acceso obligatorio. -!!! tip +!!! consejo Los sistemas operativos móviles suelen tener un mejor aislamiento de aplicaciones que los sistemas operativos de escritorio: Las aplicaciones no pueden obtener acceso a la raíz y requieren permiso para acceder a los recursos del sistema. @@ -44,7 +45,7 @@ Para minimizar el daño que una pieza maliciosa de software *podría hacer*, deb Los ataques dirigidos contra una persona concreta son más problemáticos de tratar. Los ataques más comunes son el envío de documentos maliciosos por correo electrónico, la explotación de vulnerabilidades (por ejemplo, en los navegadores y sistemas operativos) y los ataques físicos. Si esto te preocupa, deberías emplear estrategias de mitigación de amenazas más avanzadas. -!!! tip +!!! consejo Por su diseño, los **navegadores web**, los **clientes de correo electrónico** y las **aplicaciones de oficina** suelen ejecutar código no fiable, enviado por terceros. Ejecutar múltiples máquinas virtuales -para separar aplicaciones como estas de su sistema anfitrión, así como entre sí- es una técnica que puedes utilizar para mitigar la posibilidad de que un exploit en estas aplicaciones comprometa el resto de tu sistema. Por ejemplo, tecnologías como Qubes OS o Microsoft Defender Application Guard en Windows proporcionan métodos convenientes para hacerlo. @@ -80,11 +81,11 @@ La vigilancia masiva es el intrincado esfuerzo por controlar el "comportamiento, Si quiere saber más sobre los métodos de vigilancia y cómo se aplican en su ciudad, también puede echar un vistazo al [Atlas of Surveillance](https://atlasofsurveillance.org/) de la [Electronic Frontier Foundation](https://www.eff.org/). - In France you can take a look at the [Technolopolice website](https://technopolice.fr/villes/) maintained by the non-profit association La Quadrature du Net. + En Francia puede consultar el sitio [Technolopolice website](https://technopolice.fr/villes/), mantenido por la asociación sin ánimo de lucro La Quadrature du Net. Los gobiernos suelen justificar los programas de vigilancia masiva como medios necesarios para combatir el terrorismo y prevenir la delincuencia. cita "ACLU: [*La lección de privacidad del 11 de septiembre: La vigilancia masiva no es el camino a seguir*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)" -!!! quote "ACLU: [*The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)" +!!! cita "ACLU: [*La lección de privacidad del 11 de septiembre: La vigilancia masiva no es el camino a seguir*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)" Aunque eludir la censura en sí puede ser fácil, ocultar el hecho de que lo estás haciendo puede ser muy problemático. Debrías considerar qué aspectos de la red puede observar tu adversario y si tiene una negación plausible de tus acciones. @@ -128,19 +129,17 @@ La censura en línea puede ser llevada a cabo (en diversos grados) por actores q La censura en las plataformas corporativas es cada vez más común, ya que plataformas como Twitter y Facebook ceden a la demanda del público, a las presiones del mercado y a las de los organismos gubernamentales. Las presiones gubernamentales pueden ser peticiones encubiertas a las empresas, como la de la Casa Blanca [solicitando la retirada](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) de un vídeo provocativo de YouTube, o abiertamente, como la del gobierno chino exigiendo a las empresas que se adhieran a un estricto régimen de censura. -La censura en las plataformas corporativas es cada vez más común, ya que plataformas como Twitter y Facebook ceden a la demanda del público, a las presiones del mercado y a las de los organismos gubernamentales. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video, or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship. +La censura en las plataformas corporativas es cada vez más común, ya que plataformas como Twitter y Facebook ceden a la demanda del público, a las presiones del mercado y a las de los organismos gubernamentales. Las presiones gubernamentales pueden ser peticiones encubiertas a las empresas, como la de la Casa Blanca [solicitando la retirada](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) de un vídeo provocativo de YouTube, o abiertamente, como la del gobierno chino exigiendo a las empresas que se adhieran a un estricto régimen de censura. -People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../real-time-communication.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily. +Las personas preocupadas por la amenaza de la censura pueden utilizar tecnologías como [Tor](../advanced/tor-overview.md) para eludirla, y apoyar plataformas de comunicación resistentes a la censura como [Matrix](../real-time-communication.md#element), que no tiene una autoridad de cuentas centralizada que pueda cerrar cuentas arbitrariamente. -!!! tip +!!! consejo - While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic. + Si bien evadir la censura en sí misma puede ser fácil, ocultar el hecho de que lo estás haciendo puede ser muy problemático. - You should consider which aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using [encrypted DNS](../advanced/dns-overview.md#what-is-encrypted-dns) can help you bypass rudimentary, DNS-based censorship systems, but it can't truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from network administrators, but can't hide that you're using those networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you evade firewalls that block common VPN protocols or Tor, but your circumvention attempts can still be detected by methods like probing or [deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection). + Deberías considerar qué aspectos de la red puede observar tu adversario y si tienes una justificación verosímil para tus acciones. Por ejemplo, el uso de [DNS cifrado](../advanced/dns-overview.md#what-is-encrypted-dns) puede ayudarte a eludir sistemas de censura rudimentarios basados en DNS, pero no puede ocultar realmente lo que visitas a tu ISP. Una VPN o Tor puede ayudar a ocultar lo que estás visitando de los administradores de red, pero no puede ocultar que estás utilizando esas redes en primer lugar. Los transportes conectables (como Obfs4proxy, Meek, o Shadowsocks) pueden ayudarte a evadir cortafuegos que bloquean protocolos VPN comunes o Tor, pero tus intentos de evasión aún pueden ser detectados por métodos como sondeo o [inspección profunda de paquetes](https://es.wikipedia.org/wiki/Inspección_profunda_de_paquete). -You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. - ---8<-- "includes/abbreviations.es.txt" +Siempre debes tener en cuenta los riesgos de intentar saltarse la censura, las posibles consecuencias y lo sofisticado que puede ser el adversario. Debe ser precavido con la selección del software y tener un plan de respaldo en caso de que te pillen. [^1]: Wikipedia: [*Vigilancia masiva*](https://es.wikipedia.org/wiki/Vigilancia_masiva) y [*Vigilancia*](https://es.wikipedia.org/wiki/Vigilancia). [^2]: Junta de Supervisión de la Privacidad y las Libertades Civiles de los Estados Unidos: [*Informe sobre el Programa de Registros Telefónicos llevado a cabo bajo la Sección 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) diff --git a/i18n/es/basics/email-security.md b/i18n/es/basics/email-security.md index 6fbf613e..203eceb0 100644 --- a/i18n/es/basics/email-security.md +++ b/i18n/es/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Seguridad del correo electrónico icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- El correo electrónico es una forma de comunicación insegura por defecto. Puedes mejorar la seguridad de tu correo electrónico con herramientas como OpenPGP, que añaden cifrado de extremo a extremo a tus mensajes, pero OpenPGP sigue teniendo una serie de inconvenientes en comparación con el cifrado de otras aplicaciones de mensajería, y algunos datos del correo electrónico nunca pueden cifrarse de forma inherente debido a cómo está diseñado el correo electrónico. @@ -38,5 +39,3 @@ Los metadatos del correo electrónico están protegidos de observadores externos ### ¿Por qué los metadatos no pueden ser E2EE? Los metadatos del correo electrónico son cruciales para la funcionalidad más básica del correo electrónico (de dónde viene y a dónde tiene que ir). E2EE no estaba integrado originalmente en los protocolos de correo electrónico, sino que requería un software adicional como OpenPGP. Dado que los mensajes OpenPGP todavía tienen que funcionar con los proveedores de correo electrónico tradicionales, no puede cifrar los metadatos del correo electrónico, sino sólo el cuerpo del mensaje. Esto significa que, incluso cuando se utiliza OpenPGP, los observadores externos pueden ver mucha información sobre tus mensajes, como a quién estás enviando correos electrónicos, las líneas de asunto, cuándo estás enviando correos, etc. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/basics/multi-factor-authentication.md b/i18n/es/basics/multi-factor-authentication.md index 2e3cf8e4..0b6e2cba 100644 --- a/i18n/es/basics/multi-factor-authentication.md +++ b/i18n/es/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Autenticación de múltiples factores" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **La autenticación multifactorial** (**MFA**) es un mecanismo de seguridad que requiere pasos adicionales a la introducción del nombre de usuario (o correo electrónico) y la contraseña. El método más común son los códigos de tiempo limitado que puedes recibir de un SMS o una aplicación. @@ -162,5 +163,3 @@ MFA de SSH también se puede configurar utilizando TOTP. DigitalOcean ha proporc ### KeePass (y KeePassXC) Las bases de datos de KeePass y KeePassXC pueden ser aseguradas utilizando Challenge-Response o HOTP como segundo factor de autenticación. Yubico ha proporcionado un documento para KeePass [Uso de su YubiKey con KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) y también hay uno en el sitio web de [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa). - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/basics/passwords-overview.md b/i18n/es/basics/passwords-overview.md index 51ad8fdf..e105737f 100644 --- a/i18n/es/basics/passwords-overview.md +++ b/i18n/es/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introducción a las contraseñas" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Las contraseñas son una parte esencial de nuestra vida digital cotidiana. Las utilizamos para proteger nuestras cuentas, nuestros dispositivos y nuestros secretos. A pesar de ser a menudo lo único que nos separa de un adversario que busca nuestra información privada, no se piensa mucho en ellas, lo que a menudo lleva a la gente a utilizar contraseñas que pueden ser fácilmente adivinadas o forzadas. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Copias de seguridad You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/basics/threat-modeling.md b/i18n/es/basics/threat-modeling.md index 51dd7ef4..ac4e0b30 100644 --- a/i18n/es/basics/threat-modeling.md +++ b/i18n/es/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "¿Qué son los modelos de amenaza?" icon: 'material/target-account' +description: Equilibrar la seguridad, la privacidad y la facilidad de uso es una de las primeras y más difíciles tareas a las que se enfrentará en su camino hacia la privacidad. --- Equilibrar la seguridad, la privacidad y la facilidad de uso es una de las primeras y más difíciles tareas a las que se enfrentará en su camino hacia la privacidad. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -98,7 +99,7 @@ Sólo una vez que se haya planteado estas preguntas estará en condiciones de ev Elaborar un plan de seguridad le ayudará a comprender las amenazas que le son propias y a evaluar sus activos, sus adversarios y las capacidades de éstos, junto con la probabilidad de los riesgos a los que se enfrenta. -## Further Reading +## Lecturas Adicionales For people looking to increase their privacy and security online, we've compiled a list of common threats our visitors face or goals our visitors have, to give you some inspiration and demonstrate the basis of our recommendations. @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Fuentes - [EFF Surveillance Self Defense: Su plan de seguridad](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/basics/vpn-overview.md b/i18n/es/basics/vpn-overview.md index 0cdbc15d..3236abdf 100644 --- a/i18n/es/basics/vpn-overview.md +++ b/i18n/es/basics/vpn-overview.md @@ -1,29 +1,30 @@ --- title: Vista general del VPN icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- -Las redes virtuales privadas (conocidas en inglés como Virtual Private Networks) son una manera de ampliar el extremo de tu red hacia algún lugar del mundo. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). +Las redes virtuales privadas (conocidas en inglés como Virtual Private Networks) son una manera de ampliar el extremo de tu red hacia algún lugar del mundo. Un ISP puede ver el flujo de tráfico de Internet que entra y sale de su dispositivo de terminación de red (es decir, el módem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). -A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. +Una VPN puede ayudar, ya que puede trasladar la confianza a un servidor en otro lugar del mundo. Como resultado, el ISP solamente ve que te conectaste a una VPN y nada de la actividad que le estás pasando. -## Should I use a VPN? +## ¿Debería usar una VPN? -**Yes**, unless you are already using Tor. A VPN does two things: shifting the risks from your Internet Service Provider to itself and hiding your IP from a third-party service. +**Sí**, a menos que ya estés usando Tor. Una VPN hace dos cosas: trasladar los riesgos de su proveedor de servicios de Internet a sí mismo y ocultar su IP de un servicio de terceros. -VPNs cannot encrypt data outside of the connection between your device and the VPN server. VPN providers can see and modify your traffic the same way your ISP could. And there is no way to verify a VPN provider's "no logging" policies in any way. +Las VPN no pueden cifrar datos fuera de la conexión entre su dispositivo y el servidor VPN. Los proveedores de VPN pueden ver y modificar su tráfico del mismo modo que su proveedor de Internet. Y no hay forma de verificar de ninguna manera las políticas de "no registro" de un proveedor de VPN. -However, they do hide your actual IP from a third-party service, provided that there are no IP leaks. They help you blend in with others and mitigate IP based tracking. +Sin embargo, ocultan tu IP real de un servicio de terceros, siempre que no haya fugas de IP. Le ayudan a mezclarse con los demás y a mitigar el seguimiento basado en la IP. -## When shouldn't I use a VPN? +## ¿Cuándo no debería usar una VPN? -Using a VPN in cases where you're using your [known identity](common-threats.md#common-misconceptions) is unlikely be useful. +El uso de una VPN en caso de que estés utilizando tu[identidad conocida](common-threats.md#common-misconceptions) probablemente no sea útil. -Doing so may trigger spam and fraud detection systems, such as if you were to log into your bank's website. +Si lo hace, pueden activarse los sistemas de detección de spam y fraude, por ejemplo si te conectas al sitio web de tu banco. -## What about encryption? +## ¿Qué pasa con el cifrado? Encryption offered by VPN providers are between your devices and their servers. It guarantees that this specific link is secure. This is a step up from using unencrypted proxies where an adversary on the network can intercept the communications between your devices and said proxies and modify them. However, encryption between your apps or browsers with the service providers are not handled by this encryption. @@ -41,7 +42,7 @@ Needless to say, **you shouldn't use encrypted DNS with Tor**. This would direct By using a VPN with Tor, you're creating essentially a permanent entry node, often with a money trail attached. This provides zero additional benefits to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. [Read more about Tor bridges and why using a VPN is not necessary](../advanced/tor-overview.md). -## What if I need anonymity? +## ¿Y si necesito anonimato? VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead. @@ -70,9 +71,7 @@ For situations like these, or if you have another compelling reason, the VPN pro ## Related VPN Information -- [The Trouble with VPN and Privacy Review Sites](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/) -- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) -- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) -- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.es.txt" +- [El problema con las VPN y los sitios de revisión de privacidad](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/) +- [Investigación sobre aplicaciones VPN gratuitas](https://www.top10vpn.com/free-vpn-app-investigation/) +- [Propietarios ocultos de VPN revelados: 101 productos VPN administrados por solo 23 empresas](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) +- [Esta empresa china está secretamente detrás de 24 aplicaciones populares que buscan permisos peligrosos](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) diff --git a/i18n/es/calendar.md b/i18n/es/calendar.md index 23fe133d..22ad2ca1 100644 --- a/i18n/es/calendar.md +++ b/i18n/es/calendar.md @@ -1,6 +1,7 @@ --- title: "Clientes de Correo Electrónico" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -81,5 +82,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/cloud.md b/i18n/es/cloud.md index 0b020a27..e5a48441 100644 --- a/i18n/es/cloud.md +++ b/i18n/es/cloud.md @@ -1,6 +1,7 @@ --- title: "Correo Electrónico" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Muchos proveedores de almacenamiento en la nube exigen que confíes plenamente en que no mirarán tus archivos. Las alternativas que se enumeran a continuación eliminan la necesidad de confianza, ya que le ponen en control de sus datos o implementan E2EE. @@ -30,7 +31,6 @@ Confíe en su proveedor utilizando una alternativa a continuación que es compat ??? -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -59,5 +59,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/cryptocurrency.md b/i18n/es/cryptocurrency.md new file mode 100644 index 00000000..00d0f2ec --- /dev/null +++ b/i18n/es/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! peligro + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recomendación + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/es/data-redaction.md b/i18n/es/data-redaction.md index cd4b209d..8f7f7341 100644 --- a/i18n/es/data-redaction.md +++ b/i18n/es/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- Cuando compartas archivos, asegúrate de eliminar los metadatos asociados. Los archivos de imagen suelen incluir Datos [Exif](https://es.wikipedia.org/wiki/Exchangeable_image_file_format). A veces, las fotos incluyen incluso coordenadas GPS en los metadatos del archivo. @@ -142,5 +143,3 @@ La aplicación ofrece múltiples formas de borrar los metadatos de las imágenes - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/desktop-browsers.md b/i18n/es/desktop-browsers.md index cc56f637..fae72df0 100644 --- a/i18n/es/desktop-browsers.md +++ b/i18n/es/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Navegadores de escritorio" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- Estas son nuestras recomendaciones de navegadores web para computadoras y las configuraciones para la navegación estándar/no anónima por Internet. Si necesitas navegar por Internet de forma anónima, deberías utilizar [Tor](tor.md) . En general, recomendamos mantener una cantidad mínima de extensiones; estas tienen un acceso privilegiado dentro de tu navegador, requieren que confíes en el desarrollador, pueden hacerte [destacar](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), y [debilitan](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) el aislamiento del sitio. @@ -257,6 +258,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.es.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/es/desktop.md b/i18n/es/desktop.md index a4e9b1ba..d78ca05d 100644 --- a/i18n/es/desktop.md +++ b/i18n/es/desktop.md @@ -1,6 +1,7 @@ --- title: "Almacenamiento en la Nube" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Nuestros sistemas operativos recomendados: - Debe soportar el cifrado de disco completo durante la instalación. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Debe ser compatible con una amplia variedad de hardware. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/dns.md b/i18n/es/dns.md index a9eefe7a..94a29301 100644 --- a/i18n/es/dns.md +++ b/i18n/es/dns.md @@ -1,142 +1,172 @@ --- -title: "Introducción a DNS" +title: "Resolvers DNS" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! ¿Debería utilizar un DNS cifrado? +Un DNS cifrado con servidores de terceros solo debe utilizarse para evitar el [bloqueo de DNS básico](https://en.wikipedia.org/wiki/DNS_blocking) cuando puedas estar seguro de que no habrá ninguna consecuencia. Un DNS encriptado no te ayudará a esconder tu actividad en línea. - El DNS cifrado con un tercero solo debe usarse para evitar redirecciones y el bloqueo básico de DNS cuando puedas estar seguro de que no habrá consecuencias o estés interesado en un proveedor que realice un filtrado rudimentario. DNS encriptado no te ayudará a esconder tu actividad en línea. - - [Aprende más sobre el DNS](technology/dns.md){ .md-button } +[Aprende más sobre DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Proveedores recomendados -| DNS | Política de Privacidad | Protocolo | Protocolos | Registros | ECS | -| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | --------- | -------------------------------------------------------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Comercial | Texto simple
DoH
DoT
DNSCrypt | 2 | No Filter list being used can be found here. [**DNS mediante HTTPS**](https://es.wikipedia.org/wiki/DNS_mediante_HTTPS) como está definido en el [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) empaqueta las consultas en el protocolo [HTTP/2](https://es.wikipedia.org/wiki/HTTP/2) y proporciona seguridad con HTTPS. | -| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Comercial | Texto simple
DoH
DoT | 2 | No | -| [**ControlID**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Comercial | Texto simple
DoH
DoT | 2 | No | -| [**IVPN**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | Comercial | DoH
DoT | 2 | No Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | -| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Comercial | Texto simple
DoH
DoT
DNSCrypt | Opcional [^5] | No | -| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Comercial | Some[^6] | Opcional [^5] | Based on server choice, Malware blocking by default. | +| Proveedor de DNS | Política de Privacidad | Protocolos | Registro | ECS | Filtrado | +| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | -------------------------------------------------------------- | -------------------------------------------------------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Texto simple
DoH
DoT
DNSCrypt | Parcial[^1] | No | Basado en la elección del servidor. La lista de filtros que se utilizan pueden encontrarse aquí. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH/3
DoT | Some[^2] | No | Basado en la elección del servidor. | +| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH/3
DoT
DoQ | Opcional[^3] | No | Basado en la elección del servidor. | +| [**IVPN**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | No[^4] | No | Basado en la elección del servidor. La lista de filtros que se utilizan pueden encontrarse aquí. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | +| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH/3
DoT | Texto simple
DoH
DoT
DNSCrypt | Opcional [^5] | Basado en la elección del servidor. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Comercial | Parcial[^6] | Opcional [^5] | Según la elección del servidor, bloqueo de malware por defecto. | -## Criteria +## Criterios -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Ten en cuenta que no estamos afiliados con ninguno de los proyectos que recomendamos.** Además de [nuestros criterios estándar](about/criteria.md), hemos desarrollado un conjunto claro de requisitos que nos permiten proporcionar recomendaciones objetivas. Te sugerimos que te familiarices con esta lista antes de elegir usar un proyecto, y que lleves a cabo tu propia investigación para asegurarte de que es la elección correcta para ti. -!!! example "This section is new" +!!! Ejemplo "Esta sección es nueva" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Estamos trabajando para establecer criterios definidos para cada sección de nuestro sitio, y esto puede estar sujeto a cambios. Si tienes alguna duda sobre nuestros criterios, por favor [pregunta en nuestro foro](https://discuss.privacyguides.net/latest) y no asumas que no hemos tenido en cuenta algo a la hora de hacer nuestras recomendaciones si no aparece aquí. Son muchos los factores que se tienen en cuenta y se debaten cuando recomendamos un proyecto, y documentar cada uno de ellos es un trabajo en curso. -- Debe soportar [DNSSEC](technology/dns.md#what-is-dnssec-and-when-is-it-used) -- [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization). -- Allow for [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) to be disabled. -- Prefer [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support or geo-steering support. +- Debe soportar [DNSSEC](technology/dns.md#what-is-dnssec-and-when-is-it-used). +- [Minimización QNAME](advanced/dns-overview.md#what-is-qname-minimization). +- Permita desactivar [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs). +- Preferir soporte [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) o soporte de dirección geográfica. -## DNS sin cifrado +## Compatibilidad con sistemas operativos nativos ### Android -Las últimas versiones de iOS, iPadOS, tvOS y macOS, soportan tanto DoT como DoH. Ambos protocolos son soportados nativamente a través de [configuración de perfiles ](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) o a través de la [API de configuración DNS](https://developer.apple.com/documentation/networkextension/dns_settings). +Android 9 y superiores soportan DNS sobre TLS. Los ajustes se pueden encontrar en: **Configuración** → **Red & Internet** → **DNS privado**. ### Dispositivos Apple -Tras la instalación de un perfil de configuración o de una aplicación que utilice la API de configuración de DNS, se puede seleccionar la configuración de DNS. Si una VPN está activo, la resolución dentro del túnel VPN utilizará la configuración DNS de la VPN y no la configuración de todo el sistema. +Las últimas versiones de iOS, iPadOS, tvOS y macOS, admiten tanto DoT como DoH. Ambos protocolos son soportados nativamente a través de [configuración de perfiles ](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) o a través de la [API de configuración DNS](https://developer.apple.com/documentation/networkextension/dns_settings). -After installation of either a configuration profile or an app that uses the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings. +Tras la instalación de un perfil de configuración o de una aplicación que utilice la API de configuración de DNS, se puede seleccionar la configuración de DNS. Si una VPN está activa, la resolución dentro del túnel VPN utilizará la configuración DNS de la VPN y no la configuración de todo el sistema. -#### Signed Profiles +#### Perfiles firmados -Apple does not provide a native interface for creating encrypted DNS profiles. Información Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/). +Apple no proporciona una interfaz nativa para crear perfiles DNS cifrados. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) es una herramienta no oficial para crear tus propios perfiles DNS encriptados, aunque no estarán firmados. Son preferibles los perfiles firmados; la firma valida el origen de un perfil y ayuda a garantizar su integridad. Los perfiles de configuración firmados reciben la etiqueta verde de "Verificado". Para más información sobre la firma de código, consulte [Acerca de la firma de código](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Perfiles firmados** son ofrecidos por [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io)y [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/). -!!! info +!!! Información - `systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. + `systemd-resolved`, que muchas distribuciones Linux utilizan para realizar sus búsquedas DNS, todavía no [soporta DoH](https://github.com/systemd/systemd/issues/8639). Si quieres usar DoH, necesitarás instalar un proxy como [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) y [configurarlo](https://wiki. rchlinux.org/title/Dnscrypt-proxy) para obtener todas las consultas DNS de la resolución del sistema y reenviarlas a HTTPS. -## Encrypted DNS Proxies +## Proxies DNS cifrados -Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns). +El software proxy DNS encriptado proporciona un proxy local para que el resolver DNS no encriptado +lo reenvíe. Normalmente se utiliza en plataformas que no soportan de forma nativa el DNS cifrado [](advanced/dns-overview.md#what-is-encrypted-dns).

-### DNS -!!! recomendación - - ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right } - ![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right } - - **RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too. - - [:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns) - - [:simple-github: GitHub](https://github.com/celzero/rethink-app/releases) - -### DNSCrypt - -!!! recomendación - - ![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right } - - **dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS). - - !!! warning "The anonymized DNS feature does [**not**](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic." - - [:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary } - [:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" } - [:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Contribute } - - ??? downloads - - - [:simple-windows11: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows) - - [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS) - - [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux) - -## Self-hosted Solutions - -A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed. ### RethinkDNS !!! recomendación - ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right } + ![Logo de RethinkDNS](assets/img/android/rethinkdns.svg#only-light){ align=right } + ![Logo de RethinkDNS](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right } - **AdGuard Home** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements. + **RethinkDNS** es un cliente Android de código abierto que soporta [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) y DNS Proxy junto con el almacenamiento en caché de las respuestas DNS, el registro local de las consultas DNS y también se puede utilizar como cortafuegos. - AdGuard Home features a polished web interface to view insights and manage blocked content. + [:octicons-home-16: Inicio](https://rethinkdns.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Código fuente" } + + ??? descargas + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns) + - [:simple-github: GitHub](https://github.com/celzero/rethink-app/releases) - [:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } - [:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" } -### DNSCloak + + +### dnscrypt-proxy !!! recomendación - ![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right } + ![logo dnscrypt-proxy](assets/img/dns/dnscrypt-proxy.svg){ align=right } - **Pi-hole** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements. + **dnscrypt-proxy** es un proxy DNS con soporte para [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), y [DNS Anonimizado](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS). - Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content. + !!! advertencia "La función DNS anónima [**no**](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonimiza otro tráfico de red." + + [:octicons-repo-16: Repositorio](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Contribuir } + + ??? descargas + + - [:simple-windows11: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows) + - [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS) + - [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux) - [:octicons-home-16: Homepage](https://pi-hole.net/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } - [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.es.txt" -[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) -[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) -[^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) -[^4]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/) -[^5]: NextDNS can provide insights and logging features on an opt-in basis. You can choose retention times and log storage locations for any logs you choose to keep. If it's not specifically requested, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy) -[^6]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/) + +## Soluciones autoalojadas + +Una solución DNS autoalojada es útil para proporcionar filtrado en plataformas controladas, como Smart TV y otros dispositivos IoT, ya que no se necesita software del lado del cliente. + + + +### AdGuard Home + +!!! recomendación + + ![Logo de AdGuard Home](assets/img/dns/adguard-home.svg){ align=right } + + **AdGuard Home** es un código abierto [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) que utiliza [filtrado DNS](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) para bloquear contenido web no deseado, como anuncios. + + AdGuard Home cuenta con una interfaz web pulida para ver información y gestionar el contenido bloqueado. + + [:octicons-home-16: Inicio](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } + [:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Código fuente" } + + + + +### Pi-hole + +!!! recomendación + + ![Logo de Pi-hole](assets/img/dns/pi-hole.svg){ align=right } + + **Pi-hole** es un código abierto [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) que utiliza [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) para bloquear contenidos web no deseados, como la publicidad. + + Pi-hole está diseñado para alojarse en una Raspberry Pi, pero no se limita a dicho hardware. El software cuenta con una interfaz web fácil de usar para ver los datos y gestionar los contenidos bloqueados. + + [:octicons-home-16: Inicio](https://pi-hole.net/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribuir } + + + + +[^1]: + AdGuard almacena métricas de rendimiento agregadas de sus servidores DNS, es decir, el número de solicitudes completas a un servidor en particular, el número de solicitudes bloqueadas y la velocidad de procesamiento de solicitudes. También guardan y almacenan la base de datos de dominios solicitados en las últimas 24 horas. "Necesitamos esta información para identificar y bloquear nuevos rastreadores y amenazas". "También registramos cuántas veces se ha bloqueado tal o cual rastreador. Necesitamos esta información para eliminar normas obsoletas de nuestros filtros". [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) + + +[^2]: + Cloudflare recopila y almacena únicamente los datos de consulta DNS limitados que se envían al resolver 1.1.1.1. El servicio de resolución 1.1.1.1 no registra datos personales, y el grueso de los limitados datos de consulta no identificables personalmente se almacena sólo durante 25 horas. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) + + +[^3]: + El Control D sólo registra los resolvers Premium con perfiles DNS personalizados. Los resolvers libres no registran datos. [https://controld.com/privacy](https://controld.com/privacy) + + +[^4]: + El servicio DNS de Mullvad está disponible tanto para suscriptores como para no suscriptores de Mullvad VPN. Su política de privacidad afirma explícitamente que no registran las solicitudes DNS de ninguna manera. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/) + + +[^5]: + NextDNS puede proporcionar información y funciones de registro previa solicitud. Puede elegir los tiempos de retención y las ubicaciones de almacenamiento de los registros que desee conservar. Si no se solicita específicamente, no se registra ningún dato. [https://nextdns.io/privacy](https://nextdns.io/privacy) + + +[^6]: + Quad9 recopila algunos datos con fines de supervisión y respuesta ante amenazas. Esos datos pueden remezclarse y compartirse, por ejemplo, con fines de investigación sobre seguridad. Quad9 no recoge ni registra direcciones IP ni otros datos que consideren personalmente identificables. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/) diff --git a/i18n/es/email-clients.md b/i18n/es/email-clients.md index 5962ed57..42a21cff 100644 --- a/i18n/es/email-clients.md +++ b/i18n/es/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Nuestra lista de recomendaciones contiene clientes de correo electrónico que soportan [OpenPGP](encryption.md#openpgp) y una autenticación fuerte como [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth te permite utilizar la [Autenticación Multifactor](basics/multi-factor-authentication.md) y previene el robo de cuentas. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/email.md b/i18n/es/email.md index 3b4f339f..200f58a1 100644 --- a/i18n/es/email.md +++ b/i18n/es/email.md @@ -1,6 +1,7 @@ --- title: "Servicios de correo electrónico" icon: material/email +description: Estos proveedores de correo electrónico ofrecen un lugar estupendo para almacenar tus mensajes de forma segura, y muchos ofrecen cifrado OpenPGP interoperable con otros proveedores. --- El correo electrónico es prácticamente necesario para utilizar cualquier servicio en línea. Sin embargo, no lo recomendamos para las conversaciones de persona a persona. En vez de utilizar el correo electrónico para comunicarse con otras personas, considere utilizar un servicio de mensajería instantánea que soporte el secreto de reenvío. @@ -9,29 +10,41 @@ El correo electrónico es prácticamente necesario para utilizar cualquier servi Para todo lo demás, recomendamos una variedad de proveedores de correo electrónico basados en modelos sostenibles, además de características de seguridad y privacidad integradas. +- [Proveedores de correo electrónico compatibles con OpenPGP :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Otros proveedores encriptados :material-arrow-right-drop-circle:](#more-providers) +- [Servicios de alias de correo electrónico :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Opciones autoalojadas :material-arrow-right-drop-circle:](#self-hosting-email) + ## Servicios compatibles con OpenPGP -Estos proveedores soportan de manera nativa el cifrado/descifrado de OpenPGP, permitiendo que los correos electrónicos E2EE sean independientes del proveedor. Por ejemplo, un usuario de Proton Mail no puede enviar un mensaje E2EE a un usuario de Mailbox.org, o usted puede recibir notificaciones cifradas con OpenPGP desde servicios de internet que lo soporten. +Estos proveedores soportan de forma nativa el cifrado/descifrado OpenPGP y el estándar Web Key Directory (WKD), lo que permite que los correos electrónicos E2EE sean independientes del proveedor. Por ejemplo, un usuario de Proton Mail podría enviar un mensaje E2EE a un usuario de Mailbox.org, o usted podría recibir notificaciones cifradas con OpenPGP desde servicios de Internet que lo admitan. -!!! warning +
+ +- ![Logo Proton Mail](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Logo Mailbox.org](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
+ +!!! advertencia Al utilizar una tecnología de cifrado de extremo a extremo (E2EE, por sus siglas en inglés) como OpenPGP, los correos aún tendrán algunos metadatos que no son encriptados en el encabezado del correo. Más información sobre los [metadatos de correo electrónico](basics/email-security.md#email-metadata-overview). - OpenPGP tampoco soporta el secreto de reenvío, lo que significa si la clave privada del receptos es robada, todos los mensajes cifrados previamente con ella, serán expuestos. [¿Cómo puedo proteger mis claves privadas?](basics/email-security.md#how-do-i-protect-my-private-keys) + OpenPGP tampoco soporta el secreto de reenvío, lo que significa si la clave privada del receptor es robada, todos los mensajes cifrados previamente con ella, serán expuestos. [¿Cómo puedo proteger mis claves privadas?](basics/email-security.md#how-do-i-protect-my-private-keys) ### Proton Mail !!! recomendación - ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } + ![Logo Proton Mail](assets/img/email/protonmail.svg){ align=right } **Proton Mail** es un servicio de correo electrónico con un enfoque en la privacidad, el cifrado, la seguridad y la facilidad de uso. Ellos operan desde **2013**. Proton AG tiene su sede en Ginebra, Suiza. Las cuentas inician con 500 MB de almacenamiento en el plan gratuito. [:octicons-home-16: Página principal](https://proton.me/mail){ .md-button .md-button--primary } - [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Source Code" } + [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Servicio Onion" } + [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Código fuente" } ??? descargas @@ -43,172 +56,179 @@ Estos proveedores soportan de manera nativa el cifrado/descifrado de OpenPGP, pe - [:simple-linux: Linux](https://proton.me/mail/bridge#download) - [:octicons-browser-16: Web](https://mail.proton.me) -Las cuentas gratuitas tienen algunas limitaciones, como no poder buscar texto en el contenido, y no tener acceso a [Proton Mail Bridge](https://proton.me/mail/bridge), que es requerido para utilizar un [cliente recomendado de correo electrónico para escritorio](email-clients.md) (como Thunderbird). Las cuentas de pago incluyen características como Proton Mail Bridge, almacenamiento adicional y soporte para dominios personalizados. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com). +Las cuentas gratuitas tienen algunas limitaciones, como no poder buscar texto en el contenido, y no tener acceso a [Proton Mail Bridge](https://proton.me/mail/bridge), que es requerido para utilizar un [cliente recomendado de correo electrónico para escritorio](email-clients.md) (como Thunderbird). Las cuentas de pago incluyen características como Proton Mail Bridge, almacenamiento adicional y soporte para dominios personalizados. Se proporcionó una carta de certificación [](https://proton.me/blog/security-audit-all-proton-apps) para las aplicaciones de Proton Mail el 9 de noviembre de 2021 por [Securitum](https://research.securitum.com). -If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free. +Si tiene el plan Proton Unlimited, Business o Visionary, también obtendrá [SimpleLogin](#simplelogin) Premium de forma gratuita. -Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. +Proton Mail tiene informes de errores internos que **no** comparten con terceros. Puede desactivarse en: **Ajustes** > **Ir a Ajustes** > **Cuenta** > **Seguridad y privacidad** > **Enviar informes de fallos**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Dominios personalizados y alias - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Los suscriptores de pago de Proton Mail pueden utilizar su propio dominio con el servicio o una dirección [catch-all](https://proton.me/support/catch-all). Proton Mail también admite la subdirección [](https://proton.me/support/creating-aliases), útil para quienes no desean adquirir un dominio. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Métodos de pago privados - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [acepta](https://proton.me/support/payment-options) dinero en efectivo por correo, además de tarjeta de crédito/débito estándar, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), y pagos por PayPal. -??? success "Account Security" +#### :material-check:{ .pg-green } Seguridad de las cuentas - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail sólo admite la autenticación de dos factores TOTP [](https://proton.me/support/two-factor-authentication-2fa). Todavía no se admite el uso de una clave de seguridad U2F. Proton Mail tiene previsto implantar U2F una vez completado su código [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/). -??? success "Data Security" +#### :material-check:{ .pg-green } Seguridad de los datos - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail tiene [cifrado de acceso cero](https://proton.me/blog/zero-access-encryption) en reposo para sus correos electrónicos y [calendarios](https://proton.me/news/protoncalendar-security-model). Los datos protegidos con cifrado de acceso cero sólo son accesibles para usted. -??? success "Email Encryption" +Cierta información almacenada en [Contactos de Proton](https://proton.me/support/proton-contacts), como nombres para mostrar y direcciones de correo electrónico, no está protegida con cifrado de acceso cero. Los campos de contacto que admiten cifrado de acceso cero, como los números de teléfono, se indican con un icono de candado. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Cifrado de correo electrónico -??? warning "Digital Legacy" +Proton Mail ha [integrado el cifrado OpenPGP](https://proton.me/support/how-to-use-pgp) en su webmail. Los correos electrónicos a otras cuentas de Proton Mail se cifran automáticamente, y el cifrado a direcciones que no sean de Proton Mail con una clave OpenPGP pueden ser habilitados fácilmente en la configuración de su cuenta. También le permiten encriptar [mensajes a direcciones que no sean de Proton Mail](https://proton.me/support/password-protected-emails) sin necesidad de que se suscriban a una cuenta de Proton Mail o utilicen software como OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail también admite el descubrimiento de claves públicas a través de HTTP desde su [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Esto permite a las personas que no utilizan Proton Mail encontrar fácilmente las claves OpenPGP de las cuentas de Proton Mail, para E2EE entre proveedores. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Legado digital - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail no ofrece la función de legado digital. -??? check "Aplicaciones móviles" +#### :material-information-outline:{ .pg-blue } Cancelación de la cuenta - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +Si tiene una cuenta de pago y su factura [no se paga](https://proton.me/support/delinquency) después de 14 días, no podrá acceder a sus datos. Transcurridos 30 días, su cuenta se convertirá en morosa y no recibirá correo entrante. Se le seguirá facturando durante este periodo. + +#### Funcionalidad adicional de :material-information-outline:{ .pg-blue } + +Proton Mail ofrece una cuenta "Ilimitada" por 9,99 euros al mes, que también permite acceder a Proton VPN además de proporcionar múltiples cuentas, dominios, alias y 500 GB de almacenamiento. ### Mailbox.org !!! recomendación - ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right } + ![Logo de Mailbox.org](assets/img/email/mailboxorg.svg){ align=right } - **Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with 2 GB of storage, which can be upgraded as needed. + **Mailbox.org** es un servicio de correo electrónico centrado en ser seguro, sin publicidad y alimentado de forma privada con energía 100% ecológica. Llevan en funcionamiento desde 2014. Mailbox.org tiene su sede en Berlín, Alemania. Las cuentas empiezan con 2 GB de almacenamiento, que pueden ampliarse según sea necesario. - [:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentation} + [:octicons-home-16: Inicio](https://mailbox.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentación} - ??? downloads + ??? descargas - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Dominios personalizados y alias - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org le permite utilizar su propio dominio y admite las direcciones [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain). Mailbox.org también es compatible con [subdireccionamiento](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), lo que es útil si no desea comprar un dominio. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Métodos de pago privados - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org no acepta criptomonedas debido a que su procesador de pagos BitPay suspendió sus operaciones en Alemania. Sin embargo, aceptan el pago por correo, el pago en efectivo en cuenta bancaria, la transferencia bancaria, la tarjeta de crédito, PayPal y un par de procesadores específicos alemanes: paydirekt y Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Seguridad de las cuentas - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org soporta [autenticación de doble factor](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) solo para su correo web. Puedes utilizar TOTP o una [Yubikey](https://en.wikipedia.org/wiki/YubiKey) a través de [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Los estándares web como [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) aún no son compatibles. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Seguridad de los datos - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org permite el cifrado del correo entrante usando su [buzón cifrado](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). Los nuevos mensajes que recibas se cifrarán inmediatamente con tu clave pública. -??? success "Email Encryption" +Sin embargo, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), la plataforma de software utilizada por Mailbox.org, [no admite](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) el cifrado de su libreta de direcciones y calendario. Una [opción independiente](calendar.md) puede ser más apropiada para esa información. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Cifrado de correo electrónico -??? success "Digital Legacy" +Mailbox.org tiene [cifrado integrado](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) en su correo web, lo que simplifica el envío de mensajes a personas con claves públicas OpenPGP. También permiten a [destinatarios remotos descifrar un correo electrónico](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) en los servidores de Mailbox.org. Esta característica es útil cuando el destinatario remoto no tiene OpenPGP y no puede descifrar una copia del correo electrónico en su propio buzón de correo. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org también admite el descubrimiento de claves públicas a través de HTTP desde su [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Esto permite a personas ajenas a Mailbox.org encontrar fácilmente las claves OpenPGP de las cuentas de Mailbox.org, para E2EE entre proveedores. -??? info "Account Termination" +#### :material-check:{ .pg-green } Legado digital - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org tiene una función de legado digital para todos los planes. Puede elegir si desea que alguno de sus datos se transmita a los herederos, siempre que lo soliciten y aporten su testamento. También puede designar a una persona por su nombre y dirección. -??? check "Aplicaciones móviles" +#### :material-information-outline:{ .pg-blue } Cancelación de la cuenta - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Su cuenta se convertirá en una cuenta de usuario restringida cuando finalice su contrato, después de [30 días se eliminará irrevocablemente](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Funciones adicionales + +Puede acceder a su cuenta de Mailbox.org a través de IMAP/SMTP utilizando su [servicio.onion](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). Sin embargo, no se puede acceder a su interfaz de correo web a través de su servicio .onion y es posible que se produzcan errores de certificado TLS. + +Todas las cuentas vienen con un almacenamiento limitado en la nube que [se puede cifrar](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org también ofrece el alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), que impone el cifrado TLS en la conexión entre servidores de correo; de lo contrario, el mensaje no se enviará en absoluto. Mailbox.org también admite [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) además de protocolos de acceso estándar como IMAP y POP3. + +## Más proveedores + +Estos proveedores almacenan tus correos electrónicos con cifrado de conocimiento cero, lo que los convierte en excelentes opciones para mantener seguros tus correos electrónicos almacenados. Sin embargo, no admiten normas de cifrado interoperables para las comunicaciones E2EE entre proveedores. + +
+ +- ![Logotipo de StartMail](assets/img/email/startmail.svg#only-light){ .twemoji }![Logotipo de StartMail](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Logotipo de Tutanota](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail !!! recomendación - ![StartMail logo](assets/img/email/startmail.svg#only-light){ align=right } - ![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ align=right } + ![Logotipo de StartMail](assets/img/email/startmail.svg#only-light){ align=right } + ![Logotipo de StartMail](assets/img/email/startmail-dark.svg#only-dark){ align=right } - **StartMail** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail has been in operation since 2014 and is based in Boulevard 11, Zeist Netherlands. Accounts start with 10GB. They offer a 30-day trial. + **StartMail** es un servicio de correo electrónico centrado en la seguridad y la privacidad mediante el uso del cifrado estándar OpenPGP. StartMail lleva en funcionamiento desde 2014 y tiene su sede en Boulevard 11, Zeist Países Bajos. Las cuentas empiezan con 10GB. Ofrecen una prueba de 30 días. - [:octicons-home-16: Homepage](https://www.startmail.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentation} + [:octicons-home-16: Inicio](https://www.startmail.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentación} - ??? downloads + ??? descargas - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Dominios personalizados y alias - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Las cuentas personales pueden utilizar alias[ personalizados o rápidos](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases). [Los dominios personalizados](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) también están disponibles. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Métodos de pago privados - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail acepta Visa, MasterCard, American Express y Paypal. StartMail también dispone de otras opciones de pago [](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) como [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (actualmente sólo para cuentas Personales) y Débito Directo SEPA para cuentas de más de un año. -??? success "Account Security" +#### :material-check:{ .pg-green } Seguridad de las cuentas - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail admite la autenticación de doble factor TOTP [sólo para webmail](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). No permiten la autenticación con clave de seguridad U2F. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Seguridad de los datos - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail dispone de [cifrado de acceso cero en reposo](https://www.startmail.com/en/whitepaper/#_Toc458527835), utilizando su sistema de "bóveda de usuario". Cuando te conectas, se abre la bóveda y el correo electrónico se traslada a la bóveda fuera de la cola, donde se desencripta con la clave privada correspondiente. -??? success "Email Encryption" +StartMail admite la importación de [contactos](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts), sin embargo, solo se puede acceder a ellos en el correo web y no a través de protocolos como [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Los contactos tampoco se almacenan utilizando el cifrado de conocimiento cero. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Cifrado de correo electrónico -??? warning "Digital Legacy" +StartMail tiene [cifrado integrado](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) en su correo web, lo que simplifica el envío de mensajes cifrados con claves públicas OpenPGP. Sin embargo, no son compatibles con el estándar Web Key Directory, lo que hace que el descubrimiento de la clave pública de un buzón de correo Startmail sea más difícil para otros proveedores de correo electrónico o clientes. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Legado digital -??? info "Account Termination" +StartMail no ofrece una función de legado digital. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Cancelación de la cuenta -??? check "Aplicaciones móviles" +Al vencimiento de la cuenta, StartMail eliminará permanentemente su cuenta después de [6 meses en 3 fases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Funciones adicionales -## More Providers +StartMail permite el proxy de imágenes dentro de los correos electrónicos. Si permite que se cargue la imagen remota, el remitente no sabrá cuál es su dirección IP. -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. - -### Solo software como servicio (ScuS) +### Tutanota !!! recomendación - ![Tutanota logo](assets/img/email/tutanota.svg){ align=right } + ![Logo de Tutanota](assets/img/email/tutanota.svg){ align=right } - **Tutanota** is an email service with a focus on security and privacy through the use of encryption. Tutanota has been in operation since **2011** and is based in Hanover, Germany. Accounts start with 1GB storage with their free plan. + **Tutanota** es un servicio de correo electrónico centrado en la seguridad y la privacidad mediante el uso de cifrado. Tutanota lleva en funcionamiento desde **2011** y tiene su sede en Hannover, Alemania. Las cuentas empiezan con 1Gb de almacenamiento con su plan gratuito. - [:octicons-home-16: Homepage](https://tutanota.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://tutanota.com/faq){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" } - [:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Contribute } + [:octicons-home-16: Inicio](https://tutanota.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://tutanota.com/faq){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Contribuir } - ??? downloads + ??? descargas - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota) - [:simple-appstore: App Store](https://apps.apple.com/app/tutanota/id922429609) @@ -218,109 +238,116 @@ These providers store your emails with zero-knowledge encryption, making them gr - [:simple-linux: Linux](https://tutanota.com/#download) - [:octicons-browser-16: Web](https://mail.tutanota.com/) -Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. +Tutanota no es compatible con el[protocolo IMAP](https://tutanota.com/faq/#imap) ni con el uso de[clientes de correo electrónico](email-clients.md)de terceros, y tampoco podrás añadir [cuentas de correo electrónico externas](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) a la aplicación Tutanota. Ni [importación de correo electrónico](https://github.com/tutao/tutanota/issues/630) ni [subcarpetas](https://github.com/tutao/tutanota/issues/927) son actualmente compatibles, aunque esto [está previsto que se cambie](https://tutanota.com/blog/posts/kickoff-import). Los correos electrónicos se pueden exportar [individualmente o por selección masiva](https://tutanota.com/howto#generalMail) por carpeta, lo que puede resultar incómodo si tiene muchas carpetas. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Dominios personalizados y alias - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Las cuentas de pago de Tutanota pueden usar hasta 5 [alias](https://tutanota.com/faq#alias) y [dominios personalizados](https://tutanota.com/faq#custom-domain). Tutanota no permite la [subdirección (más direcciones)](https://tutanota.com/faq#plus), pero puede utilizar un [catch-all](https://tutanota.com/howto#settings-global) con un dominio personalizado. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Métodos de pago privados - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota solo acepta directamente tarjetas de crédito y PayPal, sin embargo, la [criptomoneda](cryptocurrency.md) se puede usar para comprar tarjetas de regalo a través de su [asociación](https://tutanota.com/faq/#cryptocurrency) con Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Seguridad de las cuentas - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota soporta [autenticación de dosble factor](https://tutanota.com/faq#2fa) con TOTP o U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Seguridad de los datos - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota dispone de [cifrado de acceso cero en reposo](https://tutanota.com/faq#what-encrypted) para sus correos electrónicos, [contactos de la libreta de direcciones](https://tutanota.com/faq#encrypted-address-book), y [calendarios](https://tutanota.com/faq#calendar). Esto significa que sólo tú puedes leer los mensajes y otros datos almacenados en tu cuenta. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Cifrado de correo electrónico - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [no utiliza OpenPGP](https://www.tutanota.com/faq/#pgp). Las cuentas de Tutanota sólo pueden recibir correos electrónicos cifrados de cuentas de correo electrónico que no son de tutanota cuando se envían a través de un [buzón temporal de Tutanota](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Legado digital - Tutanota doesn't offer a digital legacy feature. +Tutanota no ofrece la función de legado digital. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Cancelación de la cuenta - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota eliminará [las cuentas gratuitas inactivas](https://tutanota.com/faq#inactive-accounts) después de seis meses. Puedes reutilizar una cuenta gratuita desactivada si pagas. -??? check "Aplicaciones móviles" +#### :material-information-outline:{ .pg-blue } Funciones adicionales - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota ofrece la versión empresarial [a las organizaciones sin ánimo de lucro](https://tutanota.com/blog/posts/secure-email-for-non-profit) de forma gratuita o con un importante descuento. -## Email Aliasing Services +Tutanota también tiene una función para empresas llamada [Secure Connect](https://tutanota.com/secure-connect/). Esto garantiza que el contacto del cliente con la empresa utilice E2EE. La función cuesta 240 €/año. -An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +## Servicios de alias de correo -Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. +Un servicio de alias de correo electrónico le permite generar fácilmente una nueva dirección de correo electrónico para cada sitio web en el que se registre. Los alias de correo electrónico que genera se reenvían a una dirección de correo electrónico de su elección, ocultando tanto su dirección de correo electrónico "principal" como la identidad de su proveedor de correo electrónico. El verdadero alias de correo electrónico es mejor que el direccionamiento plus, comúnmente utilizado y admitido por muchos proveedores, que permite crear alias como tunombre+[anythinghere]@ejemplo.com, porque los sitios web, los anunciantes y las redes de seguimiento pueden eliminar trivialmente cualquier cosa después del signo + para conocer tu verdadera dirección de correo electrónico. -Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: +
-- Aliases can be turned on and off individually when you need them, preventing websites from emailing you randomly. -- Replies are sent from the alias address, shielding your real email address. +- ![Logo de AnonAddy](assets/img/email/anonaddy.svg#only-light){ .twemoji }![Logo deAnonAddy](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![Logo de SimpleLogin](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) -They also have a number of benefits over "temporary email" services: +
-- Aliases are permanent and can be turned on again if you need to receive something like a password reset. -- Emails are sent to your trusted mailbox rather than stored by the alias provider. -- Temporary email services typically have public mailboxes which can be accessed by anyone who knows the address, aliases are private to you. +El alias de correo electrónico puede servir de salvaguarda en caso de que su proveedor de correo electrónico deje de funcionar. En ese caso, puedes redirigir fácilmente tus alias a una nueva dirección de correo electrónico. A su vez, sin embargo, estás depositando tu confianza en que el servicio de alias siga funcionando. -Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as your own custom domain(s) for a modest yearly fee. They can also be self-hosted if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the at (@) sign. +Utilizar un servicio dedicado de alias de correo electrónico también tiene una serie de ventajas sobre un alias general en un dominio personalizado: -Using an aliasing service requires trusting both your email provider and your aliasing provider with your unencrypted messages. Some providers mitigate this slightly with automatic PGP encryption, which reduces the number of parties you need to trust from two to one by encrypting incoming emails before they are delivered to your final mailbox provider. +- Los alias pueden activarse y desactivarse individualmente cuando los necesites, evitando que los sitios web te envíen correos electrónicos al azar. +- Las respuestas se envían desde la dirección de alias, ocultando tu dirección de correo electrónico real. + +También tienen una serie de ventajas sobre los servicios de "correo electrónico temporal": + +- Los alias son permanentes y pueden volver a activarse si necesitas recibir algo como un restablecimiento de contraseña. +- Los correos electrónicos se envían a tu buzón de confianza en lugar de ser almacenados por el proveedor de alias. +- Los servicios de correo electrónico temporal suelen tener buzones públicos a los que puede acceder cualquiera que conozca la dirección, los alias son privados para ti. + +Nuestras recomendaciones de alias de correo electrónico son proveedores que le permiten crear alias en dominios que ellos controlan, así como en su(s) propio(s) dominio(s) personalizado(s) por una módica cuota anual. También pueden ser autoalojados si desea el máximo control. Sin embargo, utilizar un dominio personalizado puede tener inconvenientes relacionados con la privacidad: Si eres la única persona que utiliza tu dominio personalizado, tus acciones pueden ser fácilmente rastreadas a través de sitios web simplemente mirando el nombre del dominio en la dirección de correo electrónico e ignorando todo lo que hay antes del signo arroba (@). + +Utilizar un servicio de alias requiere confiar, tanto a tu proveedor de correo electrónico como a tu proveedor de alias, tus mensajes sin cifrar. Algunos proveedores mitigan esto ligeramente con el cifrado automático PGP, que reduce el número de partes en las que tienes que confiar de dos a una al cifrar los correos entrantes antes de que lleguen a tu proveedor de buzón final. ### AnonAddy !!! recomendación - ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ align=right } - ![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ align=right } + ![Logo de AnonAddy](assets/img/email/anonaddy.svg#only-light){ align=right } + ![Logo de AnonAddy](assets/img/email/anonaddy-dark.svg#only-dark){ align=right } - **AnonAddy** lets you create 20 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous. + **AnonAddy** te permite crear 20 alias de dominio en un dominio compartido de forma gratuita, o alias "estándar" ilimitados que son menos anónimos. - [:octicons-home-16: Homepage](https://anonaddy.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://anonaddy.com/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://app.anonaddy.com/docs/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" } - [:octicons-heart-16:](https://anonaddy.com/donate/){ .card-link title=Contribute } + [:octicons-home-16: Inicio](https://anonaddy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonaddy.com/privacy/){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://app.anonaddy.com/docs/){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://anonaddy.com/donate/){ .card-link title=Contribuir } - ??? downloads + ??? descargas - [:simple-android: Android](https://anonaddy.com/faq/#is-there-an-android-app) - [:material-apple-ios: iOS](https://anonaddy.com/faq/#is-there-an-ios-app) - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-GB/firefox/addon/anonaddy/) - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/anonaddy-anonymous-email/iadbdpnoknmbdeolbapdackdcogdmjpe) -The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/year plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year. +El número de alias compartidos (que terminan en un dominio compartido como @anonaddy.me) que puedes crear está limitado a 20 en el plan gratuito de AnonAddy y a 50 en su plan de 12 $/año. Puedes crear un número ilimitado de alias estándar (que terminan en un dominio como @[username].anonaddy.com o un dominio personalizado en los planes de pago), sin embargo, como se ha mencionado anteriormente, esto puede ir en detrimento de la privacidad porque la gente puede relacionar trivialmente tus alias estándar basándose únicamente en el nombre de dominio. Hay disponibles alias compartidos ilimitados por 36 $/año. -Notable free features: +Funciones gratuitas destacables: -- [x] 20 Shared Aliases -- [x] Unlimited Standard Aliases -- [ ] No Outgoing Replies -- [x] 2 Recipient Mailboxes -- [x] Automatic PGP Encryption +- [x] 20 Alias compartidos +- [x] Alias estándar ilimitados +- [ ] No hay respuestas salientes +- [x] 2 Buzones de destinatarios +- [x] Cifrado PGP automático ### SimpleLogin !!! recomendación - ![Simplelogin logo](assets/img/email/simplelogin.svg){ align=right } + ![Logo de Simplelogin](assets/img/email/simplelogin.svg){ align=right } - **SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains. + **SimpleLogin** es un servicio gratuito que proporciona alias de correo electrónico en una variedad de nombres de dominio compartidos, y opcionalmente proporciona características de pago como alias ilimitados y dominios personalizados. - [:octicons-home-16: Homepage](https://simplelogin.io){ .md-button .md-button--primary } - [:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://simplelogin.io/docs/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" } + [:octicons-home-16: Inicio](https://simplelogin.io){ .md-button .md-button--primary } + [:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Politica de privacidad" } + [:octicons-info-16:](https://simplelogin.io/docs/){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/simple-login){ .card-link title="Código fuente" } - ??? downloads + ??? descargas - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.simplelogin.android) - [:simple-appstore: App Store](https://apps.apple.com/app/id1494359858) @@ -330,88 +357,88 @@ Notable free features: - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff) - [:simple-safari: Safari](https://apps.apple.com/app/id1494051017) -SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin is a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing. Securitum [audited](https://simplelogin.io/blog/security-audit/) SimpleLogin in early 2022 and all issues [were addressed](https://simplelogin.io/audit2022/web.pdf). +SimpleLogin fue [adquirida por Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) a partir del 8 de abril de 2022. Si utiliza Proton Mail para su buzón principal, SimpleLogin es una gran elección. Como ambos productos pertenecen ahora a la misma empresa, ahora sólo tiene que confiar en una única entidad. También esperamos que SimpleLogin se integre más estrechamente con las ofertas de Proton en el futuro. SimpleLogin sigue siendo compatible con el reenvío a cualquier proveedor de correo electrónico de su elección. Securitum [auditado](https://simplelogin.io/blog/security-audit/) SimpleLogin a principios de 2022 y todos los problemas [fueron resueltos](https://simplelogin.io/audit2022/web.pdf). -You can link your SimpleLogin account in the settings with your Proton account. If you have the Proton Unlimited, Business, or Visionary Plan, you will have SimpleLogin Premium for free. +Puedes vincular tu cuenta SimpleLogin en la configuración con tu cuenta Proton. Si tienes el plan Proton Unlimited, Business o Visionary, tendrás SimpleLogin Premium gratis. -Notable free features: +Funciones gratuitas destacables: -- [x] 10 Shared Aliases -- [x] Unlimited Replies -- [x] 1 Recipient Mailbox +- [x] 10 Alias compartidos +- [x] Respuestas ilimitadas +- [x] 1 buzón de destinatario -## Nuestro criterio +## Correo de auto-alojamiento -Advanced system administrators may consider setting up their own email server. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. +Los administradores de sistemas avanzados pueden plantearse crear su propio servidor de correo electrónico. Los servidores de correo requieren atención y un mantenimiento continuo para mantener la seguridad y la fiabilidad de la entrega del correo. -### Combined software solutions +### Soluciones de software combinadas !!! recomendación - ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } + ![Logo de Mailcow](assets/img/email/mailcow.svg){ align=right } - **Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. + **Mailcow** es un servidor de correo más avanzado perfecto para aquellos con un poco más de experiencia en Linux. Tiene todo lo que necesitas en un contenedor Docker: Un servidor de correo con soporte DKIM, antivirus, monitorización de spam, webmail, ActiveSync con SOGo y administración basada en web con soporte 2FA. - [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } - [:octicons-info-16:](https://mailcow.github.io/mailcow-dockerized-docs/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/mailcow/mailcow-dockerized){ .card-link title="Source Code" } - [:octicons-heart-16:](https://www.servercow.de/mailcow?lang=en#sal){ .card-link title=Contribute } + [:octicons-home-16: Inicio](https://mailcow.email){ .md-button .md-button--primary } + [:octicons-info-16:](https://mailcow.github.io/mailcow-dockerized-docs/){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/mailcow/mailcow-dockerized){ .card-link title="Código fuente" } + [:octicons-heart-16:](https://www.servercow.de/mailcow?lang=en#sal){ .card-link title=Contribuir } !!! recomendación - ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ align=right } + ![Logo de Mail-in-a-Box](assets/img/email/mail-in-a-box.svg){ align=right } - **Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server. + **Mail-in-a-Box** es un script de configuración automatizada para desplegar un servidor de correo en Ubuntu. Su objetivo es facilitar a los usuarios la instalación de su propio servidor de correo. - [:octicons-home-16: Homepage](https://mailinabox.email){ .md-button .md-button--primary } - [:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Source Code" } + [:octicons-home-16: Inicio](https://mailinabox.email){ .md-button .md-button--primary } + [:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentación} + [:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Código fuente" } -For a more manual approach we've picked out these two articles: +Para un enfoque más manual, hemos seleccionado estos dos artículos: -- [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019) -- [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide/) (August 2017) +- [Configuración de un servidor de correo con OpenSMTPD, Dovecot y Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019) +- [Cómo gestionar tu propio servidor de correo](https://www.c0ffee.net/blog/mail-server-guide/) (agosto de 2017) -## Criteria +## Criterios -**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you. +**Tenga en cuenta que no estamos afiliados a ninguno de los proveedores que recomendamos.** Además de [nuestros criterios estándar](about/criteria.md), hemos desarrollado un conjunto claro de requisitos para cualquier proveedor de Email que desee ser recomendado, incluyendo la implementación de las mejores prácticas de la industria, tecnología moderna y más. Le sugerimos que se familiarice con esta lista antes de elegir un proveedor de correo electrónico, y que realice su propia investigación para asegurarse de que el proveedor de correo electrónico que elija sea la opción adecuada para usted. ### Tecnología -We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require. +Consideramos que estas características son importantes para ofrecer un servicio seguro y óptimo. Debe considerar si el proveedor tiene las características que necesita. + +**Mínimo para calificar:** + +- Cifra los datos de las cuentas de correo electrónico en reposo con cifrado de acceso cero. +- Capacidad de exportación como [Mbox](https://en.wikipedia.org/wiki/Mbox) o .eml individual con [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) estándar. +- Permitir a los usuarios utilizar su propio [nombre de dominio](https://en.wikipedia.org/wiki/Domain_name). Los nombres de dominio personalizados son importantes para los usuarios porque les permiten mantener su agencia del servicio, en caso de que éste se estropee o sea adquirido por otra empresa que no dé prioridad a la privacidad. +- Operaciones en infraestructura propia, es decir, no construidas sobre proveedores de servicios de correo electrónico de terceros. **Mejor caso:** -- Encrypts email account data at rest with zero-access encryption. -- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) standard. -- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy. -- Operates on owned infrastructure, i.e. not built upon third-party email service providers. - -**Best Case:** - -- Encrypts all account data (Contacts, Calendars, etc) at rest with zero-access encryption. -- Integrated webmail E2EE/PGP encryption provided as a convenience. -- Support for [WKD](https://wiki.gnupg.org/WKD) to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key by typing: `gpg --locate-key example_user@example.com` -- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. -- Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). -- [Subaddressing](https://en.wikipedia.org/wiki/Email_address#Subaddressing) support. -- Catch-all or alias functionality for those who own their own domains. -- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. +- Cifra todos los datos de la cuenta (contactos, calendarios, etc.) en reposo con cifrado de acceso cero. +- Cifrado integrado de correo web E2EE/PGP proporcionado como una conveniencia. +- Compatibilidad con [WKD](https://wiki.gnupg.org/WKD) para permitir un mejor descubrimiento de claves OpenPGP públicas a través de HTTP. Los usuarios de GnuPG pueden obtener una clave escribiendo: `gpg --locate-key usuario_ejemplo@ejemplo.com` +- Soporte para un buzón temporal para usuarios externos. Esto es útil cuando quieres enviar un correo electrónico encriptado, sin enviar una copia real a tu destinatario. Estos correos electrónicos suelen tener una vida útil limitada y luego se eliminan automáticamente. Tampoco requieren que el destinatario configure ninguna criptografía como OpenPGP. +- Disponibilidad de los servicios del proveedor de correo electrónico a través de un [ servicio onion](https://en.wikipedia.org/wiki/.onion). +- Soporte de [subdireccionamiento](https://en.wikipedia.org/wiki/Email_address#Subaddressing). +- Funcionalidad Catch-all o alias para aquellos que poseen sus propios dominios. +- Utilización de protocolos estándar de acceso al correo electrónico como IMAP, SMTP o [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Los protocolos de acceso estándar garantizan que los clientes puedan descargar fácilmente todo su correo electrónico en caso de que quieran cambiar de proveedor. ### Privacidad -We prefer our recommended providers to collect as little data as possible. +Preferimos que nuestros proveedores recomendados recojan la menor cantidad de datos posible. -**Mejor caso:** +**Mínimo para calificar:** -- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Proteger la dirección IP del remitente. Filtrarlo para que no aparezca en el campo de cabecera `Recibido`. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR - Must not be hosted in the US due to [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism) which has [yet to be reformed](https://epic.org/ecpa/). **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Seguridad @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Programas de recompensa de errores y/o un proceso coordinado de divulgación de vulnerabilidades. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Confianza @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Funcionalidades adicionales While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/encryption.md b/i18n/es/encryption.md index a781ee90..051b0b5a 100644 --- a/i18n/es/encryption.md +++ b/i18n/es/encryption.md @@ -1,6 +1,7 @@ --- title: "Software de encriptación" icon: material/file-lock +description: El cifrado de los datos es la única forma de controlar quién puede acceder a ellos. These tools allow you to encrypt your emails and any other files. --- El cifrado de los datos es la única forma de controlar quién puede acceder a ellos. Si actualmente no está utilizando software de encriptación para su disco duro, correos electrónicos o archivos, debería elegir una opción aquí. @@ -354,5 +355,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/file-sharing.md b/i18n/es/file-sharing.md index 8ca0d147..181bbfd9 100644 --- a/i18n/es/file-sharing.md +++ b/i18n/es/file-sharing.md @@ -1,6 +1,7 @@ --- title: "Compartición y sincronización de archivos" icon: material/share-variant +description: Descubra cómo puede compartir de manera privada sus archivos entre sus dispositivos, con sus amigos y familia, o de manera anónima en línea. --- Descubra cómo puede compartir de manera privada sus archivos entre sus dispositivos, con sus amigos y familia, o de manera anónima en línea. @@ -130,19 +131,17 @@ ffsend upload --host https://send.vis.ee/ FILE !!! ejemplo "Esta sección es nueva" - Estamos trabajando en establecer criterios definidos para cada sección de nuestra página, y esto puede estar sujeto a cambios. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Estamos trabajando en establecer criterios definidos para cada sección de nuestra página, y esto puede estar sujeto a cambios. Si tienes alguna duda sobre nuestros criterios, por favor [pregunta en nuestro foro](https://discuss.privacyguides.net/latest) y no asumas que no hemos tenido en cuenta algo a la hora de hacer nuestras recomendaciones si no aparece aquí. Son muchos los factores que se tienen en cuenta y se debaten cuando recomendamos un proyecto, y documentar cada uno de ellos es un trabajo en curso. -#### Minimum Requirements +#### Requisitos Mínimos -- Must not require a third-party remote/cloud server. -- Must be open-source software. +- No debe requerir un servidor de terceros remoto o en la nube. +- Debe ser software de código abierto. - Debe tener clientes para Linux, macOS y Winwos; o tener una interfaz web. -#### Best-Case +#### Mejor Caso -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Nuestro criterio del mejor caso representa lo que nos gustaría ver del proyecto perfecto en esta categoría. Es posible que nuestras recomendaciones no incluyan todas o algunas de estas funciones, pero las que sí las incluyan pueden estar mejor clasificadas que otras en esta página. -- Has mobile clients for iOS and Android, which at least support document previews. -- Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.es.txt" +- Dispone de clientes móviles para iOS y Android, que al menos permiten previsualizar los documentos. +- Admite la copia de seguridad de fotos desde iOS y Android, y opcionalmente admite la sincronización de archivos/carpetas en Android. diff --git a/i18n/es/financial-services.md b/i18n/es/financial-services.md new file mode 100644 index 00000000..ebae5321 --- /dev/null +++ b/i18n/es/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recomendación + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recomendación + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recomendación + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recomendación + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/es/frontends.md b/i18n/es/frontends.md index 2fe35509..1eedd7ac 100644 --- a/i18n/es/frontends.md +++ b/i18n/es/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/index.md b/i18n/es/index.md index ac41e0eb..89be433e 100644 --- a/i18n/es/index.md +++ b/i18n/es/index.md @@ -7,38 +7,36 @@ hide: --- -## Why should I care? +## ¿Por qué debería importarme? -##### “I have nothing to hide. Why should I care about my privacy?” +##### "No tengo nada que ocultar. ¿Por qué debería preocuparme por mi privacidad?” -Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, our right to privacy hasn't always been upheld. In several dictatorships, it still isn't. Generations before ours fought for our right to privacy. ==Privacy is a human right, inherent to all of us,== that we are entitled to (without discrimination). +Al igual que el derecho al matrimonio interracial, el sufragio femenino, la libertad de expresión y muchos otros, nuestro derecho a la privacidad no siempre ha sido respetado. En varias dictaduras, sigue sin serlo. Generaciones anteriores a las nuestras lucharon por nuestro derecho a la privacidad. ==La privacidad es un derecho humano, inherente a todes nosotres, == al que tenemos derecho (sin discriminación). -You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. **Everyone** has something to protect. Privacy is something that makes us human. +No deberías confundir privacidad con secretismo. Sabemos lo que pasa en el cuarto de baño, pero aún así cierras la puerta. Esto se debe a que quieres privacidad, no secretismo. **Todo el mundo** tiene algo que proteger. La privacidad es algo que nos hace humanos. -[:material-target-account: Common Internet Threats](basics/common-threats.md ""){.md-button.md-button--primary} +[:material-target-account: Amenazas frecuentes en el internet](basics/common-threats.md ""){.md-button.md-button--primary} -## What should I do? +## ¿Qué debo hacer? -##### First, you need to make a plan +##### Primero, necesitas hacer un plan -Trying to protect all your data from everyone all the time is impractical, expensive, and exhausting. But don't worry! Security is a process, and, by thinking ahead, you can put together a plan that's right for you. Security isn't just about the tools you use or the software you download. Rather, it begins by understanding the unique threats you face, and how you can mitigate them. +Intentar proteger todos tus datos de todo el mundo y en todo momento es impráctico, caro y agotador. ¡Pero no te preocupes! La seguridad es un proceso, si piensas con antelación, podrás elaborar un plan adecuado para ti. La seguridad no es solo sobre las herramientas que utilizas o el software que descargas. Más bien, empieza por entender las amenazas únicas a las que te enfrentas, y cómo puedes contrarrestarlas. -==This process of identifying threats and defining countermeasures is called **threat modeling**==, and it forms the basis of every good security and privacy plan. +==Este proceso de identificación de amenazas y definición de contramedidas se llama **modelado de amenazas**==, y constituye la base de todo buen plan de seguridad y privacidad. -[:material-book-outline: Learn More About Threat Modeling](basics/threat-modeling.md ""){.md-button.md-button--primary} +[:material-book-outline: Aprende más sobre el modelado de amenazas](basics/threat-modeling.md ""){.md-button.md-button--primary} --- -## We need you! Here's how to get involved: +## ¡Te necesitamos! Aquí está cómo involucrarse: -[:simple-discourse:](https://discuss.privacyguides.net/){ title="Join our Forum" } -[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Follow us on Mastodon" } -[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Contribute to this website" } -[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Help translate this website" } -[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chat with us on Matrix" } -[:material-information-outline:](about/index.md){ title="Learn more about us" } -[:material-hand-coin-outline:](about/donate.md){ title="Support the project" } +[:simple-discourse:](https://discuss.privacyguides.net/){ title="Únete a nuestro foro" } +[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Síguenos en Mastodon" } +[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Contribuye a este sitio web" } +[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Ayuda a traducir este sitio web" } +[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chatea con nosotros en Matrix" } +[:material-information-outline:](about/index.md){ title="Conócenos mejor" } +[:material-hand-coin-outline:](about/donate.md){ title="Apoya el proyecto" } -It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.es.txt" +Es importante que un sitio web como Privacy Guides se mantenga siempre actualizado. Necesitamos que nuestra audiencia vigile las actualizaciones de software para las aplicaciones listadas en nuestro sitio y también sigan las últimas noticias sobre proveedores que recomendamos. Es difícil mantenerse al día con el ritmo rápido de Internet, pero intentamos lo mejor. Si detectas un error, crees que un proveedor no debe ser listado, notas que falta un proveedor calificado, crees que un plugin de navegador ya no es la mejor opción, o descubres cualquier otro problema, por favor háznoslo saber. diff --git a/i18n/es/kb-archive.md b/i18n/es/kb-archive.md index 5667d7aa..a7e1ed6a 100644 --- a/i18n/es/kb-archive.md +++ b/i18n/es/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrando Eliminación de Metadatos](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/meta/brand.md b/i18n/es/meta/brand.md index f2792cfd..5c5acfdb 100644 --- a/i18n/es/meta/brand.md +++ b/i18n/es/meta/brand.md @@ -20,5 +20,3 @@ Lineamientos adicionales de marca pueden encontrarse en [github.com/privacyguide "Privacy Guides" y el logo del escudo son marcas registradas por Jonah Aragon, el uso ilimitado es otorgado al proyecto de Privacy Guides. Sin renuncias a ninguno de sus derechos, Privacy Guides no asesora a terceros sobre el alcance de sus derechos de propiedad intelectual. Privacy Guides no permite o autoriza el uso de ninguna de sus marcas de ninguna manera, donde es probable que se cause confusión al implicar la asociació o el patrocinio de Privacy Guides. Si tiene conocimiento de algún uso de este tipo, por favor contacte a Jonah Aragon en jonah@privacyguides.org. Consulte a su asesor jurídico si tiene preguntas. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/meta/git-recommendations.md b/i18n/es/meta/git-recommendations.md index b3fb0761..f59b5f81 100644 --- a/i18n/es/meta/git-recommendations.md +++ b/i18n/es/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/meta/uploading-images.md b/i18n/es/meta/uploading-images.md index 85ba5477..55f136f8 100644 --- a/i18n/es/meta/uploading-images.md +++ b/i18n/es/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/meta/writing-style.md b/i18n/es/meta/writing-style.md index c0fe9160..b9e47a71 100644 --- a/i18n/es/meta/writing-style.md +++ b/i18n/es/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/mobile-browsers.md b/i18n/es/mobile-browsers.md index 5e8d66a4..72e06167 100644 --- a/i18n/es/mobile-browsers.md +++ b/i18n/es/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Navegadores Móviles" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- Estos son nuestros navegadores web para móviles y configuraciones recomendadas actualmente para la navegación estándar/no anónima por Internet. Si necesitas navegar por Internet de forma anónima, deberías utilizar [Tor](tor.md) . En general, recomendamos mantener las extensiones al mínimo; tienen acceso privilegiado dentro de su navegador, requieren que confíe en el desarrollador, pueden hacerte [destacar](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), y [debilitar el aislamiento del sitio](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ). @@ -188,5 +189,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/multi-factor-authentication.md b/i18n/es/multi-factor-authentication.md index 31173e9f..cd7ed54a 100644 --- a/i18n/es/multi-factor-authentication.md +++ b/i18n/es/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Autenticación de múltiples factores" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Llaves de Seguridad @@ -145,5 +146,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/news-aggregators.md b/i18n/es/news-aggregators.md index 99dd93c4..02862e15 100644 --- a/i18n/es/news-aggregators.md +++ b/i18n/es/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: octicons/rss-24 +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -Un [agregador de noticias](https://es.wikipedia.org/wiki/Agregador) es una forma de mantenerse al día con sus blogs y sitios de noticias favoritos. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Clientes agregadores @@ -174,5 +175,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/notebooks.md b/i18n/es/notebooks.md index 0c4f8773..958e2369 100644 --- a/i18n/es/notebooks.md +++ b/i18n/es/notebooks.md @@ -1,6 +1,7 @@ --- title: "Bloc de Notas" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Mantén el control de tus notas y diarios sin darlos a un tercero. @@ -82,7 +83,7 @@ Joplin does not support password/PIN protection for the [application itself or i - [:octicons-browser-16: Navegador](https://app.standardnotes.org/) - [:fontawesome-brands-github: GitHub](https://github.com/standardnotes) -Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information. +Cryptee ofrece 100MB de almacenamiento gratuito, con opciones de pago si necesitas más. La inscripción no requiere correo electrónico ni otros datos personales. ## Dignos de mención @@ -99,9 +100,9 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si [:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" } [:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Contribute } -## Criteria +## Criterios -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Por favor, tome en cuenta que no estamos afiliados con ninguno de los proyectos que recomendamos.** En adición a [nuestros criterios estándares](about/criteria.md), hemos desarrollado un claro conjunto de requisitos para permitirnos brindar recomendaciones objetivas. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. !!! example "This section is new" @@ -115,5 +116,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/os/android-overview.md b/i18n/es/os/android-overview.md index ef74b455..a62e5144 100644 --- a/i18n/es/os/android-overview.md +++ b/i18n/es/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Visión general de Android icon: fontawesome/brands/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android es un sistema operativo seguro el cuál tiene [aislamiento de las aplicaciones](https://source.android.com/security/app-sandbox), [arranque verificado](https://source.android.com/security/verifiedboot) (AVB), y un robusto sistema de control de [permisos](https://developer.android.com/guide/topics/permissions/overview). @@ -53,9 +54,44 @@ Es importante no usar una versión de Android al [final de su vida útil](https: ## Permisos de Android -Los [permisos en Android](https://developer.android.com/guide/topics/permissions/overview) te dan control sobre que pueden acceder las aplicaciones. Google regularmente hace [mejoras](https://developer.android.com/about/versions/11/privacy/permissions) en el sistema de permisos en cada versión sucesiva. Todas las aplicaciones que instales están estrictamente [aisladas](https://source.android.com/security/app-sandbox), por lo que no es necesario instalar ninguna aplicación de antivirus. Un smartphone con la última versión de Android siempre será más seguro que un smartphone antiguo con un antivirus que hayas pagado. Es mejor no pagar por un antivirus y ahorrar para comprar un nuevo smartphone como un Google Pixel. +Los [permisos en Android](https://developer.android.com/guide/topics/permissions/overview) te dan control sobre que pueden acceder las aplicaciones. Google regularmente hace [mejoras](https://developer.android.com/about/versions/11/privacy/permissions) en el sistema de permisos en cada versión sucesiva. Todas las aplicaciones que instales están estrictamente [aisladas](https://source.android.com/security/app-sandbox), por lo que no es necesario instalar ninguna aplicación de antivirus. -Si quieres ejecutar una aplicación sobre la que no estás seguro, considera usar un perfil de usuario o de trabajo. +Un smartphone con la última versión de Android siempre será más seguro que un smartphone antiguo con un antivirus que hayas pagado. Es mejor no pagar por un antivirus y ahorrar para comprar un nuevo smartphone como un Google Pixel. + +Android 10: + +- [Almacenamiento Específico](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) te da más control sobre tus archivos y puede limitar lo que puede acceder al [almacenamiento externo](https://developer.android.com/training/data-storage#permissions). Las aplicaciones pueden tener un directorio específico en el almacenamiento externo, así como la capacidad de almacenar tipos específicos de archivos allí. +- Acceso más estricto a la [ubicación del dispositivo](https://developer.android.com/about/versions/10/privacy/changes?hl=es-419#app-access-device-location) introduciendo el permiso `ACCESS_BACKGROUND_LOCATION`. Esto impide que las aplicaciones accedan a la ubicación cuando se ejecutan en segundo plano sin permiso expreso del usuario. + +Android 11: + +- [Permisos únicos](https://developer.android.com/about/versions/11/privacy/permissions?hl=es-419#one-time) que te permite conceder un permiso a una aplicación una sola vez. +- [Restablecimiento automático de permisos](https://developer.android.com/about/versions/11/privacy/permissions?hl=es-419#auto-reset), que restablece [los permisos de tiempo de ejecución](https://developer.android.com/guide/topics/permissions/overview?hl=es-419#runtime) que se concedieron al abrir la aplicación. +- Permisos detallados para acceder a funciones relacionadas con el [número de teléfono](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers). + +Android 12: + +- Un permiso para conceder sólo la [ubicación aproximada](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Reinicio automático de [aplicaciones hibernadas](https://developer.android.com/about/versions/12/behavior-changes-12?hl=es-419#app-hibernation). +- [Auditoría de acceso a los datos](https://developer.android.com/about/versions/12/behavior-changes-12?hl=es-419#data-access-auditing) que facilita determinar qué parte de una aplicación está realizando un tipo específico de acceso a los datos. + +Android 13: + +- Un permiso para [acceso wifi cercano](https://developer.android.com/about/versions/13/behavior-changes-13?hl=es-419#nearby-wifi-devices-permission). Las direcciones MAC de los puntos de acceso WiFi cercanos eran una forma popular de que las aplicaciones rastrearan la ubicación de un usuario. +- Más [permisos de contenido multimedia detallados](https://developer.android.com/about/versions/13/behavior-changes-13?hl=es-419#granular-media-permissions), lo que significa que puedes conceder acceso sólo a imágenes, vídeos o archivos de audio. +- El uso en segundo plano de los sensores requiere ahora el permiso [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission). + +Una aplicación puede solicitar un permiso para una función específica que tenga. Por ejemplo, cualquier aplicación que pueda escanear códigos QR necesitará el permiso de la cámara. Algunas aplicaciones pueden solicitar más permisos de los necesarios. + +[Exodus](https://exodus-privacy.eu.org/) puede ser útil para comparar aplicaciones con fines similares. Si una aplicación requiere muchos permisos y tiene un montón de publicidad y analíticas, probablemente sea un mal signo. Recomendamos consultar cada uno de los rastreadores y leer sus descripciones, en lugar de limitarse a **contar el total** y asumir que todos los elementos enumerados son iguales. + +!!! advertencia + + Si una aplicación es principalmente un servicio basado en web, el seguimiento puede producirse en el lado del servidor. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) indica que "no hay rastreadores", pero lo cierto es que sí rastrea los intereses y el comportamiento de los usuarios en todo el sitio. Las aplicaciones pueden eludir la detección si no utilizan las bibliotecas de código estándar producidas por la industria publicitaria, aunque esto es poco probable. + +!!! nota + + Las aplicaciones que respetan la privacidad, como [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/), pueden mostrar algunos rastreadores como [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). Esta biblioteca incluye [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) que puede proporcionar [notificaciones push](https://es.wikipedia.org/wiki/Tecnología_push) en las aplicaciones. Este [es el caso](https://fosstodon.org/@bitwarden/109636825700482007) con Bitwarden. Esto no significa que Bitwarden utilice todas las funciones analíticas que ofrece Google Firebase Analytics. ## Acceso a medios @@ -131,5 +167,3 @@ Te van a dar la opción de eliminar tu ID de publicidad o *Optar por no recibir [SafetyNet](https://developer.android.com/training/safetynet/attestation) y el [Play Integrity APIs](https://developer.android.com/google/play/integrity) son generalmente usados para [aplicaciones bancarias](https://grapheneos.org/usage#banking-apps). Muchas aplicaciones bancarias funcionarán bien en GrapheneOS con los servicios de Google Play aislados, sin embargo, algunas aplicaciones no financieras tienen sus propios mecanismos anti-manipulación que pueden fallar. GrapheneOS pasa con éxito el chequeo `basicIntegrity`, pero no el check de certificación `ctsProfileMatch`. Los dispositivos con Android 8 o posterior tienen soporte de certificación de hardware que no se puede omitir sin claves filtradas o vulnerabilidades graves. En cuanto a Google Wallet, no lo recomendamos debido a su [política de privacidad](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), la cual dicta que debes optar por excluirte si no quieres que tu calificación crediticia y tu información personal sea compartido con los servicios de marketing afiliados. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/os/linux-overview.md b/i18n/es/os/linux-overview.md index 775c0de0..c9819068 100644 --- a/i18n/es/os/linux-overview.md +++ b/i18n/es/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Vista general de Linux icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -Es una creencia popular que los programas de [código abierto](https://en.wikipedia.org/wiki/Open-source_software) son seguros porque su código fuente está disponible. Siempre hay una expectativa de que la verificación comunitaria sucede regularmente; sin embargo, [este no siempre es el caso](https://seirdy.one/posts/2022/02/02/floss-security/). Esto depende de varios factores, como la actividad del proyecto, la experiencia del desarrollador, el nivel de rigor aplicado a las [revisiones de código](https://en.wikipedia.org/wiki/Code_review) y con qué frecuencia se le brinda atención a ciertas partes del [código base](https://en.wikipedia.org/wiki/Codebase), que pueden no ser modificados en años. +Es una creencia popular que los programas de [código abierto](https://en.wikipedia.org/wiki/Open-source_software) son seguros porque su código fuente está disponible. Siempre hay una expectativa de que la verificación comunitaria sucede regularmente; sin embargo, [este no siempre es el caso](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. De momento, Linux de escritorio tiene algunas áreas que pueden ser mejoradas al ser comparadas con sus contrapartes propietarias, por ejemplo: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/os/qubes-overview.md b/i18n/es/os/qubes-overview.md index a580e999..eb80004d 100644 --- a/i18n/es/os/qubes-overview.md +++ b/i18n/es/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: pg/qubes-os +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/passwords.md b/i18n/es/passwords.md index 34937ec0..b668ba76 100644 --- a/i18n/es/passwords.md +++ b/i18n/es/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Manténgase seguro y protegido en línea con un gestor de contraseñas cifrado y de código abierto. @@ -237,5 +238,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/productivity.md b/i18n/es/productivity.md index 4192af63..6aaea165 100644 --- a/i18n/es/productivity.md +++ b/i18n/es/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/real-time-communication.md b/i18n/es/real-time-communication.md index cc0eb879..7414f4bc 100644 --- a/i18n/es/real-time-communication.md +++ b/i18n/es/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Comunicación en tiempo real" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- Estas son nuestras recomendaciones para la comunicación cifrada en tiempo real. @@ -70,7 +71,6 @@ We have some additional tips on configuring and hardening your Signal installati SimpleX Chat [was audited](https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html) by Trail of Bits in October 2022. Currently SimpleX Chat only provides a client for Android and iOS. La especificación del protocolo Matrix puede encontrarse en su [documentación](https://spec.matrix.org/latest/). El trinquete criptográfico [Olm](https://matrix.org/docs/projects/other/olm) utilizado por Matrix es una implementación del - algoritmo de doble trinquete de Signal.

Your data can be exported, and imported onto another device, as there are no central servers where this is backed up. @@ -208,5 +208,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/router.md b/i18n/es/router.md index 57288b8d..5b6121f7 100644 --- a/i18n/es/router.md +++ b/i18n/es/router.md @@ -1,6 +1,7 @@ --- title: "Firmware del Router" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- A continuación se presentan algunos sistemas operativos alternativos, que pueden utilizarse en routers, puntos de acceso Wi-Fi, etc. @@ -47,5 +48,3 @@ OPNsense se desarrolló originalmente como una bifurcación de [pfSense](https:/ - Debe ser de código abierto. - Debe recibir actualizaciones de manera periódica. - Debe ser compatible con una amplia variedad de hardware. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/search-engines.md b/i18n/es/search-engines.md index 2091e801..517d53cb 100644 --- a/i18n/es/search-engines.md +++ b/i18n/es/search-engines.md @@ -1,6 +1,7 @@ --- title: "Motores de Búsqueda" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Utilice un motor de búsqueda que no construya un perfil publicitario basado en sus búsquedas. @@ -101,5 +102,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/tools.md b/i18n/es/tools.md index fee0caf5..3e196dc4 100644 --- a/i18n/es/tools.md +++ b/i18n/es/tools.md @@ -3,6 +3,7 @@ title: "Herramientas de Privacidad" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- Si está buscando una solución específica para algo, estas son las herramientas de hardware y software que recomendamos en una variedad de categorías. Nuestras herramientas de privacidad recomendadas se eligen principalmente en función de sus características de seguridad, con un énfasis adicional en las herramientas descentralizadas y de código abierto. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -100,10 +101,11 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Logotipo de Nextcloud](assets/img/cloud/nextcloud.svg){ .twemoji } [Nextcloud (Autoalojable)](https://nextcloud.com/) -- ![Logotipo de Proton Drive](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](https://drive.protonmail.com/) -- ![Logotipo de Cryptee](assets/img/cloud/cryptee.svg#only-light){ .twemoji }![Logotipo de Cryptee](assets/img/cloud/cryptee-dark.svg#only-dark){ .twemoji } [Cryptee](https://crypt.ee/) -- ![Logotipo de Tahoe-LAFS](assets/img/cloud/tahoe-lafs.svg#only-light){ .twemoji }![Tahoe-LAFS logo](assets/img/cloud/tahoe-lafs-dark.svg#only-dark){ .twemoji } [Tahoe-LAFS (Avanzado)](https://www.tahoe-lafs.org/) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) +- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) +- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) +- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
@@ -215,6 +217,29 @@ For more details about each project, why they were chosen, and additional tips o [Aprender más :material-arrow-right:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Aprender más :material-arrow-right:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Aprender más :material-arrow-right:](financial-services.md#gift-card-marketplaces) + ### Motores de Búsqueda
@@ -242,9 +267,9 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -263,6 +288,16 @@ For more details about each project, why they were chosen, and additional tips o [Aprender más :material-arrow-right:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Aprender más :material-arrow-right:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -454,5 +489,3 @@ For more details about each project, why they were chosen, and additional tips o
[Aprender más :material-arrow-right:](video-streaming.md) - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/tor.md b/i18n/es/tor.md index bd1a4598..62b85471 100644 --- a/i18n/es/tor.md +++ b/i18n/es/tor.md @@ -1,6 +1,7 @@ --- title: "Navegadores Web" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ La red **Tor** es un grupo de servidores operados por voluntarios que te permite Tor funciona enrutando tu tráfico de Internet a través de esos servidores operados por voluntarios, en lugar de hacer una conexión directa con el sitio que estás tratando de visitar. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Ruta del circuito Tor - Los nodos en la ruta solo pueden ver los servidores a los que están directamente conectados, por ejemplo el nodo "Entry" que se muestra puede ver tu dirección IP y la dirección del nodo "Middle", pero no tiene forma de ver qué sitio web estás visitando.
-
- -- [Más información sobre cómo funciona Tor :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Conectarse a Tor @@ -122,5 +117,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/video-streaming.md b/i18n/es/video-streaming.md index 598ef26c..e23fd32c 100644 --- a/i18n/es/video-streaming.md +++ b/i18n/es/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Transmisiones en Vivo" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- La principal amenaza al utilizar una plataforma de streaming es que sus hábitos de streaming y sus suscripciones podrían utilizarse para elaborar un perfil. Debería combinar estas herramientas con un [VPN](/vpn) o [Tor](https://www.torproject.org/) para hacer más difícil perfilar su perfil. @@ -52,5 +53,3 @@ Puede desactivar la opción *Guardar datos de alojamiento para ayudar a la red L - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/es/vpn.md b/i18n/es/vpn.md index 884f1aa9..1963aaf5 100644 --- a/i18n/es/vpn.md +++ b/i18n/es/vpn.md @@ -1,11 +1,20 @@ --- -title: "Servicios VPN" +title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Encuentre una VPN sin registro que no esté dispuesto a vender o leer su tráfico web. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "Las VPN no proporcionan anonimato" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "Las VPN no proporcionan anonimato" El uso de una VPN **no** mantendrá tus hábitos de navegación en el anonimato, ni añadirá seguridad adicional al tráfico no seguro (HTTP). @@ -15,78 +24,11 @@ Encuentre una VPN sin registro que no esté dispuesto a vender o leer su tráfic [Descargar Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Mitos de Tor & FAQ](https://medium.com/privacyguides/slicing-onions-part-1-myth-busting-tor-9ec188ae1904){ .md-button } -??? question "¿Cuándo son útiles las VPN?" - - Si buscas una mayor **privacidad** de tu ISP, de una red wifi pública o mientras hace o descargar archivos Torrent, una VPN puede ser la solución para usted, siempre y cuando entienda los riesgos que conlleva. - - [Más información](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Proveedores recomendados -!!! summary "Criterios" - - Nuestros proveedores recomendados usan encriptación, aceptan Monero, soportan WireGuard & OpenVPN, y tienen una política de no registro. Lea nuestra [lista de criterios completa](#our-criteria) para mayor información. - -### Mullvad - -!!! recommendation - - ![Mullvad logo](assets/img/vpn/mullvad.svg#only-light){ align=right } - ![Mullvad logo](assets/img/vpn/mullvad-dark.svg#only-dark){ align=right } - - **Mullvad** es una VPN rápida y cómoda con un enfoque serio en la transparencia y la seguridad. Llevan en funcionamiento desde **2009**. - - Mullvad tiene su sede en Suecia y no tiene prueba gratuita. descargas - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? check annotate "38 Países" - - Mullvad tiene [servidores en 38 países](https://mullvad.net/servers/) (1). Elegir un proveedor de VPN con un servidor cercano a usted reducirá la latencia del tráfico de red que envíe. Esto se debe a que es una ruta más corta (menos saltos) hasta el destino. - - También pensamos que es mejor para la seguridad de las claves privadas del proveedor de VPN si utilizan [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), en lugar de soluciones compartidas más baratas (con otros clientes) como los [servidores privados virtuales](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. En 2022/05/17 - -??? check "Auditoria independiente" - - Los clientes VPN de Mullvad han sido auditados por Cure53 y Assured AB en un reporte de pentest [publicado en cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). Los investigadores de seguridad concluyeron: - - > Cure53 y Assured AB están satisfechos con los resultados de la auditoría y el software deja una impresión positiva en general. Con la dedicación a la seguridad del equipo interno de Mullvad VPN, los testers no tienen dudas de que el proyecto va por buen camino desde el punto de vista de la seguridad. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? check "Clientes Open Source" - - Proton VPN proporciona el código fuente para su aplicación de escritorio and móvil en su [GitHub organization](https://github.com/ProtonVPN). - -??? check "Acepta dinero y Monero" - - Proton VPN, además de aceptar tarjetas de crédito/débito y Paypal, acepta Bitcoin, y **cash/local currency** como formas anónimas de pago. - -??? check "Soporte de WireGuard" - - Mullvad soporta el protocolo WireGuard®. [WireGuard](https://www.wireguard.com) es un protocolo más reciente que utiliza [criptografía](https://www.wireguard.com/protocol/) de última generación. Además, WireGuard pretende ser más simple y veloz. - - Mullvad [recomienda](https://mullvad.net/en/help/why-wireguard/) el uso de WireGuard con su servicio. Es el protocolo por defecto o único en las aplicaciones de Mullvad para Android, iOS, macOS y Linux, pero en Windows hay que [activar manualmente](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. - -??? check "Soporte de IPv6" - - Mullvad soporta el futuro de la red [IPv6](https://es.wikipedia.org/wiki/IPv6). Su red permite [acceder a servicios alojados en IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) a diferencia de otros proveedores que bloquean las conexiones IPv6. - -??? check "Redirección remota de puertos" - - Además de proporcionar los archivos de configuración estándar de OpenVPN, Proton VPN tiene clientes móviles para [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085) y [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US) que permiten conectarse fácilmente a sus servidores. - -??? check "Aplicaciones móviles" - - Mullvad ha publicado su cliente en la [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) y en [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), ambos con una interfaz fácil de usar en lugar de requerir la configuración manual de la conexión de WireGuard. El cliente móvil en Android también está disponible en [F-Droid](https://f-droid.org/packages/net.mullvad.mullvadvpn), lo que garantiza que se compila con [builds reproducibles](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! info "Funcionalidades adicionales" - - Mullvad es muy transparente en cuanto a los nodos que posee o alquila (https://mullvad.net/es/servers/). Utilizan [ShadowSocks](https://shadowsocks.org/en/index.html) en su configuración de ShadowSocks + OpenVPN, lo que les hace más resistentes contra los cortafuegos con [Inspección profunda de paquete](https://es.wikipedia.org/wiki/Deep_Packet_Inspection) que intentan bloquear las VPN. +Nuestros proveedores recomendados usan encriptación, aceptan Monero, soportan WireGuard & OpenVPN, y tienen una política de no registro. Read our [full list of criteria](#criteria) for more information. ### Proton VPN @@ -103,43 +45,44 @@ Encuentre una VPN sin registro que no esté dispuesto a vender o leer su tráfic [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } También pensamos que es mejor para la seguridad de las claves privadas del proveedor de VPN si utilizan [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), en lugar de soluciones compartidas más baratas (con otros clientes) como los [servidores privados virtuales](https://en.wikipedia.org/wiki/Virtual_private_server). -??? check annotate "63 países" +#### :material-check:{ .pg-green } 35 Countries - Proton VPN tiene [servidores en 63 países](https://protonvpn.com/vpn-servers) (1). Elegir un proveedor de VPN con un servidor cercano a usted reducirá la latencia del tráfico de red que envíe. Esto se debe a que es una ruta más corta (menos saltos) hasta el destino. - - También pensamos que es mejor para la seguridad de las claves privadas del proveedor de VPN si utilizan [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), en lugar de soluciones compartidas más baratas (con otros clientes) como los [servidores privados virtuales](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Esto se debe a que es una ruta más corta (menos saltos) hasta el destino. +{ .annotate } 1. En 2022/05/17 -??? check "Auditoria independiente" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN se ha sometido a una [auditoría de no-logging de Cure53](https://cure53.de/audit-report_ivpn.pdf) que concluyó de acuerdo con la afirmación de no-logging de IVPN. IVPN también ha completado un [informe completo de pentest Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) en enero de 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? check "Clientes Open Source" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - A partir de febrero de 2020 [las aplicaciones de IVPN son ahora de código abierto](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? check "Acepta efectivo" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - Además de aceptar tarjetas de crédito/débito y PayPal, IVPN acepta Bitcoin, **Monero** y **efectivo/moneda local** (en planes anuales) como formas de pago anónimas. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? check "Soporte de WireGuard" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - Proton VPN soporta principalmente el protocolo WireGuard®. [WireGuard](https://www.wireguard.com) es un protocolo más reciente que utiliza [criptografía](https://www.wireguard.com/protocol/) de última generación. Además, WireGuard pretende ser más simple y veloz. - - IVPN [recomienda](https://www.ivpn.net/wireguard/) el uso de WireGuard con su servicio y, como tal, es el protocolo predeterminado en todas las aplicaciones de IVPN. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? warning "Redirección remota de puertos" +Proton VPN soporta principalmente el protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Además, WireGuard pretende ser más simple y veloz. - El [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) es posible con un plan de pago (Pro). Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? check "Redirección remota de puertos" +#### :material-check:{ .pg-green } Remote Port Forwarding - Además de proporcionar los archivos de configuración estándar de OpenVPN, Proton VPN tiene clientes móviles para [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683) y [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client) que permiten conectarse fácilmente a sus servidores. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? check "Aplicaciones móviles" +#### :material-check:{ .pg-green } Mobile Clients - Proton VPN tiene sus propios servidores y centros de datos en Suiza, Islandia y Suecia. Ofrecen bloqueo de anuncios y de dominios con malware conocido con su servicio de DNS. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN tiene sus propios servidores y centros de datos en Suiza, Islandia y Suecia. IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### IVPN @@ -163,55 +106,118 @@ Encuentre una VPN sin registro que no esté dispuesto a vender o leer su tráfic - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? check annotate "32 Países" +#### :material-check:{ .pg-green } 41 Countries - IVPN tiene [servidores en 32 países](https://www.ivpn.net/server-locations) (1). Elegir un proveedor de VPN con un servidor cercano a usted reducirá la latencia del tráfico de red que envíe. Esto se debe a que es una ruta más corta (menos saltos) hasta el destino. - - También pensamos que es mejor para la seguridad de las claves privadas del proveedor de VPN si utilizan [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), en lugar de soluciones compartidas más baratas (con otros clientes) como los [servidores privados virtuales](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Esto se debe a que es una ruta más corta (menos saltos) hasta el destino. +{ .annotate } 1. En 2022/05/17 -??? check "Auditoria independiente" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Los clientes VPN de Mullvad han sido auditados por Cure53 y Assured AB en un reporte de pentest [publicado en cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). Los investigadores de seguridad concluyeron: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. Con la dedicación a la seguridad del equipo interno de Mullvad VPN, los testers no tienen dudas de que el proyecto va por buen camino desde el punto de vista de la seguridad. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] El ecosistema general de aplicaciones utilizado por Mullvad deja una impresión sólida y estructurada. La estructura general de la aplicación facilita el despliegue de parches y correcciones de forma estructurada. Más que nada, los hallazgos detectados por Cure53 muestran la importancia de auditar y reevaluar constantemente los vectores de filtración actuales, para garantizar siempre la privacidad de los usuarios finales. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. \[WireGuard\](https://www.wireguard.com) es un protocolo más reciente que utiliza \[criptografía\](https://www.wireguard.com/protocol/) de última generación. + +#### :material-check:{ .pg-green } WireGuard Support + +IVPN soporta el protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Además, WireGuard pretende ser más simple y veloz. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. La aplicación móvil en Android también está disponible en \[F-Droid\](https://f-droid.org/en/packages/net.ivpn.client), lo que garantiza que se compila con \[builds reproducibles\](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Mullvad + +!!! recommendation + + ![Mullvad logo](assets/img/vpn/mullvad.svg#only-light){ align=right } + ![Mullvad logo](assets/img/vpn/mullvad-dark.svg#only-dark){ align=right } - > Cure53 y Assured AB están satisfechos con los resultados de la auditoría y el software deja una impresión positiva en general. Con la dedicación a la seguridad del equipo interno de Mullvad VPN, los testers no tienen dudas de que el proyecto va por buen camino desde el punto de vista de la seguridad. + **Mullvad** es una VPN rápida y cómoda con un enfoque serio en la transparencia y la seguridad. Llevan en funcionamiento desde **2009**. - En 2020 se anunció una segunda auditoría (https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) y el [informe final de la auditoría] (https://cure53.de/pentest-report_mullvad_2020_v2.pdf) se publicó en el sitio web de Cure53: + Mullvad tiene su sede en Suecia y no tiene prueba gratuita. descargas - > Los resultados de este proyecto de mayo-junio de 2020 dirigido al complejo Mullvad, son bastante positivos. [...] El ecosistema general de aplicaciones utilizado por Mullvad deja una impresión sólida y estructurada. La estructura general de la aplicación facilita el despliegue de parches y correcciones de forma estructurada. Más que nada, los hallazgos detectados por Cure53 muestran la importancia de auditar y reevaluar constantemente los vectores de filtración actuales, para garantizar siempre la privacidad de los usuarios finales. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. - - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? check "Clientes Open Source" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Esto se debe a que es una ruta más corta (menos saltos) hasta el destino. +{ .annotate } -??? check "Acepta efectivo" +1. En 2022/05/17 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. [WireGuard](https://www.wireguard.com) es un protocolo más reciente que utiliza [criptografía](https://www.wireguard.com/protocol/) de última generación. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? check "Soporte de WireGuard" +#### :material-check:{ .pg-green } Independently Audited - IVPN soporta el protocolo WireGuard®. [WireGuard](https://www.wireguard.com) es un protocolo más reciente que utiliza [criptografía](https://www.wireguard.com/protocol/) de última generación. Además, WireGuard pretende ser más simple y veloz. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +Los clientes VPN de Mullvad han sido auditados por Cure53 y Assured AB en un reporte de pentest \[publicado en cure53.de\](https://cure53.de/pentest-report_mullvad_v2.pdf). Los investigadores de seguridad concluyeron: -??? check "Redirección remota de puertos" +> Cure53 y Assured AB están satisfechos con los resultados de la auditoría y el software deja una impresión positiva en general. Con la dedicación a la seguridad del equipo interno de Mullvad VPN, los testers no tienen dudas de que el proyecto va por buen camino desde el punto de vista de la seguridad. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - El [redirección de puertos] (https://es.wikipedia.org/wiki/Port_Forwarding) es posible con un plan Pro. La redirección de puertos [puede ser activada](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) a través del Client Area. +#### :material-check:{ .pg-green } Open-Source Clients -??? warning "Redirección remota de puertos" +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - Además de proporcionar archivos de configuración estándar de OpenVPN, IVPN tiene aplicaciones móviles para [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683) y [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client) que permiten conectarse fácilmente a sus servidores. La aplicación móvil en Android también está disponible en [F-Droid](https://f-droid.org/en/packages/net.ivpn.client), lo que garantiza que se compila con [builds reproducibles](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +#### :material-check:{ .pg-green } Accepts Cash -??? check "Redirección remota de puertos" +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. - Los clientes IVPN soportan la autenticación de dos factores (los clientes Mullvad y Proton VPN no). IVPN también proporciona la funcionalidad "[AntiTracker](https://www.ivpn.net/antitracker)", que bloquea las redes publicitarias y los rastreadores de la red. +#### :material-check:{ .pg-green } WireGuard Support -??? check "Aplicaciones móviles" +Mullvad soporta el protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Además, WireGuard pretende ser más simple y veloz. - Es importante tener en cuenta que el uso de un proveedor de VPN no le hará anónimo, pero le dará mayor privacidad en ciertas situaciones. Una VPN no es una herramienta para actividades ilegales. No confíes en una política de "no registro". Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. + +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Su red permite \[acceder a servicios alojados en IPv6\](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) a diferencia de otros proveedores que bloquean las conexiones IPv6. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad ha publicado su cliente en la \[App Store\](https://apps.apple.com/app/mullvad-vpn/id1488466513) y en \[Google Play\](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), ambos con una interfaz fácil de usar en lugar de requerir la configuración manual de la conexión de WireGuard. El cliente móvil en Android también está disponible en \[F-Droid\](https://f-droid.org/packages/net.mullvad.mullvadvpn), lo que garantiza que se compila con \[builds reproducibles\](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. Utilizan \[ShadowSocks\](https://shadowsocks.org/en/index.html) en su configuración de ShadowSocks + OpenVPN, lo que les hace más resistentes contra los cortafuegos con \[Inspección profunda de paquete\](https://es.wikipedia.org/wiki/Deep_Packet_Inspection) que intentan bloquear las VPN. ## Criteria @@ -246,13 +252,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Mejor caso:** -- Opción de pago en Monero o en efectivo. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No se requiere información personal para registrarse: Sólo nombre de usuario, contraseña y correo electrónico como máximo. **Best Case:** -- Acepta Monero, dinero en efectivo y otras formas de pago anónimo (tarjetas de regalo, etc.) -- No se aceptan datos personales (nombre de usuario autogenerado, no se requiere correo electrónico, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Seguridad @@ -310,5 +316,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Funcionalidades adicionales While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.es.txt" diff --git a/i18n/fa/404.md b/i18n/fa/404.md index 49886058..25c1c780 100644 --- a/i18n/fa/404.md +++ b/i18n/fa/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Not Found @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/criteria.md b/i18n/fa/about/criteria.md index 562a5d4a..3084230b 100644 --- a/i18n/fa/about/criteria.md +++ b/i18n/fa/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/donate.md b/i18n/fa/about/donate.md index 5e700e2a..8accd67a 100644 --- a/i18n/fa/about/donate.md +++ b/i18n/fa/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/index.md b/i18n/fa/about/index.md index 917b4910..619406fe 100644 --- a/i18n/fa/about/index.md +++ b/i18n/fa/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/notices.md b/i18n/fa/about/notices.md index 2ded68df..6415953c 100644 --- a/i18n/fa/about/notices.md +++ b/i18n/fa/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/privacy-policy.md b/i18n/fa/about/privacy-policy.md index 70ab9d9b..26c668d1 100644 --- a/i18n/fa/about/privacy-policy.md +++ b/i18n/fa/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/privacytools.md b/i18n/fa/about/privacytools.md index 319fac36..515c21f5 100644 --- a/i18n/fa/about/privacytools.md +++ b/i18n/fa/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/services.md b/i18n/fa/about/services.md index 45a5f176..71f2c95b 100644 --- a/i18n/fa/about/services.md +++ b/i18n/fa/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/about/statistics.md b/i18n/fa/about/statistics.md index 6e2334d4..8f17240c 100644 --- a/i18n/fa/about/statistics.md +++ b/i18n/fa/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/advanced/communication-network-types.md b/i18n/fa/advanced/communication-network-types.md index fcbc0465..1f07a2c4 100644 --- a/i18n/fa/advanced/communication-network-types.md +++ b/i18n/fa/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/advanced/dns-overview.md b/i18n/fa/advanced/dns-overview.md index 1e872d2d..95a4ee11 100644 --- a/i18n/fa/advanced/dns-overview.md +++ b/i18n/fa/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- [سیستم نام دامنه (DNS)](https://en.wikipedia.org/wiki/Domain_Name_System) 'دفترچه تلفن اینترنت' است. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/advanced/payments.md b/i18n/fa/advanced/payments.md new file mode 100644 index 00000000..7e046ecd --- /dev/null +++ b/i18n/fa/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/fa/advanced/tor-overview.md b/i18n/fa/advanced/tor-overview.md index 678ffe86..dd9d2a95 100644 --- a/i18n/fa/advanced/tor-overview.md +++ b/i18n/fa/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.fa.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/fa/android.md b/i18n/fa/android.md index 082a7126..3da86daa 100644 --- a/i18n/fa/android.md +++ b/i18n/fa/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/basics/account-creation.md b/i18n/fa/basics/account-creation.md index e1371a80..afa5d429 100644 --- a/i18n/fa/basics/account-creation.md +++ b/i18n/fa/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/basics/account-deletion.md b/i18n/fa/basics/account-deletion.md index 5bc04f10..2498d604 100644 --- a/i18n/fa/basics/account-deletion.md +++ b/i18n/fa/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/basics/common-misconceptions.md b/i18n/fa/basics/common-misconceptions.md index 9db645e0..41997417 100644 --- a/i18n/fa/basics/common-misconceptions.md +++ b/i18n/fa/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.fa.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/fa/basics/common-threats.md b/i18n/fa/basics/common-threats.md index 4b111199..e278c0cb 100644 --- a/i18n/fa/basics/common-threats.md +++ b/i18n/fa/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.fa.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/fa/basics/email-security.md b/i18n/fa/basics/email-security.md index 61694ede..f0c2fb57 100644 --- a/i18n/fa/basics/email-security.md +++ b/i18n/fa/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/basics/multi-factor-authentication.md b/i18n/fa/basics/multi-factor-authentication.md index f3f5b704..2f6a7b55 100644 --- a/i18n/fa/basics/multi-factor-authentication.md +++ b/i18n/fa/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/basics/passwords-overview.md b/i18n/fa/basics/passwords-overview.md index 2bb9b52a..6858d8b5 100644 --- a/i18n/fa/basics/passwords-overview.md +++ b/i18n/fa/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/basics/threat-modeling.md b/i18n/fa/basics/threat-modeling.md index ecb360e8..fc1b3b41 100644 --- a/i18n/fa/basics/threat-modeling.md +++ b/i18n/fa/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/basics/vpn-overview.md b/i18n/fa/basics/vpn-overview.md index 906b31f0..a1a007f5 100644 --- a/i18n/fa/basics/vpn-overview.md +++ b/i18n/fa/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/calendar.md b/i18n/fa/calendar.md index ced20981..bbcb033a 100644 --- a/i18n/fa/calendar.md +++ b/i18n/fa/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/cloud.md b/i18n/fa/cloud.md index 3e05b2d6..8846ff6c 100644 --- a/i18n/fa/cloud.md +++ b/i18n/fa/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/cryptocurrency.md b/i18n/fa/cryptocurrency.md new file mode 100644 index 00000000..ba06ba1e --- /dev/null +++ b/i18n/fa/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/fa/data-redaction.md b/i18n/fa/data-redaction.md index b3879c41..961594a8 100644 --- a/i18n/fa/data-redaction.md +++ b/i18n/fa/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/desktop-browsers.md b/i18n/fa/desktop-browsers.md index f903cef9..1f5c1139 100644 --- a/i18n/fa/desktop-browsers.md +++ b/i18n/fa/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.fa.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/fa/desktop.md b/i18n/fa/desktop.md index 0d4f97cf..2db4d119 100644 --- a/i18n/fa/desktop.md +++ b/i18n/fa/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/dns.md b/i18n/fa/dns.md index 48581c70..a8cc21da 100644 --- a/i18n/fa/dns.md +++ b/i18n/fa/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.fa.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/fa/email-clients.md b/i18n/fa/email-clients.md index f14610d3..b9f5dd7d 100644 --- a/i18n/fa/email-clients.md +++ b/i18n/fa/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/email.md b/i18n/fa/email.md index 018713f5..7ab4c31d 100644 --- a/i18n/fa/email.md +++ b/i18n/fa/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/encryption.md b/i18n/fa/encryption.md index d254167c..ded8533b 100644 --- a/i18n/fa/encryption.md +++ b/i18n/fa/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/file-sharing.md b/i18n/fa/file-sharing.md index 2d22ffc6..3e79d791 100644 --- a/i18n/fa/file-sharing.md +++ b/i18n/fa/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/financial-services.md b/i18n/fa/financial-services.md new file mode 100644 index 00000000..480c924c --- /dev/null +++ b/i18n/fa/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/fa/frontends.md b/i18n/fa/frontends.md index e2a458be..7f245f41 100644 --- a/i18n/fa/frontends.md +++ b/i18n/fa/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/index.md b/i18n/fa/index.md index 07466b4a..85cfead2 100644 --- a/i18n/fa/index.md +++ b/i18n/fa/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/kb-archive.md b/i18n/fa/kb-archive.md index ef94741f..92daee33 100644 --- a/i18n/fa/kb-archive.md +++ b/i18n/fa/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/meta/brand.md b/i18n/fa/meta/brand.md index 07e4bb19..53cb9ac4 100644 --- a/i18n/fa/meta/brand.md +++ b/i18n/fa/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/meta/git-recommendations.md b/i18n/fa/meta/git-recommendations.md index fa2e1142..f59b5f81 100644 --- a/i18n/fa/meta/git-recommendations.md +++ b/i18n/fa/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/meta/uploading-images.md b/i18n/fa/meta/uploading-images.md index 61949c17..55f136f8 100644 --- a/i18n/fa/meta/uploading-images.md +++ b/i18n/fa/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/meta/writing-style.md b/i18n/fa/meta/writing-style.md index 6915a7ff..b9e47a71 100644 --- a/i18n/fa/meta/writing-style.md +++ b/i18n/fa/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/mobile-browsers.md b/i18n/fa/mobile-browsers.md index 1d8dfb6b..372e19b8 100644 --- a/i18n/fa/mobile-browsers.md +++ b/i18n/fa/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/multi-factor-authentication.md b/i18n/fa/multi-factor-authentication.md index 3bd4e5d3..41030fe3 100644 --- a/i18n/fa/multi-factor-authentication.md +++ b/i18n/fa/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/news-aggregators.md b/i18n/fa/news-aggregators.md index c0de18bc..2dad5ac0 100644 --- a/i18n/fa/news-aggregators.md +++ b/i18n/fa/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/notebooks.md b/i18n/fa/notebooks.md index 116bf2b3..0739f668 100644 --- a/i18n/fa/notebooks.md +++ b/i18n/fa/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/os/android-overview.md b/i18n/fa/os/android-overview.md index bb93e22f..a78631a2 100644 --- a/i18n/fa/os/android-overview.md +++ b/i18n/fa/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/os/linux-overview.md b/i18n/fa/os/linux-overview.md index 731dfba8..638c7927 100644 --- a/i18n/fa/os/linux-overview.md +++ b/i18n/fa/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/os/qubes-overview.md b/i18n/fa/os/qubes-overview.md index 557c3256..17b286b9 100644 --- a/i18n/fa/os/qubes-overview.md +++ b/i18n/fa/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/passwords.md b/i18n/fa/passwords.md index dbe30a96..e81f1186 100644 --- a/i18n/fa/passwords.md +++ b/i18n/fa/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/productivity.md b/i18n/fa/productivity.md index 63832903..4490325d 100644 --- a/i18n/fa/productivity.md +++ b/i18n/fa/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/real-time-communication.md b/i18n/fa/real-time-communication.md index 9a51acf4..68f9d767 100644 --- a/i18n/fa/real-time-communication.md +++ b/i18n/fa/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/router.md b/i18n/fa/router.md index 4677d1a6..a494c017 100644 --- a/i18n/fa/router.md +++ b/i18n/fa/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/search-engines.md b/i18n/fa/search-engines.md index 1b19c469..911525d7 100644 --- a/i18n/fa/search-engines.md +++ b/i18n/fa/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/tools.md b/i18n/fa/tools.md index 1c4e0a77..ef945a94 100644 --- a/i18n/fa/tools.md +++ b/i18n/fa/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/tor.md b/i18n/fa/tor.md index 0c8cf09d..ce93c961 100644 --- a/i18n/fa/tor.md +++ b/i18n/fa/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/video-streaming.md b/i18n/fa/video-streaming.md index 8cc0135f..8f8ebd0b 100644 --- a/i18n/fa/video-streaming.md +++ b/i18n/fa/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fa/vpn.md b/i18n/fa/vpn.md index 2d06ffdd..6bba2546 100644 --- a/i18n/fa/vpn.md +++ b/i18n/fa/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPNs do not provide anonymity" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.fa.txt" diff --git a/i18n/fr/404.md b/i18n/fr/404.md index 0907d1e3..ea9af6fb 100644 --- a/i18n/fr/404.md +++ b/i18n/fr/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Page introuvable @@ -13,5 +17,3 @@ Nous n'avons pas pu trouver la page que vous recherchiez ! Peut-être recherchie - [Les meilleurs fournisseurs de VPN](vpn.md) - [Le forum de Privacy Guides](https://discuss.privacyguides.net) - [Notre blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/CODE_OF_CONDUCT.md b/i18n/fr/CODE_OF_CONDUCT.md index 88a0e910..88e156d7 100644 --- a/i18n/fr/CODE_OF_CONDUCT.md +++ b/i18n/fr/CODE_OF_CONDUCT.md @@ -1,53 +1,53 @@ -# Community Code of Conduct +# Code de conduite communautaire -**We pledge** to make our community a harassment-free experience for everyone. +**Nous nous engageons** à faire de notre communauté une expérience sans harcèlement pour tous. -**We strive** to create a positive environment, using welcoming and inclusive language, and being respectful of the viewpoints of others. +**Nous nous efforçons** de créer un environnement positif, en utilisant un langage accueillant et inclusif, et en étant respectueux des points de vue des autres. -**We do not allow** inappropriate or otherwise unacceptable behavior, such as sexualized language, trolling and insulting comments, or otherwise promoting intolerance or harassment. +**Nous n'autorisons pas** un comportement inapproprié ou autrement inacceptable, tel qu'un langage sexualisé, des commentaires trolls et insultants, ou toute autre promotion de l'intolérance ou du harcèlement. -## Community Standards +## Normes communautaires -What we expect from members of our communities: +Ce que nous attendons des membres de nos communautés : -1. **Don't spread misinformation** +1. **Ne diffusez pas de fausses informations** - We are creating an evidence-based educational community around information privacy and security, not a home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence. + Nous créons une communauté éducative fondée sur des preuves en matière de confidentialité et de sécurité de l'information, et non un foyer pour les théories du complot. Par exemple, lorsque vous affirmez qu'un certain logiciel est malveillant ou que certaines données de télémétrie portent atteinte à la vie privée, expliquez en détail ce qui est collecté et comment. Les affirmations de cette nature doivent être étayées par des preuves techniques. -1. **Don't abuse our willingness to help** +1. **N'abusez pas de notre volonté d'aider** - Our community members are not your free tech support. We are happy to help you with specific steps on your privacy journey if you are willing to put in effort on your end. We are not willing to answer endlessly repeated questions about generic computer problems you could have answered yourself with a 30-second internet search. Don't be a [help vampire](https://slash7.com/2006/12/22/vampires/). + Les membres de notre communauté ne sont pas votre support technique gratuit. Nous sommes heureux de vous aider à franchir certaines étapes de votre parcours de protection de la vie privée si vous êtes prêt à faire des efforts de votre côté. Nous ne sommes pas disposés à répondre à des questions répétées à l'infini sur des problèmes informatiques génériques auxquels vous auriez pu répondre vous-même en 30 secondes de recherche sur Internet. Ne soyez pas un [vampire de l'aide](https://slash7.com/2006/12/22/vampires/). -1. **Behave in a positive and constructive manner** +1. **Comportez-vous de manière positive et constructive** - Examples of behavior that contributes to a positive environment for our community include: + Voici quelques exemples de comportements qui contribuent à un environnement positif pour notre communauté : - - Demonstrating empathy and kindness toward other people - - Being respectful of differing opinions, viewpoints, and experiences - - Giving and gracefully accepting constructive feedback - - Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience - - Focusing on what is best not just for us as individuals, but for the overall community + - Faire preuve d'empathie et de gentillesse envers les autres + - Être respectueux des différentes opinions, points de vue et expériences + - Donner et accepter avec grâce des retours constructifs + - Accepter la responsabilité et présenter des excuses à ceux qui ont été affectés par nos erreurs, et tirer des leçons de cette expérience + - Se concentrer sur ce qui est le mieux non seulement pour nous en tant qu'individus, mais aussi pour l'ensemble de la communauté -### Unacceptable Behavior +### Comportement inacceptable -The following behaviors are considered harassment and are unacceptable within our community: +Les comportements suivants sont considérés comme du harcèlement et sont inacceptables au sein de notre communauté : -- The use of sexualized language or imagery, and sexual attention or advances of any kind -- Trolling, insulting or derogatory comments, and personal or political attacks -- Public or private harassment -- Publishing others' private information, such as a physical or email address, without their explicit permission -- Other conduct which could reasonably be considered inappropriate in a professional setting +- L'utilisation d'un langage ou d'images à caractère sexuel, ainsi que des attentions ou des avances sexuelles de quelque nature que ce soit +- Le "trolling", les commentaires insultants ou désobligeants et les attaques personnelles ou d’ordre politique +- Le harcèlement en public ou en privé +- Publier des informations privées d'autrui, telles qu'une adresse physique ou électronique, sans leur permission explicite +- Toute autre conduite qui pourrait raisonnablement être considérée comme inappropriée dans un cadre professionnel -## Scope +## Périmètre d’application -Our Code of Conduct applies within all project spaces, as well as when an individual is representing the Privacy Guides project in other communities. +Notre code de conduite s'applique dans tous les espaces du projet, ainsi que lorsqu'une personne représente le projet Privacy Guides dans d'autres communautés. -We are responsible for clarifying the standards of our community, and have the right to remove or alter the comments of those participating within our community, as necessary and at our discretion. +Nous sommes responsables de la clarification des normes de notre communauté, et nous avons le droit de supprimer ou de modifier les commentaires de ceux qui participent à notre communauté, si nécessaire et à notre discrétion. ### Contact -If you observe a problem on a platform like Matrix or Reddit, please contact our moderators on that platform in chat, via DM, or through any designated "Modmail" system. +Si vous observez un problème sur une plateforme comme Matrix ou Reddit, veuillez contacter nos modérateurs sur cette plateforme en chat, via DM, ou par le biais de tout système désigné "Modmail". -If you have a problem elsewhere, or a problem our community moderators are unable to resolve, reach out to `jonah@privacyguides.org` and/or `dngray@privacyguides.org`. +Si vous avez un problème ailleurs, ou un problème que nos modérateurs de la communauté ne sont pas en mesure de résoudre, adressez-vous à `jonah@privacyguides.org` et/ou `dngray@privacyguides.org`. -All community leaders are obligated to respect the privacy and security of the reporter of any incident. +Tous les dirigeants de la communauté sont tenus de respecter la vie privée et la sécurité du rapporteur de l'incident. diff --git a/i18n/fr/about/criteria.md b/i18n/fr/about/criteria.md index 78c645dc..847148ed 100644 --- a/i18n/fr/about/criteria.md +++ b/i18n/fr/about/criteria.md @@ -38,5 +38,3 @@ Nous avons ces exigences à l'égard des développeurs qui souhaitent soumettre - Vous devez indiquer quel est le modèle de menace exact avec votre projet. - Il doit être clair pour les utilisateurs potentiels ce que le projet peut fournir et ce qu'il ne peut pas fournir. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/about/donate.md b/i18n/fr/about/donate.md index 6fc4c7a8..8717528b 100644 --- a/i18n/fr/about/donate.md +++ b/i18n/fr/about/donate.md @@ -48,5 +48,3 @@ Nous hébergeons [des services internet](https://privacyguides.net) pour tester Nous achetons occasionnellement des produits et des services dans le but de tester nos [outils recommandés](../tools.md). Nous travaillons toujours avec notre hôte fiscal (la Fondation Open Collective) pour recevoir des dons en crypto-monnaies. Pour l'instant, la comptabilité est irréalisable pour de nombreuses petites transactions, mais cela devrait changer à l'avenir. En attendant, si vous souhaitez faire un don important en crypto-monnaies (> 100 $), veuillez contacter [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/about/index.md b/i18n/fr/about/index.md index f9ef3469..37d72fbe 100644 --- a/i18n/fr/about/index.md +++ b/i18n/fr/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "À propos de Privacy Guides" +description: Privacy Guides est un site web à vocation sociale qui fournit des informations pour protéger la sécurité de vos données et votre vie privée. --- -**Privacy Guides** est un site web à vocation sociale qui fournit des informations pour protéger la sécurité de vos données et votre vie privée. Nous sommes un collectif à but non lucratif entièrement géré par des [membres bénévoles de l'équipe](https://discuss.privacyguides.net/g/team) et des contributeurs. +![Logo de Privacy Guides](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Soutenir le projet](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** est un site web à vocation sociale qui fournit [des informations](/kb) pour protéger la sécurité de vos données et votre vie privée. Nous sommes un collectif à but non lucratif entièrement géré par des [membres bénévoles de l'équipe](https://discuss.privacyguides.net/g/team) et des contributeurs. Notre site web est exempt de toute publicité et n'est pas affilié aux fournisseurs répertoriés. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title="Page d'accueil" } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Code source" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribuer } + +L'objectif de Privacy Guides est d'éduquer notre communauté sur l'importance de la vie privée en ligne et sur les programmes gouvernementaux internationaux qui sont conçus pour surveiller toutes vos activités en ligne. + +> Pour trouver des applications [alternatives axées sur la protection de la vie privée], consultez des sites tels que Good Reports et **Privacy Guides**, qui répertorient les applications axées sur la protection de la vie privée dans diverses catégories, notamment les fournisseurs de courrier électronique (généralement payants) qui ne sont pas gérés par les grands géants du web. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) [Traduit de l'anglais] + +> Si vous êtes à la recherche d'un nouveau VPN, vous pouvez consulter le code de réduction d'à peu près tous les podcasts. Si vous cherchez un **bon** VPN, vous avez besoin d'une aide professionnelle. Il en va de même pour les clients de messagerie, les navigateurs, les systèmes d'exploitation et les gestionnaires de mots de passe. Comment savoir laquelle de ces options est la meilleure, la plus respectueuse de la vie privée ? Pour cela, il existe **Privacy Guides**, une plateforme sur laquelle un certain nombre de bénévoles recherchent jour après jour les meilleurs outils respectueux de la vie privée à utiliser sur internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Traduit du néerlandais] + +Également présenté sur : [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], et [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## Histoire + +Privacy Guides a été lancé en septembre 2021 dans le prolongement du projet éducatif open source [défunt](privacytools.md) « PrivacyTools ». Nous avons reconnu l’importance de recommandations indépendantes, axées sur des critères, et de connaissances générales dans l’environnement de la protection de la vie privée. C'est pourquoi nous avions besoin de préserver le travail qui avait été créé par tant de contributeurs depuis 2015, et être sûr que ces informations aient une place stable sur le web indéfiniment. + +En 2022, nous avons achevé la transition de l'environnement de site web principal de Jekyll à MkDocs, en utilisant le logiciel de documentation `mkdocs-material`. Ce changement a rendu les contributions open source à notre site considérablement plus facile pour les personnes extérieures, parce qu'au lieu d'avoir besoin de connaître une syntaxe complexe pour écrire des messages efficacement, contribuer est maintenant aussi simple que d'écrire un document Markdown standard. + +Nous avons également lancé notre nouveau forum de discussion sur [discuss.privacyguides.net](https://discuss.privacyguides.net/) comme plateforme communautaire pour partager des idées et poser des questions sur notre mission. Cela complète notre communauté existante sur Matrix et remplace notre précédente plate-forme de Discussions GitHub, réduisant ainsi notre dépendance aux plateformes de discussion propriétaires. + +Jusqu'à présent en 2023, nous avons lancé des traductions internationales de notre site en [français](/fr/), [hébreu](/he/), et [néerlandais](/nl/), et d'autres langues sont à venir, rendu possible par notre excellente équipe de traduction sur [Crowdin](https://crowdin.com/project/privacyguides). Nous avons l'intention de poursuivre notre mission de sensibilisation et d'éducation, et trouver des moyens de mieux mettre en évidence les dangers d'un manque de sensibilisation à la protection de la vie privée à l'ère numérique moderne, et la prévalence et les conséquences des failles de sécurité dans l'industrie de la technologie. ## Notre équipe @@ -48,7 +76,7 @@ title: "À propos de Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -De plus, [de nombreuses personnes](https://github.com/privacyguides/privacyguides.org/graphs/contributors) ont apporté des contributions au projet. Vous pouvez aussi, nous sommes open source sur GitHub ! +De plus, [de nombreuses personnes](https://github.com/privacyguides/privacyguides.org/graphs/contributors) ont apporté des contributions au projet. Vous pouvez aussi, nous sommes open source sur GitHub, et acceptons les suggestions de traduction sur [Crowdin](https://crowdin.com/project/privacyguides). Les membres de notre équipe examinent toutes les modifications apportées au site et s'occupent des tâches administratives telles que l'hébergement et les finances, mais ils ne profitent pas personnellement des contributions apportées à ce site. Nos finances sont hébergées de manière transparente par la Fondation Open Collective 501(c)(3) sur [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Les dons à Privacy Guides sont généralement déductibles des impôts aux États-Unis. @@ -56,8 +84,6 @@ Les membres de notre équipe examinent toutes les modifications apportées au si *Ce qui suit est un résumé lisible par l'homme de la [licence](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE) (et ne se substitue pas à celle-ci) :* -:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Sauf indication contraire, le contenu original de ce site web est mis à disposition sous la [licence publique internationale Creative Commons Attribution-NoDerivatives 4.0](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). Cela signifie que vous êtes libre de copier et de redistribuer le matériel sur n'importe quel support ou dans n'importe quel format, à n'importe quelle fin, même commerciale, pour autant que vous accordiez le crédit approprié à `Privacy Guides (www.privacyguides.org)` et que vous fournissiez un lien vers la licence. Vous **ne pouvez pas** utiliser la marque Privacy Guides dans votre propre projet sans l'approbation expresse de ce projet. Si vous remixez, transformez ou construisez sur le contenu de ce site web, vous n'êtes pas autorisé à distribuer le matériel modifié. +:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Sauf indication contraire, le contenu original de ce site web est mis à disposition sous la [licence publique internationale Creative Commons Attribution-NoDerivatives 4.0](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). Cela signifie que vous êtes libre de copier et de redistribuer le matériel sur n'importe quel support ou dans n'importe quel format, à n'importe quelle fin, même commerciale, pour autant que vous accordiez le crédit approprié à `Privacy Guides (www.privacyguides.org)` et que vous fournissiez un lien vers la licence. Vous pouvez le faire de toute manière raisonnable, mais pas d'une manière qui suggère que Privacy Guides vous approuve ou approuve votre utilisation. Si vous remixez, transformez ou construisez sur le contenu de ce site web, vous n'êtes pas autorisé à distribuer le matériel modifié. Cette licence a été mise en place pour empêcher les gens de partager notre travail sans en donner le crédit approprié, et pour empêcher les gens de modifier notre travail d'une manière qui pourrait être utilisée pour induire les gens en erreur. Si vous trouvez les termes de cette licence trop restrictifs pour le projet sur lequel vous travaillez, veuillez nous contacter à l'adresse `jonah@privacyguides.org`. Nous serons heureux de fournir des options de licence alternatives pour les projets bien intentionnés dans le domaine de la vie privée ! - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/about/notices.md b/i18n/fr/about/notices.md index 0f33d67c..ec5c59b1 100644 --- a/i18n/fr/about/notices.md +++ b/i18n/fr/about/notices.md @@ -24,7 +24,7 @@ Cela n'inclut pas le code tiers intégré dans ce dépôt, ou le code pour leque Certaines parties de cet avis ont été reprises du projet [opensource.guide](https://github.com/github/opensource.guide/blob/master/notices.md) sur GitHub. Cette ressource et cette page elle-même sont publiées sous [CC-BY-4.0](https://github.com/github/opensource.guide/blob/master/LICENSE). -Cela signifie que vous pouvez utiliser le contenu lisible par l'homme de ce dépôt pour votre propre projet, conformément aux conditions décrites dans le texte universel CC0 1.0. Vous **ne pouvez pas** utiliser la marque Privacy Guides dans votre propre projet sans l'approbation expresse de ce projet. Les marques de commerce de Privacy Guides comprennent le mot-clé et le logo "Privacy Guides". Les marques déposées de Privacy Guides comprennent l'appellation « Privacy Guides » ainsi que le logo Shield. +Cela signifie que vous pouvez utiliser le contenu lisible par l'homme de ce dépôt pour votre propre projet, conformément aux conditions décrites dans le texte universel CC0 1.0. Vous pouvez le faire de toute manière raisonnable, mais pas d'une manière qui suggère que Privacy Guides vous approuve ou approuve votre utilisation. Les marques de commerce de Privacy Guides comprennent le mot-clé et le logo "Privacy Guides". Les marques déposées de Privacy Guides comprennent l'appellation « Privacy Guides » ainsi que le logo Shield. Nous estimons que les logos et autres images des `actifs` obtenus auprès de fournisseurs tiers sont soit du domaine public, soit **d'un usage raisonnable**. En résumé, la [doctrine d'usage raisonnable](https://fr.wikipedia.org/wiki/Fair_use) permet l'utilisation d'images protégées par le droit d'auteur afin d'identifier le sujet à des fins de commentaire public. Toutefois, ces logos et autres images peuvent encore être soumis aux lois sur les marques commerciales dans une ou plusieurs juridictions. Avant d'utiliser ce contenu, veuillez vous assurer qu'il permet d'identifier l'entité ou l'organisation propriétaire de la marque et que vous avez le droit de l'utiliser en vertu des lois applicables dans les circonstances de votre utilisation prévue. *Lorsque vous copiez le contenu de ce site web, vous êtes seul responsable de vous assurer que vous ne violez pas la marque ou le droit d'auteur de quelqu'un d'autre.* @@ -41,5 +41,3 @@ Vous ne devez pas mener d'activités de collecte de données systématiques ou a * [Web scrapping](https://fr.wikipedia.org/wiki/Web_scraping) * Extraction de données * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/about/privacy-policy.md b/i18n/fr/about/privacy-policy.md index 38de9feb..5a4eb667 100644 --- a/i18n/fr/about/privacy-policy.md +++ b/i18n/fr/about/privacy-policy.md @@ -59,5 +59,3 @@ De manière plus générale, pour les plaintes en vertu du RGPD. Vous pouvez les Nous publierons toute nouvelle version de cette déclaration [ici](privacy-policy.md). Il se peut que nous modifiions la manière dont nous annonçons les changements dans les futures versions de ce document. Nous pouvons également mettre à jour nos coordonnées à tout moment sans annoncer de changement. Veuillez vous référer à la [politique de confidentialité](privacy-policy.md) pour obtenir les dernières informations de contact à tout moment. Un [historique](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) de révision complet de cette page peut être trouvé sur GitHub. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/about/privacytools.md b/i18n/fr/about/privacytools.md index fda4fd59..3475ffd6 100644 --- a/i18n/fr/about/privacytools.md +++ b/i18n/fr/about/privacytools.md @@ -116,5 +116,3 @@ Ce sujet a fait l'objet de nombreuses discussions au sein de nos communautés à - [2 avr 2022 réponse de u/dng99 à l'article de blog accusatoire de PrivacyTools](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [16 mai 2022 réponse de @TommyTran732 sur Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post sur le forum de Techlore par @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/about/services.md b/i18n/fr/about/services.md index 6f1fc168..4fdbe8cc 100644 --- a/i18n/fr/about/services.md +++ b/i18n/fr/about/services.md @@ -36,5 +36,3 @@ Nous utilisons un certain nombre de services web pour tester des fonctionnalité - Disponibilité : semi-public Nous hébergeons Invidious principalement pour servir les vidéos YouTube intégrées à notre site web. Cette instance n'est pas destinée à un usage général et peut être limitée à tout moment. - Source : [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/about/statistics.md b/i18n/fr/about/statistics.md index ddedefe5..381af078 100644 --- a/i18n/fr/about/statistics.md +++ b/i18n/fr/about/statistics.md @@ -59,5 +59,3 @@ title: Statistiques de trafic }) }) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/advanced/communication-network-types.md b/i18n/fr/advanced/communication-network-types.md index fd3e558c..7f890710 100644 --- a/i18n/fr/advanced/communication-network-types.md +++ b/i18n/fr/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types de réseaux de communication" icon: 'material/transit-connection-variant' +description: Une présentation de plusieurs architectures réseau couramment utilisées par les applications de messagerie instantanée. --- Il existe plusieurs architectures réseau couramment utilisées pour relayer des messages entre des personnes. Ces réseaux peuvent offrir des garanties différentes en matière de protection de la vie privée. C'est pourquoi il est utile de tenir compte de votre [modèle de menace](../basics/threat-modeling.md) lorsque vous décidez quelle application à utiliser. @@ -100,5 +101,3 @@ L'auto-hébergement d'un nœud dans un réseau de routage anonyme ne procure pas - Moins fiable si les nœuds sont sélectionnés par un routage aléatoire, certains nœuds peuvent être très éloignés de l'expéditeur et du récepteur, ce qui ajoute une latence ou même l'impossibilité de transmettre les messages si l'un des nœuds se déconnecte. - Plus complexe à mettre en œuvre car la création et la sauvegarde sécurisée d'une clé cryptographique privé sont nécessaires. - Comme pour les autres plateformes décentralisées, l'ajout de fonctionnalités est plus complexe pour les développeurs que sur une plateforme centralisée. Par conséquent, des fonctionnalités peuvent manquer ou être incomplètement mises en œuvre, comme le relais des messages hors ligne ou la suppression des messages. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/advanced/dns-overview.md b/i18n/fr/advanced/dns-overview.md index b1fbb0c3..2e4a9144 100644 --- a/i18n/fr/advanced/dns-overview.md +++ b/i18n/fr/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction aux DNS" icon: material/dns +description: Le Système de Nom de Domaine est le "répertoire téléphonique de l'internet", qui aide votre navigateur à trouver le site web qu'il recherche. --- Le [système de nom de domaine](https://fr.wikipedia.org/wiki/Domain_Name_System) est "l'annuaire de l'internet". Le DNS traduit les noms de domaine en adresses IP afin que les navigateurs et autres services puissent charger les ressources de l'internet, grâce à un réseau décentralisé de serveurs. @@ -303,5 +304,3 @@ Le [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) est un Il est destiné à "accélérer" la transmission des données en donnant au client une réponse qui appartient à un serveur proche de lui, comme un [réseau de diffusion de contenu](https://fr.wikipedia.org/wiki/Réseau_de_diffusion_de_contenu), souvent utilisé pour la diffusion de vidéos en continu et pour servir des applications Web JavaScript. Cette fonction a un coût en termes de confidentialité, car elle fournit au serveur DNS des informations sur la localisation du client. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/advanced/payments.md b/i18n/fr/advanced/payments.md new file mode 100644 index 00000000..c3fe69c7 --- /dev/null +++ b/i18n/fr/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Paiements privés +icon: material/hand-coin +--- + +Ce n'est pas pour rien que les données relatives à vos habitudes d'achat sont considérées comme le Saint-Graal du ciblage publicitaire : vos achats peuvent constituer un véritable trésor de données vous concernant. Malheureusement, le système financier actuel est, de par sa conception, hostile à la protection de la vie privée, car il permet aux banques, aux autres entreprises et aux gouvernements de retracer facilement les transactions. Néanmoins, vous disposez de nombreuses options pour effectuer des paiements de façon privée. + +## Argent liquide + +Pendant des siècles, **l'argent liquide** a été la principale forme de paiement privé. Dans la plupart des cas, l'argent liquide présente d'excellentes caractéristiques de confidentialité, est largement accepté dans la plupart des pays et est **fongible**, ce qui signifie qu'il n'est pas unique et qu'il est totalement interchangeable. + +Les lois sur les paiements en espèces varient d'un pays à l'autre. Aux États-Unis, les paiements en espèces supérieurs à 10 000 $ doivent faire l'objet d'une déclaration spéciale à l'IRS sur le [formulaire 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). L'entreprise destinataire est tenue de vérifier l'identité du bénéficiaire (nom, adresse, profession, date de naissance et numéro de sécurité sociale ou autre numéro fiscal), à quelques exceptions près. Des limites inférieures sans pièce d'identité, telles que 3 000 $ ou moins, existent pour les échanges et les transferts de fonds. Les espèces contiennent également des numéros de série. Ces données ne sont presque jamais tracées par les commerçants, mais elles peuvent être utilisées par les services répressifs dans le cadre d'enquêtes ciblées. + +Malgré cela, c'est généralement la meilleure option. + +## Cartes prépayées & cartes-cadeaux + +Il est relativement simple d'acheter des cartes-cadeaux et des cartes prépayées dans la plupart des magasins d'alimentation et des commerces de proximité avec de l'argent liquide. Les cartes-cadeaux ne sont généralement pas payantes, mais les cartes prépayées le sont souvent. Il convient donc d'être attentif à ces frais et aux dates d'expiration. Certains magasins peuvent demander à voir votre pièce d'identité à la caisse afin de réduire les fraudes. + +Les cartes-cadeaux sont généralement assorties d'une limite de 200 $ par carte, mais certaines offrent des limites allant jusqu'à 2 000 $ par carte. Les cartes prépayées (Visa ou Mastercard, par exemple) sont généralement assorties d'une limite de 1 000 $ par carte. + +Les cartes-cadeaux ont l'inconvénient d'être soumises aux politiques des commerçants, qui peuvent avoir des conditions et des restrictions terribles. Par exemple, certains commerçants n'acceptent pas exclusivement les paiements par carte-cadeau ou peuvent annuler la valeur de la carte s'ils considèrent que vous êtes un utilisateur à haut risque. Une fois que vous disposez d'un crédit commercial, le commerçant exerce un contrôle important sur ce crédit. + +Les cartes prépayées ne permettent pas de retirer de l'argent dans les DABs ni d'effectuer des paiements "pair à pair" avec Venmo et d'autres applications similaires. + +Pour la plupart des gens, l'argent liquide reste la meilleure option pour les achats en personne. Les cartes-cadeaux peuvent être utiles pour les économies qu'elles permettent de réaliser. Les cartes prépayées peuvent être utiles dans les endroits qui n'acceptent pas d'argent liquide. Les cartes-cadeaux et les cartes prépayées sont plus faciles à utiliser en ligne que l'argent liquide, et elles sont plus faciles à acquérir avec des crypto-monnaies qu'avec de l'argent liquide. + +### Marchés en ligne + +Si vous avez des [crypto-monnaies](../cryptocurrency.md), vous pouvez acheter des cartes-cadeaux sur une place de marché de cartes-cadeaux en ligne. Certains de ces services proposent des options de vérification d'identité pour des limites plus élevées, mais ils permettent également d'ouvrir des comptes avec une simple adresse email. Les limites de base commencent à 5 000 - 10 000 $ par jour pour les comptes de base, et des limites nettement plus élevées sont prévues pour les comptes dont l'identité a été vérifiée (le cas échéant). + +Lorsque vous achetez des cartes-cadeaux en ligne, vous bénéficiez généralement d'une légère réduction. Les cartes prépayées sont généralement vendues en ligne à leur valeur nominale ou moyennant des frais. Si vous achetez des cartes prépayées et des cartes-cadeaux avec des crypto-monnaies, vous devriez fortement préférer payer avec du Monero qui offre une grande confidentialité, plus d'informations à ce sujet ci-dessous. Payer une carte-cadeau avec une méthode de paiement traçable annule les avantages qu'une carte-cadeau peut offrir lorsqu'elle est achetée en espèces ou en Monero. + +- [Places de marché de cartes-cadeaux en ligne :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Cartes virtuelles + +Un autre moyen de protéger vos informations auprès des commerçants en ligne est d'utiliser des cartes virtuelles à usage unique qui masquent vos informations bancaires ou de facturation. Cette fonction est principalement utile pour vous protéger contre les fuites de données des commerçants, le suivi peu sophistiqué ou la corrélation des achats par les agences de marketing, et le vol de données en ligne. Elles ne vous aident **pas** à effectuer un achat de manière totalement anonyme et ne cachent aucune information à l'institution bancaire elle-même. Les institutions financières habituelles qui proposent des cartes virtuelles sont soumises aux lois sur la connaissance du client (KYC), ce qui signifie qu'elles peuvent exiger une pièce d'identité ou d'autres informations d'identification. + +- [Services de masquage des paiements recommandés :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +Ce sont généralement de bonnes options pour les paiements récurrents/abonnements en ligne, tandis que les cartes-cadeaux prépayées sont préférables pour les transactions ponctuelles. + +## Crypto-monnaie + +Les crypto-monnaies sont une forme numérique de monnaie conçue pour fonctionner sans autorités centrales telles qu'un gouvernement ou une banque. Bien que *certains* projets de crypto-monnaie vous permettent d'effectuer des transactions privées en ligne, beaucoup d'entre eux utilisent une chaîne de blocs publique qui ne garantit pas la confidentialité des transactions. Les crypto-monnaies ont également tendance à être des actifs très volatils, ce qui signifie que leur valeur peut changer rapidement et de manière significative à tout moment. C'est pourquoi nous ne recommandons généralement pas d'utiliser les crypto-monnaies comme réserve de valeur à long terme. Si vous décidez d'utiliser des crypto-monnaies en ligne, assurez-vous au préalable de bien comprendre les aspects liés à la protection de la vie privée et n'investissez que des montants qu'il ne serait pas désastreux de perdre. + +!!! danger "Danger" + + La grande majorité des crypto-monnaies fonctionnent sur une chaîne de blocs **publique**, ce qui signifie que chaque transaction est connue de tous. Cela inclut même les crypto-monnaies les plus connues comme le Bitcoin et l'Ethereum. Les transactions avec ces crypto-monnaies ne doivent pas être considérées comme privées et ne protégeront pas votre anonymat. + + En outre, de nombreuses crypto-monnaies, si ce n'est la plupart, sont des escroqueries. Effectuez des transactions avec prudence, uniquement avec des projets auxquels vous faites confiance. + +### Crypto-monnaies privées + +Il existe un certain nombre de projets de crypto-monnaies qui prétendent assurer la protection de la vie privée en rendant les transactions anonymes. Nous recommandons d'en utiliser un qui assure l'anonymat des transactions **par défaut** afin d'éviter des erreurs opérationnelles. + +- [Crypto-monnaies recommandées :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Les crypto-monnaies privées font l'objet d'un examen de plus en plus minutieux de la part des agences gouvernementales. En 2020, [l'IRS a publié une prime de 625 000 $](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) pour des outils qui peuvent briser la confidentialité des transactions du réseau Lightning Bitcoin et/ou de Monero. En fin de compte, ils [ont versé à deux sociétés](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis et Integra Fec) un montant combiné de 1,25 million $ pour des outils qui prétendent le faire (on ne sait pas quel réseau de crypto-monnaies ces outils ciblent). En raison du secret qui entoure ce type d'outils, ==aucune de ces méthodes de traçage des crypto-monnaies n'a été confirmée de manière indépendante.== Cependant, il est tout à fait probable que des outils qui aident les enquêtes ciblées sur les transactions de crypto-monnaies privées existent, et que les crypto-monnaies privées ne parviennent qu'à contrecarrer la surveillance de masse. + +### Autres crypto-monnaies (Bitcoin, Ethereum, etc.) + +La grande majorité des projets de crypto-monnaies utilisent une chaîne de blocs publique, ce qui signifie que toutes les transactions sont à la fois facilement traçables et permanentes. C'est pourquoi nous décourageons fortement l'utilisation de la plupart des crypto-monnaies pour une utilisation liées à la protection de la vie privée. + +Les transactions anonymes sur une chaîne de blocs publique sont *théoriquement* possibles, et le wiki Bitcoin [donne un exemple de transaction "complètement anonyme"](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). Toutefois, cela nécessite une configuration compliquée impliquant Tor et le "minage en solo" d'un bloc pour générer une crypto-monnaie complètement indépendante, une pratique qui n'a pas été pratique pour presque tous les enthousiastes depuis de nombreuses années. + +==Votre meilleure option est d'éviter complètement ces crypto-monnaies et de vous en tenir à une qui assure la confidentialité par défaut.== Tenter d'utiliser d'autres crypto-monnaies sort du cadre de ce site et est fortement déconseillé. + +### Garde du portefeuille + +Il existe deux types de portefeuilles pour les crypto-monnaies : les portefeuilles de garde et les portefeuilles non gardiens. Les portefeuilles de garde sont gérés par des sociétés centralisées ou des centres d'échange, qui détiennent la clé privée de votre portefeuille, et vous pouvez y accéder n'importe où, en général avec un nom d'utilisateur et un mot de passe ordinaires. Les portefeuilles non gardiens sont des portefeuilles dont vous contrôlez et gérez les clés privées permettant d'y accéder. Si vous conservez les clés privées de votre portefeuille en toute sécurité et que vous les sauvegardez, les portefeuilles non gardiens offrent une plus grande sécurité et une meilleure résistance à la censure que les portefeuilles dépositaires, car vos crypto-monnaies ne peuvent pas être volées ou gelées par une entreprise qui a la garde de vos clés privées. La garde des clés est particulièrement importante lorsqu'il s'agit de crypto-monnaies privées : les portefeuilles de garde permettent à la société d'exploitation de consulter vos transactions, ce qui annule les avantages de ces crypto-monnaies sur la protection de la vie privée. + +### Acquisition + +Il peut être difficile d'acquérir des [crypto-monnaies](../cryptocurrency.md) comme Monero de façon privée. Les places de marché P2P telles que [LocalMonero](https://localmonero.co/), une plateforme qui facilite les échanges entre les personnes, sont une option qui peut être utilisée. Si l'utilisation d'un centre d'échange exigeant la connaissance du client (KYC) est un risque acceptable pour vous tant que les transactions ultérieures ne peuvent pas être tracées, une option beaucoup plus facile est d'acheter des Monero sur un centre d'échange comme [Kraken](https://kraken.com/), ou d'acheter des Bitcoin/Litecoin sur un centre d'échange KYC qui peuvent ensuite être échangés contre des Monero. Ensuite, vous pouvez retirer les Monero achetés vers votre propre portefeuille non gardien pour les utiliser de façon privée à partir de ce moment-là. + +Si vous optez pour cette solution, veillez à acheter des Monero à des moments et dans des quantités différents de ceux où vous les dépenserez. Si vous achetez 5 000 $ de Monero sur un centre d'échange et que vous effectuez un achat de 5 000 $ avec du Monero une heure plus tard, ces actions pourraient potentiellement être corrélées par un observateur extérieur, quel que soit le chemin emprunté par le Monero. L'échelonnement des achats et l'achat de grandes quantités de Monero à l'avance pour les dépenser plus tard dans de multiples transactions plus petites peuvent permettre d'éviter ce piège. + +## Autres considérations + +Lorsque vous effectuez un paiement en personne avec de l'argent liquide, n'oubliez pas de penser à votre vie privée physique. Les caméras de sécurité sont omniprésentes. Envisagez de porter des vêtements non distincts et un masque facial (tel qu'un masque chirurgical ou N95). Ne vous inscrivez pas à des programmes de récompense et ne fournissez pas d'autres informations vous concernant. + +Lorsque vous achetez en ligne, l'idéal est de le faire sur [Tor](tor-overview.md). Cependant, de nombreux commerçants n'autorisent pas les achats avec Tor. Vous pouvez envisager d'utiliser un [VPN recommandé](../vpn.md) (payé en espèces, par carte-cadeau ou par Monero), ou d'effectuer l'achat dans un café ou une bibliothèque disposant d'une connexion Wi-Fi gratuite. Si vous commandez un article physique qui doit être livré, vous devrez fournir une adresse de livraison. Vous devriez envisager d'utiliser une boîte postale, une boîte aux lettres privée ou une adresse professionnelle. diff --git a/i18n/fr/advanced/tor-overview.md b/i18n/fr/advanced/tor-overview.md index e9080518..fa006b1e 100644 --- a/i18n/fr/advanced/tor-overview.md +++ b/i18n/fr/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction à Tor" icon: 'simple/torproject' +description: Tor est un réseau décentralisé, gratuit, conçu pour utiliser Internet avec le plus de confidentialité possible. --- Tor est un réseau décentralisé, gratuit, conçu pour utiliser Internet avec le plus de confidentialité possible. S'il est utilisé correctement, le réseau permet une navigation et des communications privées et anonymes. @@ -68,14 +69,12 @@ Si vous souhaitez utiliser Tor pour naviguer sur le web, nous ne recommandons qu - [Navigateur Tor :material-arrow-right-drop-circle:](../tor.md#tor-browser) -## Ressources Supplémentaires +## Ressources supplémentaires - [Manuel d'utilisation du navigateur Tor](https://tb-manual.torproject.org) - [Comment Tor fonctionne - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Services onion Tor - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.fr.txt" - [^1]: Le premier relais de votre circuit est appelé "garde d'entrée" ou "garde". Il s'agit d'un relais rapide et stable qui reste le premier de votre circuit pendant 2 à 3 mois afin de vous protéger contre une attaque connue de rupture d'anonymat. Le reste de votre circuit change avec chaque nouveau site web que vous visitez, et tous ensemble ces relais fournissent les protections complètes de Tor en matière de vie privée. Pour en savoir plus sur le fonctionnement des relais de garde, consultez cet [article de blog](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) et ce [document](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) sur les gardes d'entrée. ([https://support.torproject.org/fr/tbb/tbb-2/](https://support.torproject.org/fr/tbb/tbb-2/)) [^2]: Balise de relai: une (dis-)qualification spéciale des relais pour les positions de circuit (par exemple, "Guard", "Exit", "BadExit"), les propriétés de circuit (par exemple, "Fast", "Stable") ou les rôles (par exemple, "Authority", "HSDir"), tels qu'attribués par les autorités de l'annuaire et définis plus précisément dans la spécification du protocole de l'annuaire. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/fr/android.md b/i18n/fr/android.md index 0fc683a6..623bbc6a 100644 --- a/i18n/fr/android.md +++ b/i18n/fr/android.md @@ -1,20 +1,22 @@ --- title: "Android" icon: 'simple/android' +description: Vous pouvez remplacer le système d'exploitation de votre téléphone Android par ces alternatives sécurisées et respectueuses de la vie privée. --- ![Logo d'Android](assets/img/android/android.svg){ align=right } -**Android Open Source Project** est un système d'exploitation mobile à code source ouvert dirigé par Google qui équipe la majorité des appareils mobiles dans le monde. La plupart des téléphones vendus avec Android sont modifiés pour inclure des intégrations et des applications invasives telles que Google Play Services. Vous pouvez donc améliorer considérablement votre vie privée sur votre appareil mobile en remplaçant l'installation par défaut de votre téléphone par une version d'Android dépourvue de ces fonctionnalités invasives. +**Android Open Source Project** est un système d'exploitation mobile open source dirigé par Google qui équipe la majorité des appareils mobiles dans le monde. La plupart des téléphones vendus avec Android sont modifiés pour inclure des intégrations et des applications invasives telles que Google Play Services. Vous pouvez donc améliorer considérablement votre vie privée sur votre appareil mobile en remplaçant l'installation par défaut de votre téléphone par une version d'Android dépourvue de ces fonctionnalités invasives. [:octicons-home-16:](https://source.android.com/){ .card-link title=Page d'accueil } [:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation} -[:octicons-code-16:](https://cs.android.com/android/platform/superproject/){ .card-link title="Code Source" } +[:octicons-code-16:](https://cs.android.com/android/platform/superproject/){ .card-link title="Code source" } Voici les systèmes d'exploitation, les appareils et les applications Android que nous recommandons pour optimiser la sécurité et la confidentialité de votre appareil mobile. Pour en savoir plus sur Android : -- [Présentation générale d'Android :material-arrow-right-drop-circle:](os/android-overview.md) -- [Pourquoi nous recommandons GrapheneOS plutôt que CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[Présentation générale d'Android :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Pourquoi nous recommandons GrapheneOS plutôt que CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## Dérivés de AOSP @@ -41,9 +43,9 @@ Nous vous recommandons d'installer l'un de ces systèmes d'exploitation Android [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Code source" } [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribuer } -GrapheneOS prend en charge [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), qui exécute les [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) entièrement sandboxed comme toute autre application normale. Cela signifie que vous pouvez profiter de la plupart des services Google Play, tels que [les notifications push](https://firebase.google.com/docs/cloud-messaging/), tout en vous donnant un contrôle total sur leurs autorisations et leur accès, et tout en les contenant à un [profil de travail](os/android-overview.md#work-profile) ou un [profil d'utilisateur](os/android-overview.md#user-profiles) spécifique de votre choix. +GrapheneOS prend en charge [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), qui exécute les [Services Google Play](https://fr.wikipedia.org/wiki/Services_Google_Play) entièrement sandboxed comme toute autre application normale. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. -Les téléphones Google Pixel sont les seuls appareils qui répondent actuellement aux [exigences de sécurité matérielle](https://grapheneos.org/faq#device-support) de GrapheneOS. +Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). ### DivestOS @@ -61,11 +63,11 @@ Les téléphones Google Pixel sont les seuls appareils qui répondent actuelleme [:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Code source" } [:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Contribuer } -DivestOS dispose d'un système de [correction](https://gitlab.com/divested-mobile/cve_checker) automatique des vulnérabilités du noyau ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)), de moins de morceaux propriétaires et d'un fichier [hosts](https://divested.dev/index.php?page=dnsbl) personnalisé. Son WebView renforcé, [Mulch](https://gitlab.com/divested-mobile/mulch), permet [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) pour toutes les architectures et [un partitionnement de l'état du réseau](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), et reçoit des mises à jour hors bande. DivestOS inclut également les correctifs de noyau de GrapheneOS et active toutes les fonctions de sécurité de noyau disponibles via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). Tous les noyaux plus récents que la version 3.4 incluent une [désinfection](https://lwn.net/Articles/334747/) complète de la page et tous les ~22 noyaux compilés par Clang ont [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) activé. +DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. -DivestOS met en œuvre certains correctifs de renforcement du système développés à l'origine pour GrapheneOS. DivestOS 16.0 et plus implémente les autorisations [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) et SENSORS de GrapheneOS, l'[allocateur de mémoire renforcé](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), la [constification](https://en.wikipedia.org/wiki/Java_Native_Interface) [JNI](https://en.wikipedia.org/wiki/Const_(computer_programming)), et des patchs de renforcement [bioniques](https://en.wikipedia.org/wiki/Bionic_(software)) partiels. Les versions 17.1 et supérieures offrent l'option de GrapheneOS pour [rendre aléatoire les adresses MAC](https://en.wikipedia.org/wiki/MAC_address#Randomization) entre réseaux, le contrôle [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) et les options de redémarrage/coupure Wi-Fi/coupure Bluetooth automatique [sur délai](https://grapheneos.org/features). +DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). -DivestOS utilise F-Droid comme magasin d'applications par défaut. Normalement, nous recommandons d'éviter F-Droid en raison de ses nombreux [problèmes de sécurité](#f-droid). Cependant, le faire sur DivestOS n'est pas viable ; les développeurs mettent à jour leurs applications via leurs propres dépôts F-Droid ([Official DivestOS](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) et [WebView DivestOS](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). Nous recommandons de désactiver l'application officielle F-Droid et d'utiliser [Neo Store](https://github.com/NeoApplications/Neo-Store/) avec les dépôts DivestOS activés pour maintenir ces composants à jour. Pour les autres applications, nos méthodes recommandées pour les obtenir restent applicables. +DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. !!! warning "Avertissement" @@ -75,21 +77,21 @@ DivestOS utilise F-Droid comme magasin d'applications par défaut. Normalement, ## Appareils Android -Lorsque vous achetez un appareil, nous vous recommandons d'en prendre un aussi neuf que possible. Les logiciels et les micrologiciels des appareils mobiles ne sont pris en charge que pour une durée limitée. L'achat de nouveaux appareils permet donc de prolonger cette durée de vie autant que possible. +When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. -Évitez d'acheter des téléphones auprès des opérateurs de réseaux mobiles. Ces derniers ont souvent un **chargeur d'amorçage verrouillé** et ne supportent pas le [déverrouillage constructeur](https://source.android.com/devices/bootloader/locking_unlocking). Ces variantes de téléphone vous empêcheront d'installer tout type de distribution Android alternative. +Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution. -Soyez très **prudent** lorsque vous achetez des téléphones d'occasion sur des marchés en ligne. Vérifiez toujours la réputation du vendeur. Si l'appareil est volé, il est possible que l'[IMEI soit mis sur liste noire](https://www.gsma.com/security/resources/imei-blacklisting/). Il y a également un risque d'être associé à l'activité de l'ancien propriétaire. +Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner. -Quelques conseils supplémentaires concernant les appareils Android et la compatibilité du système d'exploitation : +A few more tips regarding Android devices and operating system compatibility: -- N'achetez pas d'appareils qui ont atteint ou sont sur le point d'atteindre leur fin de vie, des mises à jour supplémentaires du micrologiciel doivent être fournies par le fabricant. -- N'achetez pas de téléphones LineageOS ou /e/ OS préchargés ou tout autre téléphone Android sans prise en charge adéquate de [Démarrage Vérifié](https://source.android.com/security/verifiedboot) et sans mises à jour du micrologiciel. En outre, ces appareils ne vous permettent pas de vérifier s'ils ont été manipulés. -- En bref, si un appareil ou une distribution Android ne figure pas dans cette liste, il y a probablement une bonne raison. Consultez notre [forum](https://discuss.privacyguides.net/) pour en savoir plus ! +- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer. +- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with. +- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net/) to find details! ### Google Pixel -Les téléphones Google Pixel sont les **seuls** appareils dont nous recommandons l'achat. Les téléphones Pixel ont une sécurité matérielle plus forte que tous les autres appareils Android actuellement sur le marché, grâce à une prise en charge AVB adéquate pour les systèmes d'exploitation tiers et aux puces de sécurité personnalisées [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) de Google faisant office d'Elément Sécurisé. +Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element. !!! recommendation @@ -101,22 +103,22 @@ Les téléphones Google Pixel sont les **seuls** appareils dont nous recommandon [:material-shopping: Boutique](https://store.google.com/category/phones){ .md-button .md-button--primary } -Les Eléments Sécurisés comme le Titan M2 sont plus limités que le Trusted Execution Environment du processeur utilisé par la plupart des autres téléphones, car ils ne sont utilisés que pour le stockage des secrets, l'attestation matérielle et la limitation du débit, et non pour exécuter des programmes "de confiance". Les téléphones dépourvus d'un Elément Sécurisé doivent utiliser le TEE pour *toutes* ces fonctions, ce qui élargit la surface d'attaque. +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface. -Les téléphones Google Pixel utilisent un OS TEE appelé Trusty qui est [open-source](https://source.android.com/security/trusty#whyTrusty), contrairement à de nombreux autres téléphones. +Google Pixel phones use a TEE OS called Trusty which is [open-source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -L'installation de GrapheneOS sur un téléphone Pixel est facile avec leur [installateur web](https://grapheneos.org/install/web). Si vous ne vous sentez pas à l'aise pour le faire vous-même et que vous êtes prêt à dépenser un peu plus d'argent, consultez le site [NitroPhone](https://shop.nitrokey.com/shop) car ils sont préchargés avec GrapheneOS et viennent de la société réputée [Nitrokey](https://www.nitrokey.com/about). +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://www.nitrokey.com/about) company. -Quelques conseils supplémentaires pour l'achat d'un Google Pixel : +A few more tips for purchasing a Google Pixel: -- Si vous cherchez une bonne affaire pour un appareil Pixel, nous vous suggérons d'acheter un modèle "**a**", juste après la sortie du prochain produit phare de la marque. Les remises sont généralement disponibles parce que Google essaie d'écouler son stock. -- Tenez compte des offres spéciales et réductions proposées par les magasins physiques. -- Consultez les sites communautaires de bonnes affaires en ligne dans votre pays. Ils peuvent vous signaler les bonnes ventes. -- Google fournit une liste indiquant le [cycle de support](https://support.google.com/nexus/answer/4457705) pour chacun de ses appareils. Le prix par jour d'un appareil peut être calculé comme suit :\text{Coût} - \text {Date fin de vie}-\text{Date du jour}$, ce qui signifie que plus l'utilisation de l'appareil est longue, plus le coût par jour est faible. +- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock. +- Consider price beating options and specials offered at physical stores. +- Look at online community bargain sites in your country. These can alert you to good sales. +- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day. ## Applications générales -Nous recommandons une grande variété d'applications Android sur ce site. Les applications répertoriées ici sont exclusives à Android et améliorent ou remplacent les principales fonctionnalités du système. +We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality. ### Shelter @@ -163,17 +165,17 @@ Nous recommandons une grande variété d'applications Android sur ce site. Les a - [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases) - [:material-cube-outline: Magasin d'application de GrapheneOS](https://github.com/GrapheneOS/Apps/releases) -Auditor effectue l'attestation et la détection d'intrusion : +Auditor performs attestation and intrusion detection by: -- A l'aide d'un modèle de [Confiance lors de la première utilisation (TOFU - Trust On First Use)](https://en.wikipedia.org/wiki/Trust_on_first_use) entre un *auditeur* et un *audité*, la paire établit une clé privée dans le trousseau [matériel](https://source.android.com/security/keystore/) d'*Auditor*. -- L'*auditeur* peut être une autre instance de l'application Auditor ou le [Service d'Attestation à Distance](https://attestation.app). -- L'*auditeur* enregistre l'état et la configuration actuels de l'*audité*. -- En cas d'altération du système d'exploitation de l'*audité* après l'appairage, l'auditeur sera informé de la modification de l'état et des configurations de l'appareil. -- Vous serez alerté de ce changement. +- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/) of the *Auditor*. +- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app). +- The *auditor* records the current state and configuration of the *auditee*. +- Should tampering with the operating system of the *auditee* happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations. +- You will be alerted to the change. -Aucune information personnelle identifiable n'est soumise au service d'attestation. Nous vous recommandons de vous inscrire avec un compte anonyme et d'activer l'attestation à distance pour un contrôle continu. +No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring. -Si votre [modèle de menace](basics/threat-modeling.md) nécessite une certaine confidentialité, vous pouvez envisager d'utiliser [Orbot](tor.md#orbot) ou un VPN pour cacher votre adresse IP au service d'attestation. Pour s'assurer de l'authenticité de votre matériel et de votre système d'exploitation, [effectuez une attestation locale](https://grapheneos.org/install/web#verifying-installation) immédiatement après l'installation de l'appareil et avant toute connexion à Internet. +If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service. To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection. ### Secure Camera @@ -195,11 +197,11 @@ Si votre [modèle de menace](basics/threat-modeling.md) nécessite une certaine - [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases) - [:material-cube-outline: Magasin d'application de GrapheneOS](https://github.com/GrapheneOS/Apps/releases) -Les principales caractéristiques de confidentialité comprennent : +Main privacy features include: -- Suppression automatique des métadonnées [Exif](https://en.wikipedia.org/wiki/Exif) (activée par défaut) -- Utilisation de la nouvelle API [Media](https://developer.android.com/training/data-storage/shared/media), donc les [autorisations de stockage](https://developer.android.com/training/data-storage) ne sont pas nécessaires -- L'autorisation microphone n'est pas nécessaire, sauf si vous souhaitez enregistrer des sons +- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default) +- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required +- Microphone permission not required unless you want to record sound !!! note "À noter" @@ -232,11 +234,11 @@ Les principales caractéristiques de confidentialité comprennent : ### Magasin d'applications GrapheneOS -Le magasin d'applications de GrapheneOS est disponible sur [GitHub](https://github.com/GrapheneOS/Apps/releases). Il prend en charge Android 12 et plus et est capable de se mettre à jour. Le magasin d'applications contient des applications autonomes construites par le projet GrapheneOS, telles que [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), et [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). Si vous recherchez ces applications, nous vous recommandons vivement de les obtenir à partir du magasin d'applications de GrapheneOS plutôt que du Play Store, car les applications de leur magasin sont signées par la signature du projet GrapheneOS à laquelle Google n'a pas accès. +GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to. ### Aurora Store -Le Google Play Store nécessite un compte Google pour se connecter, ce qui n'est pas idéal pour la confidentialité. Vous pouvez contourner ce problème en utilisant un client alternatif, tel que Aurora Store. +The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store. !!! recommendation @@ -251,29 +253,29 @@ Le Google Play Store nécessite un compte Google pour se connecter, ce qui n'est - [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases) -Aurora Store ne vous permet pas de télécharger des applications payantes grâce à sa fonction de compte anonyme. Vous pouvez éventuellement vous connecter avec votre compte Google sur Aurora Store pour télécharger les applications que vous avez achetées, ce qui donne accès à la liste des applications que vous avez installées à Google, mais vous bénéficiez toujours de l'avantage de ne pas avoir besoin du client Google Play complet et des services Google Play ou microG sur votre appareil. +Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device. ### Manuellement avec les notifications RSS -Pour les applications publiées sur des plateformes telles que GitHub et GitLab, vous pouvez ajouter un flux RSS à votre [agrégateur d'actualités](/news-aggregators) qui vous aidera à suivre les nouvelles versions. +For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you keep track of new releases. -![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![Notes de version APK](./assets/img/android/rss-changes-light.png#only-light) ![Notes de version APK](./assets/img/android/rss-changes-dark.png#only-dark) +![APK RSS](./assets/img/android/rss-apk-light.png#only-light) ![APK RSS](./assets/img/android/rss-apk-dark.png#only-dark) ![Notes de version APK](./assets/img/android/rss-changes-light.png#only-light) ![Notes de version APK](./assets/img/android/rss-changes-dark.png#only-dark) #### GitHub -Sur GitHub, en prenant l'exemple de [Secure Camera](#secure-camera), vous naviguez vers sa [page de publications](https://github.com/GrapheneOS/Camera/releases) et ajoutez `.atom` à l'URL : +On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL: `https://github.com/GrapheneOS/Camera/releases.atom` #### GitLab -Sur GitLab, en prenant l'exemple de [Aurora Store](#aurora-store) , vous naviguez vers son [dépôt de projet](https://gitlab.com/AuroraOSS/AuroraStore) et ajoutez `/-/tags?format=atom` à l'URL : +On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL: `https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom` #### Vérifier les empreintes numériques des APK -Si vous téléchargez des fichiers APK à installer manuellement, vous pouvez vérifier leur signature à l'aide de l'outil [`apksigner`](https://developer.android.com/studio/command-line/apksigner), qui fait partie des [build-tools](https://developer.android.com/studio/releases/build-tools) d'Android. +If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools). 1. Installez [Java JDK](https://www.oracle.com/java/technologies/downloads/). @@ -306,13 +308,13 @@ Si vous téléchargez des fichiers APK à installer manuellement, vous pouvez v ![Logo F-Droid](assets/img/android/f-droid.svg){ align=right width=120px } -==Nous ne recommandons **pas** actuellement F-Droid comme moyen d'obtenir des applications.== F-Droid est souvent recommandé comme une alternative à Google Play, en particulier dans la communauté de la vie privée. La possibilité d'ajouter des dépôts tiers et de ne pas être confiné au jardin clos de Google a conduit à sa popularité. F-Droid dispose en outre de [versions reproductibles](https://f-droid.org/en/docs/Reproducible_Builds/) pour certaines applications et est dédié aux logiciels libres et open-source. Cependant, il y a des [problèmes notables](https://privsec.dev/posts/android/f-droid-security-issues/) avec le client officiel F-Droid, leur contrôle de qualité, et la façon dont ils construisent, signent, et livrent les paquets. +==We do **not** currently recommend F-Droid as a way to obtain apps.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications and is dedicated to free and open-source software. However, there are [notable problems](https://privsec.dev/posts/android/f-droid-security-issues/) with the official F-Droid client, their quality control, and how they build, sign, and deliver packages. -En raison de leur processus de construction d'applications, les applications du dépôt officiel de F-Droid sont souvent en retard sur les mises à jour. Les mainteneurs de F-Droid réutilisent également les identifiants des paquets tout en signant les applications avec leurs propres clés, ce qui n'est pas idéal car cela donne à l'équipe F-Droid une confiance ultime. +Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. -D'autres dépôts tiers populaires tels que [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) atténuent certains de ces problèmes. Le dépôt IzzyOnDroid récupère les versions directement depuis GitHub et constitue la meilleure alternative aux dépôts des développeurs. Cependant, ce n'est pas quelque chose que nous pouvons recommander, car les applications sont généralement [retirées](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) de ce dépôt lorsqu'elles arrivent dans le dépôt principal de F-Droid. Bien que cela soit logique (puisque le but de ce dépôt particulier est d'héberger des applications avant qu'elles ne soient acceptées dans le dépôt principal de F-Droid), cela peut vous laisser avec des applications installées qui ne reçoivent plus de mises à jour. +Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates. -Cela dit, les dépôts [F-Droid](https://f-droid.org/en/packages/) et [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) abritent d'innombrables applications. Ils peuvent donc être un outil utile pour rechercher et découvrir des applications open-source que vous pouvez ensuite télécharger via le Play Store, Aurora Store ou en obtenant l'APK directement auprès du développeur. Il est important de garder à l'esprit que certaines applications de ces dépôts n'ont pas été mises à jour depuis des années et peuvent s'appuyer sur des bibliothèques non prises en charge, entre autres, ce qui constitue un risque potentiel pour la sécurité. Vous devez faire preuve de discernement lorsque vous recherchez de nouvelles applications par cette méthode. +That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method. !!! note "À noter" @@ -329,25 +331,23 @@ Cela dit, les dépôts [F-Droid](https://f-droid.org/en/packages/) et [IzzyOnDro ### Systèmes d'exploitation - Doit être un logiciel open source. -- Doit prendre en charge le verrouillage du chargeur d'amorçage avec prise en charge d'une clé AVB personnalisée. -- Doit recevoir les mises à jour majeures d'Android dans le mois suivant leur publication. -- Doit recevoir les mises à jour des fonctionnalités d'Android (version mineure) dans les 14 jours suivant leur publication. -- Doit recevoir les correctifs de sécurité réguliers dans les 5 jours suivant leur publication. -- Ne doit **pas** être fourni "rooté". -- Ne doit **pas** activer Google Play Services par défaut. -- Ne doit **pas** nécessiter une modification du système pour prendre en charge les Google Play Services. +- Must support bootloader locking with custom AVB key support. +- Must receive major Android updates within 0-1 months of release. +- Must receive Android feature updates (minor version) within 0-14 days of release. +- Must receive regular security patches within 0-5 days of release. +- Must **not** be "rooted" out of the box. +- Must **not** enable Google Play Services by default. +- Must **not** require system modification to support Google Play Services. ### Appareils -- Doit prendre en charge au moins l'un des systèmes d'exploitation personnalisés que nous recommandons. -- Doit être actuellement vendu neuf en magasin. -- Doit recevoir un minimum de 5 ans de mises à jour de sécurité. -- Doit disposer d'un matériel dédié aux éléments sécurisés. +- Must support at least one of our recommended custom operating systems. +- Must be currently sold new in stores. +- Must receive a minimum of 5 years of security updates. +- Must have dedicated secure element hardware. ### Applications -- Les applications de cette page ne doivent pas être applicables à une autre catégorie de logiciels sur le site. -- Les applications générales doivent étendre ou remplacer les fonctionnalités de base du système. -- Les applications doivent être régulièrement mises à jour et entretenues. - ---8<-- "includes/abbreviations.fr.txt" +- Applications on this page must not be applicable to any other software category on the site. +- General applications should extend or replace core system functionality. +- Applications should receive regular updates and maintenance. diff --git a/i18n/fr/basics/account-creation.md b/i18n/fr/basics/account-creation.md index 8f59cb3d..02c356d0 100644 --- a/i18n/fr/basics/account-creation.md +++ b/i18n/fr/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Création de compte" icon: 'material/account-plus' +description: La création de comptes en ligne est pratiquement une nécessité sur internet, prenez ces mesures pour vous assurer de rester privé. --- Souvent, les gens s'inscrivent à des services sans réfléchir. Il s'agit peut-être d'un service de streaming qui vous permet de regarder la nouvelle émission dont tout le monde parle, ou d'un compte qui vous permet de bénéficier d'une réduction dans votre fast-food préféré. Quoi qu'il en soit, vous devez tenir compte des implications pour vos données, maintenant et plus tard. @@ -78,5 +79,3 @@ Dans de nombreux cas, vous devrez fournir un numéro à partir duquel vous pourr ### Nom d'utilisateur et mot de passe Certains services vous permettent de vous inscrire sans utiliser d'adresse électronique et vous demandent seulement de définir un nom d'utilisateur et un mot de passe. Ces services peuvent offrir un anonymat accru lorsqu'ils sont associés à un VPN ou à Tor. Gardez à l'esprit que pour ces comptes, il n'y aura très probablement **aucun moyen de récupérer votre compte** au cas où vous oublieriez votre nom d'utilisateur ou votre mot de passe. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/basics/account-deletion.md b/i18n/fr/basics/account-deletion.md index e248e616..f775ecee 100644 --- a/i18n/fr/basics/account-deletion.md +++ b/i18n/fr/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Suppression de compte" icon: 'material/account-remove' +description: Il est facile d'accumuler un grand nombre de comptes internet. Voici quelques conseils pour élaguer votre collection. --- Au fil du temps, il est facile d'accumuler un certain nombre de comptes en ligne, dont beaucoup ne sont peut-être plus utilisés. La suppression de ces comptes inutilisés est une étape importante dans la récupération de votre vie privée, car les comptes inactifs sont vulnérables aux fuites de données. Il y a une fuite des données lorsque la sécurité d'un service est compromise et que des informations protégées sont consultées, transmises ou volées par des acteurs non autorisés. Les fuites de données sont malheureusement [très fréquentes](https://haveibeenpwned.com/PwnedWebsites) de nos jours, et donc le meilleur moyen de minimiser l'impact qu'elles ont sur votre vie et de pratiquer une bonne hygiène numérique. L'objectif de ce guide est donc de vous aider à traverser le processus fastidieux de la suppression d'un compte, souvent rendu difficile à cause du [dark pattern](https://www.deceptive.design/), une pratique que certains services utilisent afin que vous abandonniez l'idée de supprimer votre compte. @@ -59,5 +60,3 @@ Même lorsque vous êtes en mesure de supprimer un compte, il n'y a aucune garan ## Éviter la création de nouveaux comptes Comme le dit le vieil adage, "Mieux vaut prévenir que guérir". Chaque fois que vous êtes tenté de vous inscrire à un nouveau service ou site web, demandez-vous : "En ai-je vraiment besoin ? Puis-je accomplir ce dont j'ai besoin sans compte ?" Il est souvent beaucoup plus difficile de supprimer un compte que d'en créer un. Et même après avoir supprimé ou modifié les informations sur votre compte, il se peut qu'il existe une version en cache provenant d'un tiers, comme [Internet Archive](https://archive.org/). Évitez la tentation quand vous le pouvez - votre futur vous en remerciera ! - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/basics/common-misconceptions.md b/i18n/fr/basics/common-misconceptions.md index a3a68ae5..22bb9132 100644 --- a/i18n/fr/basics/common-misconceptions.md +++ b/i18n/fr/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Idées reçues" icon: 'material/robot-confused' +description: La protection de la vie privée n'est pas un sujet simple, et il est facile de se laisser piéger par les affirmations marketing et autres désinformations. --- ## "Les logiciels libres et open-source sont toujours sécurisés" ou "Les logiciels propriétaires sont plus sécurisé" @@ -56,6 +57,4 @@ Les modèles de menace les plus clairs sont ceux où les gens *savent qui vous L'utilisation de Tor peut y contribuer. Il convient également de noter qu'un plus grand anonymat est possible grâce à la communication asynchrone : La communication en temps réel est vulnérable à l'analyse des habitudes de frappe (c'est-à-dire plus d'un paragraphe de texte, diffusé sur un forum, par e-mail, etc.) ---8<-- "includes/abbreviations.fr.txt" - [^1]: Un exemple notable est l'[incident de 2021 dans lequel des chercheurs de l'Université du Minnesota ont introduit trois vulnérabilités dans le projet de développement du noyau Linux](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/fr/basics/common-threats.md b/i18n/fr/basics/common-threats.md index a6e3a11c..e27488c0 100644 --- a/i18n/fr/basics/common-threats.md +++ b/i18n/fr/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Menaces courantes" icon: 'material/eye-outline' +description: Votre modèle de menace vous est personnel, mais ce sont là quelques-unes des questions qui préoccupent de nombreux visiteurs de ce site. --- Pour faire simple, nous classons nos recommandations dans ces catégories générales de [menaces](threat-modeling.md) ou d'objectifs qui s'appliquent à la plupart des gens. ==Vous pouvez vous sentir concerné par une, plusieurs, toutes, ou bien aucune de ces possibilités==. Les outils et les services que vous utilisez dépendent également de vos objectifs. Il est possible que vous ayez des menaces spécifiques ne rentrant dans aucune de ces catégories, ce qui est tout à fait normal ! L'important est de bien comprendre les avantages et les inconvénients des outils que vous choisissez d'utiliser, car pratiquement aucun d'entre eux ne vous protégera contre toutes les menaces possibles. @@ -140,8 +141,6 @@ Les personnes concernées par la menace de la censure peuvent utiliser des techn Vous devez toujours tenir compte des risques encourus en essayant de contourner la censure, des conséquences potentielles et du degré de sophistication de votre adversaire. Soyez très prudent dans le choix de vos logiciels et prévoyez un plan de secours au cas où vous seriez pris. ---8<-- "includes/abbreviations.fr.txt" - [^1]: Commission de surveillance de la vie privée et des libertés civiles des États-Unis : [Rapport sur le programme d'enregistrements téléphoniques mené en vertu de la section 215](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^2]: Conseil de surveillance de la vie privée et des libertés civiles des États-Unis : [*Rapport sur le programme d'enregistrements téléphoniques mené en vertu de la section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipédia : [*Capitalisme de surveillance*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/fr/basics/email-security.md b/i18n/fr/basics/email-security.md index ccfe4d44..bb5394e7 100644 --- a/i18n/fr/basics/email-security.md +++ b/i18n/fr/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Sécurité des emails icon: material/email +description: L'email est intrinsèquement peu sûr à bien des égards, et voici quelques-unes des raisons pour lesquelles il n'est pas notre premier choix en matière de communications sécurisées. --- Le courrier électronique est une forme de communication non sécurisée par défaut. Vous pouvez améliorer la sécurité de votre courrier électronique avec des outils tels que OpenPGP, qui ajoute un chiffrement de bout en bout à vos messages, mais OpenPGP présente toujours un certain nombre d'inconvénients par rapport au chiffrement dans d'autres applications de messagerie, et certaines données de courrier électronique ne peuvent jamais être chiffrées de manière inhérente en raison de la manière dont le courrier électronique est conçu. @@ -38,5 +39,3 @@ Les métadonnées des emails sont protégées des observateurs extérieurs par l ### Pourquoi les métadonnées ne peuvent-elles pas être E2EE? Les métadonnées des emails sont essentielles à la fonctionnalité la plus élémentaire d'un email (d'où il vient et où il doit aller). À l'origine, l'E2EE n'était pas intégré dans les protocoles d'emails, mais nécessitait un logiciel complémentaire comme OpenPGP. Comme les messages OpenPGP doivent toujours fonctionner avec les fournisseurs d'emails traditionnels, il ne peut pas chiffrer les métadonnées du mail, mais seulement le corps du message lui-même. Cela signifie que, même en utilisant OpenPGP, des observateurs extérieurs peuvent voir de nombreuses informations sur vos messages, comme l'identité de l'expéditeur, l'objet du message, le moment de l'envoi, etc. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/basics/multi-factor-authentication.md b/i18n/fr/basics/multi-factor-authentication.md index 75df6d71..0fdd50b4 100644 --- a/i18n/fr/basics/multi-factor-authentication.md +++ b/i18n/fr/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Authentification multi-facteurs" icon: 'material/two-factor-authentication' +description: MFA est un mécanisme de sécurité essentiel pour sécuriser vos comptes en ligne, mais certaines méthodes sont plus efficaces que d'autres. --- L'**Authentification Multi-Facteurs** (**MFA**) est un mécanisme de sécurité qui exige des étapes supplémentaires au-delà de la saisie du nom d'utilisateur (ou de l'email) et du mot de passe. La méthode la plus courante est celle des codes à durée limitée que vous pouvez recevoir par SMS ou par une application. @@ -162,5 +163,3 @@ La MFA par SSH peut également être configurée en utilisant TOTP. DigitalOcean ### KeePass (et KeePassXC) Les bases de données KeePass et KeePassXC peuvent être sécurisées en utilisant Challenge-Response ou HOTP comme second facteur d'authentification. Yubico a fourni un tutoriel pour KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) et il y en a également un autre sur le site [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) . - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/basics/passwords-overview.md b/i18n/fr/basics/passwords-overview.md index 4f6fc80f..b076fddb 100644 --- a/i18n/fr/basics/passwords-overview.md +++ b/i18n/fr/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction aux mots de passe" icon: 'material/form-textbox-password' +description: Voici quelques conseils et astuces pour créer des mots de passe plus forts et sécuriser vos comptes. --- Les mots de passe sont un élément essentiel de notre vie numérique quotidienne. Nous les utilisons pour protéger nos comptes, nos appareils et nos secrets. Bien qu'ils soient souvent la seule chose qui nous sépare d'un adversaire qui en veut à nos informations privées, ils ne font pas l'objet d'une réflexion approfondie, ce qui conduit souvent les gens à utiliser des mots de passe faciles à deviner ou à forcer. @@ -108,5 +109,3 @@ Il existe de nombreuses options intéressantes, qu'elles soient basées sur le c ### Sauvegardes Vous devriez conserver une sauvegarde [chiffrée](../encryption.md) de vos mots de passe sur plusieurs dispositifs de stockage ou sur un fournisseur de stockage cloud. Cela peut vous aider à accéder à vos mots de passe si quelque chose arrive à votre appareil principal ou au service que vous utilisez. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/basics/threat-modeling.md b/i18n/fr/basics/threat-modeling.md index 68ac24a6..5c0e64d5 100644 --- a/i18n/fr/basics/threat-modeling.md +++ b/i18n/fr/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Modélisation des menaces" icon: 'material/target-account' +description: Trouver le bon équilibre entre la sécurité, la confidentialité et la commodité est l'une des premières et plus difficiles tâches que vous aurez à accomplir dans votre parcours pour regagner votre vie privée en ligne. --- Trouver le bon équilibre entre la sécurité, la confidentialité et la commodité est l'une des premières et plus difficiles tâches que vous aurez à accomplir dans votre parcours pour regagner votre vie privée en ligne. Tout est une histoire de compromis : plus quelque chose est sécurisé, plus il est limité ou peu pratique, etc. Souvent, les gens trouvent que le problème avec les outils qui leurs sont recommandés est qu'ils sont trop difficiles à utiliser ! @@ -107,5 +108,3 @@ Pour les personnes qui cherchent à améliorer leur vie privée et leur sécurit ## Sources - [EFF Surveillance Self Defense: votre plan de sécurité](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/basics/vpn-overview.md b/i18n/fr/basics/vpn-overview.md index c3339467..f3e1bdcf 100644 --- a/i18n/fr/basics/vpn-overview.md +++ b/i18n/fr/basics/vpn-overview.md @@ -1,6 +1,7 @@ --- title: Introduction aux VPNs icon: material/vpn +description: Les réseaux privés virtuels déplacent le risque de votre FAI à un tiers en qui vous avez confiance. Vous devriez garder ces éléments à l'esprit. --- Les Réseaux Privés Virtuels sont un moyen d'étendre l'extrémité de votre réseau à une sortie située ailleurs dans le monde. Un Fournisseur d'Accès Internet (FAI) peut voir le flux du trafic internet qui entre et sort de votre dispositif de terminaison de réseau (c'est-à-dire la box/modem). @@ -74,5 +75,3 @@ Pour des situations comme celles-ci, ou si vous avez une autre raison impérieus - [Enquête sur les Applications VPN Gratuites](https://www.top10vpn.com/free-vpn-app-investigation/) - [Les propriétaires inconnus des VPNs dévoilés : 101 produits VPN gérés par seulement 23 sociétés](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [Cette société chinoise est secrètement à l'origine de 24 applications populaires qui cherchent à obtenir des autorisations dangereuses](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/calendar.md b/i18n/fr/calendar.md index de9deaea..1a90a26a 100644 --- a/i18n/fr/calendar.md +++ b/i18n/fr/calendar.md @@ -1,6 +1,7 @@ --- title: "Synchronisation de calendrier" icon: material/calendar +description: Les calendriers contiennent certaines de vos données les plus sensibles ; utilisez des produits qui implémentent le chiffrement au repos. --- Les calendriers contiennent certaines de vos données les plus sensibles ; utilisez des produits qui mettent en œuvre l'E2EE au repos pour empêcher un fournisseur de les lire. @@ -67,5 +68,3 @@ Les calendriers contiennent certaines de vos données les plus sensibles ; utili Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet parfait dans cette catégorie. Nos recommandations peuvent ne pas inclure tout ou partie de cette fonctionnalité, mais celles qui l'inclus peuvent être mieux classées que les autres sur cette page. - Doit s'intégrer aux applications natives de gestion des contacts et de calendrier du système d'exploitation, le cas échéant. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/cloud.md b/i18n/fr/cloud.md index dbebe3f7..e3a5a0d8 100644 --- a/i18n/fr/cloud.md +++ b/i18n/fr/cloud.md @@ -1,6 +1,7 @@ --- title: "Stockage cloud" icon: material/file-cloud +description: De nombreux fournisseurs de stockage cloud nécessitent que vous leur fassiez confiance pour ne pas consulter vos fichiers. Voici des alternatives privées ! --- De nombreux fournisseurs de stockage cloud nécessitent que vous leur fassiez entièrement confiance pour ne pas consulter vos fichiers. Les alternatives énumérées ci-dessous éliminent le besoin de confiance en vous mettant en position de contrôle de vos données ou en implémentant le chiffrement de bout en bout (E2EE). @@ -29,7 +30,6 @@ Si ces alternatives ne répondent pas à vos besoins, nous vous suggérons de vo - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Les clients mobiles de Proton Drive ont été publiés en décembre 2022 et ne sont pas encore open-source. Proton a toujours retardé la publication de son code source jusqu'à la sortie initiale du produit, et [prévoit de](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) publier le code source d'ici la fin 2023. Les clients de bureau de Proton Drive sont toujours en cours de développement. ## Critères @@ -58,5 +58,3 @@ Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet - Ces clients doivent s'intégrer aux outils natifs du système d'exploitation pour les fournisseurs de stockage cloud, comme l'intégration de l'application Fichiers sur iOS, ou la fonctionnalité DocumentsProvider sur Android. - Doit permettre de partager facilement des fichiers avec d'autres utilisateurs. - Doit offrir au moins une fonctionnalité de base d'aperçu et d'édition de fichiers sur l'interface web. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/cryptocurrency.md b/i18n/fr/cryptocurrency.md new file mode 100644 index 00000000..d8922b54 --- /dev/null +++ b/i18n/fr/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Crypto-monnaie +icon: material/bank-circle +--- + +Effectuer des paiements en ligne est l'un des plus grands défis en matière de protection de la vie privée. Ces crypto-monnaies garantissent par défaut la confidentialité des transactions (ce qui n'est **pas** garanti par la majorité des crypto-monnaies), à condition que vous ayez une bonne compréhension de la façon d'effectuer des paiements privés de manière efficace. Nous vous encourageons vivement à lire notre article sur les paiements avant d'effectuer tout achat : + +[Effectuer des paiements privés :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger "Danger" + + De nombreux projets de crypto-monnaies, voire la plupart, sont des escroqueries. Effectuez des transactions avec prudence, uniquement avec des projets auxquels vous faites confiance. + +## Monero + +!!! recommendation + + ![Logo Monero](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** utilise une chaîne de blocs avec des technologies de protection de la vie privée qui obscurcissent les transactions afin d'obtenir un anonymat. Chaque transaction Monero cache le montant de la transaction, les adresses d'envoi et de réception, ainsi que la source des fonds, sans aucune difficulté, ce qui en fait un choix idéal pour les novices en matière de crypto-monnaies. + + [:octicons-home-16: Page d'accueil](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Code source" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribuer } + +Avec Monero, les observateurs extérieurs ne peuvent pas déchiffrer les adresses qui échangent des Monero, les montants des transactions, les soldes des adresses ou l'historique des transactions. + +Pour une confidentialité optimale, assurez-vous d'utiliser un portefeuille sans garde, où la clé de visualisation reste sur l'appareil. Cela signifie que vous êtes le seul à pouvoir dépenser vos fonds et à voir les transactions entrantes et sortantes. Si vous utilisez un portefeuille de garde, le fournisseur peut voir **tout** ce que vous faites ; si vous utilisez un portefeuille "léger" dans lequel le fournisseur conserve votre clé privée, il peut voir presque tout ce que vous faites. Parmi les portefeuilles non gardiens, on peut citer : + +- [le client Monero officiel](https://getmonero.org/downloads) (bureau) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet prend en charge plusieurs crypto-monnaies. Une version de Cake Wallet réservée aux utilisateurs de Monero est disponible sur [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (bureau) +- [Monerujo](https://www.monerujo.io/) (Android) + +Pour une confidentialité maximale (même avec un portefeuille sans garde), vous devriez utiliser votre propre nœud Monero. L'utilisation du nœud d'une autre personne expose certaines informations, telles que l'adresse IP à partir de laquelle vous vous connectez, les heures auxquelles vous synchronisez votre portefeuille et les transactions que vous envoyez à partir de votre portefeuille (mais pas d'autres détails sur ces transactions). Vous pouvez également vous connecter au nœud Monero de quelqu'un d'autre via Tor ou i2p. + +En août 2021, CipherTrace [a annoncé](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) des capacités de traçage de Monero améliorées pour les agences gouvernementales. Des publications publiques montrent que le Financial Crimes Enforcement Network du département du Trésor américain [a accordé une licence à](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace pour son "module Monero" à la fin de l'année 2022. + +La confidentialité du graphe des transactions Monero est limitée par son cercle de signatures relativement petit, en particulier contre les attaques ciblées. Les caractéristiques de confidentialité de Monero ont également été [remises en question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) par certains chercheurs en sécurité, et un certain nombre de vulnérabilités graves ont été trouvées et corrigées dans le passé, de sorte que les affirmations faites par des organisations comme CipherTrace ne sont pas hors de question. S'il est peu probable qu'il existe des outils de surveillance de masse de Monero comme il en existe pour le Bitcoin et d'autres, il est certain que les outils de traçage facilitent les enquêtes ciblées. + +En fin de compte, Monero est la crypto-monnaie la plus respectueuse de la vie privée, mais ses revendications en matière de confidentialité **n'ont pas** été prouvées de manière définitive. Plus de temps et de recherche sont nécessaires pour évaluer si le Monero est suffisamment résistant aux attaques pour toujours offrir une protection adéquate de la vie privée. + +## Critères + +**Veuillez noter que nous ne sommes affiliés à aucun des projets que nous recommandons.** En plus de [nos critères de base](about/criteria.md), nous avons développé un ensemble d'exigences claires pour nous permettre de fournir des recommandations objectives. Nous vous suggérons de vous familiariser avec cette liste avant de choisir d'utiliser un projet, et de mener vos propres recherches pour vous assurer que c'est le bon choix pour vous. + +!!! example "Cette section est récente" + + Nous travaillons à l'établissement de critères définis pour chaque section de notre site, et celles-ci peuvent être sujet à changement. Si vous avez des questions sur nos critères, veuillez [poser la question sur notre forum](https://discuss.privacyguides.net/latest) et ne supposez pas que nous n'avons pas pris en compte un élément dans nos recommandations s'il ne figure pas dans la liste. De nombreux facteurs sont pris en compte et discutés lorsque nous recommandons un projet, et la documentation de chacun d'entre eux est en cours. + +- La crypto-monnaie doit offrir des transactions privées/intraçables par défaut. diff --git a/i18n/fr/data-redaction.md b/i18n/fr/data-redaction.md index 9854f359..75365924 100644 --- a/i18n/fr/data-redaction.md +++ b/i18n/fr/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Rédaction de données et de métadonnées" icon: material/tag-remove +description: Utilisez ces outils pour supprimer les métadonnées telles que la position GPS et d'autres informations d'identification des photos et des fichiers que vous partagez. --- Lorsque vous partagez des fichiers, veillez à supprimer les métadonnées associées. Les fichiers d'image comprennent généralement des données [Exif](https://en.wikipedia.org/wiki/Exif) . Les photos comportent parfois même des coordonnées GPS dans les métadonnées du fichier. @@ -142,5 +143,3 @@ L'application offre plusieurs façons d'effacer les métadonnées des images. À - Les applications développées pour les systèmes d'exploitation open source doivent être open source. - Les applications doivent être gratuites et ne doivent pas comporter de publicités ou d'autres limitations. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/desktop-browsers.md b/i18n/fr/desktop-browsers.md index 62913c4c..d1befa49 100644 --- a/i18n/fr/desktop-browsers.md +++ b/i18n/fr/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Navigateurs de bureau" icon: material/laptop +description: Firefox et Brave sont nos recommandations pour la navigation standard/non anonyme. --- Ce sont les navigateurs web de bureau et les configurations que nous recommandons actuellement pour une navigation classique/non anonyme. Si vous avez besoin de naviguer anonymement sur Internet, vous devriez plutôt utiliser [Tor](tor.md). D'une manière générale, nous vous recommandons de limiter au maximum les extensions de votre navigateur ; elles ont un accès privilégié dans votre navigateur, vous obligent à faire confiance au développeur, peuvent vous faire [sortir du lot](https://fr.wikipedia.org/wiki/Empreinte_digitale_d%27appareil), et [affaiblir](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) l'isolation des sites. @@ -189,7 +190,7 @@ Dans le menu *Système* La [Synchronisation Brave](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) permet à vos données de navigation (historique, signets, etc.) d'être accessibles sur tous vos appareils sans nécessiter de compte et les protège avec E2EE. -## Ressources Supplémentaires +## Ressources supplémentaires Nous ne recommandons généralement pas l'installation d'extensions, car elles augmentent votre surface d'attaque. Cependant, uBlock Origin peut s'avérer utile si vous appréciez la fonctionnalité de blocage de contenu. @@ -257,6 +258,4 @@ Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet - Ne doit pas dupliquer une fonctionnalité intégrée dans le navigateur ou dans le système d'exploitation. - Doit avoir un impact direct sur la vie privée des utilisateurs, c'est-à-dire qu'il ne doit pas simplement fournir des informations. ---8<-- "includes/abbreviations.fr.txt" - [^1]: L'implémentation de Brave est détaillée dans [Mises à jour de la confidentialité de Brave : Partitionnement de l'état du réseau pour la confidentialité](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/fr/desktop.md b/i18n/fr/desktop.md index c72388f7..69a17a78 100644 --- a/i18n/fr/desktop.md +++ b/i18n/fr/desktop.md @@ -1,6 +1,7 @@ --- title: "Bureau/PC" icon: simple/linux +description: Les distributions Linux sont généralement recommandées pour la protection de la vie privée et la liberté logicielle. --- Les distributions Linux sont généralement recommandées pour la protection de la vie privée et la liberté logicielle. Si vous n'utilisez pas encore Linux, vous trouverez ci-dessous quelques distributions que nous vous suggérons d'essayer, ainsi que des conseils généraux d'amélioration de la sécurité et de la confidentialité qui s'appliquent à de nombreuses distributions Linux. @@ -179,5 +180,3 @@ Nos systèmes d'exploitation recommandés : - Doitvent prendre en charge le chiffrement complet du disque pendant l'installation. - Ne doivent pas geler les mises à jour régulières pendant plus d'un an. Nous [ne recommandons pas](os/linux-overview.md#release-cycle) "Long Term Support" ou les versions "stables" de distro pour une utilisation domestique. - Doivent prendre en charge une grande variété de matériel. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/dns.md b/i18n/fr/dns.md index 5bb60e9d..ce6c32b4 100644 --- a/i18n/fr/dns.md +++ b/i18n/fr/dns.md @@ -1,15 +1,14 @@ --- title: "Résolveurs DNS" icon: material/dns +description: Voici quelques fournisseurs de DNS chiffrés que nous vous recommandons d'utiliser pour remplacer la configuration par défaut de votre FAI. --- -!!! question "Devrais-je utiliser un DNS chiffré ?" +Les DNS cryptés avec des serveurs tiers ne doivent être utilisés que pour contourner le blocage DNS de base [](https://en.wikipedia.org/wiki/DNS_blocking) lorsque vous pouvez être sûr qu'il n'y aura pas de conséquences. Le DNS chiffré ne vous aidera pas à dissimuler vos activités de navigation. - Le DNS chiffré avec des serveurs tiers ne doit être utilisé que pour contourner le [blocage DNS](https://en.wikipedia.org/wiki/DNS_blocking) de base lorsque vous êtes certain qu'il n'y aura pas de conséquences. Le DNS chiffré ne vous aidera pas à dissimuler vos activités de navigation. - - [En savoir plus sur le DNS](advanced/dns-overview.md){ .md-button } +[En savoir plus sur DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} -## Fournisseurs Recommandés +## Fournisseurs recommandés | Fournisseur DNS | Politique de confidentialité | Protocoles | Journalisation | ECS | Filtrage | | ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ | --------------- | --------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -132,8 +131,6 @@ Une solution DNS auto-hébergée est utile pour assurer le filtrage sur les plat [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Code source" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribuer } ---8<-- "includes/abbreviations.fr.txt" - [^1]: AdGuard stocke des mesures de performance agrégées de ses serveurs DNS, à savoir le nombre de demandes complètes adressées à un serveur particulier, le nombre de demandes bloquées et la vitesse de traitement des demandes. Ils conservent et stockent également la base de données des domaines demandés dans les dernières 24 heures. "Nous avons besoin de ces informations pour identifier et bloquer les nouveaux traqueurs et menaces." "Nous enregistrons également le nombre de fois où tel ou tel traqueur a été bloqué. Nous avons besoin de ces informations pour supprimer les règles obsolètes de nos filtres." [https://adguard.com/fr/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare ne collecte et ne stocke que les données limitées des requêtes DNS qui sont envoyées au résolveur 1.1.1.1. Le service de résolution 1.1.1.1 n'enregistre pas de données personnelles, et la majeure partie des données de requête limitées et non personnellement identifiables n'est stockée que pendant 25 heures. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D n'enregistre que les résolveurs Premium avec des profils DNS personnalisés. Les résolveurs libres n'enregistrent pas de données. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/fr/email-clients.md b/i18n/fr/email-clients.md index f5123666..8ce29576 100644 --- a/i18n/fr/email-clients.md +++ b/i18n/fr/email-clients.md @@ -1,6 +1,7 @@ --- title: "Logiciels de messagerie électronique" icon: material/email-open +description: Ces clients d'email respectent la vie privée et prennent en charge le chiffrement OpenPGP. --- Notre liste de recommandations contient des clients de messagerie qui prennent en charge à la fois [OpenPGP](encryption.md#openpgp) et l'authentification forte telle que [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth vous permet d'utiliser l'[Authentification à Multi-Facteurs](multi-factor-authentication) et d'empêcher le vol de compte. @@ -235,5 +236,3 @@ Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet - Ne doit pas collecter de télémétrie par défaut. - Doit prendre en charge OpenPGP nativement, c'est-à-dire sans extensions. - Doit prendre en charge le stockage local de courriels chiffrés par OpenPGP. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/email.md b/i18n/fr/email.md index 09b04fe2..f52c3fcf 100644 --- a/i18n/fr/email.md +++ b/i18n/fr/email.md @@ -1,23 +1,36 @@ --- -title: "Services de messagerie électronique" +title: "Services d'email" icon: material/email +description: Ces fournisseurs d'email constituent un excellent moyen de stocker vos emails en toute sécurité, et nombre d'entre eux proposent un système de chiffrement OpenPGP interopérable avec d'autres fournisseurs. --- -Le courriel est pratiquement une nécessité pour utiliser n'importe quel service en ligne, mais nous ne le recommandons pas pour les conversations de personne à personne. Plutôt que d'utiliser le courriel pour contacter d'autres personnes, envisagez d'utiliser un support de messagerie instantanée qui prend en charge le secret de transfert. +L'email est pratiquement une nécessité pour utiliser n'importe quel service en ligne, mais nous ne le recommandons pas pour les conversations de particulier à particulier. Plutôt que d'utiliser l'email pour contacter d'autres personnes, envisagez d'utiliser un support de messagerie instantanée qui prend en charge la confidentialité persistante. [Messageries instantanées recommandées](real-time-communication.md ""){.md-button} -Pour tout le reste, nous recommandons une variété de fournisseurs de messagerie électronique en fonction de la viabilité de leur modèle économique et de leurs fonctions intégrées de sécurité et de confidentialité. +Pour tout le reste, nous recommandons une variété de fournisseurs d'email en fonction de la viabilité de leur modèle économique et de leurs fonctions intégrées de sécurité et de confidentialité. -## Fournisseurs recommandés +- [Fournisseurs d'emails compatibles avec OpenPGP :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Autres fournisseurs chiffrés :material-arrow-right-drop-circle:](#more-providers) +- [Services d'alias d'email :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Options d'auto-hébergement :material-arrow-right-drop-circle:](#self-hosting-email) -Ces fournisseurs prennent en charge le chiffrement/déchiffrement OpenPGP nativement, ce qui permet d'envoyer des e-mails chiffrés de bout en bout (E2EE) indépendamment du fournisseur. Par exemple, un utilisateur de Proton Mail peut envoyer un message E2EE à un utilisateur de Mailbox.org, ou vous pouvez recevoir des notifications chiffrées par OpenPGP de la part de services internet qui le supportent. +## Services compatibles avec OpenPGP + +Ces fournisseurs prennent en charge de manière native le chiffrement/déchiffrement par OpenPGP et la norme WKD (Web Key Directory), ce qui permet d'obtenir des emails E2EE indépendamment du fournisseur. Par exemple, un utilisateur de Proton Mail peut envoyer un message E2EE à un utilisateur de Mailbox.org, ou vous pouvez recevoir des notifications chiffrées par OpenPGP de la part de services internet qui le supportent. + +
+ +- ![Logo Proton Mail](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Logo Mailbox.org](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning "Avertissement" - Lors de l'utilisation d'une technologie E2EE telle que OpenPGP, le courrier électronique contiendra toujours certaines métadonnées non chiffrées dans l'en-tête du courrier. En savoir plus sur les [métadonnées de messagerie](basics/email-security.md#email-metadata-overview). + Lors de l'utilisation d'une technologie E2EE telle que OpenPGP, l'email contiendra toujours certaines métadonnées non chiffrées dans l'en-tête. En savoir plus sur les [métadonnées des emails](basics/email-security.md#email-metadata-overview). - OpenPGP ne prend pas non plus en charge le secret de transfert, ce qui signifie que si votre clé privée ou celle du destinataire est volée, tous les messages précédents chiffrés avec elle seront exposés. [Comment protéger mes clés privées ?](basics/email-security.md#how-do-i-protect-my-private-keys) + OpenPGP ne prend pas non plus en charge la confidentialité persistante, ce qui signifie que si votre clé privée ou celle du destinataire est volée, tous les messages précédents chiffrés avec elle seront exposés. [Comment protéger mes clés privées ?](basics/email-security.md#how-do-i-protect-my-private-keys) ### Proton Mail @@ -25,7 +38,7 @@ Ces fournisseurs prennent en charge le chiffrement/déchiffrement OpenPGP native ![Logo Proton Mail](assets/img/email/protonmail.svg){ align=right } - **Proton Mail** est un service de messagerie électronique qui met l'accent sur la confidentialité, le chiffrement, la sécurité et la facilité d'utilisation. Ils sont en activité depuis **2013**. Proton AG a son siège à Genève, en Suisse. Les comptes commencent avec 500 Mo de stockage avec leur offre gratuite. + **Proton Mail** est un service d'email qui met l'accent sur la confidentialité, le chiffrement, la sécurité et la facilité d'utilisation. Il est en activité depuis **2013**. Proton AG a son siège à Genève, en Suisse. Les comptes commencent avec 500 Mo de stockage avec leur offre gratuite. [:octicons-home-16: Page d'accueil](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Service onion" } @@ -43,47 +56,47 @@ Ces fournisseurs prennent en charge le chiffrement/déchiffrement OpenPGP native - [:simple-linux: Linux](https://proton.me/mail/bridge#download) - [:octicons-browser-16: Web](https://mail.proton.me) -Les comptes gratuits présentent certaines limitations, comme le fait de ne pas pouvoir effectuer de recherche dans le corps du texte et de ne pas avoir accès à [Proton Mail Bridge](https://proton.me/mail/bridge), qui est nécessaire pour utiliser un [client de messagerie de bureau recommandé](email-clients.md) (par exemple Thunderbird). check "Modes de paiement privés" check "Modes de paiement privés" Une [lettre d'attestation](https://proton.me/blog/security-audit-all-proton-apps) a été fournie pour les applications de Proton Mail le 9 novembre 2021 par [Securitum](https://research.securitum.com). +Les comptes gratuits présentent certaines limitations, comme le fait de ne pas pouvoir effectuer de recherche dans le corps du texte et de ne pas avoir accès à [Proton Mail Bridge](https://proton.me/mail/bridge), qui est nécessaire pour utiliser un [client d'email de bureau recommandé](email-clients.md) (par exemple Thunderbird). Les comptes payants comprennent des fonctionnalités telles que Proton Mail Bridge, un espace de stockage supplémentaire et la prise en charge de domaines personnalisés. Une [lettre d'attestation](https://proton.me/blog/security-audit-all-proton-apps) a été fournie pour les applications de Proton Mail le 9 novembre 2021 par [Securitum](https://research.securitum.com). -Si vous avez l'offre Proton Illimité, entreprise ou Visionnaire, vous obtenez également [SimpleLogin](#simplelogin) Premium gratuitement. +Si vous avez l'offre Proton Illimité, Entreprise ou Visionnaire, vous obtenez également [SimpleLogin](#simplelogin) Premium gratuitement. Proton Mail dispose de rapports de plantages internes qu'il **ne partage pas** avec des tiers. Ils peuvent être désactivés dans : **Paramètres** > **Aller à Paramètres** > **Compte** > **Sécurité et confidentialité** > **Envoyer des rapports de crash**. -??? success "Domaines personnalisés et alias" +#### :material-check:{ .pg-green } Domaines personnalisés et alias - Les abonnés payants à Proton Mail peuvent utiliser leur propre domaine avec le service ou une adresse [fourre-tout](https://proton.me/support/catch-all). Proton Mail prend également en charge le [sous-adressage](https://proton.me/support/creating-aliases), ce qui est utile pour les personnes qui ne souhaitent pas acheter un domaine. +Les abonnés payants à Proton Mail peuvent utiliser leur propre domaine avec le service ou une adresse [fourre-tout](https://proton.me/support/catch-all). Proton Mail prend également en charge le [sous-adressage](https://proton.me/support/creating-aliases), ce qui est utile pour les personnes qui ne souhaitent pas acheter un domaine. -??? success "Modes de paiement privés" +#### :material-check:{ .pg-green } Modes de paiement privés - Proton Mail [accepte](https://proton.me/support/payment-options) le Bitcoin et l'argent liquide par courrier en plus des paiements standards par carte de crédit/débit et PayPal. +Proton Mail [accepte](https://proton.me/support/payment-options) les paiements en espèces par courrier, ainsi que les paiements par carte de crédit/débit, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc)et PayPal. -??? success "Sécurité du compte" +#### :material-check:{ .pg-green } Sécurité du compte - Proton Mail ne prend en charge que l'[authentification à deux facteurs](https://proton.me/support/two-factor-authentication-2fa) TOTP. L'utilisation d'une clé de sécurité U2F n'est pas encore prise en charge. Proton Mail prévoit d'implémenter U2F dès l'achèvement de son système d'[Authentification unique (SSO - Single Sign On)](https://reddit.com/comments/cheoy6/comment/feh2lw0/). +Proton Mail prend en charge l'[authentification à deux facteurs](https://proton.me/support/two-factor-authentication-2fa) TOTP uniquement. L'utilisation d'une clé de sécurité U2F n'est pas encore prise en charge. Proton Mail prévoit d'implémenter U2F dès l'achèvement de son système d'[Authentification unique (SSO - Single Sign On)](https://reddit.com/comments/cheoy6/comment/feh2lw0/). -??? success "Sécurité des données" +#### :material-check:{ .pg-green } Sécurité des données - Proton Mail dispose d'un [chiffrement à accès zéro](https://proton.me/blog/zero-access-encryption) au repos pour vos e-mails et [calendriers](https://proton.me/news/protoncalendar-security-model). Les données sécurisées par un chiffrmeent à accès zéro ne sont accessibles que par vous. - - Certaines informations stockées dans [Proton Contacts](https://proton.me/support/proton-contacts), telles que les noms et les adresses e-mail, ne sont pas sécurisées par un chiffrement à accès zéro. Les champs de contact qui prennent en charge le chiffrement à accès zéro, comme les numéros de téléphone, sont indiqués par une icône de cadenas. +Proton Mail dispose d'un [chiffrement à accès zéro](https://proton.me/blog/zero-access-encryption) au repos pour vos emails et [calendriers](https://proton.me/news/protoncalendar-security-model). Les données sécurisées par un chiffrement à accès zéro ne sont accessibles que par vous. -??? success "Chiffrement des e-mails" +Certaines informations stockées dans [Proton Contacts](https://proton.me/support/proton-contacts), telles que les noms et les adresses email, ne sont pas sécurisées par un chiffrement à accès zéro. Les champs de contact qui prennent en charge le chiffrement à accès zéro, comme les numéros de téléphone, sont indiqués par une icône de cadenas. - Proton Mail a [intégré le chiffrement OpenPGP](https://proton.me/support/how-to-use-pgp) dans son webmail. Les e-mails destinés à d'autres comptes Proton Mail sont chiffrés automatiquement, et le chiffrement vers des adresses autres que Proton Mail avec une clé OpenPGP peut être activé facilement dans les paramètres de votre compte. Ils vous permettent également de [chiffrer les messages destinés à des adresses autres que celles de Proton Mail](https://proton.me/support/password-protected-emails) sans qu'ils aient besoin de s'inscrire à un compte Proton Mail ou d'utiliser un logiciel comme OpenPGP. - - Proton Mail prend également en charge la découverte de clés publiques via HTTP à partir de son [Répertoire de Clés Web (WKD - Web Key Directory)](https://wiki.gnupg.org/WKD). Cela permet aux personnes qui n'utilisent pas Proton Mail de trouver facilement les clés OpenPGP des comptes Proton Mail, pour un E2EE inter-fournisseurs. +#### :material-check:{ .pg-green } Chiffrement des emails -??? warning "Héritage numérique" +Proton Mail a [du chiffrement OpenPGP intégré](https://proton.me/support/how-to-use-pgp) dans son webmail. Les emails destinés à d'autres comptes Proton Mail sont chiffrés automatiquement, et le chiffrement vers des adresses autres que Proton Mail avec une clé OpenPGP peut être activé facilement dans les paramètres de votre compte. Ils vous permettent également d'[envoyer des messages chiffrés à des adresses non Proton Mail](https://proton.me/support/password-protected-emails) sans qu'ils aient besoin de s'inscrire à un compte Proton Mail ou d'utiliser un logiciel comme OpenPGP. - Proton Mail ne propose pas de fonction d'héritage numérique. +Proton Mail prend également en charge la découverte de clés publiques via HTTP à partir de leur [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Cela permet aux personnes qui n'utilisent pas Proton Mail de trouver facilement les clés OpenPGP des comptes Proton Mail, pour un E2EE inter-fournisseurs. -??? info "Résiliation du compte" +#### :material-alert-outline:{ .pg-orange } Héritage numérique - Si vous avez un compte payant et que votre [facture est impayée](https://proton.me/support/delinquency) après 14 jours, vous ne pourrez pas accéder à vos données. Après 30 jours, votre compte sera en impayé et ne recevra plus d'e-mail entrant. Vous continuerez à être facturé pendant cette période. +Proton Mail ne propose pas de fonction d'héritage numérique. -??? info "Fonctionnalités supplémentaires" +#### :material-information-outline:{ .pg-blue } Résiliation du compte - Proton Mail propose un compte "Illimité" pour 9,99 €/mois, qui permet également d'accéder à Proton VPN en plus de fournir plusieurs comptes, domaines, alias et 500 Go de stockage. +Si vous avez un compte payant et que votre [facture est impayée](https://proton.me/support/delinquency) après 14 jours, vous ne pourrez pas accéder à vos données. Après 30 jours, votre compte sera en impayé et ne recevra plus d'email entrant. Vous continuerez à être facturé pendant cette période. + +#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires + +Proton Mail propose un compte "Illimité" pour 9,99 €/mois, qui permet également d'accéder à Proton VPN en plus de fournir plusieurs comptes, domaines, alias et 500 Go de stockage. ### Mailbox.org @@ -91,7 +104,7 @@ Proton Mail dispose de rapports de plantages internes qu'il **ne partage pas** a ![Logo de Mailbox.org](assets/img/email/mailboxorg.svg){ align=right } - **Mailbox.org** est un service de messagerie électronique qui se veut sécurisé, sans publicité et alimenté par une énergie 100% écologique. Ils sont en activité depuis 2014. Mailbox.org est basé à Berlin, en Allemagne. Les comptes commencent avec 2 Go de stockage, qui peuvent être mis à niveau si nécessaire. + **Mailbox.org** est un service d'email qui se veut sécurisé, sans publicité et alimenté par une énergie 100% écologique. Il est en activité depuis 2014. Mailbox.org est basé à Berlin, en Allemagne. Les comptes commencent avec 2 Go de stockage, qui peuvent être mis à niveau si nécessaire. [:octicons-home-16: Page d'accueil](https://mailbox.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Politique de confidentialité" } @@ -101,43 +114,54 @@ Proton Mail dispose de rapports de plantages internes qu'il **ne partage pas** a - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Domaines personnalisés et alias" +#### :material-check:{ .pg-green } Domaines personnalisés et alias - Mailbox.org vous permet d'utiliser votre propre domaine et prend en charge les adresses [fourre-tout](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+avec+propre+domaine). Mailbox.org prend également en charge le [sous-adressage](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), ce qui est utile pour les personnes qui ne souhaitent pas acheter un domaine. +Mailbox.org vous permet d'utiliser votre propre domaine et prend en charge les adresses [fourre-tout](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain). Mailbox.org prend également en charge le [sous-adressage](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), ce qui est utile pour les personnes qui ne souhaitent pas acheter un domaine. -??? info "Modes de paiement privés" +#### :material-check:{ .pg-green } Modes de paiement privés - Mailbox.org n'accepte pas les bitcoins ni les autres crypto-monnaies en raison de la suspension des opérations de leur processeur de paiement BitPay en Allemagne. Cependant, ils acceptent les paiements par courrier, les paiements en espèces sur compte bancaire, les virements bancaires, les cartes de crédit, PayPal et quelques processeurs spécifiques à l'Allemagne : paydirekt et Sofortüberweisung. +Mailbox.org n'accepte aucune crypto-monnaie en raison de la suspension des activités de son processeur de paiement BitPay en Allemagne. Cependant, ils acceptent les paiements en espèces par courrier, les paiements en espèces sur compte bancaire, les virements bancaires, les cartes de crédit, PayPal et quelques processeurs spécifiques à l'Allemagne : paydirekt et Sofortüberweisung. -??? success "Sécurité du compte" +#### :material-check:{ .pg-green } Sécurité du compte - Mailbox.org prend en charge [l'authentification à deux facteurs](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) pour son webmail uniquement. Vous pouvez utiliser soit TOTP soit un [Yubikey](https://fr.wikipedia.org/wiki/YubiKey) via le [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Les normes web telles que [WebAuthn](https://fr.wikipedia.org/wiki/WebAuthn) ne sont pas encore prises en charge. +Mailbox.org prend en charge l'[authentification à deux facteurs](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) pour son webmail uniquement. Vous pouvez utiliser soit TOTP, soit une [Yubikey](https://fr.wikipedia.org/wiki/YubiKey) via le [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Les normes web telles que [WebAuthn](https://fr.wikipedia.org/wiki/WebAuthn) ne sont pas encore prises en charge. -??? info "Sécurité des données" +#### :material-information-outline:{ .pg-blue } Sécurité des données - Mailbox.org permet de chiffrer les e-mails entrants en utilisant leur [boîte mail chiffrée](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). Les nouveaux messages que vous recevrez seront alors immédiatement chiffrés avec votre clé publique. - - Toutefois, [Open-Exchange](https://fr.wikipedia.org/wiki/Open-Xchange), la plate-forme logicielle utilisée par Mailbox.org, [ne prend pas en charge](https://kb.mailbox.org/display/BMBOKBEN/Encryption+de+calendrier+et+carnet+d'adresses) le chiffrement de votre carnet d'adresses et de votre calendrier. Une [option dissociée](calendar.md) peut être plus appropriée pour ces informations. +Mailbox.org permet le chiffrement des emails entrant à l'aide de sa [boîte mails chiffrée](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). Les nouveaux messages que vous recevrez seront alors immédiatement chiffrés avec votre clé publique. -??? success "Chiffrement des e-mails" +Cependant, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), la plateforme logicielle utilisée par Mailbox.org, [ne prend pas en charge](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) le chiffrement de votre carnet d'adresses et de votre calendrier. Une [option tierce](calendar.md) pourrait être plus appropriée pour ces informations. - Mailbox.org a [intégré le chiffrement](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) dans son webmail, ce qui simplifie l'envoi de messages aux personnes disposant de clés OpenPGP publiques. Ils permettent également [aux destinataires distants de déchiffrer un e-mail](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) sur les serveurs de Mailbox.org. Cette fonction est utile lorsque le destinataire distant ne dispose pas d'OpenPGP et ne peut pas déchiffrer une copie de l'e-mail dans sa propre boîte mail. - - Mailbox.org supporte également la découverte de clés publiques via HTTP à partir de leur [Répertoire de Clés Web (WKD - Web Key Directory)](https://wiki.gnupg.org/WKD). Cela permet aux personnes extérieures à Mailbox.org de trouver facilement les clés OpenPGP des comptes Mailbox.org, pour un E2EE inter-fournisseurs. +#### :material-check:{ .pg-green } Chiffrement des emails -??? sucess "Héritage numérique" +Mailbox.org a [du chiffrement intégré](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) dans son webmail, ce qui simplifie l'envoi de messages à des personnes possédant des clés OpenPGP publiques. Ils permettent également aux [destinataires distants de déchiffrer un email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) sur les serveurs de Mailbox.org. Cette fonction est utile lorsque le destinataire distant ne dispose pas d'OpenPGP et ne peut pas déchiffrer une copie de l'email dans sa propre boîte mail. - Mailbox.org dispose d'une fonction d'héritage numérique pour toutes les offres. Vous pouvez choisir de transmettre certaines de vos données à vos héritiers, à condition d'en faire la demande et de fournir votre testament. Vous pouvez également désigner une personne par son nom et son adresse. +Mailbox.org prend également en charge la découverte de clés publiques via HTTP à partir de leur [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Cela permet aux personnes extérieures à Mailbox.org de trouver facilement les clés OpenPGP des comptes Mailbox.org, pour un E2EE inter-fournisseurs. -??? info "Résiliation du compte" +#### :material-check:{ .pg-green } Héritage numérique - Votre compte sera défini comme un compte d'utilisateur restreint lorsque votre contrat prendra fin, après [30 jours, il sera irrévocablement supprimé](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org dispose d'une fonction d'héritage numérique pour toutes les offres. Vous pouvez choisir de transmettre certaines de vos données à vos héritiers, à condition d'en faire la demande et de fournir votre testament. Vous pouvez également désigner une personne par son nom et son adresse. -??? info "Fonctionnalités supplémentaires" +#### :material-information-outline:{ .pg-blue } Résiliation du compte - Vous pouvez accéder à votre compte Mailbox.org via IMAP/SMTP en utilisant leur [service .onion](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+de+mailbox.org). Cependant, leur interface webmail n'est pas accessible via leur service .onion et vous pouvez rencontrer des erreurs de certificat TLS. - - Tous les comptes sont dotés d'un espace de stockage cloud limité qui [peut être chiffré](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+sur+votre+Drive). Mailbox.org propose également l'alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely) qui impose le chiffrement TLS sur la connexion entre les serveurs de messagerie, sinon le message ne sera pas envoyé du tout. Mailbox.org supporte également [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) en plus des protocoles d'accès standard comme IMAP et POP3. +Votre compte sera défini comme un compte d'utilisateur restreint à la fin de votre contrat, après [30 jours, il sera irrévocablement supprimé](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires + +Vous pouvez accéder à votre compte Mailbox.org via IMAP/SMTP en utilisant leur [service .onion](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). Cependant, leur interface webmail n'est pas accessible via leur service .onion et vous pouvez rencontrer des erreurs de certificat TLS. + +Tous les comptes sont assortis d'un espace de stockage cloud limité qui [peut être chiffré](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org propose également l'alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), qui applique le chiffrement TLS à la connexion entre les serveurs mail, faute de quoi le message ne sera pas envoyé. Mailbox.org prend également en charge [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) en plus des protocoles d'accès standard comme IMAP et POP3. + +## D'autres fournisseurs + +Ces fournisseurs stockent vos emails avec un chiffrement à connaissance zéro, ce qui en fait d'excellentes options pour assurer la sécurité de vos emails stockés. Cependant, ils ne prennent pas en charge les normes de chiffrement interopérables pour des communications E2EE entre fournisseurs. + +
+ +- ![Logo StartMail](assets/img/email/startmail.svg#only-light){ .twemoji }![Logo StartMail](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Logo Tutanota](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -146,7 +170,7 @@ Proton Mail dispose de rapports de plantages internes qu'il **ne partage pas** a ![Logo de StartMail](assets/img/email/startmail.svg#only-light){ align=right } ![Logo de StartMail](assets/img/email/startmail-dark.svg#only-dark){ align=right } - **StartMail** est un service de messagerie électronique qui met l'accent sur la sécurité et la confidentialité grâce à l'utilisation du standard de chiffrement OpenPGP. StartMail est en activité depuis 2014 et est basé à Boulevard 11, Zeist Pays-Bas. Les comptes commencent avec 10 Go. Ils offrent un essai de 30 jours. + **StartMail** est un service d'email qui met l'accent sur la sécurité et la confidentialité grâce à l'utilisation du standard de chiffrement OpenPGP. StartMail est en activité depuis 2014 et est basé à Boulevard 11, Zeist Pays-Bas. Les comptes commencent avec 10 Go. Ils offrent un essai de 30 jours. [:octicons-home-16: Page d'accueil](https://www.startmail.com/){ .md-button .md-button--primary } [:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Politique de confidentialité" } @@ -156,43 +180,39 @@ Proton Mail dispose de rapports de plantages internes qu'il **ne partage pas** a - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Domaines personnalisés et alias" +#### :material-check:{ .pg-green } Domaines personnalisés et alias - Les comptes personnels peuvent utiliser des alias [Personnalisés ou Rapides](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases). Des [domaines personnalisés](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) sont également disponibles. +Les comptes personnels peuvent utiliser des alias [Personnalisés ou Rapides](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) . Des [domaines personnalisés](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) sont également disponibles. -??? warning "Modes de paiement privés" +#### :material-alert-outline:{ .pg-orange } Modes de paiement privés - StartMail accepte Visa, MasterCard, American Express et Paypal. StartMail propose également d'autres [options de paiement](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) telles que le Bitcoin (actuellement uniquement pour les comptes personnels) et le prélèvement SEPA pour les comptes de plus d'un an. +StartMail accepte Visa, MasterCard, American Express et Paypal. StartMail a aussi d'autres [options de paiement](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) comme [le Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (actuellement seulement pour les comptes personnels) et le prélèvement direct SEPA pour les comptes de plus d'un an. -??? success "Sécurité du compte" +#### :material-check:{ .pg-green } Sécurité du compte - StartMail supporte l'authentification TOTP à deux facteurs [pour le webmail uniquement](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). Ils ne permettent pas l'authentification par clé de sécurité U2F. +StartMail prend en charge l'authentification à deux facteurs TOTP [pour le webmail seulement](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). Ils ne permettent pas l'authentification par clé de sécurité U2F. -??? info "Sécurité des données" +#### :material-information-outline:{ .pg-blue } Sécurité des données - StartMail dispose d'un [chiffrement à accès zéro au repos](https://www.startmail.com/en/whitepaper/#_Toc458527835), utilisant leur système de "coffre-fort utilisateur". Lorsque vous vous connectez, le coffre-fort est ouvert, et le courriel est alors déplacé dans le coffre-fort hors de la file d'attente où il est déchiffré par la clé privée correspondante. - - StartMail supporte l'import de [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts), cependant, ils ne sont accessibles que dans le webmail et non par des protocoles tels que [CalDAV](https://fr.wikipedia.org/wiki/CalDAV). Les contacts ne sont pas non plus stockés à l'aide d'un chiffrement à connaissance zéro. +StartMail a du [chiffrement à accès zéro au repos](https://www.startmail.com/en/whitepaper/#_Toc458527835), en utilisant leur système "coffre-fort utilisateur". Lorsque vous vous connectez, le coffre-fort est ouvert, et l'email est alors déplacé dans le coffre-fort hors de la file d'attente où il est déchiffré par la clé privée correspondante. -??? success "Chiffrement des e-mails" +StartMail permet d'importer des [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) mais ceux-ci ne sont accessibles que dans le webmail et non via des protocoles tels que [CalDAV](https://fr.wikipedia.org/wiki/CalDAV). Les contacts ne sont pas non plus stockés à l'aide d'un chiffrement à connaissance zéro. - StartMail dispose d'un [chiffrement intégré](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) dans son webmail, ce qui simplifie l'envoi de messages chiffrés avec des clés OpenPGP publiques. +#### :material-check:{ .pg-green } Chiffrement des emails -??? warning "Héritage numérique" +StartMail a [du chiffrement intégré](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) dans son webmail, ce qui simplifie l'envoi de messages chiffrés avec des clés publiques OpenPGP. Cependant, ils ne supportent pas la norme Web Key Directory, ce qui rend la découverte de la clé publique d'une boîte mail Startmail plus difficile pour d'autres fournisseurs ou clients email. - StartMail ne propose pas de fonction d'héritage numérique. +#### :material-alert-outline:{ .pg-orange } Héritage numérique -??? info "Résiliation du compte" +StartMail ne propose pas de fonction d'héritage numérique. - À l'expiration du compte, StartMail supprimera définitivement votre compte après [6 mois en 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Résiliation du compte -??? info "Fonctionnalités supplémentaires" +A l'expiration du compte, StartMail supprimera définitivement votre compte après [6 mois en 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail permet de faire passer les images des e-mails par leur serveur proxy. Si vous autorisez le chargement de l'image distante, l'expéditeur ne saura pas quelle est votre adresse IP. +#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires -## D'autres fournisseurs - -Ces fournisseurs stockent vos e-mails avec un chiffrement à connaissance zéro, ce qui en fait d'excellentes options pour assurer la sécurité de vos courriels stockés. check "Sécurité du compte" +StartMail permet de faire passer les images des emails par leur serveur proxy. Si vous autorisez le chargement de l'image distante, l'expéditeur ne saura pas quelle est votre adresse IP. ### Tutanota @@ -200,7 +220,7 @@ Ces fournisseurs stockent vos e-mails avec un chiffrement à connaissance zéro, ![Logo Tutanota](assets/img/email/tutanota.svg){ align=right } - **Tutanota** est un service de messagerie électronique qui met l'accent sur la sécurité et la confidentialité grâce à l'utilisation du chiffrement. Tutanota est en activité depuis **2011** et est basée à Hanovre, en Allemagne. Les comptes commencent avec 1 Go de stockage avec leur offre gratuite. + **Tutanota** est un service d'email qui met l'accent sur la sécurité et la confidentialité grâce à l'utilisation du chiffrement. Tutanota est en activité depuis **2011** et est basée à Hanovre, en Allemagne. Les comptes commencent avec 1 Go de stockage avec leur offre gratuite. [:octicons-home-16: Page d'accueil](https://tutanota.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Politique de confidentialité" } @@ -218,62 +238,69 @@ Ces fournisseurs stockent vos e-mails avec un chiffrement à connaissance zéro, - [:simple-linux: Linux](https://tutanota.com/#download) - [:octicons-browser-16: Web](https://mail.tutanota.com/) -Tutanota ne prend pas en charge le [protocole IMAP](https://tutanota.com/faq/#imap) ni l'utilisation de [clients de messagerie](email-clients.md) tiers, et vous ne pourrez pas non plus ajouter [des comptes de messagerie externes](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) à l'application Tutanota. Ni [l'import d'e-mails](https://github.com/tutao/tutanota/issues/630) ni [les sous-dossiers](https://github.com/tutao/tutanota/issues/927) ne sont actuellement pris en charge, bien que cela soit [amené à changer](https://tutanota.com/blog/posts/kickoff-import). Les e-mails peuvent être exportés [individuellement ou par sélection groupée](https://tutanota.com/howto#generalMail) par dossier, ce qui peut s'avérer peu pratique si vous avez de nombreux dossiers. +Tutanota ne prend pas en charge le [protocole IMAP](https://tutanota.com/faq/#imap) ni l'utilisation de [clients email](email-clients.md) tiers, et vous ne pourrez pas non plus ajouter [des comptes email externes](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) à l'application Tutanota. Ni [l'import d'emails](https://github.com/tutao/tutanota/issues/630) ni [les sous-dossiers](https://github.com/tutao/tutanota/issues/927) ne sont actuellement pris en charge, bien que cela soit [amené à changer](https://tutanota.com/blog/posts/kickoff-import). Les emails peuvent être exportés [individuellement ou par sélection groupée](https://tutanota.com/howto#generalMail) par dossier, ce qui peut s'avérer peu pratique si vous avez de nombreux dossiers. -??? success "Domaines personnalisés et alias" +#### :material-check:{ .pg-green } Domaines personnalisés et alias - Les comptes Tutanota payants peuvent utiliser jusqu'à 5 [aliases](https://tutanota.com/faq#alias) et [domaines personnalisés](https://tutanota.com/faq#custom-domain). Tutanota ne permet pas le [sous-adressage (adresses plus)](https://tutanota.com/faq#plus), mais vous pouvez utiliser un [fourre-tout](https://tutanota.com/howto#settings-global) avec un domaine personnalisé. +Les comptes Tutanota payants peuvent utiliser jusqu'à 5 [alias](https://tutanota.com/faq#alias) et [domaines personnalisés](https://tutanota.com/faq#custom-domain). Tutanota ne permet pas le [sous-adressage (adresses plus)](https://tutanota.com/faq#plus), mais vous pouvez utiliser une adresse [fourre-tout](https://tutanota.com/howto#settings-global) avec un domaine personnalisé. -??? warning "Modes de paiement privés" +#### :material-information-outline:{ .pg-blue } Modes de paiement privés - Tutanota n'accepte directement que les cartes de crédit et PayPal, mais les Bitcoin et Monero peuvent être utilisés pour acheter des cartes-cadeaux via leur [partenariat](https://tutanota.com/faq/#cryptocurrency) avec Proxystore. +Tutanota n'accepte directement que les cartes de crédit et PayPal, mais [les crypto-monnaies](cryptocurrency.md) peuvent être utilisées pour acheter des cartes-cadeaux grâce à leur [partenariat](https://tutanota.com/faq/#cryptocurrency) avec Proxystore. -??? success "Sécurité du compte" +#### :material-check:{ .pg-green } Sécurité du compte - Tutanota prend en charge l'[authentification à deux facteurs](https://tutanota.com/faq#2fa) avec TOTP ou U2F. +Tutanota prend en charge l'[authentification à deux facteurs](https://tutanota.com/faq#2fa) avec TOTP ou U2F. -??? success "Sécurité des données" +#### :material-check:{ .pg-green } Sécurité des données - Tutanota dispose d'un [chiffrement à accès zéro au repos](https://tutanota.com/faq#what-encrypted) pour vos e-mails, [contacts du carnet d'adresses](https://tutanota.com/faq#encrypted-address-book) et [calendriers](https://tutanota.com/faq#calendar). Cela signifie que les messages et autres données stockés dans votre compte ne sont lisibles que par vous. +Tutanota dispose d'un [chiffrement accès zéro au repos](https://tutanota.com/faq#what-encrypted) pour vos emails, vos [contacts de carnet d'addresse](https://tutanota.com/faq#encrypted-address-book), et vos [calendars](https://tutanota.com/faq#calendar). Cela signifie que les messages et autres données stockés dans votre compte ne sont lisibles que par vous. -??? warning "Chiffrement des e-mails" +#### :material-information-outline:{ .pg-blue } Chiffrement des emails - Tutanota [n'utilise pas OpenPGP](https://www.tutanota.com/faq/#pgp). Les comptes Tutanota peuvent uniquement recevoir des e-mails chiffrés provenant de comptes de messagerie non Tutanota lorsqu'ils sont envoyés via une [boîte aux lettres temporaire Tutanota] (https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [n'utilise pas OpenPGP](https://www.tutanota.com/faq/#pgp). Les comptes Tutanota ne peuvent recevoir des emails chiffrés provenant de comptes email non Tutanota que s'ils sont envoyés via une [boîte mail temporaire Tutanota](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Héritage numérique" +#### :material-alert-outline:{ .pg-orange } Héritage numérique - Tutanota ne propose pas de fonction d'héritage numérique. +Tutanota ne propose pas de fonction d'héritage numérique. -??? info "Résiliation du compte" +#### :material-information-outline:{ .pg-blue } Résiliation du compte - Tutanota [supprimera les comptes gratuits inactifs](https://tutanota.com/faq#inactive-accounts) après six mois. Vous pouvez réutiliser un compte gratuit désactivé si vous payez. +Tutanota supprimera [les comptes gratuits inactifs](https://tutanota.com/faq#inactive-accounts) après six mois. Vous pouvez réutiliser un compte gratuit désactivé si vous payez. -??? info "Fonctionnalités supplémentaires" +#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires - Tutanota propose la version professionnelle de [Tutanota pour les organisations à but non lucratif](https://tutanota.com/blog/posts/secure-email-for-non-profit) gratuitement ou avec une grosse réduction. - - Tutanota dispose également d'une fonction commerciale appelée [Secure Connect](https://tutanota.com/secure-connect/). Cela garantit que le contact du client avec l'entreprise utilise E2EE. La fonctionnalité coûte 240 €/an. +Tutanota offre la version professionnelle de [Tutanota aux organisations à but non lucratif](https://tutanota.com/blog/posts/secure-email-for-non-profit) gratuitement ou avec une forte réduction. -## Services d'alias d'e-mails +Tutanota dispose également d'une fonction commerciale appelée [Secure Connect](https://tutanota.com/secure-connect/). Cela garantit que le contact du client avec l'entreprise utilise E2EE. La fonctionnalité coûte 240 €/an. -Un service d'alias d'e-mails vous permet de générer facilement une nouvelle adresse e-mail pour chaque site web auquel vous vous inscrivez. Les alias que vous créez sont ensuite transférés vers une adresse électronique de votre choix, ce qui permet de masquer à la fois votre adresse électronique "principale" et l'identité de votre fournisseur de messagerie. Un véritable alias d'e-mail est mieux que l'adressage plus, couramment utilisé et pris en charge par de nombreux fournisseurs, qui vous permet de créer des alias tels que votrenom+[nimportequoiici]@exemple.fr, car les sites web, les annonceurs et les réseaux de pistage peuvent trivialement supprimer tout ce qui suit le signe + pour connaître votre véritable adresse e-mail. +## Services d'alias d'emails -L'alias d'e-mail peut servir de protection au cas où votre fournisseur d'e-mail cesserait de fonctionner. Dans ce cas, vous pouvez facilement rediriger vos alias vers une nouvelle adresse électronique. En revanche, vous faites confiance au service d'aliasing pour qu'il continue de fonctionner. +Un service d'alias d'emails vous permet de générer facilement une nouvelle adresse email pour chaque site web auquel vous vous inscrivez. Les alias que vous créez sont ensuite transférés vers une adresse email de votre choix, ce qui permet de masquer à la fois votre adresse email "principale" et l'identité de votre fournisseur d'email. Un véritable alias d'email est mieux que l'adressage plus, couramment utilisé et pris en charge par de nombreux fournisseurs, qui vous permet de créer des alias tels que votrenom+[nimportequoiici]@exemple.fr, car les sites web, les annonceurs et les réseaux de pistage peuvent trivialement supprimer tout ce qui suit le signe + pour connaître votre véritable adresse email. -L'utilisation d'un service d'alias d'e-mail dédié présente également un certain nombre d'avantages par rapport à un alias fourre-tout sur un domaine personnalisé : +
-- Les alias peuvent être activés et désactivés individuellement lorsque vous en avez besoin, ce qui empêche les sites web de vous envoyer des messages électroniques de façon aléatoire. -- Les réponses sont envoyées à partir de l'adresse alias, qui masque votre véritable adresse électronique. +- ![Logo AnonAddy](assets/img/email/anonaddy.svg#only-light){ .twemoji }![Logo AnonAddy](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![Logo SimpleLogin](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) -Ils présentent également un certain nombre d'avantages par rapport aux services qui fournissent des "e-mails temporaires" : +
+ +L'alias d'email peut servir de protection au cas où votre fournisseur d'email cesserait de fonctionner. Dans ce cas, vous pouvez facilement rediriger vos alias vers une nouvelle adresse email. En revanche, vous faites confiance au service d'alias pour qu'il continue de fonctionner. + +L'utilisation d'un service d'alias d'email dédié présente également un certain nombre d'avantages par rapport à un alias fourre-tout sur un domaine personnalisé : + +- Les alias peuvent être activés et désactivés individuellement lorsque vous en avez besoin, ce qui empêche les sites web de vous envoyer des emails de façon aléatoire. +- Les réponses sont envoyées à partir de l'adresse alias, qui masque votre véritable adresse email. + +Ils présentent également un certain nombre d'avantages par rapport aux services qui fournissent des "emails temporaires" : - Les alias sont permanents et peuvent être réactivés si vous devez recevoir quelque chose comme une réinitialisation de mot de passe. -- Les courriels sont envoyés à votre boîte mails de confiance plutôt que d'être stockés par le fournisseur d'alias. -- Les services d'e-mails temporaires proposent généralement des boîtes mail publiques auxquelles peuvent accéder tous ceux qui connaissent l'adresse, tandis que les alias sont privés. +- Les emails sont envoyés à votre boîte mail de confiance plutôt que d'être stockés par le fournisseur d'alias. +- Les services d'emails temporaires proposent généralement des boîtes mail publiques auxquelles peuvent accéder tous ceux qui connaissent l'adresse, tandis que les alias sont privés. -Nos recommandations en matière d'alias d'e-mail sont des fournisseurs qui vous permettent de créer des alias sur des domaines qu'ils contrôlent, ainsi que sur votre ou vos propres domaine(s) personnalisé(s), pour un coût annuel modeste. Ils peuvent également être auto-hébergés si vous souhaitez un contrôle maximal. Toutefois, l'utilisation d'un domaine personnalisé peut présenter des inconvénients en matière de confidentialité : Si vous êtes la seule personne à utiliser votre domaine personnalisé, vos actions peuvent être facilement suivies sur les sites web en regardant simplement le nom de domaine dans l'adresse électronique et en ignorant tout ce qui se trouve avant le signe arobase (@). +Nos recommandations en matière d'alias d'email sont des fournisseurs qui vous permettent de créer des alias sur des domaines qu'ils contrôlent, ainsi que sur votre ou vos propres domaine(s) personnalisé(s), pour un coût annuel modeste. Ils peuvent également être auto-hébergés si vous souhaitez un contrôle maximal. Toutefois, l'utilisation d'un domaine personnalisé peut présenter des inconvénients en matière de confidentialité : Si vous êtes la seule personne à utiliser votre domaine personnalisé, vos actions peuvent être facilement suivies sur les sites web en regardant simplement le nom de domaine dans l'adresse email et en ignorant tout ce qui se trouve avant le signe arobase (@). -L'utilisation d'un service d'alias nécessite de faire confiance à la fois à votre fournisseur de messagerie et à votre fournisseur d'alias pour vos messages non chiffrés. Certains fournisseurs atténuent légèrement ce problème grâce au chiffrement automatique PGP, qui réduit le nombre de services auxquels vous devez faire confiance de deux à un en chiffrant les e-mails entrants avant qu'ils ne soient remis à votre fournisseur de boîte mail final. +L'utilisation d'un service d'alias nécessite de faire confiance à la fois à votre fournisseur d'email et à votre fournisseur d'alias pour vos messages non chiffrés. Certains fournisseurs atténuent légèrement ce problème grâce au chiffrement automatique PGP, qui réduit le nombre de services auxquels vous devez faire confiance de deux à un en chiffrant les emails entrants avant qu'ils ne soient remis à votre fournisseur de boîte mail final. ### AnonAddy @@ -313,7 +340,7 @@ Fonctions gratuites notables : ![Logo Simplelogin](assets/img/email/simplelogin.svg){ align=right } - **SimpleLogin** est un service gratuit qui fournit des alias d'e-mail sur une variété de noms de domaine partagés, et offre en option des fonctionnalités payantes comme des alias illimités et des domaines personnalisés. + **SimpleLogin** est un service gratuit qui fournit des alias d'email sur une variété de noms de domaine partagés, et offre en option des fonctionnalités payantes comme des alias illimités et des domaines personnalisés. [:octicons-home-16: Page d'accueil](https://simplelogin.io/fr/){ .md-button .md-button--primary } [:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Politique de confidentialité" } @@ -330,7 +357,7 @@ Fonctions gratuites notables : - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff) - [:simple-safari: Safari](https://apps.apple.com/app/id1494051017) -SimpleLogin a été [acquis par Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) à compter du 8 avril 2022. Si vous utilisez Proton Mail pour votre boîte mail principale, SimpleLogin est un excellent choix. Les deux produits étant désormais détenus par la même société, vous ne devez plus faire confiance qu'à une seule entité. Nous supposons également que SimpleLogin sera plus étroitement intégré aux offres de Proton à l'avenir. SimpleLogin continue de prendre en charge la redirection vers le fournisseur de messagerie de votre choix. Securitum [a audité](https://simplelogin.io/blog/security-audit/) SimpleLogin début 2022 et tous les problèmes [ont été résolus](https://simplelogin.io/audit2022/web.pdf). +SimpleLogin a été [acquis par Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) à compter du 8 avril 2022. Si vous utilisez Proton Mail pour votre boîte mail principale, SimpleLogin est un excellent choix. Les deux produits étant désormais détenus par la même société, vous ne devez plus faire confiance qu'à une seule entité. Nous supposons également que SimpleLogin sera plus étroitement intégré aux offres de Proton à l'avenir. SimpleLogin continue de prendre en charge la redirection vers le fournisseur d'email de votre choix. Securitum [a audité](https://simplelogin.io/blog/security-audit/) SimpleLogin début 2022 et tous les problèmes [ont été résolus](https://simplelogin.io/audit2022/web.pdf). Vous pouvez lier votre compte SimpleLogin avec votre compte Proton dans les paramètres de SimpleLogin. Si vous avez l'offre Proton Illimité, Entreprise, ou Visionnaire, vous aurez SimpleLogin Premium gratuitement. @@ -340,9 +367,9 @@ Fonctions gratuites notables : - [x] Réponses illimitées - [x] 1 Boîte mail de réception -## E-mail auto-hébergé +## Email auto-hébergé -Les administrateurs système peuvent envisager de mettre en place leur propre serveur de messagerie. Les serveurs de messagerie requièrent une attention et une maintenance permanente afin de garantir la sécurité et la fiabilité de la distribution des e-mails. +Les administrateurs système peuvent envisager de mettre en place leur propre serveur mail. Les serveurs mail requièrent une attention et une maintenance permanente afin de garantir la sécurité et la fiabilité de la distribution des emails. ### Solutions logicielles combinées @@ -350,7 +377,7 @@ Les administrateurs système peuvent envisager de mettre en place leur propre se ![Logo Mailcow](assets/img/email/mailcow.svg){ align=right } - **Mailcow** est un serveur de messagerie plus avancé, parfait pour ceux qui ont un peu plus d'expérience de Linux. Il possède tout ce dont vous avez besoin dans un conteneur Docker : Un serveur de messagerie avec prise en charge de DKIM, une surveillance antivirus et spam, un webmail et ActiveSync avec SOGo, et une administration basée sur le web avec prise en charge de 2FA. + **Mailcow** est un serveur mail plus avancé, parfait pour ceux qui ont un peu plus d'expérience de Linux. Il possède tout ce dont vous avez besoin dans un conteneur Docker : un serveur mail avec prise en charge de DKIM, une surveillance antivirus et spam, un webmail et ActiveSync avec SOGo, et une administration basée sur le web avec prise en charge de 2FA. [:octicons-home-16: Page d'accueil](https://mailcow.email){ .md-button .md-button--primary } [:octicons-info-16:](https://mailcow.github.io/mailcow-dockerized-docs/){ .card-link title=Documentation} @@ -361,63 +388,63 @@ Les administrateurs système peuvent envisager de mettre en place leur propre se ![Logo Mail-in-a-Box](assets/img/email/mail-in-a-box.svg){ align=right } - **Mail-in-a-Box** est un script de configuration automatisé pour le déploiement d'un serveur de messagerie sur Ubuntu. Son objectif est de faciliter la mise en place d'un serveur de courrier électronique. + **Mail-in-a-Box** est un script de configuration automatisé pour le déploiement d'un serveur mail sur Ubuntu. Son objectif est de faciliter la mise en place de son propre serveur mail. [:octicons-home-16: Page d'accueil](https://mailinabox.email){ .md-button .md-button--primary } [:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Code source" } -Nous préférons que nos prestataires recommandés collectent le moins de données possible. +Pour une approche plus manuelle, nous avons choisi ces deux articles : -- [Configuration d'un serveur de messagerie avec OpenSMTPD, Dovecot et Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019) -- [Comment gérer votre propre serveur de messagerie](https://www.c0ffee.net/blog/mail-server-guide/) (août 2017) +- [Configuration d'un serveur mail avec OpenSMTPD, Dovecot et Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019) +- [Comment gérer votre propre serveur mail](https://www.c0ffee.net/blog/mail-server-guide/) (août 2017) ## Critères -**Veuillez noter que nous ne sommes affiliés à aucun des fournisseurs que nous recommandons.** En plus de [nos critères de base](about/criteria.md), nous avons développé un ensemble d'exigences claires pour tout fournisseur d'email souhaitant être recommandé, y compris la mise en place des bonnes pratiques du secteur, une technologie moderne et bien plus. Nous vous suggérons de vous familiariser avec cette liste avant de choisir un fournisseur d'e-mails, et de mener vos propres recherches pour vous assurer que le fournisseur d'e-mails que vous choisissez est le bon choix pour vous. +**Veuillez noter que nous ne sommes affiliés à aucun des fournisseurs que nous recommandons.** En plus de [nos critères de base](about/criteria.md), nous avons développé un ensemble d'exigences claires pour tout fournisseur d'email souhaitant être recommandé, y compris la mise en place des bonnes pratiques du secteur, une technologie moderne et bien plus. Nous vous suggérons de vous familiariser avec cette liste avant de choisir un fournisseur d'email, et de mener vos propres recherches pour vous assurer que le fournisseur d'email que vous choisissez est le bon choix pour vous. ### Technologie Nous considérons ces caractéristiques comme importantes afin de fournir un service sûr et optimal. Vous devez vous demander si le fournisseur possède les caractéristiques dont vous avez besoin. -**Le Meilleur Cas:** +**Minimum pour se qualifier :** -- Chiffre les données du compte de messagerie au repos avec un chiffrement à accès zéro. -- Capacité d'export en tant que [Mbox](https://fr.wikipedia.org/wiki/Mbox) ou .eml individuel avec standard [RFC5322](https://datatracker.ietf.org/doc/rfc5322/). -- Permet aux utilisateurs d'utiliser leur propre [nom de domaine](https://fr.wikipedia.org/wiki/Nom_de_domaine). Les noms de domaine personnalisés sont importants pour les utilisateurs car ils leur permettent de conserver leur indépendance du service, au cas où celui-ci tournerait mal ou serait racheté par une autre société qui ne donne pas priorité à la vie privée. -- Fonctionne sur sa propre infrastructure, c'est-à-dire qu'elle ne repose pas sur des fournisseurs de services de messagerie tiers. +- Chiffre les données du compte email au repos avec un chiffrement à accès zéro. +- Capacité d'export en tant que [Mbox](https://en.wikipedia.org/wiki/Mbox) ou .eml individuel avec standard [RFC5322](https://datatracker.ietf.org/doc/rfc5322/). +- Permet aux utilisateurs d'utiliser leur propre [nom de domaine](https://en.wikipedia.org/wiki/Domain_name). Les noms de domaine personnalisés sont importants pour les utilisateurs car ils leur permettent de conserver leur indépendance du service, au cas où celui-ci tournerait mal ou serait racheté par une autre société qui ne donne pas priorité à la vie privée. +- Fonctionne sur sa propre infrastructure, c'est-à-dire qu'elle ne repose pas sur des fournisseurs de services d'email tiers. **Dans le meilleur des cas :** - Chiffre toutes les données du compte (contacts, calendriers, etc.) au repos avec un chiffrement à accès zéro. - Un webmail intégré avec chiffrement E2EE/PGP est fourni à titre de commodité. - Prise en charge de [WKD](https://wiki.gnupg.org/WKD) pour permettre une meilleure découverte des clés publiques OpenPGP via HTTP. Les utilisateurs de GnuPG peuvent obtenir une clé en tapant : `gpg --locate-key utilisateur_exemple@exemple.fr` -- Prise en charge d'une boîte mail temporaire pour les utilisateurs externes. Cette fonction est utile lorsque vous souhaitez envoyer un e-mail chiffré, sans envoyer une copie réelle à votre destinataire. Ces e-mails ont généralement une durée de vie limitée et sont ensuite automatiquement supprimés. Ils n'obligent pas non plus le destinataire à configurer un système de chiffrement comme OpenPGP. -- Disponibilité des services du fournisseur de courrier électronique via un [service onion](https://en.wikipedia.org/wiki/.onion). +- Prise en charge d'une boîte mail temporaire pour les utilisateurs externes. Cette fonction est utile lorsque vous souhaitez envoyer un email chiffré, sans envoyer une copie réelle à votre destinataire. Ces emails ont généralement une durée de vie limitée et sont ensuite automatiquement supprimés. Ils n'obligent pas non plus le destinataire à configurer un système de chiffrement comme OpenPGP. +- Disponibilité des services du fournisseur d'email via un [service onion](https://en.wikipedia.org/wiki/.onion). - Prise en charge du [sous-adressage](https://en.wikipedia.org/wiki/Email_address#Subaddressing). - Fonctionnalité fourre-tout ou alias pour ceux qui possèdent leurs propres domaines. -- Utilisation de protocoles standard d'accès au e-mails tels que IMAP, SMTP ou [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Les protocoles d'accès standard garantissent que les clients peuvent facilement télécharger l'ensemble de leur courrier électronique, s'ils souhaitent changer de fournisseur. +- Utilisation de protocoles standard d'accès au emails tels que IMAP, SMTP ou [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Les protocoles d'accès standard garantissent que les clients peuvent facilement télécharger l'ensemble de leurs emails, s'ils souhaitent changer de fournisseur. ### Confidentialité Nous préférons que nos prestataires recommandés collectent le moins de données possible. -**Le Meilleur Cas:** +**Minimum pour se qualifier :** - Protéger l'adresse IP de l'expéditeur. Filtrez-la pour qu'elle n'apparaisse pas dans le champ d'en-tête `Received`. -- Ne demandez pas d'Informations Personnelles Identifiables (PII) en plus d'un nom d'utilisateur et d'un mot de passe. +- Ne demandez pas de Données à Caractère Personnel (DCP) en plus d'un nom d'utilisateur et d'un mot de passe. - Politique de confidentialité répondant aux exigences définies par le RGPD. - Ne doit pas être hébergé aux États-Unis en raison de [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism) qui doit [encore être réformé](https://epic.org/ecpa/). **Dans le meilleur des cas :** -- Accepte le Bitcoin, les espèces et d'autres formes de crypto-monnaies et/ou options de paiement anonymes (cartes-cadeaux, etc.). +- Accepte des [options de paiement anonymes](advanced/payments.md) ([crypto-monnaie](cryptocurrency.md), argent liquide, cartes cadeaux, etc.) ### Sécurité -Les serveurs de courrier électronique traitent un grand nombre de données très sensibles. Nous nous attendons à ce que les prestataires adoptent les meilleures pratiques du secteur afin de protéger leurs membres. +Les serveurs mail traitent un grand nombre de données très sensibles. Nous nous attendons à ce que les prestataires adoptent les meilleures pratiques du secteur afin de protéger leurs membres. -**Le Meilleur Cas:** +**Minimum pour se qualifier :** - Protection du webmail avec 2FA, tel que TOTP. - Le chiffrement à accès zéro, qui complète le chiffrement au repos. Le fournisseur ne dispose pas des clés de déchiffrement des données qu'il détient. Cela permet d'éviter qu'un employé malhonnête ne divulgue les données auxquelles il a accès ou qu'un adversaire distant ne divulgue les données qu'il a volées en obtenant un accès non autorisé au serveur. @@ -428,28 +455,28 @@ Les serveurs de courrier électronique traitent un grand nombre de données trè - Des enregistrements [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) valides. - Des enregistrements [SPF](https://fr.wikipedia.org/wiki/Sender_Policy_Framework) et [DKIM](https://fr.wikipedia.org/wiki/DomainKeys_Identified_Mail) valides. - Disposer d'un enregistrement et d'une politique [DMARC](https://fr.wikipedia.org/wiki/DMARC) appropriés ou utiliser [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) pour l'authentification. Si l'authentification DMARC est utilisée, la politique doit être définie comme suit : `reject` ou `quarantine`. -- Une préférence pour les serveurs avec TLS 1.2 ou plus et un plan pour [retirer TLSv1.0 et TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- Une préférence pour une suite de serveur TLS 1.2 ou plus récente et un plan pour [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - Une soumission [SMTPS](https://en.wikipedia.org/wiki/SMTPS), en supposant que le SMTP est utilisé. - Des normes de sécurité des sites web telles que : - - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) + - [HTTP Strict Transport Security](https://fr.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - Une [Intégrité des sous-ressources](https://en.wikipedia.org/wiki/Subresource_Integrity) si des éléments sont chargés depuis des domaines externes. -- Doit prendre en charge l'affichage des [en-têtes de message](https://en.wikipedia.org/wiki/Email#Message_header), car il s'agit d'une fonction d'analyse scientifique essentielle pour déterminer si un e-mail est une tentative de hammeçonnage. +- Doit prendre en charge l'affichage des [en-têtes de message](https://en.wikipedia.org/wiki/Email#Message_header), car il s'agit d'une fonction d'analyse scientifique essentielle pour déterminer si un email est une tentative de hammeçonnage. **Dans le meilleur des cas :** -- Prise en charge de l'authentification matérielle, à savoir Prise en charge de l'authentification matérielle, à savoir U2F et [WebAuthn](https://fr.wikipedia.org/wiki/WebAuthn). U2F et WebAuthn sont plus sûrs car ils utilisent une clé privée stockée sur un dispositif matériel côté client pour authentifier les personnes, par opposition à un secret partagé qui est stocké sur le serveur web et côté client lors de l'utilisation de TOTP. De plus, U2F et WebAuthn sont plus résistants au phishing car leur réponse d'authentification est basée sur le [nom de domaine](https://fr.wikipedia.org/wiki/Nom_de_domaine) authentifié. +- Prise en charge de l'authentification matérielle, à savoir U2F et [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F et WebAuthn sont plus sûrs car ils utilisent une clé privée stockée sur un dispositif matériel côté client pour authentifier les personnes, par opposition à un secret partagé qui est stocké sur le serveur web et côté client lors de l'utilisation de TOTP. De plus, U2F et WebAuthn sont plus résistants au phishing car leur réponse d'authentification est basée sur le [nom de domaine](https://en.wikipedia.org/wiki/Domain_name) authentifié. - Un [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) en plus de la prise en charge de DANE. - Prise en charge de [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), utile pour les personnes qui publient sur des listes de diffusion [RFC8617](https://tools.ietf.org/html/rfc8617). - Des programmes de primes aux bugs et/ou un processus coordonné de divulgation des vulnérabilités. - Des normes de sécurité des sites web telles que : - - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [Content Security Policy (CSP)](https://fr.wikipedia.org/wiki/Content_Security_Policy) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Confiance -Vous ne confieriez pas vos finances à une personne ayant une fausse identité, alors pourquoi lui confier vos e-mails ? Nous exigeons de nos fournisseurs recommandés qu'ils rendent public leur propriété ou leur direction. Nous aimerions également voir des rapports de transparence fréquents, notamment en ce qui concerne la manière dont les demandes de gouvernement sont traitées. +Vous ne confieriez pas vos finances à une personne ayant une fausse identité, alors pourquoi lui confier vos emails ? Nous exigeons de nos fournisseurs recommandés qu'ils rendent public leur propriété ou leur direction. Nous aimerions également voir des rapports de transparence fréquents, notamment en ce qui concerne la manière dont les demandes de gouvernement sont traitées. -**Le Meilleur Cas:** +**Minimum pour se qualifier :** - Une direction ou un propriétaire public. @@ -460,9 +487,9 @@ Vous ne confieriez pas vos finances à une personne ayant une fausse identité, ### Marketing -Avec les fournisseurs de courrier électronique que nous recommandons, nous aimons voir un marketing responsable. +Avec les fournisseurs d'email que nous recommandons, nous aimons voir un marketing responsable. -**Le Meilleur Cas:** +**Minimum pour se qualifier :** - Doit héberger lui-même ses outils d'analyse de traffic (pas de Google Analytics, Adobe Analytics, etc.). Le site du fournisseur doit également se conformer à [DNT (Do Not Track)](https://fr.wikipedia.org/wiki/Do_Not_Track) pour ceux qui souhaitent refuser. @@ -472,14 +499,12 @@ Ne doit pas avoir de marketing irresponsable : - Garantir la protection de l'anonymat à 100%. Lorsque quelqu'un prétend que quelque chose est à 100%, cela signifie qu'il n'y a aucune certitude d'échec. Nous savons que les gens peuvent assez facilement se désanonymiser de plusieurs façons, par exemple : - Réutiliser des informations personnelles (comptes de messagerie, pseudonymes uniques, etc.) auxquelles ils ont eu accès sans logiciel d'anonymat (Tor, VPN, etc.). -- [Empreinte digitale des navigateurs](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) +- [Empreinte numérique des navigateurs](https://fr.wikipedia.org/wiki/Empreinte_digitale_d%27appareil) **Dans le meilleur des cas :** -- Une documentation claire et facile à lire. Notamment pour la mise en place du 2FA, des clients de messagerie, d'OpenPGP, etc. +- Une documentation claire et facile à lire. Notamment pour la mise en place du 2FA, des clients d'email tiers, d'OpenPGP, etc. -### Fonctionnalités Supplémentaires +### Fonctionnalités supplémentaires Bien qu'il ne s'agisse pas d'exigences strictes, nous avons pris en compte d'autres facteurs liés à la commodité ou à la confidentialité pour déterminer les fournisseurs à recommander. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/encryption.md b/i18n/fr/encryption.md index b7ca5f86..27913481 100644 --- a/i18n/fr/encryption.md +++ b/i18n/fr/encryption.md @@ -1,9 +1,10 @@ --- title: "Logiciels de chiffrement" icon: material/file-lock +description: Le chiffrement des données est le seul moyen de contrôler qui peut y accéder. Ces outils vous permettent de chiffrer vos emails et tout autre fichier. --- -Le chiffrement des données est le seul moyen de contrôler de qui peut y accéder. Si vous n'utilisez pas actuellement de logiciel de chiffrement pour votre disque dur, vos e-mails ou vos fichiers, vous devriez choisir une option ici. +Le chiffrement des données est le seul moyen de contrôler qui peut y accéder. Si vous n'utilisez pas actuellement de logiciel de chiffrement pour votre disque dur, vos e-mails ou vos fichiers, vous devriez choisir une option ici. ## Multi-plateforme @@ -353,5 +354,3 @@ Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet - Les applications de chiffrement du système d'exploitation (FDE) devraient utiliser une sécurité matérielle telle qu'un TPM ou Secure Enclave. - Les applications de chiffrement de fichiers doivent bénéficier d'une prise en charge native ou tierce pour les plateformes mobiles. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/file-sharing.md b/i18n/fr/file-sharing.md index 23c93be7..35afc507 100644 --- a/i18n/fr/file-sharing.md +++ b/i18n/fr/file-sharing.md @@ -1,6 +1,7 @@ --- title: "Partage et synchronisation de fichiers" icon: material/share-variant +description: Découvrez comment partager vos fichiers en toute confidentialité entre vos appareils, avec vos amis et votre famille, ou de manière anonyme en ligne. --- Découvrez comment partager vos fichiers en toute confidentialité entre vos appareils, avec vos amis et votre famille, ou de manière anonyme en ligne. @@ -144,5 +145,3 @@ Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet - Dispose de clients mobiles pour iOS et Android, qui permettent au moins de prévisualiser les documents. - Prend en charge la sauvegarde des photos à partir d'iOS et d'Android et, en option, la synchronisation des fichiers/dossiers sur Android. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/financial-services.md b/i18n/fr/financial-services.md new file mode 100644 index 00000000..cd0982af --- /dev/null +++ b/i18n/fr/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Services financiers +icon: material/bank +--- + +Effectuer des paiements en ligne est l'un des plus grands défis en matière de protection de la vie privée. Ces services peuvent vous aider à protéger votre vie privée contre les marchands et autres traqueurs, à condition que vous ayez une bonne compréhension de la façon d'effectuer des paiements privés de manière efficace. Nous vous encourageons vivement à lire notre article sur les paiements avant d'effectuer tout achat : + +[Effectuer des paiements privés :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Services de masquage des paiements + +Il existe un certain nombre de services qui fournissent des "cartes de débit virtuelles" que vous pouvez utiliser avec les commerçants en ligne sans révéler vos informations bancaires ou de facturation réelles dans la plupart des cas. Il est important de noter que ces services financiers ne sont **pas** anonymes et qu'ils sont soumis aux lois relatives à la connaissance du client (KYC) et peuvent nécessiter une pièce d'identité ou d'autres informations d'identification. Ces services sont principalement utiles pour vous protéger contre les fuites de données des commerçants, le pistage peu sophistiqué ou la corrélation des achats par les agences de marketing, et le vol de données en ligne ; et **non pas** pour effectuer un achat de manière totalement anonyme. + +!!! tip "Vérifiez votre banque" + + De nombreuses banques et fournisseurs de cartes de crédit proposent une fonctionnalité native de carte virtuelle. Si vous en utilisez une qui offre déjà cette option, vous devriez, dans la plupart des cas, l'utiliser plutôt que de suivre les recommandations suivantes. De cette manière, vous ne confiez pas vos informations personnelles à plusieurs personnes. + +### Privacy.com (États-Unis) + +!!! recommendation + + ![logo Privacy.com](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![logo Privacy.com](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + L'offre gratuite de **Privacy.com** vous permet de créer jusqu'à 12 cartes virtuelles par mois, de fixer des limites de dépenses pour ces cartes et de les arrêter instantanément. Son offre payante vous permet de créer jusqu'à 36 cartes par mois, d'obtenir 1 % de remise en argent sur vos achats et de masquer les informations relatives aux transactions à votre banque. + + [:octicons-home-16: Page d'accueil](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Politique de confidentialité" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com transmet par défaut à votre banque des informations sur les commerçants auprès desquels vous effectuez des achats. La fonction payante "marchands discrets" cache les informations relatives aux marchands à votre banque, de sorte que votre banque voit seulement qu'un achat a été effectué auprès de Privacy.com, mais pas où l'argent a été dépensé, mais ce n'est pas infaillible et, bien sûr, Privacy.com a toujours connaissance des marchands auprès desquels vous dépensez de l'argent. + +### MySudo (États-Unis, payant) + +!!! recommendation + + ![logo MySudo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![logo MySudo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** fournit jusqu'à 9 cartes virtuelles en fonction de l'offre que vous prenez. Leurs offres payantes comprennent en outre des fonctionnalités qui peuvent être utiles pour effectuer des achats de façon privée, telles que des numéros de téléphone et des adresses email virtuels, bien que nous recommandions généralement d'autres [fournisseurs d'alias d'email](email.md) pour une utilisation plus poussée des alias d'email. + + [:octicons-home-16: Page d'accueil](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Politique de confidentialité" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Critères + +**Veuillez noter que nous ne sommes affiliés à aucun des projets que nous recommandons.** En plus de [nos critères de base](about/criteria.md), nous avons développé un ensemble d'exigences claires pour nous permettre de fournir des recommandations objectives. Nous vous suggérons de vous familiariser avec cette liste avant de choisir d'utiliser un projet, et de mener vos propres recherches pour vous assurer que c'est le bon choix pour vous. + +!!! example "Cette section est récente" + + Nous travaillons à l'établissement de critères définis pour chaque section de notre site, et celles-ci peuvent être sujet à changement. Si vous avez des questions sur nos critères, veuillez [poser la question sur notre forum](https://discuss.privacyguides.net/latest) et ne supposez pas que nous n'avons pas pris en compte un élément dans nos recommandations s'il ne figure pas dans la liste. De nombreux facteurs sont pris en compte et discutés lorsque nous recommandons un projet, et la documentation de chacun d'entre eux est en cours. + +- Permet de créer plusieurs cartes qui servent de bouclier entre le commerçant et vos finances personnelles. +- Les cartes ne doivent pas vous obliger à fournir au commerçant des informations exactes sur l'adresse de facturation. + +## Marchés de cartes-cadeaux + +Ces services vous permettent d'acheter des cartes-cadeaux pour une variété de marchands en ligne avec de la [crypto-monnaie](cryptocurrency.md). Certains de ces services proposent des options de vérification d'identité pour des limites plus élevées, mais ils permettent également d'ouvrir des comptes avec une simple adresse email. Les limites de base commencent généralement à 5 000 - 10 000 $ par jour pour les comptes de base, et des limites nettement plus élevées sont proposées pour les comptes à identité vérifiée (le cas échéant). + +### Cake Pay + +!!! recommendation + + ![Logo CakePay](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** vous permet d'acheter des cartes-cadeaux et des produits connexes avec du Monero. Les achats auprès de commerçants américains sont disponibles dans l'application mobile Cake Wallet, tandis que l'application web Cake Pay comprend une large sélection de commerçants internationaux. + + [:octicons-home-16: Page d'accueil](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Politique de confidentialité" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![Logo CakePay](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (disponible aux États-Unis, au Canada et au Royaume-Uni) vous permet d'acheter des cartes-cadeaux auprès d'un grand nombre de commerçants. + + [:octicons-home-16: Page d'accueil](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Politique de confidentialité" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Critères + +**Veuillez noter que nous ne sommes affiliés à aucun des projets que nous recommandons.** En plus de [nos critères de base](about/criteria.md), nous avons développé un ensemble d'exigences claires pour nous permettre de fournir des recommandations objectives. Nous vous suggérons de vous familiariser avec cette liste avant de choisir d'utiliser un projet, et de mener vos propres recherches pour vous assurer que c'est le bon choix pour vous. + +!!! example "Cette section est récente" + + Nous travaillons à l'établissement de critères définis pour chaque section de notre site, et celles-ci peuvent être sujet à changement. Si vous avez des questions sur nos critères, veuillez [poser la question sur notre forum](https://discuss.privacyguides.net/latest) et ne supposez pas que nous n'avons pas pris en compte un élément dans nos recommandations s'il ne figure pas dans la liste. De nombreux facteurs sont pris en compte et discutés lorsque nous recommandons un projet, et la documentation de chacun d'entre eux est en cours. + +- Accepte les paiements dans [une crypto-monnaie recommandée](cryptocurrency.md). +- Pas d'obligation d'identification. diff --git a/i18n/fr/frontends.md b/i18n/fr/frontends.md index 98d9e33b..1e24dce2 100644 --- a/i18n/fr/frontends.md +++ b/i18n/fr/frontends.md @@ -1,6 +1,7 @@ --- title: "Clients applicatifs" icon: material/flip-to-front +description: Ces clients applicatifs open source pour divers services internet vous permettent d'accéder au contenu sans JavaScript ou d'autres inconvénients. --- Parfois, des services tentent de vous obliger à créer un compte en bloquant l'accès au contenu par des fenêtres pop-up gênantes. Ils peuvent également ne pas fonctionner sans JavaScript activé. Ces interfaces client peuvent vous permettre de contourner ces restrictions. @@ -264,5 +265,3 @@ Clients recommandés... Nous ne prenons en compte que les clients des sites web qui sont... - Normalement non accessible sans JavaScript. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/index.md b/i18n/fr/index.md index 4da48675..bd62f85d 100644 --- a/i18n/fr/index.md +++ b/i18n/fr/index.md @@ -40,5 +40,3 @@ Essayer de protéger toutes vos données contre tout le monde, tout le temps, es [:material-hand-coin-outline:](about/donate.md){ title="Soutenir le projet" } Il est important pour un site web comme Privacy Guides de toujours rester à jour. Nous avons besoin que notre public garde un œil sur les mises à jour logicielles des applications répertoriées sur notre site et suive l'actualité récente des fournisseurs que nous recommandons. Internet évolue à une vitesse telle, qu'il est difficile de suivre le rythme, mais nous faisons de notre mieux. Si vous repérez une erreur, que vous pensez qu'un fournisseur ne devrait pas figurer dans la liste, remarquez l'absence d'un fournisseur qualifié, pensez qu'un plugin de navigateur n'est plus le meilleur choix ou si vous découvrez tout autre problème, veuillez nous en informer. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/kb-archive.md b/i18n/fr/kb-archive.md index 7e071206..a5e91e87 100644 --- a/i18n/fr/kb-archive.md +++ b/i18n/fr/kb-archive.md @@ -1,6 +1,7 @@ --- title: Archives icon: material/archive +description: Certaines pages qui se trouvaient auparavant dans notre base de connaissances peuvent désormais être consultées sur notre blog. --- # Pages déplacées vers le blog @@ -14,5 +15,3 @@ Certaines pages qui se trouvaient auparavant dans notre base de connaissances pe - [Effacement sécurisé des données](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Intégration de la suppression des métadonnées](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [Guide de configuration iOS](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/meta/brand.md b/i18n/fr/meta/brand.md index 898a9fc0..9b129772 100644 --- a/i18n/fr/meta/brand.md +++ b/i18n/fr/meta/brand.md @@ -1,8 +1,8 @@ --- -title: Branding Guidelines +title: Consignes relatives à la marque --- -The name of the website is **Privacy Guides** and should **not** be changed to: +Le nom du site web est **Privacy Guides** et ne devrait **pas** être changé en :
- PrivacyGuides @@ -11,14 +11,12 @@ The name of the website is **Privacy Guides** and should **not** be changed to: - PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**. +Le nom du subreddit est **r/PrivacyGuides** ou **the Privacy Guides Subreddit**. -Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand) +D'autres directives relatives à l'image de marque sont disponibles à l'adresse [github.com/privacyguides/brand](https://github.com/privacyguides/brand) -## Trademark +## Marque déposée -"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. +"Privacy Guides" et le logo du bouclier sont des marques déposées appartenant à Jonah Aragon, l'utilisation illimitée est accordée au projet Privacy Guides. -Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.fr.txt" +Sans renoncer à aucun de ses droits, Privacy Guides ne conseille pas les autres sur l'étendue de ses droits de propriété intellectuelle. Privacy Guides ne permet ni ne consent à aucune utilisation de ses marques déposées d'une manière qui est susceptible de causer une confusion en impliquant une association avec ou un parrainage par Privacy Guides. Si vous avez connaissance d'une telle utilisation, veuillez contacter Jonah Aragon à l'adresse jonah@privacyguides.org. Consultez votre conseiller juridique si vous avez des questions. diff --git a/i18n/fr/meta/git-recommendations.md b/i18n/fr/meta/git-recommendations.md index 68a5f9fb..93590d9c 100644 --- a/i18n/fr/meta/git-recommendations.md +++ b/i18n/fr/meta/git-recommendations.md @@ -1,48 +1,46 @@ --- -title: Git Recommendations +title: Recommandations Git --- -If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations. +Si vous apportez des modifications à ce site web directement sur l'éditeur web de GitHub.com, vous ne devriez pas avoir à vous en soucier. Si vous développez localement et/ou êtes un éditeur du site web à long terme (qui devrait probablement développer localement !), tenez compte de ces recommandations. -## Enable SSH Key Commit Signing +## Activer la signature de commit par clé SSH -You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent). +Vous pouvez utiliser une clé SSH existante pour la signature, ou [en créer une nouvelle](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent). -1. Configure your Git client to sign commits and tags by default (remove `--global` to only sign by default for this repo): +1. Configurez votre client Git pour signer les commits et les tags par défaut (supprimez `--global` pour ne signer par défaut que pour ce dépôt) : ``` git config --global commit.gpgsign true git config --global gpg.format ssh git config --global tag.gpgSign true ``` -2. Copy your SSH public key to your clipboard, for example: +2. Copiez votre clé publique SSH dans votre presse-papiers, par exemple : ``` pbcopy < ~/.ssh/id_ed25519.pub # Copies the contents of the id_ed25519.pub file to your clipboard ``` -3. Set your SSH key for signing in Git with the following command, replacing the last string in quotes with the public key in your clipboard: +3. Définissez votre clé SSH pour la signature dans Git avec la commande suivante, en remplaçant la dernière chaîne entre guillemets par la clé publique dans votre presse-papiers : ``` git config --global user.signingkey 'ssh-ed25519 AAAAC3(...) user@example.com' ``` -Ensure you [add your SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) **as a Signing Key** (as opposed to or in addition to as an Authentication Key). +Assurez-vous que vous [ajoutez votre clé SSH à votre compte GitHub](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) **en tant que clé de signature** (par opposition ou en plus qu'en tant que clé d'authentification). ## Rebase on Git pull -Use `git pull --rebase` instead of `git pull` when pulling in changes from GitHub to your local machine. This way your local changes will always be "on top of" the latest changes on GitHub, and you avoid merge commits (which are disallowed in this repo). +Utilisez `git pull --rebase` au lieu de `git pull` pour transférer les modifications de GitHub vers votre machine locale. De cette façon, vos modifications locales seront toujours "au dessus" des dernières modifications sur GitHub, et vous évitez les commits de merge (qui sont interdits dans ce dépôt). -You can set this to be the default behavior: +Vous pouvez définir cette option comme étant le comportement par défaut : ``` git config --global pull.rebase true ``` -## Rebase from `main` before submitting a PR +## Rebase depuis `main` avant de soumettre une PR -If you are working on your own branch, run these commands before submitting a PR: +Si vous travaillez sur votre propre branche, exécutez ces commandes avant de soumettre une PR : ``` git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/meta/uploading-images.md b/i18n/fr/meta/uploading-images.md index f219f108..fa2bf899 100644 --- a/i18n/fr/meta/uploading-images.md +++ b/i18n/fr/meta/uploading-images.md @@ -1,23 +1,23 @@ --- -title: Uploading Images +title: Envoi d'images --- -Here are a couple of general rules for contributing to Privacy Guides: +Voici quelques règles générales pour contribuer à Privacy Guides : ## Images -- We **prefer** SVG images, but if those do not exist we can use PNG images +- Nous **préférons** des images SVG, mais si celles-ci n'existent pas, nous pouvons utiliser des images PNG -Company logos have canvas size of: +Les logos d'entreprise ont une taille canvas de : - 128x128px - 384x128px -## Optimization +## Optimisation ### PNG -Use the [OptiPNG](https://sourceforge.net/projects/optipng/) to optimize the PNG image: +Utilisez le logiciel [OptiPNG](https://sourceforge.net/projects/optipng/) pour optimiser l'image PNG : ```bash optipng -o7 file.png @@ -27,51 +27,51 @@ optipng -o7 file.png #### Inkscape -[Scour](https://github.com/scour-project/scour) all SVG images. +[Scour](https://github.com/scour-project/scour) toutes les images SVG. -In Inkscape: +Dans Inkscape : -1. File Save As.. -2. Set type to Optimized SVG (*.svg) +1. Fichier Enregistrer sous.. +2. Définir le type à SVG optimisé (*.svg) -In the **Options** tab: +Dans l'onglet **Options** : -- **Number of significant digits for coordinates** > **5** -- [x] Turn on **Shorten color values** -- [x] Turn on **Convert CSS attributes to XML attributes** -- [x] Turn on **Collapse groups** -- [x] Turn on **Create groups for similar attributes** -- [ ] Turn off **Keep editor data** -- [ ] Turn off **Keep unreferenced definitions** -- [x] Turn on **Work around renderer bugs** +- **Nombre de chiffres significatifs pour les coordonnées** > **5** +- [x] Activez **Raccourcir les valeurs de couleur** +- [x] Activez **Convertir les attributs CSS en attributs XML** +- [x] Activez **Réduire les groupes** +- [x] Activez **Créer des groupes pour des attributs similaires** +- [ ] Désactivez **Conserver les données de l'éditeur** +- [ ] Désactivez **Conserver les définitions non référencées** +- [x] Activez **Contourner les bugs du moteur de rendu** -In the **SVG Output** tab under **Document options**: +Dans l'onglet **Sortie SVG** sous **Options du document** : -- [ ] Turn off **Remove the XML declaration** -- [x] Turn on **Remove metadata** -- [x] Turn on **Remove comments** -- [x] Turn on **Embeded raster images** -- [x] Turn on **Enable viewboxing** +- [ ] Désactivez **Supprimer la déclaration XML** +- [x] Activez **Supprimer les métadonnées** +- [x] Activez **Supprimer les commentaires** +- [x] Activez **Images matricielles incorporées** +- [x] Activez **Activer le viewboxing** -In the **SVG Output** under **Pretty-printing**: +Dans le document **Sortie SVG** sous **Pretty-printing** : -- [ ] Turn off **Format output with line-breaks and indentation** -- **Indentation characters** > Select **Space** -- **Depth of indentation** > **1** -- [ ] Turn off **Strip the "xml:space" attribute from the root SVG element** +- [ ] Désactivez **Formatage de la sortie avec sauts de ligne et indentation** +- **Caractères d'indentation** > Sélectionnez **Espace** +- **Profondeur de l'indentation** > **1** +- [ ] Désactivez **Supprimer l'attribut "xml:space" de l'élément SVG racine** -In the **IDs** tab: +Dans l'onglet **identifiants** : -- [x] Turn on **Remove unused IDs** -- [ ] Turn off **Shorten IDs** -- **Prefix shortened IDs with** > `leave blank` -- [x] Turn on **Preserve manually created IDs not ending with digits** -- **Preserve the following IDs** > `leave blank` -- **Preserve IDs starting with** > `leave blank` +- [x] Activez **Supprimer les identifiants inutilisés** +- [ ] Désactivez **Raccourcir les identifiants** +- **Préfixer les identifiants raccourcis avec** > `leave blank` +- [x] Activez **Préserver les identifiants créés manuellement ne se terminant pas par des chiffres** +- **Conserver les identifiants suivants** > `leave blank` +- **Préserver les identifiants commençant par** > `leave blank` -#### CLI +#### Invite de commande -The same can be achieved with the [Scour](https://github.com/scour-project/scour) command: +La même chose peut être réalisée avec la commande [Scour](https://github.com/scour-project/scour) : ```bash scour --set-precision=5 \ @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/meta/writing-style.md b/i18n/fr/meta/writing-style.md index b4143422..949175c4 100644 --- a/i18n/fr/meta/writing-style.md +++ b/i18n/fr/meta/writing-style.md @@ -1,89 +1,87 @@ --- -title: Writing Style +title: Style d'écriture --- -Privacy Guides is written in American English, and you should refer to [APA Style guidelines](https://apastyle.apa.org/style-grammar-guidelines/grammar) when in doubt. +Privacy Guides est rédigé en anglais américain, et vous devez vous référer aux directives de [style APA](https://apastyle.apa.org/style-grammar-guidelines/grammar) en cas de doute. -In general the [United States federal plain language guidelines](https://www.plainlanguage.gov/guidelines/) provide a good overview of how to write clearly and concisely. We highlight a few important notes from these guidelines below. +En général, les [directives fédérales américaines en matière de langage clair](https://www.plainlanguage.gov/guidelines/) fournissent un bon aperçu de la manière d'écrire de façon claire et concise. Nous soulignons ci-dessous quelques notes importantes de ces directives. -## Writing for our audience +## Écrire pour notre public -Privacy Guides' intended [audience](https://www.plainlanguage.gov/guidelines/audience/) is primarily average, technology using adults. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with. +Le [public](https://www.plainlanguage.gov/guidelines/audience/) visé par Privacy Guides est principalement constitué d'adultes moyens, utilisant la technologie. Ne simplifiez pas le contenu comme si vous vous adressiez à une classe d'école primaire, mais n'abusez pas d'une terminologie compliquée concernant des concepts que l'utilisateur moyen d'un ordinateur ne connaît pas. -### Address only what people want to know +### N'aborder que ce que les gens veulent savoir -People don't need overly complex articles with little relevance to them. Figure out what you want people to accomplish when writing an article, and only include those details. +Les gens n'ont pas besoin d'articles trop complexes et peu pertinents pour eux. Déterminez ce que vous voulez que les gens accomplissent en écrivant un article, et n'incluez que ces détails. -> Tell your audience why the material is important to them. Say, “If you want a research grant, here’s what you have to do.” Or, “If you want to mine federal coal, here’s what you should know.” Or, “If you’re planning a trip to Rwanda, read this first.” +> Expliquez à votre public pourquoi le contenu est important pour lui. Dites : "Si vous voulez une bourse de recherche, voici ce que vous devez faire." Ou, "Si vous voulez exploiter le charbon fédéral, voici ce que vous devez savoir." Ou, "Si vous prévoyez un voyage au Rwanda, lisez ça d'abord." -### Address people directly +### S'adresser directement aux gens -We're writing *for* a wide variety of people, but we are writing *to* the person who is actually reading it. Use "you" to address the reader directly. +Nous écrivons *pour* une grande variété de personnes, mais nous écrivons *à* la personne qui le lit. Utilisez le "vous" pour vous adresser directement au lecteur. -> More than any other single technique, using “you” pulls users into the information and makes it relevant to them. +> Plus que toute autre technique, l'utilisation du "vous" attire les utilisateurs vers l'information et la rend pertinente pour eux. > -> When you use “you” to address users, they are more likely to understand what their responsibility is. +> Lorsque vous utilisez le "vous" pour vous adresser aux utilisateurs, ceux-ci sont plus susceptibles de comprendre quelle est leur responsabilité. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/) +Source : [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/) -### Avoid "users" +### Évitez les "utilisateurs" -Avoid calling people "users", in favor of "people", or a more specific description of the group of people you are writing for. +Évitez d'appeler les gens "utilisateurs", en faveur de "personnes", ou d'une description plus spécifique du groupe de personnes pour lequel vous écrivez. -## Organizing content +## Organiser le contenu -Organization is key. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas. +L'organisation est clé. Le contenu doit aller de l'information la plus importante à l'information la moins importante, et utiliser les en-têtes autant que nécessaire pour séparer logiquement les différentes idées. -- Limit the document to around five or six sections. Long documents should probably be broken up into separate pages. -- Mark important ideas with **bold** or *italics*. +- Limitez le document à environ cinq ou six sections. Les documents longs devraient probablement être divisés en pages séparées. +- Marquez les idées importantes avec **du gras** ou *de l'italique*. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/) +Source : [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/) -### Begin with a topic sentence +### Commencez par une phrase sujet -> If you tell your reader what they’re going to read about, they’re less likely to have to read your paragraph again. Headings help, but they’re not enough. Establish a context for your audience before you provide them with the details. +> Si vous indiquez à votre lecteur le sujet qu'il va lire, il est moins susceptible de devoir relire votre paragraphe. Les titres sont utiles, mais ils ne suffisent pas. Établissez un contexte pour votre public avant de lui fournir les détails. > -> We often write the way we think, putting our premises first and then our conclusion. It may be the natural way to develop thoughts, but we wind up with the topic sentence at the end of the paragraph. Move it up front and let users know where you’re going. Don’t make readers hold a lot of information in their heads before getting to the point. +> Nous écrivons souvent de la même manière que nous pensons, en mettant nos prémisses en premier et ensuite notre conclusion. C'est peut-être la façon naturelle de développer des pensées, mais nous nous retrouvons avec la phrase sujet à la fin du paragraphe. Déplacez-la au début et laissez les utilisateurs savoir où vous allez. N'obligez pas les lecteurs à retenir un grand nombre d'informations dans leur tête avant d'en venir au fait. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/) +Source : [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/) -## Choose your words carefully +## Choisissez vos mots avec soin -> Words matter. They are the most basic building blocks of written and spoken communication. Don’t complicate things by using jargon, technical terms, or abbreviations that people won’t understand. +> Les mots sont importants. Ils constituent les éléments de base de la communication écrite et orale. Ne compliquez pas les choses en utilisant du jargon, des termes techniques ou des abréviations que les gens ne comprendront pas. -We should try to avoid abbreviations where possible, but technology is full of abbreviations. In general, spell out the abbreviation/acronym the first time it is used on a page, and add the abbreviation to the abbreviation glossary file when it is used repeatedly. +Nous devrions essayer d'éviter les abréviations dans la mesure du possible, mais la technologie est pleine d'abréviations. En général, il faut épeler l'abréviation/acronyme la première fois qu'elle est utilisée sur une page, et l'ajouter au fichier du glossaire des abréviations lorsqu'elle est utilisée à plusieurs reprises. -> Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences: +> Kathy McGinty propose des instructions ironiques pour étoffer vos phrases simples et directes : > -> > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. on weekends. +> > On ne peut échapper au fait qu'il est considéré comme très important de noter qu'un certain nombre d'études disponibles applicables ont ipso facto généralement identifié le fait que des emplois nocturnes supplémentaires appropriés pourraient généralement empêcher les adolescents mineurs de circuler sur les voies publiques pendant les heures de nuit, y compris, mais sans s'y limiter, avant minuit les soirs de semaine et/ou 2 heures du matin. Les week-ends. > -> And the original, using stronger, simpler words: +> Et l'original, en utilisant des mots plus forts et plus simples : > -> > More night jobs would keep youths off the streets. +> > La multiplication des emplois de nuit éloignerait les jeunes de la rue. -## Be concise +## Soyez concis -> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective. +> Les mots inutiles font perdre du temps à votre public. Une bonne écriture est comme une conversation. Omettez les informations que le public n'a pas besoin de connaître. Cela peut s'avérer difficile pour un expert en la matière. Il est donc important que quelqu'un examine les informations du point de vue du public. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) +Source : [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) -## Keep text conversational +## Garder le texte conversationnel -> Verbs are the fuel of writing. They give your sentences power and direction. They enliven your writing and make it more interesting. +> Les verbes sont le carburant de l'écriture. Ils donnent à vos phrases un pouvoir et une direction. Ils animent vos écrits et les rendent plus intéressants. > -> Verbs tell your audience what to do. Make sure it’s clear who does what. +> Les verbes indiquent à votre public ce qu'il doit faire. Ils veillent à ce que la répartition des tâches soit claire. -### Use active voice +### Utilisez la voix active -> Active voice makes it clear who is supposed to do what. It eliminates ambiguity about responsibilities. Not “It must be done,” but “You must do it.” +> La voix active indique clairement qui est censé faire quoi. Il élimine toute ambiguïté quant aux responsabilités. Pas "Il faut le faire", mais "Vous devez le faire" -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversational/use-active-voice/) +Source : [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversational/use-active-voice/) -### Use "must" for requirements +### Utilisez "doit" pour les exigences -> - “must” for an obligation -> - “must not” for a prohibition -> - “may” for a discretionary action -> - “should” for a recommendation - ---8<-- "includes/abbreviations.fr.txt" +> - "doit" pour une obligation +> - "ne doit pas" pour une interdiction +> - "peut" pour une action discrétionnaire +> - "devrait" pour une recommandation diff --git a/i18n/fr/mobile-browsers.md b/i18n/fr/mobile-browsers.md index 247af1e0..275fcb3f 100644 --- a/i18n/fr/mobile-browsers.md +++ b/i18n/fr/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Navigateurs mobiles" icon: material/cellphone-information +description: Ces navigateurs sont ceux que nous recommandons actuellement pour la navigation internet standard/non anonyme sur votre téléphone. --- Il s'agit des navigateurs web mobiles et des configurations que nous recommandons actuellement. Si vous avez besoin de naviguer anonymement sur Internet, vous devriez plutôt utiliser [Tor](tor.md). D'une manière générale, nous vous recommandons de limiter au maximum les extensions ; elles ont un accès privilégié dans votre navigateur, vous obligent à faire confiance au développeur, peuvent vous faire sortir du lot [](https://fr.wikipedia.org/wiki/Empreinte_digitale_d%27appareil), et [affaiblissent l'isolation du site](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) . @@ -189,5 +190,3 @@ Les listes de filtres supplémentaires ralentissent la navigation et peuvent aug - Ne doit pas dupliquer une fonctionnalité intégrée dans le navigateur ou dans le système d'exploitation. - Doit avoir un impact direct sur la vie privée des utilisateurs, c'est-à-dire qu'il ne doit pas simplement fournir des informations. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/multi-factor-authentication.md b/i18n/fr/multi-factor-authentication.md index 13cf896c..ec775471 100644 --- a/i18n/fr/multi-factor-authentication.md +++ b/i18n/fr/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Outils d'authentification multi-facteurs" icon: 'material/two-factor-authentication' +description: Ces outils vous aident à sécuriser vos comptes internet grâce à l'authentification multifactorielle sans transmettre vos secrets à un tiers. --- ## Clés de sécurité matérielles @@ -140,5 +141,3 @@ Nous vous recommandons vivement d'utiliser des applications TOTP mobiles plutôt - Ne doit pas nécessiter de connexion à internet. - Ne doit pas se synchroniser avec un service tiers de synchronisation/sauvegarde cloud. - La prise en charge **facultative** de la synchronisation E2EE avec des outils natifs du système d'exploitation est acceptable, par exemple la synchronisation chiffrée via iCloud. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/news-aggregators.md b/i18n/fr/news-aggregators.md index ec5f4120..ecbf72c6 100644 --- a/i18n/fr/news-aggregators.md +++ b/i18n/fr/news-aggregators.md @@ -1,6 +1,7 @@ --- title: "Agrégateurs d'actualités" icon: material/rss +description: Ces clients agrégateurs d'actualités vous permettent de suivre vos blogs et sites d'information préférés en utilisant des normes internet telles que RSS. --- Un [agrégateur d'actualités](https://en.wikipedia.org/wiki/News_aggregator) est un moyen de suivre vos blogs et sites d'actualités préférés. @@ -169,5 +170,3 @@ Vous pouvez vous abonner aux chaînes YouTube sans vous connecter et sans associ ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/notebooks.md b/i18n/fr/notebooks.md index 553be8cc..a3ef7a22 100644 --- a/i18n/fr/notebooks.md +++ b/i18n/fr/notebooks.md @@ -1,6 +1,7 @@ --- title: "Bloc-notes" icon: material/notebook-edit-outline +description: Ces applications de prise de notes chiffrées vous permettent de garder une trace de vos notes sans les transmettre à un tiers. --- Gardez une trace de vos notes et de vos journaux sans les donner à un tiers. @@ -111,5 +112,3 @@ Cryptee offre 100 Mo de stockage gratuit, avec des options payantes si vous avez - La fonctionnalité de sauvegarde/synchronisation locale doit prendre en charge le chiffrement. - Les plateformes basées sur le cloud doivent permettre le partage de documents. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/os/android-overview.md b/i18n/fr/os/android-overview.md index ddd6a952..39605b62 100644 --- a/i18n/fr/os/android-overview.md +++ b/i18n/fr/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Introduction à Android icon: simple/android +description: Android est un système d'exploitation open source doté de solides protections de sécurité, ce qui en fait notre premier choix pour les téléphones. --- Android est un système d'exploitation sécurisé qui dispose d'un [sandboxing](https://source.android.com/security/app-sandbox) solide, du [Démarrage Vérifié](https://source.android.com/security/verifiedboot) (AVB), et d'un système de contrôle des [autorisations](https://developer.android.com/guide/topics/permissions/overview) robuste. @@ -53,9 +54,44 @@ Il est important de ne pas utiliser une version d'Android [en fin de vie](https: ## Autorisations d'Android -Les [autorisations sur Android](https://developer.android.com/guide/topics/permissions/overview) vous permettent de contrôler ce que les applications ont le droit d'accéder. Google apporte régulièrement des [améliorations](https://developer.android.com/about/versions/11/privacy/permissions) sur le système d'autorisations à chaque nouvelle version d'Android. Toutes les applications que vous installez sont strictement [isolées](https://source.android.com/security/app-sandbox), il n'est donc pas nécessaire d'installer des applications antivirus. Un smartphone avec la dernière version d'Android sera toujours plus sécurisé qu'un ancien smartphone muni d'un antivirus que vous aurez payé. Il est plutôt conseillé de ne pas payer pour ces antivirus et d'économiser pour acheter un smartphone neuf tel qu'un Google Pixel. +Les [autorisations sur Android](https://developer.android.com/guide/topics/permissions/overview) vous permettent de contrôler ce que les applications ont le droit d'accéder. Google apporte régulièrement des [améliorations](https://developer.android.com/about/versions/11/privacy/permissions) sur le système d'autorisations à chaque nouvelle version d'Android. Toutes les applications que vous installez sont strictement [isolées](https://source.android.com/security/app-sandbox), il n'est donc pas nécessaire d'installer des applications antivirus. -Si vous souhaitez utiliser une application dont vous n'êtes pas sûr, envisagez d'utiliser un profil utilisateur ou professionnel. +Un smartphone équipé de la dernière version d'Android sera toujours plus sûr qu'un vieux smartphone équipé d'un antivirus que vous avez payé. Il est préférable de ne pas payer pour un logiciel antivirus et d'économiser pour acheter un nouveau smartphone, comme un Google Pixel. + +Android 10 : + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) vous donne plus de contrôle sur vos fichiers et peut limiter ce qui peut [accéder au stockage externe](https://developer.android.com/training/data-storage?hl=fr#permissions). Les applications peuvent avoir un répertoire spécifique dans le stockage externe ainsi que la possibilité d'y stocker des types de médias spécifiques. +- Un acès plus strict à l'emplacement du dispositif [](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) en introduisant la permission `ACCESS_BACKGROUND_LOCATION` . Cela empêche les applications d'accéder à l'emplacement lorsqu'elles fonctionnent en arrière-plan sans l'autorisation expresse de l'utilisateur. + +Android 11 : + +- [Permissions uniques](https://developer.android.com/about/versions/11/privacy/permissions#one-time) qui vous permet d'accorder une permission à une application une seule fois. +- [Réinitialisation automatique des autorisations](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), qui réinitialise [les autorisations d'exécution](https://developer.android.com/guide/topics/permissions/overview#runtime) accordées lors de l'ouverture de l'application. +- Autorisations granulaires pour accéder aux fonctions liées au numéro de téléphone [](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers). + +Android 12 : + +- Une permission d'accorder uniquement l'emplacement approximatif [](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Réinitialisation automatique des [applications en hibernation](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Audit de l'accès aux données](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) qui permet de déterminer plus facilement quelle partie d'une application effectue un type spécifique d'accès aux données. + +Android 13 : + +- Une autorisation pour [un accès wifi à proximité](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). Les adresses MAC des points d'accès WiFi à proximité étaient un moyen populaire pour les applications de suivre la localisation d'un utilisateur. +- Plus d'[autorisations granulaires pour les médias](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), ce qui signifie que vous pouvez accorder l'accès uniquement aux images, aux vidéos ou aux fichiers audio. +- L'utilisation de capteurs en arrière-plan nécessite désormais l'autorisation [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) . + +Une application peut demander une autorisation pour une fonction spécifique qu'elle possède. Par exemple, toute application permettant de scanner des codes QR nécessitera l'autorisation de l'appareil photo. Certaines applications peuvent demander plus de permissions qu'elles n'en ont besoin. + +[Exodus](https://exodus-privacy.eu.org/fr//) peut être utile pour comparer des applications ayant des objectifs similaires. Si une application nécessite de nombreuses autorisations et comporte beaucoup de publicité et d'analyses, c'est probablement un mauvais signe. **Nous vous recommandons de regarder les trackers individuels et de lire leurs descriptions plutôt que de vous contenter de compter le total** et de supposer que tous les éléments énumérés sont égaux. + +!!! warning "Avertissement" + + Si une application est principalement un service web, le suivi peut se faire du côté du serveur. [Facebook](https://reports.exodus-privacy.eu.org/fr/reports/com.facebook.katana/latest/) n'affiche "aucun traceur" mais suit certainement les intérêts et le comportement des utilisateurs sur le site. Les applications peuvent échapper à la détection en n'utilisant pas les bibliothèques de code standard produites par le secteur de la publicité, bien que cela soit peu probable. + +!!! note "À noter" + + Les applications respectueuses de la vie privée telles que [Bitwarden](https://reports.exodus-privacy.eu.org/fr/reports/com.x8bit.bitwarden/latest/) peuvent afficher certains traceurs tels que [Google Firebase Analytics] (https://reports.exodus-privacy.eu.org/fr/trackers/49/). Cette bibliothèque comprend [Firebase Cloud Messaging] (https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) qui peut fournir des [notifications push] (https://fr.wikipedia.org/wiki/Server_push) dans les applications. C'est le cas (https://fosstodon.org/@bitwarden/109636825700482007) avec Bitwarden. Cela ne signifie pas que Bitwarden utilise toutes les fonctionnalités d'analyse fournies par Google Firebase Analytics. ## Accès aux médias @@ -131,5 +167,3 @@ Vous aurez la possibilité de supprimer votre identifiant publicitaire ou de *re [SafetyNet](https://developer.android.com/training/safetynet/attestation) et les [API Play Integrity](https://developer.android.com/google/play/integrity) sont généralement utilisés pour des [applications bancaires](https://grapheneos.org/usage#banking-apps). De nombreuses applications bancaires fonctionneront sans problème sur GrapheneOS avec les services Google Play en sandbox, mais certaines applications non financières ont leurs propres mécanismes anti-tampering rudimentaires qui peuvent échouer. GrapheneOS passe le contrôle `basicIntegrity`, mais pas le contrôle de certification `ctsProfileMatch`. Les appareils équipés d'Android 8 ou d'une version ultérieure sont dotés d'un système d'attestation matérielle qui ne peut être contourné qu'en cas de fuite de clés ou de vulnérabilité grave. Quant à Google Wallet, nous ne le recommandons pas en raison de sa [politique de confidentialité](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), qui stipule que vous devez manuellement refuser si vous ne voulez pas que votre note de crédit et vos informations personnelles soient partagées avec des services de marketing affilié. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/os/linux-overview.md b/i18n/fr/os/linux-overview.md index 1fde57f7..aa9fc776 100644 --- a/i18n/fr/os/linux-overview.md +++ b/i18n/fr/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Introduction à Linux icon: simple/linux +description: Linux est un système d'exploitation de bureau alternatif open source, axé sur la protection de la vie privée, mais toutes les distributions ne sont pas créées égales. --- -On croit souvent que les logiciels [open-source](https://en.wikipedia.org/wiki/Open-source_software) sont intrinsèquement sûrs parce que le code source est disponible. On s'attend à ce que la vérification de la communauté ait lieu régulièrement ; cependant, ce n'est pas toujours [le cas](https://seirdy.one/posts/2022/02/02/floss-security/). Cela dépend d'un certain nombre de facteurs, tels que l'activité du projet, l'expérience du développeur, le niveau de rigueur appliqué aux [revues de code](https://en.wikipedia.org/wiki/Code_review), et la fréquence de l'attention accordée à certaines parties spécifiques du [codebase](https://en.wikipedia.org/wiki/Codebase) qui peuvent rester à l'abandon pendant des années. +On croit souvent que les logiciels [open source](https://en.wikipedia.org/wiki/Open-source_software) sont intrinsèquement sûrs parce que le code source est disponible. On s'attend à ce que la vérification de la communauté ait lieu régulièrement ; cependant, ce n'est pas toujours [le cas](https://seirdy.one/posts/2022/02/02/floss-security/). Cela dépend d'un certain nombre de facteurs, tels que l'activité du projet, l'expérience du développeur, le niveau de rigueur appliqué aux [revues de code](https://en.wikipedia.org/wiki/Code_review), et la fréquence de l'attention accordée à certaines parties spécifiques du [codebase](https://en.wikipedia.org/wiki/Codebase) qui peuvent rester à l'abandon pendant des années. À l'heure actuelle, les systèmes GNU/Linux de bureau ont certains domaines qui pourraient être améliorés par rapport à leurs homologues propriétaires, par exemple : @@ -139,5 +140,3 @@ Le projet Fedora [compte](https://fedoraproject.org/wiki/Changes/DNF_Better_Coun Cette [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) est actuellement désactivée par défaut. Nous recommandons d'ajouter `countme=false` à `/etc/dnf/dnf.conf` juste au cas où il serait activé dans le futur. Sur les systèmes qui utilisent `rpm-ostree` tels que Silverblue, l'option countme est désactivée en masquant le compteur [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/). openSUSE utilise également un [identifiant unique](https://en.opensuse.org/openSUSE:Statistics) pour compter les systèmes, qui peut être désactivé en supprimant le fichier `/var/lib/zypp/AnonymousUniqueId`. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/os/qubes-overview.md b/i18n/fr/os/qubes-overview.md index 5abc6712..e9a26073 100644 --- a/i18n/fr/os/qubes-overview.md +++ b/i18n/fr/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction à Qubes" icon: simple/qubesos +description: Qubes est un système d'exploitation conçu pour isoler les applications au sein de machines virtuelles afin de renforcer la sécurité. --- [**Qubes OS**](../desktop.md#qubes-os) est un système d'exploitation qui utilise l'hyperviseur [Xen](https://en.wikipedia.org/wiki/Xen) pour fournir une sécurité forte pour l'informatique de bureau par le biais de machines virtuelles isolées. Chaque VM est appelée un *Qube* et vous pouvez attribuer à chaque Qube un niveau de confiance en fonction de son objectif. Étant donné que le système d'exploitation Qubes assure la sécurité en utilisant l'isolation et en n'autorisant des actions qu'au cas par cas, il est à l'opposé de [l'énumération de méchanceté](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -44,7 +45,7 @@ Pour copier et coller des fichiers et des répertoires (dossiers) d'une VM à l' L'[environnement qrexec](https://www.qubes-os.org/doc/qrexec/) est une partie essentielle de Qubes qui permet la communication des machines virtuelles entre les domaines. Il est construit sur la bibliothèque Xen *vchan*, qui facilite [l'isolation de par le biais de politiques](https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/). -## Ressources Supplémentaires +## Ressources supplémentaires Pour de plus amples informations, nous vous encourageons à consulter les pages de documentation complètes de Qubes OS, situées sur le [site web de Qubes OS](https://www.qubes-os.org/doc/). Des copies hors ligne peuvent être téléchargées à partir du [dépôt de documentationde](https://github.com/QubesOS/qubes-doc) Qubes OS. @@ -52,5 +53,3 @@ Pour de plus amples informations, nous vous encourageons à consulter les pages - J. Rutkowska : [*Compartimentage logiciel vs. séparation physique*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska : [*Partitionnement de ma vie numérique en domaines de sécurité*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS : [*Articles connexes*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/passwords.md b/i18n/fr/passwords.md index 1fa03206..d4e74b15 100644 --- a/i18n/fr/passwords.md +++ b/i18n/fr/passwords.md @@ -1,9 +1,10 @@ --- title: "Gestionnaires de mots de passe" icon: material/form-textbox-password +description: Les gestionnaires de mots de passe vous permettent de stocker et de gérer en toute sécurité des mots de passe et autres informations d'identification. --- -Les gestionnaires de mots de passe vous permettent de stocker et de gérer en toute sécurité les mots de passe et autres informations d'identification à l'aide d'un mot de passe principal. +Les gestionnaires de mots de passe vous permettent de stocker et de gérer en toute sécurité des mots de passe et autres informations d'identification à l'aide d'un mot de passe principal. [Introduction aux mots de passe :material-arrow-right-drop-circle:](./basics/passwords-overview.md) @@ -226,5 +227,3 @@ Ces produits sont des gestionnaires de mots de passe minimaux qui peuvent être Nous travaillons à l'établissement de critères définis pour chaque section de notre site, et celles-ci peuvent être sujet à changement. Si vous avez des questions sur nos critères, veuillez [poser la question sur notre forum](https://discuss.privacyguides.net/latest) et ne supposez pas que nous n'avons pas pris en compte un élément dans nos recommandations s'il ne figure pas dans la liste. De nombreux facteurs sont pris en compte et discutés lorsque nous recommandons un projet, et la documentation de chacun d'entre eux est en cours. - Doit être multiplateforme. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/productivity.md b/i18n/fr/productivity.md index 7b9646c1..e4f01b4a 100644 --- a/i18n/fr/productivity.md +++ b/i18n/fr/productivity.md @@ -1,6 +1,7 @@ --- title: "Outils de productivité" icon: material/file-sign +description: La plupart des suites bureautiques en ligne ne prennent pas en charge l'E2EE, ce qui signifie que le fournisseur de cloud a accès à tout ce que vous faites. --- La plupart des suites bureautiques en ligne ne prennent pas en charge l'E2EE, ce qui signifie que le fournisseur de cloud a accès à tout ce que vous faites. La politique de confidentialité peut protéger légalement vos droits, mais elle ne fournit pas de contraintes techniques d'accès. @@ -152,5 +153,3 @@ En général, nous définissons les suites bureautiques comme des applications q [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Instances publiques"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Code source" } - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/real-time-communication.md b/i18n/fr/real-time-communication.md index 84941a27..6ab9be2c 100644 --- a/i18n/fr/real-time-communication.md +++ b/i18n/fr/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Communication en temps réel" icon: material/chat-processing +description: Les autres messageries instantanées mettent toutes vos conversations privées à la disposition de la société qui les gère. --- Voici nos recommandations pour de la communication en temps réel chiffrée. @@ -191,5 +192,3 @@ Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet - Devrait être décentralisé, c'est-à-dire fédéré ou P2P. - Devrait utiliser E2EE pour tous les messages par défaut. - Devrait prendre en charge Linux, macOS, Windows, Android et iOS. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/router.md b/i18n/fr/router.md index 7c96ad4c..a4eeba72 100644 --- a/i18n/fr/router.md +++ b/i18n/fr/router.md @@ -1,6 +1,7 @@ --- title: "Micrologiciel de routeur" icon: material/router-wireless +description: Ces systèmes d'exploitation alternatifs peuvent être utilisés pour sécuriser votre routeur ou votre point d'accès Wi-Fi. --- Vous trouverez ci-dessous quelques systèmes d'exploitation alternatifs, qui peuvent être utilisés sur des routeurs, des points d'accès Wi-Fi, etc. @@ -47,5 +48,3 @@ OPNsense a été développé à l'origine comme un fork de [pfSense](https://fr. - Doit être open-source. - Doit recevoir des mises à jour régulières. - Doivent prendre en charge une grande variété de matériel. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/search-engines.md b/i18n/fr/search-engines.md index f96d0f12..2139625b 100644 --- a/i18n/fr/search-engines.md +++ b/i18n/fr/search-engines.md @@ -1,6 +1,7 @@ --- title: "Moteurs de recherche" icon: material/search-web +description: Ces moteurs de recherche respectueux de la vie privée n'établissent pas de profil publicitaire sur la base de vos recherches. --- Utilisez un moteur de recherche qui ne construit pas un profil publicitaire en fonction de vos recherches. @@ -105,5 +106,3 @@ Nos critères de cas idéal représentent ce que nous aimerions voir d'un projet - Doit être basé sur des logiciels open-source. - Ne doit pas bloquer les adresses IP des nœuds de sortie Tor. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/tools.md b/i18n/fr/tools.md index 227aeddc..c75999ce 100644 --- a/i18n/fr/tools.md +++ b/i18n/fr/tools.md @@ -3,6 +3,7 @@ title: "Outils de protection de la vie privée" icon: material/tools hide: - toc +description: Privacy Guides est le site web le plus transparent et le plus fiable pour trouver des logiciels, des applications et des services qui protègent vos données personnelles des programmes de surveillance de masse et d'autres menaces internet. --- Si vous cherchez une solution spécifique à un problème, voici les outils matériels et logiciels que nous recommandons dans diverses catégories. Les outils de protection de la vie privée que nous recommandons sont principalement choisis en fonction de leurs fonctionnalités de sécurité, tout en mettant l'accent sur les outils décentralisés et à code source ouvert. Ils sont applicables à divers modèles de menaces, allant de la protection contre les programmes mondiaux de surveillance de masse à l'atténuation des attaques en passant par l'évitement des grandes entreprises technologiques, mais vous seul pouvez déterminer ce qui répondra le mieux à vos besoins. @@ -36,7 +37,7 @@ Pour plus de détails sur chaque projet, les raisons pour lesquelles ils ont ét [En savoir plus :material-arrow-right-drop-circle:](desktop-browsers.md) -### Ressources Supplémentaires +### Ressources supplémentaires
@@ -57,7 +58,7 @@ Pour plus de détails sur chaque projet, les raisons pour lesquelles ils ont ét [En savoir plus :material-arrow-right-drop-circle:](mobile-browsers.md) -### Ressources Supplémentaires +### Ressources supplémentaires
@@ -84,10 +85,10 @@ Pour plus de détails sur chaque projet, les raisons pour lesquelles ils ont ét
-- ![Logo Aurora Store](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) -- ![Logo Shelter](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) -- ![Logo Auditeur](assets/img/android/auditor.svg#only-light){ .twemoji }![Logo GrapheneOS](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditeur (Appareils pris en charge)](android.md#auditor) -- ![Logo caméra sécurisée](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Logo caméra sécurisée](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Caméra sécurisée](android.md#secure-camera) +- ![Logo Aurora Store](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (client Google Play)](android.md#aurora-store) +- ![Logo Shelter](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Profils de travail)](android.md#shelter) +- ![Logo Auditor](assets/img/android/auditor.svg#only-light){ .twemoji }![Logo GrapheneOS](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Appareils pris en charge)](android.md#auditor) +- ![Logo Secure Camera](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Logo Secure Camera](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) - ![Logo Secure PDF Viewer](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![Logo Secure PDF Viewer](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
@@ -170,14 +171,14 @@ Nous [recommandons](dns.md#recommended-providers) un certain nombre de serveurs - ![Logo Proton Mail](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) - ![Logo Mailbox.org](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) -- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji } ![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) -- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) +- ![logo StartMail](assets/img/email/startmail.svg#only-light){ .twemoji } ![logo StartMail](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![logo Tutanota](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
[En savoir plus :material-arrow-right-drop-circle:](email.md) -#### Services d'alias d'e-mails +#### Services d'alias d'email
@@ -188,7 +189,7 @@ Nous [recommandons](dns.md#recommended-providers) un certain nombre de serveurs [En savoir plus :material-arrow-right-drop-circle:](email.md#email-aliasing-services) -#### E-mail auto-hébergé +#### Email auto-hébergé
@@ -199,6 +200,29 @@ Nous [recommandons](dns.md#recommended-providers) un certain nombre de serveurs [En savoir plus :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Services financiers + +#### Services de masquage des paiements + +
+ +- ![Logo Privacy.com](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Logo Privacy.com](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![Logo MySudo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![Logo MySudo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[En savoir plus :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Marchés de cartes-cadeaux en ligne + +
+ +- ![Logo Cake Pay](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![Logo CoinCards](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[En savoir plus :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Moteurs de Recherche
@@ -226,9 +250,9 @@ Nous [recommandons](dns.md#recommended-providers) un certain nombre de serveurs
+- ![Logo IVPN](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) +- ![Logo Mullvad](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) - ![Logo Proton VPN](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) -- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) -- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad)
@@ -247,6 +271,16 @@ Nous [recommandons](dns.md#recommended-providers) un certain nombre de serveurs [En savoir plus :material-arrow-right-drop-circle:](calendar.md) +### Crypto-monnaie + +
+ +- ![Logo Monero](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[En savoir plus :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Rédaction de données et de métadonnées
@@ -438,5 +472,3 @@ Nous [recommandons](dns.md#recommended-providers) un certain nombre de serveurs
[En savoir plus :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/tor.md b/i18n/fr/tor.md index 205054a6..4a1bb665 100644 --- a/i18n/fr/tor.md +++ b/i18n/fr/tor.md @@ -1,6 +1,7 @@ --- title: "Réseau Tor" icon: simple/torproject +description: Protégez votre navigation sur internet des regards indiscrets en utilisant le réseau Tor, un réseau sécurisé qui contourne la censure. --- ![Logo Tor](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ Le réseau **Tor** est un groupe de serveurs gérés par des bénévoles qui vou Tor fonctionne en acheminant votre trafic Internet via ces serveurs gérés par des volontaires, au lieu d'établir une connexion directe avec le site que vous essayez de visiter. Cela permet de masquer la provenance du trafic, et aucun serveur sur le chemin de la connexion n'est en mesure de voir le chemin complet de la provenance et de la destination du trafic, ce qui signifie que même les serveurs que vous utilisez pour vous connecter ne peuvent pas briser votre anonymat. -
- ![Chemin de Tor](assets/img/how-tor-works/tor-path.svg#only-light) - ![Chemin de Tor](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Chemin du circuit de Tor - Les nœuds du chemin ne peuvent voir que les serveurs auxquels ils sont directement connectés, par exemple le nœud "d'Entrée" indiqué peut voir votre adresse IP, et l'adresse du nœud "Central", mais n'a aucun moyen de voir quel site Web vous visitez.
-
- -- [Plus d'informations sur le fonctionnement de Tor :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Introduction détaillée de Tor :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Se connecter à Tor @@ -120,5 +115,3 @@ Pour résister aux attaques par analyse de trafic, pensez à activer l'option *I Snowflake n'améliore en rien votre vie privée et n'est pas utilisé pour se connecter au réseau Tor dans votre navigateur personnel. Toutefois, si votre connexion Internet n'est pas censurée, vous devriez envisager de l'utiliser pour aider les personnes se trouvant sur des réseaux censurés à améliorer elles-mêmes leur vie privée. Il n'y a pas besoin de s'inquiéter des sites web auxquels les gens accèdent via votre proxy - leur adresse IP de navigation visible correspondra à leur nœud de sortie Tor, pas à la vôtre. Faire fonctionner un proxy Snowflake est peu risqué, encore moins que de faire fonctionner un relais ou un pont Tor qui ne sont déjà pas des entreprises particulièrement risquées. Toutefois, il achemine le trafic par le biais de votre réseau, ce qui peut avoir un impact à certains égards, surtout si votre réseau a une bande passante limitée. Assurez-vous de comprendre [le fonctionnement de Snowflake](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) avant de décider de faire tourner un proxy. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/video-streaming.md b/i18n/fr/video-streaming.md index cc500bc7..51ad22f6 100644 --- a/i18n/fr/video-streaming.md +++ b/i18n/fr/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Streaming vidéo" icon: material/video-wireless +description: Ces réseaux vous permettent de consommer du contenu internet sans établir de profil publicitaire basé sur vos centres d'intérêt. --- La principale menace liée à l'utilisation d'une plateforme de streaming vidéo est que vos habitudes de streaming et vos listes d'abonnement pourraient être utilisées pour établir votre profil. Vous devriez combiner ces outils avec un [VPN](vpn.md) ou [Tor](https://www.torproject.org/) pour rendre plus difficile le profilage de votre utilisation. @@ -48,5 +49,3 @@ Vous pouvez désactiver l'option *Enregistrer les données d'hébergement pour a - Ne doit pas nécessiter un compte centralisé pour visionner les vidéos. - L'authentification décentralisée, par exemple via la clé privée d'un portefeuille mobile, est acceptable. - ---8<-- "includes/abbreviations.fr.txt" diff --git a/i18n/fr/vpn.md b/i18n/fr/vpn.md index cddfdfd7..ad83dbe9 100644 --- a/i18n/fr/vpn.md +++ b/i18n/fr/vpn.md @@ -1,94 +1,34 @@ --- title: "Services VPN" icon: material/vpn +description: Voici les meilleurs services VPN pour protéger votre vie privée et votre sécurité en ligne. Trouvez ici un fournisseur qui ne cherche pas à vous espionner. --- -Trouvez un opérateur VPN sans journalisation qui n'est pas là pour vendre ou lire votre trafic Web. +Si vous recherchez à protéger votre **vie privée** vis-à-vis de votre FAI, sur un réseau Wi-Fi public ou lorsque vous téléchargez des fichiers en torrent, un VPN peut être la solution pour vous, à condition que vous compreniez les risques encourus. Nous pensons que ces fournisseurs se distinguent des autres : -??? danger "Les VPN ne fournissent pas l'anonymat" +
+ +- ![Logo IVPN](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Logo Mullvad](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Logo Proton VPN](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "Les VPN ne fournissent pas l'anonymat" L'utilisation d'un VPN ne rendra **pas** votre navigation anonyme et n'ajoutera pas de sécurité supplémentaire à un trafic non sécurisé (HTTP). - Si vous recherchez l' **anonymat**, vous devriez utiliser le navigateur Tor **au lieu** d'un VPN. + Si vous recherchez l'**anonymat**, vous devriez utiliser le navigateur Tor **au lieu** d'un VPN. Si vous recherchez plus de **sécurité**, vous devez toujours vous assurer que vous vous connectez aux sites web en utilisant HTTPS. Un VPN ne remplace pas les bonnes pratiques de sécurité. - [Télécharger Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Mythes sur Tor & FAQ](https://medium.com/privacyguides/slicing-onions-part-1-myth-busting-tor-9ec188ae1904){ .md-button } + [Télécharger Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Mythes sur Tor & FAQ](advanced/tor-overview.md){ .md-button } -??? question "Quand les VPN sont-ils utiles ?" +[Présentation détaillée des VPNs :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} - Si vous recherchez à protéger votre **vie privé** vis-à-vis de votre fournisseur d'accès internet, sur un réseau Wi-Fi public ou lors du torrenting de fichiers, un VPN peut être la solution pour vous, à condition que vous compreniez les risques encourus. - - [Plus d'infos](#vpn-overview){ .md-button } +## Fournisseurs recommandés -## Fournisseurs Recommandés - -!!! abstract "Citères" - - Les fournisseurs que nous recommandons utilisent le chiffrement, acceptent le Monero, prennent en charge WireGuard & OpenVPN, et ont une politique de non journalisation. Lisez notre [liste complète de critères](#our-criteria) pour plus d'informations. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** est un concurrent solide dans l'espace VPN, et ils sont en service depuis 2016. Proton AG est basé en Suisse et propose une offre gratuite limitée, ainsi qu'une option premium plus complète. - - [:octicons-home-16: Page d'accueil](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Politique de confidentialité" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Code source" } - - ??? downloads "Téléchargements" - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Pays" - - Proton VPN a [des serveurs dans 63 pays](https://protonvpn.com/vpn-servers) (1). En choisissant un fournisseur de VPN dont le serveur est le plus proche de vous vous réduirez la latence du trafic réseau que vous envoyez. Cela est dû à un itinéraire plus court (moins de sauts) vers la destination. - - Nous pensons également qu'il est préférable pour la sécurité des clés privées du fournisseur de VPN qu'il utilise des [serveurs dédiés](https://en.wikipedia.org/wiki/Dedicated_hosting_service), plutôt que des solutions partagées moins chères (avec d'autres clients) telles que les [serveurs privés virtuels](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. En date du 2022-09-16 - -??? success "Audités de manière indépendante" - - Depuis janvier 2020, Proton VPN a fait l'objet d'un audit indépendant réalisé par SEC Consult. SEC Consult a trouvé quelques vulnérabilités à risque moyen et faible dans les applications Windows, Android et iOS de Proton VPN, qui ont toutes été "correctement corrigées" par Proton VPN avant la publication des rapports. Aucun des problèmes identifiés n'aurait permis à un attaquant d'accéder à distance à votre appareil ou à votre trafic. Vous pouvez consulter les rapports individuels pour chaque plateforme à l'adresse [protonvpn.com](https://protonvpn.com/blog/open-source/). En avril 2022, Proton VPN a fait l'objet d'un [autre audit](https://protonvpn.com/blog/no-logs-audit/) et le rapport a été [produit par Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). Une [lettre d'attestation](https://proton.me/blog/security-audit-all-proton-apps) a été fournie pour les applications de Proton VPN le 9 novembre 2021 par [Securitum](https://research.securitum.com). - -??? success "Clients Open Source" - - Proton VPN fournit le code source de ses clients de bureau et mobiles dans son [organisation GitHub](https://github.com/ProtonVPN). - -??? check "Accepte l'Argent Liquide" - - Proton VPN, en plus d'accepter les cartes de crédit/débit et PayPal, accepte le Bitcoin, et **l'argent liquide/la monnaie locale** comme formes anonymes de paiement. - -??? success "Supporte WireGuard" - - Proton VPN supporte le protocole WireGuard® la plupart du temps. [WireGuard](https://www.wireguard.com) est un protocole plus récent qui utilise de la [cryptographie](https://www.wireguard.com/protocol/) de pointe. De plus, WireGuard vise à être plus simple et plus performant. - - Proton VPN [recommande](https://protonvpn.com/blog/wireguard/) l'utilisation de WireGuard avec leur service. Sur les applications Windows, macOS, iOS, Android, ChromeOS et Android TV de Proton VPN, WireGuard est le protocole par défaut ; cependant, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) pour le protocole n'est pas présent dans leur application Linux. - -??? warning "Redirection de Port Distant" - - Proton VPN ne supporte actuellement que la [redirection de ports](https://protonvpn.com/support/port-forwarding/) distants sur Windows, ce qui peut avoir un impact sur certaines applications. En particulier les applications Peer-to-Peer comme les clients Torrent. - -??? success "Clients Mobile" - - En plus de fournir des fichiers de configuration OpenVPN standard, Proton VPN dispose de clients mobiles pour [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), et [GitHub](https://github.com/ProtonVPN/android-app/releases) permettant de se connecter facilement à leurs serveurs. - -??? info "Fonctionnalités supplémentaires" - - Les clients VPN de Proton prennent en charge l'authentification à deux facteurs sur toutes les plateformes, sauf Linux pour le moment. Proton VPN possède ses propres serveurs et centres de données en Suisse, en Islande et en Suède. Ils proposent le blocage des publicités et des domaines de logiciels malveillants connus avec leur service DNS. De plus, Proton VPN propose également des serveurs "Tor" vous permettant de vous connecter facilement aux sites oignon, mais nous vous recommandons toujours fortement d'utiliser [le navigateur officiel Tor](https://www.torproject.org/fr/) à cet effet. - -!!! danger "La fonction Killswitch ne fonctionne pas sur les Macs à processeur Intel". - - Des crashs système [peuvent se produire](https://protonvpn.com/support/macos-t2-chip-kill-switch/) sur les Macs basés sur Intel lors de l'utilisation du killswitch VPN. Si vous avez besoin de cette fonction, et que vous utilisez un Mac avec un chipset Intel, vous devriez envisager d'utiliser un autre service VPN. +Les fournisseurs que nous recommandons utilisent le chiffrement, acceptent le Monero, prennent en charge WireGuard & OpenVPN, et ont une politique de non journalisation. Lisez notre [liste complète de critères](#criteria) pour plus d'informations. ### IVPN @@ -96,7 +36,7 @@ Trouvez un opérateur VPN sans journalisation qui n'est pas là pour vendre ou l ![Logo IVPN](assets/img/vpn/ivpn.svg){ align=right } - **IVPN** est un autre fournisseur de VPN premium, et il est en activité depuis 2009. IVPN est basé à Gibraltar. + **IVPN** est un autre fournisseur de VPN haut de gamme, et il est en activité depuis 2009. IVPN est basé à Gibraltar. [:octicons-home-16: Page d'accueil](https://www.ivpn.net/){ .md-button .md-button--primary } [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Politique de confidentialité" } @@ -111,43 +51,44 @@ Trouvez un opérateur VPN sans journalisation qui n'est pas là pour vendre ou l - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Pays" +#### :material-check:{ .pg-green } 35 pays - IVPN possède [des serveurs dans 35 pays](https://www.ivpn.net/server-locations) (1). En choisissant un fournisseur de VPN dont le serveur est le plus proche de vous vous réduirez la latence du trafic réseau que vous envoyez. Cela est dû à un itinéraire plus court (moins de sauts) vers la destination. - - Nous pensons également qu'il est préférable pour la sécurité des clés privées du fournisseur de VPN qu'il utilise des [serveurs dédiés](https://en.wikipedia.org/wiki/Dedicated_hosting_service), plutôt que des solutions partagées moins chères (avec d'autres clients) telles que les [serveurs privés virtuels](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN a ses [serveurs dans 35 pays](https://www.ivpn.net/server-locations).(1) Choisir un fournisseur VPN avec un serveur le plus proche de vous réduira la latence du trafic réseau que vous envoyez. Cela est dû à un itinéraire plus court (moins de sauts) vers la destination. +{ .annotate } -1. En date du 2022-09-16 +1. En date du : 2022-09-16 -??? success "Audités de manière indépendante" +Nous pensons également qu'il est préférable pour la sécurité des clés privées du fournisseur VPN d'utiliser des [serveurs dédiés](https://fr.wikipedia.org/wiki/Serveur_d%C3%A9di%C3%A9), plutôt que des solutions partagées (avec d'autres clients) moins chères telles que les [serveurs privés virtuels](https://fr.wikipedia.org/wiki/Serveur_d%C3%A9di%C3%A9_virtuel). - IVPN a fait l'objet d'un [audit de non-journalisation de Cure53](https://cure53.de/audit-report_ivpn.pdf) qui s'est conclu en accord avec la déclaration de non-journalisation d'IVPN. IVPN a également réalisé un [rapport complet de tests de pénétration par Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) en janvier 2020. IVPN a également déclaré qu'il prévoyait de publier des [rapports annuels](https://www.ivpn.net/blog/independent-security-audit-concluded) à l'avenir. Une autre étude a été réalisée [en avril 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) et a été fournie par Cure53 [sur leur site web](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Audit indépendant -??? success "Clients Open Source" +IVPN a fait l'objet d'un [audit de non-journalisation par Cure53](https://cure53.de/audit-report_ivpn.pdf) qui a conclu à la validité de l'affirmation d'IVPN concernant l'absence d'enregistrement. IVPN a également terminé un [rapport complet de test d'intrusion par Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) en janvier 2020. IVPN a également indiqué qu'elle prévoyait à l'avenir de mettre à disposition les [rapports annuels](https://www.ivpn.net/blog/independent-security-audit-concluded). Une nouvelle étude a été réalisée [en avril 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) et a été mise à disposition par Cure53 sur [leur site web](https://cure53.de/pentest-report_IVPN_2022.pdf). - Depuis février 2020 [les applications IVPN sont désormais open source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Le code source peut être obtenu auprès de leur [organisation GitHub](https://github.com/ivpn). +#### :material-check:{ .pg-green } Clients open source -??? success "Accepte l'Argent Liquide et le Monero" +Depuis février 2020, [les applications IVPN sont désormais open source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Le code source peut être obtenu auprès de leur [organisation GitHub](https://github.com/ivpn). - En plus d'accepter les cartes de crédit/débit et PayPal, IVPN accepte le Bitcoin, le **Monero** et **l'argent liquide/la monnaie locale** (sur les plans annuels) comme formes de paiement anonymes. +#### :material-check:{ .pg-green } Accepte l'argent liquide et le Monero -??? success "Supporte WireGuard" +En plus d'accepter les cartes de crédit/débit et PayPal, IVPN accepte le Bitcoin, **le Monero** et **les espèces/la monnaie locale** (sur les abonnements annuels) comme formes de paiement anonymes. - IVPN supporte le protocole WireGuard®. [WireGuard](https://www.wireguard.com) est un protocole plus récent qui utilise de la [cryptographie](https://www.wireguard.com/protocol/) de pointe. De plus, WireGuard vise à être plus simple et plus performant. - - IVPN [recommande](https://www.ivpn.net/wireguard/) l'utilisation de WireGuard avec leur service et, de ce fait, ce protocole est le protocole par défaut sur toutes les applications d'IVPN. IVPN propose également un générateur de configuration WireGuard à utiliser avec l'[application](https://www.wireguard.com/install/) officielle WireGuard. +#### :material-check:{ .pg-green } Prise en charge de WireGuard -??? success "Redirection de Port Distant" +IVPN prend en charge le protocole WireGuard®. [WireGuard](https://www.wireguard.com) est un protocole plus récent qui utilise une [cryptographie](https://www.wireguard.com/protocol/) de pointe. De plus, WireGuard vise à être plus simple et plus performant. - La [redirection de port](https://fr.wikipedia.org/wiki/Redirection_de_port) distants est possible avec une offre Pro. La redirection de port [peut être activée](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via l'espace client. La redirection de port n'est disponible sur IVPN que lorsque l'on utilise les protocoles WireGuard ou OpenVPN et est [désactivée sur les serveurs US](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommande](https://www.ivpn.net/wireguard/) l'utilisation de WireGuard avec leur service et, en tant que tel, le protocole est par défaut sur toutes les applications d'IVPN. IVPN propose également un générateur de configuration WireGuard à utiliser avec les [applications](https://www.wireguard.com/install/) officielles WireGuard. -??? success "Clients Mobile" +#### :material-check:{ .pg-green } Redirection de port - En plus de fournir des fichiers de configuration OpenVPN standard, IVPN dispose de clients mobiles pour [App Store] (https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play] (https://play.google.com/store/apps/details?id=net.ivpn.client), et [GitHub](https://github.com/ivpn/android-app/releases) permettant de se connecter facilement à leurs serveurs. +La [redirection de port](https://fr.wikipedia.org/wiki/Redirection_de_port) est possible avec une offre Pro. La redirection de port [peut être activée](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via l'espace client. La redirection de port n'est disponible sur IVPN que lorsque l'on utilise les protocoles WireGuard ou OpenVPN et est [désactivée sur les serveurs américains](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Fonctionnalités supplémentaires" +#### :material-check:{ .pg-green } Clients mobiles - Les clients IVPN prennent en charge l'authentification à deux facteurs (les clients de Mullvad ne le font pas). IVPN offre également la fonctionnalité "[AntiTraqueurs](https://www.ivpn.net/antitracker)", qui bloque les réseaux publicitaires et les trackers au niveau du réseau. +En plus de fournir des fichiers de configuration OpenVPN standard, IVPN a des clients mobiles pour l'[App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), le [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), et [GitHub](https://github.com/ivpn/android-app/releases) permettant des connexions faciles à leurs serveurs. + +#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires + +Les clients IVPN prennent en charge l'authentification à deux facteurs (les clients de Mullvad ne le font pas). IVPN propose également la fonctionnalité "[AntiTracker](https://www.ivpn.net/antitracker)", qui bloque les réseaux publicitaires et les traqueurs au niveau du réseau. ### Mullvad @@ -155,10 +96,10 @@ Trouvez un opérateur VPN sans journalisation qui n'est pas là pour vendre ou l ![Logo Mullvad](assets/img/vpn/mullvad.svg){ align=right } - **Mullvad** est un VPN rapide et peu coûteux qui met l'accent sur la transparence et la sécurité. Ils sont en activité depuis **2009**. Mullvad est basé en Suède et n'a pas de période d'essai gratuit. + **Mullvad** est un VPN rapide et peu coûteux qui met l'accent sur la transparence et la sécurité. Il est en activité depuis **2009**. Mullvad est basé en Suède et n'a pas de période d'essai gratuit. [:octicons-home-16: Page d'accueil](https://mullvad.net){ .md-button .md-button--primary } - [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" } + [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Service onion" } [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Politique de confidentialité" } [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Code source" } @@ -172,55 +113,120 @@ Trouvez un opérateur VPN sans journalisation qui n'est pas là pour vendre ou l - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Pays" +#### :material-check:{ .pg-green } 41 pays - Mullvad possède [des serveurs dans 41 pays](https://mullvad.net/servers/) (1). En choisissant un fournisseur de VPN dont le serveur est le plus proche de vous vous réduirez la latence du trafic réseau que vous envoyez. Cela est dû à un itinéraire plus court (moins de sauts) vers la destination. +Mullvad a des [serveurs dans 41 pays](https://mullvad.net/servers/).(1) Choisir un fournisseur VPN avec un serveur le plus proche de vous réduira la latence du trafic réseau que vous envoyez. Cela est dû à un itinéraire plus court (moins de sauts) vers la destination. +{ .annotate } + +1. En date du : 2023-01-19 + +Nous pensons également qu'il est préférable pour la sécurité des clés privées du fournisseur VPN d'utiliser des [serveurs dédiés](https://fr.wikipedia.org/wiki/Serveur_d%C3%A9di%C3%A9), plutôt que des solutions partagées (avec d'autres clients) moins chères telles que les [serveurs privés virtuels](https://fr.wikipedia.org/wiki/Serveur_d%C3%A9di%C3%A9_virtuel). + +#### :material-check:{ .pg-green } Audit indépendant + +Les clients VPN de Mullvad ont été audités par Cure53 et Assured AB dans un rapport de test d'intrusion [publié sur cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). Les chercheurs en sécurité ont conclu : + +> Cure53 et Assured AB sont satisfaits des résultats de l'audit et le logiciel laisse une impression générale positive. Grâce au dévouement de l'équipe interne du complexe du VPN Mullvad, les testeurs n'ont aucun doute sur le fait que le projet est sur la bonne voie du point de vue de la sécurité. + +En 2020, un deuxième audit [a été annoncé](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) et le [rapport d'audit final](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) a été publié sur le site web de Cure53 : + +> Les résultats de ce projet de mai-juin 2020 ciblant le complexe de Mullvad sont assez positifs. [...] L'écosystème applicatif utilisé par Mullvad laisse une impression solide et structurée. La structure globale de l'application permet de déployer facilement des correctifs et corrections de manière structurée. Plus que tout, les résultats repérés par Cure53 montrent l'importance d'un audit et d'une réévaluation constante des vecteurs de fuite actuels, afin de toujours garantir la confidentialité des utilisateurs finaux. Ceci étant dit, Mullvad fait un excellent travail en protégeant l'utilisateur final contre les fuites courantes de DCP et les risques liés à la confidentialité. + +En 2021, un audit des infrastructures [a été annoncé](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) et le [rapport d'audit final](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) a été publié sur le site web de Cure53. Un autre rapport a été commandé [en juin 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) et est disponible sur le [site web d'Assured](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Clients open source + +Mullvad fournit le code source pour leurs clients de bureau et mobiles dans leur [organisation GitHub](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepte l'argent liquide et le Monero + +Mullvad, en plus d'accepter les cartes de crédit/débit et PayPal, accepte le Bitcoin, le Bitcoin Cash, **le Monero** et **les espèces/la monnaie locale** comme formes de paiement anonymes. Ils acceptent également Swish et les virements bancaires. + +#### :material-check:{ .pg-green } Prise en charge de WireGuard + +Mullvad prend en charge le protocole WireGuard®. [WireGuard](https://www.wireguard.com) est un protocole plus récent qui utilise une [cryptographie](https://www.wireguard.com/protocol/) de pointe. De plus, WireGuard vise à être plus simple et plus performant. + +Mullvad [recommande](https://mullvad.net/en/help/why-wireguard/) l'utilisation de WireGuard avec leur service. C'est le protocole par défaut ou le seul sur les applications Android, iOS, macOS et Linux de Mullvad, mais sur Windows, vous devez [activer manuellement](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad propose également un générateur de configuration WireGuard à utiliser avec les [applications](https://www.wireguard.com/install/) officielles WireGuard. + +#### :material-check:{ .pg-green } Prise en charge de l'IPv6 + +Mullvad soutient l'avenir des réseaux [IPv6](https://fr.wikipedia.org/wiki/IPv6). Leur réseau vous permet d'accéder aux [services hébergés sur IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/), contrairement à d'autres fournisseurs qui bloquent les connexions IPv6. + +#### :material-check:{ .pg-green } Redirection de port + +La [redirection de port](https://en.wikipedia.org/wiki/Port_forwarding) est autorisée pour les personnes qui effectuent des paiements ponctuels, mais pas pour les comptes ayant un mode de paiement récurrent ou par abonnement. Ceci afin d'empêcher Mullvad de pouvoir vous identifier sur la base de votre utilisation du port et des informations d'abonnement stockées. Voir [Redirection de port avec Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) pour plus d'informations. + +#### :material-check:{ .pg-green } Clients mobiles + +Mullvad a publié des clients [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) et [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), tous deux avec une interface simple à utiliser plutôt que nécessiter de votre part une configuration manuelle de votre connexion WireGuard. Le client Android est également disponible sur [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires + +Mullvad est très transparent quant aux nœuds qu'il possède [ou qu'il loue](https://mullvad.net/en/servers/). Ils utilisent [ShadowSocks](https://shadowsocks.org/) dans leur configuration ShadowSocks + OpenVPN, ce qui les rend plus résistants aux pare-feux avec de l'[inspection profonde de paquets](https://fr.wikipedia.org/wiki/Deep_packet_inspection) qui tentent de bloquer les VPNs. Il semblerait que [la Chine utilise une méthode différente pour bloquer les serveurs ShadowSocks](https://github.com/net4people/bbs/issues/22). Le site web de Mullvad est également accessible via Tor à l'adresse suivante [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - Nous pensons également qu'il est préférable pour la sécurité des clés privées du fournisseur de VPN qu'il utilise des [serveurs dédiés](https://en.wikipedia.org/wiki/Dedicated_hosting_service), plutôt que des solutions partagées moins chères (avec d'autres clients) telles que les [serveurs privés virtuels](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. En date du 2023-01-19 - -??? success "Audités de manière indépendante" - - Les clients VPN de Mullvad ont été audités par Cure53 et Assured AB dans un rapport de test de pénétration [publié sur cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). Les chercheurs en sécurité ont conclu : + **Proton VPN** est un concurrent de poids dans l'espace VPN, et il est en service depuis 2016. Proton AG est basé en Suisse et propose une offre gratuite limitée, ainsi qu'une option premium plus complète. - > Cure53 et Assured AB sont satisfaits des résultats de l'audit et le logiciel laisse une impression globalement positive. Grâce au dévouement de l'équipe interne du complexe du VPN Mullvad, les testeurs n'ont aucun doute sur le fait que le projet est sur la bonne voie du point de vue de la sécurité. + [:octicons-home-16: Page d'accueil](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Politique de confidentialité" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Code source" } - En 2020, un deuxième audit [a été annoncé](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) et le [rapport d'audit final](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) a été mis à disposition sur le site internet de Cure53 : + ??? downloads "Téléchargements" - > Les résultats de ce projet de mai-juin 2020 ciblant le complexe Mullvad sont plutôt positifs. [...] L'écosystème applicatif utilisé par Mullvad laisse une impression solide et structurée. La structure globale de l'application permet de déployer facilement des correctifs et corrections de manière structurée. Plus que tout, les résultats repérés par Cure53 montrent l'importance d'un audit et d'une réévaluation constante des vecteurs de fuite actuels, afin de toujours garantir la confidentialité des utilisateurs finaux. Ceci étant dit, Mullvad fait un excellent travail en protégeant l'utilisateur final contre les fuites courantes de DCP et les risques liés à la confidentialité. - - En 2021, un audit des infrastructures [a été annoncé] (https://mullvad.net/fr/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) et le [rapport d'audit final] (https://cure53.de/pentest-report_mullvad_2021_v1.pdf) a été mis à disposition sur le site web de Cure53. Un autre rapport a été commandé [en juin 2022](https://mullvad.net/fr/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) et est disponible sur [le site web d'Assured](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Clients Open Source" +#### :material-check:{ .pg-green } 67 pays - Mullvad fournit le code source de ses clients de bureau et mobiles dans son [organisation GitHub](https://github.com/mullvad/mullvadvpn-app). +Proton VPN a des [serveurs dans 67 pays](https://protonvpn.com/vpn-servers).(1) Choisir un fournisseur VPN avec un serveur le plus proche de vous réduira la latence du trafic réseau que vous envoyez. Cela est dû à un itinéraire plus court (moins de sauts) vers la destination. +{ .annotate } -??? success "Accepte l'Argent Liquide et le Monero" +1. En date du : 2022-09-16 - Mullvad, en plus d'accepter les cartes de crédit/débit et PayPal, accepte le Bitcoin, le Bitcoin Cash, le **Monero** et le **liquide/monnaie locale** comme formes de paiement anonyme. Ils acceptent également Swish et les virements bancaires. +Nous pensons également qu'il est préférable pour la sécurité des clés privées du fournisseur VPN d'utiliser des [serveurs dédiés](https://fr.wikipedia.org/wiki/Serveur_d%C3%A9di%C3%A9), plutôt que des solutions partagées (avec d'autres clients) moins chères telles que les [serveurs privés virtuels](https://fr.wikipedia.org/wiki/Serveur_d%C3%A9di%C3%A9_virtuel). -??? success "Supporte WireGuard" +#### :material-check:{ .pg-green } Audit indépendant - Mullvad prend en charge le protocole WireGuard®. [WireGuard](https://www.wireguard.com) est un protocole plus récent qui utilise de la [cryptographie](https://www.wireguard.com/protocol/) de pointe. De plus, WireGuard vise à être plus simple et plus performant. - - Mullvad [recommande](https://mullvad.net/fr/help/why-wireguard/) l'utilisation de WireGuard avec leur service. Il s'agit du seul protocole ou celui par défaut sur les applications Android, iOS, macOS et Linux de Mullvad, mais sous Windows, vous devez l'[activer manuellement](https://mullvad.net/fr/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad propose également un générateur de configuration WireGuard à utiliser avec l'[application](https://www.wireguard.com/install/) officielle WireGuard. +Depuis janvier 2020, Proton VPN a fait l'objet d'un audit indépendant réalisé par SEC Consult. SEC Consult a trouvé quelques vulnérabilités à risque moyen et faible dans les applications Windows, Android et iOS de Proton VPN, qui ont toutes été "correctement corrigées" par Proton VPN avant la publication des rapports. Aucun des problèmes identifiés n'aurait permis à un attaquant d'accéder à distance à votre appareil ou à votre trafic. Vous pouvez consulter les rapports individuels pour chaque plateforme sur [protonvpn.com](https://protonvpn.com/blog/open-source/). En avril 2022, Proton VPN a fait l'objet d'un [autre audit](https://protonvpn.com/blog/no-logs-audit/) et le rapport a été [produit par Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). Une [lettre d'attestation](https://proton.me/blog/security-audit-all-proton-apps) a été fournie pour les applications de Proton VPN le 9 novembre 2021 par [Securitum](https://research.securitum.com). -??? success "Supporte IPv6" +#### :material-check:{ .pg-green } Clients open source - Mullvad soutient l'avenir du réseau [IPv6](https://en.wikipedia.org/wiki/IPv6). Leur réseau vous permet [d'accéder à des services hébergés sur IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/), contrairement à d'autres fournisseurs qui bloquent les connexions IPv6. +Proton VPN fournit le code source de ses clients bureau et mobile dans son [organisation GitHub](https://github.com/ProtonVPN). -??? success "Redirection de Port Distant" +#### :material-check:{ .pg-green } Accepte l'argent liquide - La [redirection de port] à distance (https://en.wikipedia.org/wiki/Port_forwarding) est autorisée pour les personnes qui effectuent des paiements ponctuels, mais pas pour les comptes ayant un mode de paiement récurrent ou par abonnement. Ceci afin d'empêcher Mullvad de pouvoir vous identifier sur la base de votre utilisation du port et des informations d'abonnement stockées. Voir [Redirection de port avec Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) pour plus d'informations. +Proton VPN, en plus d'accepter les cartes de crédit/débit, PayPal, et [le Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), accepte également **les espèces/la monnaie locale** comme forme de paiement anonyme. -??? success "Clients Mobile" +#### :material-check:{ .pg-green } Prise en charge de WireGuard - Mullvad a publié des clients [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) et [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), qui prennent tous deux en charge une interface facile à utiliser, au lieu de vous demander de configurer manuellement votre connexion WireGuard. Le client Android est également disponible sur [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN prend principalement en charge le protocole WireGuard®. [WireGuard](https://www.wireguard.com) est un protocole plus récent qui utilise une [cryptographie](https://www.wireguard.com/protocol/) de pointe. De plus, WireGuard vise à être plus simple et plus performant. -??? info "Fonctionnalités supplémentaires" +Proton VPN [recommande](https://protonvpn.com/blog/wireguard/) l'utilisation de WireGuard avec leur service. Sur les applications Windows, macOS, iOS, Android, ChromeOS et Android TV de Proton VPN, WireGuard est le protocole par défaut ; cependant, la [prise en charge](https://protonvpn.com/support/how-to-change-vpn-protocols/) du protocole n'est pas présente dans leur application Linux. - Mullvad est très transparent quant aux nœuds qu'il [possède ou loue](https://mullvad.net/en/servers/). Ils utilisent [ShadowSocks](https://shadowsocks.org) dans leur configuration ShadowSocks OpenVPN, ce qui les rend plus résistants aux pare-feu avec l'[Inspection Approfondie des Paquets](https://en.wikipedia.org/wiki/Deep_packet_inspection) qui tentent de bloquer les VPN. Supposément, [la Chine doit utiliser une méthode différente pour bloquer les serveurs ShadowSocks](https://github.com/net4people/bbs/issues/22). Le site web de Mullvad est également accessible via Tor à l'adresse [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Redirection de port + +Proton VPN ne prend actuellement en charge que la [redirection de port](https://protonvpn.com/support/port-forwarding/) sous Windows, ce qui peut avoir un impact sur certaines applications. En particulier les applications pair à pair comme les clients Torrent. + +#### :material-check:{ .pg-green } Clients mobiles + +En plus de fournir des fichiers de configuration OpenVPN standard, Proton VPN a des clients mobiles pour l'[App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), le [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), et [GitHub](https://github.com/ProtonVPN/android-app/releases) permettant des connexions faciles à leurs serveurs. + +#### :material-information-outline:{ .pg-blue } Fonctionnalités supplémentaires + +Les clients VPN de Proton prennent en charge l'authentification à deux facteurs sur toutes les plateformes, sauf Linux pour le moment. Proton VPN possède ses propres serveurs et centres de données en Suisse, en Islande et en Suède. Ils proposent le blocage des publicités et des domaines de logiciels malveillants connus avec leur service DNS. En outre, Proton VPN propose également des serveurs "Tor" vous permettant de vous connecter facilement aux sites onion, mais nous recommandons fortement d'utiliser [le navigateur officiel Tor](https://www.torproject.org/) à cette fin. + +#### :material-alert-outline:{ .pg-orange } La fonction d'arrêt d'urgence ne fonctionne pas sur les Macs à processeur Intel + +Des pannes du système [peuvent se produire](https://protonvpn.com/support/macos-t2-chip-kill-switch/) sur les Mac basés sur Intel lors de l'utilisation de l'arrêt d'urgence du VPN. Si vous avez besoin de cette fonction, et que vous utilisez un Mac avec un chipset Intel, vous devriez envisager d'utiliser un autre service VPN. ## Critères @@ -228,48 +234,48 @@ Trouvez un opérateur VPN sans journalisation qui n'est pas là pour vendre ou l Il est important de noter que l'utilisation d'un fournisseur VPN ne vous rendra pas anonyme, mais qu'elle vous permettra de mieux protéger votre vie privée dans certaines situations. Un VPN n'est pas un outil pour des activités illégales. Ne vous fiez pas à une politique de "non-journalisation". -Nous exigeons de tous nos fournisseurs VPN recommandés qu'ils fournissent des fichiers de configuration OpenVPN utilisables dans n'importe quel client. **Si** un VPN fournit son propre client personnalisé, nous exigeons un killswitch pour bloquer les fuites de données du réseau lors de la déconnexion. Nous vous suggérons de vous familiariser avec cette liste avant de choisir un fournisseur VPN, et de mener vos propres recherches pour vous assurer que le fournisseur VPN que vous choisissez est le plus digne de confiance possible. +**Veuillez noter que nous ne sommes affiliés à aucun des fournisseurs que nous recommandons. Cela nous permet de fournir des recommandations totalement objectives.** En plus de [nos critères standards](about/criteria.md), nous avons développé un ensemble d'exigences claires pour tout fournisseur de VPN souhaitant être recommandé, y compris un chiffrement fort, des audits de sécurité indépendants, une technologie moderne, et plus encore. Nous vous suggérons de vous familiariser avec cette liste avant de choisir un fournisseur VPN, et de mener vos propres recherches pour vous assurer que le fournisseur VPN que vous choisissez est le plus digne de confiance possible. ### Technologie Nous exigeons de tous nos fournisseurs VPN recommandés qu'ils fournissent des fichiers de configuration OpenVPN utilisables dans n'importe quel client. **Si** un VPN fournit son propre client personnalisé, nous exigeons un killswitch pour bloquer les fuites de données du réseau lors de la déconnexion. -**Le Meilleur Cas:** +**Minimum pour se qualifier :** - Prise en charge de protocoles forts tels que WireGuard & OpenVPN. -- Killswitch intégré dans les clients. -- Support multi-sauts. Le multi-sauts est important pour garder les données privées en cas de compromission d'un seul noeud. +- Arrêt d'urgence intégré dans les clients. +- Prise en charge du multi-sauts. Le multi-sauts est important pour garder les données privées en cas de compromission d'un seul noeud. - Si des clients VPN sont fournis, ils doivent être [open source](https://en.wikipedia.org/wiki/Open_source), comme le logiciel VPN qui y est généralement intégré. Nous pensons que la disponibilité du [code source](https://en.wikipedia.org/wiki/Source_code) offre une plus grande transparence sur ce que fait réellement votre appareil. **Dans le meilleur des cas :** - Prise en charge de WireGuard et d'OpenVPN. -- Killswitch avec des options hautement configurables (activer/désactiver sur certains réseaux, au démarrage, etc.) +- Un arrêt d'urgence avec des options hautement configurables (activer/désactiver sur certains réseaux, au démarrage, etc.) - Clients VPN faciles à utiliser -- Supporte [IPv6](https://en.wikipedia.org/wiki/IPv6). Nous nous attendons à ce que les serveurs autorisent les connexions entrantes via IPv6 et vous permettent d'accéder aux services hébergés sur des adresses IPv6. -- La capacité de [redirection de port à distance](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) aide à créer des connexions lors de l'utilisation de logiciels de partage de fichiers P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)), de Freenet ou de l'hébergement d'un serveur (par exemple, Mumble). +- Prend en charge [IPv6](https://en.wikipedia.org/wiki/IPv6). Nous nous attendons à ce que les serveurs autorisent les connexions entrantes via IPv6 et vous permettent d'accéder aux services hébergés sur des adresses IPv6. +- La capacité de [redirection de port](https://fr.wikipedia.org/wiki/Redirection_de_port) aide à créer des connexions lors de l'utilisation de logiciels de partage de fichiers P2P ( $100) של מטבע מוצפן, אנא צור קשר עם [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/about/index.md b/i18n/he/about/index.md index 5e70b81c..c37c0da3 100644 --- a/i18n/he/about/index.md +++ b/i18n/he/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "אודות Privacy Guides" +description: Privacy Guides הוא אתר בעל מוטיבציה חברתית המספק מידע להגנה על אבטחת הנתונים ופרטיותך. --- -**Privacy Guides** הוא אתר בעל מוטיבציה חברתית המספק מידע להגנה על אבטחת הנתונים ופרטיותך. אנחנו קולקטיב ללא מטרות רווח המופעל כולו על ידי [חברי צוות](https://discuss.privacyguides.net/g/team) מתנדבים ותורמים. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: תמכו בפרויקט](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** הוא אתר בעל מוטיבציה חברתית המספק [מידע](/kb) להגנה על אבטחת הנתונים ופרטיותך. אנחנו קולקטיב ללא מטרות רווח המופעל כולו על ידי [חברי צוות](https://discuss.privacyguides.net/g/team) מתנדבים ותורמים. האתר שלנו נקי מפרסומות ואינו מזוהה עם ספקים רשומים. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=דף הבית } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="קוד מקור" } +[:octicons-heart-16:](donate.md){ .card-link title=לתרומה } + +מטרת Privacy Guides היא ללמד את הקהילה שלנו על החשיבות של פרטיות מקוונת ותוכניות ממשלתיות בינלאומיות שנועדו לנטר את כל הפעילויות המקוונות שלך. + +> כדי למצוא אפליקציות [אלטרנטיביות ממוקדות פרטיות], בדוק אתרים כמו Good Reports ו-**Privacy Guides**, המפרטים אפליקציות ממוקדות פרטיות במגוון קטגוריות, כולל ספקי אימייל (בדרך כלל בתוכניות בתשלום) שאינן מנוהלות על ידי הגדולים חברות טכנולוגיה. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) [תורגם מאנגלית] + +> אם אתה מחפש VPN חדש, אתה יכול ללכת לקוד ההנחה של כמעט כל פודקאסט. אם אתה מחפש VPN **טוב**, אתה צריך עזרה מקצועית. אותו דבר לגבי לקוחות אימייל, דפדפנים, מערכות הפעלה ומנהלי סיסמאות. איך אתה יודע איזו מבין אלה היא האפשרות הטובה והידידותית ביותר לפרטיות? בשביל זה יש **Privacy Guides**, פלטפורמה שבה מספר מתנדבים מחפשים מדי יום ביומו את הכלים הידידותיים לפרטיות הטובים ביותר לשימוש באינטרנט. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [תורגם מהולנדית] + +מוצג גם ב: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], ו- [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## היסטוריה + +מדריכי הפרטיות הושקו בספטמבר 2021 כהמשך לפרויקט החינוכי "PrivacyTools" [שהוצא](privacytools.md) משימוש בקוד פתוח. זיהינו את החשיבות של המלצות מוצר עצמאיות, ממוקדות קריטריונים וידע כללי במרחב הפרטיות, ולכן היינו צריכים לשמר את העבודה שנוצרה על ידי תורמים רבים מאז 2015 ולוודא כי למידע יש בית יציב באינטרנט ללא הגבלת זמן. + +בשנת 2022, השלמנו את המעבר של מסגרת האתר הראשית שלנו מ-Jekyll ל-MkDocs, באמצעות תוכנת התיעוד `mkdocs-material`. השינוי הזה הפך את תרומות הקוד הפתוח לאתר שלנו לקלות משמעותית עבור זרים, מכיוון שבמקום צורך לדעת תחביר מסובך כדי לכתוב פוסטים בצורה יעילה, התרומה קלה כעת כמו כתיבת מסמך Markdown סטנדרטי. + +בנוסף השקנו את פורום הדיון החדש שלנו בכתובת [discuss.privacyguides.net](https://discuss.privacyguides.net/) כפלטפורמה קהילתית לחלוק רעיונות ולשאול שאלות על המשימה שלנו. זה מגדיל את הקהילה הקיימת שלנו ב-Matrix, והחליף את פלטפורמת הדיונים הקודמת של GitHub שלנו, מה שמפחית את ההסתמכות שלנו על פלטפורמות דיון קנייניות. + +עד כה בשנת 2023 השקנו תרגומים בינלאומיים של האתר שלנו ב[צרפתית](/fr/), [עברית](/he/), וגם [הולנדית](/nl/), שפות נוספות בדרך, התאפשרה על ידי צוות התרגום המצוין שלנו ב-[Crowdin](https://crowdin.com/project/privacyguides). אנו מתכננים להמשיך ולקדם את משימתנו של הסברה וחינוך, למצוא דרכים להדגיש בצורה ברורה יותר את הסכנות של חוסר מודעות לפרטיות בעידן הדיגיטלי המודרני ואת השכיחות והנזקים של פרצות אבטחה בכל תעשיית הטכנולוגיה. ## הצוות שלנו @@ -48,7 +76,7 @@ title: "אודות Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -בנוסף, [אנשים רבים](https://github.com/privacyguides/privacyguides.org/graphs/contributors) תרמו לפרויקט. גם אתה יכול, אנחנו בקוד פתוח ב-GitHub! +בנוסף, [אנשים רבים](https://github.com/privacyguides/privacyguides.org/graphs/contributors) תרמו לפרויקט. גם אתה יכול, אנחנו בקוד פתוח ב-GitHub ומקבלים הצעות תרגום ב-[Crowdin](https://crowdin.com/project/privacyguides). חברי הצוות שלנו בודקים את כל השינויים שבוצעו באתר ומטפלים בתפקידים אדמיניסטרטיביים כגון אירוח אתרים ופיננסים, אולם הם אינם מרוויחים באופן אישי מכל תרומה כלשהי לאתר זה. הדוחות הכספיים שלנו מתארחים באופן שקוף על ידי Open Collective Foundation 501(c)( 3) בכתובת [opencollective.com/privacyguides](https://opencollective.com/privacyguides). תרומות ל-Privacy Guides ניתנות לניכוי מס בדרך כלל בארצות הברית. @@ -59,5 +87,3 @@ title: "אודות Privacy Guides" :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: אלא אם צוין אחרת, התוכן המקורי באתר זה זמין תחת [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). משמעות הדבר היא שאתה חופשי להעתיק ולהפיץ מחדש את החומר בכל מדיום או פורמט לכל מטרה, אפילו מסחרית; כל עוד אתה נותן קרדיט מתאים ל`Privacy Guides (www.privacyguides.org)` ומספק קישור לרישיון. אתה רשאי לעשות זאת בכל דרך סבירה, אך לא בכל דרך שמציעה שPrivacy Guides מאשרים אותך או את השימוש שלך. אם תערבב מחדש, תשנה או תבנה על התוכן של אתר זה, אינך רשאי להפיץ את החומר שהשתנה. רישיון זה נועד למנוע מאנשים לחלוק את עבודתנו מבלי לתת קרדיט מתאים, וכדי למנוע מאנשים לשנות את העבודה שלנו באופן שעלול לשמש כדי להטעות אנשים. אם אתה מוצא את התנאים של רישיון זה מגבילים מדי עבור הפרויקט שאתה עובד עליו, אנא פנה אלינו בכתובת `jonah@privacyguides.org`. אנו שמחים לספק אפשרויות רישוי חלופיות לפרויקטים בעלי כוונות טובות במרחב הפרטיות! - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/about/notices.md b/i18n/he/about/notices.md index 6046549b..e07a3751 100644 --- a/i18n/he/about/notices.md +++ b/i18n/he/about/notices.md @@ -41,5 +41,3 @@ Privacy Guides בנוסף אינם מתחייבים כי אתר זה יהיה ז * גירוד * כריית נתונים * 'מסגור' (IFrames) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/about/privacy-policy.md b/i18n/he/about/privacy-policy.md index d04ce5ff..5571577e 100644 --- a/i18n/he/about/privacy-policy.md +++ b/i18n/he/about/privacy-policy.md @@ -59,5 +59,3 @@ jonah@privacyguides.org אנו נפרסם גרסאות חדשות של הצהרה זו [כאן](privacy-policy.md). אנו עשויים לשנות את האופן שבו אנו מכריזים על שינויים בגרסאות עתידיות של מסמך זה. בינתיים אנו עשויים לעדכן את פרטי הקשר שלנו בכל עת מבלי להודיע על שינוי. אנא עיין ב[מדיניות הפרטיות](privacy-policy.md) לקבלת הפרטים העדכניים ביותר ליצירת קשר בכל עת. ניתן למצוא גרסה מלאה של [היסטוריה](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) של דף זה ב-GitHub. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/about/privacytools.md b/i18n/he/about/privacytools.md index a5f82f35..a63dfb96 100644 --- a/i18n/he/about/privacytools.md +++ b/i18n/he/about/privacytools.md @@ -116,5 +116,3 @@ Subreddits אינם שייכים לאף אחד, והם במיוחד לא שיי - [2 באפריל 2022 תגובה מאת u/dng99 לפוסט ההאשמות של PrivacyTools](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [16 במאי 2022 מענה @TommyTran732 בטוויטר](https://twitter.com/TommyTran732/status/1526153497984618496) - [ספטמבר 3, 2022 פוסט על הפורום של Techlore על ידי @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/about/services.md b/i18n/he/about/services.md index a1550fca..ef8357cf 100644 --- a/i18n/he/about/services.md +++ b/i18n/he/about/services.md @@ -36,5 +36,3 @@ - זמינות: חצי ציבורי אנו מארחים את Invidious בעיקר כדי להגיש סרטוני YouTube משובצים באתר האינטרנט שלנו, מופע זה אינו מיועד לשימוש כללי ועשוי להיות מוגבל בכל עת. - מקור: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/about/statistics.md b/i18n/he/about/statistics.md index f36d47be..d59eac11 100644 --- a/i18n/he/about/statistics.md +++ b/i18n/he/about/statistics.md @@ -59,5 +59,3 @@ title: סטטיסטיקת תנועה }) }) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/advanced/communication-network-types.md b/i18n/he/advanced/communication-network-types.md index 84df9cc7..a9d9b5cb 100644 --- a/i18n/he/advanced/communication-network-types.md +++ b/i18n/he/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "סוגי רשתות תקשורת" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- ישנן מספר ארכיטקטורות רשת הנפוצות להעברת הודעות בין אנשים. רשתות אלו יכולות לספק הבטחות פרטיות שונות, וזו הסיבה שכדאי לקחת בחשבון את [מודל האיום](../basics/threat-modeling.md) שלך בעת ההחלטה באיזו אפליקציה להשתמש. @@ -100,5 +101,3 @@ icon: 'material/transit-connection-variant' - פחות אמין אם צמתים נבחרים על ידי ניתוב אקראי, חלק מהצמתים עשויים להיות רחוקים מאוד מהשולח והמקבל, להוסיף זמן השהייה או אפילו לא לשדר הודעות אם אחד הצמתים אינו מקוון. - מורכב יותר להתחיל, שכן נדרשת יצירה וגיבוי מאובטח של מפתח פרטי קריפטוגרפי. - בדיוק כמו פלטפורמות מבוזרות אחרות, הוספת תכונות מורכבת יותר עבור מפתחים מאשר בפלטפורמה מרכזית. לפיכך, תכונות עשויות להיות חסרות או מיושמות באופן חלקי, כגון העברת הודעות לא מקוונות או מחיקת הודעות. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/advanced/dns-overview.md b/i18n/he/advanced/dns-overview.md index 8e51c435..1a5c13a4 100644 --- a/i18n/he/advanced/dns-overview.md +++ b/i18n/he/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "סקירה כללית של DNS" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- [מערכת שמות הדומיין](https://en.wikipedia.org/wiki/Domain_Name_System) היא 'ספר הטלפונים של האינטרנט'. DNS מתרגם שמות דומיין לכתובות IP כך שדפדפנים ושירותים אחרים יכולים לטעון משאבי אינטרנט, דרך רשת מבוזרת של שרתים. @@ -303,5 +304,3 @@ QNAME הוא "שם מוסמך", לדוגמה`privacyguides.org`. מזעור QNam זה נועד "לזרז" את מסירת הנתונים על ידי מתן תשובה ללקוח השייך לשרת הקרוב אליו כגון [תוכן רשת מסירה](https://en.wikipedia.org/wiki/Content_delivery_network), המשמשות לעתים קרובות בהזרמת וידאו והגשת יישומי אינטרנט של JavaScript. תכונה זו כרוכה בעלות פרטיות, מכיוון שהיא מספרת לשרת ה-DNS מידע על מיקומו של הלקוח. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/advanced/payments.md b/i18n/he/advanced/payments.md new file mode 100644 index 00000000..76d23425 --- /dev/null +++ b/i18n/he/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: תשלומים פרטיים +icon: material/hand-coin +--- + +יש סיבה לכך שנתונים על הרגלי הקנייה שלך נחשבים לגביע הקדוש של מיקוד מודעות: הרכישות שלך יכולות להדליף אוצר אמיתי של נתונים עליך. למרבה הצער, המערכת הפיננסית הנוכחית נוגדת פרטיות בעיצובה, ומאפשרת לבנקים, לחברות אחרות ולממשלות לעקוב בקלות אחר עסקאות. עם זאת, יש לך אפשרויות רבות בכל הנוגע לביצוע תשלומים באופן פרטי. + +## מזומן + +במשך מאות שנים, **מזומן** תפקד כצורת התשלום הפרטית העיקרית. למזומן יש מאפייני פרטיות מצוינים ברוב המקרים, הוא מקובל ברוב המדינות ו**ניתן לשינוי**, כלומר אינו ייחודי וניתן להחלפה לחלוטין. + +חוקי התשלום במזומן משתנים בהתאם למדינה. בארצות הברית, נדרש גילוי מיוחד עבור תשלומים במזומן מעל $10,000 ל-IRS ב[טופס 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). העסק המקבל נדרש לזהות את שמו, כתובתו, עיסוקו, תאריך הלידה ומספר תעודת הזהות/אמצעי זיהוי אחרים של מקבל התשלום (עם כמה חריגים). גבולות נמוכים יותר ללא תעודת זהות כגון $3,000 או פחות קיימות עבור החלפות והעברת כסף. מזומן מכיל גם מספרים סידוריים. כמעט אף פעם לא עוקבים אחר אלה על ידי סוחרים, אבל הם יכולים לשמש את רשויות אכיפת החוק בחקירות ממוקדות. + +למרות זאת, זו בדרך כלל האפשרות הטובה ביותר. + +## כרטיסים בתשלום מראש & כרטיסי מתנה + +קל יחסית לרכוש כרטיסי מתנה וכרטיסים משולמים ברוב חנויות המכולת וחנויות הנוחות במזומן. בכרטיסי מתנה בדרך כלל אין עמלה, אם כי לרוב יש בכרטיסים משולמים מראש, אז שימו לב היטב לעמלות ולתאריכי התפוגה הללו. חנויות מסוימות עשויות לבקש לראות את תעודת הזהות שלך בקופה כדי להפחית הונאה. + +לכרטיסי מתנה יש בדרך כלל מגבלות של עד $200 לכרטיס, אבל חלקם מציעים הגבלה של עד $2,000 לכרטיס. לכרטיסים משולמים מראש (למשל: מוויזה או מאסטרקארד) יש בדרך כלל מגבלות של עד $1,000 לכרטיס. + +לכרטיסי מתנה יש את החיסרון שהם כפופים למדיניות הסוחר, שיכולה להיות לה תנאים והגבלות איומים. לדוגמה, סוחרים מסוימים אינם מקבלים תשלום בכרטיסי מתנה באופן בלעדי, או שהם עשויים לבטל את ערך הכרטיס אם הם מחשיבים אותך כמשתמש בסיכון גבוה. ברגע שיש לך אשראי סוחר, לסוחר יש מידה חזקה של שליטה על אשראי זה. + +כרטיסים בתשלום מראש אינם מאפשרים משיכת מזומן מכספומטים או תשלומים "עמית לעמית" ב-Venmo ובאפליקציות דומות. + +מזומן נשאר האפשרות הטובה ביותר עבור רכישות אישיות עבור רוב האנשים. כרטיסי מתנה יכולים להיות שימושיים עבור החיסכון שהם מביאים. כרטיסים משולמים מראש יכולים להיות שימושיים עבור מקומות שאינם מקבלים מזומן. קל יותר להשתמש בכרטיסי מתנה וכרטיסים משולמים באינטרנט מאשר במזומן, וקל יותר לרכוש אותם עם מטבעות קריפטוגרפיים מאשר במזומן. + +### חנויות אונליין + +אם יש לך [מטבע קריפטוגרפי](../cryptocurrency.md), אתה יכול לרכוש כרטיסי מתנה עם שוק כרטיסי מתנה אונליין. חלק מהשירותים הללו מציעים אפשרויות אימות מזהה עבור מגבלות גבוהות יותר, אך הם גם מאפשרים חשבונות עם כתובת אימייל בלבד. מגבלות בסיסיות מתחילות ב-$5,000-10,000 ליום עבור חשבונות בסיסיים, ומגבלות גבוהות משמעותית עבור חשבונות מאומתים מזהים (אם מוצעים). + +בקניית כרטיסי מתנה באינטרנט, בדרך כלל יש הנחה קלה. כרטיסים משולמים מראש בדרך כלל נמכרים באינטרנט במחיר נקוב או בתשלום. אם אתה קונה כרטיסים משולמים מראש וכרטיסי מתנה עם מטבעות קריפטוגרפיים, אתה צריך מאוד להעדיף לשלם עם Monero שמספק פרטיות חזקה, עוד על כך בהמשך. תשלום עבור כרטיס מתנה עם שיטת תשלום שניתן לעקוב אחריהם שולל את היתרונות שכרטיס מתנה יכול לספק ברכישה במזומן או ב-Monero. + +- [שווקים של כרטיסי מתנה אונליין :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## כרטיסים וירטואליים + +דרך נוספת להגן על המידע שלך מפני סוחרים מקוונים היא להשתמש בכרטיסים וירטואליים חד פעמיים המסווים את פרטי הבנק או החיוב בפועל שלך. זה שימושי בעיקר להגנה עליך מפני הפרות נתונים של סוחרים, מעקב פחות מתוחכם או מתאם רכישה על ידי סוכנויות שיווק וגניבת נתונים מקוונים. הם **לא** מסייעים לך לבצע רכישה באופן אנונימי לחלוטין, וגם לא מסתירים מידע כלשהו מהמוסד הבנקאי עצמו. מוסדות פיננסיים רגילים המציעים כרטיסים וירטואליים כפופים לחוקי "הכר את הלקוח שלך" (KYC), כלומר הם עשויים לדרוש את תעודת הזהות שלך או מידע מזהה אחר. + +- [שירותי מיסוך תשלום מומלצים :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +אלו נוטות להיות אפשרויות טובות לתשלומים חוזרים/מנויים באינטרנט, בעוד שכרטיסי מתנה משולמים מראש מועדפים לעסקאות חד פעמיות. + +## מטבעות קריפטוגרפיים + +מטבעות קריפטוגרפיים הם מטבע דיגיטלי שנועד לעבוד ללא רשויות מרכזיות כמו ממשלה או בנק. בעוד ש*כמה* פרויקטים של מטבעות קריפטוגרפיים יכולים לאפשר לך לבצע עסקאות פרטיות באופן מקוון, רבים משתמשים בבלוקצ'יין ציבורי שאינו מספק פרטיות עסקה כלשהי. מטבעות קריפטוגרפיים נוטים להיות נכסים מאוד תנודתיים, כלומר ערכם יכול להשתנות במהירות ובאופן משמעותי בכל עת. ככזה, אנו בדרך כלל לא ממליצים להשתמש במטבעות קריפטוגרפיים כמאגר ערך לטווח ארוך. אם תחליט להשתמש במטבעות קריפטוגרפיים באינטרנט, וודא שיש לך הבנה מלאה של היבטי הפרטיות שלו מראש, והשקיע רק סכומים שלא יהיה אסון להפסיד. + +!!! danger "סַכָּנָה" + + הרוב המכריע של מטבעות הקריפטו פועלים על בלוקצ'יין **ציבורי**, כלומר כל עסקה היא ידע ציבורי. זה כולל אפילו את רוב מטבעות הקריפטו הידועים כמו ביטקוין ואת'ריום. עסקאות עם מטבעות קריפטוגרפיים אלה לא צריכות להיחשב פרטיות ולא יגנו על האנונימיות שלך. + + בנוסף, רבים אם לא רוב המטבעות הקריפטו הם הונאות. בצע עסקאות בזהירות עם רק פרויקטים שאתה סומך עליהם. + +### מטבעות פרטיות + +ישנם מספר פרויקטים של מטבעות קריפטוגרפיים שמתיימרים לספק פרטיות על ידי הפיכת עסקאות לאנונימיות. אנו ממליצים להשתמש באחד המספק אנונימיות לעסקה **כברירת מחדל** כדי למנוע שגיאות תפעול. + +- [מטבעות קריפטוגרפיים מומלצים :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +מטבעות פרטיות היו נתונים לבדיקה גוברת של סוכנויות ממשלתיות. בשנת 2020, [ IRS פרסם פרס של $625,000 ](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) עבור כלים שיכולים לשבור את פרטיות העסקאות של Bitcoin Lightning Network ו/או של Monero. בסופו של דבר [הם שילמו לשתי חברות](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis ו-Integra Fec) סך של 1.25 מיליון דולר עבור כלים שמתיימרים לעשות זאת (לא ידוע לאיזו רשת מטבעות קריפטוגרפיים מכוונים הכלים הללו). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### מטבעות אחרים (ביטקוין, את'ריום וכו') + +הרוב המכריע של פרויקטים של מטבעות קריפטוגרפיים משתמשים בבלוקצ'יין ציבורי, כלומר כל העסקאות הן ניתנות למעקב בקלות וקבועות. ככזה, אנו מונעים בתוקף את השימוש ברוב מטבעות הקריפטו מסיבות הקשורות לפרטיות. + +עסקאות אנונימיות בבלוקצ'יין ציבורי אפשריות *תיאורטית*, וויקי הביטקוין [נותן דוגמה אחת לעסקה "אנונימית לחלוטין"](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). עם זאת, לעשות זאת דורשת הגדרה מסובכת הכוללת Tor ו"כריית סולו" של בלוק ליצירת מטבעות קריפטוגרפיים עצמאיים לחלוטין, פרקטיקה שלא הייתה מעשית עבור כמעט אף חובב במשך שנים רבות. + +==האפשרות הטובה ביותר שלך היא להימנע לחלוטין ממטבעות קריפטוגרפיים אלה ולהישאר עם אחד שמספק פרטיות כברירת מחדל.== ניסיון להשתמש במטבעות קריפטוגרפיים אחרים הוא מחוץ לתחום של אתר זה ומומלץ מאוד. + +### משמורת ארנק + +עם מטבעות קריפטוגרפיים יש שתי צורות של ארנקים: ארנקים משמורת וארנקים לא משמורים. ארנקי משמורת מופעלים על ידי חברות/בורסות מרכזיות, כאשר המפתח הפרטי של הארנק שלך מוחזק על ידי אותה חברה, ואתה יכול לגשת אליהם בכל מקום בדרך כלל עם שם משתמש וסיסמה רגילים. ארנקים לא משמורים הם ארנקים שבהם אתה שולט ומנהל את המפתחות הפרטיים כדי לגשת אליו. בהנחה שאתה שומר על המפתחות הפרטיים של הארנק שלך מאובטחים ומגובים, ארנקים לא משמורים מספקים אבטחה ועמידות גבוהה יותר לצנזורה על פני ארנקים משמורים, מכיוון שהמטבע הקריפטוגרפי שלך לא יכול להיגנב או להקפיא על ידי חברה עם משמורת על המפתחות הפרטיים שלך. שמירת מפתח חשובה במיוחד כשמדובר במטבעות פרטיות: ארנקי משמורת מעניקים לחברה המפעילה את היכולת לצפות בעסקאות שלך, מה ששולל את יתרונות הפרטיות של אותם מטבעות קריפטוגרפיים. + +### רכישה + +רכישת [מטבעות קריפטוגרפיים](../cryptocurrency.md) כמו Monero באופן פרטי יכולה להיות קשה. שוקי P2P כמו [LocalMonero](https://localmonero.co/), פלטפורמה המאפשרת עסקאות בין אנשים, הן אפשרות אחת שניתן להשתמש בה. אם השימוש בבורסה הדורשת KYC מהווה סיכון מקובל עבורך כל עוד לא ניתן לאתר עסקאות עוקבות, אפשרות הרבה יותר קלה היא לרכוש Monero בבורסה כמו [Kraken](https://kraken.com/), או רכשו ביטקוין/לייטקוין מבורסת KYC אשר לאחר מכן ניתן להחליף למונרו. לאחר מכן, אתה יכול למשוך את ה-Monero שנרכש לארנק הלא משמורן שלך כדי להשתמש בו באופן פרטי מנקודה זו ואילך. + +אם אתם הולכים בדרך זו, דאגו לרכוש את Monero בזמנים שונים ובסכומים שונים מהמקום שבו תוציאו אותו. אם אתה רוכש 5,000$ של Monero בבורסה ותבצע רכישה של 5,000$ במונרו שעה לאחר מכן, פעולות אלו עשויות להיות מתואם על ידי צופה מבחוץ, ללא קשר לנתיב שהמונרו עבר. רכישות מדהימות ורכישת כמויות גדולות יותר של Monero מראש כדי לבזבז מאוחר יותר על מספר עסקאות קטנות יותר יכולות למנוע את המלכודת הזו. + +## שיקולים נוספים + +כאשר אתה מבצע תשלום באופן אישי במזומן, הקפד לשמור על הפרטיות האישית שלך בחשבון. מצלמות אבטחה נמצאות בכל מקום. שקול ללבוש בגדים לא מובחנים ומסיכת פנים (כגון מסכה כירורגית או N95). אל תירשם לתוכניות תגמולים ואל תספק מידע אחר על עצמך. + +בעת רכישה מקוונת, באופן אידיאלי עליך לעשות זאת דרך [Tor](tor-overview.md). עם זאת, סוחרים רבים אינם מאפשרים רכישות עם Tor. אתה יכול לשקול להשתמש ב-[VPN מומלץ ](../vpn.md) (בתשלום במזומן, כרטיס מתנה או Monero), או לבצע את הרכישה מבית קפה או ספרייה עם Wi-Fi בחינם. אם אתם מזמינים פריט פיזי שצריך לשלוח, תצטרכו לספק כתובת למשלוח. כדאי לשקול שימוש בתיבת דואר, תיבת דואר פרטית או כתובת עבודה. diff --git a/i18n/he/advanced/tor-overview.md b/i18n/he/advanced/tor-overview.md index 4d178fe1..c9c578e7 100644 --- a/i18n/he/advanced/tor-overview.md +++ b/i18n/he/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "סקירה כללית של Tor" icon: 'simple/torproject' +description: Tor היא רשת מבוזרת בחינם לשימוש המיועדת לשימוש באינטרנט עם כמה שיותר פרטיות. --- Tor היא רשת מבוזרת בחינם לשימוש המיועדת לשימוש באינטרנט עם כמה שיותר פרטיות. בשימוש נכון, הרשת מאפשרת גלישה ותקשורת פרטית ואנונימית. @@ -74,8 +75,6 @@ Tor מאפשר לנו להתחבר לשרת מבלי שאף גורם אחד יד - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (יוטיוב) - [Tor שירותי בצל - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (יוטיוב) ---8<-- "includes/abbreviations.he.txt" - [^1]: הממסר הראשון במעגל שלך נקרא "שומר כניסה" או "שומר". זהו ממסר מהיר ויציב שנשאר הראשון במעגל שלך למשך 2-3 חודשים על מנת להגן מפני התקפה ידועה לשבירת אנונימיות. שאר המעגל שלך משתנה עם כל אתר חדש שאתה מבקר בו, וכולם ביחד מספקים ממסרים אלה את הגנת הפרטיות המלאה של Tor. לקבלת מידע נוסף על אופן הפעולה של ממסרי מגן, עיין במאמר זה [בלוג פוסט](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) וגם [דף](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) על שומרי כניסה. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: דגל ממסר: (אי)-הסמכה מיוחדת של ממסרים עבור עמדות מעגל (לדוגמה, "שומר", "יציאה", "יציאה-גרועה"), מאפייני מעגל (לדוגמה, "מהיר", "יציב"), או תפקידים (לדוגמה, "רשות", "HSDir"), כפי שהוקצו על ידי רשויות המדריכים ומוגדרים יותר במפרט פרוטוקול הספרייה. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/he/android.md b/i18n/he/android.md index ca5adac9..b1c3597f 100644 --- a/i18n/he/android.md +++ b/i18n/he/android.md @@ -1,6 +1,7 @@ --- title: "אנדרואיד" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![לוגו אנדרואיד](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ icon: 'simple/android' אלו הן מערכות ההפעלה, המכשירים והאפליקציות של אנדרואיד שאנו ממליצים על מנת למקסם את האבטחה והפרטיות של המכשיר הנייד שלך. למידע נוסף על אנדרואיד: -- [סקירה כללית של אנדרואיד :material-arrow-right-drop-circle:](os/android-overview.md) -- [מדוע אנו ממליצים על GrapheneOS על פני CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[סקירה כללית של אנדרואיד :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[מדוע אנו ממליצים על GrapheneOS על פני CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## נגזרות AOSP @@ -41,9 +43,9 @@ icon: 'simple/android' [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="קוד מקור" } [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=תרומה } -GrapheneOS תומך ב-[Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), המריץ את [שירותי ](https://en.wikipedia.org/wiki/Google_Play_Services)Google Play בארגז חול מלא כמו כל אפליקציה רגילה אחרת. המשמעות היא שאתה יכול לנצל את רוב שירותי Google Play, כגון [הודעות דחיפה](https://firebase.google.com/docs/cloud-messaging/), תוך מתן שליטה מלאה על ההרשאות והגישה שלהם, ובזמן שהם מכילים אותם ל[פרופיל עבודה](os/android-overview.md#work-profile) או [פרופיל משתמש](os/android-overview.md#user-profiles) לבחירתך. +GrapheneOS תומך ב-[Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), המריץ את [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) בארגז חול מלא כמו כל אפליקציה רגילה אחרת. משמעות הדבר היא שאתה יכול לנצל את רוב שירותי Google Play, כגון [הודעות דחיפה](https://firebase.google.com/docs/cloud-messaging/), תוך מתן שליטה מלאה על ההרשאות והגישה שלהם, ותוך כדי הכללתן ב[פרופיל עבודה](os/android-overview.md#work-profile) או [פרופיל משתמש](os/android-overview.md#user-profiles) ספציפי לבחירתך. -טלפונים של Google Pixel הם המכשירים היחידים שעומדים כעת ב[דרישות אבטחת החומרה](https://grapheneos.org/faq#device-support) של GrapheneOS. +טלפונים של Google Pixel הם המכשירים היחידים שעומדים כרגע ב[דרישות אבטחת החומרה](https://grapheneos.org/faq#device-support) של GrapheneOS. ### DivestOS @@ -63,9 +65,9 @@ GrapheneOS תומך ב-[Sandboxed Google Play](https://grapheneos.org/usage#sand ל - DivestOS יש פגיעות ליבה ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [שמתוקן](https://gitlab.com/divested-mobile/cve_checker) אוטומטית, פחות בועות קנייניות, וקובץ [מארחים](https://divested.dev/index.php?page=dnsbl) מותאם. ה-WebView המוקשה שלו, [Mulch](https://gitlab.com/divested-mobile/mulch), מאפשר [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) עבור כל הארכיטקטורות ו[חלוקת מצבי רשת](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), ומקבל עדכונים מחוץ לפס. DivestOS כוללת גם תיקוני ליבה מ-GrapheneOS ומאפשרת את כל תכונות האבטחה הזמינות של הליבה באמצעות [הקשחת defconfig](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). כל הליבות החדשות יותר מגרסה 3.4 כוללים עמוד מלא [חיטוי](https://lwn.net/Articles/334747/) ולכל ~22 הליבות המחוברים יש Clang [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) מופעל. -DivestOS מיישמת כמה תיקוני הקשחת מערכת שפותחו במקור עבור GrapheneOS. DivestOS 16.0 ומעלה מיישמת את החלפת הרשאות [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) וחיישנים של GrapheneOS, [מקצית זיכרון מוקשחת](https://github.com/GrapheneOS/hardened_malloc), [השרצת מנהלים](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [קונסטיפיקציה](https://en.wikipedia.org/wiki/Const_(computer_programming)) של [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) ותיקוני התקשות [ביונית](https://en.wikipedia.org/wiki/Bionic_(software)) חלקית. תכונות 17.1 ומעלה של GrapheneOS לכל רשת [אפשרות אקראיות מלאה של ](https://en.wikipedia.org/wiki/MAC_address#Randomization)MAC, בקרת [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) ואתחול אוטומטי/Wi-Fi/Bluetooth [אפשרויות פסק זמן](https://grapheneos.org/features). +DivestOS מיישמת כמה תיקוני הקשחת מערכת שפותחו במקור עבור GrapheneOS. DivestOS 16.0 ומעלה מיישמת את החלפת הרשאות [`אינטרנט`](https://developer.android.com/training/basics/network-ops/connecting) וחיישנים של GrapheneOS, [מקצית זיכרון מוקשחת](https://github.com/GrapheneOS/hardened_malloc), [השרצת מנהלים](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [קונסטיפיקציה](https://en.wikipedia.org/wiki/Const_(computer_programming)) של [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) ותיקוני התקשות [ביונית](https://en.wikipedia.org/wiki/Bionic_(software)) חלקית. תכונות 17.1 ומעלה של GrapheneOS לכל רשת [אפשרות אקראיות מלאה של ](https://en.wikipedia.org/wiki/MAC_address#Randomization)MAC, בקרת [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) ואתחול אוטומטי/Wi-Fi/Bluetooth [אפשרויות פסק זמן](https://grapheneos.org/features). -DivestOS משתמשת ב-F-Droid כחנות האפליקציות המוגדרת כברירת מחדל. בדרך כלל, אנו ממליצים להימנע מ-F-Droid עקב [בעיות האבטחה](#f-droid) הרבות שלו. עם זאת, לעשות זאת ב-DivestOS לא כדאי; המפתחים מעדכנים את האפליקציות שלהם באמצעות מאגרי F-Droid משלהם ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) ו- [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). אנו ממליצים להשבית את אפליקציית F-Droid הרשמית ולהשתמש ב[Neo Store](https://github.com/NeoApplications/Neo-Store/) כאשר מאגרי DivestOS מופעלים כדי לשמור על רכיבים אלה מעודכנים. לגבי אפליקציות אחרות, השיטות המומלצות שלנו להשגתן עדיין חלות. +DivestOS משתמשת ב-F-Droid כחנות האפליקציות המוגדרת כברירת מחדל. בדרך כלל, אנו ממליצים להימנע מ-F-Droid עקב [בעיות האבטחה](#f-droid) הרבות שלו. עם זאת, לעשות זאת ב-DivestOS לא כדאי; המפתחים מעדכנים את האפליקציות שלהם באמצעות מאגרי F-Droid משלהם ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) ו- [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). אנו ממליצים להשבית את אפליקציית F-Droid הרשמית ולהשתמש ב-[Neo Store](https://github.com/NeoApplications/Neo-Store/) עם מאגרי DivestOS מופעלים כדי לשמור על רכיבים אלה מעודכנים. לגבי אפליקציות אחרות, השיטות המומלצות שלנו להשגתן עדיין חלות. !!! warning "אזהרה" @@ -77,9 +79,9 @@ DivestOS משתמשת ב-F-Droid כחנות האפליקציות המוגדרת בעת רכישת מכשיר, אנו ממליצים לרכוש אחד חדש ככל האפשר. התוכנה והקושחה של מכשירים ניידים נתמכות רק לזמן מוגבל, כך שקנייה חדשה מאריכה את תוחלת החיים עד כמה שניתן. -הימנע מרכישת טלפונים ממפעילי רשתות סלולריות. לעתים קרובות יש להם **מטען אתחול נעול** ואינם תומכים ב[פתיחת נעילה של OEM](https://source.android.com/devices/bootloader/locking_unlocking). גרסאות טלפון אלה ימנעו ממך להתקין כל סוג של הפצת אנדרואיד חלופית. +הימנע מרכישת טלפונים ממפעילי רשתות סלולריות. לאלה יש לרוב **מאתחול נעול** ואינם תומכים ב[פתיחת נעילה של OEM](https://source.android.com/devices/bootloader/locking_unlocking). גרסאות טלפון אלה ימנעו ממך להתקין כל סוג של הפצת אנדרואיד חלופית. -היה מאוד **זהיר** לגבי קניית טלפונים יד שניה משוק מקוון. בדוק תמיד את המוניטין של המוכר. אם המכשיר נגנב, קיימת אפשרות ל[רשימה שחורה של IMEI](https://www.gsma.com/security/resources/imei-blacklisting/). קיים גם סיכון שכרוך בהיותך קשור לפעילות של הבעלים הקודם. +היה מאוד **זהיר** בקניית טלפונים יד שנייה משוק אונליין. בדוק תמיד את המוניטין של המוכר. אם המכשיר נגנב, קיימת אפשרות ל[רשימה שחורה של IMEI](https://www.gsma.com/security/resources/imei-blacklisting/). קיים גם סיכון שכרוך בהיותך קשור לפעילות של הבעלים הקודם. עוד כמה טיפים לגבי מכשירי אנדרואיד ותאימות מערכות הפעלה: @@ -89,7 +91,7 @@ DivestOS משתמשת ב-F-Droid כחנות האפליקציות המוגדרת ### גוגל פיקסל -טלפונים של גוגל פיקסל הם המכשירים **היחידים** שאנו ממליצים לרכישה. לטלפונים של Pixel יש אבטחת חומרה חזקה יותר מכל מכשירי אנדרואיד אחרים הקיימים כיום בשוק, בשל תמיכת AVB נאותה עבור מערכות הפעלה של צד שלישי ושבבי אבטחה [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) הפועלים כאלמנט המאובטח. +טלפונים של גוגל פיקסל הם המכשירים **היחידים** שאנו ממליצים לרכישה. לטלפונים של Pixel יש אבטחת חומרה חזקה יותר מכל מכשירי אנדרואיד אחרים הקיימים כיום בשוק, בשל תמיכת AVB נאותה עבור מערכות הפעלה של צד שלישי ושבבי האבטחה המותאמים אישית [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) של גוגל הפועלים כ-Secure Element. !!! recommendation @@ -101,18 +103,18 @@ DivestOS משתמשת ב-F-Droid כחנות האפליקציות המוגדרת [:material-shopping: חנות](https://store.google.com/category/phones){ .md-button .md-button--primary } -רכיבים מאובטחים כמו Titan M2 מוגבלים יותר מסביבת הביצוע המהימנה של המעבד המשמשת את רוב הטלפונים האחרים מכיוון שהם משמשים רק לאחסון סודות, אישור חומרה והגבלת קצב, לא להפעלת תוכניות "מהימנות". טלפונים ללא Secure Element חייבים להשתמש ב-TEE עבור *כל* הפונקציות הללו, וכתוצאה מכך משטח התקפה גדול יותר. +רכיבים מאובטחים כמו Titan M2 מוגבלים יותר מסביבת הביצוע המהימנה של המעבד המשמשת את רוב הטלפונים האחרים מכיוון שהם משמשים רק לאחסון סודות, הוכחת חומרה והגבלת קצב, לא להפעלת תוכניות "מהימנות". טלפונים ללא Secure Element חייבים להשתמש ב-TEE עבור *כל* הפונקציות הללו, וכתוצאה מכך משטח התקפה גדול יותר. -טלפונים של Google Pixel משתמשים במערכת הפעלה TEE בשם Trusty שהיא [קוד פתוח](https://source.android.com/security/trusty#whyTrusty), בניגוד לטלפונים רבים אחרים. +טלפונים של גוגל פיקסל משתמשים ב-TEE OS בשם Trusty שהיא [קוד פתוח](https://source.android.com/security/trusty#whyTrusty), בניגוד לטלפונים רבים אחרים. -ההתקנה של GrapheneOS בטלפון Pixel קלה עם [מתקין האינטרנט](https://grapheneos.org/install/web) שלהם. אם אתה לא מרגיש בנוח לעשות את זה בעצמך ומוכן להוציא קצת כסף נוסף, בדוק את [NitroPhone](https://shop.nitrokey.com/shop) שהם מגיעים טעונים מראש עם GrapheneOS מחברת [Nitrokey](https://www.nitrokey.com/about) המכובדת. +ההתקנה של GrapheneOS בטלפון Pixel קלה עם [מתקין האינטרנט שלהם](https://grapheneos.org/install/web). אם אתה לא מרגיש בנוח לעשות את זה בעצמך ומוכן להוציא קצת כסף נוסף, בדוק את ה-[NitroPhone](https://shop.nitrokey.com/shop) מכיוון שהם נטענים מראש עם GrapheneOS של חברת [Nitrokey](https://www.nitrokey.com/about) המכובדת. עוד כמה טיפים לרכישת Google Pixel: - אם אתה מחפש מציאה על מכשיר פיקסל, אנו מציעים לקנות דגם "**a**", מיד לאחר יציאת ספינת הדגל הבאה. הנחות זמינות בדרך כלל מכיוון שגוגל תנסה לסלק את המלאי שלה. - שקול אפשרויות מכות מחיר ומבצעים המוצעים בחנויות פיזיות. -- עיין באתרי עסקאות מקוונים של קהילות במדינה שלך. אלה יכולים להתריע על מכירות טובות. -- Google מספקת רשימה המציגה את [מחזור התמיכה](https://support.google.com/nexus/answer/4457705) עבור כל אחד מהמכשירים שלהם. המחיר ליום עבור מכשיר יכול להיות מחושב כך: $\text{עלות} \over \text {תאריך סוף החיים}-\text{דייט נוכחי}$, כלומר, ככל שהשימוש במכשיר ארוך יותר, העלות ליום נמוכה יותר. +- עיין באתרי עסקאות אןנליין של קהילתיות במדינה שלך. אלה יכולים להתריע על מכירות טובות. +- Google מספקת רשימה המציגה את [מחזור התמיכה](https://support.google.com/nexus/answer/4457705) עבור כל אחד מהמכשירים שלהם. ניתן לחשב את המחיר ליום עבור מכשיר כך: $\text{עלות} \מעל \text {תאריך EOL}-\text{תאריך נוכחי}$, כלומר ככל שהשימוש ארוך יותר במכשיר כך העלות ליום נמוכה יותר. ## אפליקציות כלליות @@ -165,15 +167,15 @@ DivestOS משתמשת ב-F-Droid כחנות האפליקציות המוגדרת Auditor מבצע אישור וזיהוי חדירה על ידי: -- שימוש במודל [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) בין *מבקר* ו*בודק*, הזוג יוצר מפתח פרטי ב[מגובת החומרה מאגר המפתחות](https://source.android.com/security/keystore/) של *מבקר*. +- באמצעות מודל [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) בין *מבקר* ל*מבוקר*, הזוג יוצר מפתח פרטי ב[מאגר המפתחות המגובה בחומרה](https://source.android.com/security/keystore/) של ה*מבקר*. - *auditor* יכול להיות מופע אחר של אפליקציית Auditor או [שירות אישור מרחוק](https://attestation.app). -- ה*auditor* מתעד את המצב והתצורה הנוכחיים של ה*auditee*. +- המבקר רושם את המצב הנוכחי ואת התצורה של המבוקר. ה*auditor* מתעד את המצב והתצורה הנוכחיים של ה*auditee*. - אם התעסקות במערכת ההפעלה של ה*auditee* תתרחש לאחר השלמת ההתאמה, המבקר יהיה מודע לשינוי במצב המכשיר ובתצורות. - תקבל התראה על השינוי. לא נמסר מידע מזהה אישי לשירות האישורים. אנו ממליצים להירשם עם חשבון אנונימי ולאפשר אישור מרחוק לניטור רציף. -אם [מודל האיום](basics/threat-modeling.md) שלך דורש פרטיות, תוכל לשקול להשתמש ב-[Orbot](tor.md#orbot) או ב-VPN כדי הסתר את כתובת ה-IP שלך משירות האישורים. כדי לוודא שהחומרה ומערכת ההפעלה שלך מקוריות, [בצע אישור מקומי](https://grapheneos.org/install/web#verifying-installation) מיד לאחר התקנת ההתקן ולפני כן לכל חיבור לאינטרנט. +אם [מודל האיומים](basics/threat-modeling.md) שלך דורש פרטיות, תוכל לשקול להשתמש ב-[Orbot](tor.md#orbot)או ב-VPN כדי להסתיר את כתובת ה-IP שלך משירות האישורים. כדי לוודא שהחומרה ומערכת ההפעלה שלך מקוריות, [בצע אישור מקומי](https://grapheneos.org/install/web#verifying-installation) מיד לאחר התקנת המכשיר ולפני כל חיבור לאינטרנט. ### Secure Camera @@ -198,7 +200,7 @@ Auditor מבצע אישור וזיהוי חדירה על ידי: תכונות הפרטיות העיקריות כוללות: - הסרה אוטומטית של מטא נתונים של [Exif](https://en.wikipedia.org/wiki/Exif) (מופעל כברירת מחדל) -- שימוש בממשק ה-API החדש של [מדיה](https://developer.android.com/training/data-storage/shared/media), לכן [הרשאות אחסון](https://developer.android.com/training/data-storage) אינן נדרשות +- שימוש בממשק ה-API החדש של ה[מדיה](https://developer.android.com/training/data-storage/shared/media), לכן אין צורך ב[הרשאות אחסון](https://developer.android.com/training/data-storage) - אין צורך בהרשאת מיקרופון אלא אם ברצונך להקליט קול !!! note "הערה" @@ -232,7 +234,7 @@ Auditor מבצע אישור וזיהוי חדירה על ידי: ### GrapheneOS App Store -חנות האפליקציות של GrapheneOS זמינה ב-[GitHub](https://github.com/GrapheneOS/Apps/releases). הוא תומך באנדרואיד 12 ומעלה ומסוגל לעדכן את עצמו. לחנות האפליקציות יש יישומים עצמאיים שנבנו על ידי פרויקט GrapheneOS כגון [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera) ו-[PDF Viewer](https://github.com/GrapheneOS/PdfViewer). אם אתם מחפשים אפליקציות אלו, אנו ממליצים בחום להשיג אותן מחנות האפליקציות של GrapheneOS במקום מחנות Play, שכן האפליקציות בחנות שלהן חתומות על ידי חתימת הפרויקט של ה-GrapheneOS שלגוגל אין גישה אליה. +חנות האפליקציות של GrapheneOS זמינה ב-[GitHub](https://github.com/GrapheneOS/Apps/releases). הוא תומך באנדרואיד 12 ומעלה ומסוגל לעדכן את עצמו. לחנות האפליקציות יש יישומים עצמאיים שנבנו על ידי פרויקט GrapheneOS כגון [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), ו- [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). אם אתם מחפשים אפליקציות אלו, אנו ממליצים בחום להשיג אותן מחנות האפליקציות של GrapheneOS במקום מחנות Play, שכן האפליקציות בחנות שלהן חתומות על ידי חתימת הפרויקט של ה-GrapheneOS שלגוגל אין גישה אליה. ### Aurora Store @@ -251,29 +253,29 @@ Auditor מבצע אישור וזיהוי חדירה על ידי: - [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases) -Aurora Store לא מאפשרת להוריד אפליקציות בתשלום עם תכונת החשבון האנונימי שלהן. אתה יכול לחלופין להתחבר עם חשבון Google שלך עם Aurora Store כדי להוריד אפליקציות שרכשת, מה שאכן נותן גישה לרשימת האפליקציות שהתקנת ל-Google, אולם אתה עדיין נהנה מכך שאינך דורש את לקוח Google Play המלא ואת Google Play שירותים או microG במכשיר שלך. +Aurora Store לא מאפשרת להוריד אפליקציות בתשלום עם תכונת החשבון האנונימי שלהן. אתה יכול לחלופין להתחבר עם חשבון גוגל שלך ל-Aurora Store כדי להוריד אפליקציות שרכשת, מה שאכן נותן גישה לרשימת האפליקציות שהתקנת לגוגל, אולם אתה עדיין נהנה מכך שאינך דורש את לקוח Google Play המלא ואת Google Play Services או microG במכשיר שלך. ### התראות RSS באופן ידני -עבור אפליקציות ששוחררו בפלטפורמות כמו GitHub ו-GitLab, ייתכן שתוכל להוסיף עדכון RSS ל[צובר החדשות](/news-aggregators) שלך שיעזור לך לעקוב אחר מהדורות חדשות. +עבור אפליקציות שמשוחררות בפלטפורמות כמו GitHub ו-GitLab, ייתכן שתוכל להוסיף עדכון RSS ל[צובר החדשות](/news-aggregators) שלך שיעזור לך לעקוב אחר מהדורות חדשות. ![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![שינויים ב-APK](./assets/img/android/rss-changes-light.png#only-light) ![שינויים ב-APK](./assets/img/android/rss-changes-dark.png#only-dark) #### Github -ב-GitHub, באמצעות [Secure Camera](#secure-camera) כדוגמה, תנווט אל [ שלה. דף מהדורות](https://github.com/GrapheneOS/Camera/releases) וצרף את `.atom` לכתובת האתר: +ב-GitHub, באמצעות [Secure Camera](#secure-camera) כדוגמה, תנווט ל[דף ההפצות](https://github.com/GrapheneOS/Camera/releases) שלו ותוסיף את `.atom` לכתובת האתר: `https://github.com/GrapheneOS/Camera/releases.atom` #### GitLab -ב-GitLab, באמצעות [Aurora Store](#aurora-store) כדוגמה, תנווט אל [מאגר הפרויקטים שלה ](https://gitlab.com/AuroraOSS/AuroraStore) והוסף את `/-/tags?format=atom` לכתובת האתר: +ב-GitLab, באמצעות [Aurora Store](#aurora-store) כדוגמה, תנווט אל [מאגר הפרויקטים](https://gitlab.com/AuroraOSS/AuroraStore) שלו ותוסיף `/-/tags?format=atom` לכתובת האתר: `https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom` #### אימות טביעות אצבע של APK -אם אתה מוריד קבצי APK להתקנה ידנית, תוכל לאמת את החתימה שלהם באמצעות [`apksigner`](https://developer.android.com/studio/command-line/apksigner) כלי, שהוא חלק מ[כלי בנייה](https://developer.android.com/studio/releases/build-tools) של אנדרואיד. +אם אתה מוריד קבצי APK להתקנה ידנית, אתה יכול לאמת את החתימה שלהם עם הכלי [`apksigner`](https://developer.android.com/studio/command-line/apksigner), שהוא חלק מ[כלי הבנייה](https://developer.android.com/studio/releases/build-tools) של אנדרואיד. 1. התקן [Java JDK](https://www.oracle.com/java/technologies/downloads/). @@ -306,13 +308,13 @@ Aurora Store לא מאפשרת להוריד אפליקציות בתשלום עם ![לוגו F-Droid](assets/img/android/f-droid.svg){ align=right width=120px } -==אנחנו **לא** ממליצים כרגע על F-Droid כדרך להשיג אפליקציות.== F-Droid מומלצת לעתים קרובות כחלופה ל-Google Play, במיוחד בפרטיות קהילה. האפשרות להוסיף מאגרי צד שלישי ולא להיות מוגבלים לגן המוקף חומה של גוגל הובילה לפופולריות שלו. ל-F-Droid יש בנוסף [בניינים הניתנים לשחזור](https://f-droid.org/en/docs/Reproducible_Builds/) עבור יישומים מסוימים והוא מוקדש לתוכנות חינמיות וקוד פתוח. עם זאת, יש [בעיות בולטות](https://privsec.dev/posts/android/f-droid-security-issues/) עם לקוח F-Droid הרשמי, בקרת האיכות שלו, כיצד הם בונים, חותמים ומספקים חבילות. +==אנחנו **לא** ממליצים כרגע על F-Droid כדרך להשיג אפליקציות.== F-Droid מומלצת לעתים קרובות כחלופה ל-Google Play, במיוחד בפרטיות קהילה. האפשרות להוסיף מאגרי צד שלישי ולא להיות מוגבלים לגן המוקף חומה של גוגל הובילה לפופולריות שלו. ל-F-Droid יש בנוסף [בנייה הניתנת לשחזור](https://f-droid.org/en/docs/Reproducible_Builds/) עבור יישומים מסוימים והוא מוקדש לתוכנות חינמיות וקוד פתוח. עם זאת, ישנן [בעיות בולטות](https://privsec.dev/posts/android/f-droid-security-issues/) עם הלקוח הרשמי של F-Droid, בקרת האיכות שלו והאופן שבו הם בונים, חותמים ומעבירים חבילות. בשל תהליך בניית האפליקציות שלהם, אפליקציות במאגר ה-F-Droid הרשמי מפגרות לעתים קרובות בפיגור לגבי עדכונים. מנהלי F-Droid גם עושים שימוש חוזר במזהי חבילה בזמן חתימת אפליקציות עם המפתחות שלהם, וזה לא אידיאלי מכיוון שהוא נותן אמון אולטימטיבי לצוות F-Droid. -מאגרים פופולריים אחרים של צד שלישי כגון [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) מקלים על חלק מהחששות הללו. מאגר IzzyOnDroid מושך רכיבים ישירות מ-GitHub והוא הדבר הטוב הבא למאגרים של המפתחים עצמם. עם זאת, זה לא משהו שאנחנו יכולים להמליץ עליו, מכיוון שאפליקציות בדרך כלל [מסירים](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) מהמאגר הזה כאשר הם מגיעים למאגר F-Droid הראשי. למרות שזה הגיוני (מכיוון שהמטרה של המאגר המסוים הזה היא לארח אפליקציות לפני שהן מתקבלות למאגר ה-F-Droid הראשי), זה יכול להשאיר אותך עם אפליקציות מותקנות שכבר לא מקבלים עדכונים. +מאגרים פופולריים אחרים של צד שלישי כגון [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) מקלים על חלק מהחששות הללו. מאגר IzzyOnDroid מושך רכיבים ישירות מ-GitHub והוא הדבר הטוב הבא למאגרים של המפתחים עצמם. עם זאת, זה לא משהו שאנחנו יכולים להמליץ עליו, מכיוון שבדרך כלל אפליקציות [מוסרות](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) מהמאגר הזה כשהן מגיעות למאגר F-Droid הראשי. למרות שזה הגיוני (מכיוון שהמטרה של המאגר המסוים הזה היא לארח אפליקציות לפני שהן מתקבלות למאגר ה-F-Droid הראשי), זה יכול להשאיר אותך עם אפליקציות מותקנות שכבר לא מקבלים עדכונים. -עם זאת, [F-Droid](https://f-droid.org/en/packages/) ו-[IzzyOnDroid](https://apt.izzysoft.de/fdroid/) הם ביתם של אינספור אפליקציות, כך שהם יכולים להוות כלי שימושי לחיפוש ולגלות אפליקציות קוד פתוח שתוכל להוריד דרך חנות Play, Aurora Store, או על ידי קבלת ה-APK ישירות מה- מפתח. חשוב לזכור שחלק מהאפליקציות במאגרים אלו לא עודכנו במשך שנים ועשויות להסתמך על ספריות שאינן נתמכות, בין היתר, מהוות סיכון אבטחה פוטנציאלי. אתה צריך להשתמש במיטב שיקול הדעת שלך כשאתה מחפש אפליקציות חדשות בשיטה זו. +עם זאת, מאגרי [F-Droid](https://f-droid.org/en/packages/) ו-[IzzyOnDroid](https://apt.izzysoft.de/fdroid/) הם ביתם של אינספור אפליקציות, כך שהם יכולים להיות כלי שימושי לחיפוש ולגלות אפליקציות קוד פתוח שתוכלו לאחר מכן הורד דרך Play Store, Aurora Store, או על ידי קבלת ה-APK ישירות מהמפתח. חשוב לזכור שחלק מהאפליקציות במאגרים אלו לא עודכנו במשך שנים ועשויות להסתמך על ספריות שאינן נתמכות, בין היתר, מהוות סיכון אבטחה פוטנציאלי. אתה צריך להשתמש במיטב שיקול הדעת שלך כשאתה מחפש אפליקציות חדשות בשיטה זו. !!! note "הערה" @@ -342,12 +344,10 @@ Aurora Store לא מאפשרת להוריד אפליקציות בתשלום עם - חייב לתמוך לפחות באחת ממערכות ההפעלה המומלצות שלנו. - חייב להימכר כרגע חדש בחנויות. - חייב לקבל לפחות 5 שנים של עדכוני אבטחה. -- חייבת להיות חומרה ייעודית לרכיב מאובטח. +- חייב להיות חומרה ייעודית לרכיב מאובטח. ### יישומים - יישומים בדף זה לא חייבים להיות ישימים לכל קטגוריית תוכנה אחרת באתר. - יישומים כלליים צריכים להרחיב או להחליף את פונקציונליות הליבה של המערכת. - יישומים צריכים לקבל עדכונים ותחזוקה שוטפים. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/basics/account-creation.md b/i18n/he/basics/account-creation.md index 14b6240b..b8a836cb 100644 --- a/i18n/he/basics/account-creation.md +++ b/i18n/he/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "יצירת חשבון" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- לעתים קרובות אנשים נרשמים לשירותים מבלי לחשוב. אולי זה שירות סטרימינג כדי שתוכל לצפות בתוכנית החדשה שכולם מדברים עליה, או חשבון שנותן לך הנחה למקום האוכל המהיר האהוב עליך. לא משנה מה המקרה, עליך לשקול את ההשלכות על הנתונים שלך כעת ובהמשך בהמשך הקו. @@ -78,5 +79,3 @@ SSO יכול להיות שימושי במיוחד במצבים שבהם אתה ### שם משתמש וסיסמא שירותים מסוימים מאפשרים לך להירשם ללא שימוש בכתובת אימייל ורק דורשים ממך להגדיר שם משתמש וסיסמה. שירותים אלה עשויים לספק אנונימיות מוגברת בשילוב עם VPN או Tor. זכור שעבור חשבונות אלה סביר להניח ש**אין דרך לשחזר את חשבונך** במקרה שתשכח את שם המשתמש או הסיסמה שלך. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/basics/account-deletion.md b/i18n/he/basics/account-deletion.md index 710eea43..06d564e4 100644 --- a/i18n/he/basics/account-deletion.md +++ b/i18n/he/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "מחיקת חשבון" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- עם הזמן, זה יכול להיות קל לצבור מספר חשבונות מקוונים, שרבים מהם אולי כבר לא תשתמשו בהם. מחיקת חשבונות שאינם בשימוש היא צעד חשוב בהחזרת הפרטיות שלך, מכיוון שחשבונות רדומים חשופים לפרצות מידע. פרצת נתונים היא כאשר אבטחת השירות נפגעת ומידע מוגן נצפה, מועבר או נגנב על ידי שחקנים לא מורשים. פרצות מידע הן למרבה הצער כולן [נפוצות מדי](https://haveibeenpwned.com/PwnedWebsites) בימינו, ולכן תרגול היגיינה דיגיטלית טובה היא הדרך הטובה ביותר למזער את ההשפעה שיש להן על חייך. המטרה של מדריך זה היא אם כן לעזור לנווט אותך בתהליך המעיק של מחיקת חשבון, שלעתים קרובות מקשה על ידי [עיצוב מטעה](https://www.deceptive.design/), למען השיפור של הנוכחות המקוונת שלך. @@ -59,5 +60,3 @@ icon: 'material/account-remove' ## הימנעות מחשבונות חדשים כפי שאומר הפתגם הישן, "גרם של מניעה שווה קילו של תרופה." בכל פעם שאתה מתפתה להירשם לחשבון חדש, שאל את עצמך, "האם אני באמת צריך את זה? האם אני יכול להשיג את מה שאני צריך בלי חשבון?" לעתים קרובות זה יכול להיות הרבה יותר קשה למחוק חשבון מאשר ליצור אחד. וגם לאחר מחיקה או שינוי של המידע בחשבונך, עשויה להיות גרסה שמור של צד שלישי - כמו [ארכיון האינטרנט](https://archive.org/). הימנע מהפיתוי כאשר אתה מסוגל - העצמי העתידי שלך יודה לך! - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/basics/common-misconceptions.md b/i18n/he/basics/common-misconceptions.md index 001a7a98..18dd7366 100644 --- a/i18n/he/basics/common-misconceptions.md +++ b/i18n/he/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "תפיסות מוטעות נפוצות" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "תוכנת קוד פתוח תמיד מאובטחת" או "תוכנה קניינית מאובטחת יותר" @@ -56,6 +57,4 @@ icon: 'material/robot-confused' שימוש ב- Tor יכול לעזור בזה. ראוי גם לציין כי אנונימיות רבה יותר אפשרית באמצעות תקשורת אסינכרונית: תקשורת בזמן אמת חשופה לניתוח של דפוסי הקלדה (כלומר יותר מפסקת טקסט, מופצת בפורום, באמצעות דואר אלקטרוני וכו') ---8<-- "includes/abbreviations.he.txt" - [^1]: אחת הדוגמאות הבולטות לכך היא [תקרית 2021 שבה חוקרים מאוניברסיטת מינסוטה הציגו שלוש נקודות תורפה לפרויקט פיתוח ליבת לינוקס](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/he/basics/common-threats.md b/i18n/he/basics/common-threats.md index d27576df..95de3adf 100644 --- a/i18n/he/basics/common-threats.md +++ b/i18n/he/basics/common-threats.md @@ -1,11 +1,12 @@ --- title: "איומים נפוצים" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- באופן כללי, אנו מסווגים את ההמלצות שלנו ל[איומים](threat-modeling.md) או יעדים שחלים על רוב האנשים. ==ייתכן שאתה מודאג מאף אחת, אחת, כמה, או מכל האפשרויות האלה==, והכלים והשירותים שבהם אתה משתמש תלויים במטרותיך. ייתכן שיש לך איומים ספציפיים גם מחוץ לקטגוריות האלה, וזה בסדר גמור! החלק החשוב הוא פיתוח הבנה של היתרונות והחסרונות של הכלים שבהם אתה בוחר להשתמש, כי למעשה אף אחד מהם לא יגן עליך מכל איום. -- :material-incognito: אנונימיות - הגנה על הפעילות המקוונת שלך מהזהות האמיתית שלך, הגנה עליך מפני אנשים שמנסים לחשוף את *שלך * זהות ספציפית. +- :material-incognito: אנונימיות - הגנה על הפעילות המקוונת שלך מהזהות האמיתית שלך, הגנה עליך מפני אנשים שמנסים לחשוף את הזהות *שלך* ספציפית. - :material-target-account: התקפות ממוקדות - הגנה מפני האקרים או שחקנים זדוניים אחרים שמנסים לקבל גישה לנתונים או מכשירים ספציפיים *שלך*. - :material-bug-outline: התקפות פסיביות - הגנה מפני דברים כמו תוכנות זדוניות, פרצות נתונים והתקפות אחרות שנעשות נגד אנשים רבים בו-זמנית. - :material-server-network: ספקי שירותים - הגנה על הנתונים שלך מפני ספקי שירות (למשל באמצעות E2EE, מה שהופך את הנתונים שלך לבלתי קריאים לשרת). @@ -140,8 +141,6 @@ icon: 'material/eye-outline' אתה חייב תמיד לשקול את הסיכונים בניסיון לעקוף את הצנזורה, את ההשלכות האפשריות ועד כמה מתוחכם עלול להיות היריב שלך. אתה צריך להיות זהיר בבחירת התוכנה שלך, ולהכין תוכנית גיבוי למקרה שתיתפס. ---8<-- "includes/abbreviations.he.txt" - [^1]: ויקיפדיה: [*מעקבים המונים*](https://en.wikipedia.org/wiki/Mass_surveillance) ו[*מעקבים*](https://en.wikipedia.org/wiki/Surveillance). [^2]: מועצת הפיקוח על הפרטיות וחירויות האזרח של ארצות הברית: [*דיווח על תוכנית רישומי הטלפון שנערכה לפי סעיף 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: ויקיפדיה: [*מעקב קפיטליזם*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/he/basics/email-security.md b/i18n/he/basics/email-security.md index e1fafe69..b3f6f48e 100644 --- a/i18n/he/basics/email-security.md +++ b/i18n/he/basics/email-security.md @@ -1,6 +1,7 @@ --- title: אבטחת אימייל icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- אימייל הוא צורת תקשורת לא מאובטחת כברירת מחדל. אתה יכול לשפר את אבטחת האימייל שלך עם כלים כגון OpenPGP, שמוסיפים הצפנה מקצה לקצה להודעות שלך, אך ל-OpenPGP עדיין יש מספר חסרונות בהשוואה להצפנה ביישומי הודעות אחרים, וחלק מנתוני הדוא"ל לעולם אינם יכולים להיות מוצפנים מטבעם. לאופן עיצוב האימייל. @@ -38,5 +39,3 @@ icon: material/email ### למה מטא נתונים לא יכולים להיות E2EE? מטא נתונים של דואר אלקטרוני חיוניים לפונקציונליות הבסיסית ביותר של דואר אלקטרוני (מהיכן הוא הגיע ולאן הוא צריך ללכת). E2EE לא היה מובנה בפרוטוקולי הדואר האלקטרוני במקור, ובמקום זאת נדרש לתוכנת הרחבה כמו OpenPGP. מכיוון שהודעות OpenPGP עדיין צריכות לעבוד עם ספקי דואר אלקטרוני מסורתיים, הן אינן יכולות להצפין מטה - נתונים של דואר אלקטרוני, אלא רק את גוף ההודעה עצמו. כלומר, גם כאשר משתמשים ב - OpenPGP, משקיפים חיצוניים יכולים לראות מידע רב על ההודעות שלך, כגון את מי אתה שולח בדוא"ל, את קווי הנושא, מתי אתה שולח דוא"ל וכו '. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/basics/multi-factor-authentication.md b/i18n/he/basics/multi-factor-authentication.md index c1cff715..361faaf6 100644 --- a/i18n/he/basics/multi-factor-authentication.md +++ b/i18n/he/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "אימות מרובה גורמים" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **אימות מרובה גורמים** (**MFA**) הוא מנגנון אבטחה הדורש שלבים נוספים מעבר להזנת שם המשתמש (או האימייל) והסיסמה שלך. השיטה הנפוצה ביותר היא קודים מוגבלים בזמן שאתה עשוי לקבל מ-SMS או מאפליקציה. @@ -162,5 +163,3 @@ sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLog ### KeePass (ו-KeePassXC) ניתן לאבטח מסדי נתונים של KeePass ו-KeePassXC באמצעות Challenge-Response או HOTP כאימות גורם שני. Yubico סיפקה מסמך עבור KeePass [שימוש ב-YubiKey עם KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) ויש גם אחד באתר [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa). - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/basics/passwords-overview.md b/i18n/he/basics/passwords-overview.md index eb8f2962..cebaf845 100644 --- a/i18n/he/basics/passwords-overview.md +++ b/i18n/he/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "מבוא לסיסמאות" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- סיסמאות הן חלק חיוני מחיינו הדיגיטליים היומיומיים. אנו משתמשים בהם כדי להגן על החשבונות שלנו, המכשירים והסודות שלנו. למרות היותם לעתים קרובות הדבר היחיד בינינו לבין יריב שרודף אחרי המידע הפרטי שלנו, לא מושקעת בהם הרבה מחשבה, מה שמוביל לרוב לכך שאנשים משתמשים בסיסמאות שניתן לנחש בקלות או להכריח אותן. @@ -108,5 +109,3 @@ icon: 'material/form-textbox-password' ### גיבויים עליך לאחסן גיבוי [מוצפן](../encryption.md) של הסיסמאות שלך במספר התקני אחסון או בספק אחסון בענן. זה יכול לעזור לך לגשת לסיסמאות שלך אם משהו קורה למכשיר הראשי שלך או לשירות שבו אתה משתמש. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/basics/threat-modeling.md b/i18n/he/basics/threat-modeling.md index 28e76b0a..bf0d2e0b 100644 --- a/i18n/he/basics/threat-modeling.md +++ b/i18n/he/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "מודל איומים" icon: 'material/target-account' +description: איזון בין אבטחה, פרטיות ושימושיות היא אחת המשימות הראשונות והקשות שתתמודדו איתם במסע הפרטיות שלכם. --- איזון בין אבטחה, פרטיות ושימושיות היא אחת המשימות הראשונות והקשות שתתמודדו איתם במסע הפרטיות שלכם. הכל הוא פשרה: ככל שמשהו בטוח יותר, כך הוא בדרך כלל מגביל או לא נוח יותר, וכו'. לעתים קרובות, אנשים מגלים שהבעיה בכלים שהם רואים מומלצים היא שפשוט קשה מדי להתחיל להשתמש בהם! @@ -107,5 +108,3 @@ icon: 'material/target-account' ## מקורות - [הגנה עצמית במעקב EFF: תוכנית האבטחה שלך](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/basics/vpn-overview.md b/i18n/he/basics/vpn-overview.md index f05b5921..70a2a932 100644 --- a/i18n/he/basics/vpn-overview.md +++ b/i18n/he/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: סקירה כללית של VPN icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- רשתות וירטואליות פרטיות הן דרך להרחיב את הקצה של הרשת שלך ליציאה למקום אחר בעולם. ספק שירותי אינטרנט יכול לראות את זרימת תעבורת האינטרנט הנכנסת ויוצאת ממכשיר סיום הרשת שלך (כלומר מודם). -פרוטוקולי הצפנה כגון HTTPS נמצאים בשימוש נפוץ באינטרנט, כך שהם אולי לא יוכלו לראות בדיוק את מה שאתה מפרסם או קורא אבל הם יכולים לקבל מושג על [דומיינים שאתה מבקש](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). VPN יכול לעזור מכיוון שהוא יכול להעביר אמון לשרת במקום אחר בעולם. כתוצאה מכך, ספק שירותי האינטרנט רואה רק שאתה מחובר ל-VPN ושום דבר לגבי הפעילות שאתה מעביר אליו. @@ -74,5 +75,3 @@ VPN עדיין עשוי להיות שימושי עבורך במגוון תרחי - [חקירת אפליקציית VPN בחינם](https://www.top10vpn.com/free-vpn-app-investigation/) - [בעלי VPN מוסתרים חשפו: 101 מוצרי VPN המנוהלים על ידי 23 חברות בלבד](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [החברה הסינית הזו עומדת בסתר מאחורי 24 אפליקציות פופולריות שמחפשות הרשאות מסוכנות](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/calendar.md b/i18n/he/calendar.md index c15c423e..f58e7ac1 100644 --- a/i18n/he/calendar.md +++ b/i18n/he/calendar.md @@ -1,6 +1,7 @@ --- title: "סנכרון לוח שנה" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- לוחות שנה מכילים חלק מהנתונים הרגישים ביותר שלך; השתמש במוצרים המיישמים E2EE ב - מנוחה כדי למנוע מספק לקרוא אותם. @@ -67,5 +68,3 @@ icon: material/calendar הקריטריונים הטובים ביותר שלנו מייצגים את מה שהיינו רוצים לראות מהפרויקט המושלם בקטגוריה זו. ייתכן שההמלצות שלנו לא יכללו חלק מהפונקציונליות הזו או את כולה, אך אלו שכן כן עשויות לדרג גבוה יותר מאחרות בדף זה. - צריך להשתלב עם לוח השנה של מערכת ההפעלה המקומית ואפליקציות ניהול אנשי קשר, אם רלוונטי. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/cloud.md b/i18n/he/cloud.md index 8ca94e80..59919806 100644 --- a/i18n/he/cloud.md +++ b/i18n/he/cloud.md @@ -1,6 +1,7 @@ --- title: "אחסון בענן" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- ספקי אחסון ענן רבים דורשים את האמון המלא שלך בכך שהם לא יסתכלו על הקבצים שלך. החלופות המפורטות להלן מבטלות את הצורך באמון על ידי מתן שליטה על הנתונים שלך או על ידי יישום E2EE. @@ -29,7 +30,6 @@ icon: material/file-cloud - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -הלקוחות הניידים של Proton Drive שוחררו בדצמבר 2022 ועדיין אינם קוד פתוח. Proton עיכבה באופן היסטורי את שחרורי קוד המקור שלהם עד לאחר שחרור המוצר הראשוני, [ומתכננת](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) לשחרר את קוד המקור עד סוף 2023. לקוחות שולחן העבודה של Proton Drive עדיין בפיתוח. ## קריטריונים @@ -58,5 +58,3 @@ icon: material/file-cloud - לקוחות אלה צריכים להשתלב עם כלי מערכת הפעלה מקוריים עבור ספקי אחסון בענן, כגון שילוב אפליקציות קבצים ב- iOS, או פונקציונליות DocumentsProvider באנדרואיד. - צריך לתמוך בשיתוף קבצים קל עם משתמשים אחרים. - אמור להציע לפחות תצוגה מקדימה בסיסית של קובץ ופונקציונליות עריכה בממשק האינטרנט. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/cryptocurrency.md b/i18n/he/cryptocurrency.md new file mode 100644 index 00000000..ac9c6abf --- /dev/null +++ b/i18n/he/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: מטבעות קריפטוגרפיים +icon: material/bank-circle +--- + +ביצוע תשלומים אונליין הוא אחד האתגרים הגדולים ביותר לפרטיות. מטבעות קריפטוגרפיים אלו מספקים פרטיות עסקאות כברירת מחדל (דבר ש**לא** מובטח על ידי רוב מטבעות הקריפטו), בתנאי שיש לך הבנה טובה כיצד לבצע תשלומים פרטיים ביעילות. אנו ממליצים בחום שתקרא תחילה את מאמר סקירת התשלומים שלנו לפני ביצוע רכישות כלשהן: + +[ביצוע תשלומים פרטיים :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger "סַכָּנָה" + + רבים אם לא רוב הפרויקטים של מטבעות קריפטוגרפיים הם הונאות. בצע עסקאות בזהירות עם רק פרויקטים שאתה סומך עליהם. + +## Monero + +!!! recommendation + + ![Monero לוגו](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** משתמש בבלוקצ'יין עם טכנולוגיות משפרות פרטיות המטשטשות עסקאות כדי להשיג אנונימיות. כל עסקת Monero מסתירה את סכום העסקה, כתובות שליחה וקבלה, ומקור הכספים ללא שום חישוקים לדלג דרכם, מה שהופך אותה לבחירה אידיאלית עבור טירוני מטבעות קריפטוגרפיים. + + [:octicons-home-16: דף הבית](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=תיעוד} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="קוד מקור" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=לתרומה } + +עם Monero, משקיפים מבחוץ אינם יכולים לפענח כתובות מסחר Monero, סכומי עסקאות, יתרות כתובות או היסטוריית עסקאות. + +לפרטיות מיטבית, הקפד להשתמש בארנק לא משמורן שבו מפתח התצוגה נשאר במכשיר. המשמעות היא שרק לך תהיה את היכולת להוציא את הכספים שלך ולראות עסקאות נכנסות ויוצאות. אם אתה משתמש בארנק משמורן, הספק יכול לראות **כל מה** שאתה עושה; אם אתה משתמש בארנק "קל משקל" שבו הספק שומר על מפתח התצוגה הפרטי שלך, הספק יכול לראות כמעט כל מה שאתה עושה. כמה ארנקים שאינם משמורנים כוללים: + +- [Official Monero client](https://getmonero.org/downloads) (שולחני) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet תומך במספר מטבעות קריפטוגרפיים. גרסת Monero בלבד של Cake Wallet זמינה בכתובת [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (שולחני) +- [Monerujo](https://www.monerujo.io/) (אנדרואיד) + +לפרטיות מקסימלית (אפילו עם ארנק לא משמורן), עליך להפעיל צומת Monero משלך. שימוש בצומת של אדם אחר יחשוף בפניו מידע מסוים, כגון כתובת ה-IP שממנה אתה מתחבר אליו, חותמות הזמן שאתה מסנכרן את הארנק שלך והעסקאות שאתה שולח מהארנק שלך (אם כי אין פרטים נוספים על עסקאות אלו). לחלופין, אתה יכול להתחבר לצומת Monero של מישהו אחר באמצעות Tor או i2p. + +באוגוסט 2021, [הודיעה](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) CipherTrace על יכולות מעקב משופרות של Monero עבור סוכנויות ממשלתיות. פרסומים פומביים מראים כי רשת אכיפת הפשעים הפיננסיים של משרד האוצר האמריקאי העניקה [רישיון](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) ל-"Monero Module" של CipherTrace בסוף 2022. + +פרטיות גרף העסקאות של Monero מוגבלת על ידי חתימות הטבעות הקטנות יחסית שלה, במיוחד נגד התקפות ממוקדות. תכונות הפרטיות של Monero גם [הוטלו בספק](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) על ידי כמה חוקרי אבטחה, ומספר נקודות תורפה חמורות נמצאו ותוקנו בעבר, כך שהטענות שהועלו על ידי ארגונים כמו CipherTrace אינן באות בחשבון. אמנם אין זה סביר שכלי מעקב המוני Monero קיימים כפי שהם קיימים עבור ביטקוין ואחרים, אך בטוח שכלי מעקב מסייעים בחקירות ממוקדות. + +בסופו של דבר, Monero היא המתמודדת החזקה ביותר על מטבע קריפטוגרפי ידידותי לפרטיות, אך טענות הפרטיות שלה **לא** הוכחו באופן סופי כך או כך. נדרשים יותר זמן ומחקר כדי להעריך אם Monero עמיד מספיק בפני התקפות כדי לספק תמיד פרטיות נאותה. + +## קריטריונים + +**שים לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל [הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו סט ברור של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך. + +!!! example "חלק זה הוא חדש" + + אנו עובדים על קביעת קריטריונים מוגדרים לכל קטע באתר שלנו, והדבר עשוי להשתנות. אם יש לך שאלות כלשהן לגבי הקריטריונים שלנו, אנא [שאל בפורום שלנו](https://discuss.privacyguides.net/latest) ואל תניח שלא שקלנו משהו כשהצענו את ההמלצות שלנו אם הוא לא רשום כאן. ישנם גורמים רבים שנחשבים ונדונים כאשר אנו ממליצים על פרויקט, ותיעוד כל אחד מהם הוא עבודה בתהליך. + +- מטבעות קריפטו חייבים לספק עסקאות פרטיות/בלתי ניתנות לאיתור כברירת מחדל. diff --git a/i18n/he/data-redaction.md b/i18n/he/data-redaction.md index 898f59af..95ba9710 100644 --- a/i18n/he/data-redaction.md +++ b/i18n/he/data-redaction.md @@ -1,6 +1,7 @@ --- title: "הפחתת נתונים ומטא נתונים" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- בעת שיתוף קבצים, הקפד להסיר מטא נתונים משויכים. קבצי תמונה כוללים בדרך כלל [נתוני Exif](https://en.wikipedia.org/wiki/Exif). תמונות לפעמים אפילו כוללות קואורדינטות GPS במטא-נתונים של הקובץ. @@ -141,5 +142,3 @@ icon: material/tag-remove - יישומים שפותחו עבור מערכות הפעלה בקוד פתוח חייבים להיות קוד פתוח. - יישומים חייבים להיות חינמיים ולא לכלול מודעות או מגבלות אחרות. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/desktop-browsers.md b/i18n/he/desktop-browsers.md index 8780f32c..6a9d01fd 100644 --- a/i18n/he/desktop-browsers.md +++ b/i18n/he/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "דפדפנים שולחניים" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- אלה הדפדפנים והתצורות המומלצים כרגע לגלישה רגילה/לא אנונימית. אם אתה צריך לגלוש באינטרנט באופן אנונימי, אתה צריך להשתמש [Tor](tor.md) במקום. באופן כללי, אנו ממליצים לשמור על הרחבות הדפדפן שלך למינימום; יש להם גישה מורשית בתוך הדפדפן שלך, דורשים ממך לסמוך על המפתח, יכולים לגרום לך [להתבלט](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), ו[להחליש](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) את בידוד האתר. @@ -257,6 +258,4 @@ Brave כולל כמה אמצעים נגד טביעת אצבע בתכונת [Shie - אסור לשכפל דפדפן מובנה או פונקציונליות מערכת הפעלה. - חייב להשפיע ישירות על פרטיות המשתמש, כלומר לא חייב פשוט לספק מידע. ---8<-- "includes/abbreviations.he.txt" - [^1]: היישום של Brave מפורט ב [עדכוני פרטיות Brave: חלוקת מצב רשת לפרטיות](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/he/desktop.md b/i18n/he/desktop.md index 23db6cc1..4c2781a5 100644 --- a/i18n/he/desktop.md +++ b/i18n/he/desktop.md @@ -1,6 +1,7 @@ --- title: "שולחן עבודה/מחשב אישי" icon: simple/linux +description: הפצות לינוקס מומלצות בדרך כלל להגנה על פרטיות וחופש תוכנה. --- הפצות לינוקס מומלצות בדרך כלל להגנה על פרטיות וחופש תוכנה. אם אינך משתמש עדיין בלינוקס, להלן כמה הפצות שאנו מציעים לנסות, כמו גם כמה טיפים כלליים לשיפור פרטיות ואבטחה החלים על הפצות לינוקס רבות. @@ -180,5 +181,3 @@ Qubes OS היא מערכת הפעלה מבוססת Xen שנועדה לספק א - חייב לתמוך בהצפנה בדיסק מלא במהלך ההתקנה. - אין להקפיא מהדורות רגילות במשך יותר משנה. [איננו ממליצים](os/linux-overview.md#release-cycle) על מהדורות distro "תמיכה לטווח ארוך" או "יציבה" לשימוש בשולחן העבודה. - חייב לתמוך במגוון רחב של חומרה. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/dns.md b/i18n/he/dns.md index 355763f5..f144acdc 100644 --- a/i18n/he/dns.md +++ b/i18n/he/dns.md @@ -1,20 +1,19 @@ --- -title: "פותרי DNS" +title: "ספקי DNS" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "האם להשתמש ב - DNS מוצפן?" +יש להשתמש ב-DNS מוצפן עם שרתי צד שלישי רק כדי לעקוף [חסימת DNS](https://en.wikipedia.org/wiki/DNS_blocking) בסיסית כאשר אתה יכול להיות בטוח שלא יהיו השלכות. DNS מוצפן לא יעזור לך להסתיר את פעילות הגלישה שלך. - יש להשתמש ב-DNS מוצפן עם שרתי צד שלישי רק כדי לעקוף [חסימת DNS](https://en.wikipedia.org/wiki/DNS_blocking) בסיסית כאשר אתה יכול להיות בטוח שלא יהיו לכך השלכות. DNS מוצפן לא יעזור לך להסתיר את פעילות הגלישה שלך. - - [למידע נוסף על DNS](advanced/dns-overview.md){ .md-button } +[למד עוד :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## ספקים מומלצים -| ספקי DNS | מדיניות פרטיות | פרוטוקולים | תיעוד לוגים | ECS | סינון | +| ספקי DNS | מדיניות פרטיות | פרוטוקולים | תיעוד בקשות | ECS | סינון | | ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ | -------------- | ---------- | ------------------------------------------------------------------------------------------------------------------------------- | -| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH
DoT
DNSCrypt | חלק[^1] | לא | מבוסס על בחירת שרת. רשימת סינון בשימוש ניתן למצוא כאן. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | -| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH
DoT | חלק[^2] | לא | מבוסס על בחירת שרת. | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH
DoT
DNSCrypt | חלקי[^1] | לא | מבוסס על בחירת שרת. רשימת סינון בשימוש ניתן למצוא כאן. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH
DoT | חלקי[^2] | לא | מבוסס על בחירת שרת. | | [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH
DoT
DNSCrypt
DoQ
DoH3 | אופציונאלי[^3] | לא | מבוסס על בחירת שרת. | | [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | לא[^4] | לא | מבוסס על בחירת שרת. רשימת סינון בשימוש ניתן למצוא כאן. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | | [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH
DoT | אופציונאלי[^5] | אופציונאלי | מבוסס על בחירת שרת. | @@ -22,7 +21,7 @@ icon: material/dns ## קריטריונים -**שים לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל [הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו סט ברור של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך. +**שים לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל [הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו סט ברור של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בְּספק, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך. !!! example "חלק זה הוא חדש" @@ -31,9 +30,9 @@ icon: material/dns - חייב לתמוך ב [DNSSEC](advanced/dns-overview.md#what-is-dnssec). - [מזעור QNAME](advanced/dns-overview.md#what-is-qname-minimization). - אפשר ל - [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) להיות מנוטרל -- עדיף [Anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) תמיכה או תמיכה היגוי גיאוגרפי +- תעדוף תמיכה ב[Anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) או תמיכה ב"היגוי גיאוגרפי". -## תמיכת מערכת הפעלה מקורית +## תמיכה מובנת במערכת ההפעלה ### אנדרואיד @@ -132,8 +131,6 @@ Apple אינה מספקת ממשק מקורי ליצירת פרופילי DNS מ [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="קוד מקור" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=לתרומה } ---8<-- "includes/abbreviations.he.txt" - [^1]: AdGuard מאחסן מדדי ביצועים מצטברים של שרתי ה-DNS שלהם, כלומר מספר הבקשות המלאות לשרת מסוים, מספר הבקשות החסומות ומהירות עיבוד הבקשות. הם גם שומרים ומאחסנים את מסד הנתונים של הדומיינים שהתבקשו ב-24 השעות האחרונות. "אנחנו צריכים את המידע הזה כדי לזהות ולחסום עוקבים ואיומים חדשים." "אנחנו גם מתעדים כמה פעמים גשש זה או אחר נחסם. אנחנו צריכים את המידע הזה כדי להסיר את הכללים המיושנים מהמסננים שלנו." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare אוספת ומאחסנת רק את נתוני שאילתת ה-DNS המוגבלים שנשלחים לפותר 1.1.1.1. שירות הפותר 1.1.1.1 אינו רושם נתונים אישיים, וחלק הארי של נתוני השאילתות המוגבלים שאינם ניתנים לזיהוי אישי מאוחסן למשך 25 שעות בלבד. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D רק מתעדים עבור פותרי Premium עם פרופילי DNS מותאמים אישית. פותרים חינמיים אינם רושמים נתונים. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/he/email-clients.md b/i18n/he/email-clients.md index 5a63a34d..47efefda 100644 --- a/i18n/he/email-clients.md +++ b/i18n/he/email-clients.md @@ -1,6 +1,7 @@ --- title: "לקוחות אימייל" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- רשימת ההמלצות שלנו מכילה לקוחות אימייל התומכים הן ב[OpenPGP](encryption.md#openpgp) והן באימות חזק כגון [הרשאת פתוחה ](https://en.wikipedia.org/wiki/OAuth)(OAuth). OAuth מאפשר לך להשתמש ב - [אימות רב - גורמי](basics/multi-factor-authentication.md) ולמנוע גניבת חשבון. @@ -235,5 +236,3 @@ Canary Mail הוא קוד סגור. אנו ממליצים על זה בגלל ה - אינו אוסף טלמטריה כברירת מחדל. - צריך לתמוך ב - OpenPGP באופן מקורי, כלומר ללא הרחבות. - יש לתמוך באחסון הודעות דואר אלקטרוני מוצפנות של OpenPGP באופן מקומי. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/email.md b/i18n/he/email.md index e88b2683..34bd2879 100644 --- a/i18n/he/email.md +++ b/i18n/he/email.md @@ -1,6 +1,7 @@ --- title: "שירותי אימייל" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- אימייל הוא למעשה הכרח לשימוש בכל שירות מקוון, אולם איננו ממליצים עליו לשיחות מאדם לאדם. דואר אלקטרוני הוא למעשה הכרח שימוש בכל שירות מקוון, אולם איננו ממליצים עליו לשיחות מאדם לאדם. @@ -9,9 +10,21 @@ icon: material/email לכל השאר, אנו ממליצים על מגוון ספקי דוא"ל המבוססים על מודלים עסקיים ברי קיימא ותכונות אבטחה ופרטיות מובנות. +- [ספקי דוא"ל תואמי OpenPGP :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [ספקים מוצפנים אחרים :material-arrow-right-drop-circle:](#more-providers) +- [שירותי כינוי אימייל :material-arrow-right-drop-circle:](#email-aliasing-services) +- [אפשרויות אירוח עצמי :material-arrow-right-drop-circle:](#self-hosting-email) + ## ספקי דוא"ל מומלצים -ספקים אלה תומכים באופן מקורי בהצפנה/פענוח של OpenPGP, ומאפשרים הודעות דוא"ל E2EE שאינן תלויות בספק. לדוגמה, משתמש Proton Mail יכול לשלוח הודעת E2EE למשתמש Mailbox.org, או שאתה יכול לקבל התראות מוצפנות OpenPGP משירותי אינטרנט התומכים בכך. +ספקים אלה תומכים באופן מקורי בהצפנה/פענוח של OpenPGP ובתקן Web Key Directory (WKD), המאפשרים הודעות אימייל E2EE אגנוסטיות לספקים. לדוגמה, משתמש Proton Mail יכול לשלוח הודעת E2EE למשתמש Mailbox.org, או שאתה יכול לקבל התראות מוצפנות OpenPGP משירותי אינטרנט התומכים בכך. + +
+ +- ![Proton Mail לוגו](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org לוגו](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning "אזהרה" @@ -49,41 +62,41 @@ icon: material/email ל-Proton Mail יש דוחות קריסה פנימיים שהם **לא** חולקים עם צדדים שלישיים. ניתן להשבית אפשרות זו ב: **הגדרות** > **עבור אל הגדרות** > **חשבון** > **אבטחה ופרטיות** > **שלח דוחות קריסה**. -??? success "דומיינים וכינויים מותאמים אישית" +#### :material-check:{ .pg-green } דומיינים וכינויים מותאמים אישית - מנויי Proton Mail בתשלום יכולים להשתמש בדומיין משלהם עם השירות או בכתובת [catch-all](https://proton.me/support/catch-all). Proton Mail תומך גם ב[כתובת משנה](https://proton.me/support/creating-aliases), וזה שימושי לאנשים שלא רוצים לרכוש דומיין. +מנויי Proton Mail בתשלום יכולים להשתמש בדומיין משלהם עם השירות או בכתובת [תפוס-הכל](https://proton.me/support/catch-all). Proton Mail תומך גם ב[כתובת משנה](https://proton.me/support/creating-aliases), שהיא שימושית לאנשים שלא רוצים לרכוש דומיין. -??? success "שיטות תשלום פרטיות" +#### :material-check:{ .pg-green } שיטות תשלום פרטיות - Proton Mail [accepts](https://proton.me/support/payment-options) ביטקוין ומזומן בדואר בנוסף לכרטיסי אשראי/חיוב רגילים ותשלומי PayPal. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "אבטחת חשבון" +#### :material-check:{ .pg-green } אבטחת חשבון - ProtonMail תומך ב - TOTP [אימות דו - שלבי]( https://proton.me/support/two-factor- authentication-2fa) בלבד. השימוש במפתח אבטחה U2F עדיין אינו נתמך. ProtonMail מתכננת ליישם את U2F עם השלמת הקוד [Single Sign On (SSO)]( https://reddit.com/comments/cheoy6/comment/feh2lw0/) שלהם. +Proton Mail תומך באימות TOTP [בשני גורמים בלבד](https://proton.me/support/two-factor-authentication-2fa). השימוש במפתח אבטחה U2F אינו נתמך עדיין. Proton Mail מתכננת ליישם את U2F עם השלמת קוד ה[כניסה יחידה (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) שלהם. -??? success "אבטחת מידע" +#### :material-check:{ .pg-green } אבטחת מידע - ל - Proton Mail יש [הצפנת אפס גישה](https://proton.me/blog/zero-access-encryption) ב - מנוחה עבור המיילים שלך ו - [calendars](https://proton.me/news/protoncalendar-security-model). נתונים המאובטחים באמצעות הצפנת אפס גישה נגישים רק לך. - - מידע מסוים המאוחסן ב-[Proton Contacts](https://proton.me/support/proton-contacts), כגון שמות תצוגה וכתובות דוא"ל, אינו מאובטח באמצעות הצפנת אפס גישה. שדות אנשי קשר התומכים בהצפנת אפס גישה, כגון מספרי טלפון, מסומנים בסמל מנעול. +ל-Proton Mail יש [הצפנה עם אפס-גישה](https://proton.me/blog/zero-access-encryption) במצב מנוחה עבור המיילים ו[היומנים](https://proton.me/news/protoncalendar-security-model) שלך. נתונים המאובטחים באמצעות הצפנת אפס גישה נגישים רק לך. -??? success "הצפנת אימייל" +מידע מסוים המאוחסן ב-[Proton Contacts](https://proton.me/support/proton-contacts), כגון שמות תצוגה וכתובות אימייל, אינו מאובטח בהצפנה ללא גישה. שדות אנשי קשר התומכים בהצפנה ללא גישה, כגון מספרי טלפון, מסומנים בסמל מנעול. - ל-Proton Mail יש [הצפנת OpenPGP משולבת](https://proton.me/support/how-to-use-pgp) בדואר האינטרנט שלהם. אימיילים לחשבונות Proton Mail אחרים מוצפנים באופן אוטומטי, וניתן להפעיל הצפנה לכתובות שאינן פרוטון מייל עם מפתח OpenPGP בקלות בהגדרות החשבון שלך. הם גם מאפשרים לך [להצפין הודעות לכתובות שאינן פרוטון מייל](https://proton.me/support/password-protected-emails) ללא צורך בהרשמה לחשבון Proton Mail או להשתמש בתוכנה כמו OpenPGP. - - Proton Mail תומך גם בגילוי מפתחות ציבוריים באמצעות HTTP מ-[מדריך מפתחות אינטרנט (WKD)](https://wiki.gnupg.org/WKD) שלהם. זה מאפשר לאנשים שאינם משתמשים ב-Proton Mail למצוא בקלות את מפתחות OpenPGP של חשבונות Proton Mail, עבור E2EE חוצה ספקים. +#### :material-check:{ .pg-green } הצפנת אימייל -??? warning "מורשת דיגיטלית" +Proton Mail [שילבה הצפנת OpenPGP](https://proton.me/support/how-to-use-pgp) בדואר האינטרנט שלהם. אימיילים לחשבונות Proton Mail אחרים מוצפנים באופן אוטומטי, וניתן להפעיל הצפנה לכתובות שאינן פרוטון מייל עם מפתח OpenPGP בקלות בהגדרות החשבון שלך. הם גם מאפשרים לך [להצפין הודעות לכתובות שאינן Proton Mail](https://proton.me/support/password-protected-emails) מבלי להזדקק להן להירשם לחשבון Proton Mail או להשתמש בתוכנה כמו OpenPGP. - Proton Mail אינו מציע תכונה מורשת דיגיטלית. +Proton Mail תומך גם בגילוי מפתחות ציבוריים באמצעות HTTP מ[ספריית מפתחות האינטרנט (WKD)](https://wiki.gnupg.org/WKD) שלהם. זה מאפשר לאנשים שאינם משתמשים ב-Proton Mail למצוא בקלות את מפתחות OpenPGP של חשבונות Proton Mail, עבור E2EE חוצה ספקים. -??? info "סיום חשבון" +#### :material-alert-outline:{ .pg-orange } מורשת דיגיטלית - אם יש לך חשבון בתשלום ו[החשבון לא שולם](https://proton.me/support/delinquency) לאחר 14 יום, לא תוכל לגשת לנתונים שלך. לאחר 30 יום, החשבון שלך יהפוך לבלתי פעיל ולא יקבל דואר נכנס. אתה תמשיך להיות מחויב במהלך תקופה זו. +Proton Mail אינו מציע תכונה מורשת דיגיטלית. -??? info "פונקציונליות נוספת" +#### :material-information-outline:{ .pg-blue } סגירת חשבון - Proton Mail מציע חשבון "ללא הגבלה" במחיר של €9.99/חודש, המאפשר גם גישה ל-Proton VPN בנוסף לאספקת מספר חשבונות, דומיינים, כינויים ושטח אחסון של 500GB. +אם יש לך חשבון בתשלום והחשבון שלך [לא שולם](https://proton.me/support/delinquency) לאחר 14 יום, לא תוכל לגשת לנתונים שלך. לאחר 30 יום, החשבון שלך יהפוך לבלתי פעיל ולא יקבל דואר נכנס. אתה תמשיך להיות מחויב במהלך תקופה זו. + +#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת + +Proton Mail מציע חשבון "ללא הגבלה" במחיר של €9.99/חודש, המאפשר גם גישה ל-Proton VPN בנוסף לאספקת מספר חשבונות, דומיינים, כינויים ושטח אחסון של 500GB. ### Mailbox.org @@ -101,43 +114,54 @@ icon: material/email - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "דומיינים וכינויים מותאמים אישית" +#### :material-check:{ .pg-green } דומיינים וכינויים מותאמים אישית - Mailbox.org מאפשר לך להשתמש בתחום משלך, והם תומכים בכתובות [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain). Mailbox.org תומך גם ב-[subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), וזה שימושי אם אינך רוצה לרכוש דומיין. +Mailbox.org מאפשר לך להשתמש בדומיין משלך, והם תומכים בכתובות [תפוס כל](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain). Mailbox.org תומך גם [בכתובת משנה](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), וזה שימושי אם אינך רוצה לרכוש דומיין. -??? info "שיטות תשלום פרטיות" +#### :material-check:{ .pg-green } שיטות תשלום פרטיות - Mailbox.org אינה מקבלת ביטקוין או כל מטבע קריפטוגרפי אחר כתוצאה מכך שמעבד התשלומים שלהם BitPay משעה את פעילותו בגרמניה. עם זאת, הם מקבלים מזומן בדואר, תשלום במזומן לחשבון בנק, העברה בנקאית, כרטיס אשראי, PayPal וכמה מעבדים ספציפיים לגרמנית: paydirekt ו- Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. עם זאת, הם מקבלים מזומן בדואר, תשלום במזומן לחשבון בנק, העברה בנקאית, כרטיס אשראי, PayPal ועוד כמה מעבדים ספציפיים לגרמניה: paydirekt ו-Sofortüberweisung. -??? success "אבטחת חשבון" +#### :material-check:{ .pg-green } אבטחת חשבון - Mailbox.org תומך ב-[אימות דו-שלבי](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) עבור דואר האינטרנט שלהם בלבד. אתה יכול להשתמש ב-TOTP או ב [Yubikey](https://en.wikipedia.org/wiki/YubiKey) דרך [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). תקני אינטרנט כגון [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) עדיין אינם נתמכים. +Mailbox.org תומך ב[אימות דו-שלבי](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) עבור דואר האינטרנט שלהם בלבד. אתה יכול להשתמש ב-TOTP או ב-[Yubikey](https://en.wikipedia.org/wiki/YubiKey) דרך [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). תקני אינטרנט כגון [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) אינם נתמכים עדיין. -??? info "אבטחת מידע" +#### :material-information-outline:{ .pg-blue } אבטחת מידע - Mailbox.org מאפשר הצפנה של דואר נכנס באמצעות [תיבת הדואר המוצפנת](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox) שלהם. הודעות חדשות שתקבל יוצפנו באופן מיידי באמצעות המפתח הציבורי שלך. - - עם זאת, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), פלטפורמת התוכנה המשמשת Mailbox.org, [אינה תומכת](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) בהצפנה של פנקס הכתובות ולוח השנה שלך. [אפשרות עצמאית](calendar.md) עשויה להתאים יותר למידע זה. +Mailbox.org מאפשר הצפנה של דואר נכנס באמצעות [תיבת הדואר המוצפנת](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox) שלהם. הודעות חדשות שתקבל יוצפנו באופן מיידי באמצעות המפתח הציבורי שלך. -??? success "הצפנת אימייל" +עם זאת, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), פלטפורמת התוכנה המשמשת את Mailbox.org, [אינה תומכת](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) בהצפנה של פנקס הכתובות והלוח שנה שלך. [אפשרות עצמאית](calendar.md) עשויה להתאים יותר למידע זה. - יש Mailbox.org [הצפנה משולבת](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard)בדואר האינטרנט שלהם, מה שמפשט את שליחת ההודעות לאנשים עם מפתחות OpenPGP ציבוריים. הם גם מאפשרים [לנמענים מרוחקים לפענח דוא"ל](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) בשרתים של Mailbox.org. תכונה זו שימושית כאשר לנמען המרוחק אין OpenPGP ואין באפשרותו לפענח עותק של הדואר האלקטרוני בתיבת הדואר שלו. - - Mailbox.org תומך גם בגילוי מפתחות ציבוריים באמצעות HTTP מספריית [מפתח האינטרנט (WKD)](https://wiki.gnupg.org/WKD). זה מאפשר לאנשים מחוץ Mailbox.org למצוא את מפתחות OpenPGP של חשבונות Mailbox.org בקלות, עבור E2EE חוצה ספקים. +#### :material-check:{ .pg-green } הצפנת אימייל -??? success "מורשת דיגיטלית" +ל-Mailbox.org יש [הצפנה משולבת](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) בדואר האינטרנט שלהם, מה שמקל על שליחת הודעות לאנשים עם מפתחות OpenPGP ציבוריים. הם גם מאפשרים [לנמענים מרוחקים לפענח אימייל בשרתים](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) של Mailbox.org. תכונה זו שימושית כאשר לנמען המרוחק אין OpenPGP ואין באפשרותו לפענח עותק של הדואר האלקטרוני בתיבת הדואר שלו. - Mailbox.org כולל תכונת מורשת דיגיטלית לכל התוכניות. אתה יכול לבחור אם אתה רוצה שכל הנתונים שלך יועברו ליורשים בתנאי שהם חלים ומספקים את הצוואה שלך. לחלופין, ניתן למנות אדם לפי שם וכתובת. +Mailbox.org תומך גם בגילוי מפתחות ציבוריים באמצעות HTTP מ-[Web Key Directory (WKD)](https://wiki.gnupg.org/WKD) שלהם. זה מאפשר לאנשים מחוץ Mailbox.org למצוא את מפתחות OpenPGP של חשבונות Mailbox.org בקלות, עבור E2EE חוצה ספקים. -??? info "סיום חשבון" +#### :material-check:{ .pg-green } מורשת דיגיטלית - החשבון שלך יוגדר לחשבון משתמש מוגבל כאשר החוזה שלך יסתיים, לאחר [30 יום הוא יימחק באופן בלתי הפיך](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org כולל תכונת מורשת דיגיטלית לכל התוכניות. אתה יכול לבחור אם אתה רוצה שכל הנתונים שלך יועברו ליורשים בתנאי שהם חלים ומספקים את הצוואה שלך. לחלופין, ניתן למנות אדם לפי שם וכתובת. -??? info "פונקציונליות נוספת" +#### :material-information-outline:{ .pg-blue } סגירת חשבון - אתה יכול לגשת לחשבון Mailbox.org שלך באמצעות IMAP / SMTP באמצעות[.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). עם זאת, לא ניתן לגשת לממשק דואר האינטרנט שלהם באמצעות שירות.onion שלהם ואתה עלול להיתקל בשגיאות אישור TLS. - - כל החשבונות מגיעים עם שטח אחסון מוגבל בענן ש[ניתן להצפין](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org מציע גם את הכינוי [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), אשר אוכף את הצפנת TLS על החיבור בין שרתי דואר, אחרת ההודעה לא תישלח כלל. Mailbox.org תומך גם ב-[Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) בנוסף לפרוטוקולי גישה סטנדרטיים כגון IMAP ו-POP3. +החשבון שלך יוגדר לחשבון משתמש מוגבל כאשר החוזה שלך יסתיים, לאחר [30 יום הוא יימחק באופן בלתי הפיך](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת + +אתה יכול לגשת לחשבון Mailbox.org שלך דרך IMAP/SMTP באמצעות [שירות.onion](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org) שלהם. עם זאת, לא ניתן לגשת לממשק דואר האינטרנט שלהם באמצעות שירות.onion שלהם ואתה עלול להיתקל בשגיאות אישור TLS. + +כל החשבונות מגיעים עם אחסון ענן מוגבל ש[ניתן להצפנה](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org מציעה גם את הכינוי [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), אשר אוכף את הצפנת TLS על החיבור בין שרתי דואר, אחרת ההודעה לא תישלח כלל. Mailbox.org תומך גם ב-[Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) בנוסף לפרוטוקולי גישה סטנדרטיים כמו IMAP ו-POP3. + +## עוד ספקים + +ספקים אלה מאחסנים את המיילים שלך עם הצפנת אפס ידע, מה שהופך אותם לאפשרויות נהדרות לשמירה על אבטחת המיילים המאוחסנים שלך. עם זאת, הם אינם תומכים בתקני הצפנה הניתנים להפעלה הדדית עבור תקשורת E2EE בין ספקים. + +
+ +- ![StartMail לוגו](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail לוגו](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota לוגו](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ icon: material/email - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "דומיינים וכינויים מותאמים אישית" +#### :material-check:{ .pg-green } דומיינים וכינויים מותאמים אישית - חשבונות אישיים יכולים להשתמש בכינויים [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases). [דומיינים מותאמים אישית](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) זמינים גם כן. +חשבונות אישיים יכולים להשתמש ב[כינויים מותאמים אישית או מהירים](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases). [דומיינים מותאמים אישית](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) זמינים גם כן. -??? warning "שיטות תשלום פרטיות" +#### :material-alert-outline:{ .pg-orange } שיטות תשלום פרטיות - StartMail מקבלת ויזה, מאסטרקארד, אמריקן אקספרס ו - Paypal. ל - StartMail יש גם [אפשרויות תשלום] אחרות (https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) כגון Bitcoin (כרגע רק עבור חשבונות אישיים) ו - SEPA Direct Debit עבור חשבונות ישנים יותר משנה. +StartMail מקבלת ויזה, מאסטרקארד, אמריקן אקספרס ו - Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "אבטחת חשבון" +#### :material-check:{ .pg-green } אבטחת חשבון - StartMail תומך באימות דו-גורמי TOTP [עבור דואר אינטרנט בלבד](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). הם אינם מאפשרים אימות מפתח אבטחה U2F. +StartMail תומך באימות TOTP בשני גורמים עבור [דואר אינטרנט](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA) בלבד. הם אינם מאפשרים אימות מפתח אבטחה U2F. -??? info "אבטחת מידע" +#### :material-information-outline:{ .pg-blue } אבטחת מידע - ל - StartMail יש [הצפנת אפס גישה במנוחה](https://www.startmail.com/en/whitepaper/#_Toc458527835), באמצעות מערכת "כספת המשתמש" שלהם. כאשר אתה נכנס, הכספת נפתחת, ולאחר מכן הדואר האלקטרוני מועבר לכספת מחוץ לתור, שם הוא מפוענח על-ידי המפתח הפרטי המתאים. - - StartMail תומך בייבוא [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) עם זאת, הם נגישים רק בדואר האינטרנט ולא באמצעות פרוטוקולים כגון [CalDAV](https://en.wikipedia.org/wiki/CalDAV). אנשי קשר גם אינם מאוחסנים באמצעות הצפנת אפס ידע, כך ש[אפשרות עצמאית](calendar.md) עשויה להיות מתאימה יותר. +ל-StartMail יש [הצפנת גישה אפסית במצב מנוחה](https://www.startmail.com/en/whitepaper/#_Toc458527835), באמצעות מערכת "כספת המשתמש" שלהם. כאשר אתה נכנס, הכספת נפתחת, ולאחר מכן הדואר האלקטרוני מועבר לכספת מחוץ לתור, שם הוא מפוענח על-ידי המפתח הפרטי המתאים. -??? success "הצפנת אימייל" +StartMail תומך בייבוא [אנשי קשר](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) עם זאת, הם נגישים רק בדואר האינטרנט ולא באמצעות פרוטוקולים כגון [CalDAV](https://en.wikipedia.org/wiki/CalDAV). אנשי קשר גם אינם מאוחסנים באמצעות הצפנת ידע אפס. - ל-StartMail יש [הצפנה משולבת](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) בדואר האינטרנט שלהם, מה שמפשט את שליחת הודעות מוצפנות עם מפתחות OpenPGP ציבוריים. +#### :material-check:{ .pg-green } הצפנת אימייל -??? warning "מורשת דיגיטלית" +ל-StartMail [הצפנה משולבת](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) בדואר האינטרנט שלהם, מה שמקל על שליחת הודעות מוצפנות עם מפתחות OpenPGP ציבוריים. עם זאת, הם אינם תומכים בתקן Web Key Directory, מה שהופך את גילוי המפתח הציבורי של תיבת דואר של Startmail למאתגר יותר עבור ספקי אימייל או לקוחות אחרים. - StartMail אינו מציע תכונה דיגיטלית מדור קודם. +#### :material-alert-outline:{ .pg-orange } מורשת דיגיטלית -??? info "סיום חשבון" +StartMail אינו מציע תכונה דיגיטלית מדור קודם. - עם פקיעת תוקף החשבון, StartMail ימחק את חשבונך לצמיתות לאחר [6 חודשים בשלושה שלבים](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } סגירת חשבון -??? info "פונקציונליות נוספת" +עם פקיעת החשבון, StartMail תמחק לצמיתות את חשבונך לאחר [ 6 חודשים בשלושה שלבים](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail מאפשר פרוקסי של תמונות בתוך הודעות דוא"ל. אם תאפשרו את טעינת התמונה המרוחקת, השולח לא יידע מהי כתובת ה-IP שלכם. +#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת -## עוד ספקים - -ספקים אלה מאחסנים את המיילים שלך עם הצפנת אפס ידע, מה שהופך אותם לאפשרויות נהדרות לשמירה על אבטחת המיילים המאוחסנים שלך. עם זאת, הם אינם תומכים בתקני הצפנה הניתנים להפעלה הדדית עבור תקשורת E2EE בין ספקים. +StartMail מאפשר פרוקסי של תמונות בתוך הודעות דוא"ל. אם תאפשרו את טעינת התמונה המרוחקת, השולח לא יידע מהי כתובת ה-IP שלכם. ### Tutanota @@ -220,44 +240,51 @@ icon: material/email Tutanota אינה משתמשת בפרוטוקול [IMAP](https://tutanota.com/faq/#imap) או בשימוש של [לקוחות דואר אלקטרוני של צד שלישי](email-clients.md), וגם לא תוכל להוסיף [חשבונות דואר אלקטרוני חיצוניים](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) לאפליקציית Tutanota. לא [ייבוא דוא"ל](https://github.com/tutao/tutanota/issues/630) או [תיקיות משנה](https://github.com/tutao/tutanota/issues/927) נתמכים כעת, אם כי זה [בשל להיות שונה](https://tutanota.com/blog/posts/kickoff-import). הודעות דוא"ל ניתן לייצא [בנפרד או על ידי בחירה בכמות גדולה](https://tutanota.com/howto#generalMail) לכל תיקייה, דבר שעלול להיות לא נוח אם יש לך תיקיות רבות. -??? success "דומיינים וכינויים מותאמים אישית" +#### :material-check:{ .pg-green } דומיינים וכינויים מותאמים אישית - חשבונות Tutanota בתשלום יכולים להשתמש עד 5 [aliases](https://tutanota.com/faq#alias) ו [דומיינים מותאמים אישית](https://tutanota.com/faq#custom-domain). Tutanota אינה מאפשרת [כתובות משנה (בתוספת כתובות)](https://tutanota.com/faq#plus), אך באפשרותך להשתמש ב-[catch-all](https://tutanota.com/howto#settings-global) עם דומיין מותאם אישית. +חשבונות Tutanota בתשלום יכולים להשתמש בעד 5 [כינויים](https://tutanota.com/faq#alias) ו[דומיינים מותאמים אישית](https://tutanota.com/faq#custom-domain). Tutanota אינה מאפשרת [כתובת משנה (בתוספת כתובות)](https://tutanota.com/faq#plus), אבל אתה יכול להשתמש ב[תפוס הכל](https://tutanota.com/howto#settings-global) עם דומיין מותאם אישית. -??? warning "שיטות תשלום פרטיות" +#### :material-information-outline:{ .pg-blue } שיטות תשלום פרטיות - Tutanota מקבלת רק כרטיסי אשראי PayPal ישירות, אולם ניתן להשתמש בביטקוין ובמונרו לרכישת כרטיסי מתנה באמצעות [partnership](https://tutanota.com/faq/#cryptocurrency) שלהם עם Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "אבטחת חשבון" +#### :material-check:{ .pg-green } אבטחת חשבון - Tutanota תומך ב[אימות דו-גורמי](https://tutanota.com/faq#2fa) עם TOTP או U2F. +Tutanota תומך ב[אימות דו-שלבי](https://tutanota.com/faq#2fa) עם TOTP או U2F. -??? success "אבטחת מידע" +#### :material-check:{ .pg-green } אבטחת מידע - ל-Tutanota יש [הצפנת אפס גישה במנוחה](https://tutanota.com/faq#what-encrypted) עבור הודעות הדוא"ל שלך, [אנשי קשר מפנקס הכתובות](https://tutanota.com/faq#encrypted-address-book), ו [calendars](https://tutanota.com/faq#calendar). משמעות הדבר היא שההודעות ונתונים אחרים המאוחסנים בחשבונך ניתנים לקריאה רק על ידך. +ל-Tutanota יש [הצפנת גישה אפס בזמן מנוחה](https://tutanota.com/faq#what-encrypted) עבור המיילים, [אנשי הקשר בפנקס](https://tutanota.com/faq#encrypted-address-book) הכתובות ו[היומנים](https://tutanota.com/faq#calendar) שלך. משמעות הדבר היא שההודעות ונתונים אחרים המאוחסנים בחשבונך ניתנים לקריאה רק על ידך. -??? warning "הצפנת אימייל" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [אינו משתמש ב- OpenPGP](https://www.tutanota.com/faq/#pgp). חשבונות Tutanota יכולים לקבל הודעות דוא"ל מוצפנות מחשבונות דוא"ל שאינם Tutanota רק כאשר הם נשלחים באמצעות [תיבת דואר זמנית של Tutanota](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [אינו משתמש ב-OpenPGP](https://www.tutanota.com/faq/#pgp). חשבונות Tutanota יכולים לקבל אימיילים מוצפנים רק מחשבונות אימייל שאינם של Tutanota כאשר הם נשלחים דרך [תיבת דואר זמנית של Tutanota](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "מורשת דיגיטלית" +#### :material-alert-outline:{ .pg-orange } מורשת דיגיטלית - Tutanota לא מציעה פיצ'ר מורשת דיגיטלית. +Tutanota לא מציעה פיצ'ר מורשת דיגיטלית. -??? info "סיום חשבון" +#### :material-information-outline:{ .pg-blue } סגירת חשבון - Tutanota [מחק חשבונות לא פעילים בחינם](https://tutanota.com/faq#inactive-accounts) לאחר שישה חודשים. אם ברצונך לשלם, באפשרותך להשתמש שוב בחשבון חינמי שהושבת. +Tutanota [ימחק חשבונות בחינם לא פעילים](https://tutanota.com/faq#inactive-accounts) לאחר שישה חודשים. אם ברצונך לשלם, באפשרותך להשתמש שוב בחשבון חינמי שהושבת. -??? info "פונקציונליות נוספת" +#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת - Tutanota מציעה את הגרסה העסקית של [Tutanota לארגונים ללא כוונת רווח](https://tutanota.com/blog/posts/secure-email-for-non-profit) בחינם או בהנחה כבדה. - - ל-Tutanota יש גם פיצ'ר עסקי שנקרא [חיבור מאובטח](https://tutanota.com/secure-connect/). זה מבטיח שיצירת קשר עם הלקוח לעסק משתמשת ב- E2EE. התכונה עולה 240 אירו לשנה. +Tutanota מציעה את הגרסה העסקית של [Tutanota לארגונים ללא מטרות רווח](https://tutanota.com/blog/posts/secure-email-for-non-profit) בחינם או בהנחה כבדה. + +ל-Tutanota יש גם תכונה עסקית בשם [חיבור מאובטח](https://tutanota.com/secure-connect/). זה מבטיח שיצירת קשר עם הלקוח לעסק משתמשת ב- E2EE. התכונה עולה 240 אירו לשנה. ## שירותי כינוי דוא"ל שירות כינוי דוא"ל מאפשר לך ליצור בקלות כתובת דוא"ל חדשה עבור כל אתר שאתה נרשם אליו. כינויי הדואר האלקטרוני שאתה יוצר מועברים לאחר מכן לכתובת דוא"ל שתבחר, תוך הסתרת כתובת הדוא"ל "הראשית" שלך וגם זהות ספק הדוא"ל שלך. כינוי דוא"ל אמיתי טוב יותר מאשר כתובת פלוס הנפוצה בשימוש ונתמך על ידי ספקים רבים, מה שמאפשר לך ליצור כינויים כמו yourname+[anythinghere]@example.com, מכיוון שאתרים, מפרסמים ורשתות מעקב יכולים להסיר כל דבר לאחר סימן + כדי לדעת את כתובת הדוא"ל האמיתית שלך. +
+ +- ![AnonAddy לוגו](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy לוגו](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin לוגו](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ כינוי דוא"ל יכול לשמש כהגנה למקרה שספק הדוא"ל שלך יפסיק לפעול. בתרחיש זה, באפשרותך לנתב מחדש בקלות את הכינויים שלך לכתובת דואר אלקטרוני חדשה. עם זאת, אתה נותן אמון בשירות הכינוי כדי להמשיך לתפקד. שימוש בשירות ייעודי של כינוי דואר אלקטרוני יש גם מספר יתרונות על פני כינוי 'לתפוס-הכל' על תחום מותאם אישית: @@ -411,7 +438,7 @@ SimpleLogin [נרכשה על ידי Proton AG](https://proton.me/news/proton-and **המקרה הטוב ביותר:** -- מקבל ביטקוין, מזומן וצורות אחרות של מטבעות קריפטוגרפיים ו/או אפשרויות תשלום אנונימיות (כרטיסי מתנה וכו') +- מקבל [אפשרויות תשלום אנונימיות](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), מזומן, כרטיסי מתנה וכו') ### אבטחה @@ -428,7 +455,7 @@ SimpleLogin [נרכשה על ידי Proton AG](https://proton.me/news/proton-and - בתוקף [רשומות DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities). - בתוקף [רשומות SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) ו - [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail). - שיהיה לך מתאים [DMARC](https://en.wikipedia.org/wiki/DMARC) עבר ומדיניות או שימוש ב [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) לאימות. אם נעשה שימוש באימות DMARC, יש להגדיר את המדיניות ל- `דוחה` או `הסגר`. -- העדפת חבילת שרתים של TLS 1.2 ואילך ותוכנית עבור [הוצאה משימוש של TLSv1.0 ו- TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- העדפת חבילת שרת של TLS 1.2 ואילך ותוכנית עבור [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [שליחת SMTPS](https://en.wikipedia.org/wiki/SMTPS), בהנחה שנעשה שימוש ב - SMTP. - תקני אבטחת אתר אינטרנט כגון: - [אבטחת תעבורה קפדנית של HTTP](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ SimpleLogin [נרכשה על ידי Proton AG](https://proton.me/news/proton-and - תוכניות לחיפוש באגים ו/או תהליך גילוי - פגיעות מתואם. - תקני אבטחת אתר אינטרנט כגון: - [מדיניות אבטחת תוכן (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [‎ Expect - CT ‎](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### אמון @@ -481,5 +508,3 @@ SimpleLogin [נרכשה על ידי Proton AG](https://proton.me/news/proton-and ### פונקציונליות נוספת אמנם לא דרישות קפדניות, יש כמה גורמי נוחות או פרטיות אחרים שבדקנו בעת קביעת אילו ספקים להמליץ. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/encryption.md b/i18n/he/encryption.md index a015024c..a52b22de 100644 --- a/i18n/he/encryption.md +++ b/i18n/he/encryption.md @@ -1,6 +1,7 @@ --- title: "תוכנת הצפנה" icon: material/file-lock +description: הצפנה של נתונים היא הדרך היחידה לשלוט מי יכול לגשת אליו. These tools allow you to encrypt your emails and any other files. --- הצפנה של נתונים היא הדרך היחידה לשלוט מי יכול לגשת אליו. אם אינך משתמש כעת בתוכנת הצפנה עבור הדיסק הקשיח, הודעות הדוא"ל או הקבצים שלך, עליך לבחור אפשרות כאן. @@ -354,5 +355,3 @@ BitLocker [ נתמך רק](https://support.microsoft.com/en-us/windows/turn-on-d - אפליקציות הצפנה של מערכת הפעלה (FDE) צריכות להשתמש באבטחת חומרה כגון TPM או Secure Enclave. - אפליקציות להצפנת קבצים צריכות לקבל תמיכה של צד ראשון או שלישי עבור פלטפורמות ניידות. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/file-sharing.md b/i18n/he/file-sharing.md index 52961865..3e669472 100644 --- a/i18n/he/file-sharing.md +++ b/i18n/he/file-sharing.md @@ -1,6 +1,7 @@ --- title: "שיתוף וסנכרון קבצים" icon: material/share-variant +description: גלה כיצד לשתף את הקבצים שלך באופן פרטי בין המכשירים שלך, עם החברים והמשפחה שלך, או באופן אנונימי באינטרנט. --- גלה כיצד לשתף את הקבצים שלך באופן פרטי בין המכשירים שלך, עם החברים והמשפחה שלך, או באופן אנונימי באינטרנט. @@ -144,5 +145,3 @@ ffsend upload -- host https://send.vis.ee/ FILE - יש לו לקוחות ניידים עבור iOS ואנדרואיד, שלפחות תומכים בתצוגה מקדימה של מסמכים. - תומך בגיבוי תמונות מ-iOS ואנדרואיד, ותומך באופן אופציונלי בסנכרון קבצים/תיקיות באנדרואיד. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/financial-services.md b/i18n/he/financial-services.md new file mode 100644 index 00000000..f000896e --- /dev/null +++ b/i18n/he/financial-services.md @@ -0,0 +1,94 @@ +--- +title: שירותים פיננסיים +icon: material/bank +--- + +ביצוע תשלומים אונליין הוא אחד האתגרים הגדולים ביותר לפרטיות. שירותים אלה יכולים לסייע לך בהגנה על פרטיותך מפני סוחרים ועוקבים אחרים, בתנאי שיש לך הבנה טובה כיצד לבצע תשלומים פרטיים ביעילות. אנו ממליצים בחום שתקרא תחילה את מאמר סקירת התשלומים שלנו לפני ביצוע רכישות כלשהן: + +[ביצוע תשלומים פרטיים :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## שירותי מיסוך תשלומים + +ישנם מספר שירותים המספקים "כרטיסי חיוב וירטואליים" שבהם אתה יכול להשתמש עם סוחרים מקוונים מבלי לחשוף את פרטי הבנק או החיוב בפועל שלך ברוב המקרים. חשוב לציין ששירותים פיננסיים אלו הם **אינם** אנונימיים וכפופים לחוקי "הכר את הלקוח שלך" (KYC) ועשויים לדרוש את תעודת הזהות שלך או מידע מזהה אחר. שירותים אלה שימושיים בעיקר להגנה עליך מפני הפרות נתונים של סוחרים, מעקב פחות מתוחכם או מתאם רכישה על ידי סוכנויות שיווק וגניבת נתונים מקוונים; ו**לא** לביצוע רכישה באופן אנונימי לחלוטין. + +!!! tip "בדוק את הבנק הנוכחי שלך" + + בנקים וספקי כרטיסי אשראי רבים מציעים פונקציונליות מקורית של כרטיסים וירטואליים. אם אתה משתמש באחד שכבר מספק את האפשרות הזו, עליך להשתמש בו על פני ההמלצות הבאות ברוב המקרים. כך אינך סומך על מספר צדדים עם המידע האישי שלך. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com לוגו](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com לוגו](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + התוכנית החינמית של **Privacy.com** מאפשרת לך ליצור עד 12 כרטיסים וירטואליים בחודש, להגדיר מגבלות הוצאות על כרטיסים אלה ולכבות כרטיסים באופן מיידי. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: דף הבית](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="מדיניות פרטיות" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=תיעוד} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (ארה"ב, בתשלום) + +!!! recommendation + + ![MySudo לוגו](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo לוגו](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** מספקת עד 9 כרטיסים וירטואליים בהתאם לתוכנית שתרכשו. התוכניות בתשלום שלהם כוללות בנוסף פונקציונליות שעשויה להיות שימושית לביצוע רכישות באופן פרטי, כגון מספרי טלפון וירטואליים וכתובות אימייל, אם כי בדרך כלל אנו ממליצים על [ספקי כינוי אימייל](email.md) אחרים לשימוש נרחב בכינויי אימייל. + + [:octicons-home-16: דף הבית](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="מדיניות פרטיות" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=תיעוד} + +### קריטריונים + +**שים לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל [הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו סט ברור של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך. + +!!! example "חלק זה הוא חדש" + + אנו עובדים על קביעת קריטריונים מוגדרים לכל קטע באתר שלנו, והדבר עשוי להשתנות. אם יש לך שאלות כלשהן לגבי הקריטריונים שלנו, אנא [שאל בפורום שלנו](https://discuss.privacyguides.net/latest) ואל תניח שלא שקלנו משהו כשהצענו את ההמלצות שלנו אם הוא לא רשום כאן. ישנם גורמים רבים שנחשבים ונדונים כאשר אנו ממליצים על פרויקט, ותיעוד כל אחד מהם הוא עבודה בתהליך. + +- מאפשר יצירת כרטיסים מרובים שמתפקדים כמגן בין הסוחר לבין הכספים האישיים שלך. +- אסור שהכרטיסים ידרשו ממך לספק פרטי כתובת מדויקת לחיוב למוכר. + +## שווקים של כרטיסי מתנה + +שירותים אלו מאפשרים לך לרכוש כרטיסי מתנה עבור מגוון סוחרים באינטרנט באמצעות [מטבע קריפטוגרפי](cryptocurrency.md). חלק מהשירותים הללו מציעים אפשרויות אימות מזהה עבור מגבלות גבוהות יותר, אך הם גם מאפשרים חשבונות עם כתובת אימייל בלבד. מגבלות בסיסיות מתחילות בדרך כלל מ-$5,000-10,000 ליום עבור חשבונות בסיסיים, ומגבלות גבוהות משמעותית עבור חשבונות מאומתים מזהים (אם מוצעים). + +### Cake Pay + +!!! recommendation + + ![CakePay לוגו](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** מאפשרת לכם לרכוש כרטיסי מתנה ומוצרים נלווים עם מונרו. רכישות עבור סוחרים בארה"ב זמינות באפליקציית Cake Wallet לנייד, בעוד שאפליקציית האינטרנט Cake Pay כוללת מבחר רחב של סוחרים גלובליים. + + [:octicons-home-16: דף הבית](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="מדיניות פרטיות" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=תיעוד} + +### CoinCards + +!!! recommendation + + ![CakePay לוגו](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (זמין בארה"ב, קנדה ובריטניה) מאפשר לך לרכוש כרטיסי מתנה עבור מגוון גדול של סוחרים. + + [:octicons-home-16: דף הבית](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="מדיניות פרטיות" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=תיעוד} + +### קריטריונים + +**שים לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל [הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו סט ברור של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך. + +!!! example "חלק זה הוא חדש" + + אנו עובדים על קביעת קריטריונים מוגדרים לכל קטע באתר שלנו, והדבר עשוי להשתנות. אם יש לך שאלות כלשהן לגבי הקריטריונים שלנו, אנא [שאל בפורום שלנו](https://discuss.privacyguides.net/latest) ואל תניח שלא שקלנו משהו כשהצענו את ההמלצות שלנו אם הוא לא רשום כאן. ישנם גורמים רבים שנחשבים ונדונים כאשר אנו ממליצים על פרויקט, ותיעוד כל אחד מהם הוא עבודה בתהליך. + +- מקבל תשלום ב[מטבע קריפטוגרפי מומלץ](cryptocurrency.md). +- אין צורך בתעודת זהות. diff --git a/i18n/he/frontends.md b/i18n/he/frontends.md index ab9c0186..ceec0212 100644 --- a/i18n/he/frontends.md +++ b/i18n/he/frontends.md @@ -1,6 +1,7 @@ --- title: "חזיתות" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- לפעמים שירותים ינסו לאלץ אותך להירשם לחשבון על ידי חסימת גישה לתוכן עם חלונות קופצים מעצבנים. הם יכולים להישבר גם ללא הפעלת JavaScript. חזיתות אלה יכולות לאפשר לך לעקוף את ההגבלות הללו. @@ -264,5 +265,3 @@ icon: material/flip-to-front אנו מתייחסים רק לחזיתות עבור אתרים שהם... - לא נגיש בדרך כלל ללא JavaScript. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/index.md b/i18n/he/index.md index 8f4be845..c95f9f5f 100644 --- a/i18n/he/index.md +++ b/i18n/he/index.md @@ -11,25 +11,25 @@ hide: ##### “אין לי מה להסתיר. למה שאדאג לפרטיות שלי?" -בדומה לזכות לנישואים בין-גזעיים, זכות בחירה לאישה, חופש הביטוי ורבים אחרים, זכותנו לפרטיות לא תמיד נשמרה. בכמה דיקטטורות, זה עדיין לא. דורות לפנינו נלחמו על זכותנו לפרטיות. ==פרטיות היא זכות אדם, הטבועה בכולנו,== שמגיעה לנו (ללא אפליה). +בדומה לזכות לנישואים בין-גזעיים, זכות בחירה לאישה, חופש הביטוי ורבים אחרים, זכותנו לפרטיות לא תמיד נשמרה. בכמה דיקטטורות, היא עדיין לא. דורות לפנינו נלחמו על זכותנו לפרטיות. ==פרטיות היא זכות אדם, הטבועה בכולנו,== שמגיעה לנו (ללא אפליה). -אתה לא צריך לבלבל פרטיות עם סודיות. אנחנו יודעים מה קורה בשירותים, אבל אתה עדיין סוגר את הדלת. זה בגלל שאתה רוצה פרטיות, לא סודיות. **לכל** אחד יש על מה להגן. פרטיות היא משהו שהופך אותנו לאנושיים. +אין לבלבל בין פרטיות לסודיות. אנחנו יודעים מה קורה בשירותים, אבל עדיין סוגרים את הדלת. זה בגלל שאתה רוצה פרטיות, לא סודיות. **לכל** אחד יש על מה להגן. פרטיות היא משהו שהופך אותנו לאנושיים. [:material-target-account: איומים נפוצים באינטרנט](basics/common-threats.md ""){.md-button.md-button--primary} -## מה עליי לעשות? +## מה אני צריך לעשות? -##### ראשית, אתה צריך להכין תוכנית +##### ראשית, עליך להכין תוכנית -ניסיון להגן על כל הנתונים שלך מפני כולם כל הזמן הוא לא מעשי, יקר ומתיש. אבל אל תדאג! אבטחה היא תהליך, ועל ידי חשיבה קדימה, אתה יכול להרכיב תוכנית שמתאימה לך. אבטחה אינה עוסקת רק בכלים שבהם אתה משתמש או בתוכנה שאתה מוריד. במקום זאת, זה מתחיל בהבנת האיומים הייחודיים שאתה מתמודד איתם, וכיצד אתה יכול להפחית אותם. +ניסיון להגן על כל הנתונים שלך מפני כולם כל הזמן הוא לא מעשי, יקר ומתיש. אבל אל תדאג! אבטחה היא תהליך, ועל ידי תכנון בריא, אתה יכול להרכיב תוכנית שמתאימה לך. אבטחה אינה עוסקת רק בכלים שבהם אתה משתמש או בתוכנות שאותם אתה מוריד. במקום זאת, היא מתחילה בהבנת האיומים הייחודיים שאתה מתמודד איתם, וכיצד אתה יכול למגר אותם. -==תהליך זה של זיהוי איומים והגדרת אמצעי נגד נקרא **מודלים של איומים**==, והוא מהווה את הבסיס לכל תוכנית אבטחה ופרטיות טובה. +==תהליך זה של זיהוי איומים והגדרת אמצעי נגד נקרא **מידול** (מלשון מודל) ** סיכונים ** ==, והוא מהווה את הבסיס לכל תוכנית אבטחה ופרטיות טובה. -[:material-book-outline: למד עוד על מודל איומים](basics/threat-modeling.md ""){.md-button.md-button--primary} +[:material-book-outline: למד עוד על מידול סיכונים](basics/threat-modeling.md ""){.md-button.md-button--primary} --- -## אנחנו זקוקים לך! הנה איך להיות מעורב: +## אנחנו זקוקים לך! יש כמה דרכים לעזור לנו: [:simple-discourse:](https://discuss.privacyguides.net/){ title="הצטרף לפורום שלנו" } [:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="עקבו אחרינו במסטודון" } @@ -39,6 +39,4 @@ hide: [:material-information-outline:](about/index.md){ title="למד עוד אודותינו" } [:material-hand-coin-outline:](about/donate.md){ title="תמכו בפרויקט" } -חשוב שאתר כמו Privacy Guides יישאר תמיד מעודכן. אנחנו צריכים שהקהל שלנו יפקח עין על עדכוני תוכנה עבור היישומים הרשומים באתר שלנו ויעקוב אחר החדשות האחרונות לגבי ספקים שאנחנו ממליצים עליהם. קשה לעמוד בקצב המהיר של האינטרנט, אבל אנחנו מנסים כמיטב יכולתנו. אם אתה מזהה שגיאה, חושב שספק לא צריך להיות רשום, שם לב שחסר ספק מוסמך, מאמין שתוסף דפדפן הוא כבר לא הבחירה הטובה ביותר, או חשף כל בעיה אחרת, אנא הודע לנו. - ---8<-- "includes/abbreviations.he.txt" +חשוב שאתר כמו Privacy Guides יישאר תמיד מעודכן. אנחנו צריכים שהקהל שלנו יפקח עין על עדכוני תוכנה עבור היישומים הרשומים באתר שלנו ויעקוב אחר התפתחויות לגבי ספקים שאנחנו ממליצים עליהם. קשה לעמוד בקצב המהיר של האינטרנט, אבל אנחנו מנסים כמיטב יכולתנו. אם אתה מזהה איזו שגיאה, חושב שספק לא צריך להיות רשום, שם לב שחסר ספק מוסמך, מאמין שתוסף דפדפן הוא כבר לא הבחירה הטובה ביותר, או מוצא כל בעיה אחרת, אנא הודיע לנו. diff --git a/i18n/he/kb-archive.md b/i18n/he/kb-archive.md index 9e276b56..33f2ba6e 100644 --- a/i18n/he/kb-archive.md +++ b/i18n/he/kb-archive.md @@ -1,6 +1,7 @@ --- title: ארכיון KB icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # דפים הועברו לבלוג @@ -14,5 +15,3 @@ icon: material/archive - [מחיקת נתונים מאובטחת](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [הסרה משולבת של מטא נתונים](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [מדריך התצורה של iOS](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/meta/brand.md b/i18n/he/meta/brand.md index b9236d1f..a5c7d73e 100644 --- a/i18n/he/meta/brand.md +++ b/i18n/he/meta/brand.md @@ -20,5 +20,3 @@ title: הנחיות מיתוג "Privacy Guides" והלוגו של המגן הם סימנים מסחריים בבעלות Jonah Aragon, שימוש בלתי מוגבל מוענק לפרויקט Privacy Guides. מבלי לוותר על אף אחת מזכויותיה, Privacy Guides אינם מייעצים לאחרים לגבי היקף זכויות הקניין הרוחני שלה. Privacy Guides אינם מתירים או מסכימים לכל שימוש בסימנים המסחריים שלו בכל דרך העלולה לגרום לבלבול על ידי רמיזה של קשר או חסות על ידי Privacy Guides. אם אתה מודע לשימוש כזה, אנא צור קשר עם Jonah Aragon בכתובת jonah@privacyguides.org. התייעץ עם היועץ המשפטי שלך אם יש לך שאלות. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/meta/git-recommendations.md b/i18n/he/meta/git-recommendations.md index 9152533b..0c406db6 100644 --- a/i18n/he/meta/git-recommendations.md +++ b/i18n/he/meta/git-recommendations.md @@ -44,5 +44,3 @@ git config --global pull.rebase true git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/meta/uploading-images.md b/i18n/he/meta/uploading-images.md index 24e60cee..6a91ec55 100644 --- a/i18n/he/meta/uploading-images.md +++ b/i18n/he/meta/uploading-images.md @@ -47,9 +47,9 @@ optipng -o7 file.png In the **SVG Output** tab under **Document options**: -- [ ] Turn off **Remove the XML declaration** -- [x] Turn on **Remove metadata** -- [x] Turn on **Remove comments** +- [ ] תכבה **הסר את הצהרת ה-XML** +- [x] הפעל **הסר מטא נתונים** +- [x] הפעל **הסר תגובות** - [x] Turn on **Embeded raster images** - [x] Turn on **Enable viewboxing** @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/meta/writing-style.md b/i18n/he/meta/writing-style.md index ec4bef79..6ee20e4a 100644 --- a/i18n/he/meta/writing-style.md +++ b/i18n/he/meta/writing-style.md @@ -53,7 +53,7 @@ Privacy Guides כתובים באנגלית אמריקאית, וכדאי לעיי כדאי לנסות להימנע מקיצורי מילים במידת האפשר, אבל הטכנולוגיה מלאה בקיצורי מילים. באופן כללי, יש לאיית את הקיצור/ראשי התיבות בפעם הראשונה שבה נעשה בו שימוש בדף, והוסיפו את הקיצור מילים לקובץ מילון המונחים של הקיצור מילים כאשר נעשה בו שימוש חוזר. -> Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences: +> Kathy McGinty מציעה הוראות שפה אירוניות למשפטים הפשוטים והישירים שלך: > > > אין מנוס מהעובדה כי חשוב מאוד לציין כי מספר מחקרים ישימים שונים זיהו בדרך כלל את העובדה כי תעסוקה לילית מתאימה נוספת יכולה בדרך כלל לשמור על מתבגרים צעירים מחוץ לכבישים במהלך שעות הלילה, כולל אך לא מוגבל לזמן שלפני חצות בלילות השבוע ו/או 2 לפנות בוקר. בסופי שבוע. > @@ -85,5 +85,3 @@ Privacy Guides כתובים באנגלית אמריקאית, וכדאי לעיי > - "אסור" לאיסור > - "רשאי" לפעולה לפי שיקול דעת > - "צריך" להמלצה - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/mobile-browsers.md b/i18n/he/mobile-browsers.md index c9661e91..d3680c57 100644 --- a/i18n/he/mobile-browsers.md +++ b/i18n/he/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "דפדפני אינטרנט לנייד" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- אלו הם דפדפני האינטרנט הניידים המומלצים כרגע והתצורות שלנו לגלישה רגילה/לא אנונימית באינטרנט. אם אתה צריך לגלוש באינטרנט באופן אנונימי, אתה צריך להשתמש [Tor](tor.md) במקום. באופן כללי, אנו ממליצים לשמור על הרחבות למינימום; יש להם גישה מוסמכת בתוך הדפדפן שלך, דורשים ממך לסמוך על המפתח, יכולים לגרום לך [להיות בולט](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), [ולהחליש](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) את בידוד האתר. @@ -189,5 +190,3 @@ Brave כולל כמה אמצעים נגד טביעת אצבע בתכונת [Shie - אסור לשכפל דפדפן מובנה או פונקציונליות מערכת הפעלה. - חייב להשפיע ישירות על פרטיות המשתמש, כלומר לא חייב פשוט לספק מידע. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/multi-factor-authentication.md b/i18n/he/multi-factor-authentication.md index 3dfb9fb8..4fc9f40a 100644 --- a/i18n/he/multi-factor-authentication.md +++ b/i18n/he/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "מאמתים מרובי גורמים" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## מפתחות אבטחה של חומרה @@ -140,5 +141,3 @@ icon: 'material/two-factor-authentication' - אסור לדרוש חיבור לאינטרנט. - אסור לסנכרן לשירות סנכרון/גיבוי בענן של צד שלישי. - **אופציונלי** תמיכה בסנכרון E2EE עם כלים מקוריים של מערכת ההפעלה מקובלת, למשל. סנכרון מוצפן באמצעות iCloud. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/news-aggregators.md b/i18n/he/news-aggregators.md index 313fc71f..312c1d6b 100644 --- a/i18n/he/news-aggregators.md +++ b/i18n/he/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "צוברי חדשות" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -[צובר חדשות](https://en.wikipedia.org/wiki/News_aggregator) הוא דרך לשמור על קשר עם הבלוגים ואתרי החדשות האהובים עליך. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## קליינטים צוברי חדשות @@ -169,5 +170,3 @@ Reddit מאפשר לך להירשם ל subreddits באמצעות RSS. ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/notebooks.md b/i18n/he/notebooks.md index df27fe7c..a67ce504 100644 --- a/i18n/he/notebooks.md +++ b/i18n/he/notebooks.md @@ -1,6 +1,7 @@ --- title: "פנקס רשימות" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- עקוב אחר ההערות והיומנים שלך מבלי למסור אותם לצד שלישי. @@ -111,5 +112,3 @@ Cryptee מציע 100MB של אחסון בחינם, עם אפשרויות בתש - פונקציונליות גיבוי/סנכרון מקומית אמורה לתמוך בהצפנה. - פלטפורמות מבוססות ענן צריכות לתמוך בשיתוף מסמכים. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/os/android-overview.md b/i18n/he/os/android-overview.md index e81644ca..194ff1cb 100644 --- a/i18n/he/os/android-overview.md +++ b/i18n/he/os/android-overview.md @@ -1,6 +1,7 @@ --- title: סקירה כללית של אנדרואיד icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- אנדרואיד היא מערכת הפעלה מאובטחת הכוללת [ארגז חול חזק של אפליקציות](https://source.android.com/security/app-sandbox), [אתחול מאומת](https://source.android.com/security/verifiedboot) (AVB) ומערכת בקרת [הרשאות](https://developer.android.com/guide/topics/permissions/overview) חזקה. @@ -49,13 +50,48 @@ Fairphone, למשל, משווקת את המכשירים שלהם כמקבלים ## גרסאות אנדרואיד -חשוב לא להשתמש בגרסת [סוף החיים](https://endoflife.date/android) של אנדרואיד. גרסאות חדשות יותר של אנדרואיד לא רק מקבלות עדכוני אבטחה עבור מערכת ההפעלה אלא גם עדכונים חשובים לשיפור הפרטיות. לדוגמה, [לפני אנדרואיד 10](https://developer.android.com/about/versions/10/privacy/changes), כל אפליקציה עם הרשאת [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) יכלו לגשת למספרים סידוריים רגישים וייחודיים של הטלפון שלך כגון [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), כרטיס ה-SIM שלך[IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), בעוד שכעת הם חייבים להיות אפליקציות מערכת כדי לעשות זאת. אפליקציות מערכת מסופקות רק על ידי הפצת OEM או אנדרואיד. +חשוב לא להשתמש בגרסת [סוף החיים](https://endoflife.date/android) של אנדרואיד. גרסאות חדשות יותר של אנדרואיד לא רק מקבלות עדכוני אבטחה עבור מערכת ההפעלה אלא גם עדכונים חשובים לשיפור הפרטיות. לדוגמה, [לפני אנדרואיד 10](https://developer.android.com/about/versions/10/privacy/changes), כל אפליקציה עם הרשאת [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) יכלו לגשת למספרים סידוריים רגישים וייחודיים של הטלפון שלך כגון [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), כרטיס ה-SIM שלך [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), בעוד שכעת הם חייבים להיות אפליקציות מערכת כדי לעשות זאת. אפליקציות מערכת מסופקות רק על ידי הפצת OEM או אנדרואיד. ## הרשאות אנדרואיד -[הרשאות ב-אנדרואיד](https://developer.android.com/guide/topics/permissions/overview) מעניקות לך שליטה על האפליקציות המורשות לגשת. גוגל מבצעת בקביעות [שיפורים](https://developer.android.com/about/versions/11/privacy/permissions) במערכת ההרשאות בכל גרסה עוקבת. כל האפליקציות שאתה מתקין הן אך ורק [ארגז חול](https://source.android.com/security/app-sandbox), לכן, אין צורך להתקין אפליקציות אנטי וירוס. סמארטפון עם הגרסה העדכנית ביותר של אנדרואיד תמיד יהיה מאובטח יותר מסמארטפון ישן עם אנטי וירוס ששילמת עליו. עדיף לא לשלם על תוכנת אנטי וירוס ולחסוך כסף בקניית סמארטפון חדש כמו גוגל פיקסל. +[הרשאות ב-אנדרואיד](https://developer.android.com/guide/topics/permissions/overview) מעניקות לך שליטה על האפליקציות המורשות לגשת. גוגל מבצעת בקביעות [שיפורים](https://developer.android.com/about/versions/11/privacy/permissions) במערכת ההרשאות בכל גרסה עוקבת. כל האפליקציות שאתה מתקין הן אך ורק [ארגז חול](https://source.android.com/security/app-sandbox), לכן, אין צורך להתקין אפליקציות אנטי וירוס. -אם תרצה להפעיל אפליקציה שאינך בטוח לגביה, שקול להשתמש בפרופיל משתמש או עבודה. +סמארטפון עם הגרסה העדכנית ביותר של אנדרואיד תמיד יהיה מאובטח יותר מסמארטפון ישן עם אנטי וירוס ששילמת עליו. עדיף לא לשלם על תוכנת אנטי וירוס ולחסוך כסף בקניית סמארטפון חדש כמו גוגל פיקסל. + +אנדרואיד 10: + +- [אחסון בהיקף](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) נותן לך שליטה רבה יותר על הקבצים שלך ויכול להגביל את מה שיכול [לגשת לאחסון חיצוני](https://developer.android.com/training/data-storage#permissions). לאפליקציות יכולות להיות ספרייה ספציפית באחסון חיצוני וכן יכולת לאחסן שם סוגים ספציפיים של מדיה. +- גישה הדוקה יותר ב[מיקום המכשיר](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) על ידי הצגת ההרשאה `ACCESS_BACKGROUND_LOCATION `. זה מונע מאפליקציות לגשת למיקום כשהן פועלות ברקע ללא אישור מפורש מהמשתמש. + +אנדרואיד 11: + +- [הרשאות חד פעמיות](https://developer.android.com/about/versions/11/privacy/permissions#one-time) מאפשרות לך להעניק הרשאה לאפליקציה פעם אחת בלבד. +- [הרשאות איפוס אוטומטי](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), המאפס [הרשאות זמן ריצה](https://developer.android.com/guide/topics/permissions/overview#runtime) שניתנו בעת פתיחת האפליקציה. +- הרשאות מפורטות לגישה לתכונות הקשורות ל[מספרי טלפון](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers). + +אנדרואיד 12: + +- הרשאה להעניק רק את ה[מיקום המשוער](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- איפוס אוטומטי של [אפליקציות במצב שינה](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [ביקורת גישה לנתונים](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) שמקלה לקבוע איזה חלק באפליקציה מבצע סוג מסוים של גישה לנתונים. + +אנדרואיד 13: + +- הרשאה ל[גישה לאינטרנט אלחוטי בקרבת מקום](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). כתובות ה-MAC של נקודות גישה אלחוטיות סמוכות היו דרך פופולרית עבור אפליקציות לעקוב אחר מיקומו של משתמש. +- [הרשאות מדיה מפורטות](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions) יותר, כלומר אתה יכול להעניק גישה לתמונות, סרטונים או קבצי אודיו בלבד. +- שימוש ברקע בחיישנים מחייב כעת את הרשאת [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission). + +אפליקציה עשויה לבקש הרשאה עבור תכונה ספציפית שיש לה. לדוגמה, כל אפליקציה שיכולה לסרוק קודי QR תדרוש את אישור המצלמה. אפליקציות מסוימות יכולות לבקש יותר הרשאות ממה שהן צריכות. + +[Exodus](https://exodus-privacy.eu.org/) יכול להיות שימושי כאשר משווים אפליקציות שיש להן מטרות דומות. אם אפליקציה דורשת הרבה הרשאות ויש לה הרבה פרסום וניתוח זה כנראה סימן רע. אנו ממליצים להסתכל על העוקבים הבודדים ולקרוא את התיאורים שלהם במקום פשוט **לספור את הסכום הכולל** ולהנחה שכל הפריטים הרשומים שווים. + +!!! warning "אזהרה" + + אם אפליקציה היא ברובה שירות מבוסס אינטרנט, המעקב עשוי להתרחש בצד השרת. [פייסבוק](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) מציג "ללא עוקבים" אבל בהחלט עוקב אחר תחומי העניין וההתנהגות של המשתמשים ברחבי האתר. אפליקציות עשויות להתחמק מזיהוי על ידי אי שימוש בספריות קוד סטנדרטיות המיוצרות על ידי תעשיית הפרסום, אם כי זה לא סביר. + +!!! note "הערה" + + אפליקציות ידידותיות לפרטיות כגון [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) עשויות להציג עוקבים מסוימים כגון [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). ספרייה זו כוללת את [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) שיכולה לספק [הודעות דחיפה](https://en.wikipedia.org/wiki/Push_technology) באפליקציות. זה [המקרה](https://fosstodon.org/@bitwarden/109636825700482007) עם Bitwarden. זה לא אומר ש-Bitwarden משתמש בכל תכונות הניתוח שמסופקות על ידי Google Firebase Analytics. ## גישה למדיה @@ -81,9 +117,9 @@ Fairphone, למשל, משווקת את המכשירים שלהם כמקבלים אנדרואיד 7 ומעלה תומך ב-VPN Killswitch והוא זמין ללא צורך בהתקנת אפליקציות של צד שלישי. תכונה זו יכולה למנוע דליפות אם ה-VPN מנותק. ניתן למצוא אותו ב:gear: **הגדרות** ← **רשת & אינטרנט** ← **VPN** ← :gear: ← **חסום חיבורים ללא VPN**. -## חילופי מצבים גלובליים +## בוררים גלובליים -למכשירי אנדרואיד מודרניים יש בוררים גלובליים לביטול Bluetooth ושירותי מיקום. אנדרואיד 12 הציגה את המתגים למצלמה ולמיקרופון. כאשר לא בשימוש, אנו ממליצים להשבית תכונות אלה. אפליקציות לא יכולות להשתמש בתכונות מושבתות (גם אם ניתנה להן הרשאה פרטנית) עד להפעלה מחדש. +למכשירי אנדרואיד מודרניים יש בוררים גלובליים לביטול Bluetooth ושירותי מיקום. אנדרואיד 12 הציגה מתגים למצלמה ולמיקרופון. כאשר אינו בשימוש, אנו ממליצים להשבית את התכונות הללו. אפליקציות לא יכולות להשתמש בתכונות מושבתות (גם אם ניתנה הרשאה אישית) עד להפעלה מחדש. ## גוגל @@ -91,38 +127,38 @@ Fairphone, למשל, משווקת את המכשירים שלהם כמקבלים ### תוכנית הגנה מתקדמת -אם יש לך חשבון Google, אנו מציעים להירשם ל[תוכנית ההגנה המתקדמת](https://landing.google.com/advancedprotection/). הוא זמין ללא עלות לכל מי שיש לו שני מפתחות אבטחה חומרה או יותר עם תמיכה ב[FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online). +אם יש לך חשבון Google, אנו מציעים להירשם ל[תוכנית ההגנה המתקדמת](https://landing.google.com/advancedprotection/). הוא זמין ללא עלות לכל מי שיש לו שני מפתחות אבטחה חומרה או יותר עם תמיכה ב-[FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online). תוכנית ההגנה המתקדמת מספקת ניטור איומים משופר ומאפשרת: -- אימות דו-גורמי מחמיר יותר; למשל שחייבים להשתמש ב-[FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **must** ואוסר את השימוש ב- [SMS OTPs](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp) ו [OAuth](https://en.wikipedia.org/wiki/OAuth) +- אימות דו-גורמי מחמיר יותר; למשל שחייבים להשתמש ב-[FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **** ואוסר את השימוש ב- [SMS OTPs](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp) ו [OAuth](https://en.wikipedia.org/wiki/OAuth) - רק גוגל ואפליקציות צד שלישי מאומתות יכולות לגשת לנתוני החשבון -- סריקה של הודעות דוא"ל נכנסות בחשבונות Gmail עבור ניסיונות [דיוג](https://en.wikipedia.org/wiki/Phishing#Email_phishing) +- סריקה של הודעות אימייל נכנסות בחשבונות Gmail עבור ניסיונות [דיוג](https://en.wikipedia.org/wiki/Phishing#Email_phishing) - [סריקת דפדפן בטוחה](https://www.google.com/chrome/privacy/whitepaper.html#malware) מחמירה יותר עם Google Chrome -- תהליך שחזור מחמיר יותר עבור חשבונות עם אישורים שאבדו +- תהליך שחזור מחמיר עבור חשבונות עם אישורים שאבדו - עבור משתמשים שמשתמשים בשירותי Google Play המועדפים (הנפוצים במערכות הפעלה שמגיעות בברירת מחדל), תוכנית ההגנה המתקדמת מגיעה גם עם [הטבות נוספות](https://support.google.com/accounts/answer/9764949?hl=en) כגון: + אם אתה משתמש בשירותי Google Play שאינם בארגז חול (נפוצים במערכות הפעלה במלאי), תוכנית ההגנה המתקדמת מגיעה גם עם [הטבות נוספות](https://support.google.com/accounts/answer/9764949?hl=en) כגון: -- לא לאפשר התקנת אפליקציות מחוץ לחנות Google Play, חנות האפליקציות של ספק מערכת ההפעלה או דרך [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) -- סריקת התקן אוטומטית חובה עם [Play Protect](https://support.google.com/googleplay/answer/2812853?hl=en#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) -- אזהרה לגבי יישומים לא מאומתים +- לא מאפשר התקנת אפליקציה מחוץ לחנות Google Play, לחנות האפליקציות של ספק מערכת ההפעלה או דרך [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) +- סריקת מכשיר אוטומטי חובה עם [Play Protect](https://support.google.com/googleplay/answer/2812853?hl=en#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) +- מזהיר אותך לגבי יישומים לא מאומתים ### עדכוני מערכת Google Play בעבר, עדכוני אבטחה אנדרואיד היו צריכים להישלח על ידי ספק מערכת ההפעלה. אנדרואיד הפכה מודולרית יותר החל מאנדרואיד 10, וגוגל יכולה לדחוף עדכוני אבטחה עבור **חלק** רכיבי מערכת באמצעות שירותי Play המועדפים. -אם יש לך מכשיר EOL שנשלח עם אנדרואיד 10 ומעלה ואינך יכול להריץ אף אחת ממערכות ההפעלה המומלצות שלנו במכשיר שלך, סביר להניח שעדיף לך להישאר עם התקנת האנדרואיד של היצרן ציוד המקורי (בניגוד למערכת הפעלה שאינה מופיעה ברשימה כאן כגון LineageOS או /e/ OS). זה יאפשר לך לקבל **כמה**תיקוני אבטחה מגוגל, מבלי להפר את מודל האבטחה של אנדרואיד על ידי שימוש בנגזרת אנדרואיד לא מאובטחת והגדלת משטח ההתקפה שלך. אנו עדיין ממליצים לשדרג למכשיר נתמך בהקדם האפשרי. +אם יש לך מכשיר EOL שנשלח עם אנדרואיד 10 ומעלה ואינך יכול להריץ אף אחת ממערכות ההפעלה המומלצות שלנו במכשיר שלך, סביר להניח שעדיף לך להישאר עם התקנת האנדרואיד של היצרן ציוד המקורי (בניגוד למערכת הפעלה שאינה מופיעה ברשימה כאן כגון LineageOS או /e/ OS). זה יאפשר לך לקבל **כמה** תיקוני אבטחה מגוגל, מבלי להפר את מודל האבטחה של אנדרואיד על ידי שימוש בנגזרת אנדרואיד לא מאובטחת והגדלת משטח ההתקפה שלך. אנו עדיין ממליצים לשדרג למכשיר נתמך בהקדם האפשרי. ### מזהה פרסום -כל המכשירים עם שירותי Google Play מותקנים באופן אוטומטי מייצרים [>מזהה פרסום](https://support.google.com/googleplay/android-developer/answer/6048248?hl=en) המשמש לפרסום ממוקד. השבת תכונה זו כדי להגביל את הנתונים שנאספו עליך. +כל המכשירים עם שירותי Google Play מותקנים באופן אוטומטי מייצרים [מזהה פרסום](https://support.google.com/googleplay/android-developer/answer/6048248?hl=en) המשמש לפרסום ממוקד. השבת תכונה זו כדי להגביל את הנתונים שנאספו עליך. -בהפצות אנדרואיד עם [Google Play בארגז חול](https://grapheneos.org/usage#sandboxed-google-play), עבור אל :gear: **הגדרות** ← **אפליקציות** → **Google Play בארגז חול** ← **הגדרות גוגל** ← **מודעות**, ותבחר *מחק מזהה פרסום*. +בהפצות אנדרואיד עם [Google Play בארגז חול](https://grapheneos.org/usage#sandboxed-google-play), עבור אל :gear: **הגדרות** ← **אפליקציות** ← **Google Play בארגז חול** ← **הגדרות גוגל** ← **מודעות**, ותבחר *מחק מזהה פרסום*. בהפצות אנדרואיד עם שירותי Google Play מורשים (כגון מערכת הפעלה ברירת מחדל), ההגדרה עשויה להיות באחד מכמה מיקומים. בדיקה - :gear: **הגדרות** ← **גוגל** ← **מודעות** -- :gear: **הגדרות** ← **גוגל** ← **מודעות** +- :gear: **הגדרות** ← **פרטיות** ← **מודעות** תינתן לך האפשרות למחוק את מזהה הפרסום שלך או *לבטל את הסכמתך למודעות מבוססות עניין*, זה משתנה בין הפצות OEM של אנדרואיד. אם מוצגת האפשרות למחוק את מזהה הפרסום המועדף. אם לא, הקפד לבטל את הסכמתך ולאפס את מזהה הפרסום שלך. @@ -131,5 +167,3 @@ Fairphone, למשל, משווקת את המכשירים שלהם כמקבלים [SafetyNet](https://developer.android.com/training/safetynet/attestation) וה[ממשק API של Play Integrity](https://developer.android.com/google/play/integrity) משמשים בדרך כלל עבור [אפליקציות בנקאיות](https://grapheneos.org/usage#banking-apps). אפליקציות בנקאות רבות יעבדו מצוין ב-GrapheneOS עם שירותי Play בארגז חול, אולם לחלק מהאפליקציות הלא פיננסיות יש מנגנוני אנטי-שיבוש גולמיים משלהם שעלולים להיכשל. GrapheneOS עובר את בדיקת `basicIntegrity`, אך לא את בדיקת האישור `ctsProfileMatch`. למכשירים עם אנדרואיד 8 ואילך יש תמיכה באישורי חומרה שלא ניתן לעקוף ללא מפתחות דלופים או פגיעויות חמורות. לגבי ארנק Google, אנו לא ממליצים על כך בשל [ מדיניות הפרטיות שלהם](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), הקובעת שעליך לבטל את הסכמתך אם אינך רוצה שדירוג האשראי והמידע האישי שלך ישותפו עם שירותי שיווק שותפים. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/os/linux-overview.md b/i18n/he/os/linux-overview.md index a0815905..90af2374 100644 --- a/i18n/he/os/linux-overview.md +++ b/i18n/he/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: סקירה כללית של לינוקס icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -לעתים קרובות מאמינים שתוכנת [קוד פתוח](https://en.wikipedia.org/wiki/Open-source_software) מאובטחת מטבעה מכיוון שקוד המקור זמין. קיימת ציפייה שאימות קהילה מתרחש באופן קבוע; עם זאת, זה לא תמיד [המקרה](https://seirdy.one/posts/2022/02/02/floss-security/). זה אכן תלוי במספר גורמים, כגון פעילות הפרויקט, חוויית מפתח, רמת הקפדה על [ביקורות קוד](https://en.wikipedia.org/wiki/Code_review), וכן באיזו תדירות ניתנת תשומת לב לחלקים ספציפיים של [בסיס הקוד](https://en.wikipedia.org/wiki/Codebase) שעלולים להישאר ללא נגיעה במשך שנים. +לעתים קרובות מאמינים שתוכנת [קוד פתוח](https://en.wikipedia.org/wiki/Open-source_software) מאובטחת מטבעה מכיוון שקוד המקור זמין. קיימת ציפייה שאימות קהילה מתרחש באופן קבוע; עם זאת, זה לא תמיד [המקרה](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. נכון לעכשיו, ללינוקס שולחני יש כמה תחומים שניתן לשפר טוב יותר בהשוואה לעמיתיהם הקנייניים, למשל.: @@ -139,5 +140,3 @@ icon: simple/linux [אפשרות](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) זו כבויה כעת כברירת מחדל. אנו ממליצים להוסיף את `countme=false` ל-`/etc/dnf/dnf.conf` למקרה שהוא יופעל בעתיד. במערכות המשתמשות ב-`rpm-ostree` כגון Silverblue, אפשרות ה-countme מושבתת על ידי מיסוך של [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) טיימר. openSUSE משתמשת גם ב[מזהה ייחודי](https://en.opensuse.org/openSUSE:Statistics) כדי לספור מערכות, אותן ניתן להשבית על ידי מחיקת הקובץ `/var/lib/zypp/AnonymousUniqueId`. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/os/qubes-overview.md b/i18n/he/os/qubes-overview.md index 1f3464e1..183cf5fa 100644 --- a/i18n/he/os/qubes-overview.md +++ b/i18n/he/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "סקירה כללית של Qubes" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) היא מערכת הפעלה המשתמשת ב [Xen](https://en.wikipedia.org/wiki/Xen) היפרוויזר לספק אבטחה חזקה עבור מחשוב שולחני באמצעות מכונות וירטואליות מבודדות. כל VM נקרא *Qube* ואתה יכול להקצות לכל Qube רמת אמון על סמך מטרתו. מכיוון שמערכת ההפעלה Qubes מספקת אבטחה על ידי שימוש בבידוד, ומתירה רק פעולות על בסיס כל מקרה, זה ההפך מ[ספירת רעות](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ Qubes משתמשת ב[מידור](https://www.qubes-os.org/intro/) כדי לשמ - J. Rutkowska: [*מידור תוכנה לעומת הפרדה פיזית*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*חלוקת החיים הדיגיטליים שלי לתחומי אבטחה*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*מאמרים קשורים*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/passwords.md b/i18n/he/passwords.md index a28dc688..e87a7b54 100644 --- a/i18n/he/passwords.md +++ b/i18n/he/passwords.md @@ -1,6 +1,7 @@ --- title: "מנהלי סיסמאות" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- מנהלי סיסמאות מאפשרים לך לאחסן ולנהל בצורה מאובטחת סיסמאות ואישורים אחרים עם שימוש בסיסמת אב. @@ -136,7 +137,7 @@ Psono מספקת תיעוד נרחב עבור המוצר שלהם. לקוח הא ![KeePassXC לוגו](assets/img/password-management/keepassxc.svg){ align=right } - **KeePassXC** הוא מזלג קהילתי של KeePassX, יציאה מקורית בין פלטפורמות של KeePass Password Safe, במטרה להרחיב ולשפר אותה עם תכונות חדשות ותיקוני באגים כדי לספק גישה עשירה בתכונות, חוצת פלטפורמות ומודרנית פתוחה- מנהל סיסמאות מקור. + **KeePassXC** הוא מזלג קהילתי של KeePassX, יציאה מקורית בין פלטפורמות של KeePass Password Safe, במטרה להרחיב ולשפר אותו עם תכונות חדשות ותיקוני באגים כדי לספק תכונות עשירות בתכונות, מנהל סיסמאות חוצה פלטפורמות ומודרני בקוד פתוח. [:octicons-home-16: דף הבית](https://keepassxc.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="מדיניות פרטיות" } @@ -219,12 +220,10 @@ KeePassXC מאחסן את נתוני הייצוא שלו כקובצי [CSV](http ### קריטריונים -**שים לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל [הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו סט ברור של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך. +**שימו לב שאיננו קשורים לאף אחד מהפרויקטים שאנו ממליצים עליהם.** בנוסף ל[קריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו מערכת ברורה של דרישות כדי לאפשר לנו לספק המלצות אובייקטיביות. אנו מציעים לך להכיר את הרשימה הזו לפני שתבחר להשתמש בפרויקט, ולערוך מחקר משלך כדי להבטיח שזו הבחירה הנכונה עבורך. !!! example "חלק זה הוא חדש" אנו עובדים על קביעת קריטריונים מוגדרים לכל קטע באתר שלנו, והדבר עשוי להשתנות. אם יש לך שאלות כלשהן לגבי הקריטריונים שלנו, אנא [שאל בפורום שלנו](https://discuss.privacyguides.net/latest) ואל תניח שלא שקלנו משהו כשהצענו את ההמלצות שלנו אם הוא לא רשום כאן. ישנם גורמים רבים שנחשבים ונדונים כאשר אנו ממליצים על פרויקט, ותיעוד כל אחד מהם הוא עבודה בתהליך. - חייב להיות חוצה פלטפורמות. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/productivity.md b/i18n/he/productivity.md index bcde91ed..99953524 100644 --- a/i18n/he/productivity.md +++ b/i18n/he/productivity.md @@ -1,6 +1,7 @@ --- title: "כלי פרודוקטיביות" icon: material/file-sign +description: רוב חבילות המשרד המקוונות אינן תומכות ב-E2EE, כלומר לספק הענן יש גישה לכל מה שאתה עושה. --- רוב חבילות המשרד המקוונות אינן תומכות ב-E2EE, כלומר לספק הענן יש גישה לכל מה שאתה עושה. מדיניות הפרטיות עשויה להגן על זכויותיך באופן חוקי, אך היא אינה מספקת אילוצי גישה טכניים. @@ -152,5 +153,3 @@ icon: material/file-sign [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="מופעים ציבוריים"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=תיעוד} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="קוד מקור" } - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/real-time-communication.md b/i18n/he/real-time-communication.md index ce4d7cb6..b307bd77 100644 --- a/i18n/he/real-time-communication.md +++ b/i18n/he/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "תקשורת בזמן אמת" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- אלו ההמלצות שלנו לתקשורת מוצפנת בזמן אמת. @@ -191,5 +192,3 @@ Oxen ביקשה ביקורת בלתי תלויה למפגש במרץ 2020. הב - צריך להיות מבוזר, כלומר מאוחד או P2P. - אמור להשתמש ב- E2EE עבור כל ההודעות כברירת מחדל. - צריך לתמוך בלינוקס, macOS, ווינדוס, אנדרואיד ו-iOS. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/router.md b/i18n/he/router.md index 17fe452b..8975c021 100644 --- a/i18n/he/router.md +++ b/i18n/he/router.md @@ -1,6 +1,7 @@ --- title: "קושחת הנתב" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- להלן מספר מערכות הפעלה חלופיות, שניתן להשתמש בהן בנתבים, נקודות גישה ל-Wi-Fi וכו'. @@ -47,5 +48,3 @@ OPNsense פותחה במקור כמזלג של [pfSense](https://en.wikipedia.or - חייב להיות קוד פתוח. - חייב לקבל עדכונים שוטפים. - חייב לתמוך במגוון רחב של חומרה. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/search-engines.md b/i18n/he/search-engines.md index fca5b8f0..2f64f6d4 100644 --- a/i18n/he/search-engines.md +++ b/i18n/he/search-engines.md @@ -1,6 +1,7 @@ --- title: "מנועי חיפוש" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- השתמש במנוע חיפוש שאינו בונה פרופיל פרסום על סמך החיפושים שלך. @@ -105,5 +106,3 @@ Startpage מבוסס בהולנד. לפי [מדיניות הפרטיות](https: - צריך להיות מבוסס על תוכנת קוד פתוח. - אין לחסום את כתובות ה - IP של צומת היציאה של Tor. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/tools.md b/i18n/he/tools.md index 10a1a55c..48d1dad8 100644 --- a/i18n/he/tools.md +++ b/i18n/he/tools.md @@ -3,6 +3,7 @@ title: "כלי פרטיות" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- אם אתם מחפשים פתרון ספציפי למשהו, אלו הם כלי החומרה והתוכנה שאנו ממליצים עליהם במגוון קטגוריות. כלי הפרטיות המומלצים שלנו נבחרים בעיקר על סמך תכונות אבטחה, עם דגש נוסף על כלים מבוזרים וקוד פתוח. הם ישימים למגוון מודלים של איומים, החל מהגנה מפני תוכניות מעקב המוני גלובליות והימנעות מחברות טכנולוגיה גדולות ועד למיתון התקפות, אבל רק אתה יכול לקבוע מה יעבוד הכי טוב עבור הצרכים שלך. @@ -84,9 +85,9 @@ hide:
-- ![Aurora Store לוגו](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store לוגו](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter לוגו](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) -- ![Auditor לוגו](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) +- ![Auditor לוגו](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS לוגו](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera לוגו](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera לוגו](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) - ![Secure PDF Viewer לוגו](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS לוגו](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer) @@ -199,6 +200,29 @@ hide: [למד עוד :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### שירותים פיננסיים + +#### שירותי מיסוך תשלומים + +
+ +- ![Privacy.com לוגו](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com לוגו](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo לוגו](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo לוגו](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[למד עוד :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### שוק כרטיסי מתנה אונליין + +
+ +- ![Cake Pay לוגו](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards לוגו](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[למד עוד :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### מנועי חיפוש
@@ -226,9 +250,9 @@ hide:
-- ![Proton VPN לוגו](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN לוגו](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad לוגו](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN לוגו](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ hide: [למד עוד :material-arrow-right-drop-circle:](calendar.md) +### מטבעות קריפטוגרפיים + +
+ +- ![Monero לוגו](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[למד עוד :material-arrow-right-drop-circle:](cryptocurrency.md) + ### הפחתת נתונים ומטא נתונים
@@ -438,5 +472,3 @@ hide:
[למד עוד :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/tor.md b/i18n/he/tor.md index 6ab55678..61204111 100644 --- a/i18n/he/tor.md +++ b/i18n/he/tor.md @@ -1,6 +1,7 @@ --- title: "רשת טור (Tor Network)" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ icon: simple/torproject Tor פועלת על ידי ניתוב תעבורת האינטרנט שלך דרך אותם שרתים המופעלים על ידי מתנדבים, במקום ליצור חיבור ישיר לאתר שבו אתה מנסה לבקר. זה מטשטש מהיכן מגיעה התעבורה, ואף שרת בנתיב החיבור לא מסוגל לראות את הנתיב המלא של המקום ממנו מגיעה התנועה והולכת, כלומר אפילו השרתים שבהם אתה משתמש כדי להתחבר לא יכולים לשבור את האנונימיות שלך. -
- ![נתיב Tor ](assets/img/how-tor-works/tor-path.svg#only-light) - ![נתיב Tor](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
מסלול מעגל Tor - צמתים בנתיב יכולים לראות רק את השרתים שאליהם הם מחוברים ישירות, למשל הצומת "כניסה" המוצג יכול לראות את כתובת ה-IP שלך, ואת הכתובת של הצומת "האמצעי", אבל אין לו דרך לראות איזה האתר שאתה מבקר בו.
-
- -- [מידע נוסף על אופן הפעולה של Tor :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[סקירת Tor מפורטת :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## התחברות ל - Tor @@ -120,5 +115,3 @@ Tor פועלת על ידי ניתוב תעבורת האינטרנט שלך דר Snowflake אינו מגדיל את פרטיותך בשום צורה, ואינו משמש לחיבור לרשת Tor בתוך הדפדפן האישי שלך. עם זאת, אם חיבור האינטרנט שלך אינו מצונזר, עליך לשקול להפעיל אותו כדי לעזור לאנשים ברשתות מצונזרות להשיג פרטיות טובה יותר בעצמם. אין צורך לדאוג לאילו אתרים אנשים ניגשים דרך ה-proxy שלך - כתובת ה-IP הגלויה של הגלישה שלהם תתאים לצומת היציאה של Tor, לא שלך. הפעלת פרוקסי של Snowflake היא בסיכון נמוך, אפילו יותר מהפעלת ממסר Tor או גשר שהם כבר מאמצים לא מסוכנים במיוחד. עם זאת, היא עדיין עושה תעבורת פרוקסי דרך הרשת שלך, מה שיכול להשפיע במובנים מסוימים, במיוחד אם הרשת שלך מוגבלת ברוחב הפס. ודא שאתה מבין [איך Snowflake עובד](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) לפני שתחליט אם להפעיל פרוקסי. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/video-streaming.md b/i18n/he/video-streaming.md index a1eb4e43..4d6fc84f 100644 --- a/i18n/he/video-streaming.md +++ b/i18n/he/video-streaming.md @@ -1,6 +1,7 @@ --- title: "הזרמת וידאו" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- האיום העיקרי בעת שימוש בפלטפורמת הזרמת וידאו הוא שהרגלי הסטרימינג ורשימות המנויים שלך יוכלו לשמש אותך כדי ליצור פרופיל. עליך לשלב את הכלים האלה עם [VPN](vpn.md) או [Tor](https://www.torproject.org/) כדי להקשות על פרופיל השימוש שלך. @@ -48,5 +49,3 @@ icon: material/video-wireless - חייב לא לדרוש חשבון מרוכז כדי לצפות בסרטונים. - אימות מבוזר, כגון באמצעות מפתח פרטי של ארנק נייד מקובל. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/he/vpn.md b/i18n/he/vpn.md index 6beefa1c..5c4dddd5 100644 --- a/i18n/he/vpn.md +++ b/i18n/he/vpn.md @@ -1,11 +1,20 @@ --- title: "שירותי VPN" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -מצא מפעיל VPN ללא רישום שאינו מתכוון למכור או לקרוא את תעבורת האינטרנט שלך. +אם אתה מחפש **פרטיות** נוספת מ-ISP שלך, ברשת Wi-Fi ציבורית, או תוך כדי טורנט קבצים, VPN עשוי להיות הפתרון עבורך כל עוד אתה מבין את הסיכונים הכרוכים בכך. אנו חושבים שהספקים האלה הם חתך מעל השאר: -??? danger סכנה "רשתות VPN לא מספקות אנונימיות" +
+ +- ![IVPN לוגו](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad לוגו](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN לוגו](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger סכנה "רשתות VPN לא מספקות אנונימיות" שימוש ב-VPN **לא** ישמור על הרגלי הגלישה שלך אנונימיים, וגם לא יוסיף אבטחה לתעבורה לא מאובטחת (HTTP). @@ -15,80 +24,11 @@ icon: material/vpn [הורד את Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & שאלות נפוצות](advanced/tor-overview.md){ .md-button } -??? question שאלה "מתי VPNs שימושיים?" - - אם אתה מחפש **פרטיות** נוספת מ-ISP שלך, ברשת Wi-Fi ציבורית, או תוך כדי טורנט קבצים, VPN עשוי להיות הפתרון עבורך כל עוד אתה מבין את הסיכונים הכרוכים בכך. - - [מידע נוסף ](basics/vpn-overview.md){ .md-button } +[סקירת VPN מפורטת :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## ספקים מומלצים -!!! סיכום "קריטריונים" - - הספקים המומלצים שלנו משתמשים בהצפנה, מקבלים Monero, תומכים ב-WireGuard & OpenVPN, ויש להם מדיניות ללא רישום. קרא את [רשימת הקריטריונים המלאה](#our-criteria) שלנו למידע נוסף. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN לוגו](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** הוא מתחרה חזק בתחום ה-VPN, והם פועלים מאז 2016. Proton AG מבוססת בשוויץ ומציעה רמה מוגבלת בחינם, כמו גם אפשרות פרימיום מומלצת יותר. - - [:octicons-home-16: דף הבית](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="מדיניות פרטיות" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=תיעוד} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="קוד מקור" } - - ??? downloads "הורדות" - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? check annotate ב 67 מדינות - - ל-Proton VPN יש [שרתים ב-67 מדינות](https://protonvpn.com/vpn-servers) (1). בחירת ספק VPN עם שרת הקרוב אליך תפחית את זמן האחזור של תעבורת הרשת שאתה שולח. הסיבה לכך היא מסלול קצר יותר (פחות דילוגים) ליעד. - - אנחנו גם חושבים שעדיף לאבטחת המפתחות הפרטיים של ספק ה-VPN אם הם משתמשים ב[שרתים ייעודיים](https://en.wikipedia.org/wiki/Dedicated_hosting_service), במקום פתרונות משותפים זולים יותר (עם לקוחות אחרים) כגון [ שרתים פרטיים וירטואליים](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. נבדק אחרון: 2022-09-16 - -??? success הצלחה "מבוקר באופן עצמאי" - - החל מינואר 2020, Proton VPN עבר ביקורת בלתי תלויה על ידי SEC Consult. SEC Consult מצא כמה נקודות תורפה בסיכון בינוני ונמוך ביישומי Windows, Android ו-iOS של Proton VPN, שכולן תוקנו כראוי על ידי Proton VPN לפני פרסום הדוחות. אף אחת מהבעיות שזוהו לא הייתה מספקת לתוקף גישה מרחוק למכשיר או לתעבורה שלך. אתה יכול להציג דוחות בודדים עבור כל פלטפורמה בכתובת [protonvpn.com](https://protonvpn.com/blog/open-source/). באפריל 2022 Proton VPN עבר [ביקורת נוספת](https://protonvpn.com/blog/no-logs-audit/) והדוח הופק על ידי Securitum](https://protonvpn.com/blog/wp- content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). [מכתב אישור](https://proton.me/blog/security-audit-all-proton-apps) סופק עבור האפליקציות של Proton VPN ב-9 בנובמבר 2021 על ידי [Securitum](https://research.securitum. com). - -??? success הצלחה "לקוחות קוד פתוח" - - Proton VPN מספק את קוד המקור עבור לקוחות שולחניים וניידים שלהם ב[ארגון GitHub](https://github.com/ProtonVPN). - -??? success הצלחה "מקבל מזומן" - - Proton VPN, בנוסף לקבל כרטיסי אשראי/חיוב ו-PayPal, מקבל ביטקוין ו-**מזומן/מטבע מקומי** כאמצעי תשלום אנונימיים. - -??? success "תמיכה ב-WireGuard" - - Proton VPN תומך בעיקר בפרוטוקול WireGuard®. [WireGuard](https://www.wireguard.com) הוא פרוטוקול חדש יותר שמשתמש ב[cryptography](https://www.wireguard.com/protocol/) חדישה. בנוסף, WireGuard שואפת להיות פשוטה וביצועית יותר. - - Proton VPN [ממליץ](https://protonvpn.com/blog/wireguard/) משתמש ב - WireGuard בשירות שלהם. באפליקציות Windows, macOS, iOS, Android, ChromeOS ו-Android TV של Proton VPN, WireGuard הוא פרוטוקול ברירת המחדל; עם זאת, [תמיכה](https://protonvpn.com/support/how-to-change-vpn-protocols/) עבור הפרוטוקול אינו קיים באפליקציית הלינוקס שלהם. - -??? warning "העברת יציאות מרחוק" - - נכון לעכשיו, Proton VPN תומך רק בהעברה מרחוק של [port forwarding](https://protonvpn.com/support/port-forwarding/) ב - Windows, דבר שעשוי להשפיע על יישומים מסוימים. במיוחד יישומי Peer - to - peer כמו לקוחות Torrent. - -??? check "קליינטים ניידים" - - בנוסף לאספקת קבצי תצורה סטנדרטיים של OpenVPN, ל-Proton VPN יש לקוחות ניידים עבור [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases)מה שמאפשר חיבורים קלים לשרתים שלהם. - -??? info "פונקציונליות נוספת" - - תוכנות Proton VPN תומכים באימות דו - שלבי בכל הפלטפורמות מלבד Linux כרגע. ל - Proton VPN יש שרתים ומרכזי נתונים משלו בשוויץ, איסלנד ושוודיה. הם מציעים חסימת מודעות ודומיינים ידועים של תוכנות זדוניות שחוסמים באמצעות שירות ה - DNS שלהם. בנוסף, Proton VPN מציע גם שרתי "Tor" המאפשרים לך להתחבר בקלות לאתרי בצל, אבל אנחנו עדיין ממליצים בחום להשתמש [בדפדפן Tor הרשמי]( https://www.torproject.org/) למטרה זו. - -!!! danger "תכונת Killswitch שבורה במחשבי מקינטוש מבוססי אינטל" - - קריסות מערכת [עלולות להתרחש](https://protonvpn.com/support/macos-t2-chip-kill-switch/) במחשבי מקינטוש מבוססי אינטל בעת שימוש במתג השבתה של VPN. אם אתם זקוקים לתכונה זו, ואתם משתמשים ב - Mac עם ערכת שבבים של Intel, כדאי לכם לשקול להשתמש בשירות VPN אחר. +הספקים המומלצים שלנו משתמשים בהצפנה, מקבלים Monero, תומכים ב-WireGuard & OpenVPN, ויש להם מדיניות ללא רישום. קרא את [רשימת הקריטריונים המלאה](#criteria) שלנו למידע נוסף. ### IVPN @@ -111,43 +51,44 @@ icon: material/vpn - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate הערת הצלחה 35 מדינות +#### :material-check:{ .pg-green } 35 מדינות - ל-IVPN יש [שרתים ב-35 מדינות](https://www.ivpn.net/server-locations) (1). בחירת ספק VPN עם שרת הקרוב אליך תפחית את זמן האחזור של תעבורת הרשת שאתה שולח. הסיבה לכך היא מסלול קצר יותר (פחות דילוגים) ליעד. - - אנחנו גם חושבים שעדיף לאבטחת המפתחות הפרטיים של ספק ה-VPN אם הם משתמשים ב[שרתים ייעודיים](https://en.wikipedia.org/wiki/Dedicated_hosting_service), במקום פתרונות משותפים זולים יותר (עם לקוחות אחרים) כגון [ שרתים פרטיים וירטואליים](https://en.wikipedia.org/wiki/Virtual_private_server). +ל-IVPN יש [שרתים ב-35 מדינות](https://www.ivpn.net/server-locations).(1) בחירת ספק VPN עם שרת הקרוב אליך תפחית את זמן האחזור של תעבורת הרשת שאתה שולח. הסיבה לכך היא מסלול קצר יותר (פחות דילוגים) ליעד. +{ .annotate } 1. נבדק אחרון: 2022-09-16 -??? success הצלחה "מבוקר באופן עצמאי" +אנחנו גם חושבים שעדיף לאבטחת המפתחות הפרטיים של ספק ה-VPN אם הם משתמשים ב[שרתים ייעודיים](https://en.wikipedia.org/wiki/Dedicated_hosting_service), במקום פתרונות משותפים זולים יותר (עם לקוחות אחרים) כמו [שרתים פרטיים וירטואליים](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN עבר ביקורת [ביקורת אי-תיעוד מ-Cure53](https://cure53.de/audit-report_ivpn.pdf) שהסתיימה בהסכמה עם תביעת האי - רישום של IVPN. IVPN גם השלים [דוח pentest מקיף Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) בינואר 2020. IVPN גם אמר שהם מתכננים לקבל [דוחות שנתיים]( https://www.ivpn.net/blog/independent-security-audit-concluded) בעתיד. בדיקה נוספת נערכה [באפריל 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) והופק על ידי Cure53 [באתר האינטרנט שלהם]( https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } נבדק באופן עצמאי -??? success הצלחה "לקוחות קוד פתוח" +IVPN [עבר ביקורת ללא רישום מ-](https://cure53.de/audit-report_ivpn.pdf)Cure53 שהסתיים בהסכמה עם טענת VPN ללא רישום. IVPN השלימה גם [דוח בדיקה מקיף ](https://cure53.de/summary-report_ivpn_2019.pdf)Cure53 בינואר 2020. IVPN גם אמר שהם מתכננים לקבל [דוחות שנתיים](https://www.ivpn.net/blog/independent-security-audit-concluded) בעתיד. סקירה נוספת נערכה [באפריל ](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/)2022 והופקה על ידי Cure53 [באתר האינטרנט שלהם](https://cure53.de/pentest-report_IVPN_2022.pdf). - החל מפברואר 2020 [יישומי IVPN הם כעת קוד פתוח](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). ניתן לקבל את קוד המקור מ[GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } לקוחות קוד פתוח -??? success "מקבל מזומן ומונרו" +החל מפברואר 2020 [יישומי IVPN הם כעת בקוד פתוח](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). קוד המקור ניתן לקבל מ[ארגון GitHub שלהם](https://github.com/ivpn). - בנוסף לקבלת כרטיסי אשראי/חיוב ו-PayPal, IVPN מקבל ביטקוין, **Monero** ו**מזומן/מטבע מקומי** (בתוכניות שנתיות) כאמצעי תשלום אנונימיים. +#### :material-check:{ .pg-green } מקבל מזומן ומונרו -??? success "תמיכה ב-WireGuard" +בנוסף לקבלת כרטיסי אשראי/חיוב ופייפאל, IVPN מקבל ביטקוין, **מונרו** ו**מזומן/מטבע מקומי** (בתוכניות שנתיות) כאמצעי תשלום אנונימיים. - IVPN תומך בפרוטוקול WireGuard®. [WireGuard](https://www.wireguard.com) הוא פרוטוקול חדש יותר שמשתמש ב[cryptography](https://www.wireguard.com/protocol/) חדישה. בנוסף, WireGuard שואפת להיות פשוטה וביצועית יותר. - - IVPN [recommends](https://www.ivpn.net/wireguard/) משתמש ב-WireGuard עם השירות שלהם, וככזה, הפרוטוקול הוא ברירת המחדל בכל האפליקציות של IVPN. IVPN מציע גם מחולל תצורת WireGuard לשימוש עם WireGuard הרשמי [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } תמיכה ב-WireGuard -??? success "העברת יציאות מרחוק" +IVPN תומך בפרוטוקול WireGuard®. [WireGuard](https://www.wireguard.com) הוא פרוטוקול חדש יותר המשתמש ב[קריפטוגרפיה](https://www.wireguard.com/protocol/) חדישה. בנוסף, WireGuard שואפת להיות פשוטה וביצועית יותר. - מרחוק [העברת יציאות](https://en.wikipedia.org/wiki/Port_forwarding) אפשרית עם תוכנית Pro. העברת יציאות [ניתן להפעיל](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) דרך אזור הלקוח. העברת פורט זמינה רק ב - IVPN בעת שימוש בפרוטוקולי WireGuard או OpenVPN והיא [מושבתת בשרתים בארה"ב]( https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [ממליצה](https://www.ivpn.net/wireguard/) להשתמש ב-WireGuard עם השירות שלהם, וככזה, הפרוטוקול הוא ברירת המחדל בכל האפליקציות של IVPN. IVPN מציע גם מחולל תצורה של WireGuard לשימוש עם [אפליקציות](https://www.wireguard.com/install/) WireGuard הרשמיות. -??? check "קליינטים ניידים" +#### :material-check:{ .pg-green } העברת פורטים מרחוק - בנוסף לאספקת קבצי תצורה סטנדרטיים של OpenVPN, ל-IVPN יש לקוחות ניידים עבור [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), ו [GitHub](https://github.com/ivpn/android-app/releases) המאפשרים חיבורים קלים לשרתים שלהם. +[העברת פורטים](https://en.wikipedia.org/wiki/Port_forwarding) מרחוק אפשרית עם תוכנית Pro. [ניתן להפעיל](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) פורטים מרחוק דרך אזור הלקוח. העברת פורטים זמינה רק ב-IVPN בעת שימוש בפרוטוקולי WireGuard או OpenVPN [ומושבתת בשרתים בארה"ב](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "פונקציונליות נוספת" +#### :material-check:{ .pg-green } לקוחות ניידים - תוכונת IVPN תומכים באימות דו - שלבי (הלקוחות של Mullvad לא תומכים). IVPN מספק גם פונקציונליות של "[AntiTracker](https://www.ivpn.net/antitracker)", שחוסמת רשתות פרסום ועוקבים מרמת הרשת. +בנוסף לאספקת קובצי תצורה סטנדרטיים של OpenVPN, ל-IVPN יש לקוחות ניידים עבור [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), ו- [GitHub](https://github.com/ivpn/android-app/releases) המאפשרים חיבורים קלים לשרתים שלהם. + +#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת + +תוכונת IVPN תומכים באימות דו - שלבי (הלקוחות של Mullvad לא תומכים). IVPN מספקת גם פונקציונליות של "[AntiTracker](https://www.ivpn.net/antitracker)", החוסמת רשתות פרסום ועוקבים מרמת הרשת. ### Mullvad @@ -172,55 +113,120 @@ icon: material/vpn - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 מדינות" +#### :material-check:{ .pg-green } 41 מדינות - ל-Mullvad יש [שרתים ב-41 מדינות](https://mullvad.net/servers/) (1). בחירת ספק VPN עם שרת הקרוב אליך תפחית את זמן האחזור של תעבורת הרשת שאתה שולח. הסיבה לכך היא מסלול קצר יותר (פחות דילוגים) ליעד. - - אנחנו גם חושבים שעדיף לאבטחת המפתחות הפרטיים של ספק ה-VPN אם הם משתמשים ב[שרתים ייעודיים](https://en.wikipedia.org/wiki/Dedicated_hosting_service), במקום פתרונות משותפים זולים יותר (עם לקוחות אחרים) כגון [ שרתים פרטיים וירטואליים](https://en.wikipedia.org/wiki/Virtual_private_server). +ל-Mullvad יש [שרתים ב-41 מדינות](https://mullvad.net/servers/).(1) בחירת ספק VPN עם שרת הקרוב אליך תפחית את זמן האחזור של תעבורת הרשת שאתה שולח. הסיבה לכך היא מסלול קצר יותר (פחות דילוגים) ליעד. +{ .annotate } 1. נבדק לאחרונה: 2022 -09 -16 -??? success הצלחה "מבוקר באופן עצמאי" +אנחנו גם חושבים שעדיף לאבטחת המפתחות הפרטיים של ספק ה-VPN אם הם משתמשים ב[שרתים ייעודיים](https://en.wikipedia.org/wiki/Dedicated_hosting_service), במקום פתרונות משותפים זולים יותר (עם לקוחות אחרים) כמו [שרתים פרטיים וירטואליים](https://en.wikipedia.org/wiki/Virtual_private_server). - לקוחות ה-VPN של Mullvad עברו ביקורת על ידי Cure53 ו-Assured AB בדוח בדיקה [פורסם בכתובת cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). חוקרי האבטחה הגיעו למסקנה: +#### :material-check:{ .pg-green } נבדק באופן עצמאי + +לקוחות ה-VPN של Mullvad נבדקו על ידי Cure53 ו-Assured AB בדו"ח חדיש [שפורסם ב-](https://cure53.de/pentest-report_mullvad_v2.pdf)cure53.de. חוקרי האבטחה הגיעו למסקנה: + +> Cure53 ו-Assured AB מרוצים מתוצאות הביקורת והתוכנה משאירה רושם חיובי כללי. עם מסירות אבטחה של הצוות הפנימי במתחם ה-VPN של Mullvad, לבודקים אין ספק לגבי הפרויקט בדרך הנכונה מבחינה אבטחה. + +בשנת 2020 [הוכרזה](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) ביקורת שנייה ו[דוח הביקורת הסופי](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) הפך לזמין באתר האינטרנט של Cure53: + +> התוצאות של פרויקט מאי-יוני 2020 המתמקד במתחם Mullvad הן חיוביות למדי. [...] המערכת האקולוגית הכוללת של היישום המשמשת את Mullvad משאירה רושם קול ומובנה. המבנה הכללי של היישום מקל על גלגול תיקונים ותיקונים באופן מובנה. יותר מכל, הממצאים שנצפו על ידי Cure53 מדגימים את החשיבות של ביקורת מתמדת והערכה מחדש של וקטורי הדליפה הנוכחיים, על מנת להבטיח תמיד את פרטיותם של משתמשי הקצה. עם זאת, Mullvad עושה עבודה נהדרת בהגנה על משתמש הקצה מפני דליפות PII נפוצות וסיכונים הקשורים לפרטיות. + +בשנת 2021 [הוכרזה](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) ביקורת תשתית ו[דוח הביקורת הסופי](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) הפך לזמין באתר האינטרנט של Cure53. דוח נוסף הוזמן [ביוני 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) והוא זמין [ באתר של Assured's](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } לקוחות קוד פתוח + +Mullvad מספק את קוד המקור עבור לקוחות שולחן העבודה והנייד שלהם ב[ארגון GitHub שלהם](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } מקבל מזומן ומונרו + +Mullvad, בנוסף לקבל כרטיסי אשראי/חיוב ופייפאל, מקבל ביטקוין, ביטקוין מזומן, **מונרו** ו**מזומן/מטבע מקומי** כאמצעי תשלום אנונימיים. הם גם מקבלים סוויש והעברות בנקאיות. + +#### :material-check:{ .pg-green } תמיכה ב-WireGuard + +Mullvad תומך בפרוטוקול WireGuard®. [WireGuard](https://www.wireguard.com) הוא פרוטוקול חדש יותר המשתמש ב[קריפטוגרפיה](https://www.wireguard.com/protocol/) חדישה. בנוסף, WireGuard שואפת להיות פשוטה וביצועית יותר. + +Mullvad [ממליץ](https://mullvad.net/en/help/why-wireguard/) על השימוש ב-WireGuard עם השירות שלהם. זהו פרוטוקול ברירת המחדל או היחיד באפליקציות אנדרואיד, iOS, macOS ו-Linux של Mullvad, אך ב-Windows אתה צריך להפעיל את WireGuard [באופן ידני](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/). Mullvad מציע גם מחולל תצורה של WireGuard לשימוש עם [אפליקציות](https://www.wireguard.com/install/) הרשמיות של WireGuard. + +#### :material-check:{ .pg-green } תמיכה ב-IPv6 + +Mullvad תומך בעתיד של רשת [IPv6](https://en.wikipedia.org/wiki/IPv6). הרשת שלהם מאפשרת לך [לגשת לשירותים המתארחים ב-IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) בניגוד לספקים אחרים שחוסמים חיבורי IPv6. + +#### :material-check:{ .pg-green } העברת פורטים מרחוק + +[העברת פורטים](https://en.wikipedia.org/wiki/Port_forwarding) מרחוק מותרת לאנשים המבצעים תשלומים חד פעמיים, אך אסורה עבור חשבונות עם אמצעי תשלום חוזר/מבוסס מנוי. זאת כדי למנוע מ-Mullvad להיות מסוגל לזהות אותך על סמך השימוש שלך בנמל ופרטי המנוי המאוחסנים. ראה [העברת פורטים עם Mullvad VPN ](https://mullvad.net/help/port-forwarding-and-mullvad/) למידע נוסף. + +#### :material-check:{ .pg-green } לקוחות ניידים + +Mullvad פרסמה לקוחות [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) ו- [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), שניהם תומכים בממשק קל לשימוש, בניגוד לדרישה ממך להגדיר באופן ידני את חיבור ה-WireGuard שלך. לקוח אנדרואיד זמין גם ב-[GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת + +Mullvad מאוד שקוף לגבי אילו צמתים הם [בעלים או שוכרים](https://mullvad.net/en/servers/). הם משתמשים ב-[ShadowSocks](https://shadowsocks.org/) בתצורת ShadowSocks + OpenVPN שלהם, מה שהופך אותם לעמידות יותר בפני חומות אש עם [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) שמנסה לחסום VPNs. לכאורה, [סין צריכה להשתמש בשיטה אחרת כדי לחסום שרתי ShadowSocks ](https://github.com/net4people/bbs/issues/22). האתר של Mullvad נגיש גם דרך Tor בכתובת [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN לוגו](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 ו-Assured AB מרוצים מתוצאות הביקורת והתוכנה משאירה רושם חיובי כללי. עם מסירות אבטחה של הצוות הפנימי במתחם ה-VPN של Mullvad, לבודקים אין ספק לגבי הפרויקט בדרך הנכונה מבחינה אבטחה. + **Proton VPN** הוא מתחרה חזק בתחום ה-VPN, והם פועלים מאז 2016. Proton AG מבוססת בשוויץ ומציעה רמה מוגבלת בחינם, כמו גם אפשרות פרימיום מומלצת יותר. - בשנת 2020 [הוכרזה] ביקורת שנייה (https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) ו[דוח הביקורת הסופי](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) הפך זמין באתר האינטרנט של Cure53: + [:octicons-home-16: דף הבית](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="מדיניות פרטיות" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=תיעוד} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="קוד מקור" } - > התוצאות של פרויקט מאי-יוני 2020 המתמקד במתחם Mullvad הן חיוביות למדי. [...] המערכת האקולוגית הכוללת של היישום המשמשת את Mullvad משאירה רושם קול ומובנה. המבנה הכללי של היישום מקל על גלגול תיקונים ותיקונים באופן מובנה. יותר מכל, הממצאים שנצפו על ידי Cure53 מדגימים את החשיבות של ביקורת מתמדת והערכה מחדש של וקטורי הדליפה הנוכחיים, על מנת להבטיח תמיד את פרטיותם של משתמשי הקצה. עם זאת, Mullvad עושה עבודה נהדרת בהגנה על משתמש הקצה מפני דליפות PII נפוצות וסיכונים הקשורים לפרטיות. + ??? downloads "הורדות" - בשנת 2021 [הוכרזה] ביקורת תשתית [https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacyleaks-found-cure53s-infrastructure-audit/] ו [דוח הביקורת הסופי](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) הפך לזמין באתר האינטרנט של Cure53. דוח נוסף הוזמן [ביוני 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success הצלחה "לקוחות קוד פתוח" +#### :material-check:{ .pg-green } 67 מדינות - Mullvad מספקת את קוד המקור עבור הלקוחות שלהם בשולחן העבודה ובנייד בארגון שלהם [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +ל-Proton VPN יש [שרתים ב-67 מדינות](https://protonvpn.com/vpn-servers).(1) בחירת ספק VPN עם שרת הקרוב אליך תפחית את זמן האחזור של תעבורת הרשת שאתה שולח. הסיבה לכך היא מסלול קצר יותר (פחות דילוגים) ליעד. +{ .annotate } -??? success "מקבל מזומן ומונרו" +1. נבדק אחרון: 2022-09-16 - Mullvad, בנוסף לקבל כרטיסי אשראי/חיוב ו-PayPal, מקבל ביטקוין, ביטקוין מזומן, **Monero** ו**מזומן/מטבע מקומי** כאמצעי תשלום אנונימיים. הם גם מקבלים סוויש והעברות בנקאיות. +אנחנו גם חושבים שעדיף לאבטחת המפתחות הפרטיים של ספק ה-VPN אם הם משתמשים ב[שרתים ייעודיים](https://en.wikipedia.org/wiki/Dedicated_hosting_service), במקום פתרונות משותפים זולים יותר (עם לקוחות אחרים) כמו [שרתים פרטיים וירטואליים](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "תמיכה ב-WireGuard" +#### :material-check:{ .pg-green } נבדק באופן עצמאי - Mullvad תומך בפרוטוקול WireGuard®. [WireGuard](https://www.wireguard.com) הוא פרוטוקול חדש יותר שמשתמש ב[cryptography](https://www.wireguard.com/protocol/) חדישה. בנוסף, WireGuard שואפת להיות פשוטה וביצועית יותר. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) משתמש ב WireGuard בשירות שלהם. זהו פרוטוקול ברירת המחדל או הפרוטוקול היחיד באפליקציות Android, iOS, macOS ו - Linux של Mullvad, אך ב - Windows עליך [להפעיל ידנית](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad גם מציע גנרטור תצורה WireGuard לשימוש עם הרשמי [apps](https://www.wireguard.com/install/)./install/). +החל מינואר 2020, Proton VPN עבר ביקורת בלתי תלויה על ידי SEC Consult. SEC Consult מצא כמה נקודות תורפה בסיכון בינוני ונמוך ביישומי Windows, Android ו-iOS של Proton VPN, שכולן תוקנו כראוי על ידי Proton VPN לפני פרסום הדוחות. אף אחת מהבעיות שזוהו לא הייתה מספקת לתוקף גישה מרחוק למכשיר או לתעבורה שלך. אתה יכול להציג דוחות בודדים עבור כל פלטפורמה בכתובת [protonvpn.com](https://protonvpn.com/blog/open-source/). באפריל 2022 Proton VPN עבר [ביקורת נוספת](https://protonvpn.com/blog/no-logs-audit/) והדוח [הופק על ידי Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). [מכתב אישור](https://proton.me/blog/security-audit-all-proton-apps) סופק עבור האפליקציות של Proton VPN ב-9 בנובמבר 2021 על ידי [Securitum](https://research.securitum.com). -??? check "תמיכת IPv6" +#### :material-check:{ .pg-green } לקוחות קוד פתוח - Mullvad תומך בעתיד של הרשתות [IPv6](https://en.wikipedia.org/wiki/IPv6). הרשת שלהם מאפשרת לך [לגשת לשירותים המתארחים ב - IPv6]( https://mullvad.net/en/blog/2014/9/15/ipv6-support/) בניגוד לספקים אחרים שחוסמים חיבורי IPv6. +Proton VPN מספק את קוד המקור עבור לקוחות שולחן העבודה והנייד שלהם ב[ארגון GitHub](https://github.com/ProtonVPN) שלהם. -??? success "העברת יציאות מרחוק" +#### :material-check:{ .pg-green } מקבל מזומן - [העברת יציאות] (https://en.wikipedia.org/wiki/Port_forwarding) מרחוק מותרת לאנשים המבצעים תשלומים חד-פעמיים, אך אינה מותרת עבור חשבונות עם אמצעי תשלום חוזר/מבוסס מנוי. זה כדי למנוע מ - Mullvad להיות מסוגל לזהות אותך בהתבסס על השימוש שלך בפורט ופרטי המנוי המאוחסנים. ראה [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) לקבלת מידע נוסף. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? check "קליינטים ניידים" +#### :material-check:{ .pg-green } תמיכה ב-WireGuard - Mullvad פרסם את [App Store]( https://apps.apple.com/app/mullvad-vpn/id1488466513) ואת [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) לקוחות, שניהם תומכים בממשק קל לשימוש במקום לדרוש ממך להגדיר באופן ידני את חיבור WireGuard שלך. קליינט של אנדרואיד מפורסם גם ב [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN תומך בעיקר בפרוטוקול WireGuard®. [WireGuard](https://www.wireguard.com) הוא פרוטוקול חדש יותר המשתמש ב[קריפטוגרפיה](https://www.wireguard.com/protocol/) חדישה. בנוסף, WireGuard שואפת להיות פשוטה וביצועית יותר. -??? info "פונקציונליות נוספת" +Proton VPN [ממליץ](https://protonvpn.com/blog/wireguard/) על השימוש ב-WireGuard עם השירות שלהם. באפליקציות Windows, macOS, iOS, Android, ChromeOS ו-Android TV של Proton VPN, פרוטוקול WireGuard הוא ברירת המחדל; עם זאת, [תמיכה](https://protonvpn.com/support/how-to-change-vpn-protocols/) בפרוטוקול אינה קיימת באפליקציית הלינוקס שלהם. - Mullvad מאוד שקוף לגבי אילו צמתים הם [בעלים או שוכרים](https://mullvad.net/en/servers/). הם משתמשים ב-[ShadowSocks](https://shadowsocks.org/) בתצורת ShadowSocks + OpenVPN שלהם, מה שהופך אותם לעמידים יותר בפני חומות אש כאשר [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) מנסה כדי לחסום VPNs. לכאורה, [סין צריכה להשתמש בשיטה אחרת כדי לחסום שרתי ShadowSocks](https://github.com/net4people/bbs/issues/22). האתר של Mullvad נגיש גם דרך Tor בכתובת [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvad.mac7kwad.cn). +#### :material-alert-outline:{ .pg-orange } העברת פורטים מרחוק + +Proton VPN תומך כרגע רק ב[העברת פורטים](https://protonvpn.com/support/port-forwarding/) מרחוק ב-Windows, מה שעשוי להשפיע על יישומים מסוימים. במיוחד יישומי Peer - to - peer כמו לקוחות Torrent. + +#### :material-check:{ .pg-green } לקוחות ניידים + +בנוסף לאספקת קובצי תצורה סטנדרטיים של OpenVPN, ל-Proton VPN יש לקוחות ניידים עבור [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), ו- [GitHub](https://github.com/ProtonVPN/android-app/releases) המאפשרים חיבורים קלים לשרתים שלהם. + +#### :material-information-outline:{ .pg-blue } פונקציונליות נוספת + +תוכנות Proton VPN תומכים באימות דו-שלבי בכל הפלטפורמות מלבד לינוקס כרגע. ל - Proton VPN יש שרתים ומרכזי נתונים משלו בשוויץ, איסלנד ושוודיה. הם מציעים חסימת מודעות ודומיינים ידועים של תוכנות זדוניות שחוסמים באמצעות שירות ה - DNS שלהם. בנוסף, Proton VPN מציע גם שרתי "Tor" המאפשרים לך להתחבר בקלות לאתרי בצל, אך אנו עדיין ממליצים בחום להשתמש ב[דפדפן Tor הרשמי](https://www.torproject.org/) למטרה זו. + +#### :material-alert-outline:{ .pg-orange } תכונת Killswitch שבורה במחשבי Mac מבוססי אינטל + +קריסות מערכת [עשויות להתרחש](https://protonvpn.com/support/macos-t2-chip-kill-switch/) במחשבי Mac מבוססי אינטל בעת שימוש במתג ההרוג של VPN. אם אתם זקוקים לתכונה זו, ואתם משתמשים ב - Mac עם ערכת שבבים של Intel, כדאי לכם לשקול להשתמש בשירות VPN אחר. ## קריטריונים @@ -228,7 +234,7 @@ icon: material/vpn חשוב לציין ששימוש בספק VPN לא יהפוך אתכם לאנונימיים, אבל הוא ייתן לכם פרטיות טובה יותר במצבים מסוימים. VPN הוא לא כלי לפעילויות בלתי חוקיות. אל תסמכו על מדיניות "ללא תיעוד ". -**לידיעתך, איננו קשורים לאף אחד מהספקים שאנו ממליצים עליהם. זה מאפשר לנו לספק המלצות אובייקטיביות לחלוטין.** פיתחנו קבוצה ברורה של דרישות עבור כל ספק VPN שרוצה להיות מומלץ, כולל הצפנה חזקה, ביקורות אבטחה עצמאיות, טכנולוגיה מודרנית, ועוד. מומלץ להכיר את הרשימה לפני שבוחרים ספק אימייל, ולבצע מחקר משלך כדי לוודא שספק האימייל שבחרתם הוא הבחירה הנכונה עבורכם. +**לידיעתך, איננו קשורים לאף אחד מהספקים שאנו ממליצים עליהם. זה מאפשר לנו לספק המלצות אובייקטיביות לחלוטין.** בנוסף ל[הקריטריונים הסטנדרטיים שלנו](about/criteria.md), פיתחנו מערכת ברורה של דרישות עבור כל ספק VPN שרוצה מומלץ, כולל הצפנה חזקה, ביקורות אבטחה עצמאיות, טכנולוגיה מודרנית ועוד. מומלץ להכיר את הרשימה לפני שבוחרים ספק אימייל, ולבצע מחקר משלך כדי לוודא שספק האימייל שבחרתם הוא הבחירה הנכונה עבורכם. ### טכנולוגיה @@ -255,13 +261,13 @@ icon: material/vpn **מינימום כדי לעמוד בדרישות:** -- Monero או אפשרות תשלום במזומן. +- [מטבע קריפטוגרפי אנונימי](cryptocurrency.md) **או** אפשרות תשלום במזומן. - אין צורך במידע אישי כדי להירשם: רק שם משתמש, סיסמה ודוא"ל לכל היותר. **המקרה הטוב ביותר:** -- מקבל Monero, מזומן וצורות אחרות של מטבעות קריפטוגרפיים ו/או אפשרויות תשלום אנונימיות (כרטיסי מתנה וכו') -- לא התקבל מידע אישי (שם משתמש שנוצר באופן אוטומטי, אין צורך בדוא"ל וכו') +- מקבל [אפשרויות תשלום אנונימיות מרובות](advanced/payments.md). +- לא מתקבל מידע אישי (שם משתמש שנוצר אוטומטית, אין צורך באימייל וכו'). ### אבטחה @@ -319,5 +325,3 @@ VPN הוא חסר טעם אם הוא אפילו לא יכול לספק אבטח ### פונקציונליות נוספת אמנם לא דרישות קפדניות, אך ישנם כמה גורמים שבדקנו בעת קביעה על אילו ספקים להמליץ. אלה כוללים פונקציונליות של חסימת מודעות/חסימת מעקב, כנריות, חיבורי מולטי-הופ, תמיכת לקוחות מצוינת, מספר החיבורים המותרים בו זמנית וכו'. - ---8<-- "includes/abbreviations.he.txt" diff --git a/i18n/hi/404.md b/i18n/hi/404.md index ea8d0fb0..25c1c780 100644 --- a/i18n/hi/404.md +++ b/i18n/hi/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Not Found @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/criteria.md b/i18n/hi/about/criteria.md index 878a68e5..3084230b 100644 --- a/i18n/hi/about/criteria.md +++ b/i18n/hi/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/donate.md b/i18n/hi/about/donate.md index 00078478..8accd67a 100644 --- a/i18n/hi/about/donate.md +++ b/i18n/hi/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/index.md b/i18n/hi/about/index.md index e62a6246..619406fe 100644 --- a/i18n/hi/about/index.md +++ b/i18n/hi/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/notices.md b/i18n/hi/about/notices.md index ba8c57dc..bb32edd5 100644 --- a/i18n/hi/about/notices.md +++ b/i18n/hi/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/privacy-policy.md b/i18n/hi/about/privacy-policy.md index 50f13af3..26c668d1 100644 --- a/i18n/hi/about/privacy-policy.md +++ b/i18n/hi/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/privacytools.md b/i18n/hi/about/privacytools.md index 629182c5..515c21f5 100644 --- a/i18n/hi/about/privacytools.md +++ b/i18n/hi/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/services.md b/i18n/hi/about/services.md index 47b16537..71f2c95b 100644 --- a/i18n/hi/about/services.md +++ b/i18n/hi/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/about/statistics.md b/i18n/hi/about/statistics.md index 57fc3201..8f17240c 100644 --- a/i18n/hi/about/statistics.md +++ b/i18n/hi/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/advanced/communication-network-types.md b/i18n/hi/advanced/communication-network-types.md index ee4dba11..1f07a2c4 100644 --- a/i18n/hi/advanced/communication-network-types.md +++ b/i18n/hi/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/advanced/dns-overview.md b/i18n/hi/advanced/dns-overview.md index f8bee757..b47af280 100644 --- a/i18n/hi/advanced/dns-overview.md +++ b/i18n/hi/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/advanced/payments.md b/i18n/hi/advanced/payments.md new file mode 100644 index 00000000..7e046ecd --- /dev/null +++ b/i18n/hi/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/hi/advanced/tor-overview.md b/i18n/hi/advanced/tor-overview.md index 391dcf44..dd9d2a95 100644 --- a/i18n/hi/advanced/tor-overview.md +++ b/i18n/hi/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.hi.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/hi/android.md b/i18n/hi/android.md index c7b2365e..3da86daa 100644 --- a/i18n/hi/android.md +++ b/i18n/hi/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/basics/account-creation.md b/i18n/hi/basics/account-creation.md index 1c3411fd..afa5d429 100644 --- a/i18n/hi/basics/account-creation.md +++ b/i18n/hi/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/basics/account-deletion.md b/i18n/hi/basics/account-deletion.md index c56e5fd7..2498d604 100644 --- a/i18n/hi/basics/account-deletion.md +++ b/i18n/hi/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/basics/common-misconceptions.md b/i18n/hi/basics/common-misconceptions.md index 2063c099..41997417 100644 --- a/i18n/hi/basics/common-misconceptions.md +++ b/i18n/hi/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.hi.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/hi/basics/common-threats.md b/i18n/hi/basics/common-threats.md index 63a0da87..e278c0cb 100644 --- a/i18n/hi/basics/common-threats.md +++ b/i18n/hi/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.hi.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/hi/basics/email-security.md b/i18n/hi/basics/email-security.md index e8486545..f0c2fb57 100644 --- a/i18n/hi/basics/email-security.md +++ b/i18n/hi/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/basics/multi-factor-authentication.md b/i18n/hi/basics/multi-factor-authentication.md index cb0fd3d5..ae57848d 100644 --- a/i18n/hi/basics/multi-factor-authentication.md +++ b/i18n/hi/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/basics/passwords-overview.md b/i18n/hi/basics/passwords-overview.md index 7eeecf90..6858d8b5 100644 --- a/i18n/hi/basics/passwords-overview.md +++ b/i18n/hi/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/basics/threat-modeling.md b/i18n/hi/basics/threat-modeling.md index 12e4631c..fc1b3b41 100644 --- a/i18n/hi/basics/threat-modeling.md +++ b/i18n/hi/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/basics/vpn-overview.md b/i18n/hi/basics/vpn-overview.md index cc8a6dc0..a1a007f5 100644 --- a/i18n/hi/basics/vpn-overview.md +++ b/i18n/hi/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/calendar.md b/i18n/hi/calendar.md index cbbbf3ef..bbcb033a 100644 --- a/i18n/hi/calendar.md +++ b/i18n/hi/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/cloud.md b/i18n/hi/cloud.md index 4c7bdf33..2bcc2596 100644 --- a/i18n/hi/cloud.md +++ b/i18n/hi/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/cryptocurrency.md b/i18n/hi/cryptocurrency.md new file mode 100644 index 00000000..ba06ba1e --- /dev/null +++ b/i18n/hi/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/hi/data-redaction.md b/i18n/hi/data-redaction.md index 6e399daa..961594a8 100644 --- a/i18n/hi/data-redaction.md +++ b/i18n/hi/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/desktop-browsers.md b/i18n/hi/desktop-browsers.md index 8e09bd84..1c21c296 100644 --- a/i18n/hi/desktop-browsers.md +++ b/i18n/hi/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.hi.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/hi/desktop.md b/i18n/hi/desktop.md index 5aa6085c..2db4d119 100644 --- a/i18n/hi/desktop.md +++ b/i18n/hi/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/dns.md b/i18n/hi/dns.md index af197583..a8cc21da 100644 --- a/i18n/hi/dns.md +++ b/i18n/hi/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.hi.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/hi/email-clients.md b/i18n/hi/email-clients.md index f8fa806a..eec0e292 100644 --- a/i18n/hi/email-clients.md +++ b/i18n/hi/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/email.md b/i18n/hi/email.md index f889db93..7ab4c31d 100644 --- a/i18n/hi/email.md +++ b/i18n/hi/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/encryption.md b/i18n/hi/encryption.md index 95f38ae1..ded8533b 100644 --- a/i18n/hi/encryption.md +++ b/i18n/hi/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/file-sharing.md b/i18n/hi/file-sharing.md index eda8ee23..3e79d791 100644 --- a/i18n/hi/file-sharing.md +++ b/i18n/hi/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/financial-services.md b/i18n/hi/financial-services.md new file mode 100644 index 00000000..480c924c --- /dev/null +++ b/i18n/hi/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/hi/frontends.md b/i18n/hi/frontends.md index ba452c96..7f245f41 100644 --- a/i18n/hi/frontends.md +++ b/i18n/hi/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/index.md b/i18n/hi/index.md index 98f3b7a6..8beca322 100644 --- a/i18n/hi/index.md +++ b/i18n/hi/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/kb-archive.md b/i18n/hi/kb-archive.md index bd5240aa..92daee33 100644 --- a/i18n/hi/kb-archive.md +++ b/i18n/hi/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/meta/brand.md b/i18n/hi/meta/brand.md index c69aebc0..53cb9ac4 100644 --- a/i18n/hi/meta/brand.md +++ b/i18n/hi/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/meta/git-recommendations.md b/i18n/hi/meta/git-recommendations.md index 29f47699..f59b5f81 100644 --- a/i18n/hi/meta/git-recommendations.md +++ b/i18n/hi/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/meta/uploading-images.md b/i18n/hi/meta/uploading-images.md index 993aeddc..55f136f8 100644 --- a/i18n/hi/meta/uploading-images.md +++ b/i18n/hi/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/meta/writing-style.md b/i18n/hi/meta/writing-style.md index 9d1a71dc..b9e47a71 100644 --- a/i18n/hi/meta/writing-style.md +++ b/i18n/hi/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/mobile-browsers.md b/i18n/hi/mobile-browsers.md index 372e6861..d7adee8f 100644 --- a/i18n/hi/mobile-browsers.md +++ b/i18n/hi/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/multi-factor-authentication.md b/i18n/hi/multi-factor-authentication.md index 0ca3889a..41030fe3 100644 --- a/i18n/hi/multi-factor-authentication.md +++ b/i18n/hi/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/news-aggregators.md b/i18n/hi/news-aggregators.md index cb274afb..2dad5ac0 100644 --- a/i18n/hi/news-aggregators.md +++ b/i18n/hi/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/notebooks.md b/i18n/hi/notebooks.md index c9a384a9..0739f668 100644 --- a/i18n/hi/notebooks.md +++ b/i18n/hi/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/os/android-overview.md b/i18n/hi/os/android-overview.md index 2c160eb4..a78631a2 100644 --- a/i18n/hi/os/android-overview.md +++ b/i18n/hi/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/os/linux-overview.md b/i18n/hi/os/linux-overview.md index f9fd41ec..8ec2c9e7 100644 --- a/i18n/hi/os/linux-overview.md +++ b/i18n/hi/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/os/qubes-overview.md b/i18n/hi/os/qubes-overview.md index 03ead5d1..17b286b9 100644 --- a/i18n/hi/os/qubes-overview.md +++ b/i18n/hi/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/passwords.md b/i18n/hi/passwords.md index 60b444a1..e81f1186 100644 --- a/i18n/hi/passwords.md +++ b/i18n/hi/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/productivity.md b/i18n/hi/productivity.md index 9ceadc58..4490325d 100644 --- a/i18n/hi/productivity.md +++ b/i18n/hi/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/real-time-communication.md b/i18n/hi/real-time-communication.md index 0173ca22..68f9d767 100644 --- a/i18n/hi/real-time-communication.md +++ b/i18n/hi/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/router.md b/i18n/hi/router.md index 83ec4b44..a494c017 100644 --- a/i18n/hi/router.md +++ b/i18n/hi/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/search-engines.md b/i18n/hi/search-engines.md index 9c28c3d2..911525d7 100644 --- a/i18n/hi/search-engines.md +++ b/i18n/hi/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/tools.md b/i18n/hi/tools.md index 14260007..ef945a94 100644 --- a/i18n/hi/tools.md +++ b/i18n/hi/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/tor.md b/i18n/hi/tor.md index f7433836..ce93c961 100644 --- a/i18n/hi/tor.md +++ b/i18n/hi/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/video-streaming.md b/i18n/hi/video-streaming.md index e6979347..8f8ebd0b 100644 --- a/i18n/hi/video-streaming.md +++ b/i18n/hi/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hi/vpn.md b/i18n/hi/vpn.md index cc88b748..6bba2546 100644 --- a/i18n/hi/vpn.md +++ b/i18n/hi/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPNs do not provide anonymity" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.hi.txt" diff --git a/i18n/hu/404.md b/i18n/hu/404.md index 5897ccbe..5aa957fc 100644 --- a/i18n/hu/404.md +++ b/i18n/hu/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Nem Található @@ -13,5 +17,3 @@ Nem található az oldal, amit kerestél! Lehet, hogy ezek közül kerested vala - [Legjobb VPN Szolgáltatók](vpn.md) - [Privacy Guides Fórum](https://discuss.privacyguides.net) - [Blogunk](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/criteria.md b/i18n/hu/about/criteria.md index abd53f32..5697f9e3 100644 --- a/i18n/hu/about/criteria.md +++ b/i18n/hu/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/donate.md b/i18n/hu/about/donate.md index 90abeda8..d96f624f 100644 --- a/i18n/hu/about/donate.md +++ b/i18n/hu/about/donate.md @@ -40,7 +40,7 @@ A weboldalra érkező forgalom több száz gigabájtnyi adatot használ havonta, **Online Szolgáltatások** : -[Internetes szolgáltatásokat](https://privacyguides.net) üzemeltetünk a különböző adatvédelmi termékek teszteléséhez és bemutatásához amiket kedvelünk és [ajánlunk](../tools.md). Ezek közül néhányat nyilvánosan elérhetővé teszünk a közösségünk számára (SearXNG, Tor, stb.), néhányat pedig a csapatunk tagjai számára biztosítunk (e-mail, stb.). +[Internetes szolgáltatásokat](https://privacyguides.net) üzemeltetünk a különböző adatvédelmi termékek teszteléséhez és bemutatásához amiket kedvelünk és [ajánlunk](../tools.md). Ezek közül néhányat nyilvánosan elérhetővé teszünk a közösségünk számára (SearXNG, Tor, stb.), néhányat pedig a csapatunk tagjai számára biztosítunk (email, stb.). **Termékvásárlások** : @@ -48,5 +48,3 @@ A weboldalra érkező forgalom több száz gigabájtnyi adatot használ havonta, Alkalmanként vásárolunk termékeket és szolgáltatásokat az [ajánlott eszközeink](../tools.md) tesztelése céljából. Még mindig dolgozunk a pénzügyi házigazdánkkal (az Open Collective Foundation-nel), hogy fogadni tudjunk kriptovaluta adományokat, jelenleg a könyvelés sok kisebb tranzakció esetében kivitelezhetetlen, de ez a jövőben valószínűleg változni fog. Addig is, ha szeretnél egy nagyobb összegű (> $100) kriptovaluta adományt tenni, kérjük, írj a [jonah@privacyguides.org](mailto:jonah@privacyguides.org) címre. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/index.md b/i18n/hu/about/index.md index 0ab39295..8d79c5f6 100644 --- a/i18n/hu/about/index.md +++ b/i18n/hu/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "A Privacy Guides-ról" +description: A Privacy Guides egy szociálisan motivált weboldal, amely információkat nyújt az adatbiztonság és a magánélet védelméről. --- -A **Privacy Guides** egy szociálisan motivált weboldal, amely az adatbiztonságról és az adatvédelemről nyújt tájékoztatást. Mi egy non-profit csoport vagyunk, ameit teljes egészében önkéntes [csapattagok](https://discuss.privacyguides.net/g/team) és közreműködők működtetnek. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: A projekt támogatása](donate.md ""){.md-button.md-button--primary} +A **Privacy Guides** egy szociálisan motivált weboldal, amely [információkat nyújt](/kb) az adatbiztonság és a magánélet védelméről. Mi egy non-profit csoport vagyunk, ameit teljes egészében önkéntes [csapattagok](https://discuss.privacyguides.net/g/team) és közreműködők működtetnek. Weboldalunk reklámoktól mentes, és nem áll kapcsolatban egy említett szolgáltatóval sem. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Honlap } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Forráskód" } +[:octicons-heart-16:](donate.md){ .card-link title=Közreműködés } + +A Privacy Guides célja, hogy tájékoztassa közösségünket az online adatvédelem és magánélet fontosságáról és nemzetközi kormányzati programokról, amelyek célja az összes online tevékenységed nyomon követése. + +> Hogy [adatvédelemre összpontosító alternatív] alkalmazásokat találj, tekints meg olyan oldalakat, mint a Good Reports és a **Privacy Guides**, amelyek adatvédelemre összpontosító alkalmazásokat sorolnak fel különböző kategóriákban, beleértve az olyan (általában fizetős) e-mail szolgáltatókat is, amelyeket nem big tech vállalatok üzemeltetnek. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> Ha egy új VPN-t keresel, akkor szinte bármelyik podcastban találsz egy kedvezménykódot. Ha egy **jó** VPN-t keresel, akkor profi segítségre van szükséged. Ugyanez vonatkozik e-mail kliensekre, böngészőkre, operációs rendszerekre és jelszókezelőkre. Honnan tudhatod, hogy melyik a legjobb, legbiztonságosabb, a magánéletet legjobban tisztelő választás? Ehhez van itt a **Privacy Guides**, egy olyan platform, amelyen számos önkéntes nap mint nap keresi a legjobb adatvédelmi eszközöket az interneten. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Hollandról Fordítva] + +Szintén szerepelt: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)] és [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## Történet + +A Privacy Guides 2021 szeptemberében indult a [kihalt](privacytools.md) "PrivacyTools" nyílt forráskódú tájékoztatási projekt folytatásaként. Felismertük a független, kritériumokra összpontosító termékajánlások és az általános ismeretek fontosságát az adatvédelmi térben, ezért kellett megőriznünk a 2015 óta oly sok közreműködő által létrehozott munkát, és gondoskodnunk kellett arról, hogy az információknak stabil otthont biztosítsunk a weben, nem meghatározott időre. + +2022-ben befejeztük a fő weboldal keretrendszerünk átállítását Jekyllről MkDocs-ra, az `mkdocs-material` dokumentációs szoftver használatával. Ez a változtatás jelentősen megkönnyítette a nyílt forráskódú hozzájárulásokat az oldalunkhoz kívülállók számára, mivel ahelyett, hogy bonyolult szintaxist kellene ismerni a hozzájárulások hatékony megírásához, a közreműködés mostantól annyira egyszerű, mint egy hagyományos Markdown dokumentum megírása. + +Emellett elindítottuk új vitafórumunkat a [discuss.privacyguides.net](https://discuss.privacyguides.net/) címen, amely közösségi platformként szolgál a küldetésünkkel kapcsolatos ötletek megosztására és kérdések feltevésére. Ez kiegészíti a Matrixon már meglévő közösségünket, és felváltja a korábbi GitHub Discussions platformunkat, csökkentve ezzel a jogvédett vitaplatformoktól való függőségünket. + +Eddig 2023-ban elindítottuk honlapunk nemzetközi fordításait [francia](/fr/), [héber](/he/), és [holland](/nl/) nyelveken, továbbiakkal készülőben, amit kiváló fordítócsapatunk tesz lehetővé a [Crowdin](https://crowdin.com/project/privacyguides)-on. Úgy tervezzük, hogy továbbra is folytatjuk a tájékoztató és oktató tevékenységünket, valamint hogy több módját találjuk meg annak, hogy még tisztábban kiemeljük az adatvédelmi tudatosság hiányának veszélyeit a modern digitális korban, valamint a biztonsági rések elterjedtségét és ártalmait a technológiai iparágban. ## Csapatunk @@ -48,9 +76,9 @@ A **Privacy Guides** egy szociálisan motivált weboldal, amely az adatbiztonsá - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Továbbá, [többen is](https://github.com/privacyguides/privacyguides.org/graphs/contributors) hozzá járultak a projekthez. Akár te is, nyílt forráskódúak vagyunk a GitHub-on! +Továbbá, [többen is](https://github.com/privacyguides/privacyguides.org/graphs/contributors) hozzájárultak a projekthez. Te is megteheted, nyílt forráskódúak vagyunk GitHubon, és fordítási javaslatokat fogadunk el [Crowdin](https://crowdin.com/project/privacyguides)-on. -Csapatunk tagjai felülvizsgálják a weboldalon végrehajtott összes változtatást, és olyan adminisztratív feladatokat látnak el, mint a webes üzemeltetés és a pénzügyek, azonban személyesen nem profitálnak a weboldalon tett hozzájárulásokból. Pénzügyi adatainkat átláthatóan az Open Collective Foundation 501(c)(3) szervezi az [opencollective.com/privacyguides](https://opencollective.com/privacyguides) címen. A Privacy Guides-nak adott adományok általában jogosultak adólevonásra az Egyesült Államokban. +Csapatunk tagjai felülvizsgálják a weboldalon végrehajtott összes változtatást, és olyan adminisztratív feladatokat látnak el, mint a webes üzemeltetés és a pénzügyek, azonban személyesen nem profitálnak a weboldalon tett hozzájárulásokból. Pénzügyi adatainkat átláthatóan az Open Collective Foundation 501(c)(3) szervezi az [opencollective.com/privacyguides](https://opencollective.com/privacyguides) címen. A Privacy Guides-nak adott adományok általában adólevonásra jogosultak az Egyesült Államokban. ## Webhelylicenc @@ -59,5 +87,3 @@ Csapatunk tagjai felülvizsgálják a weboldalon végrehajtott összes változta :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Eltérő megjegyzés hiányában a weboldal eredeti tartalma a [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE) alatt érhető el. Ez azt jelenti, hogy te szabadon másolhatod és terjesztheted az anyagot bármilyen médiumban vagy formátumban, bármilyen célból, akár kereskedelmi céllal is; feltéve, hogy megfelelően hivatkozol a `Privacy Guides (www.privacyguides.org)` címre, és biztosítasz egy linket a licenchez. Te **nem** használhatod a Privacy Guides márkajelzéseit saját projektedben ennek a projektnek a kifejezett jóváhagyása nélkül. Ha a weboldal tartalmát remixeled, átalakítod, vagy arra építesz, a módosított anyagot nem terjesztheted. Ez a licenc azért van érvényben, hogy megakadályozzuk, a munkánk megfelelő elismerés nélküli megosztását és félrevezetésre használt módosítását. Ha úgy találod, hogy a licenc feltételei túlságosan korlátozóak a projekthez, amelyen dolgozol, kérjük, fordulj hozzánk a `jonah@privacyguides.org` címen. Örömmel biztosítunk alternatív licencelési lehetőségeket jó szándékú projektek számára adatvédelmi térben! - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/notices.md b/i18n/hu/about/notices.md index 8661b83f..b1c37819 100644 --- a/i18n/hu/about/notices.md +++ b/i18n/hu/about/notices.md @@ -41,5 +41,3 @@ Kifejezett írásbeli hozzájárulás nélkül nem végezhetsz semmilyen sziszte * Scrapelés * Adatbányászat * 'Framelés' (IFramek) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/privacy-policy.md b/i18n/hu/about/privacy-policy.md index 4633a141..ea536d3c 100644 --- a/i18n/hu/about/privacy-policy.md +++ b/i18n/hu/about/privacy-policy.md @@ -1,5 +1,5 @@ --- -title: "Adatvédelmi Nyilatkozat" +title: "Adatvédelmi Tájékoztató" --- A Privacy Guides egy közösségi projekt, amelyet számos aktív önkéntes közreműködő működtet. A csapattagok nyilvános listája [megtalálható a GitHub-on](https://github.com/orgs/privacyguides/people). @@ -25,7 +25,7 @@ Az összegyűjtött adatok közé tartoznak a hivatkozási források, a legnéps Egyes általunk kínált weboldalon és szolgáltatáson számos funkcióhoz fiókra lehet szükség. Egy fórumplatformon például a témákhoz való posztoláshoz és hozzászóláshoz fiókra lehet szükség. -A legtöbb fiókhoz való regisztrációhoz egy nevet, felhasználónevet, e-mail címet és jelszót kell megadnod. Amennyiben egy weboldal az említett adatoknál több információt igényel, az egyértelműen jelezve lesz, és külön adatvédelmi nyilatkozatban lesz feltüntetve. +A legtöbb fiókhoz való regisztrációhoz egy nevet, felhasználónevet, email címet és jelszót kell megadnod. Amennyiben egy weboldal az említett adatoknál több információt igényel, az egyértelműen jelezve lesz, és külön adatvédelmi tájékoztatóban lesz feltüntetve. A fiókadataidat arra használjuk, hogy azonosítsunk a weboldalon, és hogy jellemző oldalakat, például a profiloldaladat létrehozzuk. A fiókadataidat arra is felhasználjuk, hogy nyilvános profilt tegyünk közzé számodra a szolgáltatásainkban. @@ -56,8 +56,6 @@ GDPR alá eső általános panaszok esetében a helyi adatvédelmi felügyeleti ## A Jelen Szabályzatról -A nyilatkozat bármely új verzióját [itt fogjuk közzétenni](privacy-policy.md). Előfordulhat, hogy a dokumentum jövőbeli verzióinál megváltoztatjuk a változások bejelentésének módját. Időközben bármikor frissíthetjük elérhetőségeinket anélkül, hogy a változást bejelentenénk. A legfrissebb elérhetőségekért kérjük, hivatkozz bármikor az [Adatvédelmi tájékoztatóra](privacy-policy.md). +A tájékoztató bármely új verzióját [itt fogjuk közzétenni](privacy-policy.md). Előfordulhat, hogy a dokumentum jövőbeli verzióinál megváltoztatjuk a változások bejelentésének módját. Időközben bármikor frissíthetjük elérhetőségeinket anélkül, hogy a változást bejelentenénk. A legfrissebb elérhetőségekért kérjük, hivatkozz bármikor az [Adatvédelmi Tájékoztatóra](privacy-policy.md). Az oldal teljes [előzménye](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) a GitHub-on található meg. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/privacytools.md b/i18n/hu/about/privacytools.md index 3a543f2b..f54fe722 100644 --- a/i18n/hu/about/privacytools.md +++ b/i18n/hu/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/services.md b/i18n/hu/about/services.md index ef8e061b..3d8eb6b0 100644 --- a/i18n/hu/about/services.md +++ b/i18n/hu/about/services.md @@ -36,5 +36,3 @@ Számos webes szolgáltatást futtatunk, hogy teszteljünk funkciókat és néps - Elérhetőség: Félig Nyilvános Az Invidioust elsősorban beágyazott YouTube-videók szolgáltatásához üzemeltetjük a webhelyünkön, ez az instance általános célú használatra nem szolgál, és bármikor korlátozható. - Forrás: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/about/statistics.md b/i18n/hu/about/statistics.md index 6ecfd148..4285a5af 100644 --- a/i18n/hu/about/statistics.md +++ b/i18n/hu/about/statistics.md @@ -59,5 +59,3 @@ title: Forgalom Statisztikák }) }) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/advanced/communication-network-types.md b/i18n/hu/advanced/communication-network-types.md index 0b376b8d..b8ed4ac7 100644 --- a/i18n/hu/advanced/communication-network-types.md +++ b/i18n/hu/advanced/communication-network-types.md @@ -1,11 +1,12 @@ --- title: "Kommunikációs Hálózatok Típusai" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- -Emberek közötti üzenetek továbbítására többféle hálózati architektúra használható. Ezek a hálózatok különböző magánéleti garanciákat nyújthatnak, ezért érdemes figyelembe venned a [védelmk modelledet](../basics/threat-modeling.md), amikor eldöntöd, hogy melyik alkalmazást fogod használni. +Személyek közötti üzenetek továbbítására többféle hálózati architektúra használható. Ezek a hálózatok különböző magánéleti garanciákat nyújthatnak, ezért érdemes figyelembe venned a [védelmk modelledet](../basics/threat-modeling.md), amikor eldöntöd, hogy melyik alkalmazást fogod használni. -[Recommended Instant Messengers](../real-time-communication.md ""){.md-button} +[Ajánlott Azonnali Üzenetküldők](../real-time-communication.md ""){.md-button} ## Központosított Hálózatok @@ -78,7 +79,7 @@ P2P networks do not use servers, as peers communicate directly between each othe - Some common messenger features may not be implemented or incompletely, such as message deletion. - Your IP address and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](../vpn.md) or [Tor](../tor.md). Many countries have some form of mass surveillance and/or metadata retention. -## Anoním Forgalomirányítás +## Anonim Forgalomirányítás ![Anoním forgalomirányítási diagram](../assets/img/layout/network-anonymous-routing.svg){ align=left } @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/advanced/dns-overview.md b/i18n/hu/advanced/dns-overview.md index 37445488..b47af280 100644 --- a/i18n/hu/advanced/dns-overview.md +++ b/i18n/hu/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/advanced/payments.md b/i18n/hu/advanced/payments.md new file mode 100644 index 00000000..7e046ecd --- /dev/null +++ b/i18n/hu/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/hu/advanced/tor-overview.md b/i18n/hu/advanced/tor-overview.md index 2e5d990e..6b3f89c2 100644 --- a/i18n/hu/advanced/tor-overview.md +++ b/i18n/hu/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- -title: "Tor Overview" +title: "Tor Áttekintés" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.hu.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/hu/android.md b/i18n/hu/android.md index cacaf736..8b518ba2 100644 --- a/i18n/hu/android.md +++ b/i18n/hu/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -320,11 +322,11 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. ### Operációs Rendszerek @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/basics/account-creation.md b/i18n/hu/basics/account-creation.md index 6e85bfaa..19433a61 100644 --- a/i18n/hu/basics/account-creation.md +++ b/i18n/hu/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/basics/account-deletion.md b/i18n/hu/basics/account-deletion.md index a5526014..c8033019 100644 --- a/i18n/hu/basics/account-deletion.md +++ b/i18n/hu/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Fiókok törlése" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/basics/common-misconceptions.md b/i18n/hu/basics/common-misconceptions.md index 43826ee5..4dcf1093 100644 --- a/i18n/hu/basics/common-misconceptions.md +++ b/i18n/hu/basics/common-misconceptions.md @@ -1,34 +1,35 @@ --- -title: "Common Misconceptions" +title: "Gyakori Tévhitek" icon: 'material/robot-confused' +description: Az adatvédelem nem egy egyszerű téma, és könnyű belekeveredni marketinges állításokba és egyéb dezinformációkba. --- -## "Open-source software is always secure" or "Proprietary software is more secure" +## "A nyílt forráskódú szoftverek mindig biztonságosak" vagy "A jogvédett szoftverek biztonságosabbak" -These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. +Ezek a mítoszok számos előítéletből fakadnak, de az, hogy a forráskód elérhető-e, és hogy a szoftverek licencelése hogyan történik, nem befolyásolja annak biztonságát semmilyen módon. ==A nyílt forráskódú szoftverek potenciálisan ** biztonságosabbak, mint a jogvédett szoftverek, de egyáltalán nem garantálható, hogy ez így is van.== Egy szoftver elbírálásánál az egyes eszközök hírnevét és biztonságát egyénileg kell megvizsgálni. -Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities into even large projects.[^1] +Nyílt forráskódú szoftverek felülvizsgál*hatók* harmadik felek által, és gyakran átláthatóbbak lehetséges sebezhetőségek esetében, mint a jogvédett szoftverek. Azt is lehetővé teszi, hogy felülvizsgáld a kódot, és letiltsd a gyanús funkciókat, amiket találsz. Azonban, *ha nem így teszel*, nincs garancia arra, hogy a kód valaha is el lett bírálva, különösen a kisebb szoftverprojektek esetében. A nyílt fejlesztési folyamat is ki lett használva arra, hogy új sebezhetőségeket építsenek be még nagyobb projektekbe is.[^1] -On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. +A másik oldalon a jogvédett szoftverek kevésbé átláthatóak, de ez nem jelenti azt, hogy nem biztonságosak. A nagyobb jogvédett szoftverprojektek belső és harmadik fél által is felülvizsgálhatók, és független biztonsági kutatók továbbra is találhatnak sebezhetőségeket olyan technikákkal, mint a reverse engineering. -To avoid biased decisions, it's *vital* that you evaluate the privacy and security standards of the software you use. +Az elfogult döntések elkerülése érdekében *létfontosságú*, hogy elbíráld az általad használt szoftverek adatvédelmi és biztonsági szabványait. -## "Shifting trust can increase privacy" +## "A bizalom áthelyezése növelheti a magánélet védelmét" -We talk about "shifting trust" a lot when discussing solutions like VPNs (which shift the trust you place in your ISP to the VPN provider). While this protects your browsing data from your ISP *specifically*, the VPN provider you choose still has access to your browsing data: Your data isn't completely secured from all parties. This means that: +Sokat beszélünk a "bizalom áthelyezéséről", amikor olyan megoldásokról beszélünk, mint a VPN-ek (amelyek az internetszolgáltatódba vetett bizalmat a VPN-szolgáltatóra helyezik át). Míg ez megvédi a böngészési adataid az internetszolgáltatódtól *konkrétan*, a választott VPN szolgáltató továbbra is hozzáfér a böngészési adatokhoz: Az adataid nincsenek teljesen védve minden féltől. Ez azt jelenti, hogy: -1. You must exercise caution when choosing a provider to shift trust to. -2. You should still use other techniques, like E2EE, to protect your data completely. Merely distrusting one provider to trust another is not securing your data. +1. Óvatosan kell eljárnod, amikor kiválasztasz egy szolgáltatót, akire áthelyezed a bizalmat. +2. Az adatok teljes védelme érdekében továbbra is egyéb technikákat kell alkalmaznod, például End-to-End titkosítást. Ha csak azért nem bízol egy szolgáltatóban, hogy egy másikban bíz, az nem jelenti az adataid védelmét. -## "Privacy-focused solutions are inherently trustworthy" +## "Az adatvédelemre összpontosító megoldások eredendően megbízhatóak" -Focusing solely on the privacy policies and marketing of a tool or provider can blind you to its weaknesses. When you're looking for a more private solution, you should determine what the underlying problem is and find technical solutions to that problem. For example, you may want to avoid Google Drive, which gives Google access to all of your data. The underlying problem in this case is lack of E2EE, so you should make sure that the provider you switch to actually implements E2EE, or use a tool (like [Cryptomator](../encryption.md#cryptomator-cloud)) which provides E2EE on any cloud provider. Switching to a "privacy-focused" provider (that doesn't implement E2EE) doesn't solve your problem: it just shifts trust from Google to that provider. +Ha kizárólag egy eszköz vagy szolgáltató adatvédelmi szabályzatára és marketingjére koncentrálsz, az elvakíthat annak gyengeségeivel szemben. Ha privát megoldást keresel, meg kell határozni, hogy mi az az mögött megbúvó probléma, és műszaki megoldásokat kell találni erre a problémára. Érdemes például elkerülni a Google Drive-ot, amely a Google számára hozzáférést biztosít az összes adatodhoz. A probléma ebben az esetben az End-to-End titkosítás hiánya, ezért meg kell győződnöd arról, hogy a szolgáltató, amelyre váltasz, valóban megvalósítja az End-to-End titkosítást, vagy olyan eszközt használsz (mint például a [Cryptomator](../encryption.md#cryptomator-cloud)), amely bármely felhőszolgáltatónál biztosítja az End-to-End titkosítást. Azzal, hogy egy "adatvédelemre összpontosító" szolgáltatóra váltasz (amely nem alkalmaz End-to-End titkoítást), nem oldja meg a problémádat: csak a bizalmat helyezi át a Google-tól az adott szolgáltatóra. -The privacy policies and business practices of providers you choose are very important, but should be considered secondary to technical guarantees of your privacy: You shouldn't shift trust to another provider when trusting a provider isn't a requirement at all. +Az általad választott szolgáltatók adatvédelmi irányelvei és üzleti gyakorlatai nagyon fontosak, de másodlagosnak kell tekinteni az adatvédelmed technikai garanciáihoz képest: Ne helyezd át a bizalmat egy másik szolgáltatóra, ha a szolgáltatóban való bizalom egyáltalán nem is szükséges. -## "Complicated is better" +## "A bonyolult jobb" -We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?" +Gyakran látjuk, hogy az emberek túlságosan összetett adatvédelmi védelmi modelleket írnak le. Ezek a megoldások gyakran olyan problémákat tartalmaznak, mint sok különböző email fiók vagy bonyolult felállások sok mozgó alkatrésszel és feltétellel. A válaszok általában a "Mi a legjobb módja, hogy *X*-t csinálj?" kérdésre adnak választ. Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips: @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.hu.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/hu/basics/common-threats.md b/i18n/hu/basics/common-threats.md index 708ae517..6f9a3cac 100644 --- a/i18n/hu/basics/common-threats.md +++ b/i18n/hu/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Gyakori veszélyek" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.hu.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/hu/basics/email-security.md b/i18n/hu/basics/email-security.md index 77db867d..f0c2fb57 100644 --- a/i18n/hu/basics/email-security.md +++ b/i18n/hu/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/basics/multi-factor-authentication.md b/i18n/hu/basics/multi-factor-authentication.md index 78176d0d..e2b40a9b 100644 --- a/i18n/hu/basics/multi-factor-authentication.md +++ b/i18n/hu/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication - Többlépcsős Hitelesítés" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/basics/passwords-overview.md b/i18n/hu/basics/passwords-overview.md index 8c7a57cb..06010013 100644 --- a/i18n/hu/basics/passwords-overview.md +++ b/i18n/hu/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/basics/threat-modeling.md b/i18n/hu/basics/threat-modeling.md index 3e2e5a94..fc1b3b41 100644 --- a/i18n/hu/basics/threat-modeling.md +++ b/i18n/hu/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/basics/vpn-overview.md b/i18n/hu/basics/vpn-overview.md index 774af759..a1a007f5 100644 --- a/i18n/hu/basics/vpn-overview.md +++ b/i18n/hu/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/calendar.md b/i18n/hu/calendar.md index d81f428d..6683d53e 100644 --- a/i18n/hu/calendar.md +++ b/i18n/hu/calendar.md @@ -1,6 +1,7 @@ --- title: "Naptár Szinkronizálás" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- A naptárak a legérzékenyebb adataidat tartalmazzák; használj at rest End-to-End titkosítást megvalósító termékeket, hogy megakadályozd, hogy a szolgáltató elolvassa ezeket. @@ -12,12 +13,12 @@ A naptárak a legérzékenyebb adataidat tartalmazzák; használj at rest End-to ![Tutanota logo](assets/img/calendar/tutanota.svg#only-light){ align=right } ![Tutanota logo](assets/img/calendar/tutanota-dark.svg#only-dark){ align=right } - **A **Tutanota** ingyenes és titkosított naptárat kínál a támogatott platformjain keresztül. A funkciók közé tartoznak: az összes adat automatikus End-to-End titkosítása, megosztási funkciók, import/export funkciók, multifaktoros hitelesítés és még [sok más](https://tutanota.com/calendar-app-comparison/). + **A **Tutanota** ingyenes és titkosított naptárat kínál a támogatott platformjain keresztül. A funkciók közé tartoznak: az összes adat automatikus End-to-End titkosítása, megosztási funkciók, import/export funkciók, többlépcsős hitelesítés és még [sok más](https://tutanota.com/calendar-app-comparison/). A több naptár és kiterjesztett megosztási funkciók csak a fizetett előfizetőknek elérhető. [:octicons-home-16: Honlap](https://tutanota.com/calendar){ .md-button .md-button--primary } - [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://tutanota.com/faq){ .card-link title=Documentáció} [:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Forráskód" } [:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Közreműködés } @@ -41,7 +42,7 @@ A naptárak a legérzékenyebb adataidat tartalmazzák; használj at rest End-to A **Proton Calendar** egy titkosított naptárszolgáltatás, amely a Proton-tagok számára webes vagy mobilklienseken keresztül érhető el. A funkciók közé tartoznak: az összes adat automatikus End-to-End titkosítása, megosztási funkciók, import/export funkciók és még [sok más](https://proton.me/support/proton-calendar-guide). Az ingyenes előfizetéssel rendelkezők egyetlen naptárhoz kapnak hozzáférést, míg a fizetett előfizetők akár 20 naptárat is létrehozhatnak. Kiterjesztett megosztási funkciók szintén csak a fizetett előfizetőknek elérhető. [:octicons-home-16: Honlap](https://proton.me/calendar){ .md-button .md-button--primary } - [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://proton.me/support/proton-calendar-guide){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Forráskód" } @@ -52,7 +53,7 @@ A naptárak a legérzékenyebb adataidat tartalmazzák; használj at rest End-to ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -67,5 +68,3 @@ A naptárak a legérzékenyebb adataidat tartalmazzák; használj at rest End-to A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretnénk látni egy tökéletes projekttől ebben a kategóriában. Előfordulhat, hogy ajánlásaink nem tartalmazzák az összes ilyen funkciót, de azok, amelyek igen, magasabb helyen szerepelhetnek, mint mások ezen az oldalon. - Adott esetben integrálódnia kell az operációs rendszer natív naptár- és névjegykezelő alkalmazásaival. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/cloud.md b/i18n/hu/cloud.md index caa4d400..324fe563 100644 --- a/i18n/hu/cloud.md +++ b/i18n/hu/cloud.md @@ -1,6 +1,7 @@ --- title: "Felhőtárhely" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Sok felhőalapú tárhelyszolgáltatónak elvárása a teljes bizalmad abban, hogy nem fogják megnézni a fájljaidat. Az lent felsorolt alternatívák kiküszöbölik a bizalom szükségességét azáltal, hogy a te kezedbe helyezik az adataid fölötti kontrollt, vagy End-to-End titkosítást használnak. @@ -17,10 +18,10 @@ Ha ezek az alternatívák nem felelnek meg az igényeidnek, javasoljuk, hogy tek ![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right } - A **Proton Drive** egy End-to-End titkosított általános fájltároló szolgáltatás a népszerű titkosított e-mail szolgáltatótól a [Proton Mail](https://proton.me/mail)-től. + A **Proton Drive** egy End-to-End titkosított általános fájltároló szolgáltatás a népszerű titkosított email szolgáltatótól a [Proton Mail](https://proton.me/mail)-től. [:octicons-home-16: Honlap](https://proton.me/drive){ .md-button .md-button--primary } - [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://proton.me/support/drive){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Forráskód" } @@ -29,11 +30,10 @@ Ha ezek az alternatívák nem felelnek meg az igényeidnek, javasoljuk, hogy tek - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -A Proton Drive mobil kliensei 2022 decemberében jelentek meg, és még nem nyílt forráskódúak. Proton szokás szerint a forráskód közzétételét a termék első kiadásának utánra halasztja, és [a terveik szerint](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) 2023 végére teszi közzé a forráskódot. A Proton Drive asztali kliensek még fejlesztés alatt állnak. ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -43,7 +43,7 @@ A Proton Drive mobil kliensei 2022 decemberében jelentek meg, és még nem nyí - Végponttól végpontig terjedő titkosítást kell érvényesítenie. - Ingyenes csomagot vagy próbaidőszakot kell kínálnia a teszteléshez. -- Támogatnia kell TOTP vagy FIDO2 többfaktoros hitelesítés használatát, vagy Passkey bejelentkezéseket. +- Támogatnia kell TOTP vagy FIDO2 többlépcsős hitelesítés használatát, vagy Passkey bejelentkezéseket. - Olyan webes felületet kell kínálnia, amely támogat alapvető fájlkezelési funkciókat. - Lehetővé kell tennie az összes fájl/dokumentum egyszerű exportálását. - Szabványos, felülvizsgált titkosítást kell használnia. @@ -52,11 +52,9 @@ A Proton Drive mobil kliensei 2022 decemberében jelentek meg, és még nem nyí A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretnénk látni egy tökéletes projekttől ebben a kategóriában. Előfordulhat, hogy ajánlásaink nem tartalmazzák az összes ilyen funkciót, de azok, amelyek igen, magasabb helyen szerepelhetnek, mint mások ezen az oldalon. -- A klienseknek nyílt forráskódúnak kell lenniük. +- A klienseknek nyílt forráskódúaknak kell lenniük. - A klienseket teljes egészükben független harmadik félnek kell felülvizsgálnia. - Natív klienseket kell kínálnia Linux, Android, Windows, macOS és iOS rendszerekre. - Ezeknek a klienseknek integrálódniuk kell natív operációs rendszer eszközökkel, amik felhőtárhely szolgáltatóknak lettek létrehozva, például a Files alkalmazás integrációjával iOS-en, vagy a DocumentsProvider funkcióval Androidon. - Támogatnia kell az egyszerű fájlmegosztást más felhasználókkal. - Legalább alapvető fájlelőnézeti és szerkesztési funkciókat kell kínálnia a webes felületen. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/cryptocurrency.md b/i18n/hu/cryptocurrency.md new file mode 100644 index 00000000..06d7e760 --- /dev/null +++ b/i18n/hu/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Követelmények + +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. + +!!! example "Ez a szakasz új" + + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/hu/data-redaction.md b/i18n/hu/data-redaction.md index cee5392b..2bc754a3 100644 --- a/i18n/hu/data-redaction.md +++ b/i18n/hu/data-redaction.md @@ -1,11 +1,12 @@ --- title: "Adat és Metaadat Eltávolítás" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- -When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. +Fájlok megosztásakor ügyelj a kapcsolódó metaadatok eltávolítsára. A képfájlok gyakran tartalmaznak [Exif](https://en.wikipedia.org/wiki/Exif) adatokat. A fényképek időnként még GPS-koordinátákat is tartalmaznak a fájl metaadataiban. -## Desktop +## Asztal ### MAT2 @@ -13,13 +14,13 @@ When sharing files, be sure to remove associated metadata. Image files commonly ![MAT2 logo](assets/img/data-redaction/mat2.svg){ align=right } - **MAT2** is free software, which allows the metadata to be removed from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an [extension for Nautilus](https://0xacab.org/jvoisin/mat2/-/tree/master/nautilus), the default file manager of [GNOME](https://www.gnome.org), and [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin), the default file manager of [KDE](https://kde.org). + A **MAT2** ingyenes szoftver, amely lehetővé teszi a metaadatok eltávolítását kép, hang, torrent és dokumentum fájltípusokból. Egy parancssor eszközt és egy grafilus felhasználói felületet is biztosít egy [Nautilus](https://0xacab.org/jvoisin/mat2/-/tree/master/nautilus) és [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin) bővítményen keresztül, amik közül az előbbi a [GNOME](https://www.gnome.org), az utóbbi a [KDE](https://kde.org) alapértelmezett fájlkezelője. - On Linux, a third-party graphical tool [Metadata Cleaner](https://gitlab.com/rmnvgr/metadata-cleaner) powered by MAT2 exists and is [available on Flathub](https://flathub.org/apps/details/fr.romainvigier.MetadataCleaner). + Linuxon létezik egy harmadik féltől származó grafikus eszköz, a [Metadata Cleaner](https://gitlab.com/rmnvgr/metadata-cleaner), amely alapját a MAT2 adja, és ez [el is érhető a Flathubon](https://flathub.org/apps/details/fr.romainvigier.MetadataCleaner). - [:octicons-repo-16: Repository](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary } - [:octicons-info-16:](https://0xacab.org/jvoisin/mat2/-/blob/master/README.md){ .card-link title=Documentation} - [:octicons-code-16:](https://0xacab.org/jvoisin/mat2){ .card-link title="Source Code" } + [:octicons-repo-16: Adattár](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary } + [:octicons-info-16:](https://0xacab.org/jvoisin/mat2/-/blob/master/README.md){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://0xacab.org/jvoisin/mat2){ .card-link title="Forráskód" } ??? downloads @@ -36,13 +37,13 @@ When sharing files, be sure to remove associated metadata. Image files commonly ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ align=right } - **ExifEraser** is a modern, permissionless image metadata erasing application for Android. + Az **ExifEraser** egy modern, engedély nélküli képmetaadat-törlő alkalmazás Androidra. - It currently supports JPEG, PNG and WebP files. + Jelenleg támogatja a JPEG, PNG és WebP fájlokat. - [:octicons-repo-16: Repository](https://github.com/Tommy-Geenexus/exif-eraser){ .md-button .md-button--primary } - [:octicons-info-16:](https://github.com/Tommy-Geenexus/exif-eraser#readme){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/Tommy-Geenexus/exif-eraser){ .card-link title="Source Code" } + [:octicons-repo-16: Adattár](https://github.com/Tommy-Geenexus/exif-eraser){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/Tommy-Geenexus/exif-eraser#readme){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/Tommy-Geenexus/exif-eraser){ .card-link title="Forráskód" } ??? downloads @@ -50,21 +51,21 @@ When sharing files, be sure to remove associated metadata. Image files commonly - [:octicons-moon-16: Accrescent](https://accrescent.app/app/com.none.tom.exiferaser) - [:simple-github: GitHub](https://github.com/Tommy-Geenexus/exif-eraser/releases) -The metadata that is erased depends on the image's file type: +A törlésre kerülő metaadat a kép fájltípusától függ: -* **JPEG**: ICC Profile, Exif, Photoshop Image Resources and XMP/ExtendedXMP metadata will be erased if it exists. -* **PNG**: ICC Profile, Exif and XMP metadata will be erased if it exists. -* **WebP**: ICC Profile, Exif and XMP metadata will be erased if it exists. +* **JPEG**: ICC Profil, Exif, Photoshop Image Resources és XMP/ExtendedXMP metaadatok fognak törlődni, ha vannak. +* **PNG**: ICC Profil, Exif és XMP metaadatok fognak törlődni, ha vannak. +* **WebP**: ICC Profil, Exif és XMP metaadatok fognak törlődni, ha vannak. -After processing the images, ExifEraser provides you with a full report about what exactly was removed from each image. +A képek feldolgozása után ExifEraser teljes jelentést ad arról, hogy pontosan mit távolított el egyes képekről. -The app offers multiple ways to erase metadata from images. Namely: +Az alkalmazás többféle módszert nyújt metaadatokat törléséhez a képekről. Név szerint: -* You can share an image from another application with ExifEraser. -* Through the app itself, you can select a single image, multiple images at once, or even an entire directory. -* It features a "Camera" option, which uses your operating system's camera app to take a photo, and then it removes the metadata from it. -* It allows you to drag photos from another app into ExifEraser when they are both open in split-screen mode. -* Lastly, it allows you to paste an image from your clipboard. +* Az megoszthat egy képet egy másik alkalmazásból az ExifEraser-nek. +* Magán az alkalmazáson keresztül egyetlen képet, egyszerre több képet vagy akár egy egész könyvtárat is kiválaszthatsz. +* Rendelkezik egy "Kamera" opcióval, amely az operációs rendszer kameraalkalmazását használja egy fénykép készítéséhez, majd eltávolítja arról a metaadatokat. +* Lehetővé teszi, hogy fényképeket húzz át egy másik alkalmazásból az ExifEraser-be, ha mindkét app osztott képernyős módban van megnyitva. +* Végül, lehetővé teszi egy kép beillesztését a vágólapról. ### Metapho (iOS) @@ -72,10 +73,10 @@ The app offers multiple ways to erase metadata from images. Namely: ![Metapho logo](assets/img/data-redaction/metapho.jpg){ align=right } - **Metapho** is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location. + A **Metapho** egy egyszerű és letisztult megjelenítője fényképek metaadatainak, mint például dátum, fájlnév, méret, fényképező modell, zársebesség és helyszín. - [:octicons-home-16: Homepage](https://zininworks.com/metapho){ .md-button .md-button--primary } - [:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Privacy Policy" } + [:octicons-home-16: Honlap](https://zininworks.com/metapho){ .md-button .md-button--primary } + [:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Adatvédelmi Nyilatkozat" } ??? downloads @@ -87,12 +88,12 @@ The app offers multiple ways to erase metadata from images. Namely: ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ align=right } - **PrivacyBlur** is a free app which can blur sensitive portions of pictures before sharing them online. + A **PrivacyBlur** egy ingyenes alkalmazás, amely képes elmosni képek érzékeny részeit, mielőtt online megosztanád azokat. - [:octicons-home-16: Homepage](https://privacyblur.app/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Source Code" } + [:octicons-home-16: Honlap](https://privacyblur.app/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="Adatvédelmi Tájékoztató" } + [:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Forráskód" } ??? downloads @@ -101,9 +102,9 @@ The app offers multiple ways to erase metadata from images. Namely: !!! warning - You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, draw a box over the text. For this, we suggest apps like [Pocket Paint](https://github.com/Catrobat/Paintroid). + **Soha** ne használd a homályosítást [képekben lévő szöveg](https://bishopfox.com/blog/unredacter-tool-never-pixelation) szerkesztésére. Ha egy képen lévő szöveget szeretnél eltávolítani, rajzolj egy négyzetet a szöveg fölé. Ehhez olyan alkalmazásokat ajánlunk, mint a [Pocket Paint](https://github.com/Catrobat/Paintroid). -## Command-line +## Parancssor ### ExifTool @@ -111,14 +112,14 @@ The app offers multiple ways to erase metadata from images. Namely: ![ExifTool logo](assets/img/data-redaction/exiftool.png){ align=right } - **ExifTool** is the original perl library and command-line application for reading, writing, and editing meta information (Exif, IPTC, XMP, and more) in a wide variety of file formats (JPEG, TIFF, PNG, PDF, RAW, and more). + Az **ExifTool** az eredeti perl könyvtár és parancssor alkalmazás a metainformációk (Exif, IPTC, XMP stb.) olvasására, írására és szerkesztésére a legkülönbözőbb fájlformátumok (JPEG, TIFF, PNG, PDF, RAW stb.) esetében. - It's often a component of other Exif removal applications and is in most Linux distribution repositories. + Gyakran más Exif eltávolító alkalmazások része, és megtalálható a legtöbb Linux disztribúció addattáraiban. - [:octicons-home-16: Homepage](https://exiftool.org){ .md-button .md-button--primary } - [:octicons-info-16:](https://exiftool.org/faq.html){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/exiftool/exiftool){ .card-link title="Source Code" } - [:octicons-heart-16:](https://exiftool.org/#donate){ .card-link title=Contribute } + [:octicons-home-16: Honlap](https://exiftool.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://exiftool.org/faq.html){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/exiftool/exiftool){ .card-link title="Forráskód" } + [:octicons-heart-16:](https://exiftool.org/#donate){ .card-link title=Közreműködés } ??? downloads @@ -126,21 +127,19 @@ The app offers multiple ways to erase metadata from images. Namely: - [:simple-apple: macOS](https://exiftool.org) - [:simple-linux: Linux](https://exiftool.org) -!!! example "Deleting data from a directory of files" +!!! example "Adatok törlése egy fájlkönyvtárból" ```bash - exiftool -all= *.file_extension + exiftool -all= *.fájl_kiterjesztés ``` ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. -- Apps developed for open-source operating systems must be open-source. -- Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.hu.txt" +- Nyílt forráskódú operációs rendszerekre fejlesztett alkalmazásoknak nyílt forráskódúnak kell lenniük. +- Az alkalmazásoknak ingyenesnek kell lenniük, és nem tartalmazhatnak reklámokat vagy egyéb korlátozásokat. diff --git a/i18n/hu/desktop-browsers.md b/i18n/hu/desktop-browsers.md index af3b392f..a8b47efa 100644 --- a/i18n/hu/desktop-browsers.md +++ b/i18n/hu/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -224,11 +225,11 @@ These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashb ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. ### Minimum Requirements @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.hu.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/hu/desktop.md b/i18n/hu/desktop.md index b69e48aa..79662918 100644 --- a/i18n/hu/desktop.md +++ b/i18n/hu/desktop.md @@ -1,6 +1,7 @@ --- title: "Asztal/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -166,11 +167,11 @@ The Qubes OS operating system secures the computer by isolating subsystems (e.g. ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. Our recommended operating systems: @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/dns.md b/i18n/hu/dns.md index 54211872..81c5cc8b 100644 --- a/i18n/hu/dns.md +++ b/i18n/hu/dns.md @@ -1,28 +1,27 @@ --- title: "DNS Resolverek" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Használjak-e titkosított DNS-t?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. A titkosított DNS nem fog segíteni elrejteni a böngészési tevékenységedet. - Titkosított DNS-t harmadik féltől származó szerverekkel csak alapvető [DNS-blokkolás](https://en.wikipedia.org/wiki/DNS_blocking) megkerülésére kellene használni, ha biztos vagy benne, hogy nem lesz semmilyen következménye. A titkosított DNS nem fog segíteni elrejteni a böngészési tevékenységedet. - - [További információk a DNS-ről](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Ajánlott Szolgáltatók -| DNS Szolgáltatók | Adatvédelmi Nyilatkozat | Protokollok | Naplózás | ECS | Szűrés | +| DNS Szolgáltatók | Adatvédelmi Tájékoztató | Protokollok | Naplózás | ECS | Szűrés | | ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------- | ----------- | ----------------------------------------------------------------------------------------------------------------------------------------- | | [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Nyílt szöveg
DoH/3
DoT
DNSCrypt | Némi[^1] | Nem | Választott szerver alapján. A használt szűrőlista itt található. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | | [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Nyílt szöveg
DoH/3
DoT | Némi[^2] | Nem | Választott szerver alapján. | | [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Nyílt szöveg
DoH/3
DoT
DoQ | Választható[^3] | Nem | Választott szerver alapján. | | [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | Nem[^4] | Nem | Választott szerver alapján. A használt szűrőlista itt található. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | | [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Nyílt szöveg
DoH/3
DoT | Választható[^5] | Választható | Választott szerver alapján. | -| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Nyílt szöveg
DoH
DoT
DNSCrypt | Némi[^6] | Választható | Választott szerver alapján, Kártékiony szoftver blokkolás alapértelmezetten. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Nyílt szöveg
DoH
DoT
DNSCrypt | Némi[^6] | Választható | Választott szerver alapján, Kártékony szoftver blokkolás alapértelmezetten. | ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -30,7 +29,7 @@ icon: material/dns - Támogatnia kell a [DNSSEC](advanced/dns-overview.md#what-is-dnssec)-et. - [QNAME Minimalizáció](advanced/dns-overview.md#what-is-qname-minimization). -- Lehetővé teszi az [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) kikapcsolását. +- Lehetővé teszi az [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) letiltását. - Előnyben részesíti az [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods), vagy a geo-steering támogatását. ## Natív Operációs Rendszer Támogatás @@ -67,7 +66,7 @@ Egy titkosított DNS proxy szoftver helyi proxy-t biztosít a [titkosítatlan DN A **RethinkDNS** egy nyílt forráskódú Android kliens, amely támogatja a [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) és DNS Proxy funkciókat, valamint a DNS-válaszok gyorsítótárazását, a DNS-lekérdezések helyi naplózását, de használható tűzfalként is. [:octicons-home-16: Honlap](https://rethinkdns.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Forráskód" } @@ -112,7 +111,7 @@ Egy saját üzemeltetésű DNS-megoldás hasznos ellenőrzött platformokon, pé Az AdGuard Home egy kifinomult webes felületet kínál az betekintések megtekintéséhez és blokkolt tartalmak kezeléséhez. [:octicons-home-16: Honlap](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } - [:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Forráskód" } @@ -127,16 +126,14 @@ Egy saját üzemeltetésű DNS-megoldás hasznos ellenőrzött platformokon, pé A Pi-hole-t úgy tervezték, hogy egy Raspberry Pi-n lehessen üzemeltetni, de az nem korlátozott erre a hardverre. Az szoftver egy kifinomult webes felületet kínál az betekintések megtekintéséhez és blokkolt tartalmak kezeléséhez. [:octicons-home-16: Honlap](https://pi-hole.net/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Forráskód" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Közreműködés } ---8<-- "includes/abbreviations.hu.txt" - [^1]: Az AdGuard tárolja a DNS szervereik összesített teljesítményméréseit, nevezetesen az adott szerverhez érkező teljes kérések számát, a blokkolt kérések számát és a kérések feldolgozásának sebességét. Az elmúlt 24 órában igényelt domainek adatbázisát is eltárolják. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/hu/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: A Cloudflare csak azokat a korlátozott DNS-lekérdezési adatokat gyűjti és tárolja ami az 1.1.1.1 resolverhez érkezik. Az 1.1.1.1 resolver szolgáltatás nem naplóz személyes adatokat, és a korlátozott, személyazonosításra nem alkalmas lekérdezési adatok nagy részét csak 25 órán keresztül tárolja. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) -[^3]: A Control D csak az egyéni DNS-profilokkal rendelkező Premium resolverek esetében naplóz. Az ingyenes resolverek nem naplóznak adatokat. [https://controld.com/privacy](https://controld.com/privacy) +[^3]: A Control D csak az egyedi DNS-profilokkal rendelkező Premium resolverek esetében naplóz. Az ingyenes resolverek nem naplóznak adatokat. [https://controld.com/privacy](https://controld.com/privacy) [^4]: A Mullvad DNS szolgáltatása a Mullvad VPN előfizetői és nem előfizetői számára egyaránt elérhető. Az adatvédelmi irányelvük kifejezetten azt állítja, hogy semmilyen módon nem naplóznak DNS-kéréseket. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/) [^5]: A NextDNS beleegyezési alapon betekintési és naplózási funkciókat biztosíthat. A kiválasztott naplók megőrzési idejét és tárolási helyét is kiválaszthatod. Ha erre nincs külön kérés, akkor nem kerül naplózásra semmilyen adat. [https://nextdns.io/privacy](https://nextdns.io/privacy) [^6]: A Quad9 bizonyos adatokat a fenyegetések megfigyelése és elhárítása céljából gyűjt. Ezek az adatok ezután összekeverhetők és megoszthatók, például biztonsági kutatások céljából. A Quad9 nem gyűjt vagy rögzít IP-címeket vagy más, személyazonosításra alkalmasnak ítélt adatokat. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/) diff --git a/i18n/hu/email-clients.md b/i18n/hu/email-clients.md index e0a6c560..420600a1 100644 --- a/i18n/hu/email-clients.md +++ b/i18n/hu/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email kliensek" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -214,15 +215,15 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. ### Minimális Fenttartások -- Apps developed for open-source operating systems must be open-source. +- Nyílt forráskódú operációs rendszerekre fejlesztett alkalmazásoknak nyílt forráskódúnak kell lenniük. - Must not collect telemetry, or have an easy way to disable all telemetry. - Must support OpenPGP message encryption. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/email.md b/i18n/hu/email.md index 66cdcc63..6b4cf3c4 100644 --- a/i18n/hu/email.md +++ b/i18n/hu/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Szolgáltatások An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -376,11 +403,11 @@ For a more manual approach we've picked out these two articles: **Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you. -### Technology +### Technológia We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require. -**Minimum to Qualify:** +**Minimális Elvárások:** - Encrypts email account data at rest with zero-access encryption. - Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) standard. @@ -398,11 +425,11 @@ We regard these features as important in order to provide a safe and optimal ser - Catch-all or alias functionality for those who own their own domains. - Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. -### Privacy +### Adatvédelem -We prefer our recommended providers to collect as little data as possible. +Jobban szeretjük, ha az általunk ajánlott szolgáltatók a lehető legkevesebb adatot gyűjtik. -**Minimum to Qualify:** +**Minimális Elvárások:** - Protect sender's IP address. Filter it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. @@ -411,13 +438,13 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) -### Security +### Adatbiztonság Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. -**Minimum to Qualify:** +**Minimális Elvárások:** - Protection of webmail with 2FA, such as TOTP. - Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -440,46 +467,44 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. - Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). -- Bug-bounty programs and/or a coordinated vulnerability-disclosure process. +- Bug-bounty programok és/vagy összehangolt sebezhetőség-közzétételi folyamat. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) -### Trust +### Bizalom -You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. +You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? Az általunk ajánlott szolgáltatóktól elvárjuk, hogy nyilvánosak legyenek a tulajdonlásukról vagy vezetésükről. Szeretnénk továbbá gyakori átláthatósági jelentéseket látni, különösen a kormányzati kérelmek kezelésének módját illetően. -**Minimum to Qualify:** +**Minimális Elvárások:** -- Public-facing leadership or ownership. +- Nyilvános vezetés vagy tulajdonlás. **Best Case:** -- Public-facing leadership. -- Frequent transparency reports. +- Nyilvános vezetés. +- Gyakori átláthatósági jelentések. ### Marketing With the email providers we recommend we like to see responsible marketing. -**Minimum to Qualify:** +**Minimális Elvárások:** - Must self-host analytics (no Google Analytics, Adobe Analytics, etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. -Must not have any marketing which is irresponsible: +Nem használhat felelőtlen marketinget: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Az anonimitás 100%-os védelmének garantálása. Ha valaki azt állítja, hogy valami 100%-os, az azt jelenti, hogy nincs bizonyosság meghibásodásra. Tudjuk, hogy személyek elég könnyen és számos módon deanonimizálni tudják magukat, pl.: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc) -- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) +- [Böngésző fingerprintelés](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) **Best Case:** - Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. -### Additional Functionality +### További Funkciók While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/encryption.md b/i18n/hu/encryption.md index c3b7a8a9..31d78074 100644 --- a/i18n/hu/encryption.md +++ b/i18n/hu/encryption.md @@ -1,6 +1,7 @@ --- title: "Titkosító Szoftverek" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -203,7 +204,7 @@ Browser-based encryption can be useful when you need to encrypt a file but canno [:octicons-code-16:](https://github.com/sh-dv/hat.sh){ .card-link title="Source Code" } [:octicons-heart-16:](https://github.com/sh-dv/hat.sh#donations){ .card-link title="Donations methods can be found at the bottom of the website" } -## Command-line +## Parancssor Tools with command-line interfaces are useful for integrating [shell scripts](https://en.wikipedia.org/wiki/Shell_script). @@ -334,11 +335,11 @@ When encrypting with PGP, you have the option to configure different options in ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. ### Minimális Fenttartások @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/file-sharing.md b/i18n/hu/file-sharing.md index 73494415..1bc1eb61 100644 --- a/i18n/hu/file-sharing.md +++ b/i18n/hu/file-sharing.md @@ -1,6 +1,7 @@ --- title: "Fájlmegosztás és Szinkronizálás" icon: material/share-variant +description: Fedezd fel, hogyan oszthatod meg fájljaid privát módon készülékek között, barátaiddal és családtagjaiddal vagy névtelenül online. --- Fedezd fel, hogyan oszthatod meg fájljaid privát módon készülékek között, barátaiddal és családtagjaiddal vagy névtelenül online. @@ -48,7 +49,7 @@ ffsend upload --host https://send.vis.ee/ FÁJL ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -126,7 +127,7 @@ ffsend upload --host https://send.vis.ee/ FÁJL ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -144,5 +145,3 @@ A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretn - Van mobil kliense iOS és Android rendszerekre, amelyek legalább dokumentum előnézeteket támogatnak. - Támogatja fényképek biztonsági mentését iOS-ről és Androidról, és opcionálisan támogatja a fájl/mappa szinkronizálást Androidon. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/financial-services.md b/i18n/hu/financial-services.md new file mode 100644 index 00000000..739fb474 --- /dev/null +++ b/i18n/hu/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Pénzügyi Szolgáltatások +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Követelmények + +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. + +!!! example "Ez a szakasz új" + + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Követelmények + +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. + +!!! example "Ez a szakasz új" + + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/hu/frontends.md b/i18n/hu/frontends.md index 3506384f..c884f61b 100644 --- a/i18n/hu/frontends.md +++ b/i18n/hu/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontendek" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -249,11 +250,11 @@ When you are using a Piped instance, make sure to read the privacy policy of tha ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. Recommended frontends... @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/index.md b/i18n/hu/index.md index ac17d427..18bb7722 100644 --- a/i18n/hu/index.md +++ b/i18n/hu/index.md @@ -40,5 +40,3 @@ Megpróbálni az összes adatodat mindenkitől és mindig megvédeni nem praktik [:material-hand-coin-outline:](about/donate.md){ title="Támogasd a projektet" } Fontos, hogy egy olyan weboldal, mint a Privacy Guides, mindig naprakész maradjon. Szükségünk van arra, hogy a közönségünk figyelemmel kísérje az oldalunkon felsorolt alkalmazások frissítéseit, és kövesse az általunk ajánlott szolgáltatókkal kapcsolatos legújabb híreket. Nehéz lépést tartani az internet gyors tempójával, de mi megteszünk minden tőlünk telhetőt. Ha hibát észlelsz, úgy gondolod, hogy egy szolgáltatónak nem kellene szerepelnie a listán, észreveszed, hogy egy alkalmas szolgáltató hiányzik, úgy véled, hogy egy böngésző bővítmény már nem a legjobb választás, vagy ha bármilyen más problémát észlelsz, kérjük, jelezd nekünk. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/kb-archive.md b/i18n/hu/kb-archive.md index 072f926d..9faacbd9 100644 --- a/i18n/hu/kb-archive.md +++ b/i18n/hu/kb-archive.md @@ -1,6 +1,7 @@ --- title: TB Archívum icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Az Oldalak Át Lettek Helyezve a Blogokhoz @@ -14,5 +15,3 @@ Néhány oldal, amely korábban a tudásbázisunkban volt, most a blogunkon tal - [Biztonságos Adattörlés](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Metaadatok Eltávolításának Integrálása](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Konfigurációs Útmutató](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/meta/brand.md b/i18n/hu/meta/brand.md index abbf3cff..53cb9ac4 100644 --- a/i18n/hu/meta/brand.md +++ b/i18n/hu/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/meta/git-recommendations.md b/i18n/hu/meta/git-recommendations.md index 7237b78a..f59b5f81 100644 --- a/i18n/hu/meta/git-recommendations.md +++ b/i18n/hu/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/meta/uploading-images.md b/i18n/hu/meta/uploading-images.md index a08eac66..55f136f8 100644 --- a/i18n/hu/meta/uploading-images.md +++ b/i18n/hu/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/meta/writing-style.md b/i18n/hu/meta/writing-style.md index 0fcee20d..b9e47a71 100644 --- a/i18n/hu/meta/writing-style.md +++ b/i18n/hu/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/mobile-browsers.md b/i18n/hu/mobile-browsers.md index acdc7801..702a55dc 100644 --- a/i18n/hu/mobile-browsers.md +++ b/i18n/hu/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -170,11 +171,11 @@ Additional filter lists do slow things down and may increase your attack surface ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. ### Minimum Requirements @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/multi-factor-authentication.md b/i18n/hu/multi-factor-authentication.md index 7885770f..01ff9456 100644 --- a/i18n/hu/multi-factor-authentication.md +++ b/i18n/hu/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -64,11 +65,11 @@ Nitrokey's firmware is open-source, unlike the YubiKey. The firmware on modern N ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. #### Minimum Requirements @@ -130,15 +131,13 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. - Must be open-source software. - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/news-aggregators.md b/i18n/hu/news-aggregators.md index 4725fac7..2fff413c 100644 --- a/i18n/hu/news-aggregators.md +++ b/i18n/hu/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "Híraggregátorok" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -123,11 +124,11 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. - Must be open-source software. - Must operate locally, i.e. must not be a cloud service. @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/notebooks.md b/i18n/hu/notebooks.md index e0b1b6f2..1b7210b0 100644 --- a/i18n/hu/notebooks.md +++ b/i18n/hu/notebooks.md @@ -1,6 +1,7 @@ --- title: "Jegyzetfüzetek" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Kövesd nyomon jegyzeteid és naplóid anélkül, hogy harmadik félnek adnád át azokat. @@ -34,7 +35,7 @@ Ha jelenleg olyan alkalmazást használsz, mint az Evernote, a Google Keep vagy - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/) - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek) -A Joplin nem támogatja a jelszavas/PIN-kódos védelmet magához az [alkalmazáshoz vagy egyes jegyzetekhez és jegyzetfüzetekhez](https://github.com/laurent22/joplin/issues/289). Ettől függetlenül az adatok szállítás közben és a szinkronizáció helyén is titkosítva lesznek a főkulcs segítségével. Since January 2023, Joplin supports biometrics app lock for [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) and [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z). +A Joplin nem támogatja a jelszavas/PIN-kódos védelmet magához az [alkalmazáshoz vagy egyes jegyzetekhez és jegyzetfüzetekhez](https://github.com/laurent22/joplin/issues/289). Ettől függetlenül az adatok szállítás közben és a szinkronizáció helyén is titkosítva lesznek a főkulcs segítségével. 2023 januárjától a Joplin támogatja a biometrikus alkalmazászárat az [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) és a [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z) rendszerekhez. ### Standard Notes @@ -42,13 +43,13 @@ A Joplin nem támogatja a jelszavas/PIN-kódos védelmet magához az [alkalmazá ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right } - **Standard Notes** is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf). + A **Standard Notes** egy egyszerű és privát jegyzetkezelő alkalmazás, amely megkönnyíti és elérhetővé teszi a feljegyzéseid kezelését bárhol is legyél. Minden platformon End-to-End titkosítást, valamint erőteljes asztali élményt kínál témákkal és egyedi szerkesztőkkel. Emellett [felül is lett vizsgálva egy független fél által (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf). - [:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" } - [:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribute } + [:octicons-home-16: Honlap](https://standardnotes.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Forráskód" } + [:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Közreműködés } ??? downloads @@ -67,20 +68,20 @@ A Joplin nem támogatja a jelszavas/PIN-kódos védelmet magához az [alkalmazá ![Cryptee logo](./assets/img/notebooks/cryptee.svg#only-light){ align=right } ![Cryptee logo](./assets/img/notebooks/cryptee-dark.svg#only-dark){ align=right } - **Cryptee** is an open-source, web-based E2EE document editor and photo storage application. Cryptee is a PWA, which means that it works seamlessly across all modern devices without requiring native apps for each respective platform. + A **Cryptee** egy nyílt forráskódú, webalapú End-to-End titkosított dokumentumszerkesztő és fotótároló alkalmazás. A Cryptee egy PWA, ami azt jelenti, hogy minden modern eszközön zökkenőmentesen működik anélkül, hogy minden egyes platformra natív alkalmazás igényelne. - [:octicons-home-16: Homepage](https://crypt.ee){ .md-button .md-button--primary } - [:octicons-eye-16:](https://crypt.ee/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://crypt.ee/help){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/cryptee){ .card-link title="Source Code" } + [:octicons-home-16: Honlap](https://crypt.ee){ .md-button .md-button--primary } + [:octicons-eye-16:](https://crypt.ee/privacy){ .card-link title="Adatvédelmi Tájékoztató" } + [:octicons-info-16:](https://crypt.ee/help){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/cryptee){ .card-link title="Forráskód" } ??? downloads - [:octicons-globe-16: PWA](https://crypt.ee/download) -Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information. +A Cryptee 100MB tárhelyet kínál ingyenesen, fizetős lehetőséggel, ha többre lenne szükség. A regisztrációhoz nincs szükség e-mailre vagy más személyazonosításra alkalmas információra. -## Local notebooks +## Helyi Jegyzetfüzetek ### Org-mode @@ -88,28 +89,26 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si ![Org-mode logo](assets/img/notebooks/org-mode.svg){ align=right } - **Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](file-sharing.md#file-sync) tools. + Az **Org-mode** egy [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) a GNU Emacs számára. Az Org-mode jegyzetek vezetésére, teendő listák fenttartására, projektek tervezésére és dokumentumok írására szolgál egy gyors és hatékony nyílt szöveges rendszerrel. Szinkronizálás a [fájlszinkronizációs](file-sharing.md#file-sync) eszközökkel lehetséges. - [:octicons-home-16: Homepage](https://orgmode.org){ .md-button .md-button--primary } - [:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Documentation} - [:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" } - [:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Contribute } + [:octicons-home-16: Honlap](https://orgmode.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Forráskód" } + [:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Közreműködés } ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. -- Clients must be open-source. -- Any cloud sync functionality must be E2EE. -- Must support exporting documents into a standard format. +- A klienseknek nyílt forráskódúaknak kell lenniük. +- Minden felhőszinkronizálás funkciónak End-to-End titkosítottnak kell lennie. +- Támogatnia kell dokumentumok szabványos formátumba történő exportálását. -### Best Case +### Legjobb Esetben -- Local backup/sync functionality should support encryption. -- Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.hu.txt" +- A helyi mentési/szinkronizálási funkcióknak támogatniuk kell a titkosítást. +- A felhőalapú platformoknak támogatniuk kell a dokumentumok megosztását. diff --git a/i18n/hu/os/android-overview.md b/i18n/hu/os/android-overview.md index 3f3a63e7..e0a5a474 100644 --- a/i18n/hu/os/android-overview.md +++ b/i18n/hu/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Áttekintés icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Az Android egy biztonságos operációs rendszer, amely erős [app sandboxoló](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB) és egy robusztus [engedély](https://developer.android.com/guide/topics/permissions/overview) ellenőrző rendszerrel rendelkezik. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/os/linux-overview.md b/i18n/hu/os/linux-overview.md index 18334732..8ec2c9e7 100644 --- a/i18n/hu/os/linux-overview.md +++ b/i18n/hu/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/os/qubes-overview.md b/i18n/hu/os/qubes-overview.md index 9e19e9ce..2b667a1f 100644 --- a/i18n/hu/os/qubes-overview.md +++ b/i18n/hu/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: pg/qubes-os +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/passwords.md b/i18n/hu/passwords.md index 09e7aec2..aff33c71 100644 --- a/i18n/hu/passwords.md +++ b/i18n/hu/passwords.md @@ -1,6 +1,7 @@ --- title: "Jelszókezelők" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -105,11 +106,11 @@ Psono provides extensive documentation for their product. The web-client for Pso ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. #### Minimum Requirements @@ -193,7 +194,7 @@ KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-se Additionally, there is an offline-only version offered: [Strongbox Zero](https://apps.apple.com/app/strongbox-keepass-pwsafe/id1581589638). This version is stripped down in an attempt to reduce attack surface. -### Command-line +### Parancssor These products are minimal password managers that can be used within scripting applications. @@ -219,12 +220,10 @@ These products are minimal password managers that can be used within scripting a ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. - Cross-platformnak kell lennie. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/productivity.md b/i18n/hu/productivity.md index 30381019..c517cbb4 100644 --- a/i18n/hu/productivity.md +++ b/i18n/hu/productivity.md @@ -1,9 +1,10 @@ --- title: "Produktivitás Eszközök" icon: material/file-sign +description: A legtöbb online irodai programcsomag nem támogatja az End-to-End titkosítást, ami azt jelenti, hogy a felhőszolgáltató hozzáfér mindenhez, amit csinálsz. --- -A legtöbb online irodai programcsomag nem támogatja az End-to-End titkosítást, ami azt jelenti, hogy a felhőszolgáltató hozzáfér mindenhez, amit csinálsz. Az adatvédelmi nyilatkozat törvényileg védheti a jogaidat, de nem biztosít technikai hozzáférési korlátokat. +A legtöbb online irodai programcsomag nem támogatja az End-to-End titkosítást, ami azt jelenti, hogy a felhőszolgáltató hozzáfér mindenhez, amit csinálsz. Az adatvédelmi tájékoztató törvényileg védheti a jogaidat, de nem biztosít technikai hozzáférési korlátokat. ## Kollaborációs Platformok @@ -16,7 +17,7 @@ A legtöbb online irodai programcsomag nem támogatja az End-to-End titkosítás A **Nextcloud** egy ingyenes és nyílt forráskódú kliens-szerver szoftvercsomag, amellyel saját fájltárhely-szolgáltatásokat hozhatsz létre egy privát általad ellenőrzött szerveren. [:octicons-home-16: Honlap](https://nextcloud.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Forráskód" } [:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Közreműködés } @@ -44,14 +45,14 @@ A legtöbb online irodai programcsomag nem támogatja az End-to-End titkosítás A **CryptPad** egy a népszerű irodai eszközök privátra tervezett alternatívája. A webes szolgáltatás minden tartalma végponttól végpontig titkosított, és könnyen megosztható más felhasználókkal. [:octicons-home-16: Honlap](https://cryptpad.fr){ .md-button .md-button--primary } - [:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE/){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE/){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://docs.cryptpad.fr/){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Forráskód" } [:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Közremőködés } ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -71,7 +72,7 @@ A legtöbb online irodai programcsomag nem támogatja az End-to-End titkosítás A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretnénk látni egy tökéletes projekttől ebben a kategóriában. Előfordulhat, hogy ajánlásaink nem tartalmazzák az összes ilyen funkciót, de azok, amelyek igen, magasabb helyen szerepelhetnek, mint mások ezen az oldalon. - Fájlokat egy hagyományos fájlrendszerben kell tárolnia. -- Támogatnia kell TOTP vagy FIDO2 többfaktoros hitelesítés használatát, vagy Passkey bejelentkezéseket. +- Támogatnia kell TOTP vagy FIDO2 többlépcsős hitelesítés használatát, vagy Passkey bejelentkezéseket. ## Irodai Programcsomagok @@ -84,7 +85,7 @@ A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretn **A **LibreOffice** egy ingyenes és nyílt forráskódú irodai programcsomag széleskörű funkcionalitással. [:octicons-home-16: Honlap](https://www.libreoffice.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://documentation.libreoffice.org/en/english-documentation/){ .card-link title=Dokumentáció} [:octicons-code-16:](https://www.libreoffice.org/about-us/source-code){ .card-link title="Forráskód" } [:octicons-heart-16:](https://www.libreoffice.org/donate/){ .card-link title=Közreműködés } @@ -108,7 +109,7 @@ A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretn Az **OnlyOffice** egy felhőalapú, ingyenes és nyílt forráskódú irodai programcsomag, amely széleskörű funkciókkal rendelkezik, beleértve a Nextclouddal való integrációt is. [:octicons-home-16: Honlap](https://www.onlyoffice.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://help.onlyoffice.com/products/files/doceditor.aspx?fileid=5048502&doc=SXhWMEVzSEYxNlVVaXJJeUVtS0kyYk14YWdXTEFUQmRWL250NllHNUFGbz0_IjUwNDg1MDIi0){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://help.onlyoffice.com/products/files/doceditor.aspx?fileid=5048502&doc=SXhWMEVzSEYxNlVVaXJJeUVtS0kyYk14YWdXTEFUQmRWL250NllHNUFGbz0_IjUwNDg1MDIi0){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://helpcenter.onlyoffice.com/userguides.aspx){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/ONLYOFFICE){ .card-link title="Forráskód" } @@ -124,7 +125,7 @@ A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretn ### Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -152,5 +153,3 @@ A legjobb esetben alkalmazott követelményeink azt fejezik ki, hogy mit szeretn [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Publikus Példányok"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Forráskód" } - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/real-time-communication.md b/i18n/hu/real-time-communication.md index 33b34535..2f5e3ce5 100644 --- a/i18n/hu/real-time-communication.md +++ b/i18n/hu/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Videó streamelő kliensek" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -171,11 +172,11 @@ Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. - Must have open-source clients. - Must use E2EE for private messages by default. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/router.md b/i18n/hu/router.md index b9837eaa..e35d840a 100644 --- a/i18n/hu/router.md +++ b/i18n/hu/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Lejjebb bemutatunk néhány alternatív operációs rendszert, amelyek használhatók routereken, Wi-Fi hozzáférési pontokon stb. @@ -35,7 +36,7 @@ Az OPNsense eredetileg a [pfSense](https://en.wikipedia.org/wiki/PfSense) forkja ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" @@ -44,5 +45,3 @@ Az OPNsense eredetileg a [pfSense](https://en.wikipedia.org/wiki/PfSense) forkja - Nyílt forráskódúnak kell lennie. - Rendszeres frissítéseket kell kapnia. - Sokféle hardvert kell támogatnia. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/search-engines.md b/i18n/hu/search-engines.md index 3879232a..aaf0a3d3 100644 --- a/i18n/hu/search-engines.md +++ b/i18n/hu/search-engines.md @@ -1,6 +1,7 @@ --- title: "Keresőmotorok" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -88,11 +89,11 @@ Startpage's majority shareholder is System1 who is an adtech company. We don't b ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. ### Minimum Requirements @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/tools.md b/i18n/hu/tools.md index 9044bfea..d8ad6f31 100644 --- a/i18n/hu/tools.md +++ b/i18n/hu/tools.md @@ -3,6 +3,7 @@ title: "Adatvédelmi Eszközök" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- Ha valamilyen konkrét megoldást keresel, ezek a hardver- és szoftvereszközök amiket ajánlunk, különböző kategóriákban. Az általunk ajánlott adatvédelmi eszközöket elsősorban biztonsági funkciók alapján választottuk ki, további hangsúlyt fektetve a decentralizált és nyílt forráskódú eszközökre. Ezek számos védelmi modellre alkalmazhatók, globális tömeges megfigyelési programok elleni védelemtől kezdve, big tech cégek elkerüléstől, támadások enyhítéséig, de csak te tudod meghatározni, hogy a te igényeidek mi felel meg a legjobban. @@ -21,7 +22,7 @@ Ha további információt szeretnél megtudni az egyes projektekről, hogy miér
-1. Snowflake nem növeli az adatvédelmet, azonban lehetővé teszi, hogy könnyedén hozzájárulj a Tor-hálózathoz, és segíts a cenzúrázott hálózatokon lévő embereknek jobb adatvédelmet elérni. +1. Snowflake nem növeli az adatvédelmet, azonban lehetővé teszi, hogy könnyedén hozzájárulj a Tor-hálózathoz, és segíts a cenzúrázott hálózatokon lévő személyeknek jobb magánéletet elérni. [További információ :material-arrow-right-drop-circle:](tor.md) @@ -84,7 +85,7 @@ Ha további információt szeretnél megtudni az egyes projektekről, hogy miér
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Kliens)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Kliens)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Munka Profilok)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Támogatott Eszközök)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ Számos követelmény alapján [ajánlunk](dns.md#recommended-providers) több t [További információ :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Pénzügyi Szolgáltatások + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[További információ :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[További információ :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Keresőmotorok
@@ -226,9 +250,9 @@ Számos követelmény alapján [ajánlunk](dns.md#recommended-providers) több t
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ Számos követelmény alapján [ajánlunk](dns.md#recommended-providers) több t [További információ :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[További információ :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Adat és Metaadat Eltávolítás
@@ -272,7 +306,7 @@ Számos követelmény alapján [ajánlunk](dns.md#recommended-providers) több t - ![GNOME Evolution logo](assets/img/email-clients/evolution.svg){ .twemoji } [GNOME Evolution (Linux)](email-clients.md#gnome-evolution-gnome) - ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail-android) - ![Kontact logo](assets/img/email-clients/kontact.svg){ .twemoji } [Kontact (Linux)](email-clients.md#kontact-kde) -- ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP szabványos webmailben)](email-clients.md#mailvelope-browser) +- ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP hagyományos webmailben)](email-clients.md#mailvelope-browser) - ![NeoMutt logo](assets/img/email-clients/mutt.svg){ .twemoji } [NeoMutt (CLI)](email-clients.md#neomutt-cli)
@@ -344,7 +378,7 @@ Számos követelmény alapján [ajánlunk](dns.md#recommended-providers) több t [További információ :material-arrow-right-drop-circle:](frontends.md) -### Többfaktoros Hitelesítési Eszközök +### Többlépcsős Hitelesítési Eszközök
@@ -439,5 +473,3 @@ Számos követelmény alapján [ajánlunk](dns.md#recommended-providers) több t
[További információ :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/tor.md b/i18n/hu/tor.md index c1642f39..a7f57cab 100644 --- a/i18n/hu/tor.md +++ b/i18n/hu/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Hálózat" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ A **Tor** hálózat egy önkéntesek által üzemeltetett szerverekből álló c A Tor úgy működik, hogy az internetes forgalmadat ezeken az önkéntesek által üzemeltetett szervereken keresztül irányítja át, ahelyett, hogy közvetlen kapcsolatot létesítene a meglátogatni kívánt oldallal. Ez elrejti, hogy honnan érkezik a forgalom, és a kapcsolat útvonalában egyetlen szerver sem látja a teljes útvonalat, ahonnan a forgalom érkezik és ahová tart, ami azt jelenti, hogy még az általad csatlakozásra használt szerverek sem tudják megtörni az anonimitásodat. -
- ![Tor útvonal](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor útvonal](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor útvonal - Az útvonal nodejai csak azokat a szervereket látják, amelyekhez közvetlenül kapcsolódnak, például a "Belépő" node látja a te IP-címedet és a "Közép" node címét, de nem látja, hogy éppen melyik weboldalt látogatod.
-
- -- [További információ a Tor működéséről :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Csatlakozás a Torhoz @@ -76,7 +71,7 @@ A Tor böngészőt úgy tervezték, hogy megakadályozza az fingerprintelést, v - [:simple-appstore: App Store](https://apps.apple.com/us/app/orbot/id1609461599) - [:simple-github: GitHub](https://github.com/guardianproject/orbot/releases) -A forgalomelemző támadásokkal szembeni ellenállás érdekében fontold meg a *Célcím elszigetelés* engedélyezését a :material-menu: → **Beállítások** → **Connectivity** menüpontban. Ez egy teljesen más Tor útvonalat fog használni (különböző közép relay és kilépő nodeokokat) minden egyes domainhez, amelyhez csatlakozol. +A forgalomelemző támadásokkal szembeni ellenállás érdekében fontold meg a *Célcím elszigetelés* engedélyezését a :material-menu: → **Beállítások** → **Connectivity** menüpontban. Ez egy teljesen más Tor áramkört fog használni (különböző közép elosztó és kilépő csomópontokat) minden egyes domainhez, amelyhez csatlakozol. !!! tip "Tippek Androidhoz" @@ -86,7 +81,7 @@ A forgalomelemző támadásokkal szembeni ellenállás érdekében fontold meg a Minden verzió ugyanazzal az aláírással van tanusítva, így kompatibilisnek kéne egymással lenniük. -## Relayek and Hidak +## Elosztók and Hidak ### Snowflake @@ -97,7 +92,7 @@ A forgalomelemző támadásokkal szembeni ellenállás érdekében fontold meg a A **Snowflake** lehetővé teszi, hogy sávszélességet adományozz a Tor projektnek azáltal, hogy egy "Snowflake proxy"-t működtetsz a böngésződben. - Azok, akik cenzúra alatt állnak, Snowflake proxykat tudnak használni a Tor-hálózathoz való csatlakozáshoz. A Snowflake egy nagyszerű módja annak, hogy hozzájárulj a hálózathoz, még akkor is, ha nincs meg a technikai tudásod egy Tor relay vagy híd üzemeltetéséhez. + Azok, akik cenzúra alatt állnak, Snowflake proxykat tudnak használni a Tor-hálózathoz való csatlakozáshoz. A Snowflake egy nagyszerű módja annak, hogy hozzájárulj a hálózathoz, még akkor is, ha nincs meg a technikai tudásod egy Tor elosztó vagy híd üzemeltetéséhez. [:octicons-home-16: Honlap](https://snowflake.torproject.org/){ .md-button .md-button--primary } [:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Dokumentáció} @@ -117,8 +112,6 @@ A forgalomelemző támadásokkal szembeni ellenállás érdekében fontold meg a
Ha a beágyazás nem jelenik meg nálad, győződj meg róla, hogy nem blokkolod a harmadik féltől származó keretet a `torproject.org`-ról. Alternatív megoldásként látogasson el [erre az oldalra](https://snowflake.torproject.org/embed.html). -A Snowflake semmilyen módon nem növeli az magánéletedet, és a személyes böngésződön keresztül a Tor-hálózathoz kapcsolódni sem használatos. Ha azonban az internetkapcsolatod nincs cenzúrázva, érdemes megfontolni a futtatását, hogy cenzúrázott hálózatokban élő embereknek is segíts jobb magánéletet elérni. Nem kell aggódnod amiatt, hogy személyek milyen weboldalakhoz férnek hozzá a proxydon keresztül - a látható böngészési IP-címük majd megegyezik a Tor kilépő nodejukkal nem pedig tieddel. +A Snowflake semmilyen módon nem növeli az magánéletedet, és a személyes böngésződön keresztül a Tor-hálózathoz kapcsolódni sem használatos. Ha azonban az internetkapcsolatod nincs cenzúrázva, érdemes megfontolni a futtatását, hogy segíts cenzúrázott hálózatokon lévő személyeknek jobb magánéletet elérni. Nem kell aggódnod amiatt, hogy személyek milyen weboldalakhoz férnek hozzá a proxydon keresztül - a látható böngészési IP-címük majd megegyezik a Tor kilépő csomópontjukkal nem pedig tieddel. -Egy Snowflake proxy futtatása alacsony kockázatú, még inkább, mint egy Tor relay vagy híd futtatása, amelyek már eleve sem különösebben kockázatos vállalkozások. Ettől függetlenül még mindig forgalom kerül átküldésre a hálózatodon ami bizonyos szempontból hatással lehet arra, különösen, ha a hálózatod sávszélessége korlátozott. Győződj meg róla, hogy érted [hogyan működik a Snowflake](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) mielőtt eldöntöd, hogy futtatsz-e proxyt. - ---8<-- "includes/abbreviations.hu.txt" +Egy Snowflake proxy futtatása alacsony kockázatú, még inkább, mint egy Tor elosztó vagy híd futtatása, amelyek már eleve sem különösebben kockázatos vállalkozások. Ettől függetlenül még mindig forgalom kerül átküldésre a hálózatodon ami bizonyos szempontból hatással lehet arra, különösen, ha a hálózatod sávszélessége korlátozott. Győződj meg róla, hogy érted [hogyan működik a Snowflake](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) mielőtt eldöntöd, hogy futtatsz-e proxyt. diff --git a/i18n/hu/video-streaming.md b/i18n/hu/video-streaming.md index 004d1c16..060092f6 100644 --- a/i18n/hu/video-streaming.md +++ b/i18n/hu/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Videó Streamelés" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- A videó streamelő platformok használatakor az az elsődleges veszély, hogy a streaming-szokásaid és feliratkozás listáid felhasználhatók profilalkotásra rólad. Ezeket az eszközöket érdemes keverned egy [VPN](vpn.md)-nel vagy [Tor](https://www.torproject.org/)-ra, hogy megnehezítsd a felhasználás szokásaidról készített profilalkotást. @@ -16,7 +17,7 @@ A videó streamelő platformok használatakor az az elsődleges veszély, hogy a **A LBRY asztali kliens** segít videókat streamelni a LBRY hálózatról, és a feliratkozás listádat a saját LBRY tárcádban tárolni. [:octicons-home-16: Honlap](https://lbry.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://lbry.com/privacypolicy){ .card-link title="Adatvédelmi Nyilatkozat" } + [:octicons-eye-16:](https://lbry.com/privacypolicy){ .card-link title="Adatvédelmi Tájékoztató" } [:octicons-info-16:](https://lbry.com/faq){ .card-link title=Dokumentáció} [:octicons-code-16:](https://github.com/lbryio/lbry-desktop){ .card-link title="Forráskód" } @@ -40,13 +41,11 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** ## Követelmények -**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** A [szabványos kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki, hogy objektív ajánlásokat tudjunk tenni. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy projektet, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy ez a megfelelő választás számodra. !!! example "Ez a szakasz új" - Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Azon dolgozunk, hogy meghatározott követelményeket állapítsunk meg az oldalunk minden egyes szakaszára vonatkozóan, és ez még változhat. Ha bármilyen kérdésed van a követelményinkkel kapcsolatban, kérjük, [kérdezz a fórumon](https://discuss.privacyguides.net/latest), és ne feltételezd, hogy valamit nem vettünk figyelembe az ajánlásaink elkészítésekor, ha az nem szerepel itt. Számos tényezőt veszünk figyelembe és vitatunk meg, amikor egy projektet ajánlunk, és minden egyes tényező dokumentálása folyamatban lévő munka. - Nem igényelhet egy központi fiókot videók megtekintéséhez. - Elfogadható a decentralizált hitelesítés, mint például a mobiltárca privát kulcsán keresztül. - ---8<-- "includes/abbreviations.hu.txt" diff --git a/i18n/hu/vpn.md b/i18n/hu/vpn.md index aa12dfb6..5ed45e63 100644 --- a/i18n/hu/vpn.md +++ b/i18n/hu/vpn.md @@ -1,11 +1,20 @@ --- -title: "VPN Services" +title: "VPN Szolgáltatások" icon: material/vpn +description: Ezek a legjobb VPN-szolgáltatások az online magánéleted és biztonságod megvédéséhez. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "A VPN-ek nem nyújtanak anonimitást" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "A VPN-ek nem nyújtanak anonimitást" Egy VPN használata **nem** fogja anonimizálni a böngészési szokásaidat, és nem biztosít további védelmet nem biztonságos (HTTP) forgalomnak. @@ -13,82 +22,13 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. Ha több **biztonságot** keresel, mindig győződj meg arról, hogy a weboldalakhoz HTTPS használatával csatlakozol. Egy VPN nem helyettesít helyes biztonsági gyakorlatokat. - [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } + [A Tor Letöltése(https://www.torproject.org/){ .md-button .md-button--primary } [Tor Tévhitek és GYIK](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Ajánlott Szolgáltatók -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Az általunk ajánlott szolgáltatók titkosítást használnak, elfogadják a Monero-t, támogatják a WireGuard-ot és OpenVPN-t, valamint naplózásmentes irányelvekkel rendelkeznek. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -96,12 +36,12 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. ![IVPN logo](assets/img/vpn/ivpn.svg){ align=right } - **IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar. + Az **IVPN** egy másik prémium VPN szolgáltató, és 2009 óta vannak működésben. Az IVPN székhelye Gibraltáron található. - [:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" } + [:octicons-home-16: Honlap](https://www.ivpn.net/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Adatvédelmi Tájékoztató" } + [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Forráskód" } ??? downloads @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Ennek oka a célállomáshoz vezető rövidebb útvonal (kevesebb ugrás). +{ .annotate } -1. Last checked: 2022-09-16 +1. Utoljára ellenőrizve: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +Az IVPN támogatja a WireGuard® protokollt. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Emellett a WireGuard célja, hogy egyszerűbb és hatékonyabb legyen. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Az IVPN kliensei támogatják a kétfaktoros hitelesítést (a Mullvad kliensei nem). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -155,13 +96,13 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } - **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not have a free trial. + A **Mullvad** egy gyors és olcsó VPN, amely komoly hangsúlyt fektet az átláthatóságra és a biztonságra. **2009** óta vannak működésben. A Mullvad székhelye Svédországban van, és nem rendelkezik ingyenes próbaverzióval. - [:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary } - [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" } + [:octicons-home-16: Honlap](https://mullvad.net){ .md-button .md-button--primary } + [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Szolgáltatás" } + [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Adatvédelmi Tájékoztató" } + [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Forráskód" } ??? downloads @@ -172,152 +113,215 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Ennek oka a célállomáshoz vezető rövidebb útvonal (kevesebb ugrás). +{ .annotate } + +1. Utoljára ellenőrizve: 2023-01-19 + +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). + +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Emellett a WireGuard célja, hogy egyszerűbb és hatékonyabb legyen. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2023-01-19 - -??? success "Independently Audited" - - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + A **Proton VPN** egy erős pályázó a VPN-térben, és 2016 óta vannak működésben. A svájci székhelyű Proton AG egy korlátozott ingyenes előfizetést, valamint egy jobban felszerelt prémium opciót is kínál. - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + [:octicons-home-16: Honlap](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Adatvédelmi Tájékoztató" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Dokumentáció} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Forráskód" } - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + ??? downloads - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. - - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Ennek oka a célállomáshoz vezető rövidebb útvonal (kevesebb ugrás). +{ .annotate } -??? success "Accepts Cash and Monero" +1. Utoljára ellenőrizve: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +A Proton VPN átesett a SEC Consult független felülvizsálatán 2020 januárjában. A SEC Consult közepes és alacsony kockázatú sebezhetőségeket talált a Proton VPN Windows, Android és iOS alkalmazásaiban, amelyeket a Proton VPN a jelentések közzététele előtt "megfelelően kijavított". Az azonosított problémák egyike sem biztosított volna egy támadó számára távoli hozzáférést az eszközödhöz vagy forgalmadhoz. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Elfogad Készpénzt - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +A Proton VPN többnyire támogatja a WireGuard® protokollt. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Emellett a WireGuard célja, hogy egyszerűbb és hatékonyabb legyen. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Különösen Peer-to-Peer alkalmazások, mint Torrent-kliensek. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +A Proton VPN kliensek jelenleg a Linux kivételével minden platformon támogatják a kétlépcsős hitelesítést. A Proton VPN saját szerverekkel és adatközpontokkal rendelkezik Svájcban, Izlandon és Svédországban. A DNS-szolgáltatásukkal együtt reklámblokkolást és ismert kártékony szoftverek domainjeinek blokkolását is kínálják. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. Ha szükséged van erre a funkcióra, és Intel chipsettel rendelkező Mac-et használsz, akkor fontold meg egy másik VPN szolgáltatás használatát. ## Követelmények !!! danger - It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy. + Fontos megjegyezni, hogy egy VPN szolgáltató használata nem teszi téged anonimmá, de bizonyos helyzetekben jobb magánéletet biztosít. Egy VPN nem illegális tevékenységek eszköze. Ne hagyatkozz "no log" irányelvekre. -**Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible. +**Tartsd figyelemben, hogy nem állunk kapcsolatban az általunk ajánlott projektek egyikével sem. Ez lehetővé teszi számunkra, hogy teljesen objektív ajánlásokat tegyünk.** Az [alap kritériumaink mellett](about/criteria.md), egyértelmű követelményrendszert dolgoztunk ki minden olyan VPN-szolgáltató számára, amelyet ajánlani kívánunk, beleértve az erős titkosítást, független biztonsági felülvizsgálatokat, modern technológiát és még sok mást. Javasoljuk, hogy ismerkedj meg ezzel a listával, mielőtt kiválasztanál egy VPN-szolgáltatót, és végezz saját kutatásokat, hogy megbizonyosodj arról, hogy az általad választott VPN-szolgáltató a lehető legmegbízhatóbb. -### Technology +### Technológia -We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected. +Minden általunk ajánlott VPN-szolgáltatótól elvárjuk, hogy biztosítson OpenVPN konfigurációs fájlokat, amelyeket bármilyen kliensben használni lehet. **Ha** egy VPN saját egyedi klienst biztosít, akkor hálózati kapcsolat megszakadásakor az adatszivárgások megakadályozása miatt egy killswitch beépítését várjuk el. -**Minimum to Qualify:** +**Minimális Elvárások:** -- Support for strong protocols such as WireGuard & OpenVPN. -- Killswitch built in to clients. -- Multihop support. Multihopping is important to keep data private in case of a single node compromise. -- If VPN clients are provided, they should be [open-source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing. +- Olyan erős protokollok támogatása, mint a WireGuard és az OpenVPN. +- Kliensekbe beépített killswitch. +- Multihop támogatás. Multihopping is important to keep data private in case of a single node compromise. +- Ha biztosítva vannak VPN-kliensek, akkor azoknak [nyílt forráskódúaknak](https://en.wikipedia.org/wiki/Open_source) kell lenniük, épp mint a VPN-szoftver, ami általában beléjük van építve. Úgy véljük, hogy a [forráskód](https://en.wikipedia.org/wiki/Source_code) elérhetősége nagyobb átláthatóságot biztosít arról, hogy az eszközöd valójában mit csinál. -**Best Case:** +**Legjobb Esetben:** -- WireGuard and OpenVPN support. -- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.) -- Easy-to-use VPN clients -- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses. -- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble). +- WireGuard és OpenVPN támogatás. +- Killswitch jól konfigurálható beállításokkal (engedélyezés/tiltás bizonyos hálózatokon, indításkor stb.) +- Könnyen használható VPN kliensek +- [IPv6](https://en.wikipedia.org/wiki/IPv6) támogatása. Elvárjuk, hogy szerverek engedélyezzék az IPv6-on keresztül érkező kapcsolatokat, és lehetővé tegyék IPv6-címeken üzemeltetett szolgáltatások elérését. +- A [távoli port forwardolás](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) képessége segíti a P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) fájlmegosztó szoftverek használatát vagy egy szerver (pl. Mumble) üzemeltetése esetén a kapcsolatok létrehozását. -### Privacy +### Adatvédelem -We prefer our recommended providers to collect as little data as possible. Not collecting personal information on registration, and accepting anonymous forms of payment are required. +Jobban szeretjük, ha az általunk ajánlott szolgáltatók a lehető legkevesebb adatot gyűjtik. Sszemélyes adatok nem gyűjtése a regisztráció során, és anonim fizetési formák elfogadása elvárás. -**Minimum to Qualify:** +**Minimális Elvárások:** -- Monero or cash payment option. -- No personal information required to register: Only username, password, and email at most. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. +- A regisztrációhoz nincs szükség személyes adatokra: Csak felhasználónév, jelszó és legfeljebb email cím. -**Best Case:** +**Legjobb Esetben:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). -### Security +### Adatbiztonság -A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis. +Egy VPN értelmetlen, ha még megfelelő biztonságot sem tud nyújtani. Minden általunk ajánlott szolgáltatótól elvárjuk, hogy betartsa az OpenVPN kapcsolataikra vonatkozó jelenlegi biztonsági szabványokat. Ideális esetben alapértelmezés szerint jövőbelátóbb titkosítási sémákat használnának. Azt is elvárjuk, hogy egy független harmadik fél vizsgálja felül a szolgáltató biztonságát, ideális esetben nagyon átfogó módon és ismételten (évente). -**Minimum to Qualify:** +**Minimális Elvárások:** -- Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption. +- Erős Titkosítási Rendszerek: OpenVPN SHA-256 hitelesítssel; RSA-2048 vagy jobb handshake; AES-256-GCM vagy AES-256-CBC adattitkosítás. - Perfect Forward Secrecy (PFS). -- Published security audits from a reputable third-party firm. +- Közzétett biztonsági felülvizsgálatok egy megbízható harmadik feles cégtől. **Best Case:** -- Strongest Encryption: RSA-4096. +- Legerősebb Titkosítás: RSA-4096. - Perfect Forward Secrecy (PFS). -- Comprehensive published security audits from a reputable third-party firm. -- Bug-bounty programs and/or a coordinated vulnerability-disclosure process. +- Széleskürű és közzétett biztonsági felülvizsgálatok egy megbízható harmadik feles cégtől. +- Bug-bounty programok és/vagy összehangolt sebezhetőség-közzétételi folyamat. -### Trust +### Bizalom -You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. +A pénzügyeidet sem bíznád egy hamis személyazonosságú valakire, miért bíznád rá az internetes adataidat? Az általunk ajánlott szolgáltatóktól elvárjuk, hogy nyilvánosak legyenek a tulajdonlásukról vagy vezetésükről. Szeretnénk továbbá gyakori átláthatósági jelentéseket látni, különösen a kormányzati kérelmek kezelésének módját illetően. -**Minimum to Qualify:** +**Minimális Elvárások:** -- Public-facing leadership or ownership. +- Nyilvános vezetés vagy tulajdonlás. -**Best Case:** +**Legjobb Esetben:** -- Public-facing leadership. -- Frequent transparency reports. +- Nyilvános vezetés. +- Gyakori átláthatósági jelentések. ### Marketing -With the VPN providers we recommend we like to see responsible marketing. +Az általunk ajánlott VPN-szolgáltatóknál felelős marketinget szeretünk látni. -**Minimum to Qualify:** +**Minimális Elvárások:** -- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out. +- Saját üzemeltetésű analitikai rendszerrel kell rendelkeznie (azaz nem Google Analytics). A szolgáltató webhelyének szintén be kell tartania a [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) kéréseket is, a követést elutasítani kívánó személyek számára. -Must not have any marketing which is irresponsible: +Nem használhat felelőtlen marketinget: -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: - - Reusing personal information (e.g., email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc.) - - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) -- Claim that a single circuit VPN is "more anonymous" than Tor, which is a circuit of three or more hops that regularly changes. -- Use responsible language: i.e., it is okay to say that a VPN is "disconnected" or "not connected", however claiming that someone is "exposed", "vulnerable" or "compromised" is needless use of alarming language that may be incorrect. For example, that person might simply be on another VPN provider's service or using Tor. +- Az anonimitás 100%-os védelmének garantálása. Ha valaki azt állítja, hogy valami 100%-os, az azt jelenti, hogy nincs bizonyosság meghibásodásra. Tudjuk, hogy személyek elég könnyen és számos módon deanonimizálni tudják magukat, pl.: + - Olyan személyes adatok (pl. email fiókok, egyedi álnevek stb.) újrafelhasználása, amelyeket anonimitás szoftver (Tor, VPN stb.) nélkül értek el + - [Böngésző fingerprintelés](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) +- Azt állítja, hogy egy egyáramkörös VPN "anonimabb", mint a Tor, amely egy három vagy több ugrásból álló, rendszeresen változó áramkör. +- Használjon felelősségteljes nyelvezetet: pl. nyugodtan mondhatja, hogy egy VPN "lecsatlakozott" vagy "nincs csatlakoztatva", azonban azt állítani, hogy valaki "védtelen", "sebezhető" vagy "veszélyeztetett", az riasztó nyelvezet felesleges használata, ami lehet, hogy helytelen is. Lehet, hogy az illető egyszerűen csak egy másik VPN-szolgáltató szolgáltatását, vagy a Tor-t használja. -**Best Case:** +**Legjobb Esetben:** -Responsible marketing that is both educational and useful to the consumer could include: +A felelős marketing, amely egyszerre oktató és hasznos a fogyasztó számára, a következőket foglalhatja magában: -- An accurate comparison to when [Tor](tor.md) should be used instead. -- Availability of the VPN provider's website over a [.onion service](https://en.wikipedia.org/wiki/.onion) +- Pontos összehasonlítás, hogy mikor használandó a [Tor](tor.md) egy VPN helyett. +- A VPN szolgáltató weboldalának elérhetősége egy [.onion szolgáltatáson](https://en.wikipedia.org/wiki/.onion) keresztül -### Additional Functionality +### További Funkciók -While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.hu.txt" +Bár nem szigorúan követelmények, van néhány tényező, amelyet figyelembe vettünk, amikor eldöntöttük, hogy mely szolgáltatókat ajánljuk. Ezek közé tartozik a reklámblokkoló/tracker-blokkoló funkció, warrant canary-k, multihop kapcsolatok, kiváló ügyfélszolgálat, engedélyezett egyidejű kapcsolatok száma stb. diff --git a/i18n/id/404.md b/i18n/id/404.md index 008b57ea..e2432c79 100644 --- a/i18n/id/404.md +++ b/i18n/id/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Tidak Ditemukan @@ -13,5 +17,3 @@ Kami tidak dapat menemukan laman yang Anda cari! Mungkin Anda sedang mencari sal - [Penyedia VPN Terbaik](vpn.md) - [Forum Privacy Guides](https://discuss.privacyguides.net) - [Blog Kami](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/about/criteria.md b/i18n/id/about/criteria.md index 0533da31..850a79c1 100644 --- a/i18n/id/about/criteria.md +++ b/i18n/id/about/criteria.md @@ -1,42 +1,40 @@ --- -title: General Criteria +title: Kriteria Umum --- -!!! example "Work in Progress" +!!! contoh "Pekerjaan yang Sedang Berlangsung" - The following page is a work in progress, and does not reflect the full criteria for our recommendations at this time. Past discussion on this topic: [#24](https://github.com/privacyguides/privacyguides.org/discussions/24) + Halaman berikut ini masih dalam tahap pengembangan, dan tidak mencerminkan kriteria lengkap untuk rekomendasi kami saat ini. Diskusi sebelumnya tentang topik ini: [#24] (https://github.com/privacyguides/privacyguides.org/discussions/24) -Below are some things that must apply to all submissions to Privacy Guides. Each category will have additional requirements for inclusion. +Di bawah ini adalah beberapa hal yang harus diterapkan pada semua pengajuan ke Privacy Guides. Setiap kategori akan memiliki persyaratan tambahan untuk dimasukkan. -## Financial Disclosure +## Pengungkapan Keuangan -We do not make money from recommending certain products, we do not use affiliate links, and we do not provide special consideration to project donors. +Kami tidak menghasilkan uang dari merekomendasikan produk tertentu, kami tidak menggunakan tautan afiliasi, dan kami tidak memberikan pertimbangan khusus kepada para donatur proyek. -## General Guidelines +## Pedoman Umum -We apply these priorities when considering new recommendations: +Kami menerapkan prioritas ini ketika mempertimbangkan rekomendasi baru: -- **Secure**: Tools should follow security best-practices wherever applicable. +- **Aman**: Alat harus mengikuti praktik terbaik keamanan di mana pun berlaku. - **Source Availability**: Open source projects are generally preferred over equivalent proprietary alternatives. - **Cross-Platform**: We typically prefer recommendations to be cross-platform, to avoid vendor lock-in. -- **Active Development**: The tools that we recommend should be actively developed, unmaintained projects will be removed in most cases. -- **Usability**: Tools should be accessible to most computer users, an overly technical background should not be required. -- **Documented**: Tools should have clear and extensive documentation for use. +- **Pengembangan Aktif**: Alat yang kami rekomendasikan harus dikembangkan secara aktif, proyek yang tidak terpelihara akan dihapus dalam banyak kasus. +- **Kegunaan**: Alat bantu harus dapat diakses oleh sebagian besar pengguna komputer, latar belakang yang terlalu teknis tidak diperlukan. +- **Terdokumentasi**: Alat harus memiliki dokumentasi yang jelas dan ekstensif untuk digunakan. ## Developer Self-Submissions -We have these requirements in regard to developers which wish to submit their project or software for consideration. +Kami memiliki persyaratan ini terkait dengan pengembang yang ingin mengajukan proyek atau perangkat lunak mereka untuk dipertimbangkan. -- Must disclose affiliation, i.e. your position within the project being submitted. +- Harus mengungkapkan afiliasi, yaitu posisi Anda dalam proyek yang diajukan. -- Must have a security whitepaper if it is a project that involves handling of sensitive information like a messenger, password manager, encrypted cloud storage etc. - - Third party audit status. We want to know if you have one, or have one planned. If possible please mention who will be conducting the audit. +- Harus memiliki whitepaper keamanan jika itu adalah proyek yang melibatkan penanganan informasi sensitif seperti messenger, pengelola kata sandi, penyimpanan cloud terenkripsi, dll. + - Status audit pihak ketiga. Kami ingin tahu apakah Anda memilikinya, atau sedang merencanakannya. Jika memungkinkan, sebutkan siapa yang akan melakukan audit. -- Must explain what the project brings to the table in regard to privacy. - - Does it solve any new problem? - - Why should anyone use it over the alternatives? +- Harus menjelaskan apa yang dibawa oleh proyek terkait privasi. + - Apakah ini memecahkan masalah baru? + - Mengapa orang harus menggunakannya daripada alternatif lain? -- Must state what the exact threat model is with their project. +- Harus menyatakan apa model ancaman yang tepat dengan proyek mereka. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/about/donate.md b/i18n/id/about/donate.md index c41e3ab4..40a2846e 100644 --- a/i18n/id/about/donate.md +++ b/i18n/id/about/donate.md @@ -1,52 +1,50 @@ --- -title: Supporting Us +title: Dukung Kami --- It takes a lot of [people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) and [work](https://github.com/privacyguides/privacyguides.org/pulse/monthly) to keep Privacy Guides up to date and spreading the word about privacy and mass surveillance. If you like what we do, consider getting involved by [editing the site](https://github.com/privacyguides/privacyguides.org) or [contributing translations](https://crowdin.com/project/privacyguides). -If you want to support us financially, the most convenient method for us is contributing via Open Collective, a website operated by our fiscal host. Open Collective accepts payments via credit/debit card, PayPal, and bank transfers. +Jika Anda ingin mendukung kami secara finansial, metode yang paling mudah bagi kami adalah berkontribusi melalui Open Collective, sebuah situs web yang dioperasikan oleh host fiskal kami. Open Collective menerima pembayaran melalui kartu kredit/debit, PayPal, dan transfer bank. -[Donate on OpenCollective.com](https://opencollective.com/privacyguides/donate ""){.md-button.md-button--primary} +[Donasi di OpenCollective.com](https://opencollective.com/privacyguides/donate ""){.md-button.md-button--primary} -Donations made directly to us on Open Collective are generally tax-deductible in the US, because our fiscal host (the Open Collective Foundation) is a registered 501(c)3 organization. You will receive a receipt from the Open Collective Foundation after donating. Privacy Guides does not provide financial advice, and you should contact your tax advisor to find out whether this is applicable to you. +Donations made directly to us on Open Collective are generally tax-deductible in the US, because our fiscal host (the Open Collective Foundation) is a registered 501(c)3 organization. Anda akan menerima tanda terima dari Open Collective Foundation setelah berdonasi. Privacy Guides tidak memberikan saran keuangan, dan Anda harus menghubungi penasihat pajak Anda untuk mengetahui apakah ini berlaku untuk Anda. -If you already make use of GitHub sponsorships, you can also sponsor our organization there. +Jika Anda sudah menggunakan sponsor GitHub, Anda juga dapat mensponsori organisasi kami di sana. [Sponsor us on GitHub](https://github.com/sponsors/privacyguides ""){.md-button} -## Backers +## Pendukung -A special thanks to all those who support our mission! :heart: +Terima kasih secara khusus kepada semua pihak yang mendukung misi kami! :heart: -*Please note: This section loads a widget directly from Open Collective. This section does not reflect donations made outside of Open Collective, and we have no control over the specific donors featured in this section.* +*Harap diperhatikan: Bagian ini memuat widget langsung dari Open Collective. Bagian ini tidak mencerminkan donasi yang dibuat di luar Open Collective, dan kami tidak memiliki kendali atas donatur tertentu yang ditampilkan di bagian ini.* -## How We Use Donations +## Bagaimana Kami Menggunakan Donasi -Privacy Guides is a **non-profit** organization. We use donations for a variety of purposes, including: +Privacy Guides adalah organisasi **nirlaba**. Kami menggunakan donasi untuk berbagai tujuan, termasuk: -**Domain Registrations** +**Pendaftaran Domain** : -We have a few domain names like `privacyguides.org` which cost us around $10 yearly to maintain their registration. +Kami memiliki beberapa nama domain seperti `privacyguides.org` yang menghabiskan biaya sekitar $10 per tahun untuk mempertahankan registrasinya. -**Web Hosting** +**Hosting Web** : -Traffic to this website uses hundreds of gigabytes of data per month, we use a variety of service providers to keep up with this traffic. +Lalu lintas ke situs web ini menggunakan ratusan gigabyte data per bulan, kami menggunakan berbagai penyedia layanan untuk mengimbangi lalu lintas ini. -**Online Services** +**Layanan Daring** : -We host [internet services](https://privacyguides.net) for testing and showcasing different privacy-products we like and [recommend](../tools.md). Some of which are made publicly available for our community's use (SearXNG, Tor, etc.), and some are provided for our team members (email, etc.). +Kami menghost [layanan internet](https://privacyguides.net) untuk menguji dan menampilkan berbagai produk privasi yang kami sukai dan [rekomendasikan](../tools.md). Beberapa di antaranya tersedia untuk umum untuk digunakan oleh komunitas kami (SearXNG, Tor, dll.), dan beberapa disediakan untuk anggota tim kami (email, dll.). -**Product Purchases** +**Pembelian Produk** : -We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). +Kami terkadang membeli produk dan layanan untuk tujuan menguji [alat yang kami rekomendasikan](../tools.md). -We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.id.txt" +We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. Sementara itu, jika Anda ingin memberikan donasi mata uang kripto dalam jumlah yang cukup besar (> $100), silakan hubungi [jonah@privacyguides.org](mailto:jonah@privacyguides.org). diff --git a/i18n/id/about/index.md b/i18n/id/about/index.md index ce337962..ef47153e 100644 --- a/i18n/id/about/index.md +++ b/i18n/id/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "Tentang Privacy Guides" +description: Privacy Guides adalah situs web bermotif sosial yang menyediakan informasi untuk melindungi keamanan dan privasi data Anda. --- -**Privacy Guides** adalah situs web bermotif sosial yang menyediakan informasi untuk melindungi keamanan dan privasi data Anda. Kami adalah kolektif nirlaba yang dioperasikan sepenuhnya oleh [anggota tim](https://discuss.privacyguides.net/g/team) dan kontributor sukarelawan. +![Logo Privacy Guides](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Dukung proyek ini](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** adalah situs web bermotif sosial yang menyediakan [informasi](/kb) untuk melindungi keamanan dan privasi data Anda. Kami adalah kolektif nirlaba yang dioperasikan sepenuhnya oleh [anggota tim](https://discuss.privacyguides.net/g/team) dan kontributor sukarelawan. Situs web kami bebas dari iklan dan tidak berafiliasi dengan penyedia yang terdaftar. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title="Laman Beranda" } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Kode Sumber" } +[:octicons-heart-16:](donate.md){ .card-link title=Berkontribusi } + +Tujuan Privacy Guides adalah untuk mengedukasi komunitas kami mengenai pentingnya privasi daring dan program pemerintah secara internasional yang dirancang untuk memantau semua aktivitas daring Anda. + +> Untuk menemukan aplikasi [alternatif yang berfokus pada privasi], lihat situs-situs seperti Good Reports dan **Privacy Guides**, yang mencantumkan daftar aplikasi yang berfokus pada privasi dalam berbagai kategori, terutama termasuk penyedia email (biasanya dengan paket berbayar) yang tidak dijalankan oleh perusahaan-perusahaan teknologi besar. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> Jika Anda mencari VPN baru, Anda bisa membuka kode diskon dari hampir semua podcast. Jika Anda mencari **VPN** yang bagus, Anda memerlukan bantuan profesional. Hal yang sama berlaku untuk klien email, browser, sistem operasi, dan pengelola kata sandi. Bagaimana Anda tahu mana yang terbaik, opsi yang paling ramah privasi? Untuk itu ada **Privacy Guides**, sebuah platform di mana sejumlah sukarelawan mencari hari demi hari untuk alat ramah privasi terbaik untuk digunakan di internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Diterjemahkan dari bahasa Belanda] + +Juga ditampilkan di: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], dan [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## Sejarah + +Privacy Guides diluncurkan pada bulan September 2021 sebagai kelanjutan dari [yang sudah tidak aktif](privacytools.md) "PrivacyTools" proyek edukasi sumber terbuka. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +Pada tahun 2022, kami menyelesaikan transisi kerangka kerja situs web utama kami dari Jekyll ke MkDocs, menggunakan perangkat lunak dokumentasi `mkdocs - material` . This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +Kami juga meluncurkan forum diskusi baru kami di [discuss.privacyguides.net](https://discuss.privacyguides.net/) sebagai platform komunitas untuk berbagi ide dan mengajukan pertanyaan tentang misi kami. Hal ini menambah komunitas kami yang ada di Matrix, dan menggantikan platform Diskusi GitHub kami sebelumnya, mengurangi ketergantungan kami pada platform diskusi berpemilik. + +Sejauh ini pada tahun 2023 kami telah meluncurkan terjemahan internasional situs web kami dalam bahasa [Prancis](/fr/), [Ibrani](/he/), dan [Belanda](/nl/), dengan lebih banyak bahasa yang sedang dalam proses, yang dimungkinkan oleh tim penerjemah kami yang luar biasa di [Crowdin](https://crowdin.com/project/privacyguides). Kami berencana untuk terus melanjutkan misi kami dalam hal penjangkauan dan edukasi, serta mencari cara untuk menyoroti dengan lebih jelas bahaya kurangnya kesadaran privasi di era digital modern, dan prevalensi serta bahaya pelanggaran keamanan di seluruh industri teknologi. ## Tim Kami @@ -48,7 +76,7 @@ title: "Tentang Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Selain itu, [banyak orang](https://github.com/privacyguides/privacyguides.org/graphs/contributors) telah memberikan kontribusi ke proyek ini. Anda juga bisa, kami bersumber terbuka di GitHub! +Selain itu, [banyak orang](https://github.com/privacyguides/privacyguides.org/graphs/contributors) telah memberikan kontribusi ke proyek ini. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). Anggota tim kami meninjau semua perubahan yang dilakukan pada situs web dan menangani tugas-tugas administratif seperti layanan web dan keuangan, namun mereka tidak mendapatkan keuntungan pribadi dari setiap kontribusi yang dibuat untuk situs ini. Keuangan kami dikelola secara transparan oleh Open Collective Foundation 501(c)(3) di [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donasi untuk Privacy Guides umumnya dapat dikurangkan dari pajak di Amerika Serikat. @@ -56,8 +84,6 @@ Anggota tim kami meninjau semua perubahan yang dilakukan pada situs web dan mena *Berikut ini adalah ringkasan yang dapat dibaca oleh manusia (dan bukan pengganti) lisensi [](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE):* -:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. +:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). Ini berarti Anda bebas menyalin dan mendistribusikan ulang materi dalam media atau format apa pun untuk tujuan apa pun, bahkan untuk tujuan komersial; selama Anda memberikan kredit yang sesuai kepada `Privacy Guides (www.privacyguides.org)` dan memberikan tautan ke lisensi. Anda dapat melakukannya dengan cara yang wajar, tetapi tidak dengan cara apa pun yang menyarankan Privacy Guides mendukung Anda atau penggunaan Anda. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. -This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.id.txt" +This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. Jika Anda merasa persyaratan lisensi ini terlalu membatasi proyek yang sedang Anda kerjakan, silakan hubungi kami di `jonah@privacyguides.org`. Kami dengan senang hati menyediakan opsi lisensi alternatif untuk proyek-proyek yang bermaksud baik di ruang privasi! diff --git a/i18n/id/about/notices.md b/i18n/id/about/notices.md index 2df99cb9..3d5e6054 100644 --- a/i18n/id/about/notices.md +++ b/i18n/id/about/notices.md @@ -1,45 +1,43 @@ --- -title: "Notices and Disclaimers" +title: "Pemberitahuan dan Penafian" hide: - toc --- -## Legal Disclaimer +## Penafian Hukum -Privacy Guides is not a law firm. As such, the Privacy Guides website and contributors are not providing legal advice. The material and recommendations in our website and guides do not constitute legal advice nor does contributing to the website or communicating with Privacy Guides or other contributors about our website create an attorney-client relationship. +Privacy Guides bukanlah firma hukum. Dengan demikian, situs web dan kontributor Privacy Guides tidak memberikan nasihat hukum. Materi dan rekomendasi di situs web dan panduan kami bukan merupakan nasihat hukum dan juga tidak berkontribusi pada situs web atau berkomunikasi dengan Privacy Guides atau kontributor lain tentang situs web kami menciptakan hubungan pengacara-klien. -Running this website, like any human endeavor, involves uncertainty and trade-offs. We hope this website helps, but it may include mistakes and can’t address every situation. If you have any questions about your situation, we encourage you to do your own research, seek out other experts, and engage in discussions with the Privacy Guides community. If you have any legal questions, you should consult with your own legal counsel before moving forward. +Menjalankan situs web ini, seperti halnya usaha manusia lainnya, melibatkan ketidakpastian dan trade-off. Kami harap situs web ini membantu, tetapi mungkin termasuk kesalahan dan tidak dapat mengatasi setiap situasi. Jika Anda memiliki pertanyaan tentang situasi Anda, kami mendorong Anda untuk melakukan penelitian Anda sendiri, mencari ahli lain, dan terlibat dalam diskusi dengan komunitas Privacy Guides. Jika Anda memiliki pertanyaan hukum, Anda harus berkonsultasi dengan penasihat hukum Anda sendiri sebelum melangkah lebih jauh. -Privacy Guides is an open source project contributed to under licenses that include terms that, for the protection of the website and its contributors, make clear that the Privacy Guides project and website is offered "as-is", without warranty, and disclaiming liability for damages resulting from using the website or any recommendations contained within. Privacy Guides does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on the website or otherwise relating to such materials on the website or on any third-party sites linked on this site. +Privacy Guides is an open source project contributed to under licenses that include terms that, for the protection of the website and its contributors, make clear that the Privacy Guides project and website is offered "as-is", without warranty, and disclaiming liability for damages resulting from using the website or any recommendations contained within. Privacy Guides tidak menjamin atau membuat pernyataan apa pun mengenai keakuratan, kemungkinan hasil, atau keandalan penggunaan materi di situs web atau yang terkait dengan materi tersebut di situs web atau di situs pihak ketiga mana pun yang ditautkan di situs ini. -Privacy Guides additionally does not warrant that this website will be constantly available, or available at all. +Privacy Guides juga tidak menjamin bahwa situs web ini akan selalu tersedia, atau tersedia sama sekali. -## Licenses +## Lisensi -Unless otherwise noted, all content on this website is made available under the terms of the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). +Kecuali dinyatakan lain, semua konten di situs web ini tersedia di bawah ketentuan [Creative Commons Attribution - NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). -This does not include third-party code embedded in this repository, or code where a superseding license is otherwise noted. The following are notable examples, but this list may not be all-inclusive: +Ini tidak termasuk kode pihak ketiga yang tertanam dalam repositori ini, atau kode di mana lisensi pengganti dinyatakan. Berikut ini adalah contoh penting, tetapi daftar ini mungkin tidak mencakup semuanya: -* [MathJax](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/mathjax.js) is licensed under the [Apache License 2.0](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/LICENSE.mathjax.txt). +* [MathJax](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/mathjax.js) dilisensikan di bawah [Lisensi Apache 2.0](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/LICENSE.mathjax.txt). -Portions of this notice itself were adopted from [opensource.guide](https://github.com/github/opensource.guide/blob/master/notices.md) on GitHub. That resource and this page itself are released under [CC-BY-4.0](https://github.com/github/opensource.guide/blob/master/LICENSE). +Bagian dari pemberitahuan ini sendiri diadopsi dari [opensource.guide](https://github.com/github/opensource.guide/blob/master/notices.md) di GitHub. Sumber daya tersebut dan halaman ini sendiri dirilis di bawah [CC-BY-4.0](https://github.com/github/opensource.guide/blob/master/LICENSE). -This means that you can use the human-readable content in this repository for your own project, per the terms outlined in the Creative Commons Attribution-NoDerivatives 4.0 International Public License text. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. You **may not** use the Privacy Guides branding in your own project without express approval from this project. Privacy Guides's brand trademarks include the "Privacy Guides" wordmark and shield logo. +Ini berarti bahwa Anda dapat menggunakan konten yang dapat dibaca manusia dalam repositori ini untuk proyek Anda sendiri, sesuai dengan persyaratan yang diuraikan dalam teks Creative Commons Attribution - NoDerivatives 4.0 International Public License. Anda dapat melakukannya dengan cara yang wajar, tetapi tidak dengan cara apa pun yang menyarankan Privacy Guides mendukung Anda atau penggunaan Anda. Anda **tidak boleh** menggunakan branding Privacy Guides dalam proyek Anda sendiri tanpa persetujuan tertulis dari proyek ini. Privacy Guides's brand trademarks include the "Privacy Guides" wordmark and shield logo. -We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://www.copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.* +Kami percaya bahwa logo dan gambar lain dalam `aset` yang diperoleh dari penyedia pihak ketiga berada dalam domain publik atau **penggunaan wajar**. Singkatnya, hukum [adil menggunakan doktrin](https://www.copyright.gov/fair-use/more-info.html) memungkinkan penggunaan gambar berhak cipta untuk mengidentifikasi materi pelajaran untuk tujuan komentar publik. Namun, logo ini dan gambar lainnya mungkin masih tunduk pada undang-undang merek dagang di satu atau lebih yurisdiksi. Sebelum menggunakan konten ini, pastikan bahwa konten tersebut digunakan untuk mengidentifikasi entitas atau organisasi yang memiliki merek dagang dan bahwa Anda memiliki hak untuk menggunakannya berdasarkan hukum yang berlaku dalam situasi yang Anda inginkan. *Ketika menyalin konten dari situs web ini, Anda bertanggung jawab penuh untuk memastikan bahwa Anda tidak melanggar merek dagang atau hak cipta orang lain.* -When you contribute to this repository you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project. +Ketika Anda berkontribusi pada repositori ini, Anda melakukannya di bawah lisensi di atas, dan Anda memberi Privacy Guides lisensi yang abadi, di seluruh dunia, non-eksklusif, dapat dipindahtangankan, bebas royalti, dan tidak dapat dibatalkan dengan hak untuk mensublisensikan hak-hak tersebut melalui beberapa tingkatan penerima sublisensi, untuk mereproduksi, memodifikasi, menampilkan, menampilkan, melakukan, dan mendistribusikan kontribusi Anda sebagai bagian dari proyek kami. -## Acceptable Use +## Penggunaan yang Dapat Diterima -You may not use this website in any way that causes or may cause damage to the website or impairment of the availability or accessibility of Privacy Guides, or in any way which is unlawful, illegal, fraudulent, harmful, or in connection with any unlawful, illegal, fraudulent, or harmful purpose or activity. +Anda tidak boleh menggunakan situs web ini dengan cara apa pun yang menyebabkan atau dapat menyebabkan kerusakan pada situs web atau gangguan ketersediaan atau aksesibilitas Privacy Guides, atau dengan cara apa pun yang melanggar hukum, ilegal, curang, berbahaya, atau sehubungan dengan tujuan atau aktivitas yang melanggar hukum, ilegal, curang, atau berbahaya. -You must not conduct any systematic or automated data collection activities on or in relation to this website without express written consent, including: +Anda tidak boleh melakukan aktivitas pengumpulan data secara sistematis atau otomatis pada atau sehubungan dengan situs web ini tanpa persetujuan tertulis, termasuk: -* Excessive Automated Scans -* Denial of Service Attacks +* Pemindaian Otomatis yang Berlebihan +* Serangan Penolakan Layanan * Scraping -* Data Mining +* Penambangan Data * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/about/privacy-policy.md b/i18n/id/about/privacy-policy.md index e4045239..db4258e6 100644 --- a/i18n/id/about/privacy-policy.md +++ b/i18n/id/about/privacy-policy.md @@ -1,63 +1,61 @@ --- -title: "Privacy Policy" +title: "Kebijakan Privasi" --- -Privacy Guides is a community project operated by a number of active volunteer contributors. The public list of team members [can be found on GitHub](https://github.com/orgs/privacyguides/people). +Privacy Guides adalah proyek komunitas yang dioperasikan oleh sejumlah kontributor sukarelawan yang aktif. Daftar publik anggota tim [dapat ditemukan di GitHub](https://github.com/orgs/privacyguides/people). -## Data We Collect From Visitors +## Data yang Kami Kumpulkan dari Pengunjung -The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to our website: +Privasi pengunjung situs web kami penting bagi kami, jadi kami tidak melacak individu mana pun. Sebagai pengunjung situs web kami: -- No personal information is collected -- No information such as cookies are stored in the browser -- No information is shared with, sent to or sold to third-parties -- No information is shared with advertising companies -- No information is mined and harvested for personal and behavioral trends -- No information is monetized +- Tidak ada informasi pribadi yang dikumpulkan +- Tidak ada informasi seperti cookie yang disimpan di browser +- Tidak ada informasi yang dibagikan, dikirim atau dijual kepada pihak ketiga +- Tidak ada informasi yang dibagikan dengan perusahaan periklanan +- Tidak ada informasi yang ditambang dan dipanen untuk tren pribadi dan perilaku +- Tidak ada informasi yang dimonetisasi -You can view the data we collect on our [statistics](statistics.md) page. +Anda dapat melihat data yang kami kumpulkan di halaman [statistik](statistics.md) kami. -We run a self-hosted installation of [Plausible Analytics](https://plausible.io) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected. +Kami menjalankan instalasi [Plausible Analytics](https://plausible.io) yang dihosting sendiri untuk mengumpulkan beberapa data penggunaan anonim untuk tujuan statistik. Tujuannya adalah untuk melacak tren keseluruhan dalam lalu lintas situs web kami, bukan untuk melacak pengunjung individu. Semua data hanya dalam agregat. Tidak ada data pribadi yang dikumpulkan. -Data collected includes referral sources, top pages, visit duration, information from the devices (device type, operating system, country and browser) used during the visit and more. You can learn more about how Plausible works and collects information in a privacy-respecting manner [here](https://plausible.io/data-policy). +Data yang dikumpulkan termasuk sumber rujukan, halaman teratas, durasi kunjungan, informasi dari perangkat (jenis perangkat, sistem operasi, negara dan browser) yang digunakan selama kunjungan dan banyak lagi. Anda dapat mempelajari lebih lanjut tentang bagaimana Plausible bekerja dan mengumpulkan informasi dengan cara yang menghormati privasi [di sini](https://plausible.io/data-policy). -## Data We Collect From Account Holders +## Data yang Kami Kumpulkan Dari Pemegang Akun -On some websites and services we provide, many features may require an account. For example, an account may be required to post and reply to topics on a forum platform. +Pada beberapa situs web dan layanan yang kami sediakan, banyak fitur yang mungkin memerlukan akun. Sebagai contoh, sebuah akun mungkin diperlukan untuk memposting dan membalas topik pada platform forum. -To sign up for most accounts, we will collect a name, username, email, and password. In the event a website requires more information than just that data, that will be clearly marked and noted in a separate privacy statement per-site. +Untuk mendaftar ke sebagian besar akun, kami akan mengumpulkan nama, nama pengguna, email, dan kata sandi. Jika sebuah situs web memerlukan lebih banyak informasi daripada data tersebut, hal itu akan ditandai dengan jelas dan dicatat dalam pernyataan privasi terpisah per-situs. -We use your account data to identify you on the website and to create pages specific to you, such as your profile page. We will also use your account data to publish a public profile for you on our services. +Kami menggunakan data akun Anda untuk mengidentifikasi Anda di situs web dan membuat halaman khusus untuk Anda, seperti halaman profil. Kami juga akan menggunakan data akun Anda untuk mempublikasikan profil publik untuk Anda di layanan kami. -We use your email to: +Kami menggunakan email Anda untuk: -- Notify you about posts and other activity on the websites or services. -- Reset your password and help keep your account secure. -- Contact you in special circumstances related to your account. -- Contact you about legal requests, such as DMCA takedown requests. +- Memberi tahu Anda tentang postingan dan aktivitas lain di situs web atau layanan. +- Atur ulang kata sandi Anda dan jaga keamanan akun Anda. +- Menghubungi Anda dalam keadaan khusus yang berkaitan dengan akun Anda. +- Menghubungi Anda tentang permintaan hukum, seperti permintaan penghapusan DMCA. -On some websites and services you may provide additional information for your account, such as a short biography, avatar, your location, or your birthday. We make that information available to everyone who can access the website or service in question. This information is not required to use any of our services and can be erased at any time. +Pada beberapa situs web dan layanan, Anda dapat memberikan informasi tambahan untuk akun Anda, seperti biografi singkat, avatar, lokasi Anda, atau hari ulang tahun Anda. Kami membuat informasi yang tersedia untuk semua orang yang dapat mengakses situs web atau layanan yang bersangkutan. Informasi ini tidak diperlukan untuk menggunakan layanan kami dan dapat dihapus kapan saja. -We will store your account data as long as your account remains open. After closing an account, we may retain some or all of your account data in the form of backups or archives for up to 90 days. +Kami akan menyimpan data akun Anda selama akun Anda masih terbuka. Setelah menutup akun, kami dapat menyimpan sebagian atau seluruh data akun Anda dalam bentuk cadangan atau arsip hingga 90 hari. -## Contacting Us +## Menghubungi Kami -The Privacy Guides team generally does not have access to personal data outside of limited access granted via some moderation panels. Inquiries regarding your personal information should be sent directly to: +Tim Privacy Guides umumnya tidak memiliki akses ke data pribadi di luar akses terbatas yang diberikan melalui beberapa panel moderasi. Pertanyaan mengenai informasi pribadi Anda harus dikirim langsung ke: ```text Jonah Aragon -Services Administrator +Administrator Layanan jonah@privacyguides.org ``` -For all other inquiries, you can contact any member of our team. +Untuk semua pertanyaan lainnya, Anda dapat menghubungi anggota tim kami. -For complaints under GDPR more generally, you may lodge complaints with your local data protection supervisory authorities. In France it's the Commission Nationale de l'Informatique et des Libertés which take care and handle the complaints. They provide a [template of complaint letter](https://www.cnil.fr/en/plaintes) to use. +Untuk keluhan berdasarkan GDPR secara umum, Anda dapat mengajukan keluhan kepada otoritas pengawas perlindungan data setempat. Di Prancis, Komisi Nasional Informasi dan Kebebasan yang mengurus dan menangani keluhan tersebut. Mereka menyediakan template [surat keluhan](https://www.cnil.fr/en/plaintes) untuk digunakan. -## About This Policy +## Tentang Kebijakan Ini -We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. +Kami akan memposting versi baru dari pernyataan ini [di sini](privacy-policy.md). Kami dapat mengubah cara kami mengumumkan perubahan dalam versi mendatang dari dokumen ini. Sementara itu, kami dapat memperbarui informasi kontak kami kapan saja tanpa mengumumkan perubahan. Silakan merujuk ke [Kebijakan Privasi](privacy-policy.md) untuk informasi kontak terbaru setiap saat. -A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.id.txt" +Sebuah revisi lengkap [sejarah](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) dari halaman ini dapat ditemukan di GitHub. diff --git a/i18n/id/about/privacytools.md b/i18n/id/about/privacytools.md index 6faff234..566e6f0d 100644 --- a/i18n/id/about/privacytools.md +++ b/i18n/id/about/privacytools.md @@ -1,120 +1,118 @@ --- -title: "PrivacyTools FAQ" +title: "Pertanyaan Umum PrivacyTools" --- -# Why we moved on from PrivacyTools +# Mengapa kami beralih dari PrivacyTools -In September 2021, every active contributor unanimously agreed to move from PrivacyTools to work on this site: Privacy Guides. This decision was made because PrivacyTools’ founder and controller of the domain name had disappeared for an extended period of time and could not be contacted. +Pada bulan September 2021, setiap kontributor aktif dengan suara bulat setuju untuk beralih dari PrivacyTools untuk bekerja di situs ini: Privacy Guides. Keputusan ini diambil karena pendiri dan pengendali nama domain PrivacyTools telah menghilang dalam jangka waktu yang lama dan tidak dapat dihubungi. -Having built a reputable site and set of services on PrivacyTools.io, this caused grave concerns for the future of PrivacyTools, as any future disruption could wipe out the entire organization with no recovery method. This transition was communicated to the PrivacyTools community many months in advance via a variety of channels including its blog, Twitter, Reddit, and Mastodon to ensure the entire process went as smoothly as possible. We did this to ensure nobody was kept in the dark, which has been our modus operandi since our team was created, and to make sure Privacy Guides was recognized as the same reliable organization that PrivacyTools was before the transition. +Setelah membangun situs dan serangkaian layanan yang memiliki reputasi baik di PrivacyTools.io, hal ini menimbulkan kekhawatiran besar bagi masa depan PrivacyTools, karena gangguan apa pun di masa depan dapat menghapus seluruh organisasi tanpa metode pemulihan. Transisi ini dikomunikasikan kepada komunitas PrivacyTools beberapa bulan sebelumnya melalui berbagai saluran termasuk blog, Twitter, Reddit, dan Mastodon untuk memastikan seluruh proses berjalan semulus mungkin. Kami melakukan ini untuk memastikan tidak ada yang disimpan dalam kegelapan, yang telah menjadi modus operandi kami sejak tim kami diciptakan, dan untuk memastikan Privacy Guides diakui sebagai organisasi terpercaya yang sama dengan PrivacyTools sebelum transisi. -After the organizational move was completed, the founder of PrivacyTools returned and began to spread misinformation about the Privacy Guides project. They continue to spread misinformation in addition to operating a paid link farm on the PrivacyTools domain. We are creating this page to clear up any misconceptions. +Setelah perpindahan organisasi selesai, pendiri PrivacyTools kembali dan mulai menyebarkan informasi yang salah tentang proyek Privacy Guides. They continue to spread misinformation in addition to operating a paid link farm on the PrivacyTools domain. Kami membuat halaman ini untuk membereskan kesalahpahaman. -## What is PrivacyTools? +## Apa itu PrivacyTools? -PrivacyTools was created in 2015 by "BurungHantu," who wanted to make a privacy information resource - helpful tools following the Snowden revelations. The site grew into a flourishing open-source project with [many contributors](https://github.com/privacytools/privacytools.io/graphs/contributors), some eventually given various organizational responsibilities, such as operating online services like Matrix and Mastodon, managing and reviewing changes to the site on GitHub, finding sponsors for the project, writing blog posts and operating social media outreach platforms like Twitter, etc. +PrivacyTools dibuat pada tahun 2015 oleh "BurungHantu," yang ingin membuat alat yang berguna untuk sumber daya informasi privasi setelah pengungkapan Snowden. Situs ini tumbuh menjadi proyek sumber terbuka yang berkembang dengan [banyak kontributor](https://github.com/privacytools/privacytools.io/graphs/contributors), beberapa akhirnya diberi berbagai tanggung jawab organisasi, seperti mengoperasikan layanan online seperti Matrix dan Mastodon, mengelola dan meninjau perubahan pada situs di GitHub, mencari sponsor untuk proyek tersebut, menulis posting blog dan mengoperasikan platform penjangkauan media sosial seperti Twitter, dll. -Beginning in 2019, BurungHantu grew more and more distant from the active development of the website and communities, and began delaying payments he was responsible for related to the servers we operated. To avoid having our system administrator pay server costs out of their own pocket, we changed the donation methods listed on the site from BurungHantu's personal PayPal and crypto accounts to a new OpenCollective page on [October 31, 2019](https://web.archive.org/web/20210729184557/https://blog.privacytools.io/privacytools-io-joins-the-open-collective-foundation/). This had the added benefits of making our finances completely transparent, a value we strongly believe in, and tax-deductible in the United States, because they were being held by the Open Collective Foundation 501(c)3. This change was unanimously agreed upon by the team and went uncontested. +Beginning in 2019, BurungHantu grew more and more distant from the active development of the website and communities, and began delaying payments he was responsible for related to the servers we operated. To avoid having our system administrator pay server costs out of their own pocket, we changed the donation methods listed on the site from BurungHantu's personal PayPal and crypto accounts to a new OpenCollective page on [October 31, 2019](https://web.archive.org/web/20210729184557/https://blog.privacytools.io/privacytools-io-joins-the-open-collective-foundation/). This had the added benefits of making our finances completely transparent, a value we strongly believe in, and tax-deductible in the United States, because they were being held by the Open Collective Foundation 501(c)3. Perubahan ini disetujui dengan suara bulat oleh tim dan tidak dapat diganggu gugat. -## Why We Moved On +## Mengapa Kami Pindah -In 2020, BurungHantu's absence grew much more noticeable. At one point, we required the domain's nameservers to be changed to nameservers controlled by our system administrator to avoid future disruption, and this change was not completed for over a month after the initial request. He would disappear from the public chat and private team chat rooms on Matrix for months at a time, occasionally popping in to give some small feedback or promise to be more active before disappearing once again. +Pada tahun 2020, ketidakhadiran BurungHantu semakin terlihat. At one point, we required the domain's nameservers to be changed to nameservers controlled by our system administrator to avoid future disruption, and this change was not completed for over a month after the initial request. Dia akan menghilang dari obrolan publik dan ruang obrolan tim pribadi di Matrix selama berbulan-bulan, sesekali muncul untuk memberikan sedikit umpan balik atau berjanji untuk lebih aktif sebelum menghilang lagi. -In October 2020, the PrivacyTools system administrator (Jonah) [left](https://web.archive.org/web/20210729190742/https://blog.privacytools.io/blacklight447-taking-over/) the project because of these difficulties, handing control to another long-time contributor. Jonah had been operating nearly every PrivacyTools service and acting as the *de facto* project lead for website development in BurungHantu's absence, thus his departure was a significant change to the organization. At the time, because of these significant organizational changes, BurungHantu promised the remaining team he would return to take control of the project going forward. ==The PrivacyTools team reached out via several communication methods over the following months, but did not receive any response.== +Pada bulan Oktober 2020, administrator sistem PrivacyTools (Jonah) [meninggalkan](https://web.archive.org/web/20210729190742/https://blog.privacytools.io/blacklight447-taking-over/) proyek karena kesulitan ini, menyerahkan kendali kepada kontributor lama lainnya. Jonah telah mengoperasikan hampir semua layanan PrivacyTools dan bertindak sebagai *de facto* pimpinan proyek untuk pengembangan situs web selama ketidakhadiran BurungHantu, sehingga kepergiannya merupakan perubahan yang signifikan bagi organisasi. Pada saat itu, karena perubahan organisasi yang signifikan ini, BurungHantu berjanji kepada tim yang tersisa bahwa ia akan kembali untuk mengambil alih kendali proyek ke depannya. ==Tim PrivacyTools menghubungi melalui beberapa metode komunikasi selama beberapa bulan berikutnya, tetapi tidak menerima tanggapan apa pun.== -## Domain Name Reliance +## Ketergantungan Nama Domain -At the beginning of 2021, the PrivacyTools team grew worried about the future of the project, because the domain name was set to expire on 1st March 2021. The domain was ultimately renewed by BurungHantu with no comment. +Pada awal 2021, tim PrivacyTools semakin khawatir tentang masa depan proyek, karena nama domain akan kedaluwarsa pada 1 Maret 2021. Domain ini akhirnya diperbarui oleh BurungHantu tanpa komentar. -The team’s concerns were not addressed, and we realized this would be a problem every year: If the domain expired it would have allowed it to be stolen by squatters or spammers, thus ruining the organization's reputation. We also would have had trouble reaching the community to inform them of what took place. +The team’s concerns were not addressed, and we realized this would be a problem every year: If the domain expired it would have allowed it to be stolen by squatters or spammers, thus ruining the organization's reputation. Kami juga akan kesulitan menghubungi komunitas untuk memberi tahu mereka tentang apa yang terjadi. -Without being in any contact with BurungHantu, we decided the best course of action would be to move to a new domain name while we still had guaranteed control over the old domain name, sometime before March 2022. This way, we would be able to cleanly redirect all PrivacyTools resources to the new site without any interruption in service. This decision was made many months in advance and communicated to the entire team in the hopes that BurungHantu would reach out and assure his continued support for the project, because with a recognizable brand name and large communities online, moving away from "PrivacyTools" was the least desirable possible outcome. +Tanpa melakukan kontak dengan BurungHantu, kami memutuskan tindakan terbaik adalah pindah ke nama domain baru selagi kami masih memiliki jaminan kontrol atas nama domain lama, sebelum Maret 2022. Dengan cara ini, kami akan dapat mengarahkan semua sumber daya PrivacyTools dengan bersih ke situs baru tanpa gangguan dalam layanan. Keputusan ini dibuat berbulan-bulan sebelumnya dan dikomunikasikan kepada seluruh tim dengan harapan bahwa BurungHantu akan menjangkau dan memastikan dukungannya yang berkelanjutan untuk proyek ini, karena dengan nama merek yang sudah dikenal dan komunitas online yang besar, berpindah dari "PrivacyTools" adalah hasil yang paling tidak diinginkan. -In mid-2021 the PrivacyTools team reached out to Jonah, who agreed to rejoin the team to help with the transition. +Pada pertengahan 2021, tim PrivacyTools menghubungi Jonah, yang setuju untuk bergabung kembali dengan tim untuk membantu transisi. -## Community Call to Action +## Ajakan Komunitas untuk Bertindak -At the end of July 2021, we [informed](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) the PrivacyTools community of our intention to choose a new name and continue the project on a new domain, to be [chosen](https://web.archive.org/web/20210729190935/https://aragon.cloud/apps/forms/cMPxG9KyopapBbcw) on 2nd August 2022. In the end, "Privacy Guides" was selected, with the `privacyguides.org` domain already owned by Jonah for a side-project from 2020 that went undeveloped. +Pada akhir Juli 2021, kami [memberi tahu](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) komunitas PrivacyTools tentang niat kami untuk memilih nama baru dan melanjutkan proyek di domain baru, yang akan [dipilih](https://web.archive.org/web/20210729190935/https://aragon.cloud/apps/forms/cMPxG9KyopapBbcw) pada tanggal 2 Agustus 2022. Pada akhirnya, "Privacy Guides" dipilih, dengan domain `privacyguides.org` yang telah dimiliki oleh Jonah untuk proyek sampingan dari tahun 2020 yang tidak berkembang. -## Control of r/privacytoolsIO +## Kontrol dari r/privacytoolsIO -Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit. +Bersamaan dengan masalah situs web yang sedang berlangsung di privacytools.io, tim moderasi r/privacytoolsIO menghadapi tantangan dalam mengelola subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep adalah satu-satunya moderator aktif pada saat itu, dan [memposting](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) permintaan kepada administrator Reddit pada 28 Juni 2021, meminta untuk diberikan posisi moderator utama dan hak kontrol penuh, untuk membuat perubahan yang diperlukan pada Subreddit. -Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms. +Reddit mengharuskan subreddit memiliki moderator yang aktif. Jika moderator utama tidak aktif dalam jangka waktu yang lama (seperti satu tahun), posisi moderator utama dapat ditunjuk kembali ke moderator berikutnya. Agar permintaan ini dikabulkan, BurungHantu harus benar-benar absen dari semua aktivitas Reddit untuk jangka waktu yang lama, yang konsisten dengan perilakunya di platform lain. -> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer. +> Jika Anda dihapus sebagai moderator dari subreddit melalui permintaan Reddit, itu karena kurangnya tanggapan dan kurangnya aktivitas Anda memenuhi syarat subreddit untuk transfer r/redditrequest. > -> r/redditrequest is Reddit's way of making sure communities have active moderators and is part of the [Moderator Code of Conduct](https://www.redditinc.com/policies/moderator-code-of-conduct). +> r/redditrequest adalah cara Reddit untuk memastikan komunitas memiliki moderator yang aktif dan merupakan bagian dari [Kode Etik Moderator](https://www.redditinc.com/policies/moderator-code-of-conduct). -## Beginning the Transition +## Memulai Transisi -On September 14th, 2021, we [announced](https://www.privacyguides.org/blog/2021/09/14/welcome-to-privacy-guides/) the beginning of our migration to this new domain: +Pada 14 September 2021, kami [mengumumkan](https://www.privacyguides.org/blog/2021/09/14/welcome-to-privacy-guides/) awal migrasi kami ke domain baru ini: -> [...] we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to www.privacyguides.org, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc. +> [...] kami merasa perlu untuk melakukan peralihan ini lebih cepat daripada nanti untuk memastikan orang akan mengetahui tentang transisi ini sesegera mungkin. Hal ini memberikan kami waktu yang cukup untuk melakukan transisi nama domain, yang saat ini dialihkan ke www.privacyguides.org, dan diharapkan dapat memberikan waktu yang cukup bagi semua orang untuk mengetahui perubahan tersebut, memperbarui bookmark dan situs web, dll. -This change [entailed:](https://www.reddit.com/r/PrivacyGuides/comments/pnhn4a/rprivacyguides_privacyguidesorg_what_you_need_to/) +Perubahan ini [mensyaratkan:](https://www.reddit.com/r/PrivacyGuides/comments/pnhn4a/rprivacyguides_privacyguidesorg_what_you_need_to/) -- Redirecting www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). -- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site. +- Mengalihkan www.privacytools.io ke [www.privacyguides.org](https://www.privacyguides.org). +- Mengarsipkan kode sumber di GitHub untuk melestarikan pekerjaan masa lalu dan pelacak masalah kami, yang terus kami gunakan selama berbulan-bulan pengembangan dari situs ini di masa depan. - Posting announcements to our subreddit and various other communities informing people of the official change. -- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible. +- Secara resmi menutup layanan privacytools.io, seperti Matrix dan Mastodon, dan mendorong pengguna lama untuk bermigrasi sesegera mungkin. -Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped. +Segala sesuatunya tampak berjalan dengan lancar, dan sebagian besar komunitas aktif kami beralih ke proyek baru kami persis seperti yang kami harapkan. ## Following Events -Roughly a week following the transition, BurungHantu returned online for the first time in nearly a year, however nobody on our team was willing to return to PrivacyTools because of his historic unreliability. Rather than apologize for his prolonged absence, he immediately went on the offensive and positioned the transition to Privacy Guides as an attack against him and his project. He subsequently [deleted](https://www.reddit.com/r/privacytoolsIO/comments/pp9yie/comment/hd49wbn) many of these posts when it was pointed out by the community that he had been absent and abandoned the project. +Kira-kira seminggu setelah transisi, BurungHantu kembali online untuk pertama kalinya dalam hampir satu tahun, namun tidak ada seorang pun dari tim kami yang mau kembali ke PrivacyTools karena sejarahnya yang tidak dapat diandalkan. Daripada meminta maaf atas ketidakhadirannya yang berkepanjangan, ia segera melakukan serangan dan memposisikan transisi ke Privacy Guides sebagai serangan terhadapnya dan proyeknya. Dia kemudian [menghapus](https://www.reddit.com/r/privacytoolsIO/comments/pp9yie/comment/hd49wbn) banyak dari postingan tersebut ketika ditunjukkan oleh komunitas bahwa dia tidak hadir dan meninggalkan proyek tersebut. -At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible). +Pada titik ini, BurungHantu menyatakan bahwa ia ingin melanjutkan pengerjaan privacytools.io secara mandiri dan meminta kami untuk menghapus pengalihan dari www.privacytools.io ke [www.privacyguides.org](https://www.privacyguides.org). Kami mewajibkan dan meminta agar subdomain untuk Matrix, Mastodon, dan PeerTube tetap aktif agar kami dapat menjalankan layanan publik kepada komunitas kami setidaknya selama beberapa bulan, agar pengguna di platform tersebut dapat dengan mudah bermigrasi ke akun lain. Karena sifat federasi dari layanan yang kami sediakan, layanan ini terikat pada nama domain tertentu sehingga sangat sulit untuk dimigrasikan (dan dalam beberapa kasus tidak mungkin). -Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) at the beginning of October, ending any migration possibilities to any users still using those services. +Sayangnya, karena kontrol subreddit r/privacytoolsIO tidak dikembalikan ke BurungHantu atas permintaannya (informasi lebih lanjut di bawah), subdomain tersebut [terputus](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) pada awal Oktober, mengakhiri kemungkinan migrasi ke pengguna yang masih menggunakan layanan tersebut. -Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so. +Setelah ini, BurungHantu membuat tuduhan palsu tentang Jonah mencuri sumbangan dari proyek tersebut. BurungHantu memiliki waktu lebih dari setahun sejak insiden yang dituduhkan terjadi, namun dia tidak pernah membuat siapa pun menyadarinya sampai setelah migrasi Privacy Guides. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so. BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim. -## PrivacyTools.io Now +## PrivacyTools.io Sekarang -As of September 25th 2022 we are seeing BurungHantu's overall plans come to fruition on privacytools.io, and this is the very reason we decided to create this explainer page today. The website he is operating appears to be a heavily SEO-optimized version of the site which recommends tools in exchange for financial compensation. Very recently, IVPN and Mullvad, two VPN providers near-universally [recommended](../vpn.md) by the privacy community and notable for their stance against affiliate programs were removed from PrivacyTools. In their place? NordVPN, Surfshark, ExpressVPN, and hide.me; Giant VPN corporations with untrustworthy platforms and business practices, notorious for their aggressive marketing and affiliate programs. +Pada tanggal 25 September 2022, kami melihat keseluruhan rencana BurungHantu terwujud di privacytools.io, dan ini adalah alasan utama kami memutuskan untuk membuat halaman penjelasan ini hari ini. Situs web yang dia operasikan tampaknya merupakan versi situs yang sangat dioptimalkan untuk SEO yang merekomendasikan alat dengan imbalan kompensasi finansial. Baru-baru ini, IVPN dan Mullvad, dua penyedia VPN yang hampir secara universal [direkomendasikan](../vpn.md) oleh komunitas privasi dan terkenal karena sikap mereka yang menentang program afiliasi telah dihapus dari PrivacyTools. Di tempat mereka? NordVPN, Surfshark, ExpressVPN, dan hide.me; Perusahaan VPN raksasa dengan platform dan praktik bisnis yang tidak dapat dipercaya, terkenal karena program pemasaran dan afiliasi mereka yang agresif. -==**PrivacyTools has become exactly the type of site we [warned against](https://web.archive.org/web/20210729205249/https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews/) on the PrivacyTools blog in 2019.**== We've tried to keep our distance from PrivacyTools since the transition, but their continued harassment towards our project and now their absurd abuse of the credibility their brand gained over 6 years of open source contributions is extremely troubling to us. Those of us actually fighting for privacy are not fighting against each other, and are not getting our advice from the highest bidder. +==**PrivacyTools has become exactly the type of site we [warned against](https://web.archive.org/web/20210729205249/https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews/) on the PrivacyTools blog in 2019.**== We've tried to keep our distance from PrivacyTools since the transition, but their continued harassment towards our project and now their absurd abuse of the credibility their brand gained over 6 years of open source contributions is extremely troubling to us. Kami yang benar-benar memperjuangkan privasi tidak bertengkar satu sama lain, dan tidak mendapatkan saran dari penawar tertinggi. -## r/privacytoolsIO Now +## r/privacytoolsIO Sekarang -After the launch of [r/PrivacyGuides](https://www.reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://www.reddit.com/r/privacytoolsIO/comments/qk7qrj/a_new_era_why_rptio_is_now_a_restricted_sub/) a restricted sub in a post on November 1st, 2021: +Setelah peluncuran [r/PrivacyGuides](https://www.reddit.com/r/privacyguides), tidak praktis bagi u/trai_dep untuk terus memoderasi kedua subreddit tersebut, dan dengan adanya komunitas yang ikut serta dalam transisi ini, r/privacytoolsIO [menjadikan](https://www.reddit.com/r/privacytoolsIO/comments/qk7qrj/a_new_era_why_rptio_is_now_a_restricted_sub/) sebagai sub yang dibatasi dalam sebuah postingan pada tanggal 1 November 2021: -> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you. +> [...] Pertumbuhan Sub ini adalah hasil dari upaya besar, selama beberapa tahun, oleh tim PrivacyGuides.org. Dan oleh Anda semua. > -> A Subreddit is a great deal of work to administer and moderate. Like a garden, it requires patient tending and daily care. It’s not a task for dilettantes or commitment-challenged people. It can’t thrive under a gardener who abandons it for several years, then shows up demanding this year’s harvest as their tribute. It’s unfair to the team formed years ago. It’s unfair to you. [...] +> Subreddit adalah pekerjaan yang sangat banyak untuk dikelola dan dimoderasi. Seperti halnya sebuah taman, taman ini membutuhkan perawatan yang sabar dan perawatan harian. Ini bukanlah tugas untuk orang yang tidak suka bekerja keras atau orang yang sulit berkomitmen. Tanaman ini tidak dapat tumbuh subur di bawah seorang tukang kebun yang meninggalkannya selama beberapa tahun, lalu muncul dan menuntut hasil panen tahun ini sebagai penghargaan. Ini tidak adil bagi tim yang dibentuk beberapa tahun yang lalu. Ini tidak adil bagimu. [...] -Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides. +Subreddit bukan milik siapa pun, dan terutama bukan milik pemegang merek. Mereka adalah bagian dari komunitas mereka, dan komunitas serta para moderatornya membuat keputusan untuk mendukung perpindahan ke r/PrivacyGuides. -In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://www.reddit.com/r/redditrequest/wiki/top_mod_removal/) of Reddit rules: +Beberapa bulan setelahnya, BurungHantu telah mengancam dan memohon untuk mengembalikan kontrol subreddit ke akunnya dalam [pelanggaran](https://www.reddit.com/r/redditrequest/wiki/top_mod_removal/) aturan Reddit: -> Retaliation from any moderator with regards to removal requests is disallowed. +> Pembalasan dari moderator mana pun sehubungan dengan permintaan penghapusan tidak diperbolehkan. -For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is. +Untuk sebuah komunitas dengan ribuan pelanggan yang tersisa, kami merasa bahwa akan sangat tidak sopan untuk mengembalikan kendali platform besar tersebut kepada orang yang meninggalkannya selama lebih dari satu tahun, dan yang sekarang mengoperasikan situs web yang menurut kami memberikan informasi yang sangat berkualitas rendah. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is. -## OpenCollective Now +## OpenCollective Sekarang -Our fundraising platform, OpenCollective, is another source of contention. Our position is that OpenCollective was put in place by our team and managed by our team to fund services we currently operate and which PrivacyTools no longer does. We [reached out](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides) to all of our donors regarding our move to Privacy Guides, and we were unanimously supported by our sponsors and community. +Platform penggalangan dana kami, OpenCollective, adalah sumber perdebatan lainnya. Posisi kami adalah bahwa OpenCollective diberlakukan oleh tim kami dan dikelola oleh tim kami untuk mendanai layanan yang saat ini kami operasikan dan yang tidak lagi dilakukan PrivacyTools. Kami [menghubungi](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides) kepada semua donatur kami mengenai perpindahan kami ke Privacy Guides, dan kami dengan suara bulat didukung oleh para sponsor dan komunitas kami. -Thus, the funds in OpenCollective belong to Privacy Guides, they were given to our project, and not the owner of a well known domain name. In the announcement made to donors on September 17th, 2021, we offered refunds to any donor who disagrees with the stance we took, but nobody has taken us up on this offer: +Dengan demikian, dana yang ada di OpenCollective adalah milik Privacy Guides, dana tersebut diberikan kepada proyek kami, dan bukan kepada pemilik nama domain terkenal. Dalam pengumuman yang disampaikan kepada para donatur pada tanggal 17 September 2021, kami menawarkan pengembalian dana kepada setiap donatur yang tidak setuju dengan sikap yang kami ambil, tetapi tidak ada yang menerima tawaran ini: -> If any sponsors or backers disagree with or feel misled by these recent events and would like to request a refund given these highly unusual circumstances, please get in touch with our project admin by emailing jonah@triplebit.net. +> Jika ada sponsor atau pendukung yang tidak setuju atau merasa disesatkan oleh peristiwa baru ini dan ingin meminta pengembalian dana karena keadaan yang sangat tidak biasa ini, silakan hubungi admin proyek kami melalui email ke jonah@triplebit.net. -## Further Reading +## Bacaan Lebih Lanjut -This topic has been discussed extensively within our communities in various locations, and it seems likely that most people reading this page will already be familiar with the events leading up to the move to Privacy Guides. Some of our previous posts on the matter may have extra detail we omitted here for brevity. They have been linked below for the sake of completion. +Topik ini telah dibahas secara luas dalam komunitas kami di berbagai lokasi, dan sepertinya sebagian besar orang yang membaca halaman ini sudah mengetahui tentang peristiwa yang terjadi sebelum perpindahan ke Privacy Guides. Beberapa tulisan kami sebelumnya mengenai masalah ini mungkin memiliki detail tambahan yang kami hilangkan di sini untuk mempersingkatnya. Mereka telah ditautkan di bawah ini demi kelengkapan. -- [June 28, 2021 request for control of r/privacytoolsIO](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) -- [July 27, 2021 announcement of our intentions to move on the PrivacyTools blog, written by the team](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) -- [Sept 13, 2021 announcement of the beginning of our transition to Privacy Guides on r/privacytoolsIO](https://www.reddit.com/r/privacytoolsIO/comments/pnql46/rprivacyguides_privacyguidesorg_what_you_need_to/) -- [Sept 17, 2021 announcement on OpenCollective from Jonah](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides) -- [Sept 30, 2021 Twitter thread detailing most of the events now described on this page](https://twitter.com/privacy_guides/status/1443633412800225280) -- [Oct 1, 2021 post by u/dng99 noting subdomain failure](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) -- [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) -- [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) -- [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.id.txt" +- [28 Juni 2021 permintaan untuk mengontrol r/privacytoolsIO](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) +- [27 Juli 2021 pengumuman tentang niat kami untuk pindah ke blog PrivacyTools, yang ditulis oleh tim](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) +- [13 September 2021 pengumuman awal transisi kami ke Privacy Guides di r/privacytoolsIO](https://www.reddit.com/r/privacytoolsIO/comments/pnql46/rprivacyguides_privacyguidesorg_what_you_need_to/) +- [17 September 2021 pengemuman di OpenCollective dari Jonah](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides) +- [30 September 2021 utas Twitter yang merinci sebagian besar peristiwa yang sekarang dijelaskan di halaman ini](https://twitter.com/privacy_guides/status/1443633412800225280) +- [1 Oktober 2021 diposting oleh u/dng99 yang mencatat kegagalan subdomain](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) +- [2 April 2022 tanggapan oleh u/dng99 untuk posting blog yang menuduh dari PrivacyTools](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) +- [16 Mei 2022 tanggapan oleh @TommyTran732 di Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) +- [3 Sep 2022 posting di forum Techlore oleh @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) diff --git a/i18n/id/about/services.md b/i18n/id/about/services.md index f1978204..9ffc61c2 100644 --- a/i18n/id/about/services.md +++ b/i18n/id/about/services.md @@ -1,40 +1,38 @@ -# Privacy Guides Services +# Layanan Privacy Guides -We run a number of web services to test out features and promote cool decentralized, federated, and/or open-source projects. Many of these services are available to the public and are detailed below. +We run a number of web services to test out features and promote cool decentralized, federated, and/or open-source projects. Banyak dari layanan ini tersedia untuk umum dan dirinci di bawah ini. -[:material-comment-alert: Report an issue](https://discuss.privacyguides.net/c/services/2 ""){.md-button.md-button--primary} +[:material-comment-alert: Laporkan masalah](https://discuss.privacyguides.net/c/services/2 ""){.md-button.md-button--primary} ## Discourse - Domain: [discuss.privacyguides.net](https://discuss.privacyguides.net) -- Availability: Public -- Source: [github.com/discourse/discourse](https://github.com/discourse/discourse) +- Ketersediaan: Publik +- Sumber: [github.com/discourse/discourse](https://github.com/discourse/discourse) ## Gitea - Domain: [code.privacyguides.dev](https://code.privacyguides.dev) -- Availability: Invite-Only - Access may be granted upon request to any team working on *Privacy Guides*-related development or content. -- Source: [snapcraft.io/gitea](https://snapcraft.io/gitea) +- Ketersediaan: Khusus Undangan + Akses dapat diberikan berdasarkan permintaan kepada tim mana pun yang bekerja pada *Privacy Guides*-terkait pengembangan atau konten. +- Sumber: [snapcraft.io/gitea](https://snapcraft.io/gitea) ## Matrix - Domain: [matrix.privacyguides.org](https://matrix.privacyguides.org) -- Availability: Invite-Only - Access may be granted upon request to Privacy Guides team members, Matrix moderators, third-party Matrix community administrators, Matrix bot operators, and other individuals in need of a reliable Matrix presence. -- Source: [github.com/spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy) +- Ketersediaan: Khusus Undangan + Akses dapat diberikan berdasarkan permintaan kepada anggota tim Privacy Guides, moderator Matrix, administrator komunitas Matrix pihak ketiga, operator bot Matrix, dan individu lain yang membutuhkan kehadiran Matrix yang andal. +- Sumber: [github.com/spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy) ## SearXNG - Domain: [search.privacyguides.net](https://search.privacyguides.net) -- Availability: Public -- Source: [github.com/searxng/searxng-docker](https://github.com/searxng/searxng-docker) +- Ketersediaan: Publik +- Sumber: [github.com/searxng/searxng-docker](https://github.com/searxng/searxng-docker) ## Invidious - Domain: [invidious.privacyguides.net](https://invidious.privacyguides.net) -- Availability: Semi-Public - We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. -- Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.id.txt" +- Ketersediaan: Semi-Publik + Kami menghosting Invidious terutama untuk menyajikan video YouTube yang disematkan di situs web kami, contoh ini tidak dimaksudkan untuk penggunaan tujuan umum dan dapat dibatasi sewaktu-waktu. +- Sumber: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) diff --git a/i18n/id/about/statistics.md b/i18n/id/about/statistics.md index ed8abba4..57eab3dd 100644 --- a/i18n/id/about/statistics.md +++ b/i18n/id/about/statistics.md @@ -1,11 +1,11 @@ --- -title: Traffic Statistics +title: Statistik Lalu Lintas --- -## Website Statistics +## Statistik Situs Web - +
Statistik didukung oleh Plausible Analytics
-## Blog Statistics +## Statistik Blog -
Stats powered by Plausible Analytics
+
Statistik didukung oleh Plausible Analytics
- ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/advanced/communication-network-types.md b/i18n/id/advanced/communication-network-types.md index 37c3ec5d..781178d5 100644 --- a/i18n/id/advanced/communication-network-types.md +++ b/i18n/id/advanced/communication-network-types.md @@ -1,11 +1,12 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. -[Recommended Instant Messengers](../real-time-communication.md ""){.md-button} +[Pesan Instan yang Direkomendasikan](../real-time-communication.md ""){.md-button} ## Centralized Networks @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/advanced/dns-overview.md b/i18n/id/advanced/dns-overview.md index 7bc2e902..b47af280 100644 --- a/i18n/id/advanced/dns-overview.md +++ b/i18n/id/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/advanced/payments.md b/i18n/id/advanced/payments.md new file mode 100644 index 00000000..b876244e --- /dev/null +++ b/i18n/id/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Pembayaran Pribadi +icon: material/hand-coin +--- + +Ada alasan mengapa data tentang kebiasaan membeli Anda dianggap sebagai cawan suci penargetan iklan: pembelian Anda dapat membocorkan harta karun data tentang Anda. Sayangnya, sistem keuangan saat ini dirancang antiprivasi, sehingga memungkinkan bank, perusahaan lain, dan pemerintah untuk melacak transaksi dengan mudah. Namun demikian, Anda memiliki banyak pilihan untuk melakukan pembayaran secara pribadi. + +## Uang Tunai + +Selama berabad-abad, **uang tunai** telah berfungsi sebagai bentuk utama pembayaran pribadi. Uang tunai memiliki sifat privasi yang sangat baik dalam banyak kasus, diterima secara luas di sebagian besar negara, dan **dapat dipertukarkan**, artinya tidak unik dan sepenuhnya dapat dipertukarkan. + +Undang-undang pembayaran tunai bervariasi menurut negara. Di Amerika Serikat, pengungkapan khusus diperlukan untuk pembayaran tunai lebih dari $10.000 kepada IRS di [Formulir 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). Bisnis penerima wajib memverifikasi nama, alamat, pekerjaan, tanggal lahir, dan Nomor Jaminan Sosial atau NPWP penerima (dengan beberapa pengecualian). Batas bawah tanpa ID seperti $3.000 atau kurang dari itu ada untuk pertukaran dan pengiriman uang. Uang tunai juga memiliki nomor seri. Ini hampir tidak pernah dilacak oleh pedagang, tetapi dapat digunakan oleh penegak hukum dalam penyelidikan yang ditargetkan. + +Meskipun demikian, ini biasanya merupakan pilihan terbaik. + +## Kartu Prabayar & Kartu Hadiah + +Membeli kartu hadiah dan kartu prabayar di sebagian besar toko kelontong dan minimarket dengan uang tunai relatif mudah. Kartu hadiah biasanya tidak dikenakan biaya, meskipun kartu prabayar sering kali dikenakan biaya, jadi perhatikan baik-baik biaya dan tanggal kedaluwarsanya. Beberapa toko mungkin akan meminta kartu identitas Anda pada saat pembayaran untuk mengurangi penipuan. + +Kartu hadiah biasanya memiliki batas hingga $200 per kartu, tetapi ada juga yang menawarkan batas hingga $2.000 per kartu. Kartu prabayar (misalnya: dari Visa atau Mastercard) biasanya memiliki batas hingga $1.000 per kartu. + +Kartu hadiah memiliki sisi negatif karena tunduk pada kebijakan merchant, yang dapat memiliki persyaratan dan batasan yang buruk. Misalnya, beberapa penjual tidak menerima pembayaran dengan kartu hadiah secara eksklusif, atau mereka mungkin membatalkan nilai kartu jika mereka menganggap Anda sebagai pengguna berisiko tinggi. Setelah Anda memiliki kredit penjual, penjual memiliki tingkat kontrol yang kuat atas kredit ini. + +Kartu prabayar tidak mengizinkan penarikan tunai dari ATM atau pembayaran "peer-to-peer" di Venmo dan aplikasi serupa. + +Uang tunai tetap menjadi pilihan terbaik untuk pembelian secara langsung bagi kebanyakan orang. Kartu hadiah dapat berguna untuk penghematan yang mereka bawa. Kartu prabayar dapat berguna untuk tempat-tempat yang tidak menerima uang tunai. Kartu hadiah dan kartu prabayar lebih mudah digunakan secara daring daripada uang tunai, dan lebih mudah diperoleh dengan mata uang kripto daripada uang tunai. + +### Pasar Daring + +Jika Anda memiliki [mata uang kripto](../cryptocurrency.md), Anda dapat membeli kartu hadiah dengan pasar kartu hadiah daring. Beberapa layanan ini menawarkan opsi verifikasi ID untuk batas yang lebih tinggi, tetapi mereka juga mengizinkan akun hanya dengan alamat surel. Batas dasar mulai dari $5.000-10.000 per hari untuk akun dasar, dan limit yang jauh lebih tinggi untuk akun terverifikasi ID (jika ditawarkan). + +Saat membeli kartu hadiah secara daring, biasanya ada sedikit diskon. Kartu prabayar biasanya dijual secara daring dengan harga nominal atau dengan biaya. Jika Anda membeli kartu prabayar dan kartu hadiah dengan mata uang kripto, Anda sebaiknya memilih untuk membayar dengan Monero yang memberikan privasi yang kuat, lebih lanjut tentang hal ini di bawah ini. Membayar kartu hadiah dengan metode pembayaran yang dapat dilacak meniadakan manfaat yang dapat diberikan oleh kartu hadiah ketika dibeli dengan uang tunai atau Monero. + +- [Pasar Kartu Hadiah Daring :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Kartu Virtual + +Cara lain untuk melindungi informasi Anda dari penjual daring adalah dengan menggunakan kartu virtual sekali pakai yang menyembunyikan informasi perbankan atau penagihan Anda yang sebenarnya. Hal ini terutama berguna untuk melindungi Anda dari pelanggaran data penjual, pelacakan yang kurang canggih atau korelasi pembelian oleh agen pemasaran, dan pencurian data daring. Mereka **tidak** membantu Anda dalam melakukan pembelian sepenuhnya secara anonim, dan mereka juga tidak menyembunyikan informasi apa pun dari lembaga perbankan itu sendiri. Lembaga keuangan biasa yang menawarkan kartu virtual tunduk pada undang-undang "Kenali Nasabah Anda" (KYC), yang berarti mereka mungkin memerlukan ID Anda atau informasi identifikasi lainnya. + +- [Layanan Penyamaran Pembayaran yang Direkomendasikan :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +Ini cenderung menjadi pilihan yang baik untuk pembayaran berulang/langganan secara daring, sementara kartu hadiah prabayar lebih disukai untuk transaksi satu kali. + +## Mata Uang Kripto + +Mata uang kripto adalah bentuk mata uang digital yang dirancang untuk bekerja tanpa otoritas pusat seperti pemerintah atau bank. Meskipun *beberapa* proyek mata uang kripto memungkinkan Anda untuk melakukan transaksi pribadi secara daring, banyak yang menggunakan blockchain publik yang tidak memberikan privasi transaksi. Mata uang kripto juga cenderung merupakan aset yang sangat fluktuatif, artinya nilainya dapat berubah dengan cepat dan signifikan kapan saja. Oleh karena itu, kami umumnya tidak menyarankan penggunaan mata uang kripto sebagai penyimpan nilai jangka panjang. Jika Anda memutuskan untuk menggunakan mata uang kripto secara daring, pastikan Anda memiliki pemahaman penuh mengenai aspek privasinya terlebih dahulu, dan hanya menginvestasikan jumlah yang tidak akan menyebabkan kerugian besar. + +!!! danger + + Sebagian besar mata uang kripto beroperasi pada blockchain **publik**, yang berarti bahwa setiap transaksi diketahui oleh publik. Ini termasuk mata uang kripto yang paling terkenal seperti Bitcoin dan Ethereum. Transaksi dengan mata uang kripto ini tidak dapat dianggap sebagai transaksi pribadi dan tidak akan melindungi anonimitas Anda. + + Selain itu, banyak atau bahkan sebagian besar mata uang kripto adalah penipuan. Lakukan transaksi dengan hati-hati hanya dengan proyek yang Anda percayai. + +### Koin Privasi + +Ada sejumlah proyek mata uang kripto yang bertujuan untuk memberikan privasi dengan membuat transaksi menjadi anonim. Kami menyarankan untuk menggunakan salah satu yang menyediakan anonimitas transaksi **secara bawaan** untuk menghindari kesalahan operasional. + +- [Mata Uang Kripto yang Direkomendasikan :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Koin privasi telah menjadi sasaran pengawasan yang semakin meningkat oleh badan-badan pemerintah. Pada tahun 2020, [IRS menerbitkan bounty $625,000](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) untuk alat yang dapat memecahkan Jaringan Lightning Bitcoin dan/atau privasi transaksi Monero. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/id/advanced/tor-overview.md b/i18n/id/advanced/tor-overview.md index f2f54a1a..dd9d2a95 100644 --- a/i18n/id/advanced/tor-overview.md +++ b/i18n/id/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.id.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/id/android.md b/i18n/id/android.md index 1a28ee46..3da86daa 100644 --- a/i18n/id/android.md +++ b/i18n/id/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/assets/img/how-tor-works/tor-encryption-dark.svg b/i18n/id/assets/img/how-tor-works/tor-encryption-dark.svg index 95e68157..423419f4 100644 --- a/i18n/id/assets/img/how-tor-works/tor-encryption-dark.svg +++ b/i18n/id/assets/img/how-tor-works/tor-encryption-dark.svg @@ -48,18 +48,18 @@ - Your + Perangkat - Device + Anda - Sending data to a website + Mengirim data ke situs web - Receiving data from a website + Menerima data dari situs web @@ -70,17 +70,17 @@ - Entry + Entri - Middle + Tengah - Exit + Keluar @@ -95,17 +95,17 @@ - Entry + Entri - Middle + Tengah - Exit + Keluar diff --git a/i18n/id/assets/img/how-tor-works/tor-encryption.svg b/i18n/id/assets/img/how-tor-works/tor-encryption.svg index f5b1e291..1bf0ebba 100644 --- a/i18n/id/assets/img/how-tor-works/tor-encryption.svg +++ b/i18n/id/assets/img/how-tor-works/tor-encryption.svg @@ -48,18 +48,18 @@ - Your + Perangkat - Device + Anda - Sending data to a website + Mengirim data ke situs web - Receiving data from a website + Menerima data dari situs web @@ -70,17 +70,17 @@ - Entry + Entri - Middle + Tengah - Exit + Keluar @@ -95,17 +95,17 @@ - Entry + Entri - Middle + Tengah - Exit + Keluar diff --git a/i18n/id/assets/img/how-tor-works/tor-path-dark.svg b/i18n/id/assets/img/how-tor-works/tor-path-dark.svg index 9002c9b1..0e24fde1 100644 --- a/i18n/id/assets/img/how-tor-works/tor-path-dark.svg +++ b/i18n/id/assets/img/how-tor-works/tor-path-dark.svg @@ -29,17 +29,17 @@ - Entry + Entri - Middle + Tengah - Exit + Keluar diff --git a/i18n/id/assets/img/how-tor-works/tor-path.svg b/i18n/id/assets/img/how-tor-works/tor-path.svg index cb53d8b1..7aea9185 100644 --- a/i18n/id/assets/img/how-tor-works/tor-path.svg +++ b/i18n/id/assets/img/how-tor-works/tor-path.svg @@ -29,17 +29,17 @@ - Entry + Entri - Middle + Tengah - Exit + Keluar diff --git a/i18n/id/basics/account-creation.md b/i18n/id/basics/account-creation.md index 7793be8a..f80a509f 100644 --- a/i18n/id/basics/account-creation.md +++ b/i18n/id/basics/account-creation.md @@ -1,64 +1,65 @@ --- -title: "Account Creation" +title: "Pembuatan Akun" icon: 'material/account-plus' +description: Membuat akun online bisa dibilang merupakan kebutuhan internet, lakukan langkah-langkah ini untuk memastikan Anda tetap privat. --- -Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. +Seringkali orang mendaftar untuk layanan tanpa berpikir. Mungkin itu adalah layanan streaming sehingga Anda dapat menonton acara baru yang dibicarakan semua orang, atau akun yang memberi Anda diskon untuk tempat makanan cepat saji favorit Anda. Apa pun masalahnya, Anda harus mempertimbangkan implikasi untuk data Anda sekarang dan di kemudian hari. -There are risks associated with every new service that you use. Data breaches; disclosure of customer information to third parties; rogue employees accessing data; all are possibilities that must be considered when giving your information out. You need to be confident that you can trust the service, which is why we don't recommend storing valuable data on anything but the most mature and battle-tested products. That usually means services which provide E2EE and have undergone a cryptographic audit. An audit increases assurance that the product was designed without glaring security issues caused by an inexperienced developer. +Ada risiko yang terkait dengan setiap layanan baru yang Anda gunakan. Pelanggaran data; pengungkapan informasi pelanggan kepada pihak ketiga; karyawan nakal yang mengakses data; semuanya adalah kemungkinan yang harus dipertimbangkan ketika memberikan informasi Anda. Anda harus yakin bahwa Anda bisa mempercayai layanan ini, itulah sebabnya kami tidak menyarankan untuk menyimpan data berharga pada apa pun kecuali pada produk yang paling matang dan telah teruji. Hal ini biasanya berarti layanan yang menyediakan E2EE dan telah menjalani audit kriptografi. Audit meningkatkan jaminan bahwa produk dirancang tanpa masalah keamanan mencolok yang disebabkan oleh pengembang yang tidak berpengalaman. -It can also be difficult to delete the accounts on some services. Sometimes [overwriting data](account-deletion.md#overwriting-account-information) associated with an account can be possible, but in other cases the service will keep an entire history of changes to the account. +Mungkin juga sulit untuk menghapus akun pada beberapa layanan. Terkadang [menimpa data](account-deletion.md#overwriting-account-information) yang terkait dengan akun dapat dilakukan, tetapi dalam kasus lain layanan akan menyimpan seluruh riwayat perubahan pada akun. -## Terms of Service & Privacy Policy +## Ketentuan Layanan & Kebijakan Privasi -The ToS are the rules that you agree to follow when using the service. With larger services these rules are often enforced by automated systems. Sometimes these automated systems can make mistakes. For example, you may be banned or locked out of your account on some services for using a VPN or VOIP number. Appealing such bans is often difficult, and involves an automated process too, which isn't always successful. This would be one of the reasons why we wouldn't suggest using Gmail for email as an example. Email is crucial for access to other services you might have signed up for. +ToS adalah peraturan yang Anda setujui untuk diikuti saat menggunakan layanan. Pada layanan yang lebih besar aturan-aturan ini sering kali ditegakkan oleh sistem otomatis. Terkadang sistem otomatis ini bisa membuat kesalahan. Sebagai contoh, Anda mungkin diblokir atau dikunci dari akun Anda pada beberapa layanan karena menggunakan nomor VPN atau VOIP. Mengajukan banding atas larangan semacam itu sering kali sulit, dan melibatkan proses otomatis juga, yang tidak selalu berhasil. Ini akan menjadi salah satu alasan mengapa kami tidak menyarankan menggunakan Gmail untuk email sebagai contoh. Email sangat penting untuk akses ke layanan lain yang mungkin telah Anda daftarkan. -The Privacy Policy is how the service says they will use your data and it is worth reading so that you understand how your data will be used. A company or organization might not be legally obligated to follow everything contained in the policy (it depends on the jurisdiction). We would recommend having some idea what your local laws are and what they permit a provider to collect. +Kebijakan Privasi adalah bagaimana layanan mengatakan bahwa mereka akan menggunakan data Anda dan perlu dibaca agar Anda memahami bagaimana data Anda akan digunakan. Perusahaan atau organisasi mungkin tidak diwajibkan secara hukum untuk mengikuti semua yang tercantum dalam kebijakan (tergantung pada yurisdiksi). Kami sarankan Anda mengetahui undang-undang setempat dan apa yang diizinkan oleh penyedia layanan untuk dikumpulkan. -We recommend looking for particular terms such as "data collection", "data analysis", "cookies", "ads" or "3rd-party" services. Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start. +Sebaiknya cari istilah-istilah tertentu seperti "pengumpulan data", "analisis data", "cookie", "iklan", atau layanan "pihak ketiga". Sometimes you will be able to opt-out from data collection or from sharing your data, but it is best to choose a service that respects your privacy from the start. Keep in mind you're also placing your trust in the company or organization and that they will comply with their own privacy policy. -## Authentication methods +## Metode autentikasi -There are usually multiple ways to sign up for an account, each with their own benefits and drawbacks. +Biasanya ada beberapa cara untuk mendaftar akun, masing-masing dengan kelebihan dan kekurangannya sendiri. -### Email and password +### Email dan kata sandi -The most common way to create a new account is by an email address and password. When using this method, you should use a password manager and follow [best practices](passwords-overview.md) regarding passwords. +Cara paling umum untuk membuat akun baru adalah dengan alamat email dan kata sandi. Saat menggunakan metode ini, Anda harus menggunakan pengelola kata sandi dan mengikuti [praktik terbaik](passwords-overview.md) mengenai kata sandi. !!! tip - You can use your password manager to organize other authentication methods too! Just add the new entry and fill the appropriate fields, you can add notes for things like security questions or a backup key. + Anda juga dapat menggunakan pengelola kata sandi untuk mengatur metode autentikasi lainnya! Cukup tambahkan entri baru dan isi kolom yang sesuai, Anda bisa menambahkan catatan untuk hal-hal seperti pertanyaan keamanan atau kunci cadangan. -You will be responsible for managing your login credentials. For added security, you can set up [MFA](multi-factor-authentication.md) on your accounts. +Anda akan bertanggung jawab untuk mengelola kredensial login Anda. Untuk keamanan tambahan, Anda dapat mengatur [MFA](multi-factor-authentication.md) pada akun Anda. -[Recommended password managers](../passwords.md ""){.md-button} +[Pengelola kata sandi yang direkomendasikan](../passwords.md ""){.md-button} #### Email aliases -If you don't want to give your real email address to a service, you have the option to use an alias. We described them in more detail on our email services recommendation page. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. This can help prevent tracking across services and help you manage the marketing emails that sometimes come with the sign up process. Those can be filtered automatically based on the alias they are sent to. +Jika Anda tidak ingin memberikan alamat email asli Anda ke layanan, Anda memiliki opsi untuk menggunakan alias. Kami menjelaskannya secara lebih rinci di halaman rekomendasi layanan email kami. Essentially, alias services allow you to generate new email addresses that forward all emails to your main address. Hal ini dapat membantu mencegah pelacakan di seluruh layanan dan membantu Anda mengelola email pemasaran yang terkadang menyertai proses pendaftaran. Semua itu dapat disaring secara otomatis berdasarkan alias yang dikirim. -Should a service get hacked, you might start receiving phishing or spam emails to the address you used to sign up. Using unique aliases for each service can assist in identifying exactly what service was hacked. +Jika layanan diretas, Anda mungkin akan mulai menerima email phishing atau spam ke alamat yang Anda gunakan untuk mendaftar. Using unique aliases for each service can assist in identifying exactly what service was hacked. [Recommended email aliasing services](../email.md#email-aliasing-services ""){.md-button} -### Single sign-on +### Sistem masuk tunggal -!!! note +!!! catatan We are discussing Single sign-on for personal use, not enterprise users. Single sign-on (SSO) is an authentication method that allows you to register for a service without sharing much information, if any. Whenever you see something along the lines of "Sign-in with *provider name*" on a registration form it's SSO. -When you choose single sign-on in a website, it will prompt your SSO provider login page and after that your account will be connected. Your password won't be shared but some basic information will (you can review it during the login request). This process is needed every time you want to log in to the same account. +When you choose single sign-on in a website, it will prompt your SSO provider login page and after that your account will be connected. Kata sandi Anda tidak akan dibagikan tetapi beberapa informasi dasar akan (Anda dapat memeriksanya selama permintaan login). Proses ini diperlukan setiap kali Anda ingin masuk ke akun yang sama. -The main advantages are: +Keuntungan utama adalah: - **Security**: no risk of being involved in a [data breach](https://en.wikipedia.org/wiki/Data_breach) because the website does not store your credentials. - **Ease of use**: multiple accounts are managed by a single login. -But there are disadvantages: +Tetapi ada kelemahan: - **Privacy**: a SSO provider will know the services you use. - **Centralization**: if your SSO account gets compromised or you aren't able to login to it, all other accounts connected to it are affected. @@ -67,16 +68,14 @@ SSO can be especially useful in those situations where you could benefit from de All services that use SSO will be as secure as your SSO account. For example, if you want to secure an account with a hardware key but that service doesn't support hardware keys, you can secure your SSO account with a hardware key and now you essentially have hardware MFA on all your accounts. It is worth noting though that weak authentication on your SSO account means that any account tied to that login will also be weak. -### Phone number +### Nomor telepon -We recommend avoiding services that require a phone number for sign up. A phone number can identity you across multiple services and depending on data sharing agreements this will make your usage easier to track, particularly if one of those services is breached as the phone number is often **not** encrypted. +Kami sarankan untuk menghindari layanan yang memerlukan nomor telepon untuk mendaftar. Nomor telepon dapat menjadi identitas Anda di berbagai layanan dan tergantung pada perjanjian berbagi data, hal ini akan membuat penggunaan Anda lebih mudah dilacak, terutama jika salah satu layanan tersebut dibobol karena nomor telepon sering kali **tidak** dienkripsi. -You should avoid giving out your real phone number if you can. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts. +Anda harus menghindari memberikan nomor telepon asli Anda jika Anda bisa. Some services will allow the use of VOIP numbers, however these often trigger fraud detection systems, causing an account to be locked down, so we don't recommend that for important accounts. -In many cases you will need to provide a number that you can receive SMS or calls from, particularly when shopping internationally, in case there is a problem with your order at border screening. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number! +Dalam banyak kasus, Anda perlu memberikan nomor yang dapat digunakan untuk menerima SMS atau telepon, terutama saat berbelanja internasional, untuk berjaga-jaga jika terjadi masalah dengan pesanan Anda saat pemeriksaan di perbatasan. It's common for services to use your number as a verification method; don't let yourself get locked out of an important account because you wanted to be clever and give a fake number! -### Username and password +### Nama pengguna dan kata sandi -Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.id.txt" +Beberapa layanan memungkinkan Anda untuk mendaftar tanpa menggunakan alamat email dan hanya mengharuskan Anda untuk mengatur nama pengguna dan kata sandi. Layanan ini dapat memberikan peningkatan anonimitas bila dikombinasikan dengan VPN atau Tor. Perlu diingat bahwa untuk akun-akun ini kemungkinan besar tidak akan ada **cara untuk memulihkan akun Anda** jika Anda lupa nama pengguna atau kata sandi Anda. diff --git a/i18n/id/basics/account-deletion.md b/i18n/id/basics/account-deletion.md index 686524a5..6fa6c271 100644 --- a/i18n/id/basics/account-deletion.md +++ b/i18n/id/basics/account-deletion.md @@ -1,15 +1,16 @@ --- -title: "Account Deletion" +title: "Penghapusan Akun" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- -Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. +Seiring waktu, mudah sekali untuk menumpuk sejumlah akun online, yang banyak di antaranya mungkin sudah tidak Anda gunakan lagi. Menghapus akun-akun yang tidak terpakai ini merupakan langkah penting untuk mendapatkan kembali privasi Anda, karena akun-akun yang tidak aktif rentan terhadap pelanggaran data. Pelanggaran data adalah ketika keamanan layanan terganggu dan informasi yang dilindungi dilihat, dikirim, atau dicuri oleh pihak yang tidak berwenang. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. -## Finding Old Accounts +## Menemukan Akun Lama -### Password Manager +### Pengelola Kata Sandi -If you have a password manager that you've used for your entire digital life, this part will be very easy. Oftentimes, they include built-in functionality for detecting if your credentials were exposed in a data breach—such as Bitwarden's [Data Breach Report](https://bitwarden.com/blog/have-you-been-pwned/). +Jika Anda memiliki pengelola kata sandi yang telah Anda gunakan untuk seluruh kehidupan digital Anda, bagian ini akan sangat mudah. Oftentimes, they include built-in functionality for detecting if your credentials were exposed in a data breach—such as Bitwarden's [Data Breach Report](https://bitwarden.com/blog/have-you-been-pwned/).
![Bitwarden's Data Breach Report feature](../assets/img/account-deletion/exposed_passwords.png) @@ -17,16 +18,16 @@ If you have a password manager that you've used for your entire digital life, th Even if you haven't explicitly used a password manager before, there's a chance you've used the one in your browser or your phone without even realizing it. For example: [Firefox Password Manager](https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins), [Google Password Manager](https://passwords.google.com/intro) and [Edge Password Manager](https://support.microsoft.com/en-us/microsoft-edge/save-or-forget-passwords-in-microsoft-edge-b4beecb0-f2a8-1ca0-f26f-9ec247a3f336). -Desktop platforms also often have a password manager which may help you recover passwords you've forgotten about: +Platform desktop juga sering kali memiliki pengelola kata sandi yang dapat membantu Anda memulihkan kata sandi yang Anda lupakan: -- Windows [Credential Manager](https://support.microsoft.com/en-us/windows/accessing-credential-manager-1b5c916a-6a16-889f-8581-fc16e8165ac0) -- macOS [Passwords](https://support.apple.com/en-us/HT211145) -- iOS [Passwords](https://support.apple.com/en-us/HT211146) -- Linux, Gnome Keyring, which can be accessed through [Seahorse](https://help.gnome.org/users/seahorse/stable/passwords-view.html.en) or [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager) +- Windows [Manajer Kredensial](https://support.microsoft.com/en-us/windows/accessing-credential-manager-1b5c916a-6a16-889f-8581-fc16e8165ac0) +- macOS [Kata Sandi](https://support.apple.com/en-us/HT211145) +- iOS [Kata Sandi](https://support.apple.com/en-us/HT211146) +- Linux, Gnome Keyring, yang dapat diakses melalui [Seahorse](https://help.gnome.org/users/seahorse/stable/passwords-view.html.en) atau [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager) ### Email -If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts. +Jika Anda tidak menggunakan pengelola kata sandi di masa lalu atau Anda merasa memiliki akun yang tidak pernah ditambahkan ke pengelola kata sandi Anda, opsi lainnya adalah mencari akun email yang Anda yakini telah Anda daftarkan. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts. ## Deleting Old Accounts @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/basics/common-misconceptions.md b/i18n/id/basics/common-misconceptions.md index 6dca77e2..8452a071 100644 --- a/i18n/id/basics/common-misconceptions.md +++ b/i18n/id/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Kesalahpahaman Umum" icon: 'material/robot-confused' +description: Privasi bukanlah topik yang mudah, dan mudah sekali terjebak dalam klaim pemasaran dan disinformasi lainnya. --- ## "Perangkat lunak sumber terbuka selalu aman" atau "Perangkat lunak sumber tertutup lebih aman" @@ -56,6 +57,4 @@ Salah satu model ancaman yang paling jelas adalah model di mana orang *tahu siap Menggunakan Tor dapat membantu dalam hal ini. Perlu juga dicatat bahwa anonimitas yang lebih baik dimungkinkan melalui komunikasi asinkron: Komunikasi waktu nyata rentan terhadap analisis pola pengetikan (misalnya lebih dari satu paragraf teks, didistribusikan di forum, melalui surel, dll.) ---8<-- "includes/abbreviations.id.txt" - [^1]: Salah satu contoh penting dari hal ini adalah [insiden pada 2021 di mana para peneliti Universitas Minnesota memperkenalkan tiga kerentanan ke dalam proyek pengembangan kernel Linux](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/id/basics/common-threats.md b/i18n/id/basics/common-threats.md index bce2f6a2..da762a09 100644 --- a/i18n/id/basics/common-threats.md +++ b/i18n/id/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Ancaman Umum" icon: 'material/eye-outline' +description: Model ancaman Anda bersifat pribadi bagi Anda, tetapi ini adalah beberapa hal yang dipedulikan oleh banyak pengunjung situs ini. --- Secara garis besar, kami mengkategorikan rekomendasi kami ke dalam [ancaman](threat-modeling.md) atau tujuan yang berlaku untuk kebanyakan orang. ==Anda mungkin tidak peduli dengan tidak ada, satu, beberapa, atau semua kemungkinan ini==, dan alat dan layanan yang Anda gunakan tergantung pada tujuan Anda. Anda mungkin juga memiliki ancaman khusus di luar kategori ini, dan itu tidak masalah! Bagian yang penting adalah mengembangkan pemahaman tentang manfaat dan kekurangan alat yang Anda pilih untuk digunakan, karena hampir tidak ada satu pun yang akan melindungi Anda dari setiap ancaman. @@ -140,8 +141,6 @@ Orang-orang yang khawatir dengan ancaman penyensoran dapat menggunakan teknologi Anda harus selalu mempertimbangkan risiko mencoba menerobos sensor, konsekuensi potensial, dan seberapa canggih musuh Anda. Anda harus berhati-hati dalam memilih perangkat lunak, dan memiliki rencana cadangan untuk berjaga-jaga seandainya Anda ketahuan. ---8<-- "includes/abbreviations.id.txt" - [^1]: Wikipedia: [*Pengawasan Massal*](https://en.wikipedia.org/wiki/Mass_surveillance) dan [*Pengawasan*](https://en.wikipedia.org/wiki/Surveillance). [^2]: Badan Pengawasan Privasi dan Kebebasan Sipil Amerika Serikat: [*Laporan tentang Program Rekaman Telepon yang Dilakukan berdasarkan Pasal 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Kapitalisme pengawasan*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/id/basics/email-security.md b/i18n/id/basics/email-security.md index b4a8732b..f0c2fb57 100644 --- a/i18n/id/basics/email-security.md +++ b/i18n/id/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/basics/multi-factor-authentication.md b/i18n/id/basics/multi-factor-authentication.md index 81bc62f6..e9520013 100644 --- a/i18n/id/basics/multi-factor-authentication.md +++ b/i18n/id/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- -title: "Multi-Factor Authentication" +title: "Autentikasi Multifaktor" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/basics/passwords-overview.md b/i18n/id/basics/passwords-overview.md index 7be192d6..6858d8b5 100644 --- a/i18n/id/basics/passwords-overview.md +++ b/i18n/id/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/basics/threat-modeling.md b/i18n/id/basics/threat-modeling.md index 15cad795..e3ac3ff8 100644 --- a/i18n/id/basics/threat-modeling.md +++ b/i18n/id/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -98,7 +99,7 @@ Only once you have asked yourself these questions will you be in a position to a Making a security plan will help you to understand the threats that are unique to you and to evaluate your assets, your adversaries, and your adversaries' capabilities, along with the likelihood of risks you face. -## Further Reading +## Bacaan Lebih Lanjut For people looking to increase their privacy and security online, we've compiled a list of common threats our visitors face or goals our visitors have, to give you some inspiration and demonstrate the basis of our recommendations. @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/basics/vpn-overview.md b/i18n/id/basics/vpn-overview.md index 04f761ca..19d971fe 100644 --- a/i18n/id/basics/vpn-overview.md +++ b/i18n/id/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks mengalihkan risiko dari ISP Anda ke pihak ketiga yang Anda percayai. Anda harus mengingat hal-hal ini. --- -Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). +Virtual Private Networks adalah cara untuk memperluas ujung jaringan Anda untuk keluar ke tempat lain di dunia. ISP dapat melihat arus lalu lintas internet yang masuk dan keluar dari perangkat terminasi jaringan Anda (misalnya modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/calendar.md b/i18n/id/calendar.md index a1f4af64..bbcb033a 100644 --- a/i18n/id/calendar.md +++ b/i18n/id/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/cloud.md b/i18n/id/cloud.md index 5e694672..2bcc2596 100644 --- a/i18n/id/cloud.md +++ b/i18n/id/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/cryptocurrency.md b/i18n/id/cryptocurrency.md new file mode 100644 index 00000000..a8d99b9e --- /dev/null +++ b/i18n/id/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Lakukan transaksi dengan hati-hati hanya dengan proyek yang Anda percayai. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/id/data-redaction.md b/i18n/id/data-redaction.md index d2426c05..961594a8 100644 --- a/i18n/id/data-redaction.md +++ b/i18n/id/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/desktop-browsers.md b/i18n/id/desktop-browsers.md index e1bb3815..1c21c296 100644 --- a/i18n/id/desktop-browsers.md +++ b/i18n/id/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.id.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/id/desktop.md b/i18n/id/desktop.md index 8003f3d2..2db4d119 100644 --- a/i18n/id/desktop.md +++ b/i18n/id/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/dns.md b/i18n/id/dns.md index 75593fab..ad862b42 100644 --- a/i18n/id/dns.md +++ b/i18n/id/dns.md @@ -1,49 +1,48 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. DNS terenkripsi tidak akan membantu Anda menyembunyikan aktivitas penjelajahan Anda. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} -## Recommended Providers +## Penyedia yang Direkomendasikan -| DNS Provider | Privacy Policy | Protocols | Logging | ECS | Filtering | -| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------ | -| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH/3
DoT
DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | -| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH/3
DoT | Some[^2] | No | Based on server choice. | -| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH/3
DoT
DoQ | Optional[^3] | No | Based on server choice. | -| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | -| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH/3
DoT | Optional[^5] | Optional | Based on server choice. | -| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
DoH
DoT
DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. | +| Penyedia DNS | Kebijakan Privasi | Protokol | Pencatatan Log | ECS | Pemfilteran | +| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | -------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
DoH/3
DoT
DNSCrypt | Beberapa[^1] | Tidak | Berdasarkan pilihan server. Daftar filter yang digunakan dapat ditemukan di sini. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
DoH/3
DoT | Beberapa[^2] | Tidak | Berdasarkan pilihan server. | +| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
DoH/3
DoT
DoQ | Opsional[^3] | Tidak | Berdasarkan pilihan server. | +| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
DoT | Tidak[^4] | Tidak | Berdasarkan pilihan server. Daftar filter yang digunakan dapat ditemukan di sini. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | +| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
DoH/3
DoT | Opsional[^5] | Opsional | Berdasarkan pilihan server. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
DoH
DoT
DNSCrypt | Beberapa[^6] | Opsional | Berdasarkan pilihan server, pemblokiran malware secara default. | -## Criteria +## Kriteria -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Harap dicatat bahwa kami tidak berafiliasi dengan proyek-proyek yang kami rekomendasikan.** Selain [kriteria standar kami](about/criteria.md), kami telah mengembangkan serangkaian persyaratan yang jelas untuk memungkinkan kami memberikan rekomendasi yang objektif. Kami sarankan Anda membiasakan diri dengan daftar ini sebelum memilih untuk menggunakan sebuah proyek, dan melakukan riset sendiri untuk memastikan bahwa itu adalah pilihan yang tepat untuk Anda. -!!! example "This section is new" +!!! contoh "Bagian ini baru" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Kami sedang berupaya menetapkan kriteria yang ditentukan untuk setiap bagian dari situs kami, dan hal ini dapat berubah sewaktu-waktu. Jika Anda memiliki pertanyaan tentang kriteria kami, silakan [tanyakan di forum kami](https://discuss.privacyguides.net/latest) dan jangan berasumsi bahwa kami tidak mempertimbangkan sesuatu saat membuat rekomendasi jika tidak tercantum di sini. Ada banyak faktor yang dipertimbangkan dan didiskusikan saat kami merekomendasikan sebuah proyek, dan mendokumentasikan setiap faktor tersebut merupakan pekerjaan yang sedang berjalan. -- Must support [DNSSEC](advanced/dns-overview.md#what-is-dnssec). +- Harus mendukung [DNSSEC](advanced/dns-overview.md#what-is-dnssec). - [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization). -- Allow for [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) to be disabled. +- Izinkan [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) dinonaktifkan. - Prefer [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support or geo-steering support. -## Native Operating System Support +## Dukungan Sistem Operasi Asli ### Android -Android 9 and above support DNS over TLS. The settings can be found in: **Settings** → **Network & Internet** → **Private DNS**. +Android 9 ke atas mendukung DNS melalui TLS. Pengaturan dapat ditemukan di: **Pengaturan** → **Jaringan & Internet** → **DNS Pribadi**. -### Apple Devices +### Perangkat Apple -The latest versions of iOS, iPadOS, tvOS, and macOS, support both DoT and DoH. Both protocols are supported natively via [configuration profiles](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) or through the [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings). +Versi terbaru iOS, iPadOS, tvOS, dan macOS, mendukung DoT dan DoH. Kedua protokol didukung secara bawaan melalui [profil konfigurasi](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) atau melalui [API Pengaturan DNS](https://developer.apple.com/documentation/networkextension/dns_settings). -After installation of either a configuration profile or an app that uses the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings. +Setelah pemasangan profil konfigurasi atau aplikasi yang menggunakan API Pengaturan DNS, konfigurasi DNS dapat dipilih. Jika VPN aktif, resolusi di dalam terowongan VPN akan menggunakan pengaturan DNS VPN dan bukan pengaturan seluruh sistem Anda. #### Signed Profiles @@ -51,27 +50,27 @@ Apple does not provide a native interface for creating encrypted DNS profiles. [ !!! info - `systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. + `systemd-resolved`, yang digunakan banyak distribusi Linux untuk melakukan pencarian DNS, belum [mendukung DoH](https://github.com/systemd/systemd/issues/8639). Jika Anda ingin menggunakan DoH, Anda perlu menginstal proxy seperti [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) dan [konfigurasikan] (https://wiki.archlinux.org/title/Dnscrypt-proxy) untuk mengambil semua permintaan DNS dari resolver sistem Anda dan meneruskannya melalui HTTPS. -## Encrypted DNS Proxies +## Proxy DNS Terenkripsi -Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns). +Perangkat lunak proxy DNS terenkripsi menyediakan proxy lokal untuk [DNS tidak terenkripsi](advanced/dns-overview.md#unencrypted-dns) resolver untuk diteruskan. Biasanya digunakan pada platform yang tidak mendukung [DNS terenkripsi](advanced/dns-overview.md#what-is-encrypted-dns). ### RethinkDNS !!! recommendation - ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right } - ![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right } + ![RethinkDNS logo ]( assets/img/android/rethinkdns.svg#only-light ){ align=right } + ![RethinkDNS logo ]( assets/img/android/rethinkdns-dark.svg#only-dark ){ align=right } - **RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too. + ** RethinkDNS ** adalah klien Android open - source yang mendukung [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) dan DNS Proxy bersama dengan tanggapan DNS cache, permintaan DNS logging lokal dan dapat digunakan sebagai firewall juga. - [:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Source Code" } + [:octicons-home-16: Beranda ]( https://rethinkdns.com){ .md-button .md-button--primary } + [:octicons-eye-16:]( https://rethinkdns.com/privacy ){.card-link title=" Kebijakan Privasi "} + [:octicons-info-16:]( https://docs.rethinkdns.com/){.card-link title=Dokumentasi} + [:octicons-code-16:]( https://github.com/celzero/rethink-app ){.card-link title=" Kode Sumber "} - ??? downloads + ??? unduhan - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns) - [:simple-github: GitHub](https://github.com/celzero/rethink-app/releases) @@ -80,26 +79,26 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad !!! recommendation - ![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right } + ![dnscrypt - proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right } - **dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS). + **dnscrypt - proxy ** adalah proxy DNS dengan dukungan untuk [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), dan [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonimized-DNS). - !!! warning "The anonymized DNS feature does [**not**](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic." + !!! peringatan "Fitur DNS anonim tidak [**tidak**]( advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) menganonimkan lalu lintas jaringan lainnya." - [:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary } - [:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" } - [:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Contribute } + [:octicons-repo-16: Repositori](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Dokumentasi} + [:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Kode Sumber" } + [:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Kontribusi } - ??? downloads + ??? unduhan - [:simple-windows11: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows) - [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS) - [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux) -## Self-hosted Solutions +## Solusi yang dihosting sendiri -A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed. +Solusi DNS yang dihosting sendiri berguna untuk menyediakan penyaringan pada platform terkontrol, seperti Smart TV dan perangkat IoT lainnya, karena tidak ada perangkat lunak di sisi klien yang diperlukan. ### AdGuard Home @@ -116,7 +115,7 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" } -### Pi-hole +### Pi - hole !!! recommendation @@ -132,11 +131,9 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.id.txt" - -[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) -[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) -[^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) -[^4]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/) -[^5]: NextDNS can provide insights and logging features on an opt-in basis. You can choose retention times and log storage locations for any logs you choose to keep. If it's not specifically requested, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy) -[^6]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/) +[^1]: AdGuard menyimpan metrik kinerja agregat dari server DNS mereka, yaitu jumlah permintaan lengkap ke server tertentu, jumlah permintaan yang diblokir, dan kecepatan pemrosesan permintaan. Mereka juga menjaga dan menyimpan basis data domain yang diminta dalam waktu 24 jam terakhir. "Kami membutuhkan informasi ini untuk mengidentifikasi dan memblokir pelacak dan ancaman baru." "Kami juga mencatat berapa kali pelacak ini atau itu telah diblokir. Kami membutuhkan informasi ini untuk menghapus aturan usang dari filter kami." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) +[^2]: Cloudflare hanya mengumpulkan dan menyimpan data permintaan DNS terbatas yang dikirim ke resolver 1.1.1.1. Layanan resolver 1.1.1.1 tidak mencatat data pribadi, dan sebagian besar data kueri yang tidak dapat diidentifikasi secara pribadi hanya disimpan selama 25 jam. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) +[^3]: Control D hanya mencatat untuk resolver Premium dengan profil DNS khusus. Resolver gratis tidak mencatat data. [https://controld.com/privacy](https://controld.com/privacy) +[^4]: Layanan DNS Mullvad tersedia untuk pelanggan dan non-pelanggan Mullvad VPN. Kebijakan privasi mereka secara eksplisit mengklaim bahwa mereka tidak mencatat permintaan DNS dengan cara apa pun. [https://mullvad.net/en/help/no-logging-data-policy](https://mullvad.net/en/help/no-logging-data-policy/) +[^5]: NextDNS dapat menyediakan fitur wawasan dan pencatatan berdasarkan basis partisipasi. Anda dapat memilih waktu penyimpanan dan lokasi penyimpanan log untuk setiap log yang Anda pilih untuk disimpan. Jika tidak diminta secara khusus, tidak ada data yang dicatat. [https://nextdns.io/privacy](https://nextdns.io/privacy) +[^6]: Quad9 mengumpulkan beberapa data untuk tujuan pemantauan dan tanggapan ancaman. Data itu kemudian dapat dicampur ulang dan dibagikan, seperti untuk tujuan penelitian keamanan. Quad9 tidak mengumpulkan atau mencatat alamat IP atau data lain yang mereka anggap dapat diidentifikasi secara pribadi. [https://www.quad9.net/privacy/policy](https://www.quad9.net/privacy/policy/) diff --git a/i18n/id/email-clients.md b/i18n/id/email-clients.md index 05bfec19..eec0e292 100644 --- a/i18n/id/email-clients.md +++ b/i18n/id/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/email.md b/i18n/id/email.md index ec800f76..96930675 100644 --- a/i18n/id/email.md +++ b/i18n/id/email.md @@ -1,21 +1,34 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- -Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. +Email bisa dibilang merupakan kebutuhan untuk menggunakan layanan online apa pun, namun kami tidak merekomendasikannya untuk percakapan antar orang. Daripada menggunakan email untuk menghubungi orang lain, pertimbangkan untuk menggunakan media pesan instan yang mendukung kerahasiaan ke depan. -[Recommended Instant Messengers](real-time-communication.md ""){.md-button} +[Pesan Instan yang Direkomendasikan](real-time-communication.md ""){.md-button} -For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +Untuk yang lainnya, kami merekomendasikan berbagai penyedia email yang didasarkan pada model bisnis yang berkelanjutan serta fitur keamanan dan privasi bawaan. -## OpenPGP Compatible Services +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +## Layanan yang Kompatibel dengan OpenPGP -!!! warning +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. Sebagai contoh, pengguna Proton Mail dapat mengirim pesan E2EE ke pengguna Mailbox.org, atau Anda dapat menerima notifikasi terenkripsi OpenPGP dari layanan internet yang mendukungnya. - When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about [email metadata](basics/email-security.md#email-metadata-overview). +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
+ +!!! peringatan + + Ketika menggunakan teknologi E2EE seperti OpenPGP, email akan tetap memiliki beberapa metadata yang tidak dienkripsi di header email. Read more about [email metadata](basics/email-security.md#email-metadata-overview). OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys) @@ -23,9 +36,9 @@ These providers natively support OpenPGP encryption/decryption, allowing for pro !!! recommendation - ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } + ![ Proton Mail logo ]( assets/img/email/protonmail.svg){ align=right } - **Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan. + **Proton Mail** adalah layanan email dengan fokus pada privasi, enkripsi, keamanan, dan kemudahan penggunaan. Mereka telah beroperasi sejak **2013 **. Proton AG berbasis di Genewa, Swiss. Akun dimulai dengan penyimpanan 500 MB dengan paket gratis mereka. [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } @@ -43,47 +56,47 @@ These providers natively support OpenPGP encryption/decryption, allowing for pro - [:simple-linux: Linux](https://proton.me/mail/bridge#download) - [:octicons-browser-16: Web](https://mail.proton.me) -Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com). +Akun gratis memiliki beberapa keterbatasan, seperti tidak dapat mencari teks tubuh dan tidak memiliki akses ke [Proton Mail Bridge](https://proton.me/mail/bridge), yang diperlukan untuk menggunakan [klien email desktop yang direkomendasikan](email-clients.md) (misalnya Thunderbird). Akun berbayar mencakup fitur-fitur seperti Proton Mail Bridge, penyimpanan tambahan, dan dukungan domain khusus. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free. +Jika Anda memiliki Paket Proton Unlimited, Bisnis, atau Visioner, Anda juga mendapatkan [SimpleLogin](#simplelogin) Premium secara gratis. -Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. +Proton Mail memiliki laporan kecelakaan internal yang tidak **** dibagikan kepada pihak ketiga. Ini dapat dinonaktifkan di: **Pengaturan** > **Buka Pengaturan** > **Akun** > **Keamanan dan privasi** > **Kirim laporan kerusakan**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. Penggunaan kunci keamanan U2F belum didukung. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Email ke akun Proton Mail lainnya dienkripsi secara otomatis, dan enkripsi ke alamat non-Proton Mail dengan kunci OpenPGP dapat diaktifkan dengan mudah di pengaturan akun Anda. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Hal ini memungkinkan orang yang tidak menggunakan Proton Mail untuk menemukan kunci OpenPGP akun Proton Mail dengan mudah, untuk lintas-penyedia E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail tidak menawarkan fitur warisan digital. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. Setelah 30 hari, akun Anda akan menjadi tunggakan dan tidak akan menerima surat masuk. Anda akan terus ditagih selama periode ini. + +#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan + +Proton Mail menawarkan akun "Unlimited" seharga €9,99/Bulan, yang juga memungkinkan akses ke Proton VPN selain menyediakan beberapa akun, domain, alias, dan penyimpanan 500GB. ### Mailbox.org @@ -91,53 +104,64 @@ Proton Mail has internal crash reports that they **do not** share with third par ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right } - **Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with 2 GB of storage, which can be upgraded as needed. + **Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. Mereka telah beroperasi sejak 2014. Mailbox.org berbasis di Berlin, Jerman. Akun dimulai dengan penyimpanan 2 GB, yang dapat ditingkatkan sesuai kebutuhan. [:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary } [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" } [:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentation} - ??? downloads + ??? unduhan - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. Namun, mereka menerima uang tunai melalui pos, pembayaran tunai ke rekening bank, transfer bank, kartu kredit, PayPal, dan beberapa prosesor khusus Jerman: paydirekt dan Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). Pesan baru yang Anda terima akan segera dienkripsi dengan kunci publik Anda. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. Fitur ini berguna ketika penerima jarak jauh tidak memiliki OpenPGP dan tidak dapat mendekripsi salinan email di kotak surat mereka sendiri. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Hal ini memungkinkan orang di luar Mailbox.org untuk menemukan kunci OpenPGP dari akun Mailbox.org dengan mudah, untuk lintas-penyedia E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org memiliki fitur warisan digital untuk semua paket. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## Penyedia Lainnya + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -146,53 +170,49 @@ Proton Mail has internal crash reports that they **do not** share with third par ![StartMail logo](assets/img/email/startmail.svg#only-light){ align=right } ![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ align=right } - **StartMail** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail has been in operation since 2014 and is based in Boulevard 11, Zeist Netherlands. Accounts start with 10GB. They offer a 30-day trial. + **StartMail** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail telah beroperasi sejak 2014 dan berbasis di Boulevard 11, Zeist Belanda. Akun dimulai dengan 10GB. Mereka menawarkan uji coba 30 hari. [:octicons-home-16: Homepage](https://www.startmail.com/){ .md-button .md-button--primary } [:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Privacy Policy" } [:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentation} - ??? downloads + ??? unduhan - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail menerima Visa, MasterCard, American Express, dan Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. Ketika Anda masuk, brankas dibuka, dan email kemudian dipindahkan ke brankas dari antrian di mana ia didekripsi oleh kunci pribadi yang sesuai. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail memungkinkan untuk proxy gambar dalam email. Jika Anda mengizinkan gambar jarak jauh dimuat, pengirim tidak akan tahu alamat IP Anda. ### Tutanota @@ -200,7 +220,7 @@ These providers store your emails with zero-knowledge encryption, making them gr ![Tutanota logo](assets/img/email/tutanota.svg){ align=right } - **Tutanota** is an email service with a focus on security and privacy through the use of encryption. Tutanota has been in operation since **2011** and is based in Hanover, Germany. Accounts start with 1GB storage with their free plan. + **Tutanota** is an email service with a focus on security and privacy through the use of encryption. Tutanota telah beroperasi sejak **2011** dan berbasis di Hanover, Jerman. Akun dimulai dengan penyimpanan 1GB dengan paket gratis mereka. [:octicons-home-16: Homepage](https://tutanota.com){ .md-button .md-button--primary } [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" } @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -376,18 +403,18 @@ For a more manual approach we've picked out these two articles: **Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you. -### Technology +### Teknologi We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** - Encrypts email account data at rest with zero-access encryption. - Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) standard. - Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy. - Operates on owned infrastructure, i.e. not built upon third-party email service providers. -**Best Case:** +**Kasus Terbaik:** - Encrypts all account data (Contacts, Calendars, etc) at rest with zero-access encryption. - Integrated webmail E2EE/PGP encryption provided as a convenience. @@ -398,26 +425,26 @@ We regard these features as important in order to provide a safe and optimal ser - Catch-all or alias functionality for those who own their own domains. - Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. -### Privacy +### Privasi -We prefer our recommended providers to collect as little data as possible. +Kami lebih memilih penyedia yang kami rekomendasikan untuk mengumpulkan data sesedikit mungkin. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** - Protect sender's IP address. Filter it from showing in the `Received` header field. - Don't require personally identifiable information (PII) besides a username and a password. - Privacy policy that meets the requirements defined by the GDPR - Must not be hosted in the US due to [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism) which has [yet to be reformed](https://epic.org/ecpa/). -**Best Case:** +**Kasus Terbaik:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) -### Security +### Keamanan Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** - Protection of webmail with 2FA, such as TOTP. - Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. @@ -428,58 +455,56 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. - Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. -**Best Case:** +**Kasus Terbaik:** - Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. - Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). -- Bug-bounty programs and/or a coordinated vulnerability-disclosure process. +- Program bug-bounty dan/atau proses pengungkapan kerentanan yang terkoordinasi. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) -### Trust +### Kepercayaan -You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. +You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? Kami mewajibkan penyedia layanan yang kami rekomendasikan untuk terbuka mengenai kepemilikan atau kepemimpinan mereka. Kami juga ingin melihat laporan transparansi yang lebih sering, terutama dalam hal bagaimana permintaan pemerintah ditangani. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** -- Public-facing leadership or ownership. +- Kepemimpinan atau kepemilikan yang berhadapan dengan publik. -**Best Case:** +**Kasus Terbaik:** -- Public-facing leadership. -- Frequent transparency reports. +- Kepemimpinan yang berhadapan dengan publik. +- Laporan transparansi yang sering. -### Marketing +### Pemasaran With the email providers we recommend we like to see responsible marketing. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** - Must self-host analytics (no Google Analytics, Adobe Analytics, etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. -Must not have any marketing which is irresponsible: +Tidak boleh melakukan pemasaran yang tidak bertanggung jawab: - Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: +- Menjamin perlindungan anonimitas 100%. Ketika seseorang membuat klaim bahwa sesuatu itu 100%, itu berarti tidak ada kepastian untuk gagal. Kami tahu bahwa orang dapat dengan mudah menyamarkan nama mereka dengan beberapa cara, misalnya: - Reusing personal information e.g. (email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc) -- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) +- [Sidik jari peramban](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) -**Best Case:** +**Kasus Terbaik:** - Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. -### Additional Functionality +### Fungsionalitas Tambahan While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/encryption.md b/i18n/id/encryption.md index 2799f306..ca8dffbf 100644 --- a/i18n/id/encryption.md +++ b/i18n/id/encryption.md @@ -1,6 +1,7 @@ --- title: "Perangkat Lunak Enkripsi" icon: material/file-lock +description: Enkripsi data adalah satu-satunya cara untuk mengendalikan siapa saja yang dapat mengaksesnya. These tools allow you to encrypt your emails and any other files. --- Enkripsi data adalah satu-satunya cara untuk mengendalikan siapa saja yang dapat mengaksesnya. Jika saat ini Anda tidak menggunakan perangkat lunak enkripsi untuk perangkat penyimpanan, surel, atau berkas Anda, Anda seharusnya memilih opsi di sini. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/file-sharing.md b/i18n/id/file-sharing.md index 2f18e254..3e79d791 100644 --- a/i18n/id/file-sharing.md +++ b/i18n/id/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/financial-services.md b/i18n/id/financial-services.md new file mode 100644 index 00000000..480c924c --- /dev/null +++ b/i18n/id/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/id/frontends.md b/i18n/id/frontends.md index 01dbbeb8..7f245f41 100644 --- a/i18n/id/frontends.md +++ b/i18n/id/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/index.md b/i18n/id/index.md index 2d9d4861..0e68ed75 100644 --- a/i18n/id/index.md +++ b/i18n/id/index.md @@ -40,5 +40,3 @@ Mencoba untuk melindungi semua data Anda dari semua orang setiap saat tidaklah p [:material-hand-coin-outline:](about/donate.md){ title="Dukung proyek ini" } Ini penting bagi situs web seperti Privacy Guides untuk selalu mendapatkan informasi yang terbaru. Kami membutuhkan audiens kami untuk mengawasi pembaruan perangkat lunak untuk aplikasi yang terdaftar di situs kami dan mengikuti berita terbaru tentang penyedia yang kami rekomendasikan. Memang sulit untuk mengimbangi kecepatan internet yang begitu cepat, tetapi kami berusaha sebaik mungkin. Jika Anda menemukan kesalahan, merasa bahwa sebuah penyedia tidak seharusnya terdaftar, melihat penyedia yang memenuhi syarat tidak ada, merasa plugin peramban tidak lagi menjadi pilihan terbaik, atau menemukan masalah lain, silakan beri tahu kami. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/kb-archive.md b/i18n/id/kb-archive.md index 95df3f6b..0759938b 100644 --- a/i18n/id/kb-archive.md +++ b/i18n/id/kb-archive.md @@ -1,11 +1,12 @@ --- title: Arsip Basis Pengetahuan icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Halaman Dipindahkan ke Blog -Beberapa halaman yang dulunya ada di basis pengetahuan kami sekarang dapat ditemukan di blog kami: +Some pages that used to be in our knowledge base can now be found on our blog: - [GrapheneOS vs. CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) - [Pengerasan Konfigurasi Signal](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) @@ -14,5 +15,3 @@ Beberapa halaman yang dulunya ada di basis pengetahuan kami sekarang dapat ditem - [Penghapusan Data Aman](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Mengintegrasikan Penghapusan Metadata](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [Panduan Konfigurasi iOS](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/meta/brand.md b/i18n/id/meta/brand.md index eb339fa6..1827f02a 100644 --- a/i18n/id/meta/brand.md +++ b/i18n/id/meta/brand.md @@ -2,7 +2,7 @@ title: Branding Guidelines --- -The name of the website is **Privacy Guides** and should **not** be changed to: +Nama situs web adalah **Privacy Guides** dan **tidak boleh** diubah menjadi:
- PrivacyGuides @@ -11,14 +11,12 @@ The name of the website is **Privacy Guides** and should **not** be changed to: - PG.org
-The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**. +Nama subreddit adalah **r/PrivacyGuides** atau **Privacy Guides Subreddit**. Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand) -## Trademark +## Merek dagang "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. -Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.id.txt" +Tanpa mengesampingkan hak - haknya, Privacy Guides tidak menyarankan orang lain tentang ruang lingkup hak kekayaan intelektualnya. Privacy Guides tidak mengizinkan atau menyetujui penggunaan merek dagangnya dengan cara apa pun yang dapat menyebabkan kebingungan dengan menyiratkan hubungan dengan atau sponsor oleh Privacy Guides. Jika Anda mengetahui adanya penggunaan semacam itu, silakan hubungi Jonah Aragon di jonah@privacyguides.org. Konsultasikan dengan penasihat hukum Anda jika Anda memiliki pertanyaan. diff --git a/i18n/id/meta/git-recommendations.md b/i18n/id/meta/git-recommendations.md index 97140bc9..d6af4ccd 100644 --- a/i18n/id/meta/git-recommendations.md +++ b/i18n/id/meta/git-recommendations.md @@ -1,8 +1,8 @@ --- -title: Git Recommendations +title: Rekomendasi Git --- -If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations. +Jika Anda membuat perubahan pada situs web ini di editor web GitHub.com secara langsung, Anda tidak perlu khawatir tentang hal ini. Jika Anda mengembangkan secara lokal dan/atau merupakan editor situs web jangka panjang (yang mungkin harus mengembangkan secara lokal!), pertimbangkan rekomendasi ini. ## Enable SSH Key Commit Signing @@ -28,21 +28,19 @@ Ensure you [add your SSH key to your GitHub account](https://docs.github.com/en/ ## Rebase on Git pull -Use `git pull --rebase` instead of `git pull` when pulling in changes from GitHub to your local machine. This way your local changes will always be "on top of" the latest changes on GitHub, and you avoid merge commits (which are disallowed in this repo). +Gunakan `git pull --rebase` alih-alih `git pull` saat menarik perubahan dari GitHub ke mesin lokal Anda. Dengan cara ini perubahan lokal Anda akan selalu "di atas" perubahan terbaru di GitHub, dan Anda menghindari komit gabungan (yang dilarang dalam repo ini). -You can set this to be the default behavior: +Anda dapat mengatur ini menjadi perilaku default: ``` git config --global pull.rebase true ``` -## Rebase from `main` before submitting a PR +## Rebase dari `utama` sebelum mengirimkan PR -If you are working on your own branch, run these commands before submitting a PR: +Jika Anda bekerja pada cabang Anda sendiri, jalankan perintah ini sebelum mengirimkan PR: ``` git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/meta/uploading-images.md b/i18n/id/meta/uploading-images.md index 49454204..1ff6df76 100644 --- a/i18n/id/meta/uploading-images.md +++ b/i18n/id/meta/uploading-images.md @@ -1,23 +1,23 @@ --- -title: Uploading Images +title: Mengunggah Gambar --- -Here are a couple of general rules for contributing to Privacy Guides: +Berikut ini adalah beberapa aturan umum untuk berkontribusi pada Privacy Guides: -## Images +## Gambar -- We **prefer** SVG images, but if those do not exist we can use PNG images +- Kami **lebih suka** gambar SVG, tetapi jika tidak ada, kami dapat menggunakan gambar PNG -Company logos have canvas size of: +Logo perusahaan memiliki ukuran kanvas: - 128x128px - 384x128px -## Optimization +## Optimasi ### PNG -Use the [OptiPNG](https://sourceforge.net/projects/optipng/) to optimize the PNG image: +Gunakan [OptiPNG](https://sourceforge.net/projects/optipng/) untuk mengoptimalkan gambar PNG: ```bash optipng -o7 file.png @@ -29,42 +29,42 @@ optipng -o7 file.png [Scour](https://github.com/scour-project/scour) all SVG images. -In Inkscape: +Dalam Inkscape: -1. File Save As.. +1. Simpan Berkas Sebagai.. 2. Set type to Optimized SVG (*.svg) -In the **Options** tab: +Pada tab **Opsi**: -- **Number of significant digits for coordinates** > **5** -- [x] Turn on **Shorten color values** -- [x] Turn on **Convert CSS attributes to XML attributes** -- [x] Turn on **Collapse groups** -- [x] Turn on **Create groups for similar attributes** -- [ ] Turn off **Keep editor data** -- [ ] Turn off **Keep unreferenced definitions** -- [x] Turn on **Work around renderer bugs** +- **Jumlah digit signifikan untuk koordinat** > **5** +- [x] Aktifkan **Persingkat nilai warna** +- [x] Aktifkan **Konversi atribut CSS ke atribut XML** +- [x] Aktifkan **Runtuhkan grup** +- [x] Aktifkan **Buat grup untuk atribut serupa** +- [ ] Matikan **Simpan data editor** +- [ ] Matikan **Simpan definisi yang tidak direferensikan** +- [x] Hidupkan **Bekerja di sekitar bug renderer** -In the **SVG Output** tab under **Document options**: +Pada tab **SVG Output** di bawah **Opsi dokumen**: -- [ ] Turn off **Remove the XML declaration** -- [x] Turn on **Remove metadata** -- [x] Turn on **Remove comments** -- [x] Turn on **Embeded raster images** -- [x] Turn on **Enable viewboxing** +- [ ] Matikan **Hapus deklarasi XML** +- [x] Aktifkan **Hapus metadata** +- [x] Aktifkan **Hapus komentar** +- [x] Aktifkan **Gambar raster yang disematkan** +- [x] Aktifkan **Aktifkan viewboxing** In the **SVG Output** under **Pretty-printing**: - [ ] Turn off **Format output with line-breaks and indentation** - **Indentation characters** > Select **Space** -- **Depth of indentation** > **1** +- **Kedalaman lekukan** > **1** - [ ] Turn off **Strip the "xml:space" attribute from the root SVG element** -In the **IDs** tab: +Pada tab **IDs**: -- [x] Turn on **Remove unused IDs** -- [ ] Turn off **Shorten IDs** -- **Prefix shortened IDs with** > `leave blank` +- [x] Aktifkan **Hapus ID yang tidak digunakan** +- [] Nonaktifkan **Persingkat ID** +- **Awalan ID singkat dengan** > `biarkan kosong` - [x] Turn on **Preserve manually created IDs not ending with digits** - **Preserve the following IDs** > `leave blank` - **Preserve IDs starting with** > `leave blank` @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/meta/writing-style.md b/i18n/id/meta/writing-style.md index 3476ab63..8a1234bb 100644 --- a/i18n/id/meta/writing-style.md +++ b/i18n/id/meta/writing-style.md @@ -1,89 +1,87 @@ --- -title: Writing Style +title: Gaya Penulisan --- -Privacy Guides is written in American English, and you should refer to [APA Style guidelines](https://apastyle.apa.org/style-grammar-guidelines/grammar) when in doubt. +Privacy Guides ditulis dalam bahasa Inggris Amerika, dan Anda harus merujuk ke [pedoman Gaya APA](https://apastyle.apa.org/style-grammar-guidelines/grammar) jika ragu. -In general the [United States federal plain language guidelines](https://www.plainlanguage.gov/guidelines/) provide a good overview of how to write clearly and concisely. We highlight a few important notes from these guidelines below. +Secara umum, [pedoman bahasa sederhana federal Amerika Serikat](https://www.plainlanguage.gov/guidelines/) memberikan gambaran umum yang baik tentang cara menulis dengan jelas dan ringkas. Kami menyoroti beberapa catatan penting dari panduan ini di bawah ini. -## Writing for our audience +## Menulis untuk audiens kami Privacy Guides' intended [audience](https://www.plainlanguage.gov/guidelines/audience/) is primarily average, technology using adults. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with. -### Address only what people want to know +### Sampaikan hanya apa yang ingin diketahui oleh orang lain -People don't need overly complex articles with little relevance to them. Figure out what you want people to accomplish when writing an article, and only include those details. +Orang tidak membutuhkan artikel yang terlalu rumit dengan sedikit relevansi bagi mereka. Cari tahu apa yang Anda ingin orang capai saat menulis artikel, dan hanya sertakan detail itu. -> Tell your audience why the material is important to them. Say, “If you want a research grant, here’s what you have to do.” Or, “If you want to mine federal coal, here’s what you should know.” Or, “If you’re planning a trip to Rwanda, read this first.” +> Beri tahu audiens Anda mengapa materi itu penting bagi mereka. Katakanlah, "Jika Anda menginginkan hibah penelitian, inilah yang harus Anda lakukan." Or, “If you want to mine federal coal, here’s what you should know.” Atau, "Jika Anda merencanakan perjalanan ke Rwanda, bacalah ini terlebih dahulu." ### Address people directly -We're writing *for* a wide variety of people, but we are writing *to* the person who is actually reading it. Use "you" to address the reader directly. +Kami menulis *untuk* berbagai macam orang, tetapi kami menulis *untuk* orang yang benar-benar membacanya. Use "you" to address the reader directly. > More than any other single technique, using “you” pulls users into the information and makes it relevant to them. > > When you use “you” to address users, they are more likely to understand what their responsibility is. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/) +Sumber: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/) -### Avoid "users" +### Hindari "pengguna" -Avoid calling people "users", in favor of "people", or a more specific description of the group of people you are writing for. +Hindari menyebut orang sebagai "pengguna", lebih baik gunakan "orang", atau deskripsi yang lebih spesifik tentang kelompok orang yang Anda tulis. -## Organizing content +## Mengatur konten -Organization is key. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas. +Organisasi adalah kuncinya. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas. -- Limit the document to around five or six sections. Long documents should probably be broken up into separate pages. -- Mark important ideas with **bold** or *italics*. +- Batasi dokumen menjadi sekitar lima atau enam bagian. Dokumen panjang mungkin harus dipecah menjadi halaman terpisah. +- Tandai ide-ide penting dengan **cetak tebal** atau *cetak miring*. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/) +Sumber: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/) -### Begin with a topic sentence +### Mulailah dengan kalimat topik -> If you tell your reader what they’re going to read about, they’re less likely to have to read your paragraph again. Headings help, but they’re not enough. Establish a context for your audience before you provide them with the details. +> Jika Anda memberi tahu pembaca apa yang akan mereka baca, kemungkinan besar mereka tidak perlu membaca paragraf Anda lagi. Judul memang membantu, tetapi tidak cukup. Tetapkan konteks untuk audiens Anda sebelum Anda memberi mereka detailnya. > -> We often write the way we think, putting our premises first and then our conclusion. It may be the natural way to develop thoughts, but we wind up with the topic sentence at the end of the paragraph. Move it up front and let users know where you’re going. Don’t make readers hold a lot of information in their heads before getting to the point. +> Kita sering menulis sesuai dengan cara kita berpikir, dengan mengutamakan premis-premis kita terlebih dahulu, baru kemudian kesimpulan. Ini mungkin cara alami untuk mengembangkan pikiran, tetapi kita berakhir dengan kalimat topik di akhir paragraf. Pindahkan ke depan dan beri tahu pengguna ke mana tujuan Anda. Jangan membuat pembaca menyimpan banyak informasi di kepala mereka sebelum sampai ke intinya. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/) +Sumber: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/) -## Choose your words carefully +## Pilih kata-kata Anda dengan hati-hati -> Words matter. They are the most basic building blocks of written and spoken communication. Don’t complicate things by using jargon, technical terms, or abbreviations that people won’t understand. +> Kata-kata itu penting. Mereka adalah blok bangunan paling dasar dari komunikasi tertulis dan lisan. Jangan mempersulit dengan menggunakan jargon, istilah teknis, atau singkatan yang tidak dimengerti orang. -We should try to avoid abbreviations where possible, but technology is full of abbreviations. In general, spell out the abbreviation/acronym the first time it is used on a page, and add the abbreviation to the abbreviation glossary file when it is used repeatedly. +Kita harus mencoba menghindari singkatan jika memungkinkan, tetapi teknologi penuh dengan singkatan. Secara umum, menguraikan singkatan/akronim pertama kali digunakan pada halaman, dan menambahkan singkatan ke file glosarium singkatan ketika digunakan berulang kali. -> Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences: +> Kathy McGinty memberikan petunjuk yang mudah dipahami untuk meningkatkan kalimat-kalimat Anda yang sederhana dan langsung: > -> > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. on weekends. +> > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. pada akhir pekan. > -> And the original, using stronger, simpler words: +> Dan yang asli, menggunakan kata-kata yang lebih kuat dan lebih sederhana: > -> > More night jobs would keep youths off the streets. +> > Lebih banyak pekerjaan malam akan menjauhkan anak muda dari jalanan. ## Be concise -> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective. +> Kata-kata yang tidak perlu akan membuang waktu audiens Anda. Tulisan yang bagus itu seperti sebuah percakapan. Omit information that the audience doesn’t need to know. Hal ini bisa menjadi sulit sebagai seorang ahli materi, jadi penting untuk memiliki seseorang yang melihat informasi dari sudut pandang audiens. -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) +Sumber: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) ## Keep text conversational -> Verbs are the fuel of writing. They give your sentences power and direction. They enliven your writing and make it more interesting. +> Kata kerja adalah bahan bakar untuk menulis. Mereka memberikan kekuatan dan arah pada kalimat Anda. Mereka menghidupkan tulisan Anda dan membuatnya lebih menarik. > -> Verbs tell your audience what to do. Make sure it’s clear who does what. +> Kata kerja memberi tahu audiens Anda apa yang harus dilakukan. Pastikan jelas siapa yang melakukan apa. -### Use active voice +### Gunakan suara aktif -> Active voice makes it clear who is supposed to do what. It eliminates ambiguity about responsibilities. Not “It must be done,” but “You must do it.” +> Suara aktif memperjelas siapa yang seharusnya melakukan apa. Hal ini menghilangkan ambiguitas tentang tanggung jawab. Bukan "Ini harus dilakukan," tetapi "Anda harus melakukannya." -Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversational/use-active-voice/) +Sumber: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversational/use-active-voice/) -### Use "must" for requirements +### Gunakan "harus" untuk persyaratan -> - “must” for an obligation -> - “must not” for a prohibition +> - "harus" untuk suatu kewajiban +> - "tidak boleh" untuk sebuah larangan > - “may” for a discretionary action -> - “should” for a recommendation - ---8<-- "includes/abbreviations.id.txt" +> - "harus" untuk sebuah rekomendasi diff --git a/i18n/id/mobile-browsers.md b/i18n/id/mobile-browsers.md index c536f1d8..d7adee8f 100644 --- a/i18n/id/mobile-browsers.md +++ b/i18n/id/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/multi-factor-authentication.md b/i18n/id/multi-factor-authentication.md index ad34f4ca..41030fe3 100644 --- a/i18n/id/multi-factor-authentication.md +++ b/i18n/id/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/news-aggregators.md b/i18n/id/news-aggregators.md index 88957455..2dad5ac0 100644 --- a/i18n/id/news-aggregators.md +++ b/i18n/id/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/notebooks.md b/i18n/id/notebooks.md index 74ec7946..0739f668 100644 --- a/i18n/id/notebooks.md +++ b/i18n/id/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/os/android-overview.md b/i18n/id/os/android-overview.md index c666269c..a78631a2 100644 --- a/i18n/id/os/android-overview.md +++ b/i18n/id/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/os/linux-overview.md b/i18n/id/os/linux-overview.md index 62e18ca5..8ec2c9e7 100644 --- a/i18n/id/os/linux-overview.md +++ b/i18n/id/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/os/qubes-overview.md b/i18n/id/os/qubes-overview.md index d392cac6..17b286b9 100644 --- a/i18n/id/os/qubes-overview.md +++ b/i18n/id/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/passwords.md b/i18n/id/passwords.md index 05167fd7..e81f1186 100644 --- a/i18n/id/passwords.md +++ b/i18n/id/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/productivity.md b/i18n/id/productivity.md index 6c8ecbe7..4490325d 100644 --- a/i18n/id/productivity.md +++ b/i18n/id/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/real-time-communication.md b/i18n/id/real-time-communication.md index a9395607..68f9d767 100644 --- a/i18n/id/real-time-communication.md +++ b/i18n/id/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/router.md b/i18n/id/router.md index 13c6d37b..a494c017 100644 --- a/i18n/id/router.md +++ b/i18n/id/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/search-engines.md b/i18n/id/search-engines.md index 3f875285..911525d7 100644 --- a/i18n/id/search-engines.md +++ b/i18n/id/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/tools.md b/i18n/id/tools.md index 21dc342e..ef945a94 100644 --- a/i18n/id/tools.md +++ b/i18n/id/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
@@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
@@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/tor.md b/i18n/id/tor.md index 55560121..ce93c961 100644 --- a/i18n/id/tor.md +++ b/i18n/id/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
-
- -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/video-streaming.md b/i18n/id/video-streaming.md index 05595a75..8f8ebd0b 100644 --- a/i18n/id/video-streaming.md +++ b/i18n/id/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.id.txt" diff --git a/i18n/id/vpn.md b/i18n/id/vpn.md index a3242d3e..b75d19c8 100644 --- a/i18n/id/vpn.md +++ b/i18n/id/vpn.md @@ -1,107 +1,47 @@ --- -title: "VPN Services" +title: "Layanan VPN" icon: material/vpn +description: Ini adalah layanan VPN terbaik untuk melindungi privasi dan keamanan daring Anda. Temukan penyedia di sini yang tidak memata-matai Anda. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +Jika Anda mencari **privasi tambahan** dari ISP Anda, pada jaringan Wi-Fi publik, atau saat melakukan torrent file, VPN bisa jadi solusi untuk Anda selama Anda memahami risiko yang ada. Menurut kami, penyedia layanan ini adalah yang terbaik di antara yang lain: -??? danger "VPNs do not provide anonymity" +
- Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. +- ![Logo IVPN](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Logo Mullvad](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Logo Proton VPN](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "VPN tidak menyediakan anonimitas" + + Menggunakan VPN **tidak** akan menjaga kebiasaan jelajah Anda tetap anonim, dan juga tidak akan menambah keamanan tambahan pada lalu lintas yang tidak aman (HTTP). - If you are looking for **anonymity**, you should use the Tor Browser **instead** of a VPN. + Jika Anda membutuhkan **anonimitas**, Anda sebaiknya menggunakan Tor Browser **daripada** menggunakan VPN. - If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices. + Jika Anda membutuhkan **keamanan** tambahan, Anda harus selalu memastikan bahwa Anda terhubung ke situs web menggunakan HTTPS. VPN bukanlah pengganti praktik keamanan yang baik. - [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } + [Unduh Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Mitos Tor & Soal Sering Ditanya](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" +[Ikhtisar VPN Terperinci :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +## Penyedia yang Direkomendasikan -## Recommended Providers - -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Penyedia yang kami rekomendasikan menggunakan enkripsi, menerima Monero, mendukung WireGuard & OpenVPN, dan memiliki kebijakan tanpa pencatatan. Baca [daftar lengkap kriteria kami](#criteria) untuk informasi lebih lanjut. ### IVPN !!! recommendation - ![IVPN logo](assets/img/vpn/ivpn.svg){ align=right } + ![Logo IVPN](assets/img/vpn/ivpn.svg){ align=right } - **IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar. + **IVPN** adalah penyedia VPN premium, dan mereka telah beroperasi sejak 2009. IVPN berbasis di Gibraltar. - [:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" } + [:octicons-home-16: Laman Beranda](https://www.ivpn.net/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Kebijakan Privasi" } + [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Dokumentasi} + [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Kode Sumber" } ??? downloads @@ -111,57 +51,58 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Negara - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN memiliki server [di 35 negara](https://www.ivpn.net/server-locations).(1) Memilih penyedia VPN dengan server terdekat dengan Anda akan mengurangi latensi lalu lintas jaringan yang Anda kirim. Ini karena rute yang lebih pendek (lebih sedikit loncatan) ke tempat tujuan. +{ .annotate } -1. Last checked: 2022-09-16 +1. Terakhir diperiksa: 2022-09-16 -??? success "Independently Audited" +Kami juga berpikir akan lebih baik untuk keamanan kunci pribadi penyedia VPN jika mereka menggunakan [server khusus](https://en.wikipedia.org/wiki/Dedicated_hosting_service), daripada solusi berbagi pakai yang lebih murah (dengan pelanggan lain) seperti [peladen pribadi virtual](https://id.wikipedia.org/wiki/Peladen_pribadi_virtual). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Diaudit Secara Independen -??? success "Open-Source Clients" +IVPN telah menjalani [audit tanpa pencatatan dari Cure53](https://cure53.de/audit-report_ivpn.pdf) yang menyimpulkan bahwa klaim tanpa pencatatan dari IVPN disetujui. IVPN juga telah menyelesaikan [laporan pentest komprehensif Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) pada Januari 2020. IVPN juga mengatakan bahwa mereka berencana untuk memiliki [laporan tahunan](https://www.ivpn.net/blog/independent-security-audit-concluded) di masa depan. Tinjauan lebih lanjut dilakukan [pada bulan April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) dan diproduksi oleh Cure53 [di situs web mereka](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Klien Sumber Terbuka -??? success "Accepts Cash and Monero" +Pada Februari 2020 [aplikasi IVPN sekarang menjadi sumber terbuka](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Kode sumber dapat diperoleh dari [organisasi GitHub](https://github.com/ivpn) mereka. - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Menerima Uang Tunai dan Monero -??? success "WireGuard Support" +Selain menerima kartu kredit/debit dan PayPal, IVPN menerima Bitcoin, **Monero** dan **uang tunai/mata uang lokal** (pada paket tahunan) sebagai bentuk pembayaran anonim. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } Dukungan WireGuard -??? success "Remote Port Forwarding" +IVPN mendukung protokol WireGuard®. [WireGuard](https://www.wireguard.com) adalah protokol yang lebih baru yang menggunakan kriptografi [yang canggih](https://www.wireguard.com/protocol/). Selain itu, WireGuard bertujuan untuk menjadi lebih sederhana dan lebih berkinerja. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [merekomendasikan](https://www.ivpn.net/wireguard/) penggunaan WireGuard dengan layanan mereka dan, dengan demikian, protokol ini merupakan standar pada semua aplikasi IVPN. IVPN juga menawarkan generator konfigurasi WireGuard untuk digunakan dengan [aplikasi resmi](https://www.wireguard.com/install/) WireGuard. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Penerusan Porta Jarak Jauh - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +[Penerusan porta jarak jauh](https://en.wikipedia.org/wiki/Port_forwarding) dimungkinkan dengan paket Pro. Port forwarding [dapat diaktifkan](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) melalui area klien. Penerusan porta jarak kauh hanya tersedia di IVPN ketika menggunakan protokol WireGuard atau OpenVPN dan [dinonaktifkan di server AS](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Klien Ponsel - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +Selain menyediakan berkas konfigurasi OpenVPN standar, IVPN memiliki klien ponsel untuk [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), dan [GitHub](https://github.com/ivpn/android-app/releases) yang memungkinkan koneksi yang mudah ke server mereka. + +#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan + +Klien IVPN mendukung autentikasi dua faktor (klien Mullvad tidak). IVPN juga menyediakan fungsionalitas "[AntiTracker](https://www.ivpn.net/antitracker)", yang memblokir jaringan iklan dan pelacak dari tingkat jaringan. ### Mullvad !!! recommendation - ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } + ![Logo Mullvad](assets/img/vpn/mullvad.svg){ align=right } - **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not have a free trial. + **Mullvad** adalah VPN yang cepat dan murah dengan fokus serius pada transparansi dan keamanan. Mereka telah beroperasi sejak **2009**. Mullvad berbasis di Swedia dan tidak memiliki uji coba gratis. - [:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary } - [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" } + [:octicons-home-16: Laman Beranda](https://mullvad.net){ .md-button .md-button--primary } + [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Layanan Onion" } + [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Kebijakan Privasi" } + [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Dokumentasi} + [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Kode Sumber" } ??? downloads @@ -172,152 +113,215 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Negara - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +Mullvad memiliki server [di 41 negara](https://mullvad.net/servers/).(1) Memilih penyedia VPN dengan server terdekat dengan Anda akan mengurangi latensi lalu lintas jaringan yang Anda kirim. Ini karena rute yang lebih pendek (lebih sedikit loncatan) ke tempat tujuan. +{ .annotate } + +1. Terakhir diperiksa: 2023-01-19 + +Kami juga berpikir akan lebih baik untuk keamanan kunci pribadi penyedia VPN jika mereka menggunakan [server khusus](https://en.wikipedia.org/wiki/Dedicated_hosting_service), daripada solusi berbagi pakai yang lebih murah (dengan pelanggan lain) seperti [peladen pribadi virtual](https://id.wikipedia.org/wiki/Peladen_pribadi_virtual). + +#### :material-check:{ .pg-green } Diaudit Secara Independen + +Klien VPN Mullvad telah diaudit oleh Cure53 dan Assured AB dalam laporan pentest [yang diterbitkan di cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). Para peneliti keamanan menyimpulkan: + +> Cure53 dan Assured AB senang dengan hasil audit dan perangkat lunak ini meninggalkan kesan positif secara keseluruhan. Dengan dedikasi keamanan dari tim internal di kompleks VPN Mullvad, para penguji tidak meragukan proyek ini berada di jalur yang benar dari sudut pandang keamanan. + +Pada tahun 2020, audit kedua [diumumkan](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) dan laporan audit akhir [](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) tersedia di situs web Cure53: + +> Hasil dari proyek Mei-Juni 2020 yang menargetkan kompleks Mullvad ini cukup positif. [...] Keseluruhan ekosistem aplikasi yang digunakan oleh Mullvad meninggalkan kesan yang baik dan terstruktur. Struktur keseluruhan aplikasi memudahkan untuk meluncurkan patch dan perbaikan secara terstruktur. Lebih dari segalanya, temuan yang ditemukan oleh Cure53 menunjukkan pentingnya untuk terus mengaudit dan menilai ulang vektor kebocoran saat ini, untuk selalu memastikan privasi pengguna akhir. Dengan demikian, Mullvad melakukan pekerjaan yang sangat baik dalam melindungi pengguna akhir dari kebocoran PII yang umum terjadi dan risiko terkait privasi. + +Pada tahun 2021, audit kedua [diumumkan](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) dan laporan audit akhir [](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) tersedia di situs web Cure53. Laporan lain ditugaskan [pada bulan Juni 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) dan tersedia di situs web [Assured](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Klien Sumber Terbuka + +Mullvad menyediakan kode sumber untuk klien desktop dan seluler mereka di [organisasi GitHub](https://github.com/mullvad/mullvadvpn-app) mereka. + +#### :material-check:{ .pg-green } Menerima Uang Tunai dan Monero + +Mullvad, selain menerima kartu kredit/debit dan PayPal, juga menerima Bitcoin, Bitcoin Cash, **Monero** dan **uang tunai/mata uang lokal** sebagai bentuk pembayaran anonim. Mereka juga menerima transfer Swish dan transfer bank. + +#### :material-check:{ .pg-green } Dukungan WireGuard + +Mullvad mendukung protokol WireGuard®. [WireGuard](https://www.wireguard.com) adalah protokol yang lebih baru yang menggunakan kriptografi [yang canggih](https://www.wireguard.com/protocol/). Selain itu, WireGuard bertujuan untuk menjadi lebih sederhana dan lebih berkinerja. + +Mullvad [merekomendasikan](https://mullvad.net/en/help/why-wireguard/) penggunaan WireGuard dengan layanan mereka. Ini adalah protokol default atau satu-satunya protokol pada aplikasi Mullvad di Android, iOS, macOS, dan Linux, tetapi pada Windows Anda harus [secara manual mengaktifkan](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad juga menawarkan generator konfigurasi WireGuard untuk digunakan dengan [aplikasi resmi](https://www.wireguard.com/install/) WireGuard. + +#### :material-check:{ .pg-green } Dukungan IPv6 + +Mullvad mendukung masa depan jaringan [IPv6](https://id.wikipedia.org/wiki/IPv6). Jaringan mereka memungkinkan Anda untuk [mengakses layanan yang dihosting pada IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) dibandingkan dengan penyedia lain yang memblokir koneksi IPv6. + +#### :material-check:{ .pg-green } Penerusan Porta Jarak Jauh + +[Penerusan porta jarak jauh](https://en.wikipedia.org/wiki/Port_forwarding) diperbolehkan untuk orang yang melakukan pembayaran satu kali, tetapi tidak diperbolehkan untuk akun dengan metode pembayaran berulang/berlangganan. Hal ini untuk mencegah Mullvad mengidentifikasi Anda berdasarkan penggunaan porta dan informasi langganan yang tersimpan. Lihat [Penerusan porta dengan Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) untuk informasi lebih lanjut. + +#### :material-check:{ .pg-green } Klien Ponsel + +Mullvad telah menerbitkan klien [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) dan [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), keduanya mendukung antarmuka yang mudah digunakan dan tidak mengharuskan Anda untuk mengkonfigurasi koneksi WireGuard secara manual. Klien Android juga tersedia di [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan + +Mullvad sangat transparan tentang node mana yang mereka [miliki atau sewa](https://mullvad.net/en/servers/). Mereka menggunakan [ShadowSocks](https://shadowsocks.org/) dalam konfigurasi ShadowSocks + OpenVPN mereka, membuat mereka lebih tahan terhadap tembok api dengan [Inspeksi Paket Dalam](https://en.wikipedia.org/wiki/Deep_packet_inspection) yang mencoba memblokir VPN. Seharusnya, [Cina harus menggunakan metode yang berbeda untuk memblokir server ShadowSocks](https://github.com/net4people/bbs/issues/22). Situs web Mullvad juga dapat diakses melalui Tor di [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Logo Proton VPN](assets/img/vpn/protonvpn.svg){ align=right } - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2023-01-19 - -??? success "Independently Audited" - - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + **Proton VPN** adalah pesaing kuat dalam bidang VPN, dan mereka telah beroperasi sejak 2016. Proton AG berbasis di Swiss dan menawarkan tingkat gratis terbatas, serta opsi premium yang lebih berfitur. - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + [:octicons-home-16: Laman Beranda](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Kebijakan Privasi" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Dokumentasi} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Kode Sumber" } - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + ??? downloads - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. - - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Negara - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN memiliki server [di 67 negara](https://protonvpn.com/vpn-servers).(1) Memilih penyedia VPN dengan server terdekat dengan Anda akan mengurangi latensi lalu lintas jaringan yang Anda kirim. Ini karena rute yang lebih pendek (lebih sedikit loncatan) ke tempat tujuan. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Terakhir diperiksa: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +Kami juga berpikir akan lebih baik untuk keamanan kunci pribadi penyedia VPN jika mereka menggunakan [server khusus](https://en.wikipedia.org/wiki/Dedicated_hosting_service), daripada solusi berbagi pakai yang lebih murah (dengan pelanggan lain) seperti [peladen pribadi virtual](https://id.wikipedia.org/wiki/Peladen_pribadi_virtual). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Diaudit Secara Independen - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +Pada Januari 2020, Proton VPN telah menjalani audit independen oleh SEC Consult. SEC Consult menemukan beberapa kerentanan berisiko sedang dan rendah di aplikasi Proton VPN di Windows, Android, dan iOS, yang semuanya telah "diperbaiki dengan benar" oleh Proton VPN sebelum laporan diterbitkan. Tidak satu pun dari masalah yang diidentifikasi akan memberikan penyerang akses jarak jauh ke perangkat atau lalu lintas Anda. Anda dapat melihat laporan individual untuk setiap platform di [protonvpn.com](https://protonvpn.com/blog/open-source/). Pada bulan April 2022, Proton VPN menjalani [audit lagi](https://protonvpn.com/blog/no-logs-audit/) dan laporannya [dibuat oleh Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). [Surat pengesahan ](https://proton.me/blog/security-audit-all-proton-apps) diberikan untuk aplikasi Proton VPN pada tanggal 9 November 2021 oleh [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Klien Sumber Terbuka - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN menyediakan kode sumber untuk klien desktop dan seluler mereka di [organisasi GitHub](https://github.com/ProtonVPN) mereka. -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Menerima Uang Tunai - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, selain menerima kartu kredit/debit, PayPal, dan [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), juga menerima **uang tunai/mata uang lokal** sebagai bentuk pembayaran anonim. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Dukungan WireGuard - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN sebagian besar mendukung protokol WireGuard®. [WireGuard](https://www.wireguard.com) adalah protokol yang lebih baru yang menggunakan kriptografi [yang canggih](https://www.wireguard.com/protocol/). Selain itu, WireGuard bertujuan untuk menjadi lebih sederhana dan lebih berkinerja. -??? info "Additional Functionality" +Proton VPN [merekomendasikan](https://protonvpn.com/blog/wireguard/) penggunaan WireGuard dengan layanan mereka. Pada aplikasi Proton VPN di Windows, macOS, iOS, Android, Android, ChromeOS, dan Android TV, WireGuard merupakan protokol bawaan; namun, [dukungan](https://protonvpn.com/support/how-to-change-vpn-protocols/) untuk protokol ini tidak ada pada aplikasi Linux mereka. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Penerusan Porta Jarak Jauh -## Criteria +Proton VPN saat ini hanya mendukung penerusan porta [jarak jauh](https://protonvpn.com/support/port-forwarding/) di Windows, yang mungkin berdampak pada beberapa aplikasi. Terutama aplikasi peer-to-peer seperti klien Torrent. + +#### :material-check:{ .pg-green } Klien Ponsel + +Selain menyediakan file konfigurasi OpenVPN standar, Proton VPN memiliki klien seluler untuk [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), dan [GitHub](https://github.com/ProtonVPN/android-app/releases) yang memungkinkan koneksi yang mudah ke server mereka. + +#### :material-information-outline:{ .pg-blue } Fungsionalitas Tambahan + +Klien Proton VPN mendukung autentikasi dua faktor di semua platform kecuali Linux saat ini. Proton VPN memiliki server dan pusat data mereka sendiri di Swiss, Islandia, dan Swedia. Mereka menawarkan pemblokiran iklan dan pemblokiran domain malware yang dikenal dengan layanan DNS mereka. Selain itu, Proton VPN juga menawarkan server "Tor" yang memungkinkan Anda untuk dengan mudah terhubung ke situs-situs onion, tetapi kami masih sangat menyarankan untuk menggunakan [Tor Browser resmi](https://www.torproject.org/) untuk tujuan ini. + +#### :material-alert-outline:{ .pg-orange } Fitur killswitch rusak pada Mac berbasis Intel + +Kerusakan sistem [dapat terjadi](https://protonvpn.com/support/macos-t2-chip-kill-switch/) pada Mac berbasis Intel saat menggunakan killswitch VPN. Jika Anda memerlukan fitur ini, dan Anda menggunakan Mac dengan chipset Intel, Anda sebaiknya mempertimbangkan untuk menggunakan layanan VPN lain. + +## Kriteria !!! danger - It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy. + Penting untuk dicatat bahwa menggunakan penyedia VPN tidak akan membuat Anda menjadi anonim, tetapi akan memberi Anda privasi yang lebih baik dalam situasi tertentu. VPN bukanlah alat untuk aktivitas ilegal. Jangan bergantung pada kebijakan "tanpa pencatatan". -**Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible. +**Harap diperhatikan bahwa kami tidak berafiliasi dengan penyedia yang kami rekomendasikan. Hal ini memungkinkan kami untuk memberikan rekomendasi yang sepenuhnya objektif.** Selain [kriteria standar kami](about/criteria.md), kami telah mengembangkan serangkaian persyaratan yang jelas untuk setiap penyedia VPN yang ingin direkomendasikan, termasuk enkripsi yang kuat, audit keamanan independen, teknologi modern, dan banyak lagi. Kami menyarankan Anda membiasakan diri dengan daftar ini sebelum memilih penyedia VPN, dan melakukan penelitian sendiri untuk memastikan penyedia VPN yang Anda pilih dapat dipercaya. -### Technology +### Teknologi -We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected. +Kami mewajibkan semua penyedia VPN yang kami rekomendasikan untuk menyediakan berkas konfigurasi OpenVPN untuk digunakan pada klien mana pun. **Jika** VPN menyediakan klien khusus mereka sendiri, kami memerlukan killswitch untuk memblokir kebocoran data jaringan saat terputus. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** -- Support for strong protocols such as WireGuard & OpenVPN. -- Killswitch built in to clients. -- Multihop support. Multihopping is important to keep data private in case of a single node compromise. -- If VPN clients are provided, they should be [open-source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing. +- Dukungan untuk protokol yang kuat seperti WireGuard & OpenVPN. +- Killswitch yang terpasang pada klien. +- Dukungan multihop. Multihopping penting untuk menjaga kerahasiaan data jika terjadi kompromi pada satu node. +- Jika klien VPN disediakan, klien tersebut seharusnya [perangkat lunak sumber terbuka](https://id.wikipedia.org/wiki/Perangkat_lunak_sumber_terbuka), seperti perangkat lunak VPN yang umumnya sudah terpasang di dalamnya. Kami percaya bahwa ketersediaan [kode sumber](https://id.wikipedia.org/wiki/Kode_sumber) memberikan transparansi yang lebih besar tentang apa yang sebenarnya dilakukan oleh perangkat Anda. -**Best Case:** +**Kasus Terbaik:** -- WireGuard and OpenVPN support. -- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.) -- Easy-to-use VPN clients -- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses. -- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble). +- Dukungan WireGuard dan OpenVPN. +- Killswitch dengan opsi yang sangat mudah dikonfigurasi (aktifkan/nonaktifkan pada jaringan tertentu, saat boot, dll.) +- Klien VPN yang mudah digunakan +- Mendukung [IPv6](https://id.wikipedia.org/wiki/IPv6). Kami berharap server akan mengizinkan koneksi masuk melalui IPv6 dan memungkinkan Anda untuk mengakses layanan yang dihosting pada alamat IPv6. +- Kemampuan [penerusan porta jarak jauh](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) membantu dalam membuat koneksi ketika menggunakan perangkat lunak berbagi file P2P ([Peer-to-Peer](https://id.wikipedia.org/wiki/Peer-to-peer)) atau hosting server (misalnya, Mumble). -### Privacy +### Privasi -We prefer our recommended providers to collect as little data as possible. Not collecting personal information on registration, and accepting anonymous forms of payment are required. +Kami lebih memilih penyedia yang kami rekomendasikan untuk mengumpulkan data sesedikit mungkin. Tidak mengumpulkan informasi pribadi pada saat pendaftaran, dan tidak menerima bentuk pembayaran anonim. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** -- Monero or cash payment option. -- No personal information required to register: Only username, password, and email at most. +- [Mata uang kripto anonim](cryptocurrency.md) **atau** opsi pembayaran tunai. +- Tidak ada informasi pribadi yang diperlukan untuk mendaftar: Hanya nama pengguna, kata sandi, dan surel. -**Best Case:** +**Kasus Terbaik:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Menerima beberapa opsi [pembayaran anonim](advanced/payments.md). +- Tidak ada informasi pribadi yang diterima (nama pengguna yang dibuat secara otomatis, tidak perlu surel, dll.). -### Security +### Keamanan -A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis. +VPN tidak ada gunanya jika tidak bisa menyediakan keamanan yang memadai. Kami mewajibkan semua penyedia yang kami rekomendasikan untuk mematuhi standar keamanan saat ini untuk koneksi OpenVPN mereka. Secara ideal, mereka akan menggunakan skema enkripsi yang lebih tahan terhadap masa depan secara bawaan. Kami juga mewajibkan pihak ketiga yang independen untuk mengaudit keamanan penyedia layanan, secara ideal dengan cara yang sangat komprehensif dan secara berulang (tahunan). -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** -- Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption. -- Perfect Forward Secrecy (PFS). -- Published security audits from a reputable third-party firm. +- Skema enkripsi yang kuat: OpenVPN dengan autentikasi SHA-256; RSA-2048 atau jabat tangan yang lebih baik; enkripsi data AES-256-GCM atau AES-256-CBC. +- Kerahasiaan Maju Sempurna (PFS). +- Audit keamanan yang dipublikasikan dari perusahaan pihak ketiga yang memiliki reputasi baik. -**Best Case:** +**Kasus Terbaik:** -- Strongest Encryption: RSA-4096. -- Perfect Forward Secrecy (PFS). -- Comprehensive published security audits from a reputable third-party firm. -- Bug-bounty programs and/or a coordinated vulnerability-disclosure process. +- Enkripsi terkuat: RSA-4096. +- Kerahasiaan Maju Sempurna (PFS). +- Audit keamanan yang dipublikasikan secara komprehensif dari perusahaan pihak ketiga yang memiliki reputasi baik. +- Program bug-bounty dan/atau proses pengungkapan kerentanan yang terkoordinasi. -### Trust +### Kepercayaan -You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. +Anda tidak akan mempercayakan keuangan Anda pada seseorang dengan identitas palsu, jadi mengapa mempercayakan data internet Anda pada mereka? Kami mewajibkan penyedia layanan yang kami rekomendasikan untuk terbuka mengenai kepemilikan atau kepemimpinan mereka. Kami juga ingin melihat laporan transparansi yang lebih sering, terutama dalam hal bagaimana permintaan pemerintah ditangani. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** -- Public-facing leadership or ownership. +- Kepemimpinan atau kepemilikan yang berhadapan dengan publik. -**Best Case:** +**Kasus Terbaik:** -- Public-facing leadership. -- Frequent transparency reports. +- Kepemimpinan yang berhadapan dengan publik. +- Laporan transparansi yang sering. -### Marketing +### Pemasaran -With the VPN providers we recommend we like to see responsible marketing. +Dengan penyedia VPN yang kami rekomendasikan, kami ingin melihat pemasaran yang bertanggung jawab. -**Minimum to Qualify:** +**Minimum untuk Memenuhi Syarat:** -- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out. +- Harus menyediakan analitik sendiri (yaitu, tanpa Google Analytics). Situs penyedia juga harus mematuhi [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) untuk orang-orang yang ingin menolak pelacakan. -Must not have any marketing which is irresponsible: +Tidak boleh melakukan pemasaran yang tidak bertanggung jawab: -- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: - - Reusing personal information (e.g., email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc.) - - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) -- Claim that a single circuit VPN is "more anonymous" than Tor, which is a circuit of three or more hops that regularly changes. -- Use responsible language: i.e., it is okay to say that a VPN is "disconnected" or "not connected", however claiming that someone is "exposed", "vulnerable" or "compromised" is needless use of alarming language that may be incorrect. For example, that person might simply be on another VPN provider's service or using Tor. +- Menjamin perlindungan anonimitas 100%. Ketika seseorang membuat klaim bahwa sesuatu itu 100%, itu berarti tidak ada kepastian untuk gagal. Kami tahu bahwa orang dapat dengan mudah menyamarkan nama mereka dengan beberapa cara, misalnya: + - Menggunakan kembali informasi pribadi (misalnya, akun surel, nama samaran unik, dll.) yang mereka akses tanpa perangkat lunak anonimitas (Tor, VPN, dll.) + - [Sidik jari peramban](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) +- Klaim bahwa VPN sirkuit tunggal "lebih anonim" daripada Tor, yang merupakan sirkuit tiga atau lebih loncatan yang secara teratur berubah. +- Gunakan bahasa yang bertanggung jawab: misalnya, tidak masalah untuk mengatakan bahwa VPN "terputus" atau "tidak tersambung", namun mengklaim bahwa seseorang "terpapar", "rentan", atau "terkompromi" merupakan penggunaan bahasa yang tidak perlu dan tidak benar. Sebagai contoh, orang tersebut mungkin saja menggunakan layanan penyedia VPN lain atau menggunakan Tor. -**Best Case:** +**Kasus Terbaik:** -Responsible marketing that is both educational and useful to the consumer could include: +Pemasaran yang bertanggung jawab yang mendidik dan bermanfaat bagi konsumen dapat mencakup: -- An accurate comparison to when [Tor](tor.md) should be used instead. -- Availability of the VPN provider's website over a [.onion service](https://en.wikipedia.org/wiki/.onion) +- Perbandingan yang akurat dengan kapan [Tor](tor.md) harus digunakan sebagai gantinya. +- Ketersediaan situs web penyedia VPN melalui [layanan .onion](https://id.wikipedia.org/wiki/.onion) -### Additional Functionality +### Fungsionalitas Tambahan -While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.id.txt" +Meskipun tidak sepenuhnya merupakan persyaratan, ada beberapa faktor yang kami pertimbangkan ketika menentukan penyedia mana yang akan direkomendasikan. Ini termasuk fungsionalitas pemblokiran iklan/pelacak, kenari surat perintah, koneksi multihop, dukungan pelanggan yang luar biasa, jumlah koneksi simultan yang diizinkan, dll. diff --git a/i18n/it/404.md b/i18n/it/404.md index 66abcf4d..b9dd5332 100644 --- a/i18n/it/404.md +++ b/i18n/it/404.md @@ -1,11 +1,15 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Non Trovato -Non siamo riusciti a trovare la pagina che stavi cercando! Forse stavi cercando una di queste pagine? +We couldn't find the page you were looking for! Maybe you were looking for one of these? - [Introduzione alla modellazione delle minacce](basics/threat-modeling.md) - [Provider DNS consigliati](dns.md) @@ -13,5 +17,3 @@ Non siamo riusciti a trovare la pagina che stavi cercando! Forse stavi cercando - [Migliori provider VPN](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Il nostro blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/criteria.md b/i18n/it/about/criteria.md index c3729859..3084230b 100644 --- a/i18n/it/about/criteria.md +++ b/i18n/it/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/donate.md b/i18n/it/about/donate.md index 4236a4f9..713cea45 100644 --- a/i18n/it/about/donate.md +++ b/i18n/it/about/donate.md @@ -48,5 +48,3 @@ Hostiamo dei [servizi internet](https://privacyguides.net) per testare e mostrar Occasionalmente acquistiamo beni e servizi con lo scopo di testare i nostri [strumenti consigliati](../tools.md). Stiamo ancora lavorando con il nostro host fiscale (la Open Collective Foundation) per ricevere donazioni via criptovalute; al momento la contabilità non è fattibile per piccole transazioni, cosa che dovrebbe cambiare in futuro. Nel mentre, se desideri effettuare una donazione consistente in criptovalure (> $100), ti preghiamo di contattarci a [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/index.md b/i18n/it/about/index.md index 41329117..d25b9f1a 100644 --- a/i18n/it/about/index.md +++ b/i18n/it/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. **Non è possibile** utilizzare il marchio Privacy Guides nel proprio progetto senza l'esplicita approvazione da questo progetto. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/notices.md b/i18n/it/about/notices.md index 5ad3178b..b9199fe4 100644 --- a/i18n/it/about/notices.md +++ b/i18n/it/about/notices.md @@ -41,5 +41,3 @@ L'utente non deve condurre alcuna attività di raccolta dati sistematica o autom * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/privacy-policy.md b/i18n/it/about/privacy-policy.md index 154f7e19..3e342454 100644 --- a/i18n/it/about/privacy-policy.md +++ b/i18n/it/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). Potremo cambiare il modo in cui annunciamo modifiche in future versioni di questo documento. Nel mentre, possiamo aggiornare le nostre informazioni di contatto in qualsiasi momento senza annunciarlo. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/privacytools.md b/i18n/it/about/privacytools.md index 1ef8bb0b..ff330e0f 100644 --- a/i18n/it/about/privacytools.md +++ b/i18n/it/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/services.md b/i18n/it/about/services.md index ae974e5d..71f2c95b 100644 --- a/i18n/it/about/services.md +++ b/i18n/it/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/about/statistics.md b/i18n/it/about/statistics.md index 47b483b9..8f17240c 100644 --- a/i18n/it/about/statistics.md +++ b/i18n/it/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/advanced/communication-network-types.md b/i18n/it/advanced/communication-network-types.md index 4fcd5dfe..e947c4e1 100644 --- a/i18n/it/advanced/communication-network-types.md +++ b/i18n/it/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Tipi di reti di comunicazione" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- Esistono diverse architetture di rete comunemente usate per trasmettere messaggi tra le persone. Queste reti possono fornire garanzie di privacy diverse, motivo per cui vale la pena considerare il [modello di minaccia](../basics/threat-modeling.md) quando si decide quale app utilizzare. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/advanced/dns-overview.md b/i18n/it/advanced/dns-overview.md index 459a048e..232ed7dc 100644 --- a/i18n/it/advanced/dns-overview.md +++ b/i18n/it/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "Panoramica DNS" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- Il [Domain Name System](https://it.wikipedia.org/wiki/Domain_Name_System) è 'l'elenco telefonico di Internet'. Il DNS traduce i nomi di dominio in indirizzi IP, in modo che i browser e altri servizi possano caricare le risorse internet mediante un network decentralizzato di server. @@ -303,5 +304,3 @@ La [sottorete client EDNS](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) è Ha lo scopo di "velocizzare" la consegna dei dati fornendo al client una risposta che appartiene a un server vicino, come ad esempio una rete di distribuzione di contenuti [](https://it.wikipedia.org/wiki/Content_Delivery_Network), spesso utilizzata per lo streaming video e per servire applicazioni web in JavaScript. Questa funzione ha un costo in termini di privacy, in quanto comunica al server DNS alcune informazioni sulla posizione del client. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/advanced/payments.md b/i18n/it/advanced/payments.md new file mode 100644 index 00000000..e5492f4f --- /dev/null +++ b/i18n/it/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger "Pericolo" + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/it/advanced/tor-overview.md b/i18n/it/advanced/tor-overview.md index 3fe43565..d4b288cc 100644 --- a/i18n/it/advanced/tor-overview.md +++ b/i18n/it/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Panoramica Tor" icon: 'simple/torproject' +description: Tor è una rete decentralizzata e gratuita progettata per utilizzare Internet con la massima privacy possibile. --- Tor è una rete decentralizzata e gratuita progettata per utilizzare Internet con la massima privacy possibile. Se utilizzata correttamente, la rete consente di navigare e comunicare in modo privato e anonimo. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.it.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/it/android.md b/i18n/it/android.md index 96d3b9c8..50afa700 100644 --- a/i18n/it/android.md +++ b/i18n/it/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'fontawesome/brands/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Logo di Android](assets/img/android/android.svg){ align=right } @@ -13,12 +14,13 @@ icon: 'fontawesome/brands/android' Questi sono i sistemi operativi, i dispositivi e le applicazioni Android che consigliamo per massimizzare la sicurezza e la privacy del proprio dispositivo mobile. Maggiori informazioni su Android: -- [Panoramica generale di Android :material-arrow-right-drop-circle:](os/android-overview.md) -- [Perché consigliamo GrapheneOS rispetto a CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## Derivati di AOSP -Consigliamo di installare sul dispositivo uno dei seguenti sistemi operativi basati su Android, elencati in ordine di preferenza, a seconda della compatibilità del proprio dispositivo con questi sistemi operativi. +We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems. !!! note @@ -41,9 +43,9 @@ Consigliamo di installare sul dispositivo uno dei seguenti sistemi operativi bas [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Codice sorgente" } [:octicons-heart-16:](https://grapheneos.org/donate/){ .card-link title=Contribuisci } -GrapheneOS supporta [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), che esegue [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) totalmente confinato in una sandbox come qualsiasi altra app normale. Ciò significa che è possibile sfruttare la maggior parte dei servizi di Google Play, come le [notifiche push](https://firebase.google.com/docs/cloud-messaging/), pur avendo il pieno controllo delle autorizzazioni e dell'accesso, mentre sono contenuti in un [profilo di lavoro](os/android-overview.md#work-profile) specifico o in un [profilo utente](os/android-overview.md#user-profiles) di propria scelta. +GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. -I telefoni Google Pixel sono gli unici dispositivi che attualmente soddisfano i [requisiti di sicurezza hardware](https://grapheneos.org/faq#device-support) di GrapheneOS. +Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). ### DivestOS @@ -61,11 +63,11 @@ I telefoni Google Pixel sono gli unici dispositivi che attualmente soddisfano i [:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Codice sorgente" } [:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Contribuisci } -DivestOS offre [patch](https://gitlab.com/divested-mobile/cve_checker) automatizzate per vulnerabilità del kernel ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)), meno blob proprietari e un file [hosts](https://divested.dev/index.php?page=dnsbl) modificato. Il suo WebView rafforzato, [Mulch](https://gitlab.com/divested-mobile/mulch), attiva [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) per tutte le architetture e [il partizionamento dello stato di rete](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), e riceve aggiornamenti fuori programma. DivestOS include anche le patch del kernel di GrapheneOS e abilita tutte le funzionalità di sicurezza del kernel disponibili tramite [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). Tutti i kernel più recenti della versione 3.4 includono una completa [sanificazione](https://lwn.net/Articles/334747/) delle pagine e tutti i ~22 kernel compilati con Clang hanno [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) abilitato. +DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. -DivestOS implementa alcune patch di hardening del sistema originariamente sviluppate per GrapheneOS. DivestOS 16.0 e versioni successive imposrta da GrapheneOSl'attivazione delle autorizzazioni [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) e SENSORS, [l'allocatore di memoria rafforzato](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](android/grapheneos-vs-calyxos.md#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), e patch parziali di rafforzamento di [bionic](https://en.wikipedia.org/wiki/Bionic_(software)). Le versioni 17.1 e successive importano da GrapheneOS l'opzione di [randomizzazione MAC](https://en.wikipedia.org/wiki/MAC_address#Randomization) completa per-rete, il controllo [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) e [opzioni di timeout](https://grapheneos.org/features) per riavvio automatico/Wi-Fi/Bluetooth. +DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). -DivestOS utilizza F-Droid come distributore di applicazioni predefinito. Normalmente, consigliamo di evitare F-Droid a causa dei suoi numerosi [problemi di sicurezza](#f-droid). Tuttavia, farlo su DivestOS non è fattibile; gli sviluppatori aggiornano le loro applicazioni tramite i propri repository F-Droid ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) e [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). Si consiglia di disabilitare l'applicazione ufficiale di F-Droid e di utilizzare [Neo Store](https://github.com/NeoApplications/Neo-Store/) con i repository DivestOS abilitati per mantenere aggiornati questi componenti. Segui gli altri metodi raccomandati per installare altre applicazioni. +DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. !!! warning "Avviso" @@ -75,21 +77,21 @@ DivestOS utilizza F-Droid come distributore di applicazioni predefinito. Normalm ## Dispositivi Android -Quando acquisti un dispositivo, si consiglia di prenderne uno il più recente possibile. Il software e il firmware dei dispositivi mobili sono supportati solo per un periodo di tempo limitato, quindi l'acquisto di un prodotto recente ne prolunga il più possibile la durata. +When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. -Evita di acquistare telefoni dagli operatori di rete mobile. Spesso hanno il **bootloader bloccato** e non supportano [lo sblocco OEM](https://source.android.com/devices/bootloader/locking_unlocking). Queste varianti impediscono d'installare qualsiasi tipo di distribuzione Android alternativa sul dispositivo. +Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution. -Fai molta **attenzione** all'acquisto di telefoni di seconda mano dai mercati online. Controlla sempre la reputazione del venditore. Se il dispositivo è rubato, c'è la possibilità che [l'IMEI venga bloccato](https://www.gsma.com/security/resources/imei-blacklisting/). Il rischio è anche quello di essere associati all'attività del precedente proprietario. +Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner. -Altri suggerimenti sui dispositivi Android e sulla compatibilità del sistema operativo: +A few more tips regarding Android devices and operating system compatibility: -- Non acquistare dispositivi che hanno raggiunto o sono prossimi alla fine del loro ciclo di vita, ulteriori aggiornamenti del firmware devono essere forniti dal produttore. -- Non acquistare telefoni con preinstallato LineageOS o /e/ OS o qualsiasi telefono Android senza il supporto a [Verified Boot](https://source.android.com/security/verifiedboot) e agli aggiornamenti firmware. Inoltre, questi dispositivi non ti consentono di verificare se sono stati manomessi. -- In breve, se un dispositivo o una distribuzione Android non sono elencati qui, probabilmente c'è una buona ragione. Visita il nostro [forum](https://discuss.privacyguides.org/) per ulteriori dettagli! +- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer. +- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with. +- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net/) to find details! ### Google Pixel -I telefoni Google Pixel sono gli **unici** dispositivi che consigliamo di acquistare. I telefoni Pixel hanno una sicurezza hardware migliore di qualsiasi altro dispositivo Android attualmente sul mercato, grazie ad un supporto AVB adeguato per i sistemi operativi di terze parti e ai chip di sicurezza [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) personalizzati di Google che fungono da Secure Element. +Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element. !!! recommendation @@ -101,22 +103,22 @@ I telefoni Google Pixel sono gli **unici** dispositivi che consigliamo di acquis [:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary } -I Secure Elements come il Titan M2 sono più limitati rispetto al Trusted Execution Environment del processore utilizzato dalla maggior parte degli altri telefoni, in quanto vengono utilizzati solo per la memorizzazione dei segreti, l'attestazione hardware e la limitazione della velocità, non per l'esecuzione di programmi "affidabili". I telefoni privi di un Secure Element devono utilizzare il TEE per *tutte* quelle funzioni, con una conseguente superficie di attacco più ampia. +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface. -I telefoni Google Pixel utilizzano un sistema operativo TEE chiamato Trusty che è [open-source](https://source.android.com/security/trusty#whyTrusty), a differenza di molti altri telefoni. +Google Pixel phones use a TEE OS called Trusty which is [open-source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -L'installazione di GrapheneOS su un telefono Pixel è facile grazie al [web installer](https://grapheneos.org/install/web). Se non ti senti a tuo agio a farlo da solo e sei disposto a spendere un po' di soldi in più, controlla il [NitroPhone](https://shop.nitrokey.com/shop) su cui viene preinstallato GrapheneOS dalla rispettabile società [Nitrokey](https://www.nitrokey.com/about). +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://www.nitrokey.com/about) company. -Altri suggerimenti per l'acquisto di un Google Pixel: +A few more tips for purchasing a Google Pixel: -- Se vuoi fare un affare con un dispositivo Pixel, ti consigliamo di acquistare un modello "**a**", subito dopo l'uscita del modello seguente. Gli sconti sono solitamente disponibili perché Google cercherà di smaltire le scorte. -- Considera gli sconti e le offerte speciali offerte nei negozi fisici. -- Consulta i siti di contrattazione di commercio online del proprio Paese. Questi possono segnalarti le vendite più convenienti. -- Google pubblica un elenco che mostra il [ciclo di supporto](https://support.google.com/nexus/answer/4457705) per ciascuno dei suoi dispositivi. Il prezzo giornaliero di un dispositivo può essere calcolato come: $\text{Prezzo} \over \text {Data EOL }-\text{ Data attuale}$, il che significa che più lungo è l'uso del dispositivo, minore è il costo giornaliero. +- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock. +- Consider price beating options and specials offered at physical stores. +- Look at online community bargain sites in your country. These can alert you to good sales. +- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day. ## App Generali -In questo sito raccomandiamo un'ampia gamma di applicazioni per Android. Le applicazioni qui elencate sono esclusive di Android e migliorano o sostituiscono in modo specifico le principali funzionalità del sistema. +We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality. ### Shelter @@ -163,17 +165,17 @@ In questo sito raccomandiamo un'ampia gamma di applicazioni per Android. Le appl - [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases) - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases) -Auditor esegue l'attestazione e il rilevamento delle intrusioni: +Auditor performs attestation and intrusion detection by: -- Utilizzando un [modello Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) tra un *revisore* e un *oggetto verificato*, la coppia stabilisce una chiave privata nel [keystore dell'hardware](https://source.android.com/security/keystore/) del *revisore*. -- Il *revisore* può essere un'altra istanza dell'applicazione Auditor o il [Remote Attestation Service](https://attestation.app). -- Il *revisore* registra lo stato attuale e la configurazione dell'*oggetto verificato*. -- In caso di manomissione del sistema operativo dell'*oggetto verificato* dopo il completamento dell'accoppiamento, il revisore sarà a conoscenza della modifica dello stato e delle configurazioni del dispositivo. -- Verrai avvisato della modifica. +- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/) of the *Auditor*. +- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app). +- The *auditor* records the current state and configuration of the *auditee*. +- Should tampering with the operating system of the *auditee* happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations. +- You will be alerted to the change. -Al servizio di attestazione non vengono inviate informazioni d'identificazione personale. Ti consigliamo di registrarti con un account anonimo e di attivare l'attestazione remota per un monitoraggio continuo. +No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring. -Se il proprio [modello di minaccia](basics/threat-modeling.md) richiede privacy, potresti considerare l'utilizzo di [Orbot](tor.md#orbot) o di una VPN per nascondere il proprio indirizzo IP al servizio di attestazione. Per assicurarsi che l'hardware e il sistema operativo siano autentici, [esegui l'attestazione locale](https://grapheneos.org/install/web#verifying-installation) subito dopo l'installazione del dispositivo e prima di qualsiasi connessione a Internet. +If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service. To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection. ### Secure Camera @@ -195,11 +197,11 @@ Se il proprio [modello di minaccia](basics/threat-modeling.md) richiede privacy, - [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases) - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases) -Le principali funzionalità di privacy incluse: +Main privacy features include: -- Rimozione automatica dei metadati [Exif](https://it.wikipedia.org/wiki/Exchangeable_image_file_format) (attivata in modo predefinito) -- Utilizzo della nuova API [Media](https://developer.android.com/training/data-storage/shared/media), pertanto non è richiesta [l'autorizzazione per tutti i file](https://developer.android.com/training/data-storage) -- L'autorizzazione al microfono non è necessaria, a meno che non si voglia registrare l'audio +- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default) +- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required +- Microphone permission not required unless you want to record sound !!! note @@ -232,11 +234,11 @@ Le principali funzionalità di privacy incluse: ### Apps di GrapheneOS -L'app store di GrapheneOS è disponibile su [GitHub](https://github.com/GrapheneOS/Apps/releases). Supporta Android 12 e versioni successive ed è in grado di aggiornarsi da solo. L'app store contiene applicazioni standalone realizzate dal progetto GrapheneOS, come [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera) e [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). Se stai cercando queste applicazioni, ti consigliamo vivamente di scaricarle dal distributore di app di GrapheneOS invece che dal Play Store, in quanto le app presenti nel loro distributore sono firmate dal progetto GrapheneOS con una firma propria a cui Google non ha accesso. +GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to. ### Aurora Store -Google Play Store richiede un account Google per l'accesso, il che non è un bene per la privacy. È possibile ovviare a questo problema utilizzando un client alternativo, come Aurora Store. +The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store. !!! recommendation @@ -251,29 +253,29 @@ Google Play Store richiede un account Google per l'accesso, il che non è un ben - [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases) -Aurora Store non consente di scaricare applicazioni a pagamento con la funzione di account anonimo. Puoi facoltativamente accedere con il tuo account Google in Aurora Store per scaricare le app che hai acquistato, il che dà accesso a Google all'elenco delle app che hai installato, ma puoi comunque trarre vantaggio dal fatto di non richiedere il client Google Play completo e i servizi Google Play o microG sul tuo dispositivo. +Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device. ### Manualmente con le notifiche RSS -Per le app pubblicate su piattaforme come GitHub e GitLab, potresti aggiungere un feed RSS al tuo [aggregatore di notizie](/news-aggregators) che ti aiuterà a tenere traccia delle nuove versioni. +For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you keep track of new releases. -![APK da RSS](./assets/img/android/rss-apk-light.png#only-light) ![APK da RSS](./assets/img/android/rss-apk-dark.png#only-dark) ![Modifiche APK](./assets/img/android/rss-changes-light.png#only-light) ![Modifiche APK](./assets/img/android/rss-changes-dark.png#only-dark) +![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark) #### GitHub -Su GitHub, usando [Secure Camera](#secure-camera) come esempio, si dovrebbe navigare alla sua [pagina releases](https://github.com/GrapheneOS/Camera/releases) e aggiungere `.atom` all'URL: +On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL: `https://github.com/GrapheneOS/Camera/releases.atom` #### GitLab -Su GitLab, usando [Aurora Store](#aurora-store) come esempio, si dovrebbe navigare al [repository del progetto](https://gitlab.com/AuroraOSS/AuroraStore) e aggiunge `/-/tags?format=atom` all'URL: +On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL: `https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom` #### Verifica delle impronte digitali degli APK -Se scarichi i file APK da installare manualmente, è possibile verificarne la firma con lo strumento [`apksigner`](https://developer.android.com/studio/command-line/apksigner), che fa parte dei [build-tools](https://developer.android.com/studio/releases/build-tools) di Android. +If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools). 1. Installa [Java JDK](https://www.oracle.com/java/technologies/downloads/). @@ -304,21 +306,21 @@ Se scarichi i file APK da installare manualmente, è possibile verificarne la fi ### F-Droid -![Logo di F-Droid](assets/img/android/f-droid.svg){ align=right width=120px } +![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px } -==**Non** raccomandiamo attualmente F-Droid come metodo per ottenere applicazioni.== F-Droid è spesso raccomandato come alternativa a Google Play, in particolare nelle comunità della privacy. La possibilità di aggiungere repository di terze parti e di non essere confinati nel giardino recintato di Google ne ha determinato la popolarità. F-Droid ha inoltre [build riproducibili](https://f-droid.org/it/docs/Reproducible_Builds/) per alcune applicazioni ed è dedicato al software libero e open-source. Tuttavia, ci sono [problemi notevoli](https://wonderfall.dev/fdroid-issues/) con il client ufficiale F-Droid, il loro controllo di qualità e il modo in cui costruiscono, firmano e consegnano i pacchetti. +==We do **not** currently recommend F-Droid as a way to obtain apps.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications and is dedicated to free and open-source software. However, there are [notable problems](https://privsec.dev/posts/android/f-droid-security-issues/) with the official F-Droid client, their quality control, and how they build, sign, and deliver packages. -A causa del processo di costruzione delle app, le applicazioni presenti nel repository ufficiale di F-Droid sono spesso in ritardo con gli aggiornamenti. Inoltre i manutentori di F-Droid riutilizzano gli ID dei pacchetti mentre firmano le applicazioni con le proprie chiavi, il che non è l'ideale perché conferisce al team di F-Droid la massima fiducia. +Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. -Altri popolari repository di terze parti, come [IzzyOnDroid](https://apt.izzysoft.de/fdroid/), alleviano alcuni di questi problemi. Il repository IzzyOnDroid estrae le build direttamente da GitHub ed è la seconda scelta migliore dopo i repository degli sviluppatori. However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. Sebbene ciò abbia senso (dato che l'obiettivo di questo particolare repository è ospitare le applicazioni prima che vengano accettate nel repository principale di F-Droid), ti può lasciare con le applicazioni installate senza ricevere più aggiornamenti. +Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates. -That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. È importante tenere presente che alcune applicazioni presenti in questi repository non sono state aggiornate da anni e possono fare affidamento su librerie non supportate, costituendo un potenziale rischio per la sicurezza. Quando cerchi nuove applicazioni con questo metodo, è bene usare il proprio giudizio. +That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method. !!! note - In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org/) is one example of this). If you really need an app like that, we recommend using [Neo Store](https://github.com/NeoApplications/Neo-Store/) instead of the official F-Droid app to obtain it. + In alcuni rari casi, lo sviluppatore di un'app la distribuisce solo attraverso F-Droid ([Gadgetbridge](https://gadgetbridge.org/) ne è un esempio). Se hai davvero bisogno di un'app del genere, ti consigliamo di usare [Neo Store](https://github.com/NeoApplications/Neo-Store/) al posto dell'app ufficiale di F-Droid per ottenerla. -## CryptPad +## Criteri **Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. recommendation @@ -338,25 +340,23 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt ### Sistemi operativi - Deve essere un software open-source. -- Deve supportare il blocco del bootloader con il supporto della chiave AVB personalizzata. -- Deve ricevere i principali aggiornamenti Android entro 0-1 mesi dal rilascio. -- Deve ricevere gli aggiornamenti delle funzionalità Android (versione minore) entro 0-14 giorni dal rilascio. -- Deve ricevere regolarmente le patch di sicurezza entro 0-5 giorni dal rilascio. -- **Non** deve essere preconfigurato con il "root". -- **Non** deve abilitare i Google Play Services per impostazione predefinita. -- **Non** deve richiedere la modifica del sistema per supportare i Google Play Services. +- Must support bootloader locking with custom AVB key support. +- Must receive major Android updates within 0-1 months of release. +- Must receive Android feature updates (minor version) within 0-14 days of release. +- Must receive regular security patches within 0-5 days of release. +- Must **not** be "rooted" out of the box. +- Must **not** enable Google Play Services by default. +- Must **not** require system modification to support Google Play Services. ### Dispositivi -- Deve supportare almeno uno dei sistemi operativi personalizzati consigliati. -- Deve essere venduto nuovo nei negozi. -- Deve ricevere un minimo di 5 anni di aggiornamenti di sicurezza. -- Deve disporre di un hardware dedicato agli elementi sicuri. +- Must support at least one of our recommended custom operating systems. +- Must be currently sold new in stores. +- Must receive a minimum of 5 years of security updates. +- Must have dedicated secure element hardware. ### Applicazioni -- Le applicazioni presenti in questa pagina non devono essere applicabili a nessun'altra categoria di software presente sul sito. -- Le applicazioni generali devono estendere o sostituire le funzionalità di base del sistema. -- Le applicazioni devono ricevere aggiornamenti e manutenzione regolari. - ---8<-- "includes/abbreviations.it.txt" +- Applications on this page must not be applicable to any other software category on the site. +- General applications should extend or replace core system functionality. +- Applications should receive regular updates and maintenance. diff --git a/i18n/it/basics/account-creation.md b/i18n/it/basics/account-creation.md index e5a09f40..61ccd9b1 100644 --- a/i18n/it/basics/account-creation.md +++ b/i18n/it/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Creazione account" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Spesso le persone si iscrivono a servizi senza riflettere. Forse si tratta di un servizio di streaming per guardare la nuova serie di cui tutti parlano, o di un account che ti offre uno sconto per il tuo supermercato preferito. In ogni caso, dovresti considerare le implicazioni per i tuoi dati ora e in futuro. @@ -78,5 +79,3 @@ In molti casi dovrai fornire un numero da cui puoi ricevere SMS o chiamate, in p ### Nome utente e password Alcuni servizi ti consentono di registrarti senza utilizzare un indirizzo email e richiedono solo d'impostare un nome utente e una password. Questi servizi possono fornire un maggiore anonimato se combinati con una VPN o Tor. Tieni presente che per questi account molto probabilmente non ci sarà **nessun modo per recuperare il tuo account** nel caso in cui dimentichi il tuo nome utente o password. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/basics/account-deletion.md b/i18n/it/basics/account-deletion.md index a2f85d94..7609b109 100644 --- a/i18n/it/basics/account-deletion.md +++ b/i18n/it/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Eliminazione account" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Con il tempo, può essere facile accumulare una serie di profili online, molti dei quali potrebbero non essere più utilizzati. L'eliminazione di questi account inutilizzati è un passo importante per recuperare la propria privacy, poiché gli account inattivi sono vulnerabili alle violazioni dei dati. Una violazione dei dati (anche detta data breach) avviene quando la sicurezza di un servizio è compromessa e le informazioni protette vengono visualizzate, trasmesse o rubate da soggetti non autorizzati. Le violazioni dei dati sono purtroppo [troppo comuni](https://haveibeenpwned.com/PwnedWebsites) al giorno d'oggi e quindi praticare una buona igiene digitale è il modo migliore per ridurre al minimo l'impatto che hanno sulla propria vita. L'obiettivo di questa guida è quindi quello di aiutarvi a superare il fastidioso processo di cancellazione dell'account, spesso reso difficile da un [design ingannevole](https://www.deceptive.design/), per migliorare la propria presenza online. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/basics/common-misconceptions.md b/i18n/it/basics/common-misconceptions.md index 14ff7559..26aec771 100644 --- a/i18n/it/basics/common-misconceptions.md +++ b/i18n/it/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "I malintesi più comuni" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Il software open-source è sempre sicuro" o "il software proprietario è più sicuro" @@ -56,6 +57,4 @@ Uno dei modelli di minaccia più chiari è quello in cui le persone *sanno chi s L'uso di Tor può aiutare in questo caso. Vale anche la pena di notare che un maggiore anonimato è possibile attraverso la comunicazione asincrona: la comunicazione in tempo reale è vulnerabile all'analisi dei modelli di digitazione (ad esempio, più di un paragrafo di testo, distribuito su un forum, via e-mail, ecc.) ---8<-- "includes/abbreviations.it.txt" - [^1]: Un esempio notevole è [l'incidente del 2021 in cui i ricercatori dell'Università del Minnesota hanno introdotto tre vulnerabilità nel progetto di sviluppo del kernel Linux](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/it/basics/common-threats.md b/i18n/it/basics/common-threats.md index 33c64e21..efc7ebe7 100644 --- a/i18n/it/basics/common-threats.md +++ b/i18n/it/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Minacce comuni" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- In linea di massima, le nostre raccomandazioni sono suddivise in [minacce](threat-modeling.md) o obiettivi che si applicano alla maggior parte delle persone. ==Potete essere interessati a nessuna, una, alcune o tutte queste possibilità== e gli strumenti e i servizi che utilizzate dipendono dai vostri obiettivi. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.it.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/it/basics/email-security.md b/i18n/it/basics/email-security.md index bffa7567..f0c2fb57 100644 --- a/i18n/it/basics/email-security.md +++ b/i18n/it/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/basics/multi-factor-authentication.md b/i18n/it/basics/multi-factor-authentication.md index 6997741d..a452cfaf 100644 --- a/i18n/it/basics/multi-factor-authentication.md +++ b/i18n/it/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Autenticazione a più fattori" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **L'autenticazione a più fattori** (**MFA**) è un meccanismo di sicurezza che richiede ulteriori passaggi oltre all'inserimento del nome utente (o email) e della password. Il metodo più comune è quello dei codici a tempo limitato che si possono ricevere via SMS o tramite un'applicazione. @@ -162,5 +163,3 @@ SSH MFA può anche essere impostato utilizzando TOTP. DigitalOcean ha fornito un ### KeePass (e KeePassXC) I database KeePass e KeePassXC possono essere protetti utilizzando Challenge-Response o HOTP come autenticazione di secondo fattore. Yubico ha fornito un documento per KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) e ne esiste uno anche sul sito [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa). - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/basics/passwords-overview.md b/i18n/it/basics/passwords-overview.md index 5348121e..f2c0908e 100644 --- a/i18n/it/basics/passwords-overview.md +++ b/i18n/it/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/basics/threat-modeling.md b/i18n/it/basics/threat-modeling.md index a2311a63..e102ed30 100644 --- a/i18n/it/basics/threat-modeling.md +++ b/i18n/it/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Modelli di minaccia" icon: 'material/target-account' +description: Bilanciare sicurezza, privacy e usabilità è il primo e il più difficile compito che incontrerai durante il tuo viaggio nella privacy. --- Bilanciare sicurezza, privacy e usabilità è il primo e il più difficile compito che incontrerai durante il tuo viaggio nella privacy. Tutto è un compromesso: più qualcosa è sicuro, più è restrittivo o scomodo in generale, ecc. Spesso, le persone scoprono che il problema con gli strumenti che vedono raccomandati è che sono troppo difficili da iniziare a usare! @@ -107,5 +108,3 @@ Per le persone che cercano di aumentare la loro privacy e sicurezza online, abbi ## Fonti - [EFF Surveillance Self Defense: Your Security Plan (EFF Autodifesa da sorveglianza: il tuo piano di sicurezza)](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/basics/vpn-overview.md b/i18n/it/basics/vpn-overview.md index 8edfef60..78a1a7fc 100644 --- a/i18n/it/basics/vpn-overview.md +++ b/i18n/it/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: Panoramica VPN icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Le reti private virtuali sono un modo per estendere l'estremità della vostra rete all'uscita di un'altra parte del mondo. Un ISP può vedere il flusso del traffico Internet che entra ed esce dal dispositivo di terminazione della rete (ad esempio, il modem). -I protocolli di crittografia come l'HTTPS sono comunemente utilizzati su Internet, quindi potrebbero non essere in grado di vedere esattamente ciò che state postando o leggendo, ma possono farsi un'idea dei [domini richiesti](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). Una VPN può essere d'aiuto in quanto può spostare la fiducia su un server in un'altra parte del mondo. Di conseguenza, l'ISP vede solo che sei connesso a una VPN e non vede nulla dell'attività che stai trasmettendo. @@ -74,5 +75,3 @@ Per situazioni come queste, o se hai un altro motivo valido, i provider VPN che - [Free VPN App Investigation (Indagine sulle app di VPN gratuite)](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies (Svelati i proprietari segreti delle VPN: 101 prodotti per VPN gestiti da sole 23 aziende)](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions (Questa azienda cinese è segretamente dietro 24 app popolari che cercano autorizzazioni pericolose)](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/calendar.md b/i18n/it/calendar.md index 3fa4081b..2076bd0e 100644 --- a/i18n/it/calendar.md +++ b/i18n/it/calendar.md @@ -1,6 +1,7 @@ --- title: "Sincronizzazione di calendario e contatti" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -76,5 +77,3 @@ Calendars contain some of your most sensitive data; use products that implement KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikipedia.org/wiki/Comma-separated_values). Ciò può comportare la perdita di dati se si importa questo file in un altro gestore di password. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/cloud.md b/i18n/it/cloud.md index 49baeb5e..c7e159a8 100644 --- a/i18n/it/cloud.md +++ b/i18n/it/cloud.md @@ -1,6 +1,7 @@ --- title: "Archiviazione in cloud" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Molti fornitori di spazio di archiviazione cloud richiedono la tua totale fiducia sul fatto che non guarderanno nei tuoi file. Le alternative elencate di seguito eliminano la necessità di fiducia mettendo l'utente in controllo dei propri dati o implementando E2EE. @@ -29,7 +30,6 @@ Se queste alternative non soddisfano le tue esigenze, ti suggeriamo di esaminare - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. recommendation Proton Drive desktop clients are still in development. ## CryptPad @@ -67,5 +67,3 @@ KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikip - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/cryptocurrency.md b/i18n/it/cryptocurrency.md new file mode 100644 index 00000000..f42e63c6 --- /dev/null +++ b/i18n/it/cryptocurrency.md @@ -0,0 +1,62 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger "Pericolo" + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## CryptPad + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. recommendation + +!!! recommendation + + ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** è un pastebin online minimalista e open-source in cui il server non ha alcuna conoscenza dei dati incollati. Infatti, vengono criptati/decriptati nel tuo browser utilizzando AES a 256 bit. downloads + + - [:simple-windows11: Windows](https://keepassxc.org/download/#windows) + - [:simple-apple: macOS](https://keepassxc.org/download/#mac) + - [:simple-linux: Linux](https://keepassxc.org/download/#linux) + - [:simple-flathub: Flatpak](https://flathub.org/apps/details/org.keepassxc.KeePassXC) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk) + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/it/data-redaction.md b/i18n/it/data-redaction.md index 6ba8fe98..9619bd1e 100644 --- a/i18n/it/data-redaction.md +++ b/i18n/it/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Rimozione di dati e metadati" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- Quando vengono condivisi file, è importante rimuovere i relativi metadata. I file immagine includono comunemente dati [Exif](https://it.wikipedia.org/wiki/Exif). I metadata delle foto, a volte, includono anche le coordinate GPS. @@ -151,5 +152,3 @@ L'applicazione offre diversi modi per cancellare i metadati dalle immagini. Vale - Le applicazioni sviluppate per sistemi operativi open-source devono essere open-source. - Le applicazioni devono essere gratuite e non devono includere pubblicità o altre limitazioni. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/desktop-browsers.md b/i18n/it/desktop-browsers.md index 47ebb328..ce8c1ac7 100644 --- a/i18n/it/desktop-browsers.md +++ b/i18n/it/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Browser desktop" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- Questi sono i browser e le configurazioni per desktop attualmente consigliati per la navigazione standard/non anonima. Se hai bisogno di navigare in Internet in modo anonimo, dovresti invece utilizzare [Tor](tor.md). In generale, si consiglia di ridurre al minimo le estensioni del browser; hanno un accesso privilegiato all'interno del browser, richiedono fiducia nello sviluppatore, possono farti [risaltare](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)e [indebolire l'isolamento del sito](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ). @@ -267,6 +268,4 @@ KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikip - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.it.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/it/desktop.md b/i18n/it/desktop.md index e621853b..9a244412 100644 --- a/i18n/it/desktop.md +++ b/i18n/it/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Le distribuzioni Linux sono comunemente consigliate per la protezione della privacy e la libertà del software. --- Le distribuzioni Linux sono comunemente consigliate per la protezione della privacy e la libertà del software. Se non utilizzi già Linux, di seguito ti suggeriamo alcune distribuzioni da provare, oltre ad alcuni consigli generali per migliorare la privacy e la sicurezza applicabili a molte distribuzioni Linux. @@ -187,5 +188,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/dns.md b/i18n/it/dns.md index a4a12af2..b21050bf 100644 --- a/i18n/it/dns.md +++ b/i18n/it/dns.md @@ -1,13 +1,12 @@ --- title: "Resolver DNS" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! faq "Quando utilizzare il DNS crittografato?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Il DNS crittografato non aiuta a nascondere la tua attività di navigazione. - I DNS crittografati con server di terze parti dovrebbero essere utilizzati solo per aggirare forme di [blocco del DNS](https://en.wikipedia.org/wiki/DNS_blocking) basilari, quando sei sicuro che ciò non causi alcuna conseguenza. Il DNS crittografato non aiuta a nascondere la tua attività di navigazione. - - [Per saperne di più sul DNS](basics/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Provider consigliati @@ -132,8 +131,6 @@ Una soluzione DNS self-hosted è utile per fornire il filtraggio su piattaforme [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Codice sorgente" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribuisci } ---8<-- "includes/abbreviations.it.txt" - [^1]: AdGuard memorizza le statistiche aggregate delle prestazioni dei propri server DNS, ovvero il numero di richieste dirette a un particolare server, il numero di richieste bloccate e la velocità di elaborazione di esse. Inoltre, conservano e memorizzano i domini richiesti nelle ultime 24 ore. "Abbiamo bisogno di queste informazioni per identificare e bloccare nuovi tracker e minacce" "Registriamo anche quante volte un tracker viene bloccato. Abbiamo bisogno di queste informazioni per rimuovere le regole obsolete dai nostri filtri" [https://adguard.com/it/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare raccoglie e memorizza solo dati limitati delle stringhe DNS che vengono inviate al resolver 1.1.1.1. Il resolver 1.1.1.1 non registra dati personali, e la maggior parte dei dati di identificazione personali limitati nelle stringhe DNS viene archiviata per solo 25 ore. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D registra solo i resolver Premium con profili DNS personalizzati. I resolver gratuiti non registrano dati. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/it/email-clients.md b/i18n/it/email-clients.md index c4af31f7..5bc1702e 100644 --- a/i18n/it/email-clients.md +++ b/i18n/it/email-clients.md @@ -1,6 +1,7 @@ --- title: "Condivisione di file" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Il nostro elenco di raccomandazioni contiene client di posta elettronica che supportano sia [OpenPGP](encryption.md#openpgp) che l'autenticazione forte come [Open Authorization (OAuth)](https://it.wikipedia.org/wiki/OAuth). OAuth consente di utilizzare l'[autenticazione a più fattori](basics/multi-factor-authentication.md) e di prevenire il furto di account. @@ -240,5 +241,3 @@ KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikip - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/email.md b/i18n/it/email.md index d6a1964f..7ad51fd0 100644 --- a/i18n/it/email.md +++ b/i18n/it/email.md @@ -1,6 +1,7 @@ --- -title: "Servizi di posta elettronica" +title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- L'e-mail è praticamente una necessità per l'utilizzo di qualsiasi servizio online, tuttavia non la consigliamo per le conversazioni personali. Piuttosto che utilizzare l'email per contattare altre persone, considera l'utilizzo di un mezzo di messaggistica istantanea che supporta la forward secrecy. @@ -9,9 +10,21 @@ L'e-mail è praticamente una necessità per l'utilizzo di qualsiasi servizio onl Per tutto il resto, consigliamo una varietà di provider di posta elettronica basati su modelli di business sostenibile e funzioni di sicurezza integrate. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## Servizi compatibili con OpenPGP -Questi provider supportano in modo nativo la codifica/decodifica OpenPGP, consentendo d'inviare e-mail E2EE in modo indipendente dal provider. Ad esempio, un utente di Proton Mail potrebbe inviare un messaggio E2EE a un utente di Mailbox.org, oppure si potrebbero ricevere notifiche cifrate in OpenPGP dai servizi Internet che lo supportano. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. Ad esempio, un utente di Proton Mail potrebbe inviare un messaggio E2EE a un utente di Mailbox.org, oppure si potrebbero ricevere notifiche cifrate in OpenPGP dai servizi Internet che lo supportano. + +
+ +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
!!! warning "Avviso" @@ -49,41 +62,41 @@ Se hai il piano Proton Unlimited, Business o Visionary, ottieni anche [SimpleLog Proton Mail ha rapporti interni di crash che **non condividono** con terze parti. Questa funzione può essere disattivata in: **Impostazioni** > **Vai alle impostazioni** > **Account** > **Sicurezza e privacy** > **Invia rapporti sui crash**. -??? success "Domini e Alias personalizzati" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Gli abbonati a Proton Mail possono scegliere un dominio personalizzato con il servizio o un indirizzo [catch-all](https://proton.me/it/support/catch-all). Inoltre è presente il supporto per il [subaddressing](https://proton.me/it/support/creating-aliases), utile per chi non vuole acquistare un dominio. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Metodi di pagamento privati" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accetta](https://proton.me/support/payment-options) Bitcoin e contanti via mail, oltre ai pagamenti standard con carta di credito/debito e PayPal. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Sicurezza dell'account" +#### :material-check:{ .pg-green } Account Security - Proton Mail supporta solo [l'autenticazione a due fattori](https://proton.me/it/support/two-factor-authentication-2fa) TOTP. Il supporto per le chiavi di sicurezza U2F non è ancora presente. Proton Mail ha in programma, però, d'integrarlo al completamento del loro codice [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/). +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. Il supporto per le chiavi di sicurezza U2F non è ancora presente. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Sicurezza dei dati" +#### :material-check:{ .pg-green } Data Security - Proton Mail ha [crittografia zero-access](https://proton.me/blog/zero-access-encryption) a riposo per le tue e-mail e [calendari](https://proton.me/news/protoncalendar-security-model). I dati protetti con crittografia zero-access sono accessibili solo da te. - - Alcune informazioni memorizzate nei [Contatti Proton](https://proton.me/it/support/proton-contacts), come i nomi visualizzati e gli indirizzi e-mail, non sono protette dalla crittografia zero-access. I campi dei contatti che supportano la crittografia zero-access, come i numeri di telefono, sono indicati con l'icona di un lucchetto. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). I dati protetti con crittografia zero-access sono accessibili solo da te. -??? success "Crittografia delle email" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. I campi dei contatti che supportano la crittografia zero-access, come i numeri di telefono, sono indicati con l'icona di un lucchetto. - Proton mail ha [integrato la crittografia OpenPGP](https://proton.me/it/support/how-to-use-pgp) nella loro webmail. Le e-mail inviate ad altri account Proton Mail vengono crittografate automaticamente, e la crittografia verso indirizzi non Proton Mail con una chiave OpenPGP può essere abilitata nelle impostazioni dell'account. Permettono inoltre di [crittografare messaggi verso indirizzi non Proton Mail](https://proton.me/it/support/password-protected-emails) senza il bisogno che il ricevente acceda ad un account Proton Mail o utilizzi software come OpenPGP. - - Proton Mail consente anche il reperimento di chiavi pubbliche via HTTP dalla loro [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Questo permette alle persone che non utilizzano Proton Mail di trovare facilmente le chiavi OpenPGP degli account Proton Mail, per un E2EE cross-provider. +#### :material-check:{ .pg-green } Email Encryption -??? check "Sicurezza dei dati" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Le e-mail inviate ad altri account Proton Mail vengono crittografate automaticamente, e la crittografia verso indirizzi non Proton Mail con una chiave OpenPGP può essere abilitata nelle impostazioni dell'account. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail non offre una funzione di eredità digitale. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Questo permette alle persone che non utilizzano Proton Mail di trovare facilmente le chiavi OpenPGP degli account Proton Mail, per un E2EE cross-provider. -??? info "Metodi di pagamento privati" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Se avete un account a pagamento e la vostra [bolletta non è pagata](https://proton.me/support/delinquency) dopo 14 giorni, non potrete accedere ai vostri dati. Dopo 30 giorni, l'account diventerà delinguente e non riceverà più la posta in arrivo. Durante questo periodo la fattura continuerà ad essere addebitata. +Proton Mail non offre una funzione di eredità digitale. -??? info "Funzionalità aggiuntive" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offre un account "Unlimited" a 9,99 euro/mese, che consente anche l'accesso a Proton VPN oltre a fornire account multipli, domini, alias e 500 GB di spazio di archiviazione. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. Dopo 30 giorni, l'account diventerà delinguente e non riceverà più la posta in arrivo. Durante questo periodo la fattura continuerà ad essere addebitata. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offre un account "Unlimited" a 9,99 euro/mese, che consente anche l'accesso a Proton VPN oltre a fornire account multipli, domini, alias e 500 GB di spazio di archiviazione. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail ha rapporti interni di crash che **non condividono** con terze parti - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Domini e Alias personalizzati" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org consente di utilizzare il proprio dominio e supporta gli indirizzi [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain). Mailbox.org supporta anche [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), utile se non si vuole acquistare un dominio. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? check "Eredità digitale" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org non accetta Bitcoin o altre criptovalute a causa della sospensione delle attività del processore di pagamento BitPay in Germania. Tuttavia, accettano contanti per posta, pagamento in contanti su conto corrente, bonifico bancario, carta di credito, PayPal e un paio di processori specifici per la Germania: paydirekt e Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. Tuttavia, accettano contanti per posta, pagamento in contanti su conto corrente, bonifico bancario, carta di credito, PayPal e un paio di processori specifici per la Germania: paydirekt e Sofortüberweisung. -??? success "Sicurezza dell'account" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supporta l'[autenticazione a due fattori](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) solo per la sua webmail. È possibile utilizzare il TOTP o un [Yubikey](https://it.wikipedia.org/wiki/YubiKey) tramite il [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Gli standard web come [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) non sono ancora supportati. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Sicurezza dei dati" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org consente la crittografia della posta in arrivo utilizzando la sua [casella di posta crittografata] (https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). I nuovi messaggi ricevuti saranno immediatamente crittografati con la tua chiave pubblica. - - Tuttavia, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), la piattaforma software utilizzata da Mailbox.org, [non supporta](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) la crittografia della rubrica e del calendario. Un'[opzione autonoma] (calendario-contatti.md) potrebbe essere più appropriata per queste informazioni. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). I nuovi messaggi ricevuti saranno immediatamente crittografati con la tua chiave pubblica. -??? success "Crittografia delle email" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org ha [integrato la crittografia] (https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) nella sua webmail, che semplifica l'invio di messaggi a persone con chiavi OpenPGP pubbliche. Consentono inoltre [ai destinatari remoti di decriptare un'e-mail](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) sui server di Mailbox.org. Questa funzione è utile quando il destinatario remoto non dispone di OpenPGP e non può decifrare una copia dell'e-mail nella propria casella di posta elettronica. - - Mailbox.org supporta anche il reperimento di chiavi pubbliche via HTTP dalla sua [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Questo permette a persone esterne a Mailbox.org di trovare facilmente le chiavi OpenPGP degli account di Mailbox.org, per un E2EE fra provider diversi. +#### :material-check:{ .pg-green } Email Encryption -??? check "Domini e alias personalizzati" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. Questa funzione è utile quando il destinatario remoto non dispone di OpenPGP e non può decifrare una copia dell'e-mail nella propria casella di posta elettronica. - Mailbox.org dispone di una funzione di eredità digitale per tutti i piani. Puoi scegliere se vuoi che i dati siano trasmessi agli eredi, a condizione che ne facciano richiesta e forniscano il testamento. In alternativa, è possibile nominare una persona per nome e indirizzo. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Questo permette a persone esterne a Mailbox.org di trovare facilmente le chiavi OpenPGP degli account di Mailbox.org, per un E2EE fra provider diversi. -??? info "Metodi di pagamento privati" +#### :material-check:{ .pg-green } Digital Legacy - L'account sarà impostato come account utente limitato alla scadenza del contratto, dopo [30 giorni sarà irrevocabilmente cancellato](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org dispone di una funzione di eredità digitale per tutti i piani. Puoi scegliere se vuoi che i dati siano trasmessi agli eredi, a condizione che ne facciano richiesta e forniscano il testamento. In alternativa, è possibile nominare una persona per nome e indirizzo. -??? info "Funzionalità aggiuntive" +#### :material-information-outline:{ .pg-blue } Account Termination - È possibile accedere al proprio account Mailbox.org tramite IMAP/SMTP utilizzando il loro [servizio .onion] (https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). Tuttavia, l'interfaccia webmail non è accessibile tramite il servizio .onion e si possono verificare errori di certificato TLS. - - Tutti gli account sono dotati di uno spazio di archiviazione cloud limitato che [può essere crittografato] (https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org offre anche l'alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), che applica la crittografia TLS alla connessione tra i server di posta, altrimenti il messaggio non verrà inviato affatto. Mailbox.org supporta anche [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) oltre ai protocolli di accesso standard come IMAP e POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). Tuttavia, l'interfaccia webmail non è accessibile tramite il servizio .onion e si possono verificare errori di certificato TLS. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## Altri provider + +Questi provider archiviano le tue e-mail con una crittografia a conoscenza zero, il che li rende ottime opzioni per mantenere sicure le tue e-mail archiviate. Tuttavia, non supportano standard di crittografia interoperabili per le comunicazioni E2EE tra provider. + +
+ +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
### StartMail @@ -156,43 +180,39 @@ Proton Mail ha rapporti interni di crash che **non condividono** con terze parti - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Domini e Alias personalizzati" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Gli account personali possono utilizzare alias [Personalizzati o rapidi](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases). Sono disponibili anche [domini personalizzati](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain). +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Metodi di pagamento privati" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accetta Visa, MasterCard, American Express e Paypal. StartMail ha anche altre [opzioni di pagamento](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) come Bitcoin (attualmente solo per gli account personali) e l'addebito diretto SEPA per gli account più vecchi di un anno. +StartMail accetta Visa, MasterCard, American Express e Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Sicurezza dell'account" +#### :material-check:{ .pg-green } Account Security - StartMail supporta l'autenticazione a due fattori TOTP [solo per la webmail] (https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). Non consentono l'autenticazione con chiave di sicurezza U2F. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). Non consentono l'autenticazione con chiave di sicurezza U2F. -??? info "Sicurezza dei dati" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail dispone di [zero accesso ai dati crittografati a riposo](https://www.startmail.com/en/whitepaper/#_Toc458527835), utilizzando il sistema "user vault". Quando accedi, la cassaforte viene aperta e l'e-mail viene spostata dalla coda e inserita, dove viene decifrata dalla corrispondente chiave privata. - - StartMail supporta l'importazione dei [contatti](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts), ma sono accessibili solo nella webmail e non attraverso protocolli come [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Inoltre, i contatti non vengono memorizzati utilizzando la crittografia a "conoscenza zero", quindi potrebbe essere più appropriata un'opzione [autonoma](calendar-contacts.md). +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. Quando accedi, la cassaforte viene aperta e l'e-mail viene spostata dalla coda e inserita, dove viene decifrata dalla corrispondente chiave privata. -??? success "Crittografia delle email" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Inoltre, i contatti non vengono memorizzati utilizzando la crittografia a "conoscenza zero", quindi potrebbe essere più appropriata un'opzione \[autonoma\](calendar-contacts.md). - Startmail ha [integrato la crittografia] (https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) nella sua webmail, che semplifica l'invio di messaggi a utenti con chiavi OpenPGP pubbliche. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Eredità digitale" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail non offre una funzione di eredità digitale. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Chiusura dell'account" +StartMail non offre una funzione di eredità digitale. - Alla scadenza dell'account, StartMail eliminerà definitivamente l'account dopo [6 mesi in 3 fasi](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Funzionalità aggiuntive" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail consente il proxy delle immagini all'interno dei messaggi di posta elettronica. Se consenti il caricamento dell'immagine remota, il mittente non saprà quale sia il tuo indirizzo IP. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## Altri provider - -Questi provider archiviano le tue e-mail con una crittografia a conoscenza zero, il che li rende ottime opzioni per mantenere sicure le tue e-mail archiviate. Tuttavia, non supportano standard di crittografia interoperabili per le comunicazioni E2EE tra provider. +StartMail consente il proxy delle immagini all'interno dei messaggi di posta elettronica. Se consenti il caricamento dell'immagine remota, il mittente non saprà quale sia il tuo indirizzo IP. ### Tutanota @@ -220,44 +240,51 @@ Questi provider archiviano le tue e-mail con una crittografia a conoscenza zero, Tutanota non supporta il [protocollo IMAP](https://tutanota.com/faq/#imap) o l'uso di client [di posta elettronica di terze parti](email-clients.md)e non sarà nemmeno possibile aggiungere [account di posta elettronica esterni](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) all'app Tutanota. Al momento non sono supportate né [Importazione e-mail](https://github.com/tutao/tutanota/issues/630) né [sottocartelle](https://github.com/tutao/tutanota/issues/927) , anche se questo [dovrebbe essere modificato](https://tutanota.com/blog/posts/kickoff-import). Le e-mail possono essere esportate [singolarmente o per selezione in blocco](https://tutanota.com/howto#generalMail) per cartella, il che può essere scomodo se si dispone di molte cartelle. -??? success "Domini e Alias personalizzati" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Gli account Tutanota a pagamento possono utilizzare fino a 5 [alias](https://tutanota.com/faq#alias) e [domini personalizzati](https://tutanota.com/faq#custom-domain). Tutanota non consente [sottoindirizzi (più indirizzi)] (https://tutanota.com/faq#plus), ma è possibile utilizzare un [catch-all](https://tutanota.com/howto#settings-global) con un dominio personalizzato. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Metodi di pagamento privati" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota accetta direttamente solo carte di credito e PayPal, tuttavia Bitcoin e Monero possono essere utilizzati per acquistare carte regalo grazie alla loro [partnership](https://tutanota.com/faq/#cryptocurrency) con Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Sicurezza dell'account" +#### :material-check:{ .pg-green } Account Security - Tutanota supporta [l'autenticazione a due fattori](https://tutanota.com/faq#2fa) sia con TOTP, sia con U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Sicurezza dei dati" +#### :material-check:{ .pg-green } Data Security - Tutanota dispone di [crittografia zero-access a riposo] (https://tutanota.com/faq#what-encrypted) per le e-mail, [contatti della rubrica] (https://tutanota.com/faq#encrypted-address-book) e [calendario](https://tutanota.com/faq#calendar). Ciò significa che i messaggi e gli altri dati memorizzati nel tuo account sono leggibili solo a te. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). Ciò significa che i messaggi e gli altri dati memorizzati nel tuo account sono leggibili solo a te. -??? warning "Crittografia delle email" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [non utilizza OpenPGP](https://www.tutanota.com/faq/#pgp). Gli account Tutanota possono ricevere e-mail cifrate da account di posta elettronica non Tutanota solo se inviate tramite una [casella di posta temporanea Tutanota](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Eredità digitale" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota non offre una funzione di eredità digitale. +Tutanota non offre una funzione di eredità digitale. -??? info "Chiusura dell'account" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota [chiuderà gli account gratuiti inattivi](https://tutanota.com/faq#inactive-accounts) dopo sei mesi. È possibile riutilizzare un account gratuito disattivato se si paga. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. È possibile riutilizzare un account gratuito disattivato se si paga. -??? info "Funzionalità aggiuntive" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offre la versione business di [Tutanota per le organizzazioni non profit](https://tutanota.com/blog/posts/secure-email-for-non-profit) gratuitamente o con un forte sconto. - - Tutanota dispone anche di una funzione commerciale chiamata [Secure Connect](https://tutanota.com/secure-connect/). Ciò garantisce che il contatto del cliente con l'azienda utilizzi E2EE. La funzione costa 240€ all'anno. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). Ciò garantisce che il contatto del cliente con l'azienda utilizzi E2EE. La funzione costa 240€ all'anno. ## Servizi di alias per email Un servizio di aliasing email consente di generare facilmente un nuovo indirizzo email per ogni sito web a cui ci si registra. Gli alias email generati vengono quindi inoltrati a un indirizzo email di tua scelta, nascondendo sia il tuo indirizzo e-mail "principale" che l'identità del tuo provider di posta elettronica. Il vero aliasing di posta elettronica è meglio dell'indirizzo plus comunemente usato e supportato da molti provider, che ti consente di creare alias come tuonome+[qualsiasicosa]@example.com, perché siti Web, inserzionisti e reti di tracciamento possono banalmente rimuovere qualsiasi cosa dopo il segno + per conoscere il tuo vero indirizzo email. +
+ +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
+ L'aliasing e-mail può funzionare da salvaguardia nel caso in cui il tuo provider di posta elettronica cessi di operare. In questo caso, è possibile reindirizzare facilmente gli alias a un nuovo indirizzo email. A sua volta, tuttavia, si sta mettendo fiducia nel servizio di aliasing che continui a funzionare. L'utilizzo di un servizio di aliasing email dedicato presenta una serie di vantaggi rispetto a un alias generico su un dominio personalizzato: @@ -334,7 +361,7 @@ SimpleLogin è stata [acquistata da Proton AG](https://proton.me/news/proton-and Puoi collegare il tuo account SimpleLogin con l'account Proton nelle impostazioni. Se hai il piano Proton Unlimited, Business o Visionary, avrai SimpleLogin Premium gratuitamente. -Funzionalità gratuite degne di nota: +Notable free features: - [x] 10 alias condivisi - [x] Risposte illimitate @@ -387,7 +414,7 @@ Consideriamo queste caratteristiche importanti per fornire un servizio sicuro e - Consentire agli utenti di utilizzare il proprio [nome di dominio](https://en.wikipedia.org/wiki/Domain_name). I nomi di dominio personalizzati sono importanti per gli utenti perché consentono loro di mantenere la propria autonomia dal servizio, se dovesse diventare negativa o essere acquisita da un'altra società che non dà priorità alla privacy. - Opera su un'infrastruttura di proprietà, ovvero non si appoggia a provider di servizi e-mail di terze parti. -**Caso migliore:** +**Best Case:** - Crittografia di tutti i dati dell'account (contatti, calendari ecc.) a riposo con crittografia ad zero-access. - Crittografia webmail integrata E2EE/PGP fornita per comodità. @@ -409,9 +436,9 @@ Preferiamo che i provider da noi consigliati raccolgano il minor numero di dati - Un'informativa sulla privacy che soddisfa i requisiti definiti dal GDPR - Non deve essere hostato negli Stati Uniti a causa del [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism), il quale dev'essere [ancora riformato](https://epic.org/ecpa/). -**Caso migliore:** +**Best Case:** -- Accetta Bitcoin, contanti e altre forme di criptovaluta e/o opzioni di pagamento anonime (carte regalo, ecc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Sicurezza @@ -428,14 +455,14 @@ I server di posta elettronica gestiscono molti dati estremamente sensibili. Ci a - Record [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) e [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) validi. - Record [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) e [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) validi. - Disporre di un record e di una politica [DMARC](https://en.wikipedia.org/wiki/DMARC) adeguati o utilizzare [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) per l'autenticazione. Se si utilizza l'autenticazione DMARC, la politica deve essere impostata su `rifiuta` o `quarantena`. -- Una preferenza per la suite di server TLS 1.2 o successivo e un piano per [deprecare TLSv1.0 e TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [Invio SMTPS](https://en.wikipedia.org/wiki/SMTPS) , supponendo che venga utilizzato SMTP. - Standard di sicurezza del sito web come: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Integrità Subresource](https://en.wikipedia.org/wiki/Subresource_Integrity) se si caricano oggetti da domini esterni. - Deve supportare la visualizzazione di [intestazioni di messaggi](https://en.wikipedia.org/wiki/Email#Message_header), in quanto è una funzione forense cruciale per determinare se un'e-mail è un tentativo di phishing. -**Caso migliore:** +**Best Case:** - Supporto per l'autenticazione hardware, come U2F e [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F e WebAuthn sono più sicuri, in quanto utilizzano una chiave privata memorizzata nel client su un dispositivo hardware per autenticare le persone, rispetto a un segreto condiviso che viene memorizzato sul server web e sul client quando si utilizza TOTP. Inoltre, U2F e WebAuthn sono più resistenti al phishing in quanto la loro risposta di autenticazione si basa sul [nome di dominio](https://en.wikipedia.org/wiki/Domain_name) autenticato. Inoltre, U2F e WebAuthn sono più resistenti al phishing in quanto la loro risposta di autenticazione si basa sul [nome di dominio](https://en.wikipedia.org/wiki/Domain_name) autenticato. - [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844), oltre al supporto DANE. @@ -443,7 +470,7 @@ I server di posta elettronica gestiscono molti dati estremamente sensibili. Ci a - Programmi di bug-bounty e/o un processo coordinato di divulgazione delle vulnerabilità. - Standard di sicurezza del sito web come: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Fiducia @@ -453,7 +480,7 @@ Non affideresti le tue finanze a qualcuno con un'identità falsa, quindi perché - Dirigenza o proprietà pubblica. -**Caso migliore:** +**Best Case:** - Dirigenza pubblica. - Rapporti di trasparenza frequenti. @@ -474,12 +501,10 @@ Non deve avere alcun marketing ritenuto irresponsabile: - Riutilizzare informazioni personali (p.e., account e-mail, pseudonimi unici ecc.) con cui hanno eseguito accessi senza software di anonimizzazione (Tor, VPN, ecc.) - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) -**Caso migliore:** +**Best Case:** - Documentazione chiara e di facile lettura. Questo include cose come l'impostazione di 2FA, dei client di posta elettronica, di OpenPGP, ecc. ### Funzionalità aggiuntive Anche se non strettamente necessari, ci sono altri fattori di convenienza o di privacy che abbiamo preso in considerazione per determinare i provider da consigliare. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/encryption.md b/i18n/it/encryption.md index 8fdda992..a9d671f3 100644 --- a/i18n/it/encryption.md +++ b/i18n/it/encryption.md @@ -1,6 +1,7 @@ --- title: "Software di crittografia" icon: material/file-lock +description: La crittografia dei dati è l'unico modo per controllare chi può accedervi. These tools allow you to encrypt your emails and any other files. --- La crittografia dei dati è l'unico modo per controllare chi può accedervi. Se al momento non stai utilizzando software per la crittografia del tuo hard disk, delle email, o dei file, dovresti scegliere una delle seguenti opzioni. @@ -363,5 +364,3 @@ KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikip - Le applicazioni di crittografia del sistema operativo (FDE) dovrebbero utilizzare una protezione hardware come TPM o Secure Enclave. - Le applicazioni per la crittografia dei file devono avere un supporto di primo o terzo livello per le piattaforme mobili. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/file-sharing.md b/i18n/it/file-sharing.md index 719170d5..4d60eb05 100644 --- a/i18n/it/file-sharing.md +++ b/i18n/it/file-sharing.md @@ -1,6 +1,7 @@ --- title: "Condivisione e sincronizzazione dei file" icon: material/share-variant +description: Scopri come condividere privatamente i tuoi file tra i tuoi dispositivi, con i tuoi amici e familirai, o in modo anonimo online. --- Scopri come condividere privatamente i tuoi file tra i tuoi dispositivi, con i tuoi amici e familirai, o in modo anonimo online. @@ -161,5 +162,3 @@ KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikip - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/financial-services.md b/i18n/it/financial-services.md new file mode 100644 index 00000000..2e19bb46 --- /dev/null +++ b/i18n/it/financial-services.md @@ -0,0 +1,112 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### CryptPad + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. recommendation + +!!! recommendation + + ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** è un pastebin online minimalista e open-source in cui il server non ha alcuna conoscenza dei dati incollati. Infatti, vengono criptati/decriptati nel tuo browser utilizzando AES a 256 bit. downloads + + - [:simple-windows11: Windows](https://keepassxc.org/download/#windows) + - [:simple-apple: macOS](https://keepassxc.org/download/#mac) + - [:simple-linux: Linux](https://keepassxc.org/download/#linux) + - [:simple-flathub: Flatpak](https://flathub.org/apps/details/org.keepassxc.KeePassXC) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk) + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### CryptPad + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. recommendation + +!!! recommendation + + ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** è un pastebin online minimalista e open-source in cui il server non ha alcuna conoscenza dei dati incollati. Infatti, vengono criptati/decriptati nel tuo browser utilizzando AES a 256 bit. downloads + + - [:simple-windows11: Windows](https://keepassxc.org/download/#windows) + - [:simple-apple: macOS](https://keepassxc.org/download/#mac) + - [:simple-linux: Linux](https://keepassxc.org/download/#linux) + - [:simple-flathub: Flatpak](https://flathub.org/apps/details/org.keepassxc.KeePassXC) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk) + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/it/frontends.md b/i18n/it/frontends.md index 5abff0c6..392758c0 100644 --- a/i18n/it/frontends.md +++ b/i18n/it/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontend" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- A volte i servizi tentano di costringerti ad iscriverti ad un account bloccando l'accesso ai contenuti con fastidiosi popup. Potrebbero anche cessare di funzionare correttamente senza l'abilitazione di JavaScript. Questi frontend possono consentire di aggirare queste restrizioni. @@ -273,5 +274,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/index.md b/i18n/it/index.md index 8d779e6e..2a08efeb 100644 --- a/i18n/it/index.md +++ b/i18n/it/index.md @@ -40,5 +40,3 @@ Cercare di proteggere tutti i dati da tutti, in ogni momento, è poco pratico, c [:material-hand-coin-outline:](about/donate.md){ title="Sostieni il progetto" } È importante che un sito web come Privacy Guide rimanga sempre aggiornato. Abbiamo bisogno che il nostro pubblico tenga d'occhio gli aggiornamenti software per le applicazioni elencate sul nostro sito e segua le notizie recenti sui provider che raccomandiamo. È difficile stare al passo con il ritmo veloce di internet, ma facciamo del nostro meglio. Se noti un errore, pensi che un provider non dovrebbe essere elencato, noti che manca un provider qualificato, credi che un plug-in del browser non sia più la scelta migliore o scopri qualsiasi altro problema, faccelo sapere. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/kb-archive.md b/i18n/it/kb-archive.md index 98458cd7..94e2e503 100644 --- a/i18n/it/kb-archive.md +++ b/i18n/it/kb-archive.md @@ -1,6 +1,7 @@ --- title: Archivio conoscenze di base icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pagine spostate nel blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Cancellazione sicura dei dati](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrazione della rimozioni di metadata](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [Guida alla configurazione di iOS](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/meta/brand.md b/i18n/it/meta/brand.md index f7d7f014..53cb9ac4 100644 --- a/i18n/it/meta/brand.md +++ b/i18n/it/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/meta/git-recommendations.md b/i18n/it/meta/git-recommendations.md index 78884777..f59b5f81 100644 --- a/i18n/it/meta/git-recommendations.md +++ b/i18n/it/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/meta/uploading-images.md b/i18n/it/meta/uploading-images.md index 812fa6a5..55f136f8 100644 --- a/i18n/it/meta/uploading-images.md +++ b/i18n/it/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/meta/writing-style.md b/i18n/it/meta/writing-style.md index 40932ea5..b9e47a71 100644 --- a/i18n/it/meta/writing-style.md +++ b/i18n/it/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/mobile-browsers.md b/i18n/it/mobile-browsers.md index 5e2beb2f..6dc2e1b6 100644 --- a/i18n/it/mobile-browsers.md +++ b/i18n/it/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Browser mobile" icon: octicons/device-mobile-16 +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- Questi sono i browser e le configurazioni attualmente consigliati per la navigazione standard e non anonima. Se hai bisogno di navigare in Internet in modo anonimo, dovresti invece utilizzare [Tor](tor.md). In generale, raccomandiamo di tenere il numero di estensioni al minimo: hanno accesso privilegiato all'interno del browser, richiedono di fidarsi dello sviluppatore, possono farti [risaltare](https://it.wikipedia.org/wiki/Device_fingerprint) e [indeboliscono](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) l'isolamento dei siti. @@ -40,7 +41,7 @@ Queste opzioni si trovano in :material-menu: → **Impostazioni** → **Brave Sh Brave include alcune misure contro il fingerprinting nella sua funzionalità [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-). Consigliamo di configurare queste opzioni [globalmente](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) applicate a tutti i siti che visiti. -##### Brave shields global defaults +##### Valori predefiniti globali di Brave Shields Le funzionalità di Shields possono essere ridotte per ogni sito se necessario; ciò nonostante, raccomandiamo le seguenti impostazioni: @@ -59,7 +60,7 @@ Le funzionalità di Shields possono essere ridotte per ogni sito se necessario; 1. Questa opzione fornisce una funzionalità simile alle [modalità di blocco](https://github.com/gorhill/uBlock/wiki/Blocking-mode) avanzate di uBlock Origin o dell'estensione [NoScript](https://noscript.net/). -##### Clear browsing data +##### Svuota dati di navigazione - [x] Seleziona **Cancellare i dati all'uscita** @@ -198,5 +199,3 @@ Liste di filtri aggiuntive possono intaccare le prestazioni ed aumentare la supe - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/multi-factor-authentication.md b/i18n/it/multi-factor-authentication.md index 584947ef..edb0fd23 100644 --- a/i18n/it/multi-factor-authentication.md +++ b/i18n/it/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Autenticatori a più fattori" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Chiavi di sicurezza fisiche @@ -158,5 +159,3 @@ Consigliamo vivamente di utilizare applicazioni TOTP per dispositivi mobili inve - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/news-aggregators.md b/i18n/it/news-aggregators.md index 608467e8..5e846863 100644 --- a/i18n/it/news-aggregators.md +++ b/i18n/it/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "Aggregatori di notizie" icon: octicons/rss-24 +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -Un [aggreggatore di notizie](https://it.wikipedia.org/wiki/Aggregatore) è un modo per tenerti aggiornato con i tuoi blog e siti di notizie favoriti. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Client aggregatori @@ -178,5 +179,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/notebooks.md b/i18n/it/notebooks.md index 7f82b2db..c42a6666 100644 --- a/i18n/it/notebooks.md +++ b/i18n/it/notebooks.md @@ -1,6 +1,7 @@ --- title: "Blocchi note" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Tieni traccia delle tue note e diari senza doverli dare a una terza parte. @@ -115,5 +116,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/os/android-overview.md b/i18n/it/os/android-overview.md index 5c823496..eea683b7 100644 --- a/i18n/it/os/android-overview.md +++ b/i18n/it/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Panoramica Android icon: fontawesome/brands/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android è un sistema operativo sicuro, dotato di [sandboxing delle app](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB) e di un robusto sistema di controllo delle [autorizzazioni](https://developer.android.com/guide/topics/permissions/overview). @@ -53,9 +54,44 @@ Fairphone, ad esempio, commercializza i propri dispositivi con 6 anni di assiste ## Autorizzazioni di Android -[Le autorizzazioni su Android](https://developer.android.com/guide/topics/permissions/overview) consentono di controllare ciò a cui le applicazioni hanno accesso. Google apporta regolarmente [miglioramenti](https://developer.android.com/about/versions/11/privacy/permissions) al sistema delle autorizzazioni in ogni nuova versione. Tutte le applicazioni installate sono rigorosamente [confinate in una sandbox](https://source.android.com/security/app-sandbox), pertanto non è necessario installare alcuna applicazione come antivirus. Uno smartphone con l'ultima versione di Android sarà sempre più sicuro di un vecchio smartphone con un antivirus a pagamento. È meglio non pagare il software antivirus e risparmiare per acquistare un nuovo smartphone come il Google Pixel. +[Le autorizzazioni su Android](https://developer.android.com/guide/topics/permissions/overview) consentono di controllare ciò a cui le applicazioni hanno accesso. Google apporta regolarmente [miglioramenti](https://developer.android.com/about/versions/11/privacy/permissions) al sistema delle autorizzazioni in ogni nuova versione. Tutte le applicazioni installate sono rigorosamente [confinate in una sandbox](https://source.android.com/security/app-sandbox), pertanto non è necessario installare alcuna applicazione come antivirus. -Se volete eseguire un'applicazione di cui non siete sicuri, prendete in considerazione l'utilizzo di un profilo utente o di lavoro. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning "Avviso" + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Accesso ai media @@ -131,5 +167,3 @@ Ti verrà data la possibilità di eliminare l'ID pubblicità o di *rinunciare ag [SafetyNet](https://developer.android.com/training/safetynet/attestation) e le API [Play Integrity](https://developer.android.com/google/play/integrity) sono generalmente utilizzate per [le app bancarie](https://grapheneos.org/usage#banking-apps). Molte applicazioni bancarie funzionano bene in GrapheneOS con i servizi Play in sandbox, ma alcune applicazioni non finanziarie hanno i loro meccanismi anti-manomissione che potrebbero fallire. GrapheneOS supera il controllo `basicIntegrity`, ma non il controllo di certificazione `ctsProfileMatch`. I dispositivi con Android 8 o successivi dispongono di un supporto di attestazione hardware che non può essere aggirato senza chiavi trapelate o gravi vulnerabilità. Per quanto riguarda Google Wallet, lo sconsigliamo a causa dell'[informativa sulla privacy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), che prevede l'opt-out se non si desidera che il proprio rating creditizio e i propri dati personali vengano condivisi con i servizi di marketing affiliati. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/os/linux-overview.md b/i18n/it/os/linux-overview.md index 941f409a..c7c2f4e4 100644 --- a/i18n/it/os/linux-overview.md +++ b/i18n/it/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/os/qubes-overview.md b/i18n/it/os/qubes-overview.md index dcd68496..b945bdec 100644 --- a/i18n/it/os/qubes-overview.md +++ b/i18n/it/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Panoramica di Qubes" icon: pg/qubes-os +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) è un sistema operativo che utilizza l'hypervisor [Xen](https://en.wikipedia.org/wiki/Xen) per fornire una forte sicurezza per il desktop computing attraverso macchine virtuali isolate. Ogni macchina virtuale è chiamata *Qube* e si può assegnare a ogni Qube un livello di fiducia in base al suo scopo. Poiché il sistema operativo Qubes garantisce la sicurezza utilizzando l'isolamento e consentendo azioni solo su base individuale, è l'opposto dell'[enumerazione delle minacce](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ Per ulteriori informazioni si consiglia di consultare le ampie pagine di documen - J. Rutkowska: [*Software compartmentalization vs. physical separation (Compartimentazione del software vs. separazione fisica)*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains (Suddividere la mia vita digitale in domini di sicurezza)*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Articoli correlati*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/passwords.md b/i18n/it/passwords.md index ca0b0f8d..941acd60 100644 --- a/i18n/it/passwords.md +++ b/i18n/it/passwords.md @@ -1,6 +1,7 @@ --- title: "Gestori di password" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- I gestori di password consentono di archiviare e gestire in modo sicuro le password e altre credenziali con l'uso di una password principale. @@ -245,5 +246,3 @@ These products are minimal password managers that can be used within scripting a - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk) - Must be cross-platform. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/productivity.md b/i18n/it/productivity.md index ac0ccd30..2da0007c 100644 --- a/i18n/it/productivity.md +++ b/i18n/it/productivity.md @@ -1,6 +1,7 @@ --- title: "Strumenti di produttività" icon: material/file-sign +description: La maggior parte delle suite per ufficio online non supportano la crittografia end-to-end, il che significa che il provider del cloud ha accesso a tutto ciò che fai. --- La maggior parte delle suite per ufficio online non supportano la crittografia end-to-end, il che significa che il provider del cloud ha accesso a tutto ciò che fai. L'informativa sulla privacy potrebbe proteggere legalmente i tuoi diritti, ma non fornisce vincoli tecnici di accesso. @@ -177,5 +178,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/real-time-communication.md b/i18n/it/real-time-communication.md index 4d758e03..73d80317 100644 --- a/i18n/it/real-time-communication.md +++ b/i18n/it/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Comunicazione in tempo reale" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- Questi sono i nostri consigli per comunicazioni criptate in tempo reale. @@ -200,5 +201,3 @@ KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikip - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/router.md b/i18n/it/router.md index 2969569c..5b140406 100644 --- a/i18n/it/router.md +++ b/i18n/it/router.md @@ -1,6 +1,7 @@ --- title: "Firmware Router" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Di seguito sono elencati alcuni sistemi operativi alternativi che possono essere usati su router, punti di accesso Wi-Fi, ecc. @@ -56,5 +57,3 @@ OPNsense è stato originariamente sviluppato come fork di [pfSense](https://en.w - Deve essere open source. - Deve ricevere aggiornamenti regolari. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/search-engines.md b/i18n/it/search-engines.md index bb0dc0e1..6c080469 100644 --- a/i18n/it/search-engines.md +++ b/i18n/it/search-engines.md @@ -1,6 +1,7 @@ --- title: "Motori di ricerca" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Utilizza un motore di ricerca che non crei un profilo pubblicitario basato sulle tue ricerche. @@ -88,9 +89,9 @@ L'azionista di maggioranza di Startpage è System1, un'azienda di tecnologie pub ## CryptPad -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. recommendation +**Si noti che non siamo affiliati a nessuno dei progetti che consigliamo.** Oltre a [i nostri criteri standard](about/criteria.md), abbiamo sviluppato una chiara serie di requisiti che ci permettono di fornire raccomandazioni obiettive. Ti consigliamo di familiarizzare con questo elenco prima di scegliere di utilizzare un progetto e condurre le tue ricerche per assicurarti che sia la scelta giusta per te. -!!! recommendation +!!! esempio "Questa sezione è nuova" ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right } @@ -114,5 +115,3 @@ KeePassXC memorizza i suoi dati di esportazione come file [CSV](https://en.wikip - Dovrebbe essere basato su software open-source. - Non dovrebbe bloccare gli indirizzi IP dei nodi di uscita di Tor. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/tools.md b/i18n/it/tools.md index c2c90006..9e952a8b 100644 --- a/i18n/it/tools.md +++ b/i18n/it/tools.md @@ -3,6 +3,7 @@ title: "Strumenti per la privacy" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- Se stai cercando una soluzione specifica per qualcosa, questi sono gli strumenti hardware e software che ti consigliamo in una varietà di categorie. I nostri strumenti di privacy consigliati sono scelti principalmente in base alle funzionalità di sicurezza, con maggiore enfasi sugli strumenti decentralizzati e open-source. Sono applicabili a una varietà di modelli di minaccia che vanno dalla protezione contro i programmi di sorveglianza di massa globali e evitare le grandi aziende tecnologiche alla mitigazione degli attacchi, ma solo tu puoi determinare cosa funzionerà meglio per le tue esigenze. @@ -84,7 +85,7 @@ Per maggiori dettagli su ogni progetto, sul motivo per cui è stato scelto e su
-- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -201,6 +202,29 @@ Per maggiori dettagli su ogni progetto, sul motivo per cui è stato scelto e su [Maggiori informazioni :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
+ +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
+ +[Maggiori informazioni :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
+ +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
+ +[Maggiori informazioni :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Motori di ricerca
@@ -228,9 +252,9 @@ Per maggiori dettagli su ogni progetto, sul motivo per cui è stato scelto e su
-- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
@@ -249,6 +273,16 @@ Per maggiori dettagli su ogni progetto, sul motivo per cui è stato scelto e su [Maggiori informazioni :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
+ +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
+ +[Maggiori informazioni :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Rimozione di dati e metadati
@@ -437,5 +471,3 @@ Per maggiori dettagli su ogni progetto, sul motivo per cui è stato scelto e su
[Maggiori informazioni :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/tor.md b/i18n/it/tor.md index 1a60c3f3..e5b6ca0d 100644 --- a/i18n/it/tor.md +++ b/i18n/it/tor.md @@ -1,6 +1,7 @@ --- title: "Rete Tor" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Logo Tor](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ La rete **Tor** è un gruppo di server gestiti da volontari che permette di conn Tor funziona instradando il traffico internet attraverso questi server gestiti da volontari, invece di effettuare una connessione diretta al sito che si sta cercando di visitare. In questo modo si offusca la provenienza del traffico e nessun server nel percorso di connessione è in grado di vedere il percorso completo del traffico proveniente e diretto, il che significa che nemmeno i server utilizzati per connettersi possono violare l'anonimato. -
- ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
Tor circuit pathway - I nodi del percorso possono vedere solo i server a cui sono direttamente collegati, ad esempio il nodo "Entry" mostrato può vedere il vostro indirizzo IP e l'indirizzo del nodo "Middle", ma non ha modo di vedere quale sito web state visitando.
-
- -- [Maggiori informazioni sul funzionamento di Tor :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connessione a Tor @@ -120,5 +115,3 @@ Per resistere agli attacchi di analisi del traffico, considera di abilitare *Iso Snowflake non aumenta in alcun modo la tua privacy e non viene utilizzato per connettersi alla rete Tor all'interno del tuo browser personale. Tuttavia, se la tua connessione a Internet non è censurata, dovresti prendere in considerazione la possibilità di utilizzarlo per aiutare le persone che si trovano in reti censurate a ottenere una migliore privacy. Non c'è bisogno di preoccuparsi dei siti web a cui le persone accedono attraverso il tuo proxy: il loro indirizzo IP di navigazione visibile corrisponderà al loro nodo di uscita Tor, non al tuo. La gestione di un proxy Snowflake è a basso rischio, anche più della gestione di un relay o bridge di Tor, che già non sono attività particolarmente rischiose. Tuttavia, il traffico viene comunque instradato attraverso la tua rete, il che può avere un certo impatto, soprattutto se la tua rete ha una larghezza di banda limitata. Assicurati di comprendere [come Snowflake funziona](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) prima di decidere se gestire un proxy. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/video-streaming.md b/i18n/it/video-streaming.md index aa29b60b..e24a2594 100644 --- a/i18n/it/video-streaming.md +++ b/i18n/it/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Streaming video" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- Il rischio principale quando si usa una piattaforma di streaming video è che le tue abitudini e iscrizioni possano essere usate per profilarti. Suggeriamo di utilizzare questi strumenti accompagnati da un [VPN](vpn.md) o [Tor](https://www.torproject.org/) in modo da rendere più difficile la profilazione. @@ -57,5 +58,3 @@ Raccomandiamo di **non sincronizzare** il portafoglio con LBRY Inc. poiché la s - Non deve richiedere un account centralizzato per visualizzare i video. - L'autenticazione decentralizzata, ad esempio tramite la chiave privata di un wallet mobile, è accettabile. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/it/vpn.md b/i18n/it/vpn.md index 677c569d..d0262b9a 100644 --- a/i18n/it/vpn.md +++ b/i18n/it/vpn.md @@ -1,11 +1,20 @@ --- -title: "Servizi VPN" +title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Trova un operatore VPN che non si occupi di leggere o vendere il tuo traffico web. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "Le VPN non forniscono anonimato" +
+ +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
+ +!!! danger "Le VPN non forniscono anonimato" L'utilizzo di una VPN **non** manterrà anonime le tue abitudini di navigazione, né aggiungerà ulteriore sicurezza al traffico non sicuro (HTTP). @@ -15,80 +24,11 @@ Trova un operatore VPN che non si occupi di leggere o vendere il tuo traffico we [Scarica Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](basics/tor-overview.md){ .md-button } -??? question "Quando sono utili le VPN?" - - Se stai cercando una maggiore **privacy** dal tuo ISP, su una rete Wi-Fi pubblica o durante il torrenting di file, una VPN potrebbe essere la soluzione, a patto che ne comprendi i rischi. - - [Maggior informazioni](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Provider consigliati -!!! summary "Criteri" - - I fornitori che consigliamo utilizzano la crittografia, accettano Monero, supportano WireGuard & OpenVPN e applicano una politica di non registrazione del traffico. Leggi la nostra [lista completa dei criteri](#our-criteria). - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** è un forte concorrente nello spazio VPN ed è attivo dal 2016. Proton AG ha sede in Svizzera e offre un livello gratuito limitato, così come un'opzione premium più ricca di funzioni. - - **Gratuito** — **Piano Plus da 71,88€ all'anno** (1) - - [:octicons-home-16: Pagina principale](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Informativa sulla privacy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentazione} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Codice sorgente" } downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 paesi" - - Proton VPN ha [server in 67 paesi](https://protonvpn.com/vpn-servers) (1). Scegliere un provider VPN con un server più vicino a voi ridurrà la latenza del traffico di rete inviato. Ciò è dovuto al fatto che il percorso verso la destinazione è più breve (meno hop). - - Riteniamo inoltre che sia meglio per la sicurezza della chiave privata del provider VPN se utilizza [server dedicati](https://en.wikipedia.org/wiki/Dedicated_hosting_service), invece che soluzioni condivise (con altri clienti) più economiche, come un [virtual private server (VPS)](https://it.wikipedia.org/wiki/Virtual_private_server). - -1. Ultimo controllo: 16-09-2022 - -??? success "Audit indipendente" - - Nel mese di gennaio del 2020, Proton VPN è stato sottoposto ad un audit indipendente da parte di SEC Consult. SEC Consult ha riscontrato alcune vulnerabilità di basso e medio rischio nelle applicazioni di Windows, Android e iOS, le quali sono state "adeguatamente risolte" da Proton VPN prima della pubblicazione dei rapporti. Nessuno dei problemi identificati avrebbe potuto garantire a un hacker di accedere da remoto al tuo dispositivo o al tuo traffico. Puoi vedere i singoli rapporti per ogni piattaforma su [protonvpn.com](https://protonvpn.com/blog/open-source/). Nell'aprile 2022 Proton VPN è stata sottoposta ad [un altro audit](https://protonvpn.com/blog/no-logs-audit/) e il rapporto è stato [prodotto da Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). Una [lettera di attestazione](https://proton.me/blog/security-audit-all-proton-apps) è stata fornita per le applicazioni di Proton VPN il 9 novembre 2021 da [Securitum](https://research.securitum.com). - -??? success "Client Open-Source" - - Proton VPN fornisce il codice sorgente dei loro client desktop e mobile nella loro [organizzazione GitHub](https://github.com/ProtonVPN). - -??? success "Accetta contanti" - - Oltre ad accettare carte di credito/debito e PayPal, Proton VPN accetta pagamenti in Bitcon e **contanti/valuta locale** come forma di pagamento anonima. - -??? success "Supporto WireGuard" - - Proton VPN supporta principalmente il protocollo WireGuard®. [WireGuard](https://www.wireguard.com) è un protocollo più recente che utilizza una [cryptography](https://www.wireguard.com/protocol/) di ultima generazione. Inoltre, WireGuard mira a essere più semplice e performante. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) l'utilizzo di WireGuard con il loro servizio. Nelle applicazioni Windows, macOS, iOS, Android, ChromeOS e Android TV, WireGuard è il protocollo predefinito, tuttavia il [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) per il protocollo non è presente nella loro applicazione Linux. - -??? warning "Remote Port Forwarding" - - Proton VPN supporta attualmente il [port forwarding](https://protonvpn.com/support/port-forwarding/) remoto solo su Windows, il che potrebbe impattare alcune applicazioni. In particolare le applicazioni Peer-to-peer come i client Torrent. - -??? success "Client mobile" - - In aggiunta ai file di configurazione OpenVPN standard, Proton VPN fornisce client per i dispositivi mobili su [App Store](https://apps.apple.com/it/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl_it)e [GitHub](https://github.com/ProtonVPN/android-app/releases), permettendo connessioni facili ai loro server. - -??? info "Funzionalità aggiuntive" - - I client Proton VPN supportano l'autenticazione a due fattori su tutte le piattaforme, ad eccezione di Linux, al momento. Proton VPN ha i propri server e datacenter in Svizzera, Islanda e Svezia. Offrono il blocco delle pubblicità e dei domini malware noti mediante il loro servizio DNS. Inoltre, Proton VPN offre server "Tor" permettendoti di connetterti facilmente ai siti onion; consigliamo fortemente di utilizzare il [browser Tor ufficiale](https://www.torproject.org/) per questo scopo. - -!!! danger "La funzione Killswitch non funziona sui Mac con processori Intel" - - Si possono verificare arresti anomali del sistema (https://protonvpn.com/support/macos-t2-chip-kill-switch/) sui Mac basati su Intel quando si utilizza il killswitch VPN. Se hai bisogno di questa funzione e utilizzi un Mac con chipset Intel, dovresti considerare l'utilizzo di un altro servizio VPN. +I fornitori che consigliamo utilizzano la crittografia, accettano Monero, supportano WireGuard & OpenVPN e applicano una politica di non registrazione del traffico. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Trova un operatore VPN che non si occupi di leggere o vendere il tuo traffico we - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 paesi" +#### :material-check:{ .pg-green } 35 Countries - IVPN ha [server in 35 paesi](https://www.ivpn.net/server-locations) (1). Scegliere un provider VPN con un server più vicino a voi ridurrà la latenza del traffico di rete inviato. Ciò è dovuto al fatto che il percorso verso la destinazione è più breve (meno hop). - - Riteniamo inoltre che sia meglio per la sicurezza della chiave privata del provider VPN se utilizza [server dedicati](https://en.wikipedia.org/wiki/Dedicated_hosting_service), invece che soluzioni condivise (con altri clienti) più economiche, come un [virtual private server (VPS)](https://it.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Ciò è dovuto al fatto che il percorso verso la destinazione è più breve (meno hop). +{ .annotate } 1. Ultimo controllo: 16-09-2022 -??? success "Audit indipendente" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN è stato sottoposto a un [audit no-logging da parte di Cure53](https://cure53.de/audit-report_ivpn.pdf), che si è concluso in accordo con l'affermazione no-logging di IVPN. IVPN ha anche completato un [rapporto pentest completo Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) nel gennaio 2020. IVPN ha dichiarato di avere in programma [rapporti annuali](https://www.ivpn.net/blog/independent-security-audit-concluded) in futuro. Un'ulteriore ispezione è stata condotta [nell'aprile 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) ed è stata resa pubblica da Cure53 [sul loro sito web](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Client Open-Source" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - Da febbrario del 2020, le [applicazioni di IVPN sono open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Il codice sorgente può essere ottenuto dalla loro [organizzazione GitHub](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accetta contanti e Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - Oltre ad accettare carte di credito/debito e PayPal, IVPN accetta pagamenti in Bitcon, **Monero** e **contanti/valuta locale** (su piani annuali) come forma di pagamento anonima. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "Supporto WireGuard" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supporta il protocollo WireGuard®. [WireGuard](https://www.wireguard.com) è un protocollo più recente che utilizza una [cryptography](https://www.wireguard.com/protocol/) di ultima generazione. Inoltre, WireGuard mira a essere più semplice e performante. - - IVPN [recommends](https://www.ivpn.net/wireguard/) l'uso di WireGuard con il loro servizio e, come tale, il protocollo è predefinito su tutte le app IVPN. IVPN inoltre offre un generatore di configurazioni WireGuard per l'uso con le [app](https://www.wireguard.com/install/) ufficiali del protocollo. +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supporta il protocollo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Inoltre, WireGuard mira a essere più semplice e performante. - Il [port forwarding](https://it.wikipedia.org/wiki/Port_forwarding) remoto è possibile con un piano Pro. Il port forwarding [può essere attivato](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) mediante il client. Il port forwarding è disponibile solo su IVPN quando si utilizzano protocolli WireGuard o OpenVPN ed è [disabilitato sui server statunitensi](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Client mobile" +#### :material-check:{ .pg-green } Remote Port Forwarding - In aggiunta ai file di configurazione OpenVPN standard, IVPN fornisce client per i dispositivi mobili su [App Store](https://apps.apple.com/it/app/ivpn-serious-privacy-protection/id1193122683), [Google Play] e [GitHub](https://github.com/ivpn/android-app/releases)(https://play.google.com/store/apps/details?id=net.ivpn.client), permettendo connessioni facili ai loro server. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Funzionalità aggiuntive" +#### :material-check:{ .pg-green } Mobile Clients - I client IVPN supportano l'autenticazione a due fattori (i client Mullvad no). IVPN inoltre fornisce la funzionalità "[AntiTracker](https://www.ivpn.net/antitracker)", la quale blocca le reti pubblicitarie e i tracker a livello di rete. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +I client IVPN supportano l'autenticazione a due fattori (i client Mullvad no). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Trova un operatore VPN che non si occupi di leggere o vendere il tuo traffico we - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 paesi" +#### :material-check:{ .pg-green } 41 Countries - Mullvad ha [server in 41 paesi](https://mullvad.net/servers/) (1). Scegliere un provider VPN con un server più vicino a voi ridurrà la latenza del traffico di rete inviato. Ciò è dovuto al fatto che il percorso verso la destinazione è più breve (meno hop). - - Riteniamo inoltre che sia meglio per la sicurezza della chiave privata del provider VPN se utilizza [server dedicati](https://en.wikipedia.org/wiki/Dedicated_hosting_service), invece che soluzioni condivise (con altri clienti) più economiche, come un [virtual private server (VPS)](https://it.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Ciò è dovuto al fatto che il percorso verso la destinazione è più breve (meno hop). +{ .annotate } 1. Ultimo controllo: 19-01-2023 -??? success "Audit indipendente" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - I client VPN di Mullvad sono stati revisionati da Cure53 e Assured AB in un rapporto di pentest [pubblicato su cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). I ricercatori di sicurezza hanno concluso che: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. Con la dedizione alla sicurezza del team interno al complesso Mullvad VPN, i tester non hanno dubbi riguardo alla giusta direzione del progetto da un punto di vista della sicurezza. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] L'ecosistema applicativo complessivo utilizzato da Mullvad lascia un'impressione solida e strutturata. La struttura complessiva dell'applicazione rende facile l'introduzione di patch e correzioni in modo strutturato. Più di ogni altra cosa, i risultati individuati da Cure53 mostrano l'importanza di controllare e rivalutare costantemente gli attuali vettori di fuga, al fine di garantire sempre la privacy degli utenti finali. Detto questo, Mullvad fa un ottimo lavoro nel proteggere l'utente finale dalle comuni perdite di informazioni d'identificazione personale e i relativi rischi legati alla privacy. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. Accettano inoltre Swish e bonifici bancari. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supporta il protocollo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Inoltre, WireGuard mira a essere più semplice e performante. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. Questo per evitare che Mullvad possa identificarti in base all'utilizzo della porta e alle informazioni di abbonamento memorizzate. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure 53 e Assured AB sono soddisfatte dai risultati della verifica e il software lascia un'impressione complessivamente positiva. Con la dedizione alla sicurezza del team interno al complesso Mullvad VPN, i tester non hanno dubbi riguardo alla giusta direzione del progetto da un punto di vista della sicurezza. + **Proton VPN** è un forte concorrente nello spazio VPN ed è attivo dal 2016. Proton AG ha sede in Svizzera e offre un livello gratuito limitato, così come un'opzione premium più ricca di funzioni. - Nel 2020, un secondo audit [è stato annunciato](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) e il [rapporto finale](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) è stato reso disponibile nel sito web di Cure53: + **Gratuito** — **Piano Plus da 71,88€ all'anno** (1) - > I risultati di questo progetto del periodo maggio-giugno del 2020, riguardante il complesso di Mullvad, sono risultati piuttosto positivi. [...] L'ecosistema applicativo complessivo utilizzato da Mullvad lascia un'impressione solida e strutturata. La struttura complessiva dell'applicazione rende facile l'introduzione di patch e correzioni in modo strutturato. Più di ogni altra cosa, i risultati individuati da Cure53 mostrano l'importanza di controllare e rivalutare costantemente gli attuali vettori di fuga, al fine di garantire sempre la privacy degli utenti finali. Detto questo, Mullvad fa un ottimo lavoro nel proteggere l'utente finale dalle comuni perdite di informazioni d'identificazione personale e i relativi rischi legati alla privacy. + [:octicons-home-16: Pagina principale](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Informativa sulla privacy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentazione} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Codice sorgente" } downloads - Nel 2021, [è stato annunciato](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) un audit dell'infrastruttura e il [rapporto finale](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) è stato reso disponibile sul sito web di Cure53. Un altro rapporto è stato commissionato [nel giugno 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) ed è disponibile sul [sito web di Assured](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Client Open-Source" +#### :material-check:{ .pg-green } 67 Countries - Mullvad rende disponibile il codice sorgente per i loro client desktop e per dispositivi mobili nella loro [organizzazione GitHub](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Ciò è dovuto al fatto che il percorso verso la destinazione è più breve (meno hop). +{ .annotate } -??? success "Accetta contanti e Monero" +1. Ultimo controllo: 16-09-2022 - Oltre ad accettare carte di credito/debito e PayPal, Mullvad accetta pagamenti in Bitcon, Bitcoin Cash, **Monero** e **contanti/valuta locale** come forma di pagamento anonima. Accettano inoltre Swish e bonifici bancari. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "Supporto WireGuard" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supporta il protocollo WireGuard®. [WireGuard](https://www.wireguard.com) è un protocollo più recente che utilizza una [cryptography](https://www.wireguard.com/protocol/) di ultima generazione. Inoltre, WireGuard mira a essere più semplice e performante. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) l'utilizzo di WireGuard con il loro servizio. È il protocollo unico e predefinito nelle applicazioni su Android, iOS, macOS e Linux, mentre su Windows WireGuard va [attivato manualmente](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/). Mullvad offre un generatore di configurazioni WireGuard per l'uso con le [apps](https://www.wireguard.com/install/) ufficiali del protocollo. +Nel mese di gennaio del 2020, Proton VPN è stato sottoposto ad un audit indipendente da parte di SEC Consult. SEC Consult ha riscontrato alcune vulnerabilità di basso e medio rischio nelle applicazioni di Windows, Android e iOS, le quali sono state "adeguatamente risolte" da Proton VPN prima della pubblicazione dei rapporti. Nessuno dei problemi identificati avrebbe potuto garantire a un hacker di accedere da remoto al tuo dispositivo o al tuo traffico. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "Supporto IPv6" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supporta il futuro del networking [IPv6](https://it.wikipedia.org/wiki/IPv6). La loro rete ti permette di [accedere a servizi che utilizzano IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/), al contrario degli altri provider, che bloccano le connessioni IPv6. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Il [port forwarding](https://it.wikipedia.org/wiki/Port_forwarding) remoto è possibile per utenti che eseguono pagamenti una tantum, ma non per gli account con un metodo di pagamento ricorrente/sottoscrizione. Questo per evitare che Mullvad possa identificarti in base all'utilizzo della porta e alle informazioni di abbonamento memorizzate. Per ulteriori informazioni, vedere [port forwarding con Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/). +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Client mobile" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad ha pubblicato i client su [App Store](https://apps.apple.com/it/app/mullvad-vpn/id1488466513) e [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), entrambi supportano un'interfaccia facile da usare, invece che richiederti di configurare manualmente la tua connnesione WireGuard. Il client Android è disponibile anche su [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN supporta principalmente il protocollo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Inoltre, WireGuard mira a essere più semplice e performante. -??? info "Funzionalità aggiuntive" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad è molto trasparente su quali nodi [possiede o fitta](https://mullvad.net/en/servers/). Utilizzano [ShadowSocks](https://shadowsocks.org/) nella loro configurazione ShadowSocks + OpenVPN, rendendoli più resistenti ai firewall con [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) che cercano di bloccare le VPN. A quanto pare, [la Cina deve utilizzare un metodo diverso per bloccare i server ShadowSocks](https://github.com/net4people/bbs/issues/22). Il sito web di Mullvad è inoltre accessibile mediante Tor presso [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. In particolare le applicazioni Peer-to-peer come i client Torrent. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +I client Proton VPN supportano l'autenticazione a due fattori su tutte le piattaforme, ad eccezione di Linux, al momento. Proton VPN ha i propri server e datacenter in Svizzera, Islanda e Svezia. Offrono il blocco delle pubblicità e dei domini malware noti mediante il loro servizio DNS. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. Se hai bisogno di questa funzione e utilizzi un Mac con chipset Intel, dovresti considerare l'utilizzo di un altro servizio VPN. ## CryptPad @@ -255,13 +261,13 @@ Preferiamo che i provider da noi consigliati raccolgano il minor numero di dati **Requisiti minimi:** -- Opzione di pagamento in contanti o in Monero. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - Nessuna informazione personale richiesta per registrarsi: solo nome utente, password ed e-mail al massimo. **Caso migliore:** -- Accetta Monero, contanti e altre forme di pagamento anonimo (carte regalo, etc.) -- Nessuna informazione personale richiesta (nome utente autogenerato, nessuna e-mail richiesta, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Sicurezza @@ -273,7 +279,7 @@ Una VPN è inutile se non è nemmeno in grado di fornire una sicurezza adeguata. - Perfect Forward Secrecy (PFS). - Audit sulla sicurezza pubblicati da un'azienda terza affidabile. -**Caso migliore:** +**Best Case:** - Crittografia più forte: RSA-4096. - Perfect Forward Secrecy (PFS). @@ -288,7 +294,7 @@ Non affideresti le tue finanze a qualcuno con un'identità falsa, quindi perché - Dirigenza o proprietà pubblica. -**Caso migliore:** +**Best Case:** - Dirigenza pubblica. - Rapporti di trasparenza frequenti. @@ -319,5 +325,3 @@ Il marketing responsabile, che è sia educativo che utile per il consumatore, po ### Funzionalità aggiuntive Anche se non requisiti rigidi, ci sono alcuni fattori che abbiamo considerato nel determinare quali servizi consigliare. Tra questi ci sono funzionalità di blocco dei tracker e delle pubblicità, canarini di garanzia, connessioni multihop, eccellenza nell'assistenza clienti, numero di connessioni simultanee consentite, ecc. - ---8<-- "includes/abbreviations.it.txt" diff --git a/i18n/ku/404.md b/i18n/ku/404.md new file mode 100644 index 00000000..d0ab82f6 --- /dev/null +++ b/i18n/ku/404.md @@ -0,0 +1,19 @@ +--- +hide: + - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" +--- + +# ٤٠٤ - نەدۆزرایەوە + +نەمانتوانی ئەو پەڕەیە بدۆزینەوە کە بەدوایدا دەگەڕایت! لەوانەیە تۆ بەدوای یەکێک لەمانەدا بگەڕێیت؟ + +- [پێشەکی بۆ مۆدێلی هەڕەشە](basics/threat-modeling.md) +- [دابینکەرانی DNSـی پێشنیارکراو](dns.md) +- [باشترین وێبگەڕانی کۆمپیوتەر](desktop-browsers.md) +- [باشترین دابینکەرانی VPN](vpn.md) +- [سەکۆی Privacy Guides](https://discuss.privacyguides.net) +- [بڵۆگەکەنان](https://blog.privacyguides.org) diff --git a/i18n/ku/CODE_OF_CONDUCT.md b/i18n/ku/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..88a0e910 --- /dev/null +++ b/i18n/ku/CODE_OF_CONDUCT.md @@ -0,0 +1,53 @@ +# Community Code of Conduct + +**We pledge** to make our community a harassment-free experience for everyone. + +**We strive** to create a positive environment, using welcoming and inclusive language, and being respectful of the viewpoints of others. + +**We do not allow** inappropriate or otherwise unacceptable behavior, such as sexualized language, trolling and insulting comments, or otherwise promoting intolerance or harassment. + +## Community Standards + +What we expect from members of our communities: + +1. **Don't spread misinformation** + + We are creating an evidence-based educational community around information privacy and security, not a home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence. + +1. **Don't abuse our willingness to help** + + Our community members are not your free tech support. We are happy to help you with specific steps on your privacy journey if you are willing to put in effort on your end. We are not willing to answer endlessly repeated questions about generic computer problems you could have answered yourself with a 30-second internet search. Don't be a [help vampire](https://slash7.com/2006/12/22/vampires/). + +1. **Behave in a positive and constructive manner** + + Examples of behavior that contributes to a positive environment for our community include: + + - Demonstrating empathy and kindness toward other people + - Being respectful of differing opinions, viewpoints, and experiences + - Giving and gracefully accepting constructive feedback + - Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience + - Focusing on what is best not just for us as individuals, but for the overall community + +### Unacceptable Behavior + +The following behaviors are considered harassment and are unacceptable within our community: + +- The use of sexualized language or imagery, and sexual attention or advances of any kind +- Trolling, insulting or derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or email address, without their explicit permission +- Other conduct which could reasonably be considered inappropriate in a professional setting + +## Scope + +Our Code of Conduct applies within all project spaces, as well as when an individual is representing the Privacy Guides project in other communities. + +We are responsible for clarifying the standards of our community, and have the right to remove or alter the comments of those participating within our community, as necessary and at our discretion. + +### Contact + +If you observe a problem on a platform like Matrix or Reddit, please contact our moderators on that platform in chat, via DM, or through any designated "Modmail" system. + +If you have a problem elsewhere, or a problem our community moderators are unable to resolve, reach out to `jonah@privacyguides.org` and/or `dngray@privacyguides.org`. + +All community leaders are obligated to respect the privacy and security of the reporter of any incident. diff --git a/i18n/ku/about/criteria.md b/i18n/ku/about/criteria.md new file mode 100644 index 00000000..3084230b --- /dev/null +++ b/i18n/ku/about/criteria.md @@ -0,0 +1,40 @@ +--- +title: General Criteria +--- + +!!! example "Work in Progress" + + The following page is a work in progress, and does not reflect the full criteria for our recommendations at this time. Past discussion on this topic: [#24](https://github.com/privacyguides/privacyguides.org/discussions/24) + +Below are some things that must apply to all submissions to Privacy Guides. Each category will have additional requirements for inclusion. + +## Financial Disclosure + +We do not make money from recommending certain products, we do not use affiliate links, and we do not provide special consideration to project donors. + +## General Guidelines + +We apply these priorities when considering new recommendations: + +- **Secure**: Tools should follow security best-practices wherever applicable. +- **Source Availability**: Open source projects are generally preferred over equivalent proprietary alternatives. +- **Cross-Platform**: We typically prefer recommendations to be cross-platform, to avoid vendor lock-in. +- **Active Development**: The tools that we recommend should be actively developed, unmaintained projects will be removed in most cases. +- **Usability**: Tools should be accessible to most computer users, an overly technical background should not be required. +- **Documented**: Tools should have clear and extensive documentation for use. + +## Developer Self-Submissions + +We have these requirements in regard to developers which wish to submit their project or software for consideration. + +- Must disclose affiliation, i.e. your position within the project being submitted. + +- Must have a security whitepaper if it is a project that involves handling of sensitive information like a messenger, password manager, encrypted cloud storage etc. + - Third party audit status. We want to know if you have one, or have one planned. If possible please mention who will be conducting the audit. + +- Must explain what the project brings to the table in regard to privacy. + - Does it solve any new problem? + - Why should anyone use it over the alternatives? + +- Must state what the exact threat model is with their project. + - It should be clear to potential users what the project can provide, and what it cannot. diff --git a/i18n/ku/about/donate.md b/i18n/ku/about/donate.md new file mode 100644 index 00000000..8accd67a --- /dev/null +++ b/i18n/ku/about/donate.md @@ -0,0 +1,50 @@ +--- +title: Supporting Us +--- + + +It takes a lot of [people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) and [work](https://github.com/privacyguides/privacyguides.org/pulse/monthly) to keep Privacy Guides up to date and spreading the word about privacy and mass surveillance. If you like what we do, consider getting involved by [editing the site](https://github.com/privacyguides/privacyguides.org) or [contributing translations](https://crowdin.com/project/privacyguides). + +If you want to support us financially, the most convenient method for us is contributing via Open Collective, a website operated by our fiscal host. Open Collective accepts payments via credit/debit card, PayPal, and bank transfers. + +[Donate on OpenCollective.com](https://opencollective.com/privacyguides/donate ""){.md-button.md-button--primary} + +Donations made directly to us on Open Collective are generally tax-deductible in the US, because our fiscal host (the Open Collective Foundation) is a registered 501(c)3 organization. You will receive a receipt from the Open Collective Foundation after donating. Privacy Guides does not provide financial advice, and you should contact your tax advisor to find out whether this is applicable to you. + +If you already make use of GitHub sponsorships, you can also sponsor our organization there. + +[Sponsor us on GitHub](https://github.com/sponsors/privacyguides ""){.md-button} + +## Backers + +A special thanks to all those who support our mission! :heart: + +*Please note: This section loads a widget directly from Open Collective. This section does not reflect donations made outside of Open Collective, and we have no control over the specific donors featured in this section.* + + + +## How We Use Donations + +Privacy Guides is a **non-profit** organization. We use donations for a variety of purposes, including: + +**Domain Registrations** +: + +We have a few domain names like `privacyguides.org` which cost us around $10 yearly to maintain their registration. + +**Web Hosting** +: + +Traffic to this website uses hundreds of gigabytes of data per month, we use a variety of service providers to keep up with this traffic. + +**Online Services** +: + +We host [internet services](https://privacyguides.net) for testing and showcasing different privacy-products we like and [recommend](../tools.md). Some of which are made publicly available for our community's use (SearXNG, Tor, etc.), and some are provided for our team members (email, etc.). + +**Product Purchases** +: + +We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). + +We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). diff --git a/i18n/ku/about/index.md b/i18n/ku/about/index.md new file mode 100644 index 00000000..619406fe --- /dev/null +++ b/i18n/ku/about/index.md @@ -0,0 +1,89 @@ +--- +template: schema.html +title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. +--- + +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } + +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. + +## Our Team + +??? person "@jonah" + + - [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/jonah) + - [:simple-github: GitHub](https://github.com/jonaharagon "@jonaharagon") + - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@jonah "@jonah@neat.computer"){rel=me} + - [:fontawesome-solid-house: Homepage](https://www.jonaharagon.com) + +??? person "@niek-de-wilde" + + - [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/Niek-de-Wilde) + - [:simple-github: GitHub](https://github.com/blacklight447 "@blacklight447") + - [:simple-mastodon: Mastodon](https://mastodon.social/@blacklight447 "@blacklight447@mastodon.social"){rel=me} + +??? person "@dngray" + + - [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/dngray) + - [:simple-github: GitHub](https://github.com/dngray "@dngray") + - [:simple-mastodon: Mastodon](https://mastodon.social/@dngray "@dngray@mastodon.social"){rel=me} + - [:fontawesome-solid-envelope: Email](mailto:dngray@privacyguides.org) + +??? person "@freddy" + + - [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/freddy) + - [:simple-github: GitHub](https://github.com/freddy-m "@freddy-m") + - [:simple-mastodon: Mastodon](https://social.lol/@freddy "@freddy@social.lol"){rel=me} + - [:fontawesome-solid-envelope: Email](mailto:freddy@privacyguides.org) + - [:fontawesome-solid-house: Homepage](https://freddy.omg.lol) + +??? person "@mfwmyfacewhen" + + - [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/mfwmyfacewhen) + - [:simple-github: GitHub](https://github.com/mfwmyfacewhen "@mfwmyfacewhen") + - [:fontawesome-solid-house: Homepage](https://mfw.omg.lol) + +??? person "@olivia" + + - [:simple-discourse: Discourse](https://discuss.privacyguides.net/u/olivia) + - [:simple-github: GitHub](https://github.com/hook9 "@hook9") + - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} + +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). + +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. + +## Site License + +*The following is a human-readable summary of (and not a substitute for) the [license](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE):* + +:fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. + +This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! diff --git a/i18n/ku/about/notices.md b/i18n/ku/about/notices.md new file mode 100644 index 00000000..bb32edd5 --- /dev/null +++ b/i18n/ku/about/notices.md @@ -0,0 +1,43 @@ +--- +title: "Notices and Disclaimers" +hide: + - toc +--- + +## Legal Disclaimer + +Privacy Guides is not a law firm. As such, the Privacy Guides website and contributors are not providing legal advice. The material and recommendations in our website and guides do not constitute legal advice nor does contributing to the website or communicating with Privacy Guides or other contributors about our website create an attorney-client relationship. + +Running this website, like any human endeavor, involves uncertainty and trade-offs. We hope this website helps, but it may include mistakes and can’t address every situation. If you have any questions about your situation, we encourage you to do your own research, seek out other experts, and engage in discussions with the Privacy Guides community. If you have any legal questions, you should consult with your own legal counsel before moving forward. + +Privacy Guides is an open source project contributed to under licenses that include terms that, for the protection of the website and its contributors, make clear that the Privacy Guides project and website is offered "as-is", without warranty, and disclaiming liability for damages resulting from using the website or any recommendations contained within. Privacy Guides does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on the website or otherwise relating to such materials on the website or on any third-party sites linked on this site. + +Privacy Guides additionally does not warrant that this website will be constantly available, or available at all. + +## Licenses + +Unless otherwise noted, all content on this website is made available under the terms of the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). + +This does not include third-party code embedded in this repository, or code where a superseding license is otherwise noted. The following are notable examples, but this list may not be all-inclusive: + +* [MathJax](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/mathjax.js) is licensed under the [Apache License 2.0](https://github.com/privacyguides/privacyguides.org/blob/main/docs/assets/javascripts/LICENSE.mathjax.txt). + +Portions of this notice itself were adopted from [opensource.guide](https://github.com/github/opensource.guide/blob/master/notices.md) on GitHub. That resource and this page itself are released under [CC-BY-4.0](https://github.com/github/opensource.guide/blob/master/LICENSE). + +This means that you can use the human-readable content in this repository for your own project, per the terms outlined in the Creative Commons Attribution-NoDerivatives 4.0 International Public License text. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. You **may not** use the Privacy Guides branding in your own project without express approval from this project. Privacy Guides's brand trademarks include the "Privacy Guides" wordmark and shield logo. + +We believe that the logos and other images in `assets` obtained from third-party providers are either in the public domain or **fair use**. In a nutshell, legal [fair use doctrine](https://www.copyright.gov/fair-use/more-info.html) allows the use of copyrighted images in order to identify the subject matter for purposes of public comment. However, these logos and other images may still be subject to trademark laws in one or more jurisdictions. Before using this content, please ensure that it is used to identify the entity or organization that owns the trademark and that you have the right to use it under the laws which apply in the circumstances of your intended use. *When copying content from this website, you are solely responsible for ensuring that you do not infringe someone else's trademark or copyright.* + +When you contribute to this repository you are doing so under the above licenses, and you are granting Privacy Guides a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute your contribution as part of our project. + +## Acceptable Use + +You may not use this website in any way that causes or may cause damage to the website or impairment of the availability or accessibility of Privacy Guides, or in any way which is unlawful, illegal, fraudulent, harmful, or in connection with any unlawful, illegal, fraudulent, or harmful purpose or activity. + +You must not conduct any systematic or automated data collection activities on or in relation to this website without express written consent, including: + +* Excessive Automated Scans +* Denial of Service Attacks +* Scraping +* Data Mining +* 'Framing' (IFrames) diff --git a/i18n/ku/about/privacy-policy.md b/i18n/ku/about/privacy-policy.md new file mode 100644 index 00000000..f83197fa --- /dev/null +++ b/i18n/ku/about/privacy-policy.md @@ -0,0 +1,61 @@ +--- +title: "سیاسەتی تایبەتێتـی" +--- + +Privacy Guides is a community project operated by a number of active volunteer contributors. The public list of team members [can be found on GitHub](https://github.com/orgs/privacyguides/people). + +## Data We Collect From Visitors + +The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to our website: + +- No personal information is collected +- No information such as cookies are stored in the browser +- No information is shared with, sent to or sold to third-parties +- No information is shared with advertising companies +- No information is mined and harvested for personal and behavioral trends +- No information is monetized + +You can view the data we collect on our [statistics](statistics.md) page. + +We run a self-hosted installation of [Plausible Analytics](https://plausible.io) to collect some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected. + +Data collected includes referral sources, top pages, visit duration, information from the devices (device type, operating system, country and browser) used during the visit and more. You can learn more about how Plausible works and collects information in a privacy-respecting manner [here](https://plausible.io/data-policy). + +## Data We Collect From Account Holders + +On some websites and services we provide, many features may require an account. For example, an account may be required to post and reply to topics on a forum platform. + +To sign up for most accounts, we will collect a name, username, email, and password. In the event a website requires more information than just that data, that will be clearly marked and noted in a separate privacy statement per-site. + +We use your account data to identify you on the website and to create pages specific to you, such as your profile page. We will also use your account data to publish a public profile for you on our services. + +We use your email to: + +- Notify you about posts and other activity on the websites or services. +- Reset your password and help keep your account secure. +- Contact you in special circumstances related to your account. +- Contact you about legal requests, such as DMCA takedown requests. + +On some websites and services you may provide additional information for your account, such as a short biography, avatar, your location, or your birthday. We make that information available to everyone who can access the website or service in question. This information is not required to use any of our services and can be erased at any time. + +We will store your account data as long as your account remains open. After closing an account, we may retain some or all of your account data in the form of backups or archives for up to 90 days. + +## Contacting Us + +The Privacy Guides team generally does not have access to personal data outside of limited access granted via some moderation panels. Inquiries regarding your personal information should be sent directly to: + +```text +Jonah Aragon +Services Administrator +jonah@privacyguides.org +``` + +For all other inquiries, you can contact any member of our team. + +For complaints under GDPR more generally, you may lodge complaints with your local data protection supervisory authorities. In France it's the Commission Nationale de l'Informatique et des Libertés which take care and handle the complaints. They provide a [template of complaint letter](https://www.cnil.fr/en/plaintes) to use. + +## About This Policy + +We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. + +A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. diff --git a/i18n/ku/about/privacytools.md b/i18n/ku/about/privacytools.md new file mode 100644 index 00000000..515c21f5 --- /dev/null +++ b/i18n/ku/about/privacytools.md @@ -0,0 +1,118 @@ +--- +title: "PrivacyTools FAQ" +--- + +# Why we moved on from PrivacyTools + +In September 2021, every active contributor unanimously agreed to move from PrivacyTools to work on this site: Privacy Guides. This decision was made because PrivacyTools’ founder and controller of the domain name had disappeared for an extended period of time and could not be contacted. + +Having built a reputable site and set of services on PrivacyTools.io, this caused grave concerns for the future of PrivacyTools, as any future disruption could wipe out the entire organization with no recovery method. This transition was communicated to the PrivacyTools community many months in advance via a variety of channels including its blog, Twitter, Reddit, and Mastodon to ensure the entire process went as smoothly as possible. We did this to ensure nobody was kept in the dark, which has been our modus operandi since our team was created, and to make sure Privacy Guides was recognized as the same reliable organization that PrivacyTools was before the transition. + +After the organizational move was completed, the founder of PrivacyTools returned and began to spread misinformation about the Privacy Guides project. They continue to spread misinformation in addition to operating a paid link farm on the PrivacyTools domain. We are creating this page to clear up any misconceptions. + +## What is PrivacyTools? + +PrivacyTools was created in 2015 by "BurungHantu," who wanted to make a privacy information resource - helpful tools following the Snowden revelations. The site grew into a flourishing open-source project with [many contributors](https://github.com/privacytools/privacytools.io/graphs/contributors), some eventually given various organizational responsibilities, such as operating online services like Matrix and Mastodon, managing and reviewing changes to the site on GitHub, finding sponsors for the project, writing blog posts and operating social media outreach platforms like Twitter, etc. + +Beginning in 2019, BurungHantu grew more and more distant from the active development of the website and communities, and began delaying payments he was responsible for related to the servers we operated. To avoid having our system administrator pay server costs out of their own pocket, we changed the donation methods listed on the site from BurungHantu's personal PayPal and crypto accounts to a new OpenCollective page on [October 31, 2019](https://web.archive.org/web/20210729184557/https://blog.privacytools.io/privacytools-io-joins-the-open-collective-foundation/). This had the added benefits of making our finances completely transparent, a value we strongly believe in, and tax-deductible in the United States, because they were being held by the Open Collective Foundation 501(c)3. This change was unanimously agreed upon by the team and went uncontested. + +## Why We Moved On + +In 2020, BurungHantu's absence grew much more noticeable. At one point, we required the domain's nameservers to be changed to nameservers controlled by our system administrator to avoid future disruption, and this change was not completed for over a month after the initial request. He would disappear from the public chat and private team chat rooms on Matrix for months at a time, occasionally popping in to give some small feedback or promise to be more active before disappearing once again. + +In October 2020, the PrivacyTools system administrator (Jonah) [left](https://web.archive.org/web/20210729190742/https://blog.privacytools.io/blacklight447-taking-over/) the project because of these difficulties, handing control to another long-time contributor. Jonah had been operating nearly every PrivacyTools service and acting as the *de facto* project lead for website development in BurungHantu's absence, thus his departure was a significant change to the organization. At the time, because of these significant organizational changes, BurungHantu promised the remaining team he would return to take control of the project going forward. ==The PrivacyTools team reached out via several communication methods over the following months, but did not receive any response.== + +## Domain Name Reliance + +At the beginning of 2021, the PrivacyTools team grew worried about the future of the project, because the domain name was set to expire on 1st March 2021. The domain was ultimately renewed by BurungHantu with no comment. + +The team’s concerns were not addressed, and we realized this would be a problem every year: If the domain expired it would have allowed it to be stolen by squatters or spammers, thus ruining the organization's reputation. We also would have had trouble reaching the community to inform them of what took place. + +Without being in any contact with BurungHantu, we decided the best course of action would be to move to a new domain name while we still had guaranteed control over the old domain name, sometime before March 2022. This way, we would be able to cleanly redirect all PrivacyTools resources to the new site without any interruption in service. This decision was made many months in advance and communicated to the entire team in the hopes that BurungHantu would reach out and assure his continued support for the project, because with a recognizable brand name and large communities online, moving away from "PrivacyTools" was the least desirable possible outcome. + +In mid-2021 the PrivacyTools team reached out to Jonah, who agreed to rejoin the team to help with the transition. + +## Community Call to Action + +At the end of July 2021, we [informed](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) the PrivacyTools community of our intention to choose a new name and continue the project on a new domain, to be [chosen](https://web.archive.org/web/20210729190935/https://aragon.cloud/apps/forms/cMPxG9KyopapBbcw) on 2nd August 2022. In the end, "Privacy Guides" was selected, with the `privacyguides.org` domain already owned by Jonah for a side-project from 2020 that went undeveloped. + +## Control of r/privacytoolsIO + +Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website's development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted "Full Control" privileges. u/trai_dep was the only active moderator at the time, and [posted](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) a request to Reddit's administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit. + +Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms. + +> If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer. +> +> r/redditrequest is Reddit's way of making sure communities have active moderators and is part of the [Moderator Code of Conduct](https://www.redditinc.com/policies/moderator-code-of-conduct). + +## Beginning the Transition + +On September 14th, 2021, we [announced](https://www.privacyguides.org/blog/2021/09/14/welcome-to-privacy-guides/) the beginning of our migration to this new domain: + +> [...] we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to www.privacyguides.org, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc. + +This change [entailed:](https://www.reddit.com/r/PrivacyGuides/comments/pnhn4a/rprivacyguides_privacyguidesorg_what_you_need_to/) + +- Redirecting www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). +- Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site. +- Posting announcements to our subreddit and various other communities informing people of the official change. +- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible. + +Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped. + +## Following Events + +Roughly a week following the transition, BurungHantu returned online for the first time in nearly a year, however nobody on our team was willing to return to PrivacyTools because of his historic unreliability. Rather than apologize for his prolonged absence, he immediately went on the offensive and positioned the transition to Privacy Guides as an attack against him and his project. He subsequently [deleted](https://www.reddit.com/r/privacytoolsIO/comments/pp9yie/comment/hd49wbn) many of these posts when it was pointed out by the community that he had been absent and abandoned the project. + +At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible). + +Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) at the beginning of October, ending any migration possibilities to any users still using those services. + +Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so. + +BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim. + +## PrivacyTools.io Now + +As of September 25th 2022 we are seeing BurungHantu's overall plans come to fruition on privacytools.io, and this is the very reason we decided to create this explainer page today. The website he is operating appears to be a heavily SEO-optimized version of the site which recommends tools in exchange for financial compensation. Very recently, IVPN and Mullvad, two VPN providers near-universally [recommended](../vpn.md) by the privacy community and notable for their stance against affiliate programs were removed from PrivacyTools. In their place? NordVPN, Surfshark, ExpressVPN, and hide.me; Giant VPN corporations with untrustworthy platforms and business practices, notorious for their aggressive marketing and affiliate programs. + +==**PrivacyTools has become exactly the type of site we [warned against](https://web.archive.org/web/20210729205249/https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews/) on the PrivacyTools blog in 2019.**== We've tried to keep our distance from PrivacyTools since the transition, but their continued harassment towards our project and now their absurd abuse of the credibility their brand gained over 6 years of open source contributions is extremely troubling to us. Those of us actually fighting for privacy are not fighting against each other, and are not getting our advice from the highest bidder. + +## r/privacytoolsIO Now + +After the launch of [r/PrivacyGuides](https://www.reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://www.reddit.com/r/privacytoolsIO/comments/qk7qrj/a_new_era_why_rptio_is_now_a_restricted_sub/) a restricted sub in a post on November 1st, 2021: + +> [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you. +> +> A Subreddit is a great deal of work to administer and moderate. Like a garden, it requires patient tending and daily care. It’s not a task for dilettantes or commitment-challenged people. It can’t thrive under a gardener who abandons it for several years, then shows up demanding this year’s harvest as their tribute. It’s unfair to the team formed years ago. It’s unfair to you. [...] + +Subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides. + +In the months since, BurungHantu has threatened and begged for returning subreddit control to his account in [violation](https://www.reddit.com/r/redditrequest/wiki/top_mod_removal/) of Reddit rules: + +> Retaliation from any moderator with regards to removal requests is disallowed. + +For a community with many thousands of remaining subscribers, we feel that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Preserving the years of past discussions in that community is more important to us, and thus u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is. + +## OpenCollective Now + +Our fundraising platform, OpenCollective, is another source of contention. Our position is that OpenCollective was put in place by our team and managed by our team to fund services we currently operate and which PrivacyTools no longer does. We [reached out](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides) to all of our donors regarding our move to Privacy Guides, and we were unanimously supported by our sponsors and community. + +Thus, the funds in OpenCollective belong to Privacy Guides, they were given to our project, and not the owner of a well known domain name. In the announcement made to donors on September 17th, 2021, we offered refunds to any donor who disagrees with the stance we took, but nobody has taken us up on this offer: + +> If any sponsors or backers disagree with or feel misled by these recent events and would like to request a refund given these highly unusual circumstances, please get in touch with our project admin by emailing jonah@triplebit.net. + +## Further Reading + +This topic has been discussed extensively within our communities in various locations, and it seems likely that most people reading this page will already be familiar with the events leading up to the move to Privacy Guides. Some of our previous posts on the matter may have extra detail we omitted here for brevity. They have been linked below for the sake of completion. + +- [June 28, 2021 request for control of r/privacytoolsIO](https://www.reddit.com/r/redditrequest/comments/o9tllh/requesting_rprivacytoolsio_im_only_active_mod_top/) +- [July 27, 2021 announcement of our intentions to move on the PrivacyTools blog, written by the team](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) +- [Sept 13, 2021 announcement of the beginning of our transition to Privacy Guides on r/privacytoolsIO](https://www.reddit.com/r/privacytoolsIO/comments/pnql46/rprivacyguides_privacyguidesorg_what_you_need_to/) +- [Sept 17, 2021 announcement on OpenCollective from Jonah](https://opencollective.com/privacyguides/updates/transitioning-to-privacy-guides) +- [Sept 30, 2021 Twitter thread detailing most of the events now described on this page](https://twitter.com/privacy_guides/status/1443633412800225280) +- [Oct 1, 2021 post by u/dng99 noting subdomain failure](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) +- [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) +- [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) +- [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) diff --git a/i18n/ku/about/services.md b/i18n/ku/about/services.md new file mode 100644 index 00000000..71f2c95b --- /dev/null +++ b/i18n/ku/about/services.md @@ -0,0 +1,38 @@ +# Privacy Guides Services + +We run a number of web services to test out features and promote cool decentralized, federated, and/or open-source projects. Many of these services are available to the public and are detailed below. + +[:material-comment-alert: Report an issue](https://discuss.privacyguides.net/c/services/2 ""){.md-button.md-button--primary} + +## Discourse + +- Domain: [discuss.privacyguides.net](https://discuss.privacyguides.net) +- Availability: Public +- Source: [github.com/discourse/discourse](https://github.com/discourse/discourse) + +## Gitea + +- Domain: [code.privacyguides.dev](https://code.privacyguides.dev) +- Availability: Invite-Only + Access may be granted upon request to any team working on *Privacy Guides*-related development or content. +- Source: [snapcraft.io/gitea](https://snapcraft.io/gitea) + +## Matrix + +- Domain: [matrix.privacyguides.org](https://matrix.privacyguides.org) +- Availability: Invite-Only + Access may be granted upon request to Privacy Guides team members, Matrix moderators, third-party Matrix community administrators, Matrix bot operators, and other individuals in need of a reliable Matrix presence. +- Source: [github.com/spantaleev/matrix-docker-ansible-deploy](https://github.com/spantaleev/matrix-docker-ansible-deploy) + +## SearXNG + +- Domain: [search.privacyguides.net](https://search.privacyguides.net) +- Availability: Public +- Source: [github.com/searxng/searxng-docker](https://github.com/searxng/searxng-docker) + +## Invidious + +- Domain: [invidious.privacyguides.net](https://invidious.privacyguides.net) +- Availability: Semi-Public + We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. +- Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) diff --git a/i18n/ku/about/statistics.md b/i18n/ku/about/statistics.md new file mode 100644 index 00000000..8f17240c --- /dev/null +++ b/i18n/ku/about/statistics.md @@ -0,0 +1,61 @@ +--- +title: Traffic Statistics +--- + +## Website Statistics + + +
Stats powered by Plausible Analytics
+ + + + +## Blog Statistics + + +
Stats powered by Plausible Analytics
+ + + diff --git a/i18n/ku/advanced/communication-network-types.md b/i18n/ku/advanced/communication-network-types.md new file mode 100644 index 00000000..1f07a2c4 --- /dev/null +++ b/i18n/ku/advanced/communication-network-types.md @@ -0,0 +1,103 @@ +--- +title: "Types of Communication Networks" +icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. +--- + +There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. + +[Recommended Instant Messengers](../real-time-communication.md ""){.md-button} + +## Centralized Networks + +![Centralized networks diagram](../assets/img/layout/network-centralized.svg){ align=left } + +Centralized messengers are those where all participants are on the same server or network of servers controlled by the same organization. + +Some self-hosted messengers allow you to set up your own server. Self-hosting can provide additional privacy guarantees, such as no usage logs or limited access to metadata (data about who is talking to whom). Self-hosted centralized messengers are isolated and everyone must be on the same server to communicate. + +**Advantages:** + +- New features and changes can be implemented more quickly. +- Easier to get started with and to find contacts. +- Most mature and stable features ecosystems, as they are easier to program in a centralized software. +- Privacy issues may be reduced when you trust a server that you're self-hosting. + +**Disadvantages:** + +- Can include [restricted control or access](https://drewdevault.com/2018/08/08/Signal.html). This can include things like: +- Being [forbidden from connecting third-party clients](https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165) to the centralized network that might provide for greater customization or a better experience. Often defined in Terms and Conditions of usage. +- Poor or no documentation for third-party developers. +- The [ownership](https://web.archive.org/web/20210729191953/https://blog.privacytools.io/delisting-wire/), privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on. +- Self-hosting requires effort and knowledge of how to set up a service. + +## Federated Networks + +![Federated networks diagram](../assets/img/layout/network-decentralized.svg){ align=left } + +Federated messengers use multiple, independent, decentralized servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network. + +When self-hosted, members of a federated server can discover and communicate with members of other servers, although some servers may choose to remain private by being non-federated (e.g., work team server). + +**Advantages:** + +- Allows for greater control over your own data when running your own server. +- Allows you to choose whom to trust your data with by choosing between multiple "public" servers. +- Often allows for third-party clients which can provide a more native, customized, or accessible experience. +- Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member). + +**Disadvantages:** + +- Adding new features is more complex because these features need to be standardized and tested to ensure they work with all servers on the network. +- Due to the previous point, features can be lacking, or incomplete or working in unexpected ways compared to centralized platforms, such as message relay when offline or message deletion. +- Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used). +- Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is used. +- Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with members of those servers. + +## Peer-to-Peer Networks + +![P2P diagram](../assets/img/layout/network-distributed.svg){ align=left } + +P2P messengers connect to a [distributed network](https://en.wikipedia.org/wiki/Distributed_networking) of nodes to relay a message to the recipient without a third-party server. + +Clients (peers) usually find each other through the use of a [distributed computing](https://en.wikipedia.org/wiki/Distributed_computing) network. Examples of this include [Distributed Hash Tables](https://en.wikipedia.org/wiki/Distributed_hash_table) (DHT), used by [torrents](https://en.wikipedia.org/wiki/BitTorrent_(protocol)) and [IPFS](https://en.wikipedia.org/wiki/InterPlanetary_File_System) for example. Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the [Scuttlebutt](https://www.scuttlebutt.nz) social network protocol). + +Once a peer has found a route to its contact via any of these methods, a direct connection between them is made. Although messages are usually encrypted, an observer can still deduce the location and identity of the sender and recipient. + +P2P networks do not use servers, as peers communicate directly between each other and hence cannot be self-hosted. However, some additional services may rely on centralized servers, such as user discovery or relaying offline messages, which can benefit from self-hosting. + +**Advantages:** + +- Minimal information is exposed to third-parties. +- Modern P2P platforms implement E2EE by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models. + +**Disadvantages:** + +- Reduced feature set: +- Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online. +- Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online. +- Some common messenger features may not be implemented or incompletely, such as message deletion. +- Your IP address and that of the contacts you're communicating with may be exposed if you do not use the software in conjunction with a [VPN](../vpn.md) or [Tor](../tor.md). Many countries have some form of mass surveillance and/or metadata retention. + +## Anonymous Routing + +![Anonymous routing diagram](../assets/img/layout/network-anonymous-routing.svg){ align=left } + +A messenger using [anonymous routing](https://doi.org/10.1007/978-1-4419-5906-5_628) hides either the identity of the sender, the receiver, or evidence that they have been communicating. Ideally, a messenger should hide all three. + +There are [many](https://doi.org/10.1145/3182658) different ways to implement anonymous routing. One of the most famous is [onion routing](https://en.wikipedia.org/wiki/Onion_routing) (i.e. [Tor](tor-overview.md)), which communicates encrypted messages through a virtual [overlay network](https://en.wikipedia.org/wiki/Overlay_network) that hides the location of each node as well as the recipient and sender of each message. The sender and recipient never interact directly and only meet through a secret rendezvous node so that there is no leak of IP addresses nor physical location. Nodes cannot decrypt messages, nor the final destination; only the recipient can. Each intermediary node can only decrypt a part that indicates where to send the still encrypted message next, until it arrives at the recipient who can fully decrypt it, hence the "onion layers." + +Self-hosting a node in an anonymous routing network does not provide the hoster with additional privacy benefits, but rather contributes to the whole network's resilience against identification attacks for everyone's benefit. + +**Advantages:** + +- Minimal to no information is exposed to other parties. +- Messages can be relayed in a decentralized manner even if one of the parties is offline. + +**Disadvantages:** + +- Slow message propagation. +- Often limited to fewer media types, mostly text, since the network is slow. +- Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. +- More complex to get started, as the creation and secured backup of a cryptographic private key is required. +- Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. diff --git a/i18n/ku/advanced/dns-overview.md b/i18n/ku/advanced/dns-overview.md new file mode 100644 index 00000000..b47af280 --- /dev/null +++ b/i18n/ku/advanced/dns-overview.md @@ -0,0 +1,306 @@ +--- +title: "DNS Overview" +icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. +--- + +The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. + +## What is DNS? + +When you visit a website, a numerical address is returned. For example, when you visit `privacyguides.org`, the address `192.98.54.105` is returned. + +DNS has existed since the [early days](https://en.wikipedia.org/wiki/Domain_Name_System#History) of the Internet. DNS requests made to and from DNS servers are **not** generally encrypted. In a residential setting, a customer is given servers by the ISP via [DHCP](https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol). + +Unencrypted DNS requests are able to be easily **surveilled** and **modified** in transit. In some parts of the world, ISPs are ordered to do primitive [DNS filtering](https://en.wikipedia.org/wiki/DNS_blocking). When you request the IP address of a domain that is blocked, the server may not respond or may respond with a different IP address. As the DNS protocol is not encrypted, the ISP (or any network operator) can use [DPI](https://en.wikipedia.org/wiki/Deep_packet_inspection) to monitor requests. ISPs can also block requests based on common characteristics, regardless of which DNS server is used. Unencrypted DNS always uses [port](https://en.wikipedia.org/wiki/Port_(computer_networking)) 53 and always uses UDP. + +Below, we discuss and provide a tutorial to prove what an outside observer may see using regular unencrypted DNS and [encrypted DNS](#what-is-encrypted-dns). + +### Unencrypted DNS + +1. Using [`tshark`](https://www.wireshark.org/docs/man-pages/tshark.html) (part of the [Wireshark](https://en.wikipedia.org/wiki/Wireshark) project) we can monitor and record internet packet flow. This command records packets that meet the rules specified: + + ```bash + tshark -w /tmp/dns.pcap udp port 53 and host 1.1.1.1 or host 8.8.8.8 + ``` + +2. We can then use [`dig`](https://en.wikipedia.org/wiki/Dig_(command)) (Linux, MacOS etc) or [`nslookup`](https://en.wikipedia.org/wiki/Nslookup) (Windows) to send the DNS lookup to both servers. Software such as web browsers do these lookups automatically, unless they are configured to use encrypted DNS. + + === "Linux, macOS" + + ``` + dig +noall +answer privacyguides.org @1.1.1.1 + dig +noall +answer privacyguides.org @8.8.8.8 + ``` + === "Windows" + + ``` + nslookup privacyguides.org 1.1.1.1 + nslookup privacyguides.org 8.8.8.8 + ``` + +3. Next, we want to [analyse](https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html#ChIntroWhatIs) the results: + + === "Wireshark" + + ``` + wireshark -r /tmp/dns.pcap + ``` + + === "tshark" + + ``` + tshark -r /tmp/dns.pcap + ``` + +If you run the Wireshark command above, the top pane shows the "[frames](https://en.wikipedia.org/wiki/Ethernet_frame)", and the bottom pane shows all the data about the selected frame. Enterprise filtering and monitoring solutions (such as those purchased by governments) can do the process automatically, without human interaction, and can aggregate those frames to produce statistical data useful to the network observer. + +| No. | Time | Source | Destination | Protocol | Length | Info | +| --- | -------- | --------- | ----------- | -------- | ------ | ---------------------------------------------------------------------- | +| 1 | 0.000000 | 192.0.2.1 | 1.1.1.1 | DNS | 104 | Standard query 0x58ba A privacyguides.org OPT | +| 2 | 0.293395 | 1.1.1.1 | 192.0.2.1 | DNS | 108 | Standard query response 0x58ba A privacyguides.org A 198.98.54.105 OPT | +| 3 | 1.682109 | 192.0.2.1 | 8.8.8.8 | DNS | 104 | Standard query 0xf1a9 A privacyguides.org OPT | +| 4 | 2.154698 | 8.8.8.8 | 192.0.2.1 | DNS | 108 | Standard query response 0xf1a9 A privacyguides.org A 198.98.54.105 OPT | + +An observer could modify any of these packets. + +## What is "encrypted DNS"? + +Encrypted DNS can refer to one of a number of protocols, the most common ones being: + +### DNSCrypt + +[**DNSCrypt**](https://en.wikipedia.org/wiki/DNSCrypt) was one of the first methods of encrypting DNS queries. DNSCrypt operates on port 443 and works with both the TCP or UDP transport protocols. DNSCrypt has never been submitted to the [Internet Engineering Task Force (IETF)](https://en.wikipedia.org/wiki/Internet_Engineering_Task_Force) nor has it gone through the [Request for Comments (RFC)](https://en.wikipedia.org/wiki/Request_for_Comments) process, so it has not been used widely outside of a few [implementations](https://dnscrypt.info/implementations). As a result, it has been largely replaced by the more popular [DNS over HTTPS](#dns-over-https-doh). + +### DNS over TLS (DoT) + +[**DNS over TLS**](https://en.wikipedia.org/wiki/DNS_over_TLS) is another method for encrypting DNS communication that is defined in [RFC 7858](https://datatracker.ietf.org/doc/html/rfc7858). Support was first implemented in Android 9, iOS 14, and on Linux in [systemd-resolved](https://www.freedesktop.org/software/systemd/man/resolved.conf.html#DNSOverTLS=) in version 237. Preference in the industry has been moving away from DoT to DoH in recent years, as DoT is a [complex protocol](https://dnscrypt.info/faq/) and has varying compliance to the RFC across the implementations that exist. DoT also operates on a dedicated port 853 which can be blocked easily by restrictive firewalls. + +### DNS over HTTPS (DoH) + +[**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS) as defined in [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) packages queries in the [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) protocol and provides security with HTTPS. Support was first added in web browsers such as Firefox 60 and Chrome 83. + +Native implementation of DoH showed up in iOS 14, macOS 11, Microsoft Windows, and Android 13 (however, it won't be enabled [by default](https://android-review.googlesource.com/c/platform/packages/modules/DnsResolver/+/1833144)). General Linux desktop support is waiting on the systemd [implementation](https://github.com/systemd/systemd/issues/8639) so [installing third-party software is still required](../dns.md#encrypted-dns-proxies). + +## What can an outside party see? + +In this example we will record what happens when we make a DoH request: + +1. First, start `tshark`: + + ```bash + tshark -w /tmp/dns_doh.pcap -f "tcp port https and host 1.1.1.1" + ``` + +2. Second, make a request with `curl`: + + ```bash + curl -vI --doh-url https://1.1.1.1/dns-query https://privacyguides.org + ``` + +3. After making the request, we can stop the packet capture with CTRL + C. + +4. Analyse the results in Wireshark: + + ```bash + wireshark -r /tmp/dns_doh.pcap + ``` + +We can see the [connection establishment](https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_establishment) and [TLS handshake](https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/) that occurs with any encrypted connection. When looking at the "application data" packets that follow, none of them contain the domain we requested or the IP address returned. + +## Why **shouldn't** I use encrypted DNS? + +In locations where there is internet filtering (or censorship), visiting forbidden resources may have its own consequences which you should consider in your [threat model](../basics/threat-modeling.md). We do **not** suggest the use of encrypted DNS for this purpose. Use [Tor](https://torproject.org) or a [VPN](../vpn.md) instead. If you're using a VPN, you should use your VPN's DNS servers. When using a VPN, you are already trusting them with all your network activity. + +When we do a DNS lookup, it's generally because we want to access a resource. Below, we will discuss some of the methods that may disclose your browsing activities even when using encrypted DNS: + +### IP Address + +The simplest way to determine browsing activity might be to look at the IP addresses your devices are accessing. For example, if the observer knows that `privacyguides.org` is at `198.98.54.105`, and your device is requesting data from `198.98.54.105`, there is a good chance you're visiting Privacy Guides. + +This method is only useful when the IP address belongs to a server that only hosts few websites. It's also not very useful if the site is hosted on a shared platform (e.g. Github Pages, Cloudflare Pages, Netlify, WordPress, Blogger, etc). It also isn't very useful if the server is hosted behind a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy), which is very common on the modern Internet. + +### Server Name Indication (SNI) + +Server Name Indication is typically used when a IP address hosts many websites. This could be a service like Cloudflare, or some other [Denial-of-service attack](https://en.wikipedia.org/wiki/Denial-of-service_attack) protection. + +1. Start capturing again with `tshark`. We've added a filter with our IP address so you don't capture many packets: + + ```bash + tshark -w /tmp/pg.pcap port 443 and host 198.98.54.105 + ``` + +2. Then we visit [https://privacyguides.org](https://privacyguides.org). + +3. After visiting the website, we want to stop the packet capture with CTRL + C. + +4. Next we want to analyze the results: + + ```bash + wireshark -r /tmp/pg.pcap + ``` + + We will see the connection establishment, followed by the TLS handshake for the Privacy Guides website. Around frame 5. you'll see a "Client Hello". + +5. Expand the triangle ▸ next to each field: + + ```text + ▸ Transport Layer Security + ▸ TLSv1.3 Record Layer: Handshake Protocol: Client Hello + ▸ Handshake Protocol: Client Hello + ▸ Extension: server_name (len=22) + ▸ Server Name Indication extension + ``` + +6. We can see the SNI value which discloses the website we are visiting. The `tshark` command can give you the value directly for all packets containing a SNI value: + + ```bash + tshark -r /tmp/pg.pcap -Tfields -Y tls.handshake.extensions_server_name -e tls.handshake.extensions_server_name + ``` + +This means even if we are using "Encrypted DNS" servers, the domain will likely be disclosed through SNI. The [TLS v1.3](https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3) protocol brings with it [Encrypted Client Hello](https://blog.cloudflare.com/encrypted-client-hello/), which prevents this kind of leak. + +Governments, in particular [China](https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/) and [Russia](https://www.zdnet.com/article/russia-wants-to-ban-the-use-of-secure-protocols-such-as-tls-1-3-doh-dot-esni/), have either already [started blocking](https://en.wikipedia.org/wiki/Server_Name_Indication#Encrypted_Client_Hello) it or expressed a desire to do so. Recently, Russia has [started blocking foreign websites](https://github.com/net4people/bbs/issues/108) that use the [HTTP/3](https://en.wikipedia.org/wiki/HTTP/3) standard. This is because the [QUIC](https://en.wikipedia.org/wiki/QUIC) protocol that is a part of HTTP/3 requires that `ClientHello` also be encrypted. + +### Online Certificate Status Protocol (OCSP) + +Another way your browser can disclose your browsing activities is with the [Online Certificate Status Protocol](https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol). When visiting an HTTPS website, the browser might check to see if the website's [certificate](https://en.wikipedia.org/wiki/Public_key_certificate) has been revoked. This is generally done through the HTTP protocol, meaning it is **not** encrypted. + +The OCSP request contains the certificate "[serial number](https://en.wikipedia.org/wiki/Public_key_certificate#Common_fields)", which is unique. It is sent to the "OCSP responder" in order to check its status. + +We can simulate what a browser would do using the [`openssl`](https://en.wikipedia.org/wiki/OpenSSL) command. + +1. Get the server certificate and use [`sed`](https://en.wikipedia.org/wiki/Sed) to keep just the important part and write it out to a file: + + ```bash + openssl s_client -connect privacyguides.org:443 < /dev/null 2>&1 | + sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_server.cert + ``` + +2. Get the intermediate certificate. [Certificate Authorities (CA)](https://en.wikipedia.org/wiki/Certificate_authority) normally don't sign a certificate directly; they use what is known as an "intermediate" certificate. + + ```bash + openssl s_client -showcerts -connect privacyguides.org:443 < /dev/null 2>&1 | + sed -n '/^-*BEGIN/,/^-*END/p' > /tmp/pg_and_intermediate.cert + ``` + +3. The first certificate in `pg_and_intermediate.cert` is actually the server certificate from step 1. We can use `sed` again to delete until the first instance of END: + + ```bash + sed -n '/^-*END CERTIFICATE-*$/!d;:a n;p;ba' \ + /tmp/pg_and_intermediate.cert > /tmp/intermediate_chain.cert + ``` + +4. Get the OCSP responder for the server certificate: + + ```bash + openssl x509 -noout -ocsp_uri -in /tmp/pg_server.cert + ``` + + Our certificate shows the Lets Encrypt certificate responder. If we want to see all the details of the certificate we can use: + + ```bash + openssl x509 -text -noout -in /tmp/pg_server.cert + ``` + +5. Start the packet capture: + + ```bash + tshark -w /tmp/pg_ocsp.pcap -f "tcp port http" + ``` + +6. Make the OCSP request: + + ```bash + openssl ocsp -issuer /tmp/intermediate_chain.cert \ + -cert /tmp/pg_server.cert \ + -text \ + -url http://r3.o.lencr.org + ``` + +7. Open the capture: + + ```bash + wireshark -r /tmp/pg_ocsp.pcap + ``` + + There will be two packets with the "OCSP" protocol: a "Request" and a "Response". For the "Request" we can see the "serial number" by expanding the triangle ▸ next to each field: + + ```bash + ▸ Online Certificate Status Protocol + ▸ tbsRequest + ▸ requestList: 1 item + ▸ Request + ▸ reqCert + serialNumber + ``` + + For the "Response" we can also see the "serial number": + + ```bash + ▸ Online Certificate Status Protocol + ▸ responseBytes + ▸ BasicOCSPResponse + ▸ tbsResponseData + ▸ responses: 1 item + ▸ SingleResponse + ▸ certID + serialNumber + ``` + +8. Or use `tshark` to filter the packets for the Serial Number: + + ```bash + tshark -r /tmp/pg_ocsp.pcap -Tfields -Y ocsp.serialNumber -e ocsp.serialNumber + ``` + +If the network observer has the public certificate, which is publicly available, they can match the serial number with that certificate and therefore determine the site you're visiting from that. The process can be automated and can associate IP addresses with serial numbers. It is also possible to check [Certificate Transparency](https://en.wikipedia.org/wiki/Certificate_Transparency) logs for the serial number. + +## Should I use encrypted DNS? + +We made this flow chart to describe when you *should* use encrypted DNS: + +``` mermaid +graph TB + Start[Start] --> anonymous{Trying to be
anonymous?} + anonymous--> | Yes | tor(Use Tor) + anonymous --> | No | censorship{Avoiding
censorship?} + censorship --> | Yes | vpnOrTor(Use
VPN or Tor) + censorship --> | No | privacy{Want privacy
from ISP?} + privacy --> | Yes | vpnOrTor + privacy --> | No | obnoxious{ISP makes
obnoxious
redirects?} + obnoxious --> | Yes | encryptedDNS(Use
encrypted DNS
with 3rd party) + obnoxious --> | No | ispDNS{Does ISP support
encrypted DNS?} + ispDNS --> | Yes | useISP(Use
encrypted DNS
with ISP) + ispDNS --> | No | nothing(Do nothing) +``` + +Encrypted DNS with a third-party should only be used to get around redirects and basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering. + +[List of recommended DNS servers](../dns.md ""){.md-button} + +## What is DNSSEC? + +[Domain Name System Security Extensions](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) (DNSSEC) is a feature of DNS that authenticates responses to domain name lookups. It does not provide privacy protections for those lookups, but rather prevents attackers from manipulating or poisoning the responses to DNS requests. + +In other words, DNSSEC digitally signs data to help ensure its validity. In order to ensure a secure lookup, the signing occurs at every level in the DNS lookup process. As a result, all answers from DNS can be trusted. + +The DNSSEC signing process is similar to someone signing a legal document with a pen; that person signs with a unique signature that no one else can create, and a court expert can look at that signature and verify that the document was signed by that person. These digital signatures ensure that data has not been tampered with. + +DNSSEC implements a hierarchical digital signing policy across all layers of DNS. For example, in the case of a `privacyguides.org` lookup, a root DNS server would sign a key for the `.org` nameserver, and the `.org` nameserver would then sign a key for `privacyguides.org`’s authoritative nameserver. + +Adapted from [DNS Security Extensions (DNSSEC) overview](https://cloud.google.com/dns/docs/dnssec) by Google and [DNSSEC: An Introduction](https://blog.cloudflare.com/dnssec-an-introduction/) by Cloudflare, both licensed under [CC BY 4.0](https://creativecommons.org/licenses/by/4.0/). + +## What is QNAME minimization? + +A QNAME is a "qualified name", for example `privacyguides.org`. QNAME minimisation reduces the amount of information sent from the DNS server to the [authoritative name server](https://en.wikipedia.org/wiki/Name_server#Authoritative_name_server). + +Instead of sending the whole domain `privacyguides.org`, QNAME minimization means the DNS server will ask for all the records that end in `.org`. Further technical description is defined in [RFC 7816](https://datatracker.ietf.org/doc/html/rfc7816). + +## What is EDNS Client Subnet (ECS)? + +The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a method for a recursive DNS resolver to specify a [subnetwork](https://en.wikipedia.org/wiki/Subnetwork) for the [host or client](https://en.wikipedia.org/wiki/Client_(computing)) which is making the DNS query. + +It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. + +This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. diff --git a/i18n/ku/advanced/payments.md b/i18n/ku/advanced/payments.md new file mode 100644 index 00000000..7e046ecd --- /dev/null +++ b/i18n/ku/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/ku/advanced/tor-overview.md b/i18n/ku/advanced/tor-overview.md new file mode 100644 index 00000000..dd9d2a95 --- /dev/null +++ b/i18n/ku/advanced/tor-overview.md @@ -0,0 +1,80 @@ +--- +title: "Tor Overview" +icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. +--- + +Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. + +## Path Building + +Tor works by routing your traffic through a network comprised of thousands of volunteer-run servers called nodes (or relays). + +Every time you connect to Tor, it will choose three nodes to build a path to the internet—this path is called a "circuit." Each of these nodes has its own function: + +### The Entry Node + +The entry node, often called the guard node, is the first node to which your Tor client connects. The entry node is able to see your IP address, however it is unable to see what you are connecting to. + +Unlike the other nodes, the Tor client will randomly select an entry node and stick with it for two to three months to protect you from certain attacks.[^1] + +### The Middle Node + +The middle node is the second node to which your Tor client connects. It can see which node the traffic came from—the entry node—and to which node it goes to next. The middle node cannot, see your IP address or the domain you are connecting to. + +For each new circuit, the middle node is randomly selected out of all available Tor nodes. + +### The Exit Node + +The exit node is the point in which your web traffic leaves the Tor network and is forwarded to your desired destination. The exit node is unable to see your IP address, but it does know what site it's connecting to. + +The exit node will be chosen at random from all available Tor nodes ran with an exit relay flag.[^2] + +
+ ![Tor path](../assets/img/how-tor-works/tor-path.svg#only-light) + ![Tor path](../assets/img/how-tor-works/tor-path-dark.svg#only-dark) +
Tor circuit pathway
+
+ +## Encryption + +Tor encrypts each packet (a block of transmitted data) three times with the keys from the exit, middle, and entry node—in that order. + +Once Tor has built a circuit, data transmission is done as follows: + +1. Firstly: when the packet arrives at the entry node, the first layer of encryption is removed. In this encrypted packet, the entry node will find another encrypted packet with the middle node’s address. The entry node will then forward the packet to the middle node. + +2. Secondly: when the middle node receives the packet from the entry node, it too will remove a layer of encryption with its key, and this time finds an encrypted packet with the exit node's address. The middle node will then forward the packet to the exit node. + +3. Lastly: when the exit node receives its packet, it will remove the last layer of encryption with its key. The exit node will see the destination address and forward the packet to that address. + +Below is an alternative diagram showing the process. Each node removes its own layer of encryption, and when the destination server returns data, the same process happens entirely in reverse. For example, the exit node does not know who you are, but it does know which node it came from, and so it adds its own layer of encryption and sends it back. + +
+ ![Tor encryption](../assets/img/how-tor-works/tor-encryption.svg#only-light) + ![Tor encryption](../assets/img/how-tor-works/tor-encryption-dark.svg#only-dark) +
Sending and receiving data through the Tor Network
+
+ +Tor allows us to connect to a server without any single party knowing the entire path. The entry node knows who you are, but not where you are going; the middle node doesn’t know who you are or where you are going; and the exit node knows where you are going, but not who you are. Because the exit node is what makes the final connection, the destination server will never know your IP address. + +## Caveats + +Though Tor does provide strong privacy guarantees, one must be aware that Tor is not perfect: + +- Well-funded adversaries with the capability to passively watch most network traffic over the globe have a chance of deanonymizing Tor users by means of advanced traffic analysis. Nor does Tor protect you from exposing yourself by mistake, such as if you share too much information about your real identity. +- Tor exit nodes can also monitor traffic that passes through them. This means traffic which is not encrypted, such as plain HTTP traffic, can be recorded and monitored. If such traffic contains personally identifiable information, then it can deanonymize you to that exit node. Thus, we recommend using HTTPS over Tor where possible. + +If you wish to use Tor for browsing the web, we only recommend the **official** Tor Browser—it is designed to prevent fingerprinting. + +- [Tor Browser :material-arrow-right-drop-circle:](../tor.md#tor-browser) + +## Additional Resources + +- [Tor Browser User Manual](https://tb-manual.torproject.org) +- [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) +- [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) + +[^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) + +[^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/ku/android.md b/i18n/ku/android.md new file mode 100644 index 00000000..2300ac5b --- /dev/null +++ b/i18n/ku/android.md @@ -0,0 +1,353 @@ +--- +title: "ئەندرۆید" +icon: 'simple/android' +description: 'دەتوانیت سیستەمی کارپێکردن سەر تەلەفۆنی ئەندرۆیدەکەت بگۆڕیت بۆ ئەم جێگرەوانەی، کە پارێزراو و ڕێزگرن لە تایبەتمەندێتی.' +--- + +![Android logo](assets/img/android/android.svg){ align=right } + +**پڕۆژەی ئەندرۆیدی سەرچاوەکراوە** سیستەمی سەرچاوەکراوەی کارپێکردنی مۆبایلە کە لە لایەن گووگڵەوە بەڕێوەدەبرێت, کە زۆربەی ئامێرەکانی مۆبایل لە جیهاندا بەکاردێت. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features. + +[:octicons-home-16:](https://source.android.com/){ .card-link title=Homepage } +[:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation} +[:octicons-code-16:](https://cs.android.com/android/platform/superproject/){ .card-link title="Source Code" } + +These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: + +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} + +## AOSP Derivatives + +We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems. + +!!! note + + End-of-life devices (such as GrapheneOS or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software. + +### GrapheneOS + +!!! recommendation + + ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right } + ![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right } + + **GrapheneOS** is the best choice when it comes to privacy and security. + + GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wiki/Hardening_(computing)) and privacy improvements. It has a [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), network and sensor permissions, and various other [security features](https://grapheneos.org/features). GrapheneOS also comes with full firmware updates and signed builds, so verified boot is fully supported. + + [:octicons-home-16: Homepage](https://grapheneos.org/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation} + [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } + [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } + +GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. + +Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). + +### DivestOS + +!!! recommendation + + ![DivestOS logo](assets/img/android/divestos.svg){ align=right } + + **DivestOS** is a soft-fork of [LineageOS](https://lineageos.org/). + DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices. + + [:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary } + [:simple-torbrowser:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" } + [:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Contribute } + +DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. + +DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). + +DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. + +!!! warning + + DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative. + + Not all of the supported devices have verified boot, and some perform it better than others. + +## Android Devices + +When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. + +Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution. + +Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner. + +A few more tips regarding Android devices and operating system compatibility: + +- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer. +- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with. +- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net/) to find details! + +### Google Pixel + +Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element. + +!!! recommendation + + ![Google Pixel 6](assets/img/android/google-pixel.png){ align=right } + + **Google Pixel** devices are known to have good security and properly support [Verified Boot](https://source.android.com/security/verifiedboot), even when installing custom operating systems. + + Beginning with the **Pixel 6** and **6 Pro**, Pixel devices receive a minimum of 5 years of guaranteed security updates, ensuring a much longer lifespan compared to the 2-4 years competing OEMs typically offer. + + [:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary } + +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface. + +Google Pixel phones use a TEE OS called Trusty which is [open-source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. + +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://www.nitrokey.com/about) company. + +A few more tips for purchasing a Google Pixel: + +- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock. +- Consider price beating options and specials offered at physical stores. +- Look at online community bargain sites in your country. These can alert you to good sales. +- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day. + +## General Apps + +We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality. + +### Shelter + +!!! recommendation + + ![Shelter logo](assets/img/android/shelter.svg){ align=right } + + **Shelter** is an app that helps you leverage Android's Work Profile functionality to isolate or duplicate apps on your device. + + Shelter supports blocking contact search cross profiles and sharing files across profiles via the default file manager ([DocumentsUI](https://source.android.com/devices/architecture/modular-system/documentsui)). + + [:octicons-repo-16: Repository](https://gitea.angry.im/PeterCxy/Shelter#shelter){ .md-button .md-button--primary } + [:octicons-code-16:](https://gitea.angry.im/PeterCxy/Shelter){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.patreon.com/PeterCxy){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.typeblog.shelter) + +!!! warning + + Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular/) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html). + + When using Shelter, you are placing complete trust in its developer, as Shelter acts as a [Device Admin](https://developer.android.com/guide/topics/admin/device-admin) to create the Work Profile, and it has extensive access to the data stored within the Work Profile. + +### Auditor + +!!! recommendation + + ![Auditor logo](assets/img/android/auditor.svg#only-light){ align=right } + ![Auditor logo](assets/img/android/auditor-dark.svg#only-dark){ align=right } + + **Auditor** is an app which leverages hardware security features to provide device integrity monitoring for [supported devices](https://attestation.app/about#device-support). Currently, it only works with GrapheneOS and the device's stock operating system. + + [:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary } + [:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentation} + [:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" } + [:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play) + - [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases) + - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases) + +Auditor performs attestation and intrusion detection by: + +- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/) of the *Auditor*. +- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app). +- The *auditor* records the current state and configuration of the *auditee*. +- Should tampering with the operating system of the *auditee* happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations. +- You will be alerted to the change. + +No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring. + +If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service. To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection. + +### Secure Camera + +!!! recommendation + + ![Secure camera logo](assets/img/android/secure_camera.svg#only-light){ align=right } + ![Secure camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ align=right } + + **Secure Camera** is a camera app focused on privacy and security which can capture images, videos and QR codes. CameraX vendor extensions (Portrait, HDR, Night Sight, Face Retouch, and Auto) are also supported on available devices. + + [:octicons-repo-16: Repository](https://github.com/GrapheneOS/Camera){ .md-button .md-button--primary } + [:octicons-info-16:](https://grapheneos.org/usage#camera){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/GrapheneOS/Camera){ .card-link title="Source Code" } + [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play) + - [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases) + - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases) + +Main privacy features include: + +- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default) +- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required +- Microphone permission not required unless you want to record sound + +!!! note + + Metadata is not currently deleted from video files but that is planned. + + The image orientation metadata is not deleted. If you enable location (in Secure Camera) that **won't** be deleted either. If you want to delete that later you will need to use an external app such as [ExifEraser](data-redaction.md#exiferaser). + +### Secure PDF Viewer + +!!! recommendation + + ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ align=right } + ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ align=right } + + **Secure PDF Viewer** is a PDF viewer based on [pdf.js](https://en.wikipedia.org/wiki/PDF.js) that doesn't require any permissions. The PDF is fed into a [sandboxed](https://en.wikipedia.org/wiki/Sandbox_(software_development)) [webview](https://developer.android.com/guide/webapps/webview). This means that it doesn't require permission directly to access content or files. + + [Content-Security-Policy](https://en.wikipedia.org/wiki/Content_Security_Policy) is used to enforce that the JavaScript and styling properties within the WebView are entirely static content. + + [:octicons-repo-16: Repository](https://github.com/GrapheneOS/PdfViewer){ .md-button .md-button--primary } + [:octicons-code-16:](https://github.com/GrapheneOS/PdfViewer){ .card-link title="Source Code" } + [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play) + - [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases) + - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases) + +## Obtaining Applications + +### GrapheneOS App Store + +GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to. + +### Aurora Store + +The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store. + +!!! recommendation + + ![Aurora Store logo](assets/img/android/aurora-store.webp){ align=right } + + **Aurora Store** is a Google Play Store client which does not require a Google Account, Google Play Services, or microG to download apps. + + [:octicons-home-16: Homepage](https://auroraoss.com/){ .md-button .md-button--primary } + [:octicons-code-16:](https://gitlab.com/AuroraOSS/AuroraStore){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases) + +Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device. + +### Manually with RSS Notifications + +For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you keep track of new releases. + +![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark) + +#### GitHub + +On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL: + +`https://github.com/GrapheneOS/Camera/releases.atom` + +#### GitLab + +On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL: + +`https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom` + +#### Verifying APK Fingerprints + +If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools). + +1. Install [Java JDK](https://www.oracle.com/java/technologies/downloads/). + +2. Download the [Android Studio command line tools](https://developer.android.com/studio#command-tools). + +3. Extract the downloaded archive: + + ```bash + unzip commandlinetools-*.zip + cd cmdline-tools + ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3" + ``` + +4. Run the signature verification command: + + ```bash + ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk + ``` + +5. The resulting hashes can then be compared with another source. Some developers such as Signal [show the fingerprints](https://signal.org/android/apk/) on their website. + + ```bash + Signer #1 certificate DN: CN=GrapheneOS + Signer #1 certificate SHA-256 digest: 6436b155b917c2f9a9ed1d15c4993a5968ffabc94947c13f2aeee14b7b27ed59 + Signer #1 certificate SHA-1 digest: 23e108677a2e1b1d6e6b056f3bb951df7ad5570c + Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3 + ``` + +### F-Droid + +![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px } + +==We do **not** currently recommend F-Droid as a way to obtain apps.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications and is dedicated to free and open-source software. However, there are [notable problems](https://privsec.dev/posts/android/f-droid-security-issues/) with the official F-Droid client, their quality control, and how they build, sign, and deliver packages. + +Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. + +Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates. + +That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method. + +!!! note + + In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org/) is one example of this). If you really need an app like that, we recommend using [Neo Store](https://github.com/NeoApplications/Neo-Store/) instead of the official F-Droid app to obtain it. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Operating Systems + +- Must be open-source software. +- Must support bootloader locking with custom AVB key support. +- Must receive major Android updates within 0-1 months of release. +- Must receive Android feature updates (minor version) within 0-14 days of release. +- Must receive regular security patches within 0-5 days of release. +- Must **not** be "rooted" out of the box. +- Must **not** enable Google Play Services by default. +- Must **not** require system modification to support Google Play Services. + +### Devices + +- Must support at least one of our recommended custom operating systems. +- Must be currently sold new in stores. +- Must receive a minimum of 5 years of security updates. +- Must have dedicated secure element hardware. + +### Applications + +- Applications on this page must not be applicable to any other software category on the site. +- General applications should extend or replace core system functionality. +- Applications should receive regular updates and maintenance. diff --git a/i18n/ku/assets/img/account-deletion/exposed_passwords.png b/i18n/ku/assets/img/account-deletion/exposed_passwords.png new file mode 100644 index 0000000000000000000000000000000000000000..5295c902cdff975b9360a77e1dc5e04e9dfd6c70 GIT binary patch literal 27902 zcmZ^}1yox>^EMv5Xp!PtBv=axF2#yNiWjH26)j$*1a}RR;7}Y|q!cN|-L<$CcT$S$ zm%i`slXL#(f6v3--Pye}JM+wL!sbS4s3{WS(cl39077LYIV}JH69NFBe|&<0l7uwA ztwc4>G$1B#*u3%v?J#lcgL%D=TK-w&b1@g`cXDeb{?;g zk0>+$l>HMRQG&Z6xOcBQJA~xpS$Xrx#&h=?y4Py@v9$W=Z)iMjpNA1@vG{7 zWNAAR-iS=BMn+a6p{2;kQlu+<*C%fmnzw6~xN8UBwM*P}&D&Liu4$kUxvP&t;x47h z5|!~1mDw7T*&2u48pw4`+GkA!1ylvP#$>ma*N)6dQmT2{p6o>c&RYWZV1u`^U$}Q3a}o z5}?GWj?(HzlynZo>)P%bieMDW$g5rC;~I(u6tCms$nkz;KML*0_C{oTJF>AFS&c#| zvNUfu55Ak1hx}J2?!psy6C-yMp}UbN`0PSaaNYHBUGuS9b49^yO-W=;LwZeLY0XSy z%}#&K&TP$0e@$O{O+#b}BC@P1Iu{8Y&&wNcY+UQlTkD6fwI{B%N3JzO*BT?|8liKI zK6BMRbES6UdHUm}W^>hcbJebGpD5a)RPFytruImV{(k`VC!!$I50~ywlpcqppfsMR zvD=@wJB~u>T00zBowo~*M1=;9q70q~hr<)$a40m=2MTqC&$UM~u`;Tg0s!_s%5pL~ zK4^#2!e~%wVnDTfS8sfz%fkq0>fjyXM)ZyJqszp>aTZ^(!YxEBWVZOiNNsnM`g@(g35tV7OUI z1RS$tb6WRKR-A8x81@t|IB&l9kJRgzbeeRu50A0RvZ9h|qCfQ*z92Pc>J^WwKuSTDdIdvX?bRp$Eqzx#_mM4(FDT;j8`# z^%NQA45ge9l}C-EynQ-?m&=Rm`4z~O5{jsa=;o~kzGN;?fs&NqbpqENXL3qJOO zmpOWxecs4gxpGEnPCPbawCYs8Uqp&qnpk7+vP|^>=NCJNZi2mqcaq}G`+r`sT)A32 zk1D0Avcs)j$UUIgot7XeD$P7K-2KjYVZ)dgbb7G!Wqn0lP)il6DJ+?{`x(HhnMQ= z1S^9BZQ-v~q;kNg@8-QE-+?BlRZ&@*_|i0HvAADOj$_y2@oenx`K^0#v4UbH;<9}k zz#^r}@#-{WX`B?{VOT~6w$qk!i%x#r zc6m=~0{~^ZEM!h@wf<%N@7J)emt?4vk$CpiIdtoL|FMsnvhIdQuyl6_9s{iy#}L!l zAA3s+SR6+cz;7T=5CRBzF(D$^0Ex%tO6XxU{Na;i(9pP zSlRP|eEFFDftu{lqLUoA#tM)P>=8jQDfvroTh|^gygqO{@U{tNG_wut?pBy+6}LyP2J}znEm|M zT`TUp10WP_eOC4~Hiw(j>sGL4H`%7XmFC8cF2?tBDXhgHZY zudp&Gc2Y|fi%O;9i%(=!aszoz`o2J>wwGS=ySGEfVBoA(`L&T`dvfXo;Tp3w?^yG5 zAZ_iukeHBW=AAG1j1Rm&jB(nsaeWHT;c1jg>*4j*&fs7A#cZ5UIZ1WE8&@qShYOV2 zo{=#X5zX~j$>JYc*I{b#7XBP1AGbqT4S|8XS>wESV;MtKrCEtT=q=En=|I1vT#rO!7QCaUp1@l$TaWrBpx(S-X4OUR;{Vb#l zH-ikWS|(p@(YVwVpqr*@61pokh%_W!iq z*eNk9VGMpn{on!k*(#A`!Tq{zNCQ|)_^NiH>DfSmEHOk{g7RaCj04A(eJ^IiPMbw- z(t{{B31&yPD=@6S>Fp+-Spita>wy^dt7kl!JeUcd<7=HVRc{6n2I^W=-3X)tAoElwLU9&5B2u?V_BfOfuj zao1#^$=8i7Y{Xi){h0q}vu)%e`=1^7{|KL7^~MB_tT*zQ1*t+qTtTsR}FdMX(;EUqOkB)GUQQvUd*4ZJAb zZVS-+?M@47EKE{+;<$fnZ?<>Im;YHxF<--K(z5Sf4537HvHieql?;n8*V5s*(~5@t zBtNT4iQ*55YtMTKg)D*Q0CW4zvVL68S|LdTcSDTs7j&xa=j#1($qf&;uuNuHTQoC_ znaq&*5f1sp^sz@C7*Q#qK?>9=!f=t(F$svSAF^UV z$MLIJWz`dHf+W}k$RQ&7KWVe-WN+*`e|$#x9oSoB$trfk7xp?yxi~tD>*tmR8v?#o z|A!_?@B`M<7OVt&SM`wRk^U+2AXzzHHgTqmmCv`*!05;qKPQN4L~-6TJG#6gNQ!{l z0J^PcybA`m`#+4VR7i*mlL(^a3kQjFdS?UYBQNL?)y#-v-yyhL3irVuo8R61PSBG# zONtX;hi8Nvh(0XVhqXdbA+F``BIRUfTVg)Q9|))Z{hry7rNn~BEpA3-|FS%ii~YQ5 zOC<}L1F;b)n+Fb+iQ`PdSxsdKIyk2g6}Hdij6~Wl7JIuH73zN4!J_uDPRnBc^U~8^FgyXwGQ$k( zR8Nd@N1JH6E(oH6%9!wwvG^*K=JMH7OXl6mRfuwjEXwXMr9~#x&I08~TUex1y@ zxmeLL_(av-7IeLADfrb_ovQ@g zG~0VYh8_tt=HyqRt{6ZQN-gMhT`sd)=u_=N&{}w#&WO{|qqA+JA=kqRSw`kcEfk;W zZ>3jL_sU?n-8TvtJE1MjR>7JB456(y^_D4wMnClEGjscOthBD8`1Z`Eq`Qo5Tqk=& zuTlmuSGmp+sBja5v;AW5lI$csfMdVRk=eV^NjXdTZLF{iOPH;Q7&hrXPjtNQS>eQB zOp3xy=&`45ZH^eM%bj?HqUK|&f07<|#IY<$pC~&@+zW_W!?`bE3}OvT$9$b9Rodkd zkZHj2qB<)qO_t1!tv-^q(zS0gq14VcTwT6$Z{WtY|1=+R3>vF0kwyRu)C|zWn4;mp zrTDLQzvKCuB))oITS=ijy1cIM@JJru=|uZ$X%lZ?b$Y=k!{qz=6-maBz!1eOx&S_Ky z(G$AUAi6;eZ*f+JhjVbZ^*!~xi{R7r)7cmeN|OZPd{ZZEmeox{fR0wTv#ejA3l{o( zKjfcxwDK}JS39MyDG=z9kN2u%Rrv--DY{-6Y7m7yRp_hf-&Ew})BL>ASN#3D+WzH- zOed>A?c7u0FW*6|cL^rVLi$)w&_Ruj9?{+EL{8{0Q>btQ(|c^S&JJZ6=fKLG?W=n| ztXPpza3~yAFaa%?fv9^VZX|A^D&!Q+0{y>TxTqVzBKavXjOSHhBNKQ4$0JjH?GB9g z0~=Sw78`dIArtIwlL&sd`%rbWfhwG(%nCi9yNx>!kA^TkoLQYK+a7PtqRDB8lg3_hC zQ1ThfHbJ?~3yB09w35Sm&lD`ROt*Wj5OlELMqq>JfvLViO2uYUO+;nEi^qh%p{avm z53x#l$05g?64G<2Z+~)3{`S{o>scV#l`h`V_hQrOh{d?REA4w4h>!W=Z0H(0&N-JW zRq0)fh~p)mj<#X^Gr%O!iiz#Tv`ccap zYq{RWZFKY_f>-YH<*8_;Djhd~wI+1ru;{t#r~@PcOgeLz=2CQ9 zz%(U713EeLO^PxkpeD9DFJ~{6$^%}1wQ@)usLcQI2jeJY>F2}+=w;Btd$<_m4chwe zPTZ-D3hRiX^IshNnkNQL%hQGiN9CF3Vb)DZPM^g9i7L>D1Cl0xAP-Hz-SlI|^Q+de z+(3q1Y}W|yqrCZmgS$QF5KBa!ebb>^$#UbE2ex4mzn+0RIUZaDa(TEdZ z6@S#Zapa@;vh`aat&6w8OE!%!%IwaDs{9iXkN|RL)^;)UF0OFuN^D#KKA1kqVH(2m zTVH^}n7x|EDsyfwb_N`^j z?|^fr4qUXV)p{-H6p$GuIm{J|`D9>2o4AWWHw2RgF#vOM5`yt#yXN96rS7)MJtV7y zvVuuzgpQW2l*2fBbn0_cj1B{gehB5`o-b3c z0=e9{D?A0Kdl#1R->5!rz7aipAG&}>XeX9;C?Cw zrFZO=i+8H-RN{qD&S@ibjs5G$N7hRD^-8et@%1EUwXJzAX}P_FJ@5upq5q^>J<=Sz zLI#~MT2#8t#y{i;dP}J&>K%y5@J-IfU(Uu2WcH{E?^k(#d!nyt32w~g}1ZwK)NIde)HYU zJjwqHGjEtI)*_!^dj2=a6JK}@A3ZxaWH1X%Z z)@54pmTM?y;%3vC(q)?cTKcptb3l^M`Mz z6t&XXX8I!&RRe7nqnhy=&Da7j*CxYe5U+G{*QC%cB5ii8-t}z{td^RB`!J@k36`4! z=-i_C(Q`QMZtAA9t=B;Qq%LH@WY zPV$;5&Pg<273ZH`VySL)!LtG9L@oHT<^5lN?Jd{0*AuwD;K!WeHG3+}B0w#`B-JV~ zbW{;?H|{MNi!rx-EShZVt`m9z2qSgLOI_&N+!ZyRTz8K|C1Sija7EU zkKCQPjhicGq(vDFE8y3t z>oA@y?N4C?O@(Fg87bs*@0W>tTMOx1gp@xwz#)ZhxHJ7{2R}3ABjc&?2$a8Mb2A4f>v!5*7<9dA z8~S0BSHOB<>|RTlq+w8wVXpF}JtgAb;-+4rd{1iy)UeaH7&l*7zqN9@#K=_MLJOux zo=Gpy7rhX6RPU-5e))Zv75_r5RTiVYk&|ve@F!%%diTZTW8mZcrAOYm)Pp$B-nrlX zJ3}eAVVN=aRgCKRK{q2Qlf!$D0yvB|X0zFdX*Q=!0LJ$(nIMmCBb%2uEuU!k%chQq z4w_tcn$--x#&18Fcy&!#z5O@Dl-0DiQLi;eI7}9yjK~-oHz0V<$c(O(_PSz6@jnWEGKhOt;$>*NXjH!BWyIKdTa33dLg7|60*5Q>fz}DXtKwM zN^Dj9bI9k$5O+An|?dI}th8FQ7~ z;uYAh`IUK{naPVBio#34`FPo=Po;u#Z#tM2Gfu>E`fvT-H?&Fw!~o!t&bHb!WowqC zxH)AtrPYgPVU|%(i+Qq^IJHyJtWpH7?SseGaObkn1lY-5MW18an9Lgp-h`{1$rl!Q zNW3Z%0P5sdfj2*Y12@6@JLK`^4+X^>Nmz@yyzj-wJPP<6UT8;(0zYK8UNmt)BXl-ox+yvI}H7-+GSaiH|Hol>3oEm_|5y*-3OX@|<~S26hcD7CRM z-tBJCQe8{Tb3m5;3zSlq$FycV~*!NP`w)=t(#`d+&JWw1Mvk2y_>J800)e#y!pSAB=L`*$Cdu}?p<7zf!?bM>{i{2^=(b|Ju&CywSQTa2n_ev|JVkN zQ|3#W>hjt5icHGfh7-pP+Ovyk3KWR~t)fJMp&4kW9mW5dr?i?fEEjl1kVE`fc2L#Z zjq?00`_`<;##cfx zLoE?Yty_MDU){oJsMPl;)bbrg6*Oe@Whs;H#Vo1+x6q=2X%?pB@S}QqttQE-CavO9 z4t~tMQ~_0T#SM(3yr2^S=EFn3aGR6I^|BVH^kSNSbN^)GWc&@MbKCfKWGj88VJZgk z3HfD}d0P#jQS~HmHv6&zdTuHKMA`m9ud?H(;}kZY9rX6ue8bx&m*^Nos}aULoK6DG zqmKMZ<>NkBQ^j(UqWu)V{Q~|_;yVEy!>;K4~8z@^g5j)^DTbD`Netr6@TGsK% z;bGh`fJYiY&pyjQs2|wRV!E=jB9)VW+0a1AA(+N17VP(f#nkrOSc2`YyO3X))}sLp zY~JzW58eGEDMt}_0&WNS$6o;|Dwsj2y$-eO+5g+4ma_jfqW*QEm?w*iLQz-o(D#-8 zP^kQyIbERe>UXog4r{Q|GuJ2aQ{!iTr|7KoHav-EeCpDyPPY7?M}cB}kA$SY(_892 zYU)?_x4c%R9i}B+w>{lEf8oPTN-8baED+KktgYe7uUXTu9uGi&u3rJ&9kiOF{z`Sp zISSF<%0oh5GV@(&J-v*L8ruO=izh$C*SvehN#Y5pB)zfr<-ry=U+2h`SyS!bB_A>P zn`X@65oTZhLSx4^AJ43c_bK)vQ}SInE`Qt04jayunFgm!Os%%cy~uF6xM(jCHZ4~6 zyo6lYfje33kI&G>*}`-E6W~{`fRDFN&x{~5o1kAXu3={M91icj0$Jr%p(a{zncN`% z6Q@NXGS>U`)CK{^Wzh7TmLnOLd6^HNc-{I0^+JBZxXn5X@HgNXKYen@GZS-5s6s(D z%lJ@pJW9675T{&$5i{y{FoRRwlL^i3XgUU%`0&mnKlM;)i$$%i8YKZec-D%T=v514 z2~)XL7NYyJFg2pfTs5tU73T}p6LNz4Ttre#hJoVl-ji-&$ik=wcI))y{*Sm(_EuK@ zvl=0#XX0E4dZ&r0ZCA7N-csvG32GZ3$T2v#&+0`$-==utlsAPyT8$ETMpYsM6tb38 z0eq_?VR72IG+~obQ1Zhh`IAMrz(u&r&KOR$oPEf`uDdk$UoT$HGB_F5_lH02GGh*6 z@k>-^(}15!XmZa*p1+-DfcXuh2;x6;>%rs){y8YR2*gQ;>suget4umKo0P@s70)FMs z0IP{ExZwx-mVR_Bqk_j)TS-}JC6ez&4n)r zIUEN8awrQDOF3ZHIFB93m^5L2eRw+=KsG{evHtfXq`2`(7{M|jSsno;pJb3;*ZPsY z@2ZMP+oN3^%X|S*gpF$E_4`I+HN8$Fw%|T8Bwf^=*L;q=;X|-;Ntjzwlk*7EXn;h9 z4Vo;rbfyXkBiK^wk`MGTQf=su%gTQ|*>qW)d|W?qm2A^{q8%5j>XCgYN^K|-TI znkw)oWJRb72~Y(NAH_orTDgiHYMc4{xD;i~kKU+%M@Z(qem(UwJayp(aMaM@DsW?8 z&a~-9n>ixzt)OCSi1A+p0h zoQU`V^}-%yDgL(MTX?kGuWImVDd5Nb7+Z6K^+y>ear4e;8p>m(W%79PVRIqQ7x1rY zqi5{>*?t@aJ&+l?a#K+L>OMQ!@zCYTpx%VU`(|7ivIt%6b{~(Erh39!uu&K89LlH` z`({PBp{^kq_i`*D>V;-!q3bAhbv`)J5L&%vd&)CKE@f%4L4SmKtReiRjT+LpB$e8* zGIfttRR1U#!R&)SPz4V?fzRcFf7h7?2W^|_>q1H!5~8$t(?Der8zfqF8Xi)u+m&#g z%A##w%tcWu2?1OrH!u|y%0R+P!5Ma~SBBnSnZo9W%?-fHD>QDvE9xg91~gCmSk6p( ztt65`n)`2_*6D^a!;fo!|*#1)JT<(sS*n5 z4FZ3g5~3vHa5Sc9V4O<0gX^EVR=k+cJnczl;~aJ@d?(9hJ)hQOApkH588I0c4Gbnl zev@QD1EbvyDur#yEpBmh1{M>3!?rEJCSM6h;RxGd(#ds)3SIk`@Ruiozh{n zm@F=0%0}4}oy{o3;-*0Von-zyu7sjaGm#Du;{PiDXQLYvECZ2-bYphQL1q@kg5XFO zh?>!20snL0&$*_M<+@Z3f_AaTmS-VbkT0^#R?eQTch$Oy1t! zh|uvHzV6U1EV4GeeL7BDSb}P2;ij-b?IFk@1^~w#X?15KRi_#gt*@gVCVPtB7uAnB z_d$~qXWQ)_f}baP(~Bofe%yqf;Y&Sb5;b5w!sf=MsP9VlJp+K%MaXmcqX?%r=c%1< z#yrDT)&pw*Bq%LoN@TXLFiY2oSrNIpRn(xBvO^zpmeqETVH^n#skQ>+;xJ<=a z9Kw`?|3A7%4ji8M930qG+cHD{Y}OeVabyn+5CBs6A*r99x5u-Z(m?V&C5YdBVaLzg zY&jI|C~9Ro(qaAF7jEhN8xgZX2dIB>;74y?)UlZ+v*PQkT1~m9KH1kz+h-7gTW|cF z%{=*32JVkrGNqzhqD^&q3Bl}7brhDr2QvDHv8`e{Z#j)^)^x~;LEa@?WJ z3RFcS`mW4FJ5(Khg>(R5qS*lWpShVG^>_DU`nomfW_xJuujqJqzkCU**}qC7=u0ok zJJ(l|1nfOm7)ju!lU2_*-)7y2@IL z*=KSH9XV!ApaMs?E+^jeZbR}ybWQv2AieIeLL)E-fl3&+CNN1!J|zlWzweh8P!yok z0q~5NnBROyvaBLDizH?mD}XR3JuiR|eSxTPBk0y?HX2|5WvV&mQwI{JVEr1cfy|6L zOFsUvxMo5K+&8act;pGZ`fJj!z^A*$_o$im&PGOZ)HLAh!*VB&d*kcubiU`h#%2o; za~MfP<2t!0q8&Hm++y2$vPo^v|5BmEv60fK!2mmO=7UCaTl@6N*F&}eo20w=Ga-C- zSWyOTKcgpjB;FLL`knE9Z_~%>bdrFZjM^B;JG6D} zz5L>PT#guhHD)=g{-vWWqKMIP?T)UTDaRQgf)6W=@gs?7#keQS+pt_8@ep_^Bc}PP z@dRVdS|Nq-WOU1yPJwnwK8qfI@wzpVr}ZbJwaeN8^Uq<4d#KA!HgjeZKy4jub@ic< z*W+&?b}_e^U_OIFz6%p~(0ue!=wH_O6*NzwcxGGi`?TH$9+CSOqY`z|6ds{!DetJx z2?2{e1D2kqS&3 z=Oyh4D`cNco0tZCcjvgZB2}*x2zL3#YE6 z`uE32QqTt}f8?jofzv-&m2;HU3xy!gmPgnr-_@RZ?T_%^nmf;;16>Q^IC&)i7nICP zSz@O5<_B&GE`*umNU<-&TziXZkFU5c3P4HSWY15iT-^G+e)d6lr2cSSApLqB3GiSa z^a_P>%qGy3hiosla!t@KWX*hHjcC~C=-cJORRLF2Xp4m>RDndbUc=YM6>nq|ce{@} zJ$d{W`Hq?Hu@>A?#EWl&Q%xc|fAs%;$U2U*U6Bhv;&`0>^`ee`&E7sStvLEItUT?e zHjO=?-I=JQ2N%;}**TzoeKr`9e#R4Owy6~%X!m+=q0uOgn$vf*VqV|8V4e$-6+sa^ z+(qb+h3vlrFVpvr(?AzQQ|_5gJUP5R8A|k5)*KHN2sL-w*@Cw_P1w)qda&bP61@Mzp6V6?|)SbaYB64KetJ}()r{CZ?x=Vb*4wXcOW83o)klb z2jdbjTmRwNq{?*B@7+G$S;+XcoBJJOdm)#cm8c~x{+V-7reH`;B(#$itf2^~WY>@% zJ2Eo21`?^QGc&s_J*va0N)L6)3BE8;#NUc(TIh8*leR~D_QpFKtWc5E)XH~ebntmS znIWBRcO3A#!xO+?RKo|FNYAc*eFmJ)SMv3aYjX4WZ$@b;9!v-2Vfafak}==BnCvzV z$1cYP9yyN8ji^J{FyXv=!$DGA^#pYamOD7}O6$QlzT+0lt6$|=Zwe6-xQ>&$jPG`% z$Fo+Nukofwc(GtO&Y0;HIPf{fFPxAwMTa9`n6fBcz>~DosjkrVzcyUSx>Xn*Z7K|- zoOrNix;5YBA4@#M0jw{B-Z4TiSA(|h06_1JK4q*$lJNismsas?2I{b=mmj0<-Swx$ z1ML~xR~0MW@)?XxOF|xlmBX`dzEeVC>dM~BC`M*q?JMu5;#a=}6sQ;tGf8~t9;7h% znKa&FlF8jii|-ofZ2O*~zJ(A*?phOZj=Z@!RdQh?o$)kZuiDc2pLmQ@R|TyJR{xYI zD~JtW1a5z(0}(=qYU!Wyp#`^9(mf7KLemK9X6oIUj4rOvd=G6hW34Sm$=Yb3uULAf-pcbb9YU2L<1`?G( zduS4c4rnqZ^tDDF=+!lrJP9NkX zshCf4?LMg?YpKy3a@2-aPf{dFt%S4b*84YKdAwY`bK?q(C8Pk7Nq-x^zy><_$qH+} zY@IV7EY9N3r`jz0}S`KiXfG?jHpzZS7`@7}d343WfxM6!>b3oP&3!_KeK_mu;xnTn(1!`MG0RXkbo_I$-l0P`0 zWoRJ<@Ndz>CE9qI&0+LXk)acwSf`rYdTr1^Y7nobqLG|jD`8D-kyLhm6=c8eV&zmTcE;3*b9eIQHM7N}iX{(A z&60gz7$v*<9tDcARu*Ww&P1sasl+Kn9 z&g@laFoM^u&!Vdt*5ZdUy=3&7&Pa6K>F*o=1uyckUHTmZO4?9n=?m~hTNF*q|6ZSs zF@F-UF-pdLq&WoqdPF+tbJXaqzz^Fqn!P3?&y!sGl4Skd#!wLS?~~yWbWKQxzPj=j z>YLX65rZsChKh(T@nqhv#-T%Qw7{pe0hHgW3=9kk!%Z>x+54x<=k%Hw*k_QO-Tw`g zFaGu2g6){^Pi!&G!$1b8_^^V+BQCH}_`_4E3Dpm=RHvj(&jp?Dc`P0USw%NRTS9Y1 ze>!E1>R}?M^g0*vT;t7r7bly7Ud1Tap(f?R(**0KQxdf|09G2n6kz$QWaicPwM&^` z%iyAWF^V^KB)wCDG=Dc(`i~WOJ1_^vG)1RBX5|b75q$Z6NH=)loNVE~F@Ih3%VPPj zZ?YV|ea`T!*24zvl-lgHTWQAmM~P#K7PIZp&K6)1`X{g77$xo)r_v9YPFEfF#X)kv9Q9 zKfh>FS4|*Kn}yHpXQj*7yV)4N(U-y*nziF5pYq3)cS1PEKhrDzOy77lZJt(qZdD)X z3K~@VMi~W$KHa?^-S|9Z`xIfI;g2_0^JZ&Uj2)W-d}u|RAiua~(cb$UHmo3^P(3_9 zmQV5~^@VZ;=EAi}TGqDdJ0K}187CRjn7i`VjSX?G=h>fw8R(Bzd&hEq|HqJGdaC5H zHUp^*8X*RR!_@wJqmH|DOqy)ry1B<+PIQjY1>g;q>$o{-?XO6eug8%Naq~lg^SRlGpID@le z1qkN<>%x+=oN)E9_CyfL8%pns8*+91r;B5j8iSidEY{4{>));Vnzk!+UW+N_GaQLn zbbc)Ddhw>D9v!X2FLxKU$AYfLZ)M_A#-*+~Uk z$4A?+ECj}VpFT0l`2NVpdcCfMP(mci=Im@Q8}YJa8zl7dvt&hx4P!2DM90Uk0!S6! zAf=@_xZjQ~3|cj{K=!dIYQDh+u=VQ*d9WRaA#NR!7cBbQhdb?&#U?3HpR*&LSE{x$ zX#ur>{l6qud`0)@_9wb3%n{P`+rnRjN0im%m3-214slclF;Np0-&;_lTJ$bQ_!ML~ zLggc@(NS~V3?_*qX+u$oio*^n4%}@n7kJ)*2CV||&$JSn(l8&GAUIJ?*@>(NiTK_n)N z6$dxYT_=7yI-c%R#3oy3Y)StjA+6eL#LJeA@9PmDF+cQyVIS1C7vB{U(#6)J_AMd@ ztihBLfIxDZ^{MX-3C&jgHwDcmWDo!$8=$B_0XW#YI(I&@_#S?Ca-O;u*)qA`t4@$Jlw7s0`VB@E(vW z(0K6)_OQ*v4pS)_WTjX8Fh{K^l8}K9^_#2w35w;u2XDj@0!kd-{hL}6dkjnFTH3;aPrFcn z1G4Fu%E{?H43UL@>SuMAub5P)``s__yOu@`5;&ocWXFJdbMMW3$R*7xQ zkRZP)D;h;14uT!NLdk986qNwmNpyS!p~h~IxS}i#lRJOZ*-PC|d<$a%0Rx-B8i3a@ zD?du7NN=3ODL#(JA+&Q(n@D<$2;TIWe1Dvd?>RLA@pY8@v%I3L!M8xYVl75@5Nz_N z)%uY(5aeFm7-k<(a=(zC4x#a16P2K_q5Hj)=vho(xN&No@H(OMPcvlvZ1Bo|7;GTS z^ucr$9DlQU={rwUXm@Z8w@Sh$37;~`kS%jaX8N3bQd zREOCz{B+zcg=JZKLNCRCO7ffXWs98)w4WM|4t2KyPkatQM$YW<1AlX?J z&xW6O2oU(ZTlae}M6k@X=`(9;^=~$q?)M&{vSM+%sjMyAL8s}v(tq>37Z3OyS+T|u zID2yDa=27O*a>JyhF3V8!2~2fI9ub1GTgR;GSTVzU1^2mW^>hM^9j(NKrN|04r{ z2MFzE#@=ZE1o+g^<9cl?apb@Os9QC^VsN%7DKTsbHU4lo$;>t$Q{0`E2?#|=RaWMw z!(E(kz?`HOT1C^0KeiOX)LQ$O+IKRLg_QVaZJ(0;?#;*NKwhr{=7Ep&(Vwq02QIWE zZES3Ii3FTFKwhbPTrsYW^MAw1eQ!XT)~9eL$u6VENu=JSn9|T{xbjyIJ%vDQVE%=n z{dHJIASq0p_xe1$#r#)~H-B$$Jw6$h?{8Ucm2KI1G=q@z=*?q-5IC!`C3+osU6YRB zfqgEm@>|0YlQZI8pD3k*=f*S1d1Of)Ek8RkBQ19Ewe_p_G?dC^!cqq?s-s>Ok+57# zg$-=YpE0-n_$&z2+hGA(E=DWsVVCoycCkjK)DLDame0n`w|DD~<8URKNqjNfGT48% z?glMjOZc8%NK6q`73Hq3*xPal!nLf^{}q*BLO@(Xyxsav7td(BMe+XW10<*I#vjwQ zPHMibBW!kRpyQ+33LQhM#8X~Vz}Sl0hf_1j%+;+wzpZZ2po$4!Y_D(F0rb_od`tN+3_I zR1Z5NP+?R3Mw=i7cv|vQ%_VE+y5sv)GxGQS-oWA*E&TA)kN%K7tejT!<#Q5PjZ>GL zRgzul@a1~xzp4|bneMSYz)i+xyRWaHb4laox*qhgWSgkdP4_( zq0D{h?Y>;^zUR(6g#JYPQF*r1v=4O+Q~u2fFv3b~;w!rjf0vT+>gSpH%ecl3o^if7~lKNn#yD*uAj{ekfWVrEI<$L2s?&!*6xm>P#7 zugmJ;bXcHM+USAf@0#x7a!#K^8bp)LG4@3KscEHWg4t7D2pzCaJQuxzGDZs}crOm} z^4_!Qm)mU23$X`n3*ji-da!Ot%i=%$oh#maTjG>S*3EieZpkc|oMuu>%gjy~?iA%q zfX{+40{_X_y{SIdvl&YX^LqwccIrA}qRply(>K6n`^+&wA`FkLU)jNAONiS+S#6K{iHPr|>Yo{e5!l?9A$cOv+9=2=+Pko! z6)IS0139ehe&+m#8)H+CJ*+H&M!MWZHz>#I|;&FzxTGEt6Tr_Y%X4=d?BCnBPXXp`~~nC zEV111i9ReC{k0bN$pMKe6U)`D&18_ck4hH*hg$HAx4LxK9YIAenDQ((gsS4h)kQ%rK?tT(B{7|82 zkyL9WMJ!&o{nhg*aJ|pUQfen)>XXs_-2_Vmg*Y8iPID*v_Kv1^`m&%-uxtS}4m6VX z_`~Y)5n&rYBjMObMzag`n1O_AM^>+0u#~{B4=B43Ljnj<*)y_Jx5cbf!&TUQ#79EK znWu6-E{&5RjJ9&r`$I`9=Uq5UEWcH%7-9C6FU`6hiGy1iMxVZM3C|qM^tLKC`TePq zhK_U_)V$q?>2B@u>uKn++v++g1*4p30{z!9w@;76J%!&W3`o&5V>n9xD4XK`^HSnm zY-fsiHjvQ$XY6}Nm>yVLakJx8%;GmyBbC8l%UT*4fmdufud+?&+OtIF zJ&$9aOWdr+Hvb4b<>MC|^%>2tx)tvr@0o#}ZeOB5{^@TLF2R4ThcqTolfTkV%8;KR zV4!=Spxm9g)yK*_+Qb)toM4fpBqz)~E`WQ?F_Xb^e9H2D6L1fy@_Ee;;86@~f*vD^ zng6S_vkq&kTho4UDNrQ1LrBp=aCdD}XbZ(PP^1)hD_V*aC{hTnh2n0-B}j2=@#0e4 z9VWc*d*+-o*PJsm-?#rruARO1&RWT{?)_W$l0B1B{T^|$vAC+N+|kiX(($A|sXjT`wLhw-ND1ZQ>iT{%>0e*J#&{6#@|IJAK2|4gYxNCF*G1qZ z-tWfR+76g3!~yK{MnBrdWwb4lFf6o;P@;$YMM-A&9qMVScGZ$*yN|)v?q#(0x&PI2 z+s&#ZH+Z7i%}ZT4Fw6)6C zqhr{szTa4CJEv}s9^djxzWcCvd7jGM*41+TyI9KC?dX&ukY7-;{9)!yt!I1!q*8>~qzts#1aLZs+I3ofcTRSGWV6t6 ziz-8>v_ZYlg`7=rv1jPe-1%5uuqGVmMouaWhe3=*2@_f68r+&+pWDLTzFpEg6_AJS zqW&ydE)}w!y~fR)X+7C$l{#xW8JL_r$Nwa;&w(wxe$0W*3Kk>pTxn=%Z85lea!7}A z8bKawcLVqSB25gb$I)+D>s}GWo_fFv=HBbGZcS}4ZXNK+#KG*EHa!&Rs6K@&8{Lr_ zGk5_I@>6JrR?wUS-}y!t@;fT}77YDlu!~|iD5!)_7sMC@lf};5`begt{3shvD7zt=tw1dMlaedu&y<8=IE;TLObvk@ z{%Rm*w1YzVsY_*5b78x#L6V6;H(a+*_2% z_6`asv+F{aX2RijR zv-y3Yw!#=Lsw&X~m`(6#;DnGL1}F7W20w#%I3dIKGs>tYGtPz}sKcB^4u#_hXY`?I zR)J-BDDEU~B_4yGSp_}<8-kEwf4Jd^6T|j2nB_gMhjib{YaCD6m!r9}DYyF2C!Qgz zE||{}hV&j#4ALC-q+fhh4mc_|^f-*asM9?X=evcVgl zvYFGcUxHT6EXe>*9~fecB|{(|Q`k{-#?*r}(Vr`0IYqNErFABglgP4yL*_K@Ka<*o<~&gsf{XO>@YRyea2#$)5xvS~s?P4n;ia&+GB}z5B~u^e6Vy&snXl3T9fD)1^KCX|J`ATSh@Ae;wOmsZ0LRmp zobo+xr$qj0nF@lbB3>5{q)5{7eFcO3r9R^M&PVMH88mq|)1RN80VGAE+7@HA6iZWD zHw!zM$;(!cf2jXaNt=a4SA-Vbm>=!opDg#UckiVF9$#NI?F|_rfg~>h)4|aUK%XWT zeg;cm3WALWizpOs@LX4^XH(Ef66jwNwzuvR1~EqC;~7f)AdCHlN+EfwFLkN(p-hZO z7Gh=k=#|=Nm)f^$BKuoT9#7Qv5j89ZZwI3G^}K1ABe1o{ZrYUB{y^?i6D)h}_RSk= zV63Wc&bYF!Yp-oc3O_{+%WnwhM?8Mh!*_(SQWE5`e1_27n_m#hI%iC?(n)*YSI9F6 zbj_F<(Kt(VRbG(1-OCPFdOtE&H#xgTV>h!#)2+izu|5quY}15da^KRK4SlU|DWF2+ zIFVTu@&e2sf%3l=2-XOA@+#x1Mx;=PzXMuu(`?aGVK@6Vp{Lv~GXw|Ez#QKk&-?v~ zc|cE3iYa}Hex{`e*-TLYC!<6&=>0Y$o)Hnj9co%UJ81jrYkj`mv;SV^*w^vo_oJIu zFAF85A)iUI*t0==qk~`P`F7Z5L!D+AvU4{&E}UWM_bg`B{BC7#pJex2BgeKUdtu3p zz)rI<+u``hapRl`5^RDrCS+TafIz~-KGRV#sXO;Ph|WEKm4DOmSZYcMrjK2n4A>fM zq5#o(^cW1W{}2O%ztfck{sW0!AHt!`O5778a8?*+V*GSK6@$N49QNk`uL# zApOk~*it=x;UO<9i}gdUP)7;RhbaLmFq|X1@EyZ;{1sV3**U{^k8OLO_@k>2qDcCQ zjlmAlm6wT7yL`g1lF*%#XSnW-0$&&CKj1BxV?rJ2;E0}#Euh|d&=T(XHnvp2^ktje zpzl|yHrOAibxUCBe+9ugVmChr#y1cVn414?%~tv_(lmGht*S&q$qTSVqyZd{_5R{! zNe`Y9GUjLYTRfN8M&u-yLc6oXPhG2Z4agw*7!Vy`^}YsV0wc3f0!#$aKQ$#L+S5&x zJl`Nn5AQ1Q{uT}!H3^48J(s=&|CRtt_i$XIy0Xm99obd~mt0r|Ny%TJ(3NQZ@Vauh zb1#?d_>-x|O|jP2ey<*8x!2b;&(j)`1a3`gdrE>US%3CTJo$KpbwWArVQ2RN5d>R; zUXIr>&HTpbJt*lDkx0^py4*ZhNOeQBtDQU6$wD@(6a@M1E2JkN)z?ChE z>D8pK_k-&T!F?lNe}*XLV|@E%qt?1>w^CuFfNc@#Qc3Xf!<+dWh3~4p(f+BOE4!(7 zl+DQ$)XC@ZKKMkj4XxE%=UWlfLM^fzg7!C}`$Il2DMQ(6WFTZec zcm4lT(&P?Oq#MPpuG59=<`6Ai-F7HH!C-LCDROu_MT6ix8Oe47ALM|{l@EFI3HmhH zGU&)#)8ROp7J`G6?ry(F2ImNf3IYY_#0UsoafPVN_yymQizM(>76hcnYPh=H-vofX zfS4&vKvSIoloKPY{Mp|Sr>4VH78?;n>8dys2e{`Lw5Jq`FHu+GOum-!160ZGF@`WO zHw`PpGS`s*HFg*qilQW%vWSN@Y9FZ!-*S~|0jbr4DKtn6d7!l((+}pbkBC!NT zvolcIJ;PQlAWwc|g8<$0P{5)lR9hBpQ~?mo?1;_~O?X7v`Zvx2AmJ&nurBV|j9(0& zM1@iGDO?-CIhKu;{gMxiz~dDx;&*Nk@LvT2-por`=|MHdV)26i&Ne{xKsp_&ASlrR zh!sp5{v0X`7Eh{Wjt+qP>3HHkiEJCAi+%ZHNXD8F1K&~;`x6vl_Ngho7)J*B@?s&! z1`^7=@DK~~VkL)aJKj5qv@>ToOeFv|T91tY)lDb9coUA(T0y|~lrSI_&)5P0tbr|2 zj8+C_nnORS`bA@R|eXs+P~bJV?>jdlVhN;wRHk@V2(PR^Y1~Xng?)T#K zkki(16wKJ6k{q1N|3MGp9}fugv?s6sM7B<#`ugjrCbaV+3>Z5o!wODS<7jSIxD{e- zAb$56NOB+H$achEFJvnBP$c|UTLM|7{+mX}=*6F{4rEHg!#B^NaS{u!x>rWKC+k~M zUt3smAxmm^_xP90$yN@==&pB_3CEJfYk zO0O6!wby;NUSfD6>E?ay1)xvuUfA#D$ktL_IG$LHelY3y8yEGDhL5+M^F~#|hhGsX zjY8v5eChNpZm4zpduPp3zV%$-bVI7n-e?qWcLFXYZf}6B>!UCgu{B_ER>%IBY6Q&w zT-bh74jZjQjxbnWkjMQ*TMzo~f$=%=?J(VGebd;n74JQ;4@I5?Nsucy9R|sMEHQs;6aVe zphJoT+Je3wRMK4%e8bT2Y{2K{4f4;^$@xDTTZEB!doB1hS4IgkuC%oz&yj=pqI=Dy zK|S%JiJh*hk?l_Z3wMiwra_$ddW!zCoZ|&llVN-={Z)4shlW>&&x9Mp@&2R59=V_D zkwF%7C(L`n>GtoWXqtx%GAn+6GZ@=_5YMD$pf)r^ONPW~=0OS+$wAT}1>q6Nc?rFh8u?ea^-oS$e$R}LlBPVANy3}T`oS%JW`yL6&uoT@ zMeP@uJUh5faDyY$fO_6hF>+KwH!XIX(bQAov5NYxKdJjl!p?+T#faB*mrRaw* zS^qG*9<+*=nnWhN*okzclV~IkmB=q)CX4j%7Q9HJkHwEm;5phDA^yGl27P2dj-qi7 zVHSAz+&2I*(Q|KlwVdfJyo0tkhEYnsU$qVDfG3LXZ;Y5YmpVz3>=eO~l~^UplpKtP z+w&CZ>N%Oo(JMW^TOL7|9G=Lj2)QnN&Dc?n&QiUhNk2{~@Pk2H7J|*1!3yO?YWq+3492t$T6e>7eQ=^r@&&Q3^ zVK@M>tyIML5rFS4SF*#k6Wnuz`Z<5)M*58l0(}5qHKy$a*M0S{(vm~?=$v`YCRF~3 zm9v|WUWC6p?(-+m(L=vn_6oFafbmvO9!kz3EEq`}H9YDbWU(4@f-K_nB*lzu-!S5z zLbP>)V_v{&7DG@5;uDWVr4j)@a`K42-#I_E4XwOcH@JT7eNE7Dav)|D5aD|E-%+o_SkC9ct8zPKR+RiM$iXJRR)^Ec+ocr4^WcyOavUmxI-`|YX@ObKUpfybwCd=dJxSrr_&E(L7*F5 zb#`X`s{@u;NUsoHYqMVKq~t06FI3-V{Og}a3_Z)(K4`P&<~Rlu7#gO!Tp^jh z8|&Tj9};jFa?E*kCi-N&pcy*zpOE0fi(2#8YfsZm$Gped@3a39FFy0neL4wIZB@*S zwP-GsvL=)-XfV{C|1%GBBT@LChXcq>nWz;q4q(tC{!t88n0YvbR?^<-1`~t%pnv!G zo(jX(A38}p%Bv<-FeVpysB3$8ubZ2{Z^P~96$#XBYHskaOUT6&e-O-(r0(57RId$T zMfi?5_%^#B%Zvv*vlyLWdVr0RmqzYQS10Btn_p|n09iYE zXmcaxZ2bew*;(==W8)$Tuo0iWbyVo_i4h8B#rg}VY;H$bFs@llg+_px=zwXyGp@A0 z8|VwR8bpuy6xVZA3! z2_iGkqoIcp7iR^!NvQBGf^(o69~33pw8r*&j1C}+Li~|T7ZUxE2{gguLd|KhW!{DI z{MZg33xYE^4}mZSIp4Z~r_06u;1xn7`y)Z-ua_!iB+ab&QvKZ?#Wt`&e)y+7df!UW z`iQhcgSMXl5JAZE|2W8sY`sfEkbrzoEq~fU_nd9{CfD`fzLj^A!QcauTeZKRC6{p z{C`V7&(@n;>Dj6y6i@;Utq#B`jS@8}lPQ2#T>qxxi=2n)m_XfqDfy>5=}dJFKQ$xN=0! z>xAv#9+f~7y)3$p_8w_I@E#WAV$2C5vW!@nKZ1w|ae9k-6PP`mviD`7PNlgIToM=~ zGkUk5F-Jdd8uBO7_KWZBBd!Y0+0e8Owwa7!R;*-MgAX1-tW;mu0|P(5W~F2?r;el; zew!##dJwDfZ;Y=gK0{%o@g>7Ye-??Gp85@|;sdh8D#h8RFMC=OY69TrP)fQv9=u9` z^ix!OXFJbt0?er&l)}-J$&t}s?QYH9Cj#I_7~3+lU~&RVA>bNzG-FrUn6QF3rh3_r z0&^C|dqUfml^jmn%WpINktW2`)=en_m}MOoI8Sj8pFw&iMWXv=!WlVJeG}Sc*@aw- z77EU5%_e`1_;KWCj#37VnomN?nI)b2k)ITT$1$QNUt~&(qQANcW%Z;BG=&#}KK1fZ z?BrnY3-?|8mZ*n{H+mfwO2OQCS$DC8T2h->^I~G6p1U12@J2V=b6kWOclY0|wJoK2 ze5pk#>4lQ#Ixcf1R>&o0qVr1f)^~&$z$&D!g2&sjD*CY~>Q**R&v^mGb=4oNlFLbB zVR}&BiXw7d_2j?wuj$8sI&hz~-oyTK;PP!X(~Qf5^PeEXdmZ1lxvU#PiK4_;N-RjX zXz581WkhPIJ-XPG0A8|;6~m9A2>=|+G(h5r3v=PwWzAn6LZW-f{!()M1HJ=i!5UqqRH;Kl8URxX z{N!H)qf)ng43Hxk9rqguf&U<8lP5<5oCp2lVm;XlN^bi@H^-Aqs9D%REriH;EY9c5 zV|yvy*H~X=Y?1LeTQp*A$(C? zdsk8TV`4s96dkSNndmy-h-z4`HN*6XPPoRsF}P2ErzYlhHa?zuj>H=Y9-UB_>mEgXGQ9)!C`C!g*6tfb)3T0nW*%P=`ZQ7d2so`IAk2|X6#s*6^m zEVPW9-9W|t8)KYXjI=ytTbxYDX~wqHzON7=;vi#aT?LC7D4}|2?PUGz2kx+->raAi zGn6Tq=8#7aoO>{nb#|9M9LF@~qfVBoz^Occd}le+WBff2A(yBIzphdABK-t1J=M~f zv3dSpy4urIeS;s?U7+=2(aPz9gQPLM_EizBu+UuQLP`h`B|`m9QR&6F*9vVp<9Y!n z_#;kQ7bgjE%!n|%f1OpaUy7^vslF`VYFtD?IL@9L*=Pu)GUfSLGm zA{s^cck4!C;<{XB8M>Z!#CSUq6~X&hxkZ`Q%mPN7JRm7MS*&*nFnXePqBb=RBIDRk zvo7BqBPMjVm>C2TW=44K1=*65rt{Nd7zP7f^7s9gAzEb-or~PKaMFj1#jRDfw4x^xCeX+cX?mWR0CcGZQ(l!GVCd}j%iO-IgyUXXZC7B>_JFW}EgP^?vb#&?JH`k1Y8(91pm~XU(o+yJz0>|4_`{5 zz#pUb7OlVL0@g}By;|O2K6b$jG@yMAsUKhU1q7CIEci}3;5dt##(c>9dZVOJL{$n? z(j*g5w^bke%{RSQ#MWY&+m(x~%_3PN!cUeUa`+*ULg3xi)t^ccDg;xsZ>b+rr;$F> zyYvYPs$k_G1J@LCfa5|CUB(_%d@Rz=jS!XfBc{NeXM2VycQ4~epXHE>aCN3}3cb0^ zBTwy{*7TW+B#oUDWo)E;Mq+`Yz$aEjeb?d9EYnMFZ*o<{M8+c(_1?xzGhQH}5`MbI-6K*<8jDw>S)`D` z!ueJQ()N<<1W{QLe^OFn;xf+`l$Tk@&^fe@%q;(FbkHT9TDB>q4|rd;2t*bkM{5PE zv5Hw{LyD|0^23#PC%iSpM7Gj)G;RlV#qQWJzcndq8474_pD-nCJSpFgP= zrpaJ~ItGx;Bsg25I~7Mh%E&<%h#AkiHHMXeV=Y4n4si(e?pg+>fen5NeS`zc3Md6} zMdSNSv#@D(?p1lzx=L#Uo+8+=bQ_snlH^|3Z*iOyf7SBP56-SddryvM8~ayX!zctexcdd21Bb zxB1F(IvG5*{9`_?u+MVf_(%5JAV$oxAS^(%6cu>S`gb}k@gC;Ur?U)80i#h9)MKN5}a zB!cm>p?syqY_A@z9czVRpD$wIxspbz81GADO#AYN^8uD*S~?&in^-qJX(>;p{j)nk z0=!&{9w3@X=uuW~n&1<`Fjv zj=cQcU~V%tmFi+s0Rfs%v~s5=U91LZHZLB5Ud(iNlWMTfsOA`UdVm!Yq8sQ>Ml-csVstk%pq1b)EG_TcaCB?RLGtUo#p=UeDau{8 zdE@WjJ56JF-WM2tdTzr@EvF3U3+%SXmuPc5J}xBk@-6kiw=Kx$7;yVrSMChd-F&q< zWgosd*)9}2>w}Ftm16uvm2`H_?DSohS$M}0vau2yGqf}mLoB)LNyv38xL}BdC+RDO zx1%UHJnHp@6P%8=Z*(C5E|xemx)7x^L?udf4h{Wk#pECL&G$jw7!G=AJk?_0;(-AL zodHt6Is97FeUWQX4RQKOQ>)TXb6JwUnp7ZVoVk@3hkTwCa;)H9?9lbP4))t)04F?! zT+C#`X9Z1py@bJ~o{v%7?Md?pcHWR`Jrl^haS&sOP*^5G&SNpD-L0Vt5VAirhL33q z_FKuV+W-uZS~vARrghz~^o&=Pmfez6OL`(hew;x1$;X+uLs=u}lC187D{;=T~rr%pYdk^ z&%h=3viYzs)h^z7gWmABX|bILmYiYGLmpuD-Pe#; z%dfV3zGs<#w|S%Mqj;4nuu48KKB@5C6|KuKeMg9-mFkJ9PJ!(G*HxQvo6nYA8a98AN!~> zfdG*uFig?D=*oF1+}~>_JS4<=f%^Du`m0Xln9B09i2m;tYmQ`N^Vb+6>ou^LwjW{D z*i}LAxj4Yu-?N(CHGfphPY4tZioM_G2a*S!Uw9)koBPpEK7G;3nbSNG6z}rXqNcYXx#297>nqy2p@Z;zq_muXroUO}XqF7W- zfeuBPZbuI&Fq7FDArEOz97@qMB7dqH^_chM6&VTDf1+;)I}b{7f$5%e#$;%=&uPBL>r7%K8Q z`!`JX0B-f`V6Iz__Zny42bWvJMP9Z=loy~vOCiB`696U!cmqk1(s3Y2H6UQ$R zIQ%mzAuv!b+djze_T7TPPGYaUHZA%AZUC<=wxNvl7r3|@O8QCEbibQ)5;_l`4Z^Gn zQ;-=fC+(X~8cP@wa@+H-Ava{>*VMS1TnAgD)`Uq0H*x6Xchi`#psVo;c!n#8SOksf eUv8ppw-0-$1cc&BHuUcw3ZkN*DqkXN9Pl4@qA7#` literal 0 HcmV?d00001 diff --git a/i18n/ku/assets/img/android/rss-apk-dark.png b/i18n/ku/assets/img/android/rss-apk-dark.png new file mode 100644 index 0000000000000000000000000000000000000000..974869a4e44719fa559f3b966b8012e04e0c7993 GIT binary patch literal 51238 zcmce;byQqWw>FpnAwVOIySqbhC%6TdCTK%&2=49>HO|} z@4V}qxof_=X3hLtU8nY`+I60-Pe-aM%c7wWp}cza3Qb;4O8wQV*I!<}f~P=&gN+15 z6!g7%)psN>^jLvGA;?f?C#!fBmSGSud=IwZ*R!NyiR}f#dmhP z@2usAD!RI&t+0Su^;*u)y6i`@n~|K)`Z3RC@~SLK3JTbtu?LMLWsf-A;~gc?s~r+FP5fafv^85w?C=hMqV zH>IUk>$z+rpJma>J6+alI-UW}cr*~xhtG5Se*(Mi?`6)b&M#0-mRjQZnW?DmuK<7? z!^)V7KjWo5uIzgX#FU$Na>@!%`_WZ-iFSJKWj|~L1O@#)4yhk69_R7XQJb5ZmhbP` zkWf&`Jg?$h4b8|zd zkIRLMvFE&WkFx)H^O=E_2Y%YmeS!-(~;-gUOV+xngNq#OQWAh(7Em zqH1DZ-dVr>!2wbA-qQp6^Z5gDjs_@#9ut&@iNE6P2^+It2d=^ww z85mug+0a0CUZX)j8ZkGxw4{)Zj6Od&+xKEthwy&jt~QlS?7pGC*n=A^Nzb1(7+m3Qu&Q^M)e7!c0+{MJxXt{M;6bhc`o_7t(gBH^65%=d|%dPb-Hb=+Oo(4$Y0lFFY>_u*=$MGN&sr?@1ya z(q@7;Y*g+t6FeAYz5A^?PnZ9P|Ms``_OF+je*m3>&n%Qv)4YC8dy}xQ!L&6Wyx4fG z6rlpO2$i=$@7R8Tj7cRBLv@=4?*6W&Fg0BtQu}$eh2E*FC=73{T!qcRlhBPbI$FWj_OLtjI_J29(&7rELm6DU8FuFxN+S99Mc6=a_)E>MVw{}1`pQAIAr-X01T=zN4~W{8AX6}ywz5y9qI9*v zbtlvG2c?B8W7eBSs%NikD3$>)KSyzWVRk|Im)Y}zyg}L{z6${Xen7&Xn7!pHT^I_z zBl8Hiay`*#?{!D|ipFTDJVwg0a%^xs$i?_OUObol1~MC1Pn zLZ7n%h6cuI87#3*&oA!=pgB3B`H;ZC>bkM6E@Rvn(t83W`i*BDaW@0(Wbr(tuPX?23=o zhza;G%M^NLUTwPg8JydZvS7aR zdOTe`uTg+mF_Z%|6Z6#o)zRZ@@1DftO2g_;qm@qu=Ar+*jE%U_>h5ObBvnpXWo5ES zWmVN`FI1@UxV6<&9R#zW_6P|H;~2+cfo7te_k}Lx!3_<^mD%2*@#bj5MgP2V#A4M< zrJ>lqeGm*(BAOwOm$DYJD_^8x#u(gg&B9V%<$E34bil+(sr#JV(6BPioV)Qu7Na9F zUh(_i1q`{63jQK$lz{hrP+VNcVB=6~1(w1>6F7RX(EXncXzc_)T>DXc=i=wE_!RiP zJL$oloRQt$*UaWX{2wvAZNk3CD}EGy>))9T$ji11kSpD)Pry3v#%Lof_N>W2SzJ6Rg}L62md)dL&o}gG$>E1*s~H$4fI3yD@|HSFr=XW zN8kIZk53VjeW5lftOlHJq6`cy40u&H4=}5xtjzY$ewe9fX!P51Po9@$DZfH{YolNW zsyMX@1-qWR@jvzu0fV$mzT*JNxAAdj7Id1RI)_q_&1j{swe?5f%rAJ^ZmhlO6Ht@= z$y*b!zAc>WE7%QXH-jR?zC8H9AU<9|d^Zt2g;N(MyzKkz?*oV3r;(YQZDBaQ zRCayE*i5P}#KT<&#a5v2!HKEPkBjrOUa8xULwmz>aby5jxV5caIlonFU1SIK|L~ji z`&Q*jLeG^VBrjxGCS5Of0$~0v@p0d?A+95fECfnatY4RDemw7bJ-Vp!^7@aY?@gQ$ z0}+yq@iaa2wXk0`G)lQNEZ&J}NBD=hg7U*k^vePEc>CQhNBlWm# z=MPrM*6X~ld?a_WQ;}P(qfhR>vuJ1aN(Q%O(Hh?a4Zi(`6XLIV>I<$ySC zZ=Yzu`YZkC^;|J*#{4Hfnv0y(tS`>Vc}%^?d8nZ7tB;OzP0ww$lRp> zFTows;3f+e{^q?oG4D6s!~_|mhTd9?|~(E&asTfH72314(D*)Oi~*<}y8&C`wO4{fp9~u%crB!$eYd1>)2y zfz#!6*f%@Hyw@bzk* z;$|I=Q#3f6JQi6?oU@?kC`zEZD|3CBcB)8?*~2XFI^PlSts)lQ$5w}-S@RTSlb+Ja z#&7a?Gi+jr3N2y1MGYSna#I@1Wiow(5?k?eQ6d?osQZ9;>qUvZTPY34R7#63k47IY ze2uL(;yA4DgD}8sW}KvR)Gc8LN%{dmI}I$Zxg%Vr=WpN}YLIjXY--LZwab9D; zEo<}Cx)^TnxBPg2Qy~8F*+ui6_p;WU#rAnL>?XwnwT(gBBV7Kr#KI8{<_nJ-4CLvW z$J?aM7l*kY5z&q5B!d*)mwIOW&ll2Z$|Eu7$BeWGlvp%%G>n?A4&G!|b%`cIOeU?> zYQBRBQN;BQFkYU9aq)Zn2HrDp`#y(f#=jiIyrKV6w6~Y3SJf|mAt_9CSzT4lGGVx zsQr!sC`e?M)dnp=5FDwN7C3j15_NmXV)a0Clb*z#ApsDL*Wh$-_9uIVL%ic;a%gAXpG~I@%Et+$^evTW->jH zyhcVS3!dGR*T}t1{}7&Ct3cECpejy5>16$G5)kiQ)p3tSL(XmdQSmb%0ez;z+Ne09 zAEl@(o=|$3)H(jM@V&~+wc%*Y>u~C-GXP+y8h7f1I18@gXO6>e$wOQbl~@lOy;)p;;^U@_ zG6w9}qo>+N%!E$fgqcP9w|Gb!kEHUl;X|!6nsr!mo7X1@pc7MLIkm_86WQ)OQ#?|4 z%?D!m&@x-2&WqvP#9Fd<#Tv-?pPE|84XaLo1WxfL$!z;!ktW$-9;Q;tkPH3d7bi zGm%-dzg+V*BeOMr9@gjDJ?!4dkqPi2h4L5%6`Z@}+))={=QF*0x$M}&=kS&^1;oZw z=#byK%~w7czD6FHw@dqIilq2>jF_qEZtLIxU@Ox@l}85iTpi6j-edeyYsQ=Te6=h@ zfkVmSNJ*ZDHnkzdDXo7)sPEllVN%oPnQUi+$)HtNE>n&`PetZ<5m)DWIq$cRQLAm_ zc8$uM*7Axc1}7yY#c(!1UR5keNRik*xjjeF7ZAjwd9X*$XZL)zyz{KL8RG<|{BU6C z(^6^E`nZkycGmb7(_3=_!p&3)XLI*KA=sMO+ubyE9GNX=ZHx8Cmpc<|1|!Wzg!Dh_ zc6``$eBU^M!Wd|RPAZzSm@ zTGg34EVckRVA=5EZBJOi3wH+OGYXh;P&}ggX5HxQ2sYH@FcgdHjSD?Ljh3bf9cVk7 z6U(DH)R^utY$MqGTtF?qM{v!zOIxFj9ZH(r ztN)02Em>|!JTY7-biz94V;TZ+F;%zuGdAMcrY#j3;m#LO0HJ&sI|mO5fAN;h)tef9p1vn-3kY6I7^tDy6kHv zE8Oe&l?&u2z_7Hy)O?R50fd*V`Pu4#veS29nO>0Bx2&R|Dlnn2H1uoJ-uTj>7L5i< zUfMiyCb~iD_%x416XsWSyU$xDmbP{##|&ml5!69cHJ6tkPLrQc-)zf|NBvW8RD-l=sa68z=PUq*;9&R6V z=>aVBDr>7bfLJ9fKmb`VFV9Oda@4l`c&^FkCRppCb9z$e5rX7?$s%BCzIG|GpQ}F= zd_PNi-+D*f>2sWUg=w`tJG}FY3TLJ&yL=)YGO&KsNNwg$-1al8B;O28U799y<^8C? zo!mTGkrgZuT=43TsWV!z!L5^iQW4{o`X|o@b8=w^`ajR?W3-Cn4cS`D_X_;wDX__(`ve;dV;#A!|~c1SAdav714es!7ibV&7R}s zSI7K{3i=mfW$Mo9@p1C{fNQRlP8+ED?AXdw{oVP!3VT)O`9RAM`LF;1ej11Mz-n2k zfuXyn*+CiK_btOX(Te6HnL)9Z3ldQJ!pgGm$t@J)ff>=zV^QJj;7BF^jpfURo{;@X zcD;T61C6ruJ1j1)q3@dmzrIq1#86SKqo6ROL^BoSV^h*4LzR_3r|aI)7V^vs^cb!@ zPdF(ux7J-ACQj_PJx+X!1fMiPrnu{rSwuaZ24uOSTFtdDyL5MS47gRF=ih%u zQR`mUx@_dsX#S^;Wm!x4;y`A6aIlTvdtIyfsogZ1M=lNqoCYW73n$kr76uj!^+`wBOdloOPdHeg<$w*a;DnZq)M(Ox-HGN8!R3P97dkVddab$h^a!z1- z$c20T1ofo9rt-8Vp07bO!P38FA}B_(w)nYcP_C0ljteH;3{*3(e^VXuPFtKFYpg<4O1y-!<5dG&us|JKo%?Uq2mzc|1%X~@;{e7>xiOoYfh zX(yQKHB*S&3>{bwSamHqH{J|KWu5Q-+#vN8%B;zh7ROvCM7*-yTM2W;=V9q+-0674 z!s>Rko8(#RHolR+ZQ!p)AOx;sMo1>@v1G-S9$4;arm4mx0f~E{F{c9%jBVDk(6?vJ z?+Q`YP#fy~7Q#xu9*hwrlg6J%dqQ3?sTh-w;E>+XT|qR;;i#A99I*!jARQ}y*qK~B zb+=9ju2P^|H`fQEUHN0A@7`a=Gp_3k48vd#e;)q)dGPc6a_7!c)CC9*yoMSmH@Hgs zXXLn*RiL6D?`C+x-QzidGY%TIM_gz)nCoqe!WH zdKR80JreoY>N{C4;8<1kmmuJTL4XB$5E_=vMH+s8>qxE);?}rdTN`C^_yltKNR zVK^0PuhUSWjfuw_CAV|>STLc*bcpob%F2ZF5c7Pxfp|Ad(ix+`4+#k#0Bvd7HuVv| zjeIIos_4ZV-=@BZk8{L)%G{5xY7#8p)1@3=Yg-mJ)gw_Bh7FbhP|U%V7hr&O|4N>-WmM|tyYv)`Vl-X)&> z5s1CLIiZ2CZG?rXt#2$m!H2*PGhu-*VV<(am2Sx{l5BG*J|W+fa_pJAtM8m0D@1A&^FAoi0+W@CJO&^4@1tnUkj7a=r<`eBYuE~JavCDe!WWDH0$&v=Rqf^M|gHSU; zq5H(e_Cd8{#5Xsh0pEJ!U(NZlG`AgV@FNKY?IP!VT&TO8$WU={z4Xm~OlmCx;=!%J za5i>fbe*A`052uIdTTm1O7R@28wg%r@XUmIErujh?+yI?Nh8+D!pp1c&7U}!mc{%= z8>!|`Y1R_fBcGust>5kXlN8Iq@2+#ET?~tE_s8CGq?7*0&%Y$aa&=qHLzHFszd>3n zWL@v476x4XMxNIPInP;)it~uYH9Ow)=fP|t#}?48Fx)&Mnvp@w)rnQXYr$JyF9t0_ zb|KVue7IkIi~jNUCj$H1ty0NR0>Yo0oKOdXmz*Hn+!#mqq zDTllI)mGBL9l|iJKLBrlY;rp@v#+z9YN(MC@ zPj5pBW2$R4N7Cg1v0gD{=Q`p?Rq#d=`h}`#@T|_=k<9nc2>tKkJ*DbZ-?Qk8g@<{{Dgwwzb{f-7U*!!nMmo z70L#lXM~!Wn20u1ATUT;U`iMkLr_s;`b?PzbnowdRD)r^hnSgea472`cMCBfQEqAh z6pdDIE#?(Co+*ZwmYi0W-dt?6adVS+ahHB?vb~$o8cMCiVKJzo`Y9ICmk1MCTn&Nv zp@Y*i^85K=Q@ZLkC#0enw$^(WW4C&XpE!RAr20f#9@z`nMx*8yu7@W3G=w@5C7-!4e0Rjz6J8o)Rfa9 zijYu|Slf#f9P%Gnzk>hepUkYoC0H$mz0$zm>N7TNLBYoHif5Di=xZ`XSRKm|QP*pu zv-wwV?=$_Xn3c83@$ojJgXM>ZI5f1FE-2N>s_*UHbd|OBeogTvsn9v4 z3*Ft{zK$nuLBacm2K0?P$I~5{Vn2MifSqRl!*^m?Z|{5i)wb|7K$*m2{byEoV_13W z>5+d33f?3P_LGgA*N(3%N6H%I=@ZjsO)LyG?;Vl@;ZBNKHzE35kE=z66jr!+Y= zb=O=EOOAgpRPl_hLWLD26;*Qce>^aK#!lyE^ih}V)^kjXjZt#c&pDClRQomO5x4f< zFBS?FXJjm8VyjG&QL?hC@AN;d9rX6Pmk=Ml=VfDSt}c}{JB8`JzD`+3SmB9l(cIE< zVp#;Hg>_fgxaeqao!Nk%(^h7~eKiKAvY%?Vw8?4dy1YEDhzQCP>K!2kMMc%^?X4B< z#4l)Qu|9zn^))qJj-E5*2R-Ls#`+!ihhf>O{i&kLV_mKmMC&460fFZB8nBTnC?ze8 z?s;#6SXFPa+{ya#0#MWFUIbZT;i$>XEJhpt2*ku>P7!AVgU4&mZZv(=v<<(e>QHs= z7>YX3f(P)+kN`ho9Q)eZBq&+1H2_IE>8}Q9@2O`=buUU5i3H|zM4nLlG;B3xc=ZZJ z&KDp;qxaT_D6~;g%-bV+OmWmvSC=EbNzON?h@qfBa} zAT1dYl!&P!m0TDC*xH|bvN%BqR?3{AuPAvu9bO^!ESD9z2QgfwDRB8b1$lYBJvt<* z&TF`?Oqx^1%dG5iYoShTf?=c;_r^C}TAG-_|6;kPlU+d|omHll5f*%HeSLLV+0nW^-@7-3 z)F=J%k@B`DyE(kRbWpUcV+s}o{&|7W?8$owrTNiAgepXgR)V{+*iOtVP zM+P8*+%HVl02CBEtMsr$jiSxelxbrsa9(Dsj-+X;Wlli>a|#HwpgGHJg6uZa$EUhN zW@=h{9#uL>k5Uc{$HPr7umc%vbqjeqDSy(;x{Wb6X6N7>E1ctYZmMd_nYFC`muZj@bfvnMWI3jCq1hQ`|o zA6U(us_4UfmqroJpC+W*Z_1A1(TYsf2+7o{86p;(BYJ`FDH*E@VL#x$Ialn)lh)MJS`IKb9xJP3HFX*pe)c5r(AB+T5O89Hm3}oq2?^C&(^tUP zak0RZ=4Mx&n^z|0K0gJ3W-eE#q}lp52N|5M6j@nKZ?H{0REj*i$u>n z?0}k`lCoE#iiKxR^l4{n%fjX$fR>PO{ygQ6-f(q5fU%PKR91RAY<@=lD{9>0%cVAx z7&T5i4i}C-A0Ifd$}k&C_hw%sP*v&^3l)GymX23zqMe8&PgkBP-;avMPfYc6 zP>1ytVPk1HB7ON1<;qzPadiREPhcM)cQL>12{_IG19;fF}v@?kAw>CA! z?x9T4mipb^Uc0=6BOuBh1yvF#W8(mq^Ot)Ikn`6PESvckG~ONFEobYk72v{Z>C96=V4{R zZD6a9!4n`d#85|kexJ>6%|U@EZ~c*O;kw*Wt3Z=14Eu6tZ7;ZuV28=V!o7~3Nzm^$ z~{A{!UI`N48hzMN+Z4fy-N@NG?$^Nl2TkUX(DdMD%9L*eEevd;y5-RZ+WMD{ z>JjiC6Zl@CgeBuVaj>x5;&Z}XkMz%>7Gv-FO%=SbfWcLvvtxm2YjageQv>{kk@aIQ zzJuQ}R@XW1?h*6E-@h;Aw@ODV4k>wUD09hr|NgAGNNu7pqNk?jT;>C=fxZYF9Q~SY zh%-SP9g6!6Y812nE`wt=#!I(EPd}lZ{(I0@F6Y9$2|%=>ddX>ue&eLrl1R+_{Q3zYGu#v` zP}N}35Qr3AMA69ZeqRjK$?D7N5^QKxM8tdA`9Z{hfpmeixinXT1YF$u5?SSq`xA#k2f|nzP$=TY_359 z&|-=rkw+ruCce|{V9W1cDGq&;S3o{S8KFQS1bQ_isX==u0Y0xJh=({d74lMy{q*=r zgD(oFS}TWaXG;R)n}!*fgI$p|%w~v#OlkT81L;}GTDNY?E?vBqnkX+XGT6Xeo2;zI zBOvtQ?KX89REGm!^cw+{`}ZID%pnjNQk~uK%{69Kq%$cto;2{$L`GV@j6q90cp@>_hpl)Cqiuu`{_j`87*n2+BQvo6F4d zNqkOr6aV^Jxdgj454^&>(5FQSj zKnQ%IDuTAL%_4_XIdxlnl`NNHcpydgi14{I24u?0?$+_G3f8ui^usT z%)bmEW$J(uSmBe5k3EjjkKnHW@+yd9hUw^AF;nt)7t2;)ikuTHH_Z|AiDV`L3Z0kG zCns_JYhPqxNIpqT9qvcfEuPNhjvNxosHvtKo)=sl*Oe|n(qdY)#vw@PLr826A=;uSX{R2|`6 zs2LJ?OgPJ_wibY6W$W`U>Q^xTJT&b*x(Wq+g#;Ebu?P>v#psEDyh5q@lCP*FeHavh z2@!B4MS0Wa3-|rt@|K?J-6iU^v=r#gAlG|ybG8nN-M}W?aBm1I@r|&ap<49$oG$F#pA;{#i0G8fIVj>-6!O7T z?`77*mVh6$q(GAvQKY||E-|i|J=FO>l_A+#XJUqJ0L7P>>}14#e&!cvn4IJysCt}# zef4c}j02UaP73LVHwd&_2+c2sW#5{D@)9+|Lf)ud|IP}Q6s~VT-tTkllSoQ^XSPca zOhT=?!W%(mip(oDCbF*&^ZOQ;b0%_Y`>KDP;n4$?Bw_>*gw|16aFLLZ@aV;1{dU9G zFas4Lc6@9|r3=I9ZkJF|4h1Q%&_NMl-|wq!jvwQqRUDnjw&I9;8r5!j=YNe$+XCqM z@{kQgB*|A_sZm-h%PI9VW9D@>; zl)>y$c4?@VWJDx*c(fz==c`w0#8H%AE(zUYP27cL29U-OISUYAjvRt0E^D_okScN& zT<8pc4JX1<33^`xtzE}=uT#BO=wNe0V-`K&RRpcr-m01qZ3yFFXIh$aT^4tq{qpUe zHajGWqj2Ip!w$T?g6{~38KaLNp$*=63_Qeo%{axLZR>ypTvSFym$YQ`bH&By!`uUX zoR6Z!#QsV^oXWi)Z!?EE6>veaz_=U|>MQki%sV2Yuz=B5)h#KSfzD5w)K$N^#mo4W zoE~O4L2H;R=VwPHm|ZOF3iOq#A|lKzCGkbD$r;QO`m2C`0Q?2S`Qz&5us+g{y1JIi zj!@rs$~e%B86j(+tOq%sr!K{qWPae|n}jwTiNsulNMfhL9glZ`s-VqO(ZImSzMZL@ zg4H=>96awpSeSUWG?Ic%_S+~PQdfVqDP}AWASE@(HdxBN8ZHhEg{9$UM}5=ZfBK{! zbcl(T?9GCLGNi9B(yNR z(-k0%%hb82&6EQ^&aL!-YtY!b@jIKcala|Qj{E$GpWD~je0Ug?I8mn7sjf4d!Q0Mm zTo>*wo0yTp$U_0M>07#lEcot$?Wo`_{G>8lwWSwWbEL7Am7d#P zi{l!8VpdkdSB=YtQSL0S!f^YXcr~L4giu=14XNleBb`+Ra61a{yNk=Uu~)P=4(%g+ zkj3yW{^&6ynWu`f|9v=3j{#J4(7Vdl2kvx!e84qE2sI{V`1?gN4a;7=U2pI9#H6qU z2qe9=C3Q=W2y2Z94_8q+`PS5~C``$)+!gz-*|R6O7C$OHN{fo$2hbd`W3>gix{Udr znFFB|nV;E$*YQa)>X)@+z=%c$4-7?{AO&s4KNur>;o8Ld*kt=eK5|j%Yv!Nh?&BC- zPPI*hl(TM4$Jw?`G~cV|#xJ}&dmW2I&$MNjR&ZYIJ*>Jk!e$gfC-2?}#=TQCm$5^R zq9jVbi7$~wC6Eq9>^)aVYPSfgh?%RbzGT1(b6Fi0u(r;a==kFh@52+(7QS_qKsMWF znRJslIQ|PW;T;Ag%T`BPe1;;^;x__K(-=XsP{e{tX7olMtS7HfGc&V;17f7e5+uMf zJqZojP)63BX5Bk!wGQoj`We!zYVQ~i1nOmxU=fkv*w`Z~&!mu0q>}I76)>r;P)&U1 z7KH#{EzK#IH*%6GptGbNQxLJMq9%W0?CblZsT5ZsG2F^B&*i1MxR_m2Pgjdi9i*jo zB`44Wf1j*%Wx|`1s`93UqzkVh_^3AcuAHoELFs#LEP$Xo)_RjPqmHP5M2?ygQu9|H$Rlbc&E;1&P?Vy z+{4jh_zlsvu(Wwn!IRls-6`x`3*l)Cx1J%O5}TA54=>hQjlh?n+=n^Zqae&flY)Z* zp*74iG4UPY(R)tKlEjhX@1LS}Ml~jD%E}IsF%U=JD>@vGiIt#WWA&Bf<)O(UWXF&) zGF6HbtJ)bD03^;=It1qGf`hr3WHVpK0Z{mbTKRb0B9Qm?wqVW9bStmM7X%IF#o(#r z8f$7Ki$7#9g#6A!-0G5nFX7_WJR>5!wDauIG^?*2^X3;EJZf0y5+sL5Yz=$1g@tcI z_EtM}E8imXRB?O5c7Glo7Kd5N$um&Bs;1Ob9G@C&jE${%mZI3f$O`jzWJ7Q_2N~%anOlc?~ z^U7lQ*Dx%}t%_6S`g+zB?FIrqewy`hA9)Y~$!Sn+v=9yjnRw49pi1F4VMJgUMK1%& z9}nsQ2}L5J#mR{p9E^i$-hp7zVQUhiX^z}r=p)#$I(0Y!y9ON8|loXoDrESNr zka>AsBT^-eCtnr68zw>h<*{{;Q=QUelAI&@##z1jYWw?lZe|;y7|LD4Gp3!o^7&f) z_aOcR6H5~lQ)9FdLzvA7sr;EEfd|5@ZPd*}CI%>GrleTa*Z+0`zptMxy2|5&MGzd7 zl{r+uqI_X$fC zgZ-$4X2!;#F;ICpG#L#rH#e@En}bUrfDSR7@nqu&Hy#b@cz0KrZ#tP=^-;TbsCIm3 zoktWKH=pw;YbJbUW}2&8u1gA6D2}Xa{5?)&K`?^0ZDU5cr2k1LEm~1-b>=I1xSEu5%Ccbm7#{F6t5i{6cvYX z$WfvP)#yidcTu>>CickF!rQU^a4;4Xj8Bu2rzto>_P&XoB}ELDNQUlG9f~5vil$b@ z^}l+EsN#6$l-FWgRt1%5@uL~=&uQRgJ$>ZOta11r8sW1h}VaYrKKee>yy25P&w1f|JQ zr3CV8hR~Av;Z$QNKSViv>(Dy4{dkXq3*Or$Fot?~-fdh4K$M5sWM%P{G@HnR4drw_ zy-HH;@!P{ca5pM_RUSzjwcM8juSvSP!cPTLZ{1uL^fN)3SS#>UE+~Ft>LNo0r3?od z2>KXoEt47V($qjm>>;7D%Fn0s2=8&W7bE0l3B&bEv{6gz&%RnekBW|dtL*jWO(8)&!E5SJTC#H7 zf)8!gQZ2ipG%R{=L*Q=%oZs;VPImO`o~qmtk8x6QQcy&*ZJBwPb&D#VA^B;xMM0#P ziXWv}Fkf(>i7S@@XG|hv;c)A;8Yt;*7)>zGs|fiuGPtLQHWKbU`q&BV%D8$-VQ9}m zQ{IBN7paec&IBde&q`#vjK7_hmwFu65&%fOmfL}0{BDAW8kO}7 zoe&kVe3$&2hb#R;05t$tMy3~qipm5Ssc7E=gkqiWV?))23s(h6pD2=LErXF17uXVS z5};UcACwe=*TEk44NH-w`LB zcoQ(Pkm#HV(#PO_SCarCbtc3$Gw?-?TE1F{{6$276SM|MvX`ky?zH@X1i%y`D!4_f zD>I~_n;26w1lSCZu;I+sa)P_6Tm++R7I_ytUl?JU#x2KUc zG{nh)D83~?ozy=O!gHBlMvq}J=L`386U8uchCz}}0^f&wL{L-F6{Ckt3+X+M1GBsx zoO=Dh`&8JNRoMwt^|`bxN*v!g))R$WaP}bjB%ruc)esB<0Zad>Q>%hzPol8E2ntoy zBg|TSfp_1-8e%C~&Wg}*y4XxRIZ(gU#4@pLN#8X0Tl8QL@f$^t2QHNAiW!=d!!F z(6SO~)6--RfhPXTw9o7L#Mh+MXrvJs?58IL?RU^Y+0KX|ZvH}31?u6PPGbR?S4FRX zf`Nn`+*XqlwcWHbNovR@v>Z#AwZ{E$F}9Q}{nbsMdVBw#dGC+8 za;**_V_3s_umbFtnVCI?7|dM0M{V`3LXz=-_sQg(^*AT&6(b{rPej_`=eQdL2JTlB!*ve6OVsAJKcELjcvY2K_O+3O_Kl-kni$sP4BXy>T^5EftG8-LZ*2r zkO8syv$qs*A%1BSmTOa(P<0y7-;>=3deU|8K8%YQM4{X6lPDn5@1*EFGO*Yx>&M78 zh3thVLXwl%B?ln_UIY_;Ym)Vzo;?h&t_prJRnfo_h0Vx&1ZzkpZ)K%GQ8&LEnZ1!Y z3(nUY@t9IqI*&JqBdW%1`|)uV#QZ2j2ubuA3e7n%7hWZAh?{bJ6HCT-ybll2dJF!5 zhhfURx>FDiLMHEClY}1|I6q>7B?(H#(&IYT&3M{_2XEZ<3j9b^1ISdHg=7VK%_A!) zq>jkb*b^g*pHbdFswzZq>6e`orGyt_DE~M*TDIhkqvI{c(T?V3VP?v~!V@HP{@z@O z?V7(O0XkRP$wysTOs;+PQSnJB2oy#c3X~_3 zU+-z1u&^@DLsh0`^1nqe#X%#uQh~-i!gF;og7e$ku}y$?tD;|0yJcX8J3DJhQ(Nbb zi({g3J)1Q@RTI|sSQ#@%QYQUa0y2;#7br)vkZI8Gh$rYkLf{yXb^FsF7V9O2N;>{t3<2h*yKj&!%YDGrF+fHA&~1d6$VPNNo|PI3ocZB1 zCxLXpb6nGSp2HJT-Jj<08G~e%wZ|opQe5h0tC7Lg;!|zK-v{?D+pm@p2;o-H{ z&BCg`iKD!kyu8+*MS&e$d&77|m{+^=%8v)(Z8&v9{(mw(|J8f@-*MdktRXkUM-sdKzJjh-Io z{1ZX5d4#R)1=exxlfli`uo-5_o+W>NX!sS(Zq;gyy<$}TuvR{uY6R=H$G_Ru{@oL9 zkzBgB)O1wvQrB=pq!OxI$R)HxW|w*O{*zOoW^ucsvBB)M)kPfsG%Kvjo5a+W)Brx| z{lIp*H+D zPIo!7x2NUrrcuC8D+?4LsP$IdV9+dprJPKKD53$#zaZbV}p1 zu0A>Jq>H(-3SN~Pe~_Jpc%LzrH+j9d>nT6J)y8ZYpBjT&y=rg24kmX{m~%buWd1nI z(DO;KX?qez1&O#HhsMgj4D>MT>x_DAp9AKAc%Mb?$YHFVAI1J8J6LyDC_{rIljC-Y zwH9-O?eP{B&)wrZ1TP^KA&|c$CKL0MV`5Xg6V~678UWeswSMT_RPWfFg21Yh(r;48 z(mdDF(x7ybixY<9MJy+8?SmuH0fBMe5BKjdBA*8A9}FZn*VphZ%nle$2&u7c?xOAy z%}dB5_xVFZwF%SbBDPvuWTJSPe^Vh3%}wEDewpFnsNv>pOnol>VNti$<)7K{2Vthh z9X&u4*3TcarJ?X}qkntwJiy)XVQ3@}66x*iOdOCs+fVpQ8H~BFx*4 zZZqv}FB_j1s=5LriMd?Fp~emNAjAJkDhe~V)W;m08kyTCg+==?#s&{heGpaAq42{_ zZ^v?$;^wR$8sO_&$}Sks$?+LqF$D6Ln+PNM(2W+EzGUg~yk$a;Wd(Vkx~Ek$6jT=R zdLJdnHOrm~6qMLp1)da*zBs_>K~u`B*4Cdfo+$62K9Xphr92F#mbUYahmQ>!FU=Rj z~ojbMl5TPlCG8ZhCrZeBn7cm4@ya5`7)7t!;(H)cQn{^&6lWId zm?_UBuc^GXVR2+LbR1-JaprGD$Z!04D<%}ih#NGl3FL!u5ZCl!T!LLFbfD9Gp{TCS ziuqb}#bJ|NY4|W-qwL!7@yB^aT;;;UN!8p1lHt!C7}?UB{rLpOI;b6b3&kERTbMN^ zE5cX0!H~~weRjS@!m`?5g!f8r&^71W4oV zPVmM(NRZ&}5ZpuK7Tn$4-FM~t=bt?XGqbO2pVdLNR@Hi!Joobsv5=`@K?iAnRX+l-#&%$nr+cx9v^gH?074ke^@DNh=LSXTp+eEfYtD)(7zR z?68!6Ql9)30Bx)**LqA@l6(!Q&v+6{Emsb!BjRY-`Qv6Tj27XJn7yIoYWK|@YnS6R}m!C zeIm=7^n?$XNnwPn4Pd@T)BWg{H;1CkUVmRr42}QtRDz?Vw1Op*!o}@+sLFy|4Nr-e z1ElWj)O76@T8*^e=Tl;50R)npb+*s6-jnOW@|up-cvp8k}ryYyWi#fA~-_TImPf@4t^_1(dUx zKorI>aAYq(UGblTL5V!ILTuv17V||Wc}EhxTos}ih+LkJu$&6}zvWMY6&=%EKqLxRpj}TuQAX_57eX@`( z)e6v)JSk&iWOTC94Aqsrid3*coc$gSlB8CbO(a7J)Ea+v*mwCQ4Inc0Rl&Yg36S?G zYSG$+X&R+ZbPA~Kgz8#c7%TlX-!RQ$#^w(zY+ud{u*^DbYi7Nvxw3O}V;+L43Rrmj zBS%MQP_{SO4-&#+M70V)(f{J}5_+Z)6c0ce6W|C2bfc-6R$LiMYYoK3LKQ%EEm7=m zONI374`IFrZ)>@!f$u{UB}V}EEBFT#XGl^XBI*;K*ZA9JSsAV{I|yoD+Ap8JB(^pg zJ~Mq+mYtoSon4$N*R1%f=4AmOYU9-TRCQ>7Y?E!nbG}(6&-s;OE$sQ`o;o2tVVSzc zos`daQd3%Z64lfmgoSdri##;WX}&uzJgWbwZSAQy^am!-KNqF6$(NMc(sll`)^|D- zvU~Oh$4=3*($-Nc`mcWT%#i82JxclhGsu_M*ht>P3Rx&Dz#LMn1^kVaFUt;Vt~f^J z@;0%(-pqHy`NVImTYBpoasPF?+UMtm8;7_UQV>AYse+dcAzT2bJnv?K3l?F!3&E5PaWGZX$+KzY8_s+x;+5j1Onwk&a107-O3I<8A=G|7Z1(KR5*;c<0kkgJhxC z#wQTs5sOaH&D6*oy`^7T6{_ptD)G-#&)C$(6zz!+#o)ec^btLQE+7N&x~nenPNyY} z*8#?`F;%$yUnZMW7$IZ%kM&5vl4dnNUDj?Wlg(WRR%6e<; zVYvL~tgMdo$#1$Ec`GuxmLNzkCu6LUf~VT#TL;o0Yd%=Lys*+qs!*en|Bl~*lwix; zbUievLLaO2Mz9kKEXH$eyR3x7*s8S5z1e~@u42Ly3d{%oq;iBmOP%{6w=W=!AbmIV z8p~DgjhoPne6wm|&aVD^1%_{Id9`!77fI6>ghzS-RVp6n(*8ii@8)zd4l08AlL(WY zGKl)hOUuY2Y&A^-ke~dcLh8t(T-Sw0@}fRbF*`+VuNldT!io#GzNOhh&c*PZNIO-H zPkGW;OEmWgh2|EPr3%SpGXeW6ug9zXntk*Y`s*;+1W2EaQR|jkDZK-*RrGZBZ{m7>!%^t!ZJ4P&5PY@CY+}c58IR^|63?EQQAT{DQ3w6H<>wm+%hM% zZA+izHfNE7`)i-oy-u@FCmj!rbca_C+XeKqHx#ZM3pGCz4|%-?Vu$IW?zCt|D$2o8 z^?Ge zrM~?wOpFQ&Bnstj2X^vpg#{H{8>h(FqAOp)+NoOnT6{44sEB&=1~aN63Sw3ghl9Oz z3a7p2ejbaL`~a&|Rd2LBRJ1xcW%@&^DAUPrMd_Kz>w-Z_Nr_Dqn44W+M^SZ)zQ4MT z8Xhh~Lz7oaIy@i*B!z$;xc%`TBex(}wfk^WS!vgCK3#vftD)Z?H9%CiWj8&=T-nn4 z+hv+);zA~a9FUZ!5NHdm9$;wveRm_cG~RG&Lfgnxxe35b0CO|)-1bfpz>hE!x-DcR z)ztxvrFZKqeqUD?H%o_nY^Fg{Y;wf~o|B;9v*V?#+)%*|UIL;5T71&tVvGC$bN2-_ zXE3zC(e0~NXxcwG&iG|~u=XIhtXFkN(Lmp~N7^9U9$mr4ThNH|t!f-cF_PT&Vm6wb z-tyqEX@E5{B$WNZQ*x1zg_&7Ib zeR5U>-H*wqJ7`PG>3j;mG-s}k++<;WG}N>=NoT>6@>Rz%S*g40IpzmVehFOzMSX;V zG#j;LS9=k915CLD!P8`SKXKY0N%SiPWgp|8ASztpg;#gE+Zoo({$I(hO0x#{#>Xat zCUxPa=7%Y1T5ZBleah#rx9=^AlZxZuUm|=7iBbnzOpJvoqa@gDYy=}O)&q;eNctS< z*O*|zYNn<_jBn99zXBDeqT%2xrsGj zwJ1A!psmSI3`9aLb(c2)(B%e_$FUd(05{sephLdd2nF%S9x|*hXl29dQ6;f*_4K&} zsqM+a#q`W!sKSiWB3TmA9zmtGuD983o0r#Vu3u%m!AAF1rQ6ce$=I!d?K6svWC~r} z{LfimPperQMvEbebw79%bgC4{! zzZeP&fHRpkt>Git^#wi_pEf*nW``vO^+y|M>Xf1mHMzM{ioZPQbS` zA!Y!tz)E7dxYDq>6Ro>Pn_w||_}QcO>7dsN03vZa7XylmP2AnBKYt6wOsW;&rTWBa z6V8K2{V}gF&vbo@!@*F?RzJ)+9ME}(May&}a&z0wp{s{&v*HbQJVN<+ZteB0eY73# z0bG%#qRF_(EYbq)luYZ-u!w8mJ>5ToPGxkZ^BDkxqR*mqmKwKKG9IaeO{e!crCZpc z>_hPk(aZuTn@1r$+ZzXR|3O&sSJjuI>^1|j^Ln2~9#0LHosTa^3=*g`8H;oQfYDBc zDCst7q?^Nb^psYP{?+}MCb?Qsb79SCqw z*=y>@R#hzPD_Cv$ZL1_NK2?@nU!=D@cQrCtLK(zAqtFaeiZouwyZj8g-U3s<9G+r_ znxlfP0erLR{q8ujR%4z8ooh|*Hyu0e)rOFEv7!jeO6$geuP#$QASsyOk|Aqp48@-4 zOg)eGjvV1Z7SGo;|Di*n^gqJJuNv#Sq>Ok;0FxuLuY3h3Dwa!`yHQtn70X*txGQbd zsS!)~chFxXyPuSkBlt&TSm(Ox?+73wt~!9hJDbC=U2&`F+CE$khS&&#Imp8mOv{Tv z%Q8t0N_efS7UU6q-%)EZ4}FkGUi@&QFVjgE?ryvuqJ>SG$3y=4GY|p;NUJGwkgf4h zVo?tl3ao&M+NM*iF6+l2X~cUBiq!N^Zei>S^GxO?HFZ{CQ8pAF?WS*FS7+ve=aUz~ zB3G|f#qSl0rT*H=!mX@s2d!kc-~Jn*Q?Zm@h*`AJXAVjU%@7|6EpK1)^pEvKyC5R?IAGYX#uQIC!ZJ;fuh+Ty8$xV4aoUu>M5Di6n{ftZc~G zB0e0TGf&Mycf@Php~zoo5oFDf*kux#Xrtc<1pJ8xSN>S_fs zIivXL9)WYQvkB7@4L0m=j_O`e+%yG@_(|B60`^P~C+TKjOg!mLDSI8^$ckVUB9w5G zmeEd|j$X=ZZ8Ba?NVH+|j9h|~_#6k@Ll+VxmKm=~jKww>bSXm~2f*Gx!Z7uFdh=;3 zyBV0>WjfyV_T=}s-9#I74Mq+4Hojt+!t-IspeycY+^n!dSF|5>oEATVqaMm5qKI~g zOzX1Sk#pX`Sz&5;Yiy3g_njpc26DHP6#X(W{ubS=c|GntjWxm9_enF4!G~aSy*87kB>f(Cd2hH%KB;8rv5gx=I4Uh2 z(G*t{f7l;DvZKzz5)8Ts@5_T7QK870qmy z_!vl(shjX(52&lcj4!)?#K-oR>os&NxC-*quK?@b+uF-L=;q9CD=ks2cbVjjtfh{aBVEn3l&;!zWry@o9nRD$Ox=-6 zUB6zky}&QyZ&R?eHwb3{BK`B@xOEv7q^{OtKVJosFO4j9Z1x^Zu%DLmrd=XE9LWkX z=o*ANG(22V);cpit@;33$7UDD(t?MBkR{Uti8)<4#!m_G$%znr(EB$aIcaIJ$k&rq z9!pb>D~7ill!&NO)uYL1VVwiT+4~a>$(Pi@I}>Uu_ZkMXw9K?HGMRB@*s5X?39+?# zYq&UXKUqWo45ez0lV~eca-|Rjoq$2^!2A%%aQ5D#hH5#wNT^HQk#922KuIHO{7 zgWtUKsyy0T`rHu4*VTts2TnA9)hes_O-^Ft?R80NmylThxM{XLu9`}REoi@+j$SOxKA8WF}hzgZ3K-86D@odMgo07?9mD`x+9qc z>eU!MFzZoay{lG40;oyKVH()u2F{v7*cIklm#b}IEDFOPM2Kv7Nl)%UQ)5#roju*% zhFj?QH#dKGc4k-xHNGdsVnU^y0IJLe3nVI{s){NnN5sIu4+yRRMbg|XB$iuF3%Iuc z4lX*n0uXyUR>2Kzd$5p0S{1=5DcaF$iQ)B_Hr12JYq#v8G~W#Xp^_x^ayr;61=KRsuh(0qicCRPerMcUG9sK}SNXzWxS4*bwkWedYgSvRB4%0^4mOoPy>$vgdKJ z*YY=dUkZZ+h@b{cI*nU^_b2^e>EHAw>3=6j;mOG@0^nIt(8%2M!y}^4bH^slkW zPij~ihK48?-6V^yfT!$#JO+i|0&og&a$MZ}e<-!nrS{#Ebi^>^0l=ir5xl=oK+J!! zeqCt`$SM9~8R+w2VZjr)h{8h}w8A$Gjwq<%ap!uEM?-C17=8d+=4*dC{?dk+OOdOq z%h&Gl^jw(v^}T_Jv77C3AEFtJ<_E=#*P7c8D=x&E&8Ls3D=jx#A47jRMZ+Nl^r!R_ zkU1hCQ|yY1!+yi0`+;37E`bm?$ZNLf7|W!a#K@rKn9BcYHeO&hV=d+OkU48w05OX! z93|;iXBBGctf@IycdO~8sX2{>1ombZ5cC#$5B6|(HxTMt&mQOYy|_se_K;hDb`w@3 zMJc5(eMib?xr9jCdW$tBxp7?0pT`dmOJ0WFIm%)lXuZ9QcNf;g%inT;k3jG4^(gqV zr&^^h-mL*BD!4V@UFQBY_XRKWK&3%yExtWc2UdXtyY zz_(P2J%kDq39LtV<}4~oF_TAsLev5GxQ{pah=_ntxj7FH2L~r3g#st4r3owg>D@b0 z-`BOZHGApsj;~(s?sEOqm`Lr85a2C#dR$@kry)o|X2WJ--HkK#$t}hhy zvGKaeX}VYQEfYDXfM;Sw^BZ8?PDHpUeEfUs+V8}}>(RsGJ|*!C^^IY5gB#Z?puhPj zaIH?m=$_|f=j(Qx^YizVxsUbM)vvWK zPA=EU>3T2NzGaLbKN`9lqbxkY4we+#l$2Y&F!I8|K>!73UY>EP-Ol#=7^PwIfl@7X z;SRC~6G0z;4mr6}E@?9dhcL=qKwd02IT=AaaC3}oki5`Pdjuxtto8h6{|jc~7nzrt zkMor)d08cBEpC0i_&H)0gqu{tzo#H689i>Z*WAhZw74>^w>oBNN*YYPX&|A+#pSw_ z27>fd1)G-b+Gp>Xw|bT!4FQ&=vma?{*c}ixq5Y8IrX9Vq{$Dk+0|rh(_p?1cUEf2j z=vz$_8N>f9{#GpbK(IeuN1sZsz4dLbNq>*(H)mnq@lJros*7F>Qe#J9&FxzDrna_+ z={twjtBs8bESK)sAY$C%4thfYJ)5#L2_qNemWKy;LP&nZ^1O^((*^T0XNUcmIgjr? zU4)Oy+09L6iXJo5V$c~DfY==mAN{yMOte3;W(u-4$GGSJI+zUdtSiC(d(%8rtl8D` zi;UiK@#(3vzsSbcHUm>|*p@u$#lL!E1H}n3#YP0_aEP)juDGOxFPLY^@e?@TY-=pe z=@L<@uOK(qs7b65v2KKgIG}#7BOqX6Kc%PX{%u!R{J~dMq=@b-4(>i0({W@}=tQEU zhwaH5+w^M@z3um$MT}G%=h?S=h_Cf^$LZ<1I~0OOg@k`@kM^m2$HvA=D6(c|{`U5| zrur3+fdXmSX6KvU3LGC2sR;LCWyT7y@%FVCZGP%5VX&P#!*w%fq%3a|0_e@>XQPC@ zL!!A!{#GE04p0~FG}uOQ(v()(G0`&{G})Rn(bM-G@VUChC-=?(sD>W?8{S$sXBDx* zsOWhiE}_yqTq2^%1$}*$5%?5JF$im&9XXSr9KpNO`q~o_46;uQv(2ROs_gyY<4}1m zfbX+8)(MlHk}ha)o0BKr65!$aKuFjL5QN4Cue8hJ*MQ3aAO9mq%8{Oot>5Mee}rDqnD@F{Ze0-i;O5KRk)7jnFP0&<~goY3E;s4Ngel*6sA9Q^*4kp3nXazn#Ob(-sHE z$rL)+Kis(x7}y2G0&r||GssDS{gczp@ggY}7P?)Iq{}rE=FElvp)v`xGQahk5g;Er zp4eyP;BYiGm5EdIeWi8XI0j6oga{t5&d+xVuXD)F&BVkOHzw*{UPSPR+xMUG1@03P zk153ND)Q@asCE<;6~RtUAwj5qgFnQ+ee3TG>;oiw#WGS-Zo4Z&PQPnwt&OEI1cEq< z@sqNMs<@+iYKwYzM(UGs)P_jdA%0n0D@=6dYW~OwGjmhHlwqNRKyb0t@#NCO#K$dJ zv9US)=sRccXxVA_t553ll!b*h+Is{rmQ9>G&;$_CVwKjuXZ{3^`=l?arWQ#dyM-Lo zsq9RVu1K@thFR$#VlQseAOBm~FMm6i_RSWo#DSNlccZdcPyHMT>f^hv{wu5pRxYln zt$hq}H5C;rSG{Zr*mb#QZO%8fMqu-C2fLzx}G3A3wONsU#IR8Dka@35G@i0t6 zLfTlMRM}Oc$sFad1GP}(M}s;u;U8>gIj(Qt8iiL$O5GAvzgZ?GAh5v%`ONqC;~pS+ zdWHlC(~JZoVtxKn3fc=|2WPrF4W4!d8bQ>IC?BM<_ZU9beJcEnrQslxpWfbq{T3Ai zxzBcBHCbJRjx8-O?<(jy#6Gm>%?d&Fmv7&S9Er0eI3^5x7XVw$pyYrwem4+4Z>6HB zSEs6$-4{nbSGnA={bestb-AVjJ>|E~e(sv4WtM~v`c)xYTh7~tv{2|`4jx*3fnJb= zNvmA0>yh-ta~5sr+{P?9n;kI)(=$C7taAs8gy@uiTw$AGb@Sp0ksyf#Mi$+99K@gJ zG?qmOTk}PsSy^KN&`B5@X)^b#>Yz`t!|l@qKKnC8MIBDPMyCjbcA}eAAJ+`W zSO8latE^daZT&BDeq^M~q7(|KI%_6)qfR)CZzkU3h5+uQE@D^t;&gcu7w0VwGR_|X zqenC3i*JrUCMWX*R*faL={@g7!Jhy0sNJ=guHdWbO{Q7CR#DuHJ~|ROD#5V>8hZ>wWdcrY2#T@AB)yc#h zI5VF0WRPnr98kK*C<%`}38aowN7aDEPI!CVz8r(4hdnKoe^1Yltq5i}$clmvDkh=z zh*wD!K5iPZ5sz$4MiN+se{SDROu|`XR`zMMzQ_UzVLdS=?jV>#@Z~o(W3Xy|C0fiK z39zL=rY~lJbazRB>eUD6#Wi}Ktcd4zl~Mrv)el-aDYr==fpiJ^dy9e;p=I&iFgj;C zJ1pJnu^NRiM`2^Cf$a0AePweSJtxQT8#*q_L#`DHGYKsoD;{O~zdg=a{0fZ%U~C~k|5ep^ZQ)O@~k>tY0yShTscxuorY84|ohf0|Wkj_DPAdLJxV_Fd`SW08Q zbd94iJ(aC07^tI;Y9(-M;N9-UyWL>?y)z82>L*qS36f}TG^fHo)y2_B5qho5U;=Vv zzzoATAwAvfJ0JLSa8<3xV1X-sw(mDwJpcqyMs~am4=r&$J#lb!%uNfCqTbiM>p!a+ zYpOoiwuQ0)5?N2Q#8JNi)hRuN&sp24Feh`gK_PK+S%5NIrFjS*>K$xvho8dtmV|gS3qk z@68EJSVA}pkr;3}^{C2VX;=8dJ2lx0YS|=GKchP+-JzoIgGusgF6J{9DAbAheiTom zEqruPZMi8b`t_jP1J_bkL+ zKzeh98pSTa$mo%eWA<};7}q8wsJL8K#^AG7XXko3o1zFhKzXwS%K#Yq-|2eq68hauD|96!m{Mno+y+zsJpUa?r7BL(4y(2eXse;d{zpoJ(-L)yCAOqwS~^~xiuf^~ONr{ae=&rr zk?-?;FO6xM?#;J*ONoGf<3MFdT>%bFY*22%s6)D^++jw0yGl+*Y0K2(Vbt1M)$iYW znpKIiz)SzT+5)aZ3OWDIzq(KsM^bIbSCO}I%llE2%jDk1Tv}k?0z>hJpA>LWl!_8EZ|T3i%Nu&i;T=Z zU{|h|TUAt6y!2e=Sj)LlL{Up~=3+YbyF)=v$BhX{KxLPw( z@%9{9%V{m|&`Ic0+f-DGD8Myzq8)zNN6Bn8pIL0-uKSnHPY(9x%Chf2?=762kCvAF z$Eu{iQ+T^A!bDI_nVOzoqobjqd;&G$LwZQoc6JDei7P-1bWmA&`R(_YESgT89sd5= zlGH#gSmQJ#(g{{0V`rDt{Z0Hq!sgcX+HSEvFfB3B1+zlJlOWERZb~J-(*Ugi(w*8Ce#jNki7dcO~sfOS^P;> z7jV&5Q;AuC>R2pDSr(G!OstHXEXd3*kImJaCR7*JxUF8j3>4p=hiTUi%4k`@)rSU4>Jm>jKRp)U-Iti4PIiqW${O)1@nK+qASh_tGK`>-GJk(xLR`UV>bI7t zojSqTOnpPGHQvek*%>au7lxB$^v~&$z2+h;v2W8WZlRq?GlFW8=@Vja-HxPlG6Dl} zWFsvDMVzm0&d=wo&*#_IWps41Gp&QPij+)EqkZ0pmGY&Fmdbc(dU!;Ad4nDMF1_Mr zLrr5E9YaBxj}nvl^{gLvBxRw2ROO6=mp45jukhI9p)7!2Q@2Bica%Yzg-I|i+u30s zNe8mC*CK^C%}_#Zn%+sG;RSV1-=P#^rbVsG6B|fD`0;KWVUsu}K>`<)sC1YvO*9~a zrIDGD!53TJ13Q(@kE%w}ufS^y()nqioU`@EK%J^)QLbLFIR$_m(p+9DJu!w-tAth- z*SGmUwM60>x$Sq7y?@Wyn+|jXPV7ldOx&kHKM#$*DJ#=P*G9~&rk>{V^pG(|`g)qG z=yn~iMHbw=i_GR&vaq%+1iB;*Ck6uY!Cyaz4)PxClThSuC~qRsGmSRyESH)gfBcx2 zB@dKGy4KGsQr)cBUw*Y0ZoM%g%qQh>*VAzQaBnoc=V@&%U|MFgGv-PXTr3!=ufO1F zhLG3txM4+JMP2I;W&^t7ZhOhr>3=( z97fd`^YcGq>UlmWqWR%jsHi%H%#-*PR*{Blw9Jr`e5Ic#npDflsVDz(p%yawaX&l5W+5aoj zkfXlQXoh~xr+lOcmE|L+Y@8*P#nryv0vMwJ!Zw0ff)w3FzNTERzEtEP9$(qTz0yxqu$2hiqc*g9=-{@W(Au_F<4qGZk6x3IJY zSy{N#;|;Wy>tddsT>3HNlFll?qGVQY9(dnPEL)6(+C}N_;P+KuKaLYjKyiFB}gUhteSw+;-{xKz5g@* zK~V5d2$U}OtF_i~G$TFz>G%*6eFZCh)(!my3vXkSf#bK2d1A}obcw~fBkb{S5{QZ> zN{t)s?s^cwCT6?u(3O&rB|NkaBAG_WQ09bku{uZ3_pO>fM?r7DgOqUrCu z&nu6+D3-FPW(Bphm^ZS%)}bm(l(~HmML`RTQR;mfvkTU4-IEl&5pNilDj1tgY?k_L zDDh>AK*5E3zsRRx`nQOd7LRk_!SHYeaZS%%FoSW1jQZrw9tGj>8~sABP#}q4Yg||^ zpD2^iYC{04TNqH#g7X zks^X8ywN@)fXAgQD_P$Ekw#hv!_}p`D?nvgk>pOzKY`hbfE6NIlMKVQL{W;GhbI_C zL6J$BblT*Kf0}G&hWOV+$&3H^-Q7ocV&ZMEx4hOR17tcM2lONw1O#ifeF7wMGN&dh z?4*O+04RHN%jv|V0?e_xnyAnN=mfb0%(gG&P6swI+1B|LY?|S0KvhPvBeYGY!b zby7NaX{nX57Gs5DE9);F+alTaMr_4!TdmviLypk?lL;oM!a@XGEaXk(mqjop+C|}j zUggV2P1B%ELWxI=9euNglHK@}Pc+;W0255f7`w!3$6SU~`hEz&Y$?qcIdUCh@jq{R&n4^lC3{*=d8B>DD5>G>@K8}(~& zkVIVMUb}{{=M_6dqJ{c8e%6L-QL@ik6DPq68-x<5D{gmTtGlRw7e_Is>p2E=Pv+0f zzkFe@qtvC@^(#3rL6YN@>Mq&RF1lRXMwX*Xe8B7u%~AZ@sCL-eC>b9|^HwIr=dMvg zI@GFH0nYr_W@tAi$)w)57e# zb<^xe`|)%7v)jvGd1y1?Ji!||rpFOaXTx4KI251=#re=b!B7O{Z8=BqGL}iCRRF?h z?gC*N>fLnB4q6k_ome7dQ=pdAF0e%E=~q$6KiT6@NfhD*HvgIY9#9v(yjP6f-$a!&*)A3SafOTwH+my~QLTu| zCIWi3w80c*%L~<^i3gKa6Cid?+tjA7Puq&#VtUn*d(wTIMv8J!4=r@5oP*SYOjzw}MLzHrPma z;fmS%wZ11fI6L-O)x0!Y6GKCCjWOPj!jY4>(dSYBPuj>$3Rdc)!=eXwgwJYc!D@F%psw)DJ?SG;dpcN-L`hw=C%u-nOn_M zT@BhZZ28Z}g}E|Zn<M^J`b=QvSw@tId>S6_!)Kn{^JWQO0xH7U9R$l#22o+#<<$KVHp&+|cJA33(XXl0 zA(A?2Ke$3TTjb5|5#hv~W_T+-m~@?l@MxhA(C|;B&|50zY}2fYVvBBd;;9(T#4a!`VG zL(sq;2Ug4tcQ)G79p1Yle{O-#y1KfquCAfkuA|2kRjC}#%8W@%*LGnpTpjqTLY!4+ zf2${lxI0|el1^QsGhHu{?vAM2zE8T@wVsN3c@>swjqZ`$8zFv>8L`o45wUo_dtQCX zJeKJp8fGml^Kw6j(V}i>HQN|7+N8$ScvpEZ>+bw;*D3Wb{bjv9SII_+ne(J@n``8Q zZ^k3=E*Md=D%=)65|dXOQLBhU*o( zxl^~pcfIG8$91RN$ZWO!Zo-#&>Fjr4?xESovi!7muY;9Rc`bgq7UuRR1DEuW8LG18 z^GE%ls&FAT21Kcb_LQ1kgS*M5-Ivn>JMY}~%RdUYuLlK>!mtg34{pX2{N6JUOsjsh zKbG&eg!R4ph};CPmD~hg-et!PEU^?3e$3P*ebGHxeV!6teHc51))zQ-_?(h&c{~fA zQp`Q-KcB|sBc4HB>zKZ}?+e>Co~^i;tu)^zz6R6UG|WYK0DmzTgrs=;w)KwGOVYO5 z%^sLxpJWR9KE%Bq0TFrGP6|QlqjHYtc+Ut82mL*cH+o=Ik(jjckGK_K zcVLDSnNsx>Xaw7}5s4?*CMJElx7F_1m+gDde=D+aq4vsnFj=Eg_;>24+e#mUI<=iR4aAKxuqJRgp}Lg%L=M0YEF_fHC6dt4*Bga2Jiati9Vl--UT2h}cQ z*8XX%T(oORh`y68r;)N;u4h=kP;+S94~9SaCO4hT*Ni^FD6QZ0y}jFJ9>oRo@_HQcKU~e5y`o#bfrwVvwljJ6jS4-63`1QLJx<$O9CRrRC%C1x zkO|a*>p3c}yHq=GEk=fb`Wb`(Mjtl#GfDnkl^nm5F!5Z6$^fafcvsp~g#UaExJ{72 z1QJIdno=Hi6I{x*VLsyg)H&JP>vj3Avwgq&I>lwrPFH%9f%nqpvW7rO(6fBAx7wu| zS3SQzPH?c(oh?;dQy!(zT|XRZqkXV*_VO4Td7Q*#_~Dl-(C^9za_`S{0fo9NDRC!ATcVQ3)IMf!V~Z9Q7RXsZVh*k6OH~D33CW=?~+93 z{;CA}o)WRXE{i@ATC?f*^W!Z(B_rtN*hv&v0Ycu?LMOwMuk0Ro4wuf2&GlrAn%tzJ zruPM>(4kCP?uCGm#AI#N6%K{+3wqBeDLtHqOphG{0^~@3dt&{$>_z>Cege&i)Wx~E z(Er@+7=;Px*Ek^`TJHS~#AwHo;%j!dkq#4IE0){J;(K;*c737)jaqs#I%rs0&A#7L z5PpHchxQ|VV9+&Hb>sTX;U#IOLIBlRQZ!(pU~ z0##Ia*`Z3%^@eFg?hEOo4T)*AU?~!Vwbeq@tv3?)zstYg9e2NSKAAVbybmcnQw1ru ziyi@Av*zZgF)+gJ&rD*Brxni34kvP{?I_HgnVH2dI^IfdFh=R6$sraAU$%x_q%_M`_4@trR85k=N`!F3tM;iVUmbU0mHuc9r)Y?#ap+v<=Wd_0D$f ztQbK?ftbo=`%k@-iH4RI%hd7Pw}%i1rRu)k|L{4$(4L}7aQV+Khb(3>t+S~Kh1H(m z_bi`%`$nI?V$J+{3aS}>A?GUIO0|3Gh+AYwCVCIXB2MSI#jtkVNfEv}Y9VTNws#Jy zKVmUS0s@_F)qeI-pKpvm>O*_O=IKZiH<-st#tNYNWn zR-xoCm|HyxsW${2y(n$eTxN6)H0i_O+Op@M_N zsf#g@2SYzG*}~eRe+)X!6>NK@gUa#{2IDtysE%_!meglfa<{p4-0 z2faWJZGNuq$n03BlF(AS0~V1lt2o1K`#{uSdE&3NueRG^q^%(6I9<-AG)yUUe;`bx-yz3@F3_^0E-3!; z4JktZ1KV3BD|0+o{_gcS#q8z1Fp|=G_r1Xyr?nDuaL<$*$IG(s!Swv*sD*xVAZoo^ zA5I5Ne6Cv?ugCFbh}|O=WP6*)_3Y~1`p-quS44pb-472oPOEH*zV_}LdP>ieFY%Q> z&aN@I}+V9B+;p3)(-kXY)7Miqzb}luSqQ|pCx97W~rKV9zr@RIIC6#o&!-FI8 z1(vE{K;#D)pxfIwo>R8CK2!!E!iR)F#QAv2p5xa5E!aBNxX(-HPTJqUC*XD6x3Hoe zFA$TOo|8B$Qt#9D+tsGK2!pTRZ=*g5?^o<;f7)KPUU^#BpS2}!+h_Q4c|^k7ps>8Y zdE#bLDTN^UdeQk#Df(B*s7>R63;&!8l1IDmDJP-wAWZV%KKWlDjM+CQ0ka{6G{61W_FR0iqRAYo{r!=3e&7qtG8V>ix16A>4e} z*IJ~$_&03O8g*F_gPv`otF#9d=zt*N$*waQ#Q4R)n^T#YNoiILAi|XJBmD|)(aR^5 z!TG-O*@K?`aB#?Kd8rk!DF0Tm)QWv#w@iqN1CJ2w3G724@8BRqU)^SlbcV-W^ZNpD z)a>fYm1!~xxgp95l6Vi;1PVk&DVSTG-gHdeKX_u#G~HhwthR0IkqX_Z_-V#=n614< zB>jHdetU+i&vS1mYWyRmsw|UU?0LV5+t>A_-0jpm#yo-_3r0nW#5a}W6u3p&w;vOK z>ZYl_KBQN6c#n=|r>RnMr}{4Lq@{7SxgX?*yc52-33Bs!KC?R!KJzR0S)H8Tg}y|n zp|yHmHeBMM3{DK58~8l#o%ZK7l*Dl8yD4@S`R zN!jf8>Ju@RU!Lc6i|x0iA->O7VP>R)7s(oXZKw6`>niDXt+*BioSti9NIZV+WEwO| zc{p*TEVR449KRfhWCvCXEiD6ES$M(*YEU$Gch?paESoEe8_Ubd6*e?v*3{^V86m>u zMU^%6xLn&rM>8)r&~R~|IymU1fN2@&S(ui4f_^r1goMO!*?K&78A9R>e4(BPbCZDR`$A9-*h9M@;&X=G?C)C}_Lt)SfDcdAp z#5CK{t=ctMGg({3@jR#}f}aBWjI7=F@!d&=VBk!7xHbCV$}uZd`sueVeP`8dyOP%N?<}+# z;$d@so7fF+#bh1G{?ryA@AJz_4os8?$&$$$d|t6x9hK`}1^p(;pb8-hR-%@qW;)T% z`2immba{N);j_j4b~-STK%GZfnvs_tej`h$f2@Cgdf>Tka+P1uW06W#=V28R`qA7$ zQ{#Fj3tvBEmO}) z)BktzrQRnuC*R4!*LAH1mKY9mhd8%q(k@weR)YUmZe_5Ib5oIRo z{gJTLan?`Qey{1IEmPngL9D<47Tga=Nc=e(TU>~d{ z>tVYYfrQP`*yH%VjE&}&97NHNopRjm-}|o8d+4Y@=&MbXx6g<^VTGnD6&m92C7uMd zUa>R;>VTkm{=E+tavfh|hyBU3*|WppR%wU-=JKkbIxYK7fs51$5)sc2@p_y(wvugW z%6hNzD_!{Y37tim?W-aZ>OE#sZ&1%B?e)pQs^Ovi>4dlPx`}7!5i5x5=Mt|I_sR_A ztPq0L5b>)fDV#UpJ(KXjO+kV1ySu~SZi5APcSvvz?%Vlx_p7bDySH}l%7y8FE6oac9*^06f>Bg2w3H`nLO!H4MVOo7{#L0=q9{P2ce5HitYDEwAY)b`qaXwcc(E&tn{ z!?qos9Y+wtk>rL;t3Vt=WFwZFI)*C4)>qruRLGZiwV76WjJ5qQHjRtqb~66xHLiKH zS5kf^%V`kh7Ay4mOaaZs4q~Y1&ZwOI%omWPvEB%ZoLxOB$cv{~0#)DvTACceLrz^d zyRpFXBOLAYmHgPld$X^+$$Rh%sH$c0b0ZA&5OgF==1~2~pmG73Qo>d_HRN96FZMz7 z2f{(Cz+oL7K&pFa?{oh>xCfpP^1@+lH^{` z0MXCpZ^>g!w%QjthxsoRTdfLt=}&#{+>vg2XnUAz{KBLnz6X2icHFOE_$wq+0$)7v zY%*mbfgt<#_zmKr@n1s0CQZH!xZuQO_4A_;Kb`Cq^v~$`=UWnB$crMy8ZbI_i{kZ14B&$k zJb;RI)uTN|=LLo4+4uZ>aXp>g6=}4S`yHV6^I9@BU2S^@Q!rz3dH#KnMeNv(=<}n# zhNPsiq$Jp|zWTBjjxeUpbezg=dp=aF27Q!ylIO05EV@Up&x9e%lbYT6v59@9o1X(E zd-h4Lycm|bn9^=%TyFg7%0Cdzum%ifBB@!V8IY?jmgB`d#2If>$FX1>cRTZnUL8GR z@2WXSTafjWlUW=Lp?o@C)uIcsS+37ZM^l)7y!HDbB^Hoz$9rvoV)$^L8y$Qoe%I7g zc6Q>m?)wOx$ZhE#H(7o+;{AF#s^c;0(tsTeu=4sf*xq>Qr*lb{|4zJx*l*b3dKoYKXb;ak;W|<#J)*CS z3taA3XK|UP7!=6dWHuPwzoeaJ<7sXB!wvmxhxXv}=^&T4Q9}o8p!2Y}r_eVFF76L# z;pvRk_C0zZZ9E<{xkVdMS1+!vYS=&Y@?75BxUthsk^V`dyMdecQfS--D&b3MWPof; zPYMdy9# z>s#eF6;l8+3ZH!ct|wVqoxp&03#hE0|G`WGMxw(leHStm`L~Il! z^=PVPKQydJz=MWnM@hLrr*&M2^G~Z5DOd01OVg;hc<0tzsnx{yG--s!caDHkc=~&H zSK#3nrhw0mncdTVvDw5bCSHvSw<1u@Uq<)#fvNfd@%CnCjR$}^`-gcR-|HF-QTf%Wo%4A208~7BU>}F`qZ#+zJI5#vOcdf@V^e< z>UlkvQf9FsjEs*{Gk#IG8R>iV-0zXtc^kE!5+267mI@F? zMn)Dm3!we|bZl%LEv45DXHRc-hlhsZ|Kk*}*P{adCQpY|y~`_0GK_b-a_hcZEy;TB zr{pO|fw%mg7x!vmNK)F`tND3(k@3aw@Z#rnNy(_+_5Kx*2(%AQpQ+Va{h%JDYdRep zzJJ(Y1pJQH^g3V5&)Oe4;^J!aC89)h#c`V%yY9--{Ms11zWPuDjTM_u05+iJ@E*YC z>&nYR0^;M3jG}qJN#cIO4d77IQhI%9>*~Ab_B{?(qO=PhaZf$cXofG6nMeo$GPjd^_!hur6BtESvudWo7cTn<>eQ# zUL6OTs%q{BIOw@>R_EsG+AC@+>bEVQ1@r&GaAcrAmVnh1U@rp)3l>y-0#vG-<0?-! z%>VN0|4fGe=Y+abU%PT+4O_Apxsw9?=j6mpx2eBt;H5_{99T{RBnooSN)1_QZp{f& zeT*eQ`uK$kd^p;}nO$1C?SG1q_y$Z?w3stH{qC242KfCL8E)q_+CG9tv}@}wOH=yC zA|f*W{ym)dhN_${dwX?tAEpjJCV_y>fs8!j=oHRwr~zDMa4)sKzwch}%c4wgI(*1_ zdzGldT4y!{($dlzbRRM@pjTI!M|@)w40wcTkWGpQFJtEoEW!dY_=$0PztGn3I2SiG zU}pEKTo9lr&5nH!?ajvqwAu$9f%|Z9gOtVCMa4L6t?-fK&-IHcYm@8iCJuG&d8Tq^ z*+Fv3+KN5Du9p4)d9iRYi?X-ja79J?XvOM8o1QtpFr;~DwYIIQ^AF~Rn8)rO8V!gZ z7}`#c1AVCYA)!wTtEr%ne=10ik~?6(w}YwwIgiKHjf1rw|CO7oCC%@7@(XAHdxs7v zuqH(iw?Kl!!`lD_Vk(4}*N2za8EinnS~hy6gSD zr^mg`>RqnpWlmXbUhsG3r@~38we0ATyx@PN+jUXoQ6=f=0gVqq-Npiy1JbReF2bJ87pX>(l zw^LM1t+ua#-hOYFKFd)vJt*C-P#F=%4}+9o*#OQFAV>D_{(%AP&BN)Ek`kNputNhr z6sMVz(ER-Jrsyv8d2TQpvx=rB8(-ZgbaX=s(9?QqD*36L4Bc1qLWknoGFyj(WdLRY zwC%ZF_im=Hsj!&wmq0f(3<8K~f5oIf7TwbFFkz}HISq~;e_UdI(K>Urwzi}cX>~Ps zpPpcl$52&U=)M{y4T@_qeCsX9oSM!f$o6UEcxeW?=;lOk(XSbBqgp~7=e2Nmvr~KB z-{;rUJNY6qU`#V0^ASiY94Sq;R{Q!0-AaHtFI(g^r+;|3xg+uKAK@b-jsX{gT%AQf zZ|_r4&U7_r7H}o_>0dBDSP4Va$aYSUK+;`dR3jo_cME%zGa1?5CdU}j| zrKD7)PyJ_WE7e2Zwk=I=>Qj8af6mXpa!?lUdU*zaG9c;b=|POkMUl^aZ!ove1R`!m zwU`O~WLe3Trl+dQ$5HJ9ufPsf#dn}B4JG8z^7{(Tf457o0DyCP^q9Jz zBv#_&|wE?*KZ==tjg>-!{?)pHy{ql8y*os{+G)3r}1-Z$eT`UFoV@4L1 z;syX+(?{5jLK4YgZ0_!#BLjgfeYen4?;hcu-m;m07V==@4R_p3$fZ?hs6HO0{?X#T z3@A@K^0kb@egjW4Q{*OOHsNR(7!g!L-lVLW_$%~0M_p+a0KnN{nf)O5mM`C2bas78 zj0Mk2foFSvEZruN4`4V2%>ZexrgnU0F{zMxbxmpH(-4W58NWrN&5C~z=6UOl9A>S5orSkF$ube29-kUSD0%_NlAqW$bW+0p%nW#T9WX3 zA6ZH^JDLJOA(iUjPoZq4#+BveeD&W&100Uxk&U)%rs&w2kqiTyDE4^v`J=(`-{xl7 z@oHe6MPIj~-4Cmp{RA0zvK-sv<5@~zLWi*F<-sb-+PS0%D4)}pTI$|lY9i7SW)8t; z8W9fAD8JWV>@Oq(W~%VG?dES&eK5)iGP0up(I>WojDq^bx< zRza`-=_taTR$RwDqNJ%R=7etQD}=~yjgEaI?ny5A0=25Q`lFL+W?;N*cwuC9{-wyu z>_}fo{mvFEkqu6w8u2qwDuvG8MGwmrROjb6l@}x6wdIL%<_7D9W@=3s9FXMhidK|z zQNh_T^}T-;R=2u|6;hYKeCh8k&zy@E=;t)1|5O>sIa~Z0*4C{Qp#DCbm=36=kbg@<6E@i7UT-egyh3TXRaVI=}29{wdlb00?RlqnQiSWKCg z&Qn%)s4(Bt<4`NikV|4>*D4FjeE`7Bh6_(XDf$DCZdHe>H)ZWBJk~gF{At8M7z7DP zipe5lZ@JaU$k0LcVg zj8#umr5z8ke^f)D<=F^;BwSG8U?EaL1L7i*0R5U}0ZRvN+p;lIe?*P9xZ|Hi8fd_$ zlH6^FY5jZ1kNdUB$zS(Uh{)spj|2qiLVwlSM&kfK#tna^I%edVDU&TOd`X$HzOR;+ z_;3HH9#R07k2X4~Hl_1>5LRef2FoJ0R40l-Whs|4CZg&dafih_aKnGxI2qK+Lowq4 z-eWpO6rj&jmVtj1;GP_uzNe`wE1NpQ$4wfwjMO*`z8z$TZ~)h$R8<0R);`Rd&tqA=6sdiBxPX{t|(cM3cue#Gt;MkV5ZYk(0d zh@NW@>nx|Jh;Q)op*1?Bg0wcp#z7KOR)`uA8xEfGlL4Tm_Ajt*T8u~J_K(8@t7vO8 zG1tod>5a*29(V#)g$c#W8LXXd78Y}9U@^CC8F|`-bS4izDAdp+>>K(*H${TCdRfB?6H8ArnN8zsH_J>Y|&UG9W;peG4VfR(|PFx|mGUr@sS z`c94-v;S7qkOmrrpe(rvIGq7ctjMS_#v65XRlQep6BVL0U;^$WvN8c?A@w`B#CG8{Hbg5K zi%Da2CSzbR%EP*$9%V9G z+T^_IJLI#4BnWP5ovHvDJbXwlhvnA0GPw%yFI?A%vq4_cJ2M2asJnXggS$JFbzi?% zT+;E8ncdtscDW5S*?_>?Iyk_+Q0X$Gp=I&nLPNdV@U3hy`=1uktbC)H&W8e?*V`HfQQnIM0`6d=tDgqljAJR)f(zH$BVorFkOVdT;Mf!_HxxL}Gan(R_O9(>m<0}sfX z3E51tekc(84YSi-hJa3?^7PI?K@Q>HFZZ;*Zh$|2)JObFucf!4b;c6-?Rc&jltcD# zP-*0uu3&Y^YO+=`{{BKYO|=jUM$qAvwPmh}g(zk|vUYbscsV`LX$45Sf z2Uh%f&ILBMMGcE2N??l`Lf8X?(OskpXE$S%uT{@hZQ=(%XYUy8a=A)i*Mv}K(QiW1 z&38O~oJ-*zCN+-eT9i){w=5L5JTK~X&ajz~2q!Zy`>Zc)YdvB{N^MuM zAVMs4+lcORJFBzd3BCJ|ly@Kf(Nr{4q}+b*VgvRWlEnX`R`7vFgl_Fg>eH3kMtKGQ zdiCurKpmQF-&dmnT@bx)wHrCDVI28Fm!g%-t^tE%wKPaxzR}1?Ind6URr^dp(6-(g zYg3~)$xorTAs8OSq82ebI|>9WR(@7iW`2HP=&gFecl3`R6*N^7v-PacHSHzA{f7l$ z@N7?RC|lQ*vFWb#1nA~E(zguLy(FR^KdMWfmE&xDCK=VIs-)BcM7^~CjpypPuWxma z8*JV-=^0YlWN&KxyF{izSY2;FEm&vn154eA&KeA`H0vc(qNo3Cxg{6S>2i;W_Eo+O zVJm+ zye)DYUy4qW%vV-sXAPJ#gw^|1_XJCWWKB%k_)lV@)Y%>J5rd~{+E#XGoj%Q`?G+~Y zHL}>V2LS0nLwTD4d!GNVn=m>1m7GDD@*P+6m2^X+ojFR`HWyT-kI)D2w;aG659RQW z7j}=25`Z1_Cj*BXA1`5T?YwEY7dW`!DteQ@7gJ4~HsNbEeiw`{vE}6wqM}z%(A-Kb zqYr!JyoOeaik_0@;2PP%35K721FCG81|Kx7zA4W(0@CM8SNL}-W#1F2#+S`TEFGSf7ZrZS##d2y#){Kt7TeA3q+`hAj^qjs@B z(tCOgbSR*IFVSjcEnX-j$Cc+6Ya%A)Q8b&3B&O5y)4IA;S%q^XP@sP=F65-8*?@nD zz@QwK`I-BN_tVG#YiRjkXfoyJU7PE_8XX!s13rGefJ;8N*P#=ERxZ3LQ;dnLc|am zEaYH+KX@KU*G)~6KcUUfu^p8^?EyY+V=&ch1_rq9w7P$A-Mx;82OU$H$J3 zy=~5Mag`_s_Ib+luVh%BS&L5ab@7O^3s1rzaZ1xIMX2%d1;;g; z6~BL9SvLtMQK@APh|wb8st}VG8&l1ZPjtRu*kJjZMzx?)X=!RE zE$8u8*~!kbNc_-M2J!GPkQ&mS(K8Se;Sye6e*i;%VdJ5qMlu`=SUdQVsQzFaioYq7 zshwjZCZ-pst%!ES0_v+kC2FSLb?eK(=&$@$`UKrfKj@;c86*DJuV3Y4$El%Z6%|Tt zL%3AfH^hnq2Zy_%fjMv-v+sk>7n(#3BKJx2iHW4C=LhvGWz-{W4v%v|K4ufco!J)} zCWZFsmX-BgwSU5^^ne69u_4(C!ild+$zpIRfu1`Hw$Zl&4@%Y5>kWGz&2(a3q5%Skjj+i<~L@zybD8#{yEM-b#g*b(=d0l zvb+DBm6au<5*dT8qgYJ6?=x$}H<+oOt#T+6uJ*eR>z-o$M>G z0O;V65a(hosL-7;(Q#{04c_B{|Co}3oP8|re|2{^2lqHs&@xiZdMEW#27_VK+uUx= zDO!thPI6Ztf>pKC6UPRoYT`A2xl*U2MA5FOFG-}uL@Fp-vZ38GaFU|a%IUiJ5 zLg^awWt4*i)Uf8cP!-(hYNXcDwhTdn*C71sk{W|PXO>d9g#y*lfq^q9MNrsqZYhD~ zq>xKK#_kc!sMPJmm?Cfpy^ z;cb1#eBH=^zrdn^G*b1{LR@L?!=Np06FlxX8dNWOs<){4>u{jKGu;#yMQM`&OgpQ0ibTk|2K1H^NE}zio zrlaR+ia@pf$c>yWLH1Z@oL^Z3ikt09;PKT}8>Ogwkqk_ZSuvAxCkjp4(4#b(Lb=W> zORzM=_6K7Cm+kjCu_Z-2hr>IKu4A5K@uvXx_bQ6?J$DK^f{7itQqZWxDog@8-bwKz z1B+37(o|OtUicB2E1pn}w_@o>c{u2(2|*-DtU1aYme*o4C-54xzm8n`fP#iSIgX$c z4xy4=v1{iu;Dc^okI#{*D%<3~0s8p+(`gVWS>xaD;^L^5GW_%4LRks*MBPu;C1V~U z>g5i=SQA1%laMe3W$o(r&&&Mvp6(;uV3+Ryn5~-9gi)&C|L}nQpeEHg%ztOds?B3! za4KkQ98vaptH47zvKR#}I0Mf#VaLcPFW3W<6pNjr*q#!w<`$|wS;34@RL+8Yj`~Wf z(o-s=&dTm~jSEtA41q;)4~By~TA{h#oFaY}+HJjc9*PonhV#vJ7FN#Mo+9%fK?ly_ zJXq}g7egqrxQ0s@$tMd!@5KcUQm_lT{JM}#WDzlt2+G44-KBxCFfckG_CLGKzl!G( z>R)B0Gch@o{7iCm#Y6t;J6oHn`}KGMwG{+fTbZjKC)0_BJiv=LiQB2^ulBAPp)8E+ zI6I56QMy2({1@HfQZx?U@?V@sxQXHD+vf7a9Ny*`ss2?~DvlV6NL5x5SaOy25J^!Q zJhe@XK>sEal(*qTQC>$;QBr~n;^ODW6aVr46PtE0y ztkOY`%L?O{!5QDdnQ2`m|4Ui!8liQ?A?4l|OH_0FyN#t!pO1#kx?@vneB*I0H2SGEKVMQm)2 zFv<0YrbH8WEgT~4{LMLVeWYpd4GnU>E6K|Xejt;B{tgXosjsgnsjT5$ZnS~FpMg!# zzEy;G$V^}-^+2`}#l%jInzU~f%nYrNO=CwuF3SHq3)a-hg2WVX$G{inL5+W*2T&;a z_0{@aK+xy0NKLf}qiFMKDQ0J9h0szL446nUEK5VN29QM2l=Kg;%LT-QuExVlAFRn` zITy;T9G1U@a`o6+DtdId(8~Ytg?q{i;QkEzL1|D^$y{wA$CH+hjsQQv>L)5N5~8w8 zTA?Eb{p2gfm11T})sMq{`0Jnx`e3B@XByAX^zC9~GA1gO4dA0Atue7Lc(WZ&)vmbIP@$B8RwQ20XDT;32vBXFly%M4VD@bZ zNf;n8M47Ur;72rbwahXGR>~2Cv@`3}c%rxSR_4gz!zzOYCnBDbh1dEb>1oD7{HwFF z;@P^arZ6JHr1EIC)1x<0r{0;|&(DDn6_?;vHoCG4LBCem9%_bY644;*rxB%o{#`jR zjff;Hv4mLXo%SK2PmXM{V#nn4@;BQ7H@PcJIrvsz?2gu zH_G%mUo%t{*$tO2_^NkYS&xA7dmf#o?~j0zk7tU0b^LokUAIKTKv;xq?hwyY12Nvs z%QIw4epxaYyBGz@z=wPCg8qnb(UAWaE`fZpbDB~b+DcHsYiCQLqu?b3BDaLBA`xT<^lqP zBeuzQ^DIKpIy3U*+*thECC-t4;p5$JR%He+r@@paDfO9i{*>5jmI`m>o=dpG z$tkitS;nYOuJ_NFk#iEnbvn&Q6t7^;=#Gr8(^;_*M?VOe0Wj;RTxsqFkMvRKh;1fJ z(0oGUltkmv*GBY!ek9{l^(F;`BP#@Fg;y}I(9b@`#H6H#`DH0J@0f{ZH8NIKQZ~9H z2IcRIy%2s#NU-?NaiG!L`P(Sbb@x+3(ut;1W>&ZQ_~AX4E;H#d_CNRWzo)wX*FxL>gE#)qP09Zc-}k}j z?o>S;yB47K1)bT|>~v;k{&}WjZ`5k;7?9CoV(ig-Z{QM@nbmsp&C5&Yx@qy|xXtUh zyH|ER>&eRQY_{!e^w%^Dd%6ujQ+D(3X+U9J*-i)VeOgaLE$=0@Z5!>A~(ou zLg2NydDgKC03J>~|7HUqOqUU6_}#+N+#`S>nOw{^*;I;OSHCql5x5^diGJ=avg-73 zu>y`pd##h0Y5n%_mGxS?Nw*e2SN5_VcZQJ9CUjmu3iG?1G4QpE93N*qn2zgsA9Pi9 z>_i3;=cE0{Dw_ob0e)5>ur&|TvGXSuc^W@fw-{@GDk6UOe zV&^VcWu7s#YT;COe&8uB)=Te&rG194u+-O7h*ouB)hoh^(ky!VAvEa)b7-kycL5Np zGmcC@To6(Jfinn_D3<6efDfT$btR%MCFl)~yn0Kra&-H-YQyU%PGma0E&rbnN_0My zuIBA6AK|&$+>2=;W zATvDgJ%Il(GWu;@_4*y1;N*ID{6pc0O0oQNdBy<{>)!^PFM0dOu3Awy&9J@)|FKq&C&R9Esopqj+s{w^rn=X8StO<M&j7SC&XoyiTwFA) zqGa$DRJ}uhY&~5waB;WBb~c;-uA+Rs7^n3014xOz#Nl0y$iJjYvTKh$09}zdI?;7r zj7l{zPr^wWioyVpgl+=Y69rutooHAFLZmSZ|M0;BiI=AB_c&_V;{fX;J!YXy2i+Xn z5TG&*1P5IP0PRytx?!4SAK-FOm?{`cW;^DKconV>f){;h;=Nkwh7hgl$>EoyWNEi~ zQJa{No#_trLcM^>rs9H&SJH)L6J@e6VDHd*SZ39d8gSm2LxNVVk9A?eG0~B~;p}*e z94+j!cv(_Zt& zk?o9d7${b8_k=&gYk7|?HDcA{YwNM^MtS!9g`~sMN}Jvv@ic|B0>ER4k*g2X!+s8> zaJ{VdC%>>*Tcst-{R2?wqR+_ym5A-bDR2ry9&Tg(y50>0+_x}cJSvR6E z@V_C(&`N~%y3pO9@jN(-N}I|IZucj@M%0NkT7B=O*|q}4*`*3g zQs#95R9j}T9ByUN-_G(XLX$DQ*KL_wzu%j8OeD;{-HARkW@D+M)*}H+Avk9^ESTQU zT_0~IvI2>w9n})I%Mk5jJ}DWpP8#Z=#JX{5B9kknG_#AEGcj4JO(& z_f#lC@#b#Z&nW{T|F|bFc%0MZ`N*}`lh>YhmcLrf-S1TRN1D9Po-X}JmECJ>+VLL4D-9GH3=`1Ac1yUz=ZV}y@zz>t0)vN#vbJOA;&q3Z zP|7_hT-1b}Kg0zOy3Ni0Eq$EKjF1o4-`qjQLYv7zrD1fd=mf7N^_Q*jK~G!O1Euh? z3e-{msrkTPk89sWDR&>B@QRmvFha#qX9?vl$0=W8CACMT&#x&#+h0I_TfxcW{FfoW z7OhE{-&H+R>h-fgpAk_a|Dh`FThPatWdDFN{|cxp0&Sc5?Xak#G@L=E&_7ZzHBFAX z3NN_$<1}qc^V!O49e@Q#O8-OPtSjsnCZR)Wwym#f37metQmCl(#q_>{J_*U9?M?tn z3=GT~vuOoB;UD`$Byfw$l*Zp*6f11&f!3$6;1T2a&BFEDD2s$YNsVuL?l!QvIr<14 z4uZPz&f%MWMc!Z}PGNiME4m81qc>tg3<$i~HgQTc$lzRo(DLw?SOU)VrQe;j(S)%K zljc<5nkEW`9s6Ud_DttSFQA*^eY*lU($)t^z#ZuXLkuyIhtRRV@ZB3@*Z)zw5sJF7 zNW9L3C!sb|J6k`fyYpnaxWB^y3)5HeABOY8B7Jb+bNOA$lXch8qz9Y&)kKv5{Ju)y zH5`CAV-^TntLE1KqJ9XKX7)Qk3zhDX!q4cEJm7S&?*X937Jy@lU*LCG$@e?kBB~hE zIxyHYL9pVp_?L!6mxLzUrEvM@$3Fs;VILIIm>$xl8TQ^s={5KHmO7TgWG=(+CHlE; zuO%4pH1Q#*0+kY|y_+TLk%ry_SIb`5uEkD~;5i#5NIS*q%pFE#u2bZ|?T`oUg5jn* z`Uw?a=nQ=82D8u7+5^q^Zw6oGBt@CM>z!xZa94_>c)x)Ho8A!vCnO_-w>jG71KlbQ zqnkha?q;Pxj`=no%k_YD6?>;-2~8s;%x2bKed&N!hL>iG8Ac%1B4b^u}JM7BV; z-o8~JR=1vM>U6ja?8-F+fVkMKyQQt?+bITgdXDJTi{MtS)~lTKwl4Lw&7-dAe=Ki6 z#og8S>$Cah3^KQudb{1#;XX(pvbE#kIvP_h@Y2_|0;f5%ZxjK6I4`d^r&r~rP8%?H z&zQ^Ws>TS$U*3Lv#~h95&-e>;2^ua?%)nJ9v^Q5N%Tqz8{rLmSL732YEdW$lF8MUW4cz@3SF2gXb!#?`VkzTt7(&y(;-$1v_F= zS{Cg)TdX~#lx~$k-X~F=CJlqC^O@obI~C{s$XeG{pi=XavnTreoB>G8j~KiV`lqI? zzB-wr!m{3w{IK9s}%Qj!(?Ov2~|?F@a>NOzk+51Mbi7F)iv;ztCcxwkmCw zM6)-o_N^{l1=r+2SV5FNt{+^Db$kS9IBW6^okIvjLd(2v<*6#G_@c&oAvpe@@iRk0 zahpiXA_(j(JEPJ*y}pT{w6(prbgq;z&Ltkh2+efhjo{=f@N&}G4W3$Ep&uL2UD8h7i)oMyI_Mg9*{Pvo3rDdm`Y!F8d&~J-#oZpn9k^~B(vDg-O{(=1eUXy zEa}(G-(-Sl=}=sCY&xcL?~|K#F}6qJR=Fk!FwaF@w67a*s@KQBV1oSo=`Z%5n=s-3 zxe14jf$`rqQ9uBJ@LxB9w~7LrdEao{(o8P53!S-|7q~xu|I$06zr_*=-_RR1}i470`7v(lK;$(?!lU+(qs#&`#Z$;=_Ydvvh20 z*~wAd+xlg#nTL^~Vl-6Wa6xd`D$VDZD}0i)pIlBj0|Vp-P{{)gZEaO`bxme7A@PCH zsZ=bYOis7;ya1@jU205>r8%H0Oh`-Pt9Gu5k2j2iSKSzYsghaCE~0G0X1{a) zcu}`#_b2HOa#GQw&NB-LWbdqirr7f-Q5t4E4$&tTUPtG|mRy-I_Bn`j;G5eVz->fb zrF~MDnOTBY`B#p*3ZX7}^2;UvKon_l!Q}7JgQYCTH9xExdCge0`@6;XyBN`891c8` zi+TMM1^=1%45#~hh37+QS%H!tx!dbWt#y5$DzfFCm?=%F+Fo>d)EU^>6j)%|^v&}x z5PPRdVe(M?&=*s_MC;qB=~)M6YyFTu&cM%#YKVUE($uNNma3xG4RmDF*PJ|(T_pEJKa4aUMWVvDyk56KKH}K*_B3?R;VTNU|{sL-FbMp0HF^! z@MOMog)=S^#_CF&fZ(mTV07!}wU@u+a)W;2q5iVUUP0P+9T%IMy=PJ00+6GCUp*Mr zIvF}I=jU!4gw3~ii_sw*pPANEZi}T`8gC!^i=;M)eXg3a^d1S|Q5=34HMp5=%*0PX zjN9#1y@hVB2xley1TN7;Mdn7y&FfspxveKMquSJu*HtQ&Do zi7;{3l0W^ya=kn=b79zMsh@(ZOUWc(Ty+;`nnOGch{9w*hkH9+tku?241RQ~&)1z= zRGFu)-hr|rG7lAd)!Abk#_h<9`lH-!I~j>DsG+R_5*v_{#B1izx_n7j?-4}nuZ>71 z3sBJ7b77O(>0Q~g73h4av`g2n!=uFmfwrF}X;horRKU-i?b`9ugtfOQ?-tUUq~diE z$MbmhviNN5b09wJ7V+jXU^RAR&Cv<@gMW|+;(2<147v%~a_$?t9*cj@ZZ}5|jS9R9FWP77GbyR{eoE$4%jxLV92Ek-_ zg9G;Zxf~J`nU*%;DT0< zQ0$6xF}wz;Z?L%VsM6*b+mz0C`WZ9oL}yM<-;I%jjub{p{?}@R5xGWsm=Qk*1zI?B zgONI}+L6*OCzZ@^Qwl?KXjL+vfEYVww8=5QXTJtA$*_|YR%yqWE6$5#U z`m#S^SDkhEYoevo)Z-AZI1|p1Zo5wmC)shI$~4rNz@`vARfWKe=$rZu4VqwGTu=uW z(=@0O<@E>tPN=wwXx}moWtnDSHe235!#m#H<+_JKmf*AmiyWcl{|Xo=Y_p#<+}?e! z)tKlPWofS9df)i>#3j6uH14n*pV4HrCD@6B-}Z&`hLQc?>FUccYo#71Qc|nfN?t&o z9ts@HZRNeA$rep}BX4n@jmu-k?-udBYa3U(H8ugGx1YUe+O@2f8P9tT*^}m~K~7eW%N% zLC)M-Qdr1PVPv=i_xt%Bhs4$v)63hkt>UWh(Tpco&3DFLUNsIZiQLlpp?7=gB$D}v zk%as<#5mccAEi7rU@$If;r^fT?qB%(7b^c-`1|jX^Zz7};={l5ip^I(s5p_ZPeJLJ(svlz?>6@PFkc`%0>WnR+eJtEs%KeD;HivL!iF@K-l!9!H&< z{ngb6HLICdaExc-7n!*5^6Hat9y%7tPji%Uq_a&(!s}oO^De=soi7Q@|6cr#HkZxv z;FYXMtFc|8ua7Y$waTlU_A4||6|Tpi)G#yyi1@u^LfN6JT6oAPsU#2_7Kk~Dt1D`q zS@PZ8T^;QJt4rC*A;qDoR0Dm!~6t24Szmt`GbdQylCyN9F z0f8c_)k~1B{3Gu(dAl=tz}Y7Y4&G|ir;FF8S0*&>SM$?dLL3wMet*{;9)6dnoET(jV+Rq-5{&zsZ~sw$NbmKBc8 zAVV{kyR)tU68^%w>4t3Ejn`WqwDmVOH}%=<s^6}KKK7wb1dI+eh?FDTs)`n4; z!0uy**ZVQy$$&fOTv{gI$kdbujm!9WYEW^?PYv@QrluZMYf3iXfA*1MU8C~1J3KBl z)zlrNP#+0Hki=wBK%S^Z-E=P3$@G4ebK(t+E-!zc$SEng+QIw?1Malo| z?56|_E6ZR9vOHyqyX!ZC%y5OR6-EEfiEmA|ofYdZsXs^eX zmAz>KF-*qK$=>ywOMfjL)|{5JKqN7UfQy{IWwFo2<57YM0#Z{~{}jx^x%h?+np%g` z8kIRTM%xVv6`h~=Jy(|7=ngsxhEuCvTWhVHl7{E+(vtj%t>au)toPN?TZLd$7&wwP z%yY%m^iagOxa*6i=-11^;;xQkKM9%plcBneRxjI>=GHeZq%b1^)twHi$185Q23Pkt z4BCk^1&U_5@`hKb%uI&JHh;~qu5WY>P6&o)%u>au8T5i*O6|;jWfYCD@pCjh#2P$K zGPMuP9^CD3*W)GRwD~-@)3Q#57HB_%bZX}M=1S`=8si`IC}57pQXA@O-sg7#xI&9} z1cu&FM(vBg6<;xYTs#X1;>SoR{?Vq?%H4+rrDUq2(KQ{|ak10YUL^&J(4up|_8%ee`4C?R3Czcs|9KY4Qxw>M@TAYLwSHD_9z8lr7eZ5_%67C968$=2ABLp+x_NhyUgRq-;f5OS zZ*l>ET*D>360&&fjnU!h2DqQ;%d2|KnW(A9;zlM!LS%C=b)9_6+J)V+kjF+(b%edV zLJ!CqxGvQg^nhw^nU(9;!U>jZ9q5}*Dapng0A%X$Q9Eory}CtvF?1sc_Fo&E7|YW6 zn1?u6qp8y|5XV!TV^3dJ?C)>2A2YRJ@bCJ1o2IerqHZwb#K=haVP^0dGYF~a4IK7T zaq(V`_~MG^n|vs8AP2tdDVM`v-aMq8KHwJ^^XjaxFUJ$l$b0x5FY~jYC!C}4Y%wz} zEoh4*jGDK5rl*G>rNLIGGSxM<&Fm*N;zySJP3bcZHCuk76YbY$aKg5OH0@gAY5cR- z2A;Z|N$&tREH-L;6pYRV;!w&qsTy!22cJW)oc8E_&wC`W`Hib|JK>gW_Q{oV^qawz zew#FKA($dO3a+9R($_t5`GL<^oUY4iQtCdTv@y z)+Gf~p$!aZH>qb+%~l^*_8%NV%1=X}vR6EH(KBz<^$`YWf)&v~Aw-et`NVzCjMQ`F zsE$z>MV|60G_X&)fqjgU5nm-s@JsEet(iVX>VtM zlazr(?tc-V n*Z(;=Wr8fe|G!UT-Ol}xQ!uGmDiF)x0Ds@aWJRll^#lG3Qe?ju literal 0 HcmV?d00001 diff --git a/i18n/ku/assets/img/android/rss-apk-light.png b/i18n/ku/assets/img/android/rss-apk-light.png new file mode 100644 index 0000000000000000000000000000000000000000..21d6ef03a0d4335698aa560bb3f17a95754f5d0e GIT binary patch literal 47866 zcmce-bx>Vhv?mxsaCf`7yL*7(?!ooq?yd>$65QS0-7Xs3A!u-S_qpHq>b=)fHC@v+ z)zkm3v(G+fueJ7XdAO2-BoaJ6{HIT!kff!=R6c!zi2L*jk_7fMm=X|HF#PFLd!MwJ z@OO`u(=Henou#ar6aI&Zu8VH(gRYFN8m_;LW_x4rxj)d9uQ-U2n z2R(}YY6uOHL8wmR4p@;tP(^@fBCx^Yuz9txq(LCEAXNCs|Dus%V*fXdhT-3J|I(B+ z|6|=hw0~awXWc)ve>VG1+CQ89C+&ayfRZKy)PL{vpI`j{vb*kA8*Fb?-o-2&L&Q(JFcEj?4O^PKJFHEE?W1~ zPkKJOyl)gT1BjWJfu`pBYaTljHQm?GnYP)Sk|U^Skr0p! zGM!)fjqA@J_%2V`rwqQCla`f+9a`6Pk@hlA3$mZITa@}g4hy{>ai6~zYx6oD1qVl& zne*7VUI+*sTAZ2eknCR9FQh(ig%b5mGjQ=KEL&X=)qvl>T6f>*_yH2B57Y3wiZsBx zo6DAEpJhYyEGjBA@B;R!bFX`hxp%(_45Jp}C=SyTs_eT0^%_T4zUGX3U93OUmF6{H{enYy8j~6m3nwAg_kJ)hHm{Np z_9H!=Y!)AZq9$d!TI%WUsVLBSMIc}Eec+}aEoZ69ng%nJc~CuP(v?0|8Ms>2vi3fg z^IBQft(9&$jR*M(i8g2Bdvb;qSQF`vgn%8|VAuV$Xz==)(ho^)BM_u(GAc7_-+q-$ z{P9?_o+a?uQq%E~?S0;H)?Cx8wT+xRCUx1RXiRZ9bajf+vgY(M!M)jRdZSv$>Ij44 zvFUw*!ZOr;@bch$xzSu4vfuO8y{qPL44}!p%P{zGvoK6W3X6+;<*`r}zB+61hnhrp zRL{tNNd(aI z0e!ynPV@833)!%x4vw!J^YNTi7<5(SS6-tF9Wf1s(6B9IYMFrLL^iAyToQrG@wz)K zL_n+tXYTvq{h;3%|CjG)!}}e24(< zY60V|aK<3hzKi>^iS zMoWVWkI`t4ceRsau5(rnd=}R&I0U4R!6|>JY!9DEUo*F}BoyN7!E~XIKg>-Se5~e< zcC6DvuY#qy?K zwVfzLL*vXoTe8PjaLu1YXet#W>wjHW)O72^B0LhqrM57GS)inuLg?K5#I5g-QT=ok z>-W4I5}o?E*wSr0t*H7RkI6*~3|>~2w$jPF-}j2JGz@&#o0c||Jj%nsY5;0Km6BHo z%(H9V8e@!R3!HrHCw|A>@O)d~Hmh<5a|d(LG-$%;h z&0*-BM%i%epypZT4oXG1zY_GY7=)<@%aNusGQ!vFelJBo*r@v^>*9#Rt0iw6VX7xc z+~Dn4FJX*%^FJ6B)%Tvq?Ej=rW7e|-F~w5eSbBO~QPV%WmWlE2K`E)gHe?OSrqudY zHzM_<+xr9Zv)5H{ioj-Y@xNywGAr2A=y^qYbpqeYMC_CW^`$mtRkaSwogGaGiIWSw z+<%wh-8F&#{nGTv_Mi!@8YTY{|LkbIJP=~CJ%cTXCsK9y&=p*$!Ta{ooGKMqAK_2X zbCu;c9EUYXQ(!)xl{6$3H6$Ob9{Gsrp>Qcw{uShp({X^KBOUe0%M0Tw2-#M|wZ z|2@JLUyS2KEJ??PiqB1S)$(r6`;h_PYR7;4Nl>Tw)oyahx9?)ND?;pBGHT*Y%XFkn zjx)Rm7E-CH1sU_Qpop*7!Mqtc%lXQR^-y5{=&kA-J^De*R>Vg&Yr=myTK@-8=|7yb z|Ir}>%LI^G$B;U4gX3A!&>Uye4kElj0X4%krh7m|Zq&)OBgVaDqah zZ}8Y2%h(n2uDdg5rmc{xg`fx>5hGwz6ikaRt8KZf;XxnXSCJ zYFJ$d{PkwfqT9>PwfTcv zq?uqW}9z=<4rP3sbag|Bzf=GvjdRjCR>Mei%@RjMI>ehkEWXWMt}NDtzJ0)BKi zN@r{EhJWdR9v@LuD?q;4aT@Z!veNmeB^Nv+toJ$jvpA4ICr6#7^mbq6R%N$nrgs@h z(0wqt$h(@aV*55L;pv!#9Nu`BYPjX~gy{`d?a3Ig+4rQ0>ovCMM|UqTJ5AI6A5ekm z?g22?d(f;xH8L;Kw=7Ww>5W1k(gxCj?{$QF-1f?VFaVqU6da`*=aK)19krR4B+3OM z!LJ~-8kVn}T_=$Qdmm52=B5S6?ADkeI9)G|&sy<3A!f|P$8(2fOSF}6Rd0L!Z*Sz- z#>xryw$tWjo#ryqPj7dq}m*1Y{Io-2nEljsaI_)nLMrP7oMC9s` zrhSH))>fQhr(0_d2hLTdoC*JkN_+FJcwolgQ?8jYx2N87)KIfsgu^)dV}t%|_LAki z^}3BP%V8pJ_P$8c)PH$Jex^f#X{xL()_u}!cMhGO5zGRo^e#<9PHP|+Y z@)_o{QHX9ZClB9^d+dlIS*Us?g8x%4JBRB$d*4qqS@oaCDK#zByL9nt1A?M*m4iEL(oFh z+tZXbIPOAG+DWXV!VWU~{yql>>jA=WSL!PeMCRpIYMz}VJ6{@I+F`~&ZqWYx7*hxx zHaqu|QC2B&mj5zX&u;Sf$yXqM?H~0-_9{#L_Sc!i_Ov|Iw0~!jGwAN)>)PywIW|G} z{%Wi;DV09oS}1ElqM65jD=Ky(W)kOnlDSUJO5x++V$8>tgREm!!JONDTF+%F;;c0I zV$JarTCdUSe02u`+Z**Cgt$joJc86Wc6KejJWl8cAn)?@?O#(GOM=R|TPGKr z4AXA^d9NK~Hd2PD9_ngNL!ayR*4tX ze<8R;ccK{qk7i=KG86o>wh_6Q*rP^N_vnJK{&lPB9_95#FXtyq#)0GML)Y|5vkxZN z;W}wYy_qQ4T@8GO8Lk|K^R_r%#vyVQ)5NX%+EC(Mp_t=mh27qE5Db=4@KJhl8M6Q# zedSEP(9%e8cfA%+tAZmLZ`Kt;y~Q~ zxOpxe{@s#oV$%G{Lc+c1O#j2zl4J zN#+($L6Ej))!Qb4$>1Gdl^@rA>oo#_Nx!i=H!$yu$m~$P4Cjsc%5jsTm;HMFNcp@g zk~SX<Nc@j6E!QFB7=7F2@9b_|GRsTj;1SIXCACcd4~(T*79xlL#+f=RPv= zIt3RlRQbA_4aPwZQirXP50Oi&XqtL=2g&~a)mVYFteac8(N5z%2Sv@ceSyDf-%mtK zg73yI(1@znJzccNVZp$W7yFchsk#}e!{)w2`v zq|Wj)X#kmHww>yQW?502SFy?1hTd1n*@kB&P2#n7w!g(Co{ZAuOhQDOfsT{I{6RGT zSdGOu)TeQghfBGo>8RB%|1TtGkk|>9ev^(Ew!&YhIjnVf-Uga&fp$*;tY%~?-#UNH z@1K?&kT;8%uvRt#p_XjX*4A%>bQgKg#(Q4{m|K##4>f$$oqa%ytcGdX+0MSzGN%aP zvYwhU240t4*3ZooPJ47y@kXX%&bDv+wEdZ@3oa%^7*Go?mm0F*+|)_Ev58G_qe9D_!$m?z#~>10)FWti*oGaac=P@? zL+02;(dJ?WN07(AJA7BoGD9!>J4q1eIdgW#`uWdd47cygaN?pO`CB>FTkOW^G9g## z(o}sTTwd+F`haVNBBw7l+yA!Y*oY}JLq|eG)#Ao<9ze<0tXzzfHa`P~p2>OXWkrfvu5P!eL6MZ+|u9l)p-%z76YSE%7g`mD=ChdTN{N zf2gD8W)`zjQ?pTXisM{8xNP1ENrh@?=;&Da`4xG&NGG@n7%2ynW@e-<%XlGu`*U1@ z6O6^sB_*Mz_l>u1T(08&=mZxTG+2wBJJdJ(8W_nZD&blunX7wYs~>{+3nffZwHs#kZ$7F?hBT}(PXR5;6n0f@QEe-(FY~i&5&keQlD`tz zslRJS%VebgT9{k#A9`{%W8&oOsOugq&9SpTi;0v?<4P50=kd(1?QC4hWe2I()zKb1 zPM8~Ls(Es5Z^oa`pb&4ID@FO{H8nG?(QhA~8>>-QunwzfX3Mh9<+7RunM2v5L<{}m zIS26Omn`6L2A%P`jnku_MCxgl*ivI$i@E`#1pq>80^8UFSjE`f8YA02=pydH^vT@9 zFy}U>5zEBERWc2uB(yh)d&?UmDDTh8`Tq4@%Z|-yi)r;_P5~{%@|TJ#NWA;Yj17Zn zMS1-F`GVm`_QWph@e3xAS25lnQ^aH_0@s3dn?tiy07Gx%&}lphqFYA`qi^+QF6hoI z*i2H4biWxeJT2@G5mzzL&In7?+CLtxrPXQCQvlHx^c&POf;*3Wb=`}8ndosMc5Bj+ zeQ0h-Zis4tnsM2$!D&swcN2ST03Kxc&<1VZ6tg65Ol}G9VY*|$UIE}c^&@58@?4CW zoMjYdUlM4#mj+W+TZJ-6O?6#KW0eA1SZ+`pE7d~Pg^PQ11~CL?cy`vwEM-ckk_fl&*4`5Gc6;_iebER}H~6qUds^dcqs4sp`!Zl5{mT*(B-DxSN#QOGwsPbk>{~ zI~$-)h)?JUGXQ^F=ye~BrmU)(P#P#1k-j(|hq$DPI45s9K`hYO)uvLcc0AzcyLo?M zchuJt_9H+Dc_REb;W0kbD9x4M1Wdo8$WsYqQeg>1tZtE&F`^Sgnd7;@gx1JQCa{;wDlNFl_Z+3F1D$_SwwmuFVz z*?=V@cOZYPa1+mEm%J}z@6@p`JrLp?t z=IeTVOZxH9qs&DDX++q-~CX&QLjFm~rWV9Kc*m`IRKl7$r@~B<>5IaVlMu7kz{TJkpmQ%*DvfdEJJ+>Ni zl-m}RR=A3~0mtmVXWXlB>(@W=!;$PV$>oK%mzO8qVc9GcYYks1G64&IkJD~q&Qi^J ztw#ltZWcpSGgIzDN5QqGmHvQtCzO!|T=a8nQIWdMkY7|weN>q=Uv}ThQGyVFz|Swi zVZQo8vop)#May5d3Nva&+=Ir-cj=RxrR|B%@%wn{w#7_k9O%d-Vd-}Z3YM*gEbhF# zdSH1S-+7W$Y9$!IA1ujOYDcMKK7M=2?UZob)$^YsSVlKMVeBRs2rtv?U_%`O-(aF24C`_xlW33(Rz1u1Ee zAfSE}KCe7e0;^gveJ@OW^#3-;<&UGgRJjvBek$N%B`F`Rfm?MQKd2(dWj88qy15cS zO>V4GsB*`^ey$}aV%2^SY}zEPY#ZF|{azLcqS99+{vod$9DJ0ec-qIOQoqb!Zrf%WlQU)@7X$Om~mv)nguOU_c0yF zZ~`gXCAKj7*Fz3NXvJ@ZMnDo|a&k<{Mr==P*%mJK1 zt`~2X843bT3P4h0@C}A6V3D&PY9zK_=H)Hc>#2R#hH(?DBZ$w%_1>qgy*NBTp-4lRqHc@rt)e1f-(s9vJGOFuma-(@arLdIILrkkI#2qw7@_XCV~r%aO>T}qL*y`!v_VDM%X$& z$y_(w-5p7HcupFtRaBGUiTf{vjWKpZ9cj&3KPdS< z#%Zm~P)T>Ym1qxC$)$?J8{aWSSOifKQU*l09iMFh*(Sakx0fM37=zo5u0e#nBCC;^ zNhOkvnkO+2aZ+|+;t&dG3jW|Co@QzlScCv<5S<+3q#|FF5pSfng)UJS8R7uE6yt9p zsL8uOUf^_XJq>-Cm8G_ohkB#{C1pjMG^w}>Y)WBoc}D{?6%{SH0FFPJzVt~HGX2iB z%Iutzk+EuA`T^43)QYnv_D+;bI7}VoHkvXv*Vw7W#j?XgsVgrm8v(;?@2E3v`>19Q zx*oDs>LN2`KqA_sq5KjWo*V15VAxE)`4*oWP^;bJOP}-(n+f98is3l{o>0Fco zQ`$&(*gK-9e9TEp&wIS1#U6dX_o28D!YK@BldVxk^v7Q1F9*cb1AS6sGD*vEx z)qPZwvNirGF8+yXyS||4KC5cQyjBYLfI^*h%Z~UwoPU-2WOWnCHOm@jKGC8fC|*?i zZv@DyxsB`VP1*$9naPlez`A4c_zrnFZPv^g9hOnWm2#6pK~95S?XcvN6*6g1%|5Eg z2o@>B@E}#fLMbYNbD5_H%?3hjF z)%T=~W`;SRtz=ZEvS3p#ZHbVfrP`!VC(~L%ak8`w8H3$KI?|5GXXBxm~@SBpw6=B=HfJ8i86`IkdF7T=jMEummT|F&}ZZ%gfd!>|x>%<&^zi$)6U8TX9 zbGPEgp&Qg>VeYQUTY{4eyUwfq7ymb%qd#F$jpI7@U2ouYbJO3Ck2m7P0=h*?a5nzW zOy-V<5({shj^Z|S)|Dd4>l3(m+y24blMsZ3?{nLvu~{oOl^Tr=Gl%V0n28E+tyen4 zc|ckTx3KGl9vc(o`Isl!?0Xqc!O(g%!QBk~2*WtZC_}vVPpSGuq$=|(3XqhE-+ELa ztE*+x&s@~j_=iDmMXldW#wIjONUs*S5bP!9QK(*EERHS$tU{=g@FxPz$}3c5RW8_g z@9iz!dlUZ1d({gvZCLidpUd%o8f)=;ow@(?(R<-{@IpYe&Qr9b(GLz97JvS>;6(wZ zP2Cfyw((N;+?-v|4u8jeXoI)zd*ZE&X;xrepIPw)=h}C3z7Doi{F76Rv45|Al8B); zCNFPdPEai65Nf>;+VFUr2zUhryyk1@``u+!}f zZzIkMpmf1ioOLfg?~AsBZtsh?zOF~_DPM!9Q4M=A`|bTt_{*=tH>w2@u~v2XQ;5r1 zUJoUOq-CVc^!_<7_lWjK|2clseWfDlxb{IY5*0*#x#)&q&-=m~bQW5H2rhizQY3RH zqH{EIG!#tmn%_&7-r0JkEVxc__c=+fa>tFd)2(_6e9IZ1pPoOq4|;x81AnLQJ#2pP z59qdRcnx#+JY9hKp%o97$N|9os3~M&BVg#2w(9CN`;r5XF@*gBQb93I+tfDtP9Fb` zA_t!m%o@d0_6F$nMlW6R>VcgaZC=Z1#nq<{+Mu{G`TuG`NdElajSJw6KUe{OvmTbf zJcq2Afj4~if}Xr^Y-nDbY?FPsT&i@ft|&Oz{_4w>m!7F)RUM|C-89j{*i$PGuDHlc zJBq8BR^8gGiC1~uWgAc9$xDn`$%aBpu(8E-OaKU!sVL1EvX|K3x+Mdcw_-u~cXL}? zGwKazWTzF)#SpKIw95<)Wo261-qDfHk<^NqVv^K9N=v_d?}HjIUoaBd#;H#qW;GBH ztlNM|LP}PB8ie=>6c*k})hw{obD$fuF1ji8bE2a^30kcwKH+%AOGpB>cmDV%#6bq! zCat)*Er!SEIciw9RvYN6uhU&P%te&c>h_ay1Ka!{j0X3a7?XnbGTV-=%(L3^;RW^? zDyb$Kikq{IwOFB+2G-T@$G5a1tE-!@b_n$g`ggV+L`29M@w^-4B-bd`DU@r478%gco!&t{5}h$vBH z?5wQeQp9Nx?+}tY>6n_t{2~t+6`Wj+14C3)10`;*w-LP8$y^qg9Wk-8@k539NnGRt zFspPXwndalWT6sWv=1KLBiWBZ$e&B|L2To~kPA6ab^Tf=K8`>P!75`yT>BN7$qc|Nj76(%z3pxi;t)(>#xs~^viWE{!rT9{r&m$R_uH> z#RvL1KDL*g972@Q$WYTJWsY#fx39!m6Ho)Sn=F$)(EKqlvg+ef%0eIW@u)b_*U9=odb&U z^3d=XDEQ>8WQuo=lWaGvH}gg#@Hx;L*>ABcLy*Baqd?3!nB}=#cNc0z|7rcYt&!xJxqgwqSPd|ZO`uED zmlTOZ0!&t~!(i3B?H2z1?zop$0WA6Rhk6hXcil$D{Pg@(yf9pD+fY;_MmS3e(kaqs zn*T0Zfu!ic9`R)CZ}_L z$EG$Oz4vrr7IA&XMZ!tgp1b8nPcUCkmr(yNgX zo+c;sa|viAOw~ynL!J2)%x%KRu)7BoP7fbR9BQsiw3+LY#v!bi&%v(J!JL9WheCzF zJcCOG^MN5uS%(Me*Myb-1;;o}ufHv2Qxy5e{@_GhPQT1^bJ-iVmKH%31+ax{^AxeegvQ;=jX;@ijn-n0?jJogZc}KAY9Fc z94#y?b(Ob;z@ zF>55%s%?;4%T!d$65aZ#8AS651mcizQ=#1Y9`ZA)qLu{%0`oJ|czC4jZx{V`kp(iS zGIoFfK4%dp_y~{DcQf7)Ab8f#zZ{?s1S<4gB!{s<=}HPA#F2fUAQ;i{@lT1dLB}VA zm>`jwzzh<$vUmug9@O!HGOQ~3{qaw|KXcu;zOfKH0_1*9|2}hyqF}H@<=|lPdX)qI zoc#rV+jU&-1^67p!SEHoONvh=487>*Ya|YA+e{rGNuffDkD%027t4RllZh#?#D090@;>ArF z-+^PuVwt=gl2yS~Ei0oI)x)UlJ91pj$wqvxj#T7*-~efQ>Y-Rv0IQAA<8QG30Gg)Z zkuiWVt(0UzO-3CeKV6s&k^>$c6zJ$^7#XW!k$FS<%2GFr564Hx#p^oK=H)dj?x4W^ z2?z*Xusdi2H>lVOl4xjkBG^1RxmuCd-*8bzv+kmK0Q6yTVx-n%n%LOT%&>Xl-cAau zl)xrBK8J3smq9~e=lv$!Ls2X4!|?*q9eQ{KdEF@Mfm9bxAn@(SkAkt3(2(i#LAgc^ zRzZ-IunxNf$Baf2q-cp`@I94f}}`s*thAuHL!Xq@|K{@ z8XeNXA@IY)>W(%W_c}2^{~THY1#nJ7qGf&#Lnl;2jBa30nFQb-k$Yi624u=*fJe>)Qsrwk*W8|d>Qz80#eRkzWo1|6Rs{+?n+pHs>} z#YUG@Hoh3StTV17V{?Tn(RUPZY5K=NkO3)+%aSid3+m37n}{a}&pwq*Jhoy6O>b?n zT42l`LM}upeZIrN$Jf&R4jn8mF=TGC3k!UD3ZCoF&B#uOMlC9K`=TY#H0QRHAo!5V z+*7a}!YL9`IADe~Ts?A~wGtsZE@)w6B|NUMx){wIHnCQe9*K?ADD!@caD2d`sIXPU zLVN{#eSE4c3CkJ-Et-QuPEM}B=kRx!Gnznn2G&T_%MRuOQkY;a)-rJsMUd-Ztgb3UR$Tdq;N;7XIaM;1#fNuoH9Zp-Cf2FXIAx}_^RhS_R@NkFM! z-cTxlJ?i9n1ulz64TJ#MB?`9Vjk0K%hN205S8%->=MYE5L}oIKSaY~IBo^E?w*yGY zpd?K?J=Je2A{fs1;3V$T-hJpTS{?}+8fu<=Wb1ENj36Q&;{2Kjgi9kRhS}0a0ll|s zp|I%07cXd39uL6*5~g7pjIrTXP|9^Y%+j!%11t|J;Pfbp7wgo^07a5DZ=PXq(Ikm$ zi5L5>A_b?-F0vtZlc(Tt%PiH9#=_Fc@m)A~P-vaK*)j~@RT0(^~W~$hCzJYAQ;;b|Ra#pw;Etj^J%e#`)DxFlvu%F= z$rj{ZVl*(I{=c>BRgRsYHyymxZKpZiTo)|U`x5oqv87JkT~8lQKjIr?l$F`Bc&)wa z?=(PEnDz>?KOA+HuWYQ80n|Ds7?>-Xr^dLDh z3#LX=O7IcuZrslMOC9Pye8N6t zW&$rs@T1PYjYu7mw14y>&@w9BQmdJ2`EnwzzlO`ed3FCi(&C?lW@n~6JRvys`nzm$ z_Sv1j2;BceO8bIe;z=tnt!Z5)WNg5?%2YMkEkTtvF|GjQCF-BEx+SdAvjaH^p0(|g z3>esv2djH}duk=!+G|-B=`J=K(URlB!G*&L;HM=e(aY$ft9x5(Xj!W1>R!(j#DfD1 zT)+HqF^M6pOuAtDSO6S$EGBvU$}zMgSsvPO>_Irw{A{H|lYU_Ha9&?KN^8&KMjDj==5jd>Sm# zi}TNn7Tc%(p1?cF9RUuw9DZoB3ox$Ai)wzq@Tn$Th?bFDczg;S(bh&YDu7N%V2{H* zrXkPn2@zl+B)#8WtF zVvr7V?xK3^__i(_66k2l7vgh^roKpHs+!e<(R|L{2#9)vcRMUfC^81Os8@vaS1xS$ zc5e65-)na=AgB?f~o=B4w7T>nJ0AkL(lU^VWI=N1g ztQ-T1ZuX}6E*)+014-!mdWBwcwWOwOkjU`Z__(-V9R72Z0{~yuZ4oZ=rXSh@Z(9X( zJ27z=5ltiCKca@fXlXkV3Osmn?sLH`S2DBX0mc`%GeMG|;5q(ZB4iy8fPoP-=V_#Y zgbLfLtTepgI(#YFF+s7L| zg(W62n~0uEqdPwlpJeALF`eMdPZ3pm>X}bQM(FV*_mMkTMN1otP%mK!!KGRH2i9B5 z%#*}1E!%1drN{^5r$haMKc`Wf#Rn;=ig}&b1XNXYw~jxL_l19Pp4P6-^H4-+7pAIP z_!%gO--Jz|u09{J9|0Yr?bdy$4<{d~D8r-g?etYt$YYuMQ&B`3k88LFq25kYeLWpR zx?^`Kg?=4R!GhXi1WIpSPp@_Lg<)8WyRwUB5F|5Wb!m@g?1)|&C_qMmu}A9|zZ~o= zbabPsD=CpNo&QCIn>H!xBQM9JFX$eWb*=`LSJ)j5zhsxUwkph#luK zJ+`@krWD`Xo+GnpwWwjLlh!G_@%7>$JmB8K27s)tP}S9|Ihw^cF_>)%j-;fw2AH~5 zXEyn1^vec+8+0Z`J9j^NWTRs9l|Pn7qEgQPrDA~95Q8Y_m$|ZJ5es|klHCkCK05|i zzR<&C6@^0~c=RGSOxe;&WfC1sJ)`5;_-Z|dl~$N#>`g2He96B8bf?b+f+_XuMTwI+ z>BXj7(rX7~$Kt{+;z?+yv18(nrPlnv!3@a-8E;E`5rcb?>L;GBe>_EOXQfgifyH)6 z7P+_++>IqKFD>n(Jq|OtT&|tH%aZ3Hy?SF&OmXfk)=bKV0xDx{Jh!+(V8Hx5A>(y16QRea{ zx65pqEGYxSV7TzJRdbmB%yHq8lyXSXSdN>6Zw3<7!up?3DvGXZ<|aN549L%py1=cO zEOS367;~jU+OEl9QgB;YeXSBVPf@{tL61vd}z0pRQAodb+26IXA4l!q8S#g_S zmw~amYS6E4>d*+B9ML$Yc3BYUh8pkoN?37&(anp+XZD0V;CD`e{RpJD-sh`3hcu z4f04T=l0jw3SCwXuQ)}(|}D4`zs^>5iTJS0Fpe=m<)X4h%Hq03p`MO`Al-* z9okIm*^;WJkzi1O+_nd!IUhnLT(Bbnt^4iq!C)8!s;SEBGPZKl0AWf+^t;IH@N! zj1b8LGidc5#jG)ESjl&u1N(|vA+W?xG7@pm9xm4~cFqY^C;Gn+2W*^eGx zHY2m8x~P~uALYtT@ZOcIzFBBu2JPW4hl&H8 zIo{^yD~Cd`k3e{nu4ItD=6>GpeNS&HPcot+!|t0qs@qw_k~r03xRgk94o>}PT(qo= zbaW8%GWbimoIahtHMeDf`2i|3q{xjOJ_{!}8oJ9~#k35)}N!v8Nr)(wiN?NmoC=_Aq;Rtmj=wBk3f^Lgq(Tu-D z*Kw795)Yl#ckmmARwhso2LhF6N9@X^2tnm;RphV;lBCIGnTa7mG!g^+xNCiFJQCw# zWirIHpb@CM7<4xutGY&+cBe0DXF`9;ktQ6>`0%l_l9OF;EfRS=!^Q%Pd>;biup1qt7wO^|N}a5D9HIM0X4kTH$s8d9>tbRte&wlSE}h>E zu0Es$b7rP!&@d$+0JjjM=d2=b+=SIk8Qnr>1?zN^P}TpWiHby9q04iyv*VPME~geT zx3)F&U2U0B96pX30@Dtrx^o+ijnES^p}KGXs2$)~vu>T8g?>TH&12VJhC!)GrCu-6 zr#s%bTTNX1s{u(_tXw->hHf@QI;>~Ck0bS{3u^Gb}lv#P9WckLy*Z_yj| z&k5@0^I?CK$?Zfv3N|Q=fR^&#VMd*^go<|D{?0ZyO+O@#h1#vDJ1=%@+yHS}7UEzs zb99NNdG)+1Y>IL?NRX2E zVTIDhkOFmDb{hUp605{5;^;|~4GWLUcGJ=N4~)}NyH{Fick!c z^ggP+h6>R8dT z2V8_xJUt4RA?T|84Q>T(_byq|-1^>h55wFD?l?YCcGH=1d4~9If>d-vz53Q8O@%jJ9)>_ZWYo|8mx2M#P3h7V3%jy)eR?6k8<+8 zRdO__a|NfhnWjruWf6w^R0k({_`GiFTfFQe*nV7sN3!Iduh_Fno`vp2>Q>-O9!!E&rUVtb+$0O*<|WL&Y#t{7w(m2 z!lRcJY|rnDkFUqw{j;mtaXmZh&L7scJw8?P4V4*DB6lAh!uRzW4|Du{_RBQP*3P9$fF4IcwNp7uL2j@2A#9_9W5)A@o3kcn2S-SeqLV4 zgpXJ2>o5hOtVlNO2(lo$@2gb^`$xPLruxUBniNQ7Hep|F5XjPdeO@^;_G`m6=Zw;a zo3{-tormS-094=%W?%YAOf6RZ7QQdfeTN+o=xo_j?U@{8>Z~PPc+t+!@cgI3Hq6>V zj3!Q~XBBO4+{(D)Du*~enuZWU!!PNcm^fiVQ=N#DAlmt3Q-XIwtFhnh_weDZeIgP8FC)u54yany~Nx;bj~KuBqaR_8s4u0CmoyQ z#iUnbkWG0CYWF9PhTUAm_h@<^gFe^6aiPco+RiKo)d)!>So)qjkql!=9ez4|LNrN*Kf62p9VI0xEd`={X_68})-`$6ttw-hP^w zo&BSNd)3%^Xi13TD<=Q7x3`FT%}m`X3xPD$?V zt$?jnS^(G|2S3x7X?qnd+67Y(Qi!_GeBllc1bU6KSf{3ErKb-*A6Bps);CV{_-FX% z?994WKsccR*MrfqjVdr)W1#mX4aFuO6>HgjSu| zKi>LYXo;(2A6Ie%99>|kxi3xw+*s@RFZ90_25TB@M&QZKe~56!vVs(*E@F&Azc8t;YL- zD1u0zYh^odHJPk3F`+!CXQMjD$z~N9;nh@H^RVloXQ7+l=I}(37GDSH*U@Bavu&#H zTuV)pxAvo{hSEo0Ed(G~acyK(uuDX9!ZxJhy)&Ses_EYTYtdx{;JqZ;$&qj!%i{CS zTn5(|eWv>rpd$p;I5cN%vxDP1$AsQpTxGEqGd5#2NAhh9QTM~(;(hj9AV1>Q3on_x zMF#Q6xBlb`A`!8pk&i^6o#aTb{f5N_L4B)!=L0

u-A7^*6J7GVp0LYF$*FTZBl3 z0PL0Dwb&!6-j@pMv4Vreg*?jCW;l`L9|vP!kJgbRJ&DjJ#++-d zx#k>W%=>q*t5fgMs;;8x(B!%mN}S~scKAgeL9&R$aA`)Ciz{7Koo&%U)VY8w*{$`A z9fC1{_DKJyw^g|+TFbmDU@a)gJq zdZCJ4ziEHVjBC6ggVcY2#mHHn<@)*XyUoMzfNsdIt{E`lxz!ZCbdU%YG<}~i+89kE zsnU8Mk#A08>b9I1XtqW~{?54iCp{s4=(<$Wq zH%pr)|1Sp5w?4bXsI06qNY3#$p=nzGr&w`YWMM?TPFF5|;lKN}mo~&dH=0#j7t56Q zd`lNtzkPnpTT};7`a@yAZf0=wkcY3EDu@dw)E(v%wBJMh&gS?`DP@}>$f_@b?5f>c z`N7$_qM9=4e&}X8p<#V)f3jwWpyOiw%m!g~;2pMeS%y_8pHNlpAzXp0bHa~onyuPm zcRLY5Kco;MlUX~jvcs~a1HYxkh^k#Ih1&(1{O35ZOWZoQ>@Kbq%;PW}!*R3fE2uC2 zTIdJFNy6@Qg{C3c84gc~-v`*+Ju2&X3tC%FWNLd25NB2YJW;=0-15=-ptpMJMD`djvTe|Fikb z|2@7fsMmr2uZ_+B9NY@qTo)CE8UTQqEmJE@O~GETdL+CKwDyFjgdY+ldug`ZPA=jUdgRi3cnR6gKIQaMa6=KMaB1RnDAXs<)e2HNfd*bVW?Y=q0vbjqdSzc^_$ESfHtx8S$fyXxQ( zWX-K?x=6RNuQh!4u}NFB4XH6TP1>fLMQm(RT3Y6wPOnxm@-;a9Q-9mUQeD}Ne{&@} z{U-v&PKHhtkL$T5uiN|Sr#5n4?6d@nGgj)6+QdSv)vrfs&pz*`5rGfLixBc)CIyCJ z!mDNE&yW;(O|m#!C;z_WgQLrh1E7ge|QV|5GE+ z_wQ2sq`a9+8QsQwZ<~3ofXN2o-_tT@8ZVK4sv~OsuVSX_(TnWBruwsA4#ZYfSB@LA zv9qVIrCUBIwjeomT}!Lsc^hTZ#4A@`Dt*SDjxd_EO&TC9HI$Qc3YjTqzhSXSC$6rZ#q2(^)c(=M52iVGLdR z-u0MgSAOmRVsdEYz3(i(!8xak>I`Xr*U6VylvoC83C1%CA=l!`J|7`eM`S$0Db_$h zPwtB!vZG7BX^3|%^p#rp-d1vzJ`27&>1XI&Mqad-x%+y&Nha?Y1 zpUJSf!lt&e{Pi5+Owu6NS(Iy4AlIFfVpsqfdSPY#;lEkm(y({+*2N%E*OY1nE zl`=A!ZGG)w`?n6#Umq+#$KNW;*MsFSE93GLGJ^%>_8T2mk2;@E6P&@RVf`o)m49tO zdim%~t#YW>B<(gBKiptU6J^4Do5bMm`;k{+e^;7Yu%PI77zdF`LN&249Sr_Jfo3@( zjQU&jZFH_~(Q`Heesk?%zbl;Pu-*EQZvk@~}XZ;NdSsx zwMY2z1-AUQA!*Iz%+_D;db5uWr0lW)b7(50PUi?O{o&tM4nXtHsm+-OhL($0%-)+> z_Da(?63%F=ky^$wgHFM_(ea3ex*Pw4+({#G30$uMd#MvD*;d{j*EI3bya&^_jKv zU^uI6w?ko8JkMI8k$~N_mmcYkAA%PO+90Fsi=_+VB(7wy{?uU2sOzq6ubgbDem?dA;T=+6;svr3-5ASy3e*FquIL%3OK6Ldx9^UXP0ymw z0JO03yrz0KNt&Y#F+J1g^ObkU4Uv_nG5AB_L`XTqqgEjB7$wHj{7U_m2$-p_04Mho zrUn=6(&r(6($)hDTWjrp&`38$Tn;-cW(Rjz5q8YC^@R*oUthkj7r1pwe(p*VAsJTIBF2SU(FEY~BT84N|q*+vFhe#YeOQ{`6Dl?!z;2-3~4 z*$ygEbQco+7O)#~irTSL)f=tY59YE4e@$WbeC{Jj_F}AREhpx?@%ugfx01XgI5Z{2 ztFfqN&84L`cVLh2IVp;M%o^2&Pie7oG&Iz;>e~tYcln=%-PJE3W(OhU2k3?(dI%`p zf^fiNT&l9Kje<7U+mM&-v)u$FH+jtNJ_p>+wP&Z$Ay1}Hp?C* z$Yle3MX74>S{B{%kId*8pEvW`qN>Et(6HTm%;xQj!xiH1;_U)#aauvp4l0%1R(n-T z>!dJ83@b*FZ88?S-~wN;`42YAEPu|uYM@>bHYLF7x7*d{vjiptOvgb-3g!|P6C>39 z>}(WBVL$JYDy<;_S+pChZEMR86IgE9;>^y^{}r@l&10^n-lUI})70t}V$V;<26^T? z9Ci?EoLU_V!0)V85e+tGXLP)lx~ktm+Z9is1Pz*a`&6UG#|l5R*Fr!)2;+kRWFV!2 z;JVkm&;96bi%Qi( zRMtOJ3@{c%DaNa-*nD0x8TC3mU#&OGAYRsIUTO7#0twQb^N~G!Gpe$B_ZnJ8up`ss z)A#7<2PA>4>Wn?;-zw?NtOA4glHl7}3yf^x};4 zqGjPJB++z`P~wM&ODU;Ke`(dKrc0M7%8kj&%Em;?fgFZ9RHokzd#3?>mvGD^l+>uj zvh#W+MjVwXmx}E*C#{$+ca?OmQyl0GObYQjvLEr*<5yR#jUt2GW8tQ61 zP@MQ@jA^Pd(~i+we53>|)!Lv*Ngr-OuD2IN)qqr(?XDoI<`3i9yIPXnaBj+vpFc8B zp3_TKEWdtLn4IJrjRr9ydN|%SJA$E9!gnpiWAY5OJrCip0e=Oizm$S30PFfbN@>~z zClm59KrBZLT*`xBC|AW&4b9Cc+y#sON0q?kQ)OAbbhz~AMb_5K7?E+wKgLJGH3&Mv zQEmpqKwQ>-mTQoG;YyE7LRLKpxgfEBeJVl`@&6mw_Af6gHyNF=Q4rE2T_a>OcKdxu zk!NFWa~0gK1FovO`S#4i&&<Dd3iYO9#KY(V{A?o@mxxw#-(Mz^%ah9)aH@eO3O2htEoNY?^``yk#!h}Y_8 z%{l*N`E>+?$j)8JPop1~P`Uh(pXRJ_fA#rr0WyPRBV%S`6Sf*ZEbD!*xf&iCByb(B zjn5@;=zgx@*;0y>2NsG5T_5Fro~Na6|0@5dho-A0!Zd)4sRzZnkKCZ&JVInnTRkG} zAcsENKlM)HTq_z|=bgt}pYLlP8*V(*3NQ#&KmUP_ENSk}np3nm+?Eyw6Aa{^UY_0$ zm-|{2rXx|vI+?v6a~^p_ZuVbDB&a~G#0Tx{^JkYV9#7w&O-%ogmC4+sPWI50 zH0|^}ZOV6j1C3fj^}5zZy^2}o+Lz(!nSNR6VW+kXGm5d|{n(+u)@mRqM%yRxp4@~z zeSW@?Wok_pgkpHfpKT=pV@L7P@XGM>9IJk$rw<~$`fO{(yhj?3So@3BfE4_79CXbk z3&|6K{q-Pyj6(Lkx-3p&^lc`$RK!B%yjs&nHW&X}$A{DOxQ5QPth4hlAg@1YlZ=f< z;B0VYroA~>U%!sFN}5Zai(_-5FsR%+2?= z@0deV5)(nt0XrurIUC#L@%osi4w0SVAGAy>C)Es#fMeUMfw{y)GZ2e^p+xok8nLV3 z$;n91$S8LZ`^wr>+zvr!f}0;+N9;Q~6YpocOz|DXD#6CBi}K8f9>q#$zE>fusF&LZZaa>UMI60;pcogNE+HM| z{@rr1-|+F#5#nhIlnY+@L1SG@yqE;8q0Q6W=JtDtst8%BivUYBczvC`Ob2NMyN47v z=@(=WNQX5LJz|KySz~>Cc^-m#J$9SK*G#gkRqfR=gv+!a8WtWhWV)ABae?XplEVQR z$Hyys3Q55EMCIBYS2kqBnZpxRznpDGwKUBmjGD^ax!xBU%ih91%t}X=G!%sKH&-{m z34?I;N7=g*TG*E=3dwts&OsQ8`>#S_^x%X4x>hB zd+eA(c?0qTD65%R0UJs{_N*lk|28{-4ybtzX8pk0qwfsR6UoX^kF-aA3eHao>IIZz zx}xP+wDJGQ@2aY+YD$AWJMUnShrzH9=Dl@}8RY18hm$|PpAf8DLwODQDw=Y@HK1-u zHi0E25tpw(do!^zUa88I?&|DIuRVbTvobRiOsEo(oUG7=n@7$Q8{s+I`8^>vwrr0I zl)9U6c;bXQ->8}Q6G(vz5z%UQ9pRYaOgT4zYU~(Ft^}F1qN3>-`d$`>hCq|OI1Ev}?P}s^bJQzEsR6a66 zIjB%R6xtY$;^?>@ro7H!`2OC{1-@r)UC=cd7&@+9_|>>TEz0Kxq8T+T7+Y0SO}LzH zGK(}aGEN?xhlv^YMx)UJimn~bDBK+gCk`DBBh6wMA3Pca!I~~HP6j2_PesGHFRDB{ z41z(RjZHiwA{xK9&S4V2A@Hg%sHwnx1jDi#gh(D^HFHu>;3PFyuhQz1GqOT-i&x;2 zl5(ne^038~f}P7{|v%-fE+u`u#W9cQGo}#rRfxt6Ef|2&2g8Xb%A( zAvRcEykL8XE$EuNqhr?s2yitc>sgbU+uXnABtUTd&HjMHpT0oj>qMHK;Sj&~-V=zz&7Mp(^_Zekkr zRKOG;+qzg~I+`AGZ@EbQb;>1I!ycq}w*y$c#3K4I9H z>bXKFmR6mkg`5b3Um13AS1%xuh|uVs7(k{J8oF~ZAcT@bm<)SHs&4}9oD2<{0@IIT z+h`oW4B8Sa2pzwSk5Q&t8@4RPpY8u4cAb)$s@TiMSYw+|Pfot~w(FZ}H;Eizl%FmH z6c>c(BA*PDqJy<@_Ql^679yHgA{WyE22;SaPz*z{5K8Jeo)i^gY^RV)cz(e|-=$th zn)A`2Lku4aqY-z(-Gna3~)@2Glj?CqfRG;6Ul9ouY>clzym=;JZq#bN?A4q z7J&*_mT!Kxo6VW&$O{gHl5Q4Z$)ZSd;_<9@21ED%fOyH2s;-clCn6Cs!c4~((oI~6p6QDTgs;+e28!d%dpH)0*~*4OtBNjIZc{`2ItO<2 zBq*VSAYs3G8sz@bW1{!h9(o#<=C~wz(E=+gVH<|;@F)nF(xFs-I1&V^zf`^gCr}g4Ya*`8 z%8p2Nom8c)zEb(gLUVym_OEDxVqDG1Nr$<}HdlJ#9qfG&i>Sx`Rd78jA(3k=xvhfm ziINK&t2{e5D!JkdZK`_U?!eQrWMn)nLaam%Ecl!ZqOy^z z5E}L+1&?FfY<+Av4pvH9s#c*XUWV5ouXErnXnmSVkqv3I6pCY2&P(20UqB}L(mO2m@vn*dLA1frMB<_D_sK6$DdL}kFa^fD12MRsJ0KUwRx4Eqe&S3Tt1{mbh}s>m z8fJZ9yed#VM&d(b=jvROH1JJKRBiG=F)@j3ricoSRU0?Nl>{bG`q_Lq1Zo5o1{EJi z*5ND8?IB^~oH*)KBXnGfJ^hk&uv~x2oE*t>TY#WA(m^P5z++;bD zz;a+$#2g(}Cn*=xm*vDL-$od|5Kh1vC|)HT&8NA2LHK#6#PZ(N(g5iJXTNX=jeE$+OqNrnwwcoO<;5ORvd!_{oPXqFfHHA0`Z?Z%Ph3Rgh~ z5hi3HbjXDD--mE#+-3~z7_iT84Lz@Zzny2G5`Uj?As9z)t|><|O)$}8M~$ZXc<@#ov;+v?MQy`Ca@Z=| z(^_5YWc*IBRw-S=!BjhPRs9+adOU+5h0zKTFl|gT>V^MEXhcVkVZ{^_^n$>Ll@;g? zKB*^y7e0e3;)ED^I;I++an7L-p+^{w&yWxy0FHr)>35?yWfmUMEC{A9glK3OZMM@{ z&le!U$x}1XK*RXyIzq;G^#xT*+oI0YE~tLccpc7MPY(};5A8eza@EttA};K`mj924 z^T>)A2~MDk75KKIMDMYN-d&)Q$ZPzCG2I+f2g(akA`3a4Q2WRJ`Kre0*UYd|}05=zyKV(oR*!UFR6~ITu5B6f`X4E00Vu_QjDXy&yIy8=R3qfp)e?@Z>GeO%*&r}5d410lH?_>E;HO^Zk$exjj=G)(9@z0@``lHHgwQNh-1c)-(k!< zp_=*AK}ivO3y;u93ePvl#0V4w(KssblI9p~VP@%KXNg~J4V*nJjGa`y?Cr_C<22A} z)vfj1Rev}>AP>qP?9vs3Uqr`$72hD;85wzsNh4<)6Q`yX;^V`3&i{z6F=3j#XfA>b zD}0Pvh2pxd4XGa+x0&&PgR9_LMB-%4XX2b1@RNYP{Tow2-&_Y~m~f}E_va5~chxpy z5diNBw3Y#4^DrLGXq%DEX((ywe;E%+Lz_eYMSCFIhZ`DzPR&Dm7|rxgFH}>Lv#_;|xf((aD&R?GC1r*sd&0j2e&7Bs zCr6!}1#@k)Y^uuN&4JJAgi$i1^yB5_d&hj4Y64kY^CgWbpABtT5>y)&|k7$$l#VtIqqPoPOAn$2nt@b`+}5tqcZBY##EyoPwOk%7zJs z3a)G@6a?8qw2VPq!U+SznPrK9PD@8cob1mR=s@2YMOI>s@OVQ^>OSs=9G1vz?KGx# zQ5KaBPO|US;L!kl_n+%nCd@843atIsdg-pV}A%%%877D#esQg@mi>SH;gD-9Q6qi#QsiH_qs)pRjj%1>jC|!X* za#oC~c~pI(D1VqCJlsJjl@sl%un->tLl};u+1A#_Ps34T(kkhL3b$RDy`kP*v7mMJ zMiVy^jP|OzyKG6Fd>^X>0%@FBDA&WZ;CfOhOmLR(=CUQc>QYKNa|+~^Rr1;E#TQ$a zT)H{U$i&#p=hlrrCT^}6_Bs1&b2moKM{t7?9@+{vi;MTk9N`g}nJ{4Ih>ze_k{h`B z1b1Gd zsAN_nB=bt*M?0$GqgH)C49=L1qiWICpic)|$X~(P~1_0lD0pe^bsSA10%zoqpbIYCr)9lnqpJ?uPYs8eQW9>mmhq3EgR+@Q7d2OCdFR~9o`6D@4alq4sMe!n6o0Q{8>M?MI# z$P8UudnvNMIAo0qSXpCLTm*eA8MGh-glM{wn#|d^v8{D5qa?x8qL6sj8i0hg36K9S z>1X-?i?H|;HpYDl;RuhiWL{ANayE6L@b1pQnPeNfXlnqPlOjG_)dEopivL1>4k@U< zkP>JO4G5Y94SXh_lbuOBsMh_1a4JS8k$hB_0!GmeFNQ8hS4o7H&??x*!15DLgy&)( zSU`q&Td(}jO9;Th1qI`}SgYeZs(-u{4Jgfutl!s*pf$3_X*S#e>|j|vRQ7quvU5^1 z1_f?U&x<1A6;!b%i>=YR78c=`b2xrkmG}~3@+X4m1;|7p>P-hWAVmuxTP<8kokc^c z#>XiLh1LsVk;vFT#72$@rGkQeh zAS9-wpm=w}0mXUE^bEwY6@qH3rq;PZ zZq6mZg)%$fK68bcy?Lv0L!qdH`YnMs3K?=_Vyw(1j>RZC@Jq}k`0*MaKgtC8543KY zo$T|_<`DlpdfHn|S*TR7gz#*Nr%ee{oi9M~a23nJ3sB5@H`!31pZr4b4nJOeaa+H` z>10okA^U|PBq<-h9PEu{ev|E}e!sXF@mk)pIl;HzDP?zs3lzN0le@sp=lNhu{UTzQ z90?(`l-7!lIXlfPrX}T~ilHu3AxTE|fT35SVIF9<41$%EYg)jJpS;MGZHX_(wi5$G zVA7tbPZ9`3(~N%V&$TRK9W~U-$!v2&T@;Ox(Q^(+fsnB3s6W$0cdX zPfUzPo8xU@xR{uo1eejq*}`yGFY3j4!h8>L2grAbEdF8)hqo(?h*)c>XWhzq7JH1I zLzP2<5Z_M`iB_WXP$_4h?|VP7|J0n$h+r-jb49r!>f~vdM9lZieTR36a6N6x^G8}t zP@FJ@=m@T%vrCMMe#{Dtq9|spy;eho}@0T#MkE^&i?Lbm&Bdu9b^OBAM-s|Zz-3zB)}D%b-OUHW*%=_k~=0XW+zX( zIX2Q)VXk;fF+g**n33fldas87Ns)as*2&kg1ndsB2rB6u+{}F$7>0N%6-FD_ECqii zrX-cOeT6>=zq)7l?skl$WwN=K$%x2mP*4vrsM}@&hEQVs!``gk2YUHqNHCD;yp7Es zMM|0oNAS|*=@eQdI;roVU~ec|SkBb~>r)CgS9tSZ_u(mw(}T&8_1=7ok`q&j)sVt= ziHZrFHznQT-TTc1e%=YF&uf+kAoOxI6TQR1bDH=CR> zs)bXw*a!SY9WyfCkFH&J zD8hZ-8ZnWFX5PC3$|=ZQt8Z?qo&YBK^bYU}M5Ik^<@*4fSM{}Xxn}0D;y~(s?t2}CyaH3pCIK`UQ#z;!& z!dBz5i}51sXQ}(v01E&2LU)FD-<&a^Y#xR}QG45Wsk8dg$~$zfdw_EGsQ*_4iS%(BtiVzwZ3i5!QFjqA(6F3AkNf zLWN`glBgr5gPoP=IoWxZ^yIsSyqtQ6$xM7ZxJ7}!gnhc*`D1f$rPNwBG)!Phi06wa zL!!U@aBfRZ>gRLy<+D78q)z#0YNUzDktFc#XIZI1<1$t3w5P~>x%(z=|NWcVcG;!2 z4b8ge+0ZzLNGHEU0qyEj+7`ihg;5aLbP4`ubY28X*qa$bEDB+k=x$_oNm||H++?!a zyhsmcYsbJL=po_9w~e0^@t4a|v4wwXlM-INiNSe#G~SwNyT9Vc4@0VAG0qH+W6B5# z_^4)XaD7(Jn|)t^Jar(+0{c1}GfGuDEnND%D8uzgl;^v%N{EK7z}e+}kdV9NcVcyM zB~+nE&rSZVZ}oo2!d2eqr@>@TYrxY$`$mVCBv8)?!T%tP?L9l8G!8YN3X6FZuBvk5 z)`KNJsQ7qjBKqJeH!F48&aEoDH06HPeOxM?6M_%@$hJg87IVEpM{- zMn1usbFWr&eAq#_5^t%q*jyKDJfVjR&tU7uv(++jp0EnCH)#t79ID(V%D)TkIjry_5B2rBTWUsCcxLjd_lDXFP)||@g))wMB z3PE_V*dmZ;(jShg-}$l$dhr4au@I#sTHjmZchh0{P&Y<*Vd`;G8pgztI-yFd)0Q6& zPZrZB{Wt}9^sqJ*?SC)Ke%?UK%VZ#vEOq$rk=>8!ISy>UM!hb;>> zP$h^OcM7_YZRDq?1TZ;2NbZXNsqh9(J7=PS5OP^sc>)6W7>|{E@NuL+Bw)`hF4d9Z zJE9nKy99ms=D`p|^6WidfD`vUUJddmFm#lXk}y8GJWmRT+aQUg6@lyacmInqk#62_ z73BE2X`%ew%*PFJpm;~w&qL!*&L*t&6MUyPUY|NeVD9$Cf_Mqh%CMrO^eQ)(-x2}=DDbBUdn^Q{ zH>=y%9@va>Lo`-HKTe;Zl z%d>|hU=fxZp5-6=N@#X}ZMB(t9M$W2SAXt(&6(^C8mwxaoE9vn20|FcWxfui=t?SM zcEMp74G@Ka|C%!HWS4M-F+QyISwx8WIB40f6R8HLnw1H(m{I^iMn=yM1V341CW3I9 zy{D(T(3Z5WUl_E%Pf<;^fvebGGnZU1q4)4dLeLs&^w37bJs*5d4VUdUIcR4DZ zE@ez4l*?T5e`Qm&E0Y?7$4RkE-SRU~-)w9hn!f;@+apw(&6y2Lf{3SYW6M^!&S8oT zhq1S`MT-OQ+Nguu=ksP%HK(a}{?-M>2AQV1!Rl&SI6t0+Q|WkvPm{r8qmCMQO4#_h z{AJKDNl zhhF|5T6E#%tv=3&Ukn_ba321X@PyeaKyqPmr$@r9bzYO2pV{@IGXbx+lHv_f#P^li zpS}it-2q{tUT*Jym8}ClyE=o1TUMDF@^L71C4KWcl?~TTmSVd=1N#tda=nlh40EYA zAA&`CYB4J6%*VFe_uJpovP)GVk8kde-`f_6E@LP`b!jZ(;S@JsNnjC;@n3Yul* zCw844M&-8<1a+-f>2F0|Tazy8hb^R8UqDky4-?4{@0GIyU2y*POZO@$o0f9(SfooWsP{~)at;zv(^c7403 z3laRR1^mXzoBi6b)@5IccDoXH+xoe6Whpbf4w%0RIY%>l={9i_n|3BkDxR{due}dIb8i-4` zgbf5wqTZTqK%dXL?uJlNPM2AyxvwSr%i^Ef%v==7%3Qaz#>w8(b-k_c7Z#zWE`H-y z9$kdF7jXoAf`K+|zs?$cTDgIrgkm#&JM|si%z1Bz(kAm(ET<5isnTVtnw3QJncXn|Z()sIdd z*v~UkV3NoN5lOIsQI|5AWwF?p-zc}cFY@Pi(h225m05xh#m|rIu!f;F@YEk4T$8og z-sg;JV_R6+k{L1-nEQw$^RkZB{K|r^W8a*{$EDEJYC>B>_hIsplX@sLy)qViUDPWH(^ zuz~Y;*0gjr6*+9++;zTlEyh)%Fj>TZ-CfNk-%R>!g|9Vs^ls?Zy}L3^8YwJp_z(9QA$)zDbdJ&y$s{n;@i?#5O;3NB7$?EG4y;u zPl|JmrO$3ZAMfDObvw%KbUeT0$%@WA5k8&QTKYKjquK0!lzaefoYdK89bLRC_rAoL zl@SXy@qUxUZvt@b%FN>Ab@^U);p}X~QY8FJ^P(g0m=bidckDBR>)iL;`czY5ze zu&S%o9FD<4qlL8;SLsFoCGXS$FTWpKvG?wsAMHUN)O$XsK&dyu+W~Py~k9KiII`U7!em=<=!17DFQkeqj?o$ zWR$K^KgUBDkW!{Kb#hp?$f2w4yp7i1%qgTd18*z5t@}m!p8IYbj^U2ZzBRQq0Vy`5 z_`91+y*VtA281*!5t4_C69XR_oyFWh!u2;%wktvJ)mGay46WTL^Lj+z#IUcw2p+q? z@gU5R5D@m=&T*YJZXDefc^_DbUljsJ2>FUgx5wnsGL4Aj@(8j-9`B$R6c=m6sCIIz znQL3LUB@=CHO#(kB3k!Tbc-L98jnC>6`F$4Le7$J<`CxaKOb9NQ{dmfZ2TU8eb7A8 zf9!*FmsqoDJd;Bo#|*K!9bK5Ucl)Eu|#KsU(__IOFQ{VmcgVF7QA#H>(l2U<4RFF(fhgxrL{><`ZC3 z8lY<2g`tc@K%Nuo(r0gLi(ZjYqO~OIz@(GwC$u@#=4b-*xdX9dZ3iZjM{Q?l;>@X5 zGDEEA3l(o5`hZj)ei=yy1io82Mn z2(9=9p)BZZJ!u)_mg9XMTN{wQ3C*R#&IcF>w>m_aoo5D6B?sNwqb_lzC5N`uN86Th zHL11A2ELB?$_W{!s6yt+3x8sz)|amngtqWt;QX~--;X4&iS(tCjy#tH2J_IPFO>(^ z2ZjSngVV{aQsE7Bf2zmeI62)ma74oY4j;bJ60=1^(^_4bFa*9_O3hcZG6Z@4ggwhQ z6786~TN=7D4iexN7Szp9CA!(81+Cn|s7v3zWA`@{1{_)7$jet1AYK<|;;)??jwF`$ zd29&|pEg1xV*e<)d4@v6{?xC^34taM*!?_Xj*8f$)fISv0JTzb)CGZ|d5qliqroQ9D16Fp7;be+vA=fI6@Ao5*ymlX}3AI?;ILxve+VpU`qR>wJoVbcdPAT(=W%d$|q@59$qPL zn5lux;$Sx#ogDwJv_uvvMMh@y$p8K_TjB8_4x~U&^>RYu3rSDxa9atd?P6`!*&d+V zTSLi_^ivtlw(+`>(}}nXmehH``hB*=AFoFG86Hdxx*WfYUk~puYl99;krT$h)KykD z!)S!Px^RR8gPoyb9n&i5&)o2L4x^nk%Q6BhO`w>VDu{_@Uj&1&=B<_7(F&y~b+~K4 zTi_reRjwl^tevD#cU7U+4~YA+pYvGetqHgZT^{%H^9I-FUb?LD<=w$fDue!o2lP>JJ*6RZ7BSBC)I;n z7xWD^Cnw-=E~9L!EwzOKTaKnc>SOpq@syl;| zp;iX60*fj+RL;#GR8ScIaV6;dGWd&zj3i-0Mljuv3TI`QNSRTdnMIy%Yo$G2+@<#L zCjLeC-;8fd2R@a4f@HEZV5xw`NAmQCf7+=IxLW)>fC47VyoQhKr)B2+WXOv!;=wHz$T!7bK%&=tgM9j0WuKmzF^E z$@~0(9(R)L%n&vDTs2r26!9PEn?cLH4qpk1QR={{y*&rlQ_k+>0c^LD-A6Q#^=x0p+ ze+mjhwefz+wo<$=9uoU`sA;$aL^QKMe;vxjDtq4wDEnQlT;brP-qOha^WAbs9YY>5 z9i^<-$meCP<@dJF2L|K!-*p%O=yw7Z!Ovae&&AKYoD2*iyuVp}&-!2CM%RCUg7T#w z_1{}Jpa8mB39iCd(X($QEbq@az1K7#3FS1S?@<(uCPmlU`>yG3-`hdmlMwi&{6EcY z0E}AKp#XGBi*N|63o9H)0Z$=m(|KJW$tIufoG|s1ZouEZkJKXZf4&?^oO%y=TMv47 zxc^zxCyGJkak&m3U^e#kxW2Nxc~|-4DdxTf=|9~uY2$YYt|#PP-dX89zwGLBLm{L! zh(J&Meeyns^Z91+QD^)#+~+^f+BQNo`cKW!4sA)%j|$Nn?2PWhOPAB4<0qEMcn0lwV>Bu7tZ@uSibzSv- zVb1Pzy?HAMcs*-TJNR(42gmiN^LZcNYV>~l z{nPV}mqi^JgP<_5L@*0_dUhBxG9rW?Q}%#omXF(@SCVtfGg~WL=(G)wtM^F44wiq? zvPV>0;;^RpUZcC=-t5V<(I`3;k*7$`h!T=K@BN+Mpe}EHz8!sTKVS8j=ouWwn}bp! zdunb$OJSR#X7~AV0f|TSIpwKL#j3VzoKRd)tvaUOy>H8F`9kX`bH&=IwK~J@x_f_q zA2g0{RLL0sTj6Jf{(q{){#~fIM?ULC(py!6ec`cxf$|uyw4*d{D%jY?Jtyhta3f%1 z%4xgdeGc^K>8bH?@jH{CwQ;xh|89Nh=kZMi9jExn-BVEM>Q(o!(VSH=VqvVgxiByN zV_R}|b*=;L&r77vmrN8gTKlO>z6xX}$c|&k_4IbRx zCAhmgO$Zh|xFks9?(Xg+xI^Ra5?q68AUMqa-E&U8x8|*xs$0Wh)kSa&1}-n zh)lE9%w;1i_oRp@1-(1RjxP#_3&%ds(aD)m|MhC{vb8dkQ^C-Xk`W2=W)}ou57AwW~r6RCyYXS~K zM^-PxwG2>;sclZ&+7B$#+#wfx;PJ&vmL1OpuBtf*Mrb2+^cKGFK5SzgQLz=$mSi;) zkos`}?(#wO;hk?bY9R#SHmd^SyW^A0c$nFtf#RMKk)oVo-Ue9;P)7{~^YxYl5=yqA zy84$i(-k_4*q?5oc1dSVaXnWHxnA4 zBO;UCaixDI7|QEDQ$vRQAC< z{OlP?Spo6g1s$~Wav=!X!=!jLYPo{@o8IY>&6lVfT5JO8j4E>R+s zlk+;SsxJ5RH1PNsz60*5`Kt712g6Up_eR8ek0sN@uhdc zC+zAk?vcMzfT{5kGkTGSKOl_U#~el zk+gKQ^VOi4r1HlpK|5B9z{l}Z@;%D!l;1IXd#FVLLLYSy#+X^kl~nMHv^3X&7R97Q zD&=QjfxNwPVql$2D38^Yad?c%=@}7fr2tgHaN068HyRBPj?7MDugC(bWkU*bEy>{_ zJ5BzgR5n@TPU0Zj-OWZkMFj$j@Gir zVVH}F>&;ko^BL$ndU>I_*x5LwB8~y-mVR1ElS7!f9R*th-n|%BJNqN8Xlp=bxF)On zu=dR;3boQX7ZD|>!+s(r6Y)A94RYcGhEoOxVHXShjQM-s8{mgy82M+gV~vWqN>Ipq zo{=;mTfoQ5Kr9kv58j|?4OpAwgz(U_HA0qWvZdA$R(EJ1MM5V2qo4qrM2A2F;srY; zArJ=@Aua2d&sj#6^Vb!lXWR)vp_Xjj!xKFUn9(8b1nt|KSjrZ7>LkKhL?ynS*2=Yd z{YQabWS;cXhcp6V8ZFK`q!LLIG?egY#X&zo+U}AzkP=@w%JSa)URBwUt?&TTF!c4% zhti2)-D#@r^<|4{Z&X#REAe%_ClPg4W@K&yZEdS0d$plU|Gx@*@5rwB{hmq*vJnX> z@$(uQB8;e=SYfFiC&euQWTa3+bnor=9)t_6=v`#5^%(7I6*ljcDmP`>n@ur7Ula~x+y-1PZs&z%5F0xwv*8tWWe zvox-QD_E1s%vz&|scH`onoycR0Wb}83`FnPjGpXxS)vxCFR~$9I$C+HtuM3ta@M@e zB(BpNi_x@9Bt8NlN`zT~s6mZM4STo;eql3ib}V8zJcLY5MGh@<_MQnTr~M7DYBSKX zo~{-7nhY{*SlyOMz=xtNj;6j`>`mp;dXr98auOmqQ17=e9b7ORau8i$Ai4k@K7NgQ zbiOL3WEif;R)9h;ie7??%G7W&r+8`TBuG2yA_NTLv2w5s=y1U%03$(=S7ot50s9{c zcRYkD%U`aOtp_mjDdv4I6cDO}a)AYb8mLRdlaMsvZ-{K(FGMSYW7)@;oeB zuW1F$pd=Ma)SDS5A%;Xg%P)3Tx~jvpq98;?r;m@Jva;NDOc93S8e#rLDH1bqvsjW` zM|hZ7-+bGOiV9lGm8qEdqssD=;5o)lZvvm!)gTi4STT5bDcU-VfFvjQNTTkLbY#pQ zM9wXVs)>LnaeB$K)syh62XT85czLWOfjdSq4qi7zQ1AkYE6#uewYDo0;DE^G!Ei%# zY|VPd%=I?PSDkuP%+`+IOn$hMO9oRhf^XEA%7r@i8U~A}h2bk?0YrxQ9q4QZ(?sf> z04Vr(hvVXScK|zya@=`OrR|rqgxR?)B(MO7XrrRuN;shRlcybibAPGZ81k?4AAC&l zP{~06iQm-u9z%hJ5hZ!0-NcK6HUf`(7};GvmQ2^3*NBGKu^Puf;-qg<6B5FcutA`- z;7>GNRCe}Y15GQ5s_vH96Owe3EiIJZgp+NX0iF!d`U0%x`9RHca zPiU&D2{$Re^2#y%8R2K=tH4Naevmk=HA;sHlySH}iW}4fC2Rlh&_tIr^*aUpu; zeFsZG>inp&@Ne0ik;`Biu{hKO&qRGZC2gZj<`9uCVbz>@Nm0vXsxen zDvv*H(NrIxp!$oeqZFemj&c1*aR*1^=#xOSB?T5H>>i>i>PrNycJeLZhDX1C#px*| z>r`U9`d$n92t-F8IJnxhs1hY02c@Xy`_ii!HNM3Ujt1N|_YoORCNq|ff-QcH{TFv@ z3w3pYSu-PJOj)myo{h8E9!^~=|&oo2WIuSBkV z88zI6FdZyxDklnv#8)}D>A|*)K{XD1{3M9{+DqCY3Z!BNv&8@nt$H}%cLxn5P*@$h z2-**ucDajvuzAUo9TNF!Sal>{cnnh4vU*x-|8A@oD=aVGRFJXXSC9s$H1qw|nGEahK zf^?qLxTvE#yJ_o6ZIZ1wF5VNhiw{=2A~}4)aGz zT*(@VDECUPQ)G+aL=eYs>tlCJ%0fB+@c${2l=R4F~lx9`4PzTPp;4LwOxO$2q(`C?nb zi-BuTFB+3DN)6D>|Ep*B#l>-R7ZE)4fba0_?V&n!rC#RpOP-4V-0tdfnmrq-^?8LBzVUZ)Y@5{iFDEzqQVuQmb5Xy z4D2q{p|0VD1&uUUlZpOV-&mm$_v1V=%S3Va-K#+<9=vU=_ zp#D+(;XI-y8fRc@%WI!@cyzAI3@eKhM{#-Vq_&rk_t3Z%k>yNJBW;0$FoM1Uh`fD7Ux$8-2x*9}Mf@QE70|GxSe!VuU zJU5!TtB~+@a~u@kOU|t&5omjTI>|*p-{u<50|F9){5EO!`@RoA->G|G>4%oT*GP|i zdnmPXu4QSy4EPzerfU1CYT|H&28|H0oKoISDw`H^1!kg$WCz=&Ac z(Lqb0BXk-gmXO(i@A#pP=Js}*4vqsv+QDOW;_a>@{!hFJ&61Cg#PmMLUHh}Kh6cPn zTF`{m=lwau#9d919eic}&vY9CsmbY%CMJ@&UORgafY??r+tS5XkcOx7M?MV)N47A~ znQ^LwF#<)9sVaX3y8024Pb?_F&`cQ+W94A;PhCb(O<?@af}*IWCTsIOT=?w|K~26u!~Odt1itE~5+tyk4-7!tTU!1zAi0`L5L_20X0!rK z6KJ3p6;0-q<_mi&08%(>S#Gl4?dpmONrs}EVLGP=rZ;i zza0%vPWWX;jZrihQiO6~9mr>ky@GCJWQBNDAYsqm`3UW(to#YcxU6KSCO4cdhg+LU zIOy8h1q1-z2{$ewLEm&KYQ^3ChLK-!Ej}^kc}6xmy7~qeGBw3iUR9+mAE48~Xc7P_ zTq#p>P*IohX2rt4C$_Jxw1;fX&^r*O5oX%jpU3@m1o*pYL#^0J#gAVxt3RoUYll0x z2|fL+M~Rb^FejFaNJ7K2wzZCqRMoD^k$r!p^8Es{LYxE{I79%!~49)yGf zbOANWDEc)F45Zm0Js*|&uP@~jH96Ihub~q|yh#9^x(zCNl*Z@`2<^0TXHTrZXczsJUEFEp_m*=SMwlpYI#YyIy2=~7M3e%VCFFEgp z2wjgF@Q*d;b~qmqtCv@nOIY;x_a*K_GBm}Vj3=HjmK{QKh=j`bq$TWGRU7JVf>K7ndPZGZJ% zR7|7cgF5Rm{*J>sFy6APo*_0U-xQFbGc#6Ts_C)nrP4X6jgzO;sgcarwEiH4;m>Y) z*B)%I7(g~CKfr{YiD~!69o0Vq$&Irky#2!f$py?wFB+!FWBBpHzN2aL6SOo-N z;3&zb)vR?uk`nbcc-*k)z&;*ZYz(_N9DEaKtT-r858i&`k~Act!RQb-6(c!5GKmoL z?41=7Y*LQo`PbP~Z$-{dZXh_JOM>o8g$5cvMZ_yE?C8lqO<%ghXp!+h7_Do_C^ zuqr}TQptV8N`YV!`-`NSYe-U^xS#hXyqkcZtSp^^vpFz|0ucou-ia{2E;z1AU9-L^)_F^ zDflN@%ojJezq6D5K#C%$g!D4I)^L%;U1n-)i*FkY3Nmt|tuln_-yj6j+)9W+15x<% zSDPF%KQBa3FS$%d&^Jh=Nh-O*M~*ivq)2qfz80_q=o7o}bw$}U>6M;}V7gpPN(#CS z4g(|1ej@pbqHKvg7lqmo6XF#e;1|hiQojQo-C^PHp_*$~4fdE?pyyI)t%PFY%OoA9 zQHS%WK}Rdlk!VsDV)y$~Fwd*;M^A14s?M=nOn5|pusdDvWd}4n;G8l_I_Asxc^-OV zFpbncVhW2&IqoRVtGb^bih+19P)$UHFWyEbqdL!vrQq;hZ@*(nYx)_a{IM&n5bwHo z8j%lE3E=`Y#>zp3@+^H*RgWh>@jM?aZGj9IqR?Y1*?PG}EkZyu0(R4^OxYr}?%x#= zQ85Kjc8QZZFwJ|oz4JNWlLo+fV4$#9wHieeN=Uf7`xAxsUHR>Hdgk6{W7O6D?j z&L4&(P%>_W7&~hH6*v1FEFzgvB$9k#@GuMwTr}E8pkBvJQ&C*IplvtSXBZ*4Z|ehA+~trq$v#L z0N*jRN`RLFTm)d z&6i3dDqgN_?coCvf^5TxywB%B@V^7{g3b^;qp#LE1x^sXwT`feUH zZU_cOc^*@G`a`Ek(EJNG9L%{MM@@oA4_Zl0W19UT*^S_GG;Q*>8s-E;U5go*@1J=a z6m-4-!&E#zIxZVWL#or-)&cL)*;YXYuSC{GwHRdSIS|lLU935ZNr?H~3iWSnQ~w|h z9d(I(_hxV!jnI?Kkt;R&9);Iep(hocX8H(NelnAIMCPZMa z9eE*RYl`RT*Nyybkqp46`TyBTLSUrLV#`UBIruv(7490AHqEeer#Tn0hccJ9NKQ!+>Gp6D-qSbG2)Es0%TUeL2c{DsHjpwf zOl$gH1o;G(s-Yes^qO_fs=IsYawLbNGBJHoM-D?;;bD^bE(fCu%h&5IRX*z~=pfwgZi|7ua7@oJ821k!z~_>AqJj!vMZ^3k@~OOY zrMWsLV!BE=iV)x`7Pg~}`VTd)#hfDDPbnE&y zwp%RNfx?{6FJg>A@q>4q|Bu?d|DDYM{lNVXNb>(ib^LcW!&a9z|<4j=}9-!!L#F7VPIrkYjSU`GzV7`_tFe z4aZ7r{nd@9=EfIrwP1KU%hC;uW_54#ke zG+o^#40*2R!|t>n_t_|1Hv407Wb0D0s3%5_{ZrrXc9i6ID~9T&?}AQ*qSqHMjMM#S zylXt>f8gOdI8=dPWa$(-5#=0;qvO`T?~yZYU>9h$_s9P2&)9Bm zn{FfRYdhZB1EjvKMPe5V=|opd2b`>K>HRvt$5MOt_qSX1#vfHNlI|0-g}sKSJd3f) zUNLWlr_sh=1sVI@-@ctbM9!I!uQ{GK`aO!@4sc7FEL@xVV%%9hzuK=&)tEe-7G{jQ z%ndXI=eDY@i=6gMKtdKwee@DdY}*n*_iT6NhL3i3mQg}kb(RFa9_y8h%3k0vLF7wY zwN2l|Zx5mZ-kf49Og}hb$~eAcsS0g#R>SYtwyznk$Txr6Kp1^$6oLE{(<$02IX`fQ9*-;>=?;^Coc-pWI{ zu>=&wZv7uIArlEb}C7aJa@#B##M zIkOb?^DZwnG0I3Mm0@XXr6*r!=Gp)-IiPrRJimhd5F9FPty4VQ+@Xf z_@kav*yLyC*TduSCDZi#wYj#pT~RmN^6=RyqUY~_W|zgfgwcJE^w;mBbo1D!76GC9 z>#4xH$PlgApRy9Ge(|C|-ZyLCJ5*mnr(*nW_pcB((y1VUM>$Fc_s@wd2%A~Y(Xu@8 zt%`>4h0cQhs*2_DrhBx0X!hPWHBJABE=yfib)0;Wn_1v#>+JQSOFlFH9{liAH2UO@ ze2FA7`|X*l?ai|r5dM4DrX7gSE~CL`XCBMP4iG=j2W0@l{f_!Zg5GjkVG8EbuU{?3 zqfxHiM;d(}R+x<{?Bl7*ao2oVY*|^Y;*HG859j1jbTtT?e$5hk@PgEPZg&>+jl?|7 z8QWcm&KEX2xzU4SNADfE~uJ|@vOhlMA z)<|S%2L6Es%9b~M4n~+K?i@PX2<*O0ysHH54I>g&s$EVq=NCj49H&@CWkXJ0yOG257f7pr(I zK5!LSVCuJi`{VQJq49TNC^%i4X)0$?5qz6_p^F2$wKW><&YO(V>46Ep_(hjsqh~|U z*=)dvPRA@TtDub0S&aej4zOZxyX|deTOp2V8n$gu)eHiZf+U%y-&B_7za$^{6ThBC zehNGPHBRX9stYM0W0HvdRoqi6O5Y!%$kdzLr7FU^>vL}}62*nN9KaNi-__=aM(<$o z^6;c(T&S{Zdr5b$UQR2L6h6>)^(EGp8sh!9gSx(?<@^GGYaGEcqjZ8E zNA|$eDLwHo?FKc|X z{mlC_OuC*OYgJ%yB?0g+(fE;g)XUGkA2SIgMV(6+`6s0 z9zXuv&Ks+#W22q<+3pVBbTx~PlW(_qgGix=Ol&dTPByeP!wr!VyYqqHZ8@M2V7X<} z`Hc-tJ!R;y7Qb+Obu~pXXf=d$pHq5@dzJWIkff?{#EHk(eyGaG+v(~2C?=Ap!pz(2 z;d43fD)Hm!al`8A4^gC)-sR`6zkOGwDo1S86JoD1uQfheowfwZch9Ll+7(EAVHZlX z5OGZbcAK{it$A_a=qP^+Q0tJwljATW|j{62C4p>3xp2 z^c36+^6%&Y`bs?*wG*OVmXAy1Gf`3PBMI9fb|YOkh3Ri62)k&;_!-5bxgD2QabNw%y$4r)YOe!CP}86W*@Bk)e@FZTd)kZVDakOgOV<@#U#AO zP&*vd?Jkim`VV-Ao(&aPUVO9nP!M8tJi^GG50oMnWNCTGy%373Gi%2B75R1_^rOV# zi(>8V``V~oQ);CS2t@7-n|Fid>%`U;C3yMfw>e_YZzX-c>D_QWs~yS~OK{D!uf4e~fDTw7cxp zmTufUs`!I27ZLJqMyixet`a$`W}<~e@-9!=z;K?!`ujQLX2~Q|IJeCo)5Q_GSI4{c zXmew_+ta4x({j8~T|?cWB&_Z#h{4gMm^)_#z+fb<+38Ha$OG1MH=wpsvzy$ovMf zC+-!3s;xSAb)x6vjg~>V{EQNz*t;@E(xvYQ<66q?!6{>qVU*+XmWSE>^hHVpVigq8 z_^-ZAy(}7JqspwDF%glx=m~>e%X5uHiJ#fiVF@^!E%(otJZx?TSNuAKXg`TdxDEz> zQ?VYFaVl+Ef2Vt8YLXi@X>5eEWawYV8IiJgl-Lj4vupI->3Veyt&`w^t!e?E#P+(j z=_AUuHE%W;p;<@pvi9=$k>%m2(ppkG_7-WHYwhU6!-e$-1WW1VR1%Up6vT*m9Nw{{ zLqZ)LXR$=?{q<-0kT+L>Wj#R1ta}k^37Leay(E@45G6Cs?mgZ>WX&%qJ!Qo%{ya6c zX8sehI=^n<4p(zD|6S$dr!fB?0@(k#0Hg8Gn^5HTtqKuzAm!?!LXTKZOvunGMZSnKG#&Rc`ggx>wqBcxtC zVB)=fTzpW=I#pXI&WYZe01{xUwNMfY{}MZAsHLT@Zjza+yR!a^Ji`;HRSQ+t{VWg_ zYL}}f{-A;K$Or!@!^wrx!MaJRqBn3=e3qOIeb=^0dRTK7?kQkv_#7;uE`wXGZ>vhd~h1lo- zoCdtGPhl2-2=ri_RCnGFVilO@8-P;VBtxsK{)f<< zR*u2L?@l@uVOPd;&v$n3d3~RAnoV8?Ip!DhOtG!aAx^Kq6xGFIL|*P&^L6qQR3e%F zM&Fm|noo*)byas5PwIbL5;W;QxeSsK($aD`Z+r%T8i9EZD*9;K#~Y8y{17@aQJ$4@ zNOtRwheO>@i7G`~11)?wV+l-Z(*Rl$oP->&W2v=du{1i0Z2dHt=Vbj&Q~ghCDXUZm z30gCXOOK}Un;rmyEPuKh>V9#53}$Y4ng3+fTQo?dsV7iaQD*fwxdR6y=hTr%iWrzK zm%|T;{Ye;wt8+k4Z_B-Hws);CEXt%(df3dB?)PdZq977L5e-En9=dJ9!`mR=y|wyl zrj&SQ8)B^opZeKP0+C6qO>Lo?=!j66KVBKvF`dZ-CfDD$%Z zW)4kI@@s$ht_v+if1a&(3DKKxs|mFMwfBQR0`wr!nZ^eqBP7`TOV>ScvL{t5dlTVB z27yj2a9?{WwP1{fiI8D5qga||YR1A|LZ_A}*V#K!d1I*zwU)9?T3ZFr9_X00IbzT)<%}(^mg;*8Jg8_yQhcF`m*|UWkIRbx& zp!yyqbNhw|uNij`kEu(Mx-+rhcm^C{aM^TCJX~wXY+EyeC8s=B85E{w*kU}~-R*^m zCj$e>%h8X5Pb*sknTXe9bd-Z9oOIzB+{&?4X*WTp(xL)tm^#wZ# zG$3=3lNoM)ZjzFS;Nr}N;!<7(!0PpK%}$~>Vc@vJ?7lZ2=c!IlC(JR*;C$DTMw&|y zc%c3g0lLjAh4kn9tat7B_hK|+^o{puN|N?@FC>la#7DUoDe~|&`4fm+6|UPl1$1zJ zlEkTu{DM2N&G6trfpX1%h!fDJi(+uK+)=pBc)il|xi7mgWJKB`vb!()gJ>!_2zRZR z=qyVZ(#A1#q)&cCoD88aH_Bksb*n6v(_F2E$pjE@QBr4cld3EUh_~u^VGbFB{nNle zXb&g!>x8|DQ84P&MaB%LD7UytQH5-DfpaH+qs25E*&<4T2W{_{JArYPrwSPDVyB#| zAALI=Ge2$HuVx0fdB$0e=q!1c?j~ky(iU~1DrdU^`TD(%4;Rb(%kIn6R32c4hsh#9 zP5#Sg{HIFu*51kW6kQPoQ}!0vbtq<5Kr4C_lu@Q`hZ3w(I!)SEH-H!Pei598h_n!x zQkJG;VQN2v{ByWKuK}N48n)cNl*_)<$Et1O+r_y33s0e19#eCV(uIHkhR3<@NRcUI zyL}av3Y%Fb(mQHva;YMkJWnk4sWf= z?nvhfA38F24pKuA@ptTrwBQloCG4{+CTjFDlS71R7izeh=#69Y`ma`0Q-IGP@sKY@ z74VU0N@>R`|IyG~>Ch}whv_W**==sVVxvzhx}jc(Pzw>CD#r5rce$7`sv?~?mc|t= z$?R1sy|Ba@?XMOKj8#?l^F0*368$H#f$>dE#5P|-i8YY$V?bZNW-jf2B9n2WcU@0+ z5qF|@nKX0tzWKGJ!`%2aMAy`iVKk&8DSPJCLmuU( zXfGFjDtYB~#M%b=u=R-2%s){d_RHuuUXMnIKFbya`TFQbv&{W$)y3IP2SXBz<#l{vWg*jwJ|ZTD6BlFtmPeBq1@6=!#9*n z+!LZTeq(R92=_`vqLw1Wo5LQgBF_H^3kZ$;OPsnxAY)kNh%9DCJjF&4Ar>c)!K zzKilgtF8Wrq?DB6&wCCV9maq8=J~p~SDyzCq-8P4YpeM0tZqLmW^3OfMDvOz6a@xC z^qs@CKat;QXSdTM%y6ETWJwPwpFOgnzp8&0^S+*?em=2X_n(|Pc85nwaXveDnvCEH z2D+>UNuAGU9-`JiS3*_o?}Og+IT*A(-@<p7x*(m`kE^_ei4}f5g~1TvB|;Hht@*QSu%aFK*$B_{a*Qp4M&{{n z3Zp1bk@e2-fV8KopS`5FrNiV-YNnlgq4G>|Wa{VJhVO3ySD_uanfmVOhwxs>P}4DmG4!;VdlLO>Te2`%>z?H(7pFNJHz8itzP>|c&DnKl!H zWIvdY2>XaDxB~xJ&mhi^AtPJ#?dpBS()VY&e7PRYILv+TQNb!X{31T*&kzWkqu^z$ z=k~0y=J84+`JDhllz_lCp3X?~W~^A%-s%NvJ7lHx!a{sI2Fcj8rM?3KL5?(2j$Lg! zAJuE=zd(vw(>E|^qWC=Xv39j?Zs*W-aGdwR?=s)QFKcHEis<+0G0&DjRVca7@7GYW z>}3S(&%#cMbDF0-w?l0(}jLqM&rQc6kd*?v!J_5!bsM) z!>#zm-%b9ySf6*Ndkc|%yLz1*Xm-mS z`Fpp?xSuD3Od}h-PKy2u=dzqG<}E8Fp6O{*?`ksY!7^}Fl)b8oznk9YSCyWouY`-O zcMSdeYfdJshhL)=WkQ4<+ximiIaWyPHYldwcgkD7h(5f@xIB)1U%FMjAc(tWrbPeJ z$o+fY@BVK8yUa!?kFS+YX?>aXSPd{{jjZa8to?-OeqZZBmV95a=;zmzv48Fi_3xlw zqWQUa;>eR(?SpEQY7gZDRV{8NX!6ZP{|{u;7TB}`>Rjhfb?}8-Pjy+o3QGPV&W2?F`pn_~nPly{LHXKBL3+N@PjYQ`u)Ptd+puFOW!)oGi1uOjL%FQ$H+O@R$BJzRGkpVtJu`tX^KGbs(0u#DAJb@-K0d<{MpaET!82GC^@~3t z-!Af``p?=vwei%-YCZ>LY+Gdl-r|4v2>&>efBT1jyA{Ctw_Eu?Ihma(#1vj|7$M#U zA1o9m4JI=bg&q_XED97NJ`_~%yML^Ybx{AY0^$B+0lx_KFU#Ky8tUH`@Mr(F{{4`D ptbaY^zdbT=0QZ0PXn%%Fwv*xO$LK&m9w^{PURp(}M#3!ce*vrNS~36t literal 0 HcmV?d00001 diff --git a/i18n/ku/assets/img/android/rss-changes-dark.png b/i18n/ku/assets/img/android/rss-changes-dark.png new file mode 100644 index 0000000000000000000000000000000000000000..b462835710a8cbe42646fd0a9dc62b6cdc51c9d0 GIT binary patch literal 97852 zcmc$_Wl$W^+b@Vi(BLj10fM`0u;2tAeDL7z!Gi@09^BmqcXxMpcX!Qp{`+pdcXzAy z!>xO3`N9<4)12;e&hz}NL%%6}MMEY+hJu1Zla>-!hJu3r4Fv^Dfdm8m#Xlsc9}3zV zR$Bavs@u{@E4(YIW?qZr!%9jDJevy4 z@;#d@_EHYdLp^itK=(50{;c;}=Tl9{Joev(&CangY2K#)ux^V}Mju2>_{7k?4;6=D zh?e?<1r8ObgiZiHyn_G-rF^NdLg7Hbhff_?|JRX!r$j@^e)_K?|4#W||79pyi!cA1 z25}=eRj6cCUG3PcQNizXHg#)RU#{0?f7FvCfs*($_-iDY^{vIVsgaRB2!w@4bZPBC z3Ecb|*5flGsgT=^M*G7kx%a(m``hgKgP-^FvGB!tqVQwyp8WF4ih!Ql8s*1q@-?5U zS!N$u1-udc8)RR2W=}2~b8B<*6W=6uQ`fR1vfJWDCM+-VxajoT&h03J>3(wWrCJMl z8wJ1S=ESHdA6@J2x-$OuhnKG>O^(NU#>O}FgKKBH&)(Ow=dM=kuY+GRyzUM$1O!|4 zxgdr{TYlU~8Eo#!k9x%?uI-QAiasxn7V>-;cLX}@j7 zZM%g0N9gh3`hJagadIt`5R0s@pQf{D7{9`PA?P+mFImkYEBUC&)0I31aqA02WGzHn zf0P98rLX@ZV*ATuMS()n|5cIhC;<@|~ zvsLA6$vyH%2&K5KO4{|MG>xCbG|900u*tSo?mHD$D-NSx4NklH@SgSiqcm4Z2o)pe z^lYuIw;&%M7Y7H4;=b+Mp5R+LuUC2@l1ocSs$CZBGsb$OGr4fS+4df@&s7-t>qdcY zNt3nJiGEH$(Z;SqY)0UG!S`CH&w}5Tk8HNU zfNKydn9|!}sH>_RE(usfL`AC!MxW*)_)nS~4woXWo1xUj#ID0c_G!qyywAsA1qi$a z8txBl|K7dM-*irvt7(0bD!UywlTS?lgw;xdAuHi-Um2QdF+bMo?G3#btfsDtT{^2e z?{)F8o$-2;$jWNZOv%3U6Y9A0wSOnL#A>Z(w6pW^7AC<((QbCyot_g>c%d2{s4&ew zJ?8s*;WlF@?s)f+B)kZ%&uarAAqUlFOdDpTyerTChM5fua4W6jLXVw;+XaotBo7bW zobB-J}xhOt!p%kVsvM?a8oSK58Ix;M@jBA$((yOiwV>wGo>|9Y3|EoSxB5{N&p z-{!W79KAH&{t|yjGIzVYw&u;uAzoWox6RD)d4Rde`xejd=(dF0(eVoQB_KIPYZlh9 z0s%BsFWTqnzvH|=ZASW2lX5aFJ|}0m`&rSBD49q*e3_V7YaxUxTmR*Rp0f7#n5(JL zy=|l=f`r#)ZiF}E#|ZON{mz+lpWR zMtoOyN$^peMW_N&WQO83)*$;S+wn98YA{-aR}N%ZyFb@YN4+ zy?%Sn(RW9$w^@4ws!;Ry&6r?}^dC2!1qzW&6%?OHJeVR{uYLqb-BkHku*xPf{Cynv z4%E2q-52Kb-0Sjt4feSLruYC+*o(9Z9~=8`XKd8$wPuBBEkd-^O%p9G>+VAIc81p# z{KC`r`CqwIDXE9#2ednv$avh@^(!T1pn=@f4UUd}Wc|=slPkbQ{l=IQi}` z{?l6iyZij7wfuMY`9E9Be|Mk%9Qj}LWnU^aivO{{{r@tE8yH_siy6=jBlhJTIucsM z6S^a(N6qYe&+aaxhOLX(Dpiq^%~X?gw6Iyug=n$Ft!0kIgGr-yn=!;?CahM%j;gx4 z@sW{=65A5n@8ctMkh;3(KIy#tT~*aNAB|o|2M0#FVkhTYq7jOc;uPiSs^C~vV`Cj> zc@-})Z4b%v`1pvWgQFu&km}|!G0%b~G;|hjJQ`XADSY5AI{KK!#{wEElbN|%i=w>! zNa6yu#E1wl7X{3(>KfdE!TmQHrMl|sU&O>bo#ojH2^55^tw>s0UKq|OVH@44=t!@A zr=}`ttZQj6W8o)SneSXM)0bFV5smBHW)#S|+Fxc4M97oItD$vvVj7BOb7O$a&3Qpu zR#wVZI&8WEjDltaW}4av>PI5r2vW<}2==|bz1bBu0~T_NhYlDy#xiUb<*IBWEa`8W zJfJKH>2?A79+p2b`oJh-WcV-G-A4Cb3r|r|3r9z@A3tQ|n<#D4K6O8Hfo|FBimY>k#LW>bhrq&gD+;*SmQY!6H8*b z*)mP?O}e0nmX`U&q$!BWFuV1yz_#bPOWDOum8C6Ql$3Ze$wzbgrBXLR&?wCL4Y|eR zVE=A0QOd(b)V&2>Z2^HFRaGbikMSA)fjc`mYN|5@dHZw(m)x|ptu5J+S;XuUe!Wn7 z%F3hdRyDQGJxJA#$gr^8PSsISilo#Ku!^a=w+Og!kSOiKBsF!#2`tEMQjU&1e+ISQ+spuhSx^v@&eum5eFeyoDM%o;Q2ZDg4jDS zNaDJCax%VKmCPwgfU|6k0*Tikthw3M+#K!uF!Sf@iyKz5aK*&b7-@HCJoijPzf3wM zX>(lFEyR!VF|_Z{gnUJMM)`Djj0$>sXa!|++i3vwo2^4xn zI}D}GIXzELQbS}I`q=RN{%w>MIOmqIFi+WGxGic@P`4bR@7`|whKHNS6P@hd`TGu{ z4kwE2%JH#i|L14Kl2aae>(f}M(do}@EHgU>jYNv~m+v^-L1%ptn9-HVDtKwY0v)9F z`(mIKq6J!8;)*89KY=~SA1V=G2#Wpni;tiG>rzR1d3;qh{sQhFwxmRTEmfVOjA4;% zw(&;J+R-N$qRN&Q1z@)K9?{`r$GQ zmwd%D`wM*3Lo7Z7Kecc7Eh@dd_$zN8{;n+5aTFfSFF6qu_~G>fme$l-7bU((R5ZCm z;M0s47@lDwC})0Q!H=f*a%eewHckWn_Ubxg4_eOASwT^8yr|S-reHZXhTUBLKXb+4 z(VjC{>CeX7D8VEC!UaXYg2Vvx9=>#FC@2nxQNUm#^7Q^YlHij710sHDm~JL=80F7T z_9wp?c?_*aMn=dPgyFpE>d+CukHRPn7>@teC2p$&^4eET&C?4%T#`~;VO}cPd#4Lu zQMt*CUx~~7`Gth^P~y3gTqJUTkC3|gVVU-@K{^^GNkbkMSV;LlNWn#^ZqIOVa6gYQ z3z?D!L6Y9sy(M#5_P3ts4dzd(zEU@)P_ptpY%tfbu~PD*)VYTILK5P}B-$}C?8({) z@CkTKxEhABbex>#dG1tMZd9>x);Kr`^k8!(X&H5uYd0*7`z|{W46IlL_H}N!QeNKf z1#E0zOeb`Qp;586%@yYKo_RMhwpUs^-v5X+#}u{j423f)xNAK&BQ^}5iQaTD=r%UDG6IAr{!lVU`4b<+TONuc-Z*QF>(mz9ZXJ>2az>UqG)s;1+ z2-gUBe2|Ou2DpK5b77SR7qC~@P{slB>eimK$}RKiaPJBcu$o^dtk7$0iD6-WD`3sY1;S0Gw(kx zHpZp#@zy?Y#>BX39cm&U9+g->LME=ka*H}HE((>E(y2lne<^7h$Q6G(ULqro2r6X{ z6bcclP%{J;zk65oH2eDEfAcXqC8eMkdRuaPrRB=H`=jCK{0iG|kSvM^aaPvQzJ@FF zS_1TGrX}I~b^XmRPaie3wl-N=qT69tB(V%URh?ey-8U3Ic|7Znc6PnPuy=_o+ITQF z!(aL{alM-V;=FsX^9#|;eh=W@UW$J4`kAXXKA0HvZ4Ge}l#};3Ad9QxQ5ntu9Q>an zB!UOyl8RC$ziCunBHOU`xN0j=wm;4uydJKclkg5DE#+IL-_fS zd33hgpqe8_>XXN2$B@+c(-lqogcns<$5Q+G`(_>nYQC}6)oI|tNB-xZ_QHgLFNSuH zI}QMvd9{rpT#Zz!l+%|k=;)^lu%eIGhm3&y;33_iT)AfJ^BT-sy}#amKR^kQ3@3Q) zs5u@hdp>U!mLU=YSPKl;#ANr!qY5K|fY%i;<)h#Z2RpmBmud2<q_$b8BmE0th8#w$D>+Mztltc5=RI_x4e%s?E*Jb9V82CN%;21~W9s zvU&dRTfGk@L8^c`-CuO*(v}q%bR&)XRHDZGVuC1#HpmBNKD_KA0#-7EyE$yz%p#g|T^g$rh@ZjJr za7&QA=_uj*dkkgbV5qqfLdUpZ_!OJ<7Jl=snLmFTQcqeUh`Ihg1nU={F4vt9T;MAH zlW3mmhy<64&9?DAi-`mu=h~9PfKDt5ZTTFZUOHccPfydrrA z;)ALqu;{oQQ;VCR5s#I`dyP~zpLe@U?CdY=iPNs`Gj zz_R7;IMS=ua~IQpy{g|khb<1Jd$aiK{WuJWE=M#?4GmvvIw>A{&4jmli05szokstO zOvfqT@5{Z!n42zcs5j2vS{&RH->IExbKCyC7^DFv1Y^rUf)3+&WijkOQ+tjIO53J6 zTWwvhx+D1yCu7Dvn|xc<*HtSRwT`HM_A`GDCjYT@c4m^km%4b3vprXF9PI+kuaRCC zjQ6-gQxw}8a!P!4c)ig7{*1risI99pWAPpVfccA!=Sk_)Bx|Y1Q_v!S?)%`3HbMUHNj_ zq@MO(C;B|}Dl+LeaT)#$Oz{#D@@{rLeV)YdhRK>~{`v1A0gsf&Ye~+X`75xpRl!-V z>!gnvfA>~_->f|*X$PZs0liAXe6-Bxx%+9&x3mR%vOg7b)TU4u7hvo3(V}0szuO zM8sceeKH&RB;)-e!o_u`pkULt`^q!Y+1Wd`7E0cSD^nX)$JczQeKQR#>AYEq>~m%a zg@WvHPvoVFwieB&Pq}p9_yl!st_a)nKcaF44_n8?AnkeNa1m`&^)^0kD$bH3_a9JubrG8cO1a0?6RF{<4ZXJa`U}}WUmtEQBGu1L(h{X1;mUs~Pa>H0VlF-{YjCnV86qR(yTG9jLEQq{nIta6qoE zWN;uMmV+{e9F) zXP=(tX1K7SxHw&@3yh1ZV`8Qr>nqI#l+s~h%gV&uCDM|2h`7hlZHMO-Q=G<`KM#*F zsdf|>+k}UQtI+oJQaQdW4>8K~%^Te}(zbnxveKvY z557cvMB(k2V{uKL1t{FVB8*TKg;Aws*1xCcM=6SEc|^v?qy2@Uec^m1xP|)3DxVeq zZ{+a~j`w}=-J5i@MSZj?_Syfm`quoe2pK6kS^3ev<(NI3|F=@_g-FCdxAeewqfKFH z$!}@tc_lpGLOb z57^hmmdU_;3$*@d_r#Ix<*xsZq5xdjQgO$7`nLC<#Xty|s)%+E#z&;2Bo-uQT!yN^u(EU-^l?I-$Ovnl zClaST;m(AwZ99-=0@9tdf4z#g`ySov)f&wL$7kCIN#&&N?VugY~T%+*vHUev! z`cr-pZrhA=TI!09uHci3qiPW#F0kkO9G2T}pInIXCNkozcTe{>v?O9J`>ASqpufYi z&CfMvL;daeDvj=a9M$W_p$H+XIDR!%-yo!-&e`TFEOI!$`Iw|AQn zWkCXlVYs8X++3X?d%C_x;adgC{tnKUpG{43eSPTNvIAZnZ0pBBanfH`*I1uhS<%!{ z&LdC)fhHF?(obt^8Q*{P)SDSana|IvOglB%t%ddf#-yaVI59C189hH&%g29D=whl4 zjniShnf<_QwfVLGp@<|QDXF4d&#Z}W86}Lafe-SzqOg1P3vT?agVbuO42J0 zZU%;iO&+=ew6p=T?|;_Sd@qTLU~LstxNG3Z%b^bYMbGPNtn#$(!&b3>6W%gJSH+iJ z{h+~ks8W*0tE3hvb&~*#k|Hf5qo^>}Ls5x_U?+gzkdt6HFfdS3Y@@1P=4)clOd>5m zdRDL|UOGIuh!${1LKlv?^IA4L%s#C?6`I5SMHaeRcrK}Yb zO`M0GRL z@hxR^Q+dfC|3^-pv6U4=mqt&w>NL5kuqt1&Z%FGUB`HvbRyqzU(+|+z@?Q)zrKM~0 zitC2PXpuP>9mvTuM5#I15CXBIg1`2}kpEWIQkO-z7#mmy%q2uic&;rjI_msf)80R8 z_qpCuLwAc*1`^rz??D?P*Q8q1EKc;@3X0<FID`}?w8EpfBtaw-SE|D4JxAekm#~F z`}}<`)q`R3x4|6Prumvw!!8a;E|nJuvCA-Wh~U7H-`KYn^_NY^4Gj)Y-S?01Ch+hk zL=Y{SPV`7x+9Kt}yK58+^R!$;N!`b#tKwR`l4Oo+6q&Fv`mnH)LXj&dNTHx8IHs)B zLX|#R;w#N>>tZK}`e)9OPgn#ogvDvcb*^%pZ2`1ct+gLMB>esp7uoK+pUq`>%0t`c z{l(k6(<0C4-)(l$y5W(g#gjw0K40xI(29ep@N1yrxG(KD)z@Ivu%)qb0b8WOQqLCM~DC3P#ye%O}3AcpN82;~HfCtzo> zv0aCER5jF>mIkc@T*f!2)d;!c>f)l@_Iv*e531|njZ{y=$%!ZolU&;O^18Y}@^SbC ztwchjyF2uOapsS|Kb43euQRfjbj)kWLWgVw*?ro?{p4V8A8bN0s0ML75$=qevGWa- zLQag0%gMpk)}sCy+>c5QqFVs!YbJuISdPrF#Q;Jy(a+w?@Lw_;h`6&$cR#>rYsg+5 zh60&E(^HO@tnBR9@SyB^a?n2-tLg#hhELf)2UVnc2|||W=!j>~isEKYT3WE2b060> zHZGo?>Vo=Q3_t(IF?{MsH1{uUt*p#xX;ELqiq=w6qM|X3rLYpom3$v(Wazi$pWHo_ zo%;t4t6#o*b}E2VhYPDyM_xsP=|~LMsxv?(V{>qnQ9bqy)O^bxd$#n|mq&<_&85Tn z`AmwhIfZiWGJl3m{{FLIi18(&e1;8!g6y!;r(Oe&cJ6%u_Z0Au0@A4Gov`PZftBx1 z4U#VCGd3TBz27?HLcS*(+wU4~$MB-MzH=)o=nk@hKlS~odiw%*vR5H+N98f>#|f^b z-ByVM#a%M3`F=z^IbGlS&SzD6`2m5yItl!e11)Qrq;J@3(>@wv|{e zE-c{VYdkz7w$jG4d(@~I8d`k&wqO}g&(GgqS}LHejabP&X$j3hLo+`$RU8+Gx-DsG z*}N4qbUx?CGLX|hcDCdkLcZsjlf88&{E%B&`P$r++U~>huC7+`he|R#1H;i#ttTQn z89DdZ-Rn0|% zhNm#4-r(K>kzdQMLJL(UQGj=XUdrz(oXTVVWT)KVaC=s@y9!fkTQQHU#>}VT1bcuQ zb70N~k&Gm9eCY|iC9VTBxkHaK9fipf#JPar3?|Jf=f9o(YO`no(DY19p=Y%&r+b%a zDguJfI!+iEfe}|p_`0#+C1b6B%y>Hh@$i5#7D0;j2aivFE?M{bBxw&Tf zYz8=wX^MYA$hZFgUQ843*X%*EuQt**iK4g%xGt zPZj9zqZ&(TcanEiv|JYF=2i?tNKMoy!Otjt8yy*um6O|Dr;^pE(5WRO@2BM1+KRcp zmc5BaprXnH^qG4N(TN&!$Ish0gpRk#U*hT;8oHL3qpFzoCr=L#b4-NTg6^_)`S=Tt zl>P(<13m<~%Xfcx9fd+U>ci`+9f_7|+wHG6 z$I=i97@Wb2OME&FZkChTxO@H6YRSp`NU6P7@SqI;;?-u13?WB}#TZNw!PHDq^`TlK z)2fie&B*Dp;#hif!tdW*1bjC8vbqbTHeViz2gk>%4gt{K)7$Lw z`WBs2@XqS76ORUd<^+V zn79UxMNqv>n4U(z$GB2NYwP}k!Y-7|^;Q(QaG-97=>0c^w6+%WX$3TQO?Q0e)i#G) zvPUH~)j9q5M@d2ahIIUmzoHb&OG|UI8{Q+Xx7yu&E{ZLk}mJNKZAtF(FUw&Fnrl`ZO)IPuW$}IEB#son_ckWa> zcFim`nFeLt+>nq0{5=*4quyqjK7qO8sivvv!w1&exzm0W{IX1TLcjRrWQoKsSzvB+ z?>D}s@_M3a@3Op^Nc9j9D0^ONV=6Q0GCiRJf0}FYgeN-3K)04)9l*bLGAgYxIhelC%iw@8kkU@z| z>wVnD_z8ArFA=Mrk#=~A)EZ7+S0hZNfy34-4QV88_h(2acq!7-qsECD`V@!V%r5qL z1>HrtJ5DaVe2t=Fa!Bje2LiB|4A&ig+eZ$BNsV@$KhzIaUB6a&l|h4C&%Hn@%RDZn zXfzId@7n&p6+)W^U3{i9d%k-e8?zz7!y)OT z&E=h&IipuE&Era7)ECp%j;QYCZS}ktE1op0urxpXl<{eJzyMBN*@37G0g)ERx<9Yz zJ-_zXSuqN*wRJV94N4XkuN|L3XY6-MYN`Pop6+iO8FDYaVpoOEgei6hhB1Rq^bWsx zIz~`KxILNdH^~s(FWAmI00yo zX77D9K3EVQZ}n#8kp2Nv61@3!gK{$TR)vB{x4p7xl@fAL^#@G|z7m1DpCamb^WY#m z{C#`h!YNNoVQ{M?xJ<7)ngMh8cNNxqgD}iwnTLSXv(r=VgEw+!DpHu?<$8%06Y#ix0`Jm{r8lI%>cE{3V@lLa333^P zi1NrtmS@RN7s36J4ZW!2>r*6yVsMzMHm9jfw{HvQ`{11_WK<3_mnU0K=s8o~)1%5c z3noK#DO*D#F{hx*!T{NaK0)7bv{u`*oK~5gD;eEmzk@va2GY@4u%h;Hkb=Tn2{6V& zypiiVS%KQQ*O854v)1ywbc^_4qEax1@R{eEB$(Bk$WMYndfnO14FRNE!VO^+ZvVvJ z-0|7*qdo*oSQ(I^KVf%-p2=)k3J(87F zO7+_}KHIgJ*5}BWZlH%^TtK+)PM|K;gFIa(SufqxW;OwH6PFYttB_t)RVB_NusiZL z-TKtF2wG8B>D@{1BW?gbSQ82lq0ZzuT{h9yhzuD7^s*+$`+$jwg8M(Fqgo;vVWHA9 zezhwc#U=a073*#d4!e9_HO3$=nB$i~;s^VuhsM7h_8yG+hH&aRv|y#60zi~Zj#UAt zyI%}NKjrekz_FW-eeC?;3vXxdaw8HzNiO8@)Yw6p+-){fFjZrh@9ZxW%qgB;x!KgT zx3WU{nx(U%_%a6#Jys7j*AQPa7d<#z!c8XZt>-SHsp;Mz`@pQI&n`92#8{&2i3k-I z(PPs~h3gSWBH-lk_iYWjBbmjXsD1nS+=#L`k#R@`@UFYMvJbGD&`Ed{keBPuRRrz& z!XLS9gl2S29UQK9dQbW9N<6?bafRP}Z&4xN?4)>XQ1T0Xaq;k^7bJ}Fv12zj4^?!h zLtrH^RP^}7$Z>c)PUNg~lmVRCU|$C`+TOR&fZCXwhazKTlOT zgFGiX6kZ#~Hkt__etaB_iILGtcu>0iX#gV|ub^S6UBLCwOMP?Sx1(K8wjC54B#8j` zvs9-xJuA>aIzBqc6oNAh)D>6;&I!REH%V_K>YDDOk0?uN&fj`Fn_bB7?!2FVPyT#2 zec%|C@gwW3nY}mw_H^%lw)y6{_L%Eh3~{bpH&_Igi5L;=*MKlYjo6YLo0R1Gbc0*> z-ciu)VX*DB^@yptk%epp*};VGY8n3}=;!g1U!b2K@tp%Q6`#$OD-L9h6bqEf zZ#G7W_2C*o%5d7MVgFTPC@`(gr*;8IqFTuISi1+|u@9k1QAlqRr++|%JJyD{2N9~V zr^*IlW2xNs6P*bWV^Px-1b9z-&GNtGan0mld37B5lzw1tC%8)X@Gq*vAlaw$isD2i z21%m*ankUnC#1$uoj>JQG#%HR;a1a_9&m1M<__KUsqpJPI66DayRUwGhp){=bUySY zH9PxiZ|~B{KdiA#J0S+*cFhJYn?Z2|1Q(mprbSOsKW=EM980R zVopBcUs^dq|h@2kIhk!&(22m(5X#0gY&d!Cfw`TO{$8DR%?dW48L61+|Zae{xtea z%FQ@e=bXtS){Z@NxM%BYX1Z5bzy&ikM zq9ux6BVY3}>#=+49*8zt^R(U3*8d?H;8q(R?Tp6Jxm_#f%eeUXsP)?~GqbbR*RjaR zyxzLdnsRzEgH7Qu@8d4_Yk7(BycZ7g8W(iv{Z$K)o;TAD7`T1rl^s!I0-^H5H6V)m zJYircR!q6lX`6j*bi*JxH%{{`d(04x)zwHYmquTGN?c zy+&igBqEYN7jS(;2*M#w8Nf|s)DFNrTk<+^e)g>n$QiCQGE+=#IXF4V7f4K(=QofM z7Z2~<1`wjp!@!~K2BV}zZ)eUkhEV=hR%2toxSG-6ALPVzE-$7Xt+tkBLuHkM(N3$T zCazD^`CH7kYgNx{uTe)w+Irex6El1kr_)te1^^OJQyX;p@5b5e7T>}aN6YZI9eld2 zHrn^oAfR9;L&c*w?oj^PR;T~bhtXGJXKQ1l^zZTB-r?cl^xx&-)zvVfT(g;3&h8Ls zUB5}xjEp06RMgP{0CA8IVy6K1p^mcF;noy)?ldhSACpc?t<9^t_rW}s!rY&Z}cGUcEv2VrW`GKFW$<6awW1eGg4>y9W zjEVq1Lq}s?lz=~zhL@+|_i1u+U*Q3d5v7n2^bRit%TL|T&P@*~Wp#C3?PVNNQdr@Au=u|Va|L!3|^wF^q_Cl3#Vz+I^5grELwcLbDOtc zpDw=(Nr(BYC%%6#MYspMsqI!SAw`OT0}Gh7@O@bn5hpb-ZyIWDzG?D3NfW&w4FiMB zxSEHgf|u7n#5smfOzery9;4yxR+r)ef2Fa$yR#!xpQY2*1`WXJzekr8vl59N0bI_F z`2Y#oAVjO~KJV`{iOzFeHR; zwD$6=Zd{;=EhcA&18+#Y zv(PBl3GP?8Pi8eDBR=c_*yx^=nlJ!(iGuq9aJJTR`7$c*q(w>Dmu{D5Q zZZaS_g4p#pHbe^j7P)6(XxNgWjv|+WlIb%;EfRxTD=25J%`K;2QHKQ)5B>uzZoG3} z1i-r&{=~&`iQ{*<=7>I7Y|L%<$~NI#g?DT@Jl~P$dE8u7#bCala0KdW0WfF=7-ltQ#*tf_yJVbHOA73tn8bZtj2CrJ4t=42=4(g$7|={ z5J;hBC}5oEH7DsL(Y*v%FW>uVwC+ztipSxY0no_`^<6|JMRAJ#Mdg}frMGFh;ei&vaC2Arht!YXu|+wC@yu{Nci z7;}iIltb-!<uMpL2+$7K`GYii|xRQmy5QH?=&-68dHRpz8RM>nAO+@hmp-JrL6 zjvEXBoMiImCUxWY#Uo0B{l!SqwY*RWdyS|>@2>aTmo)5rz4l8HM7(#(p>Q^;Ogj94 zOw=n|PXI)mf21Vy6?#!DOidBumeszu_PJZB1!SX%ZWfs5I-6xnp-B}TWdKtb69*x2 zg%*pzu67MiCnhv|JrDkhw_Lof_jx88oFYw0=C?CTU^sA755=^!fD-CmzOm4eNG2+H(K!Pwy+Ff8Ap8F_>}W5=e!Mq7xsFd zY(x8ynfJJ4WTR5Q6E$*k%L7qZ+^^&S@Y?$Kw;}>pSVx!4>a%SW1YUBRV!{F{tPSqw zdE4GhK~;=_k<(;|Vb$COVxVE9!rwkTY*_@Ntb$gQn(#dAK3ea}cKE!q!j^t21{?M! z^6C3cBf$rP->TyVP}8nTo;!7IZ-=i!O(b_});RCd8?tE9rI34i$S~tuIs?y}jgx?*pn|50d=qnGkF(-^e)gH%F4ElmwLl zy}F`f+vU0_?+%Kh{a`mdh3Jqgh||a|eDRrHkNokxt!}%)@{GCTh5nrFLh<>osN11i zVy+^OfE+k4*Z5m(A0iBd`(@%4G17+^Z1B4W-;Eq^Qd$hG>*6v#;tSxHnCqfxQ~GSo zv16?^Lu+C27o<~KAy(41ce}bxR<#n~PLv$80(o8CHrVusFEjayoGs61NF-B@ulWR6 zSVBg7FA;*vmo0oWasq1tX{tIaB`StI07X~H>BS>o;+JGxNV_vD@H zPEuiJ9o0+S_*6$S+EG7m&k&djq}iiDkVdxzS_U_FXsaItE$>9Z1){PaA$Cs(JAFj~ zL@EM81dtog+Bg_}Pk_kodMf|OSyninc3!svPpa|=&1_8On8km5b@r>ZU1!}+Js#0S zArJvl)P6A5;fMw2GBPsLernqDa=9XWDO~5-iN0J*-INeKCao`bzK5y2Vd)lUhF%j~ zb%+rKX0tq(>r2I}Fdt1yqq&x=?+5bb`R~uqce!=%XdwxLh@iOS73K29zL614xKPQc zD&-FUuD(Y1Y+a-=%?8^)aJ?KbmH>50jrkKN$rVY)ZzN=7fe9j{zA+J!|6jueAi^< zh|y|O#vLey9-qUbB@sSU8rcM=Bv(cP=r7^!C545pu77j7x~8B7zutm|EK4OlD7^AL zPfc%`jmQ`!RIU=yi(+Q|dfS~8umYCBdO^SOZfMqXyHBunQcS$` zDS;Of0$~X~Ir-t`){!*j2gJO<n!=hCyx9sT!>VxkmNUWl5YSMa8OER=JZ4ha#G3*uNC>(Fhv4#J^Qh- zxoPdzWpuadNsa&?m;@U}RuV0^O}khLbC5rN!_85*SpvZ9$$kgNuqW8T0{W`}yu(>jzF=RaNAjQ7#%v7>pR5EO7R@V0ovKd;`nR;zJsLc&(eBc{sdx zSK6yblwK4_Rca4L=%srJmkWy0=6T7dU6|YY@C<(xI7LBUV`)Ua*cJd}Vh7oW*iHDR z0lD<#<~)f8CQL$i0{%XawHB&;V)WZ?XuJYu-6oH{kw=TnWL6botwN3^q=2sgw}^{; zD$q&3{%&D;8r>VQOiK~6nf+2i-D3AS=s-A@dOUNW!FC4f@Efm~8;IoHMvaEz8o9)G zMWblN>wQQ%^xUu71+EPWucps_S!V`Ctjfe#rp&nmHEd@H&QfM7-k-T_Esrxf#+K0k zCfb-{wz2pdb6YLsm-NR@cn_b)_(LaeHNP>YdwxNk-6L&PBa!8mg<+46LDB1mNj(YX*r@^KYfM?y@ZG|Bd zfSXvvAR{{>y3Arh=;wTNgDZdz77tdrJKtZwM?LEaoi36;`IYtjbc@K5LWae~SA{lRYfk#TizNwEv6ftly6Xf2^@0IdvNLG1ag16iND^rWr>Tf z2h4Gk!ar1+l)|XF8s#g!+CNOuEeSd(J+Jqfjn0#*=h4Z9Buo!nfR}Xf{B}=H`X;;p zRDvX%7ma;@0g;09Z2r5kE!vGL3#2$X8=aT+!Wha+EVKF!?ga(;XRtvtWV50J(p5(a zi|@~O34#5_RGFldQ~H^I8~Rjq%w8>yBb={k%lgavWJSdUmi>v%SXFq5y(68tZ}WqL z)(624pV`c(CjNYm7amH+zA?j3tT!ZcfnoIok5a)pN*aKi)QZCPtugp%DG4rILFuaPMMQ_1*Tg+C?x!PjO?uqOBif=!4fvvI5 zgMqSc(Kqt=Pk2__AJYfqwa!;~W^GFP$Y0_WVVCV$y!BO8m6es`Rj4d(Qfk>{wl4s&*WCT4t=Q)BgbS|{_LPiVpB7><_iCf z)^^j-P_gZrM_h{bgSvWjipIg&wa=2|F~zB6;KGI=|^T zkm7}*qW;G-?Rtl5f%i;wb%`71d;`TKBzkdKgQ&i?iGcy_(Hih7@b1xD=NdLobx!j> z-$t%!Q_$0=jPZIJsn9>K(q}k73+q=M-Zj|YjW=dA93cI6usefQKTq>HPHooky&clJ z%nSUf&b*u7my!pFcxZJ?Phqfg6P6L}Wxy-M_B^i#f4LOAo3<7TqjMx9h^}7{DS!u8 zcO)MsNt_s+|JQt2YMHMPA0?*7q&NiyWjH)caCwRE;mN|b1Bf}QtIiea!s5B^uNY4g zEjy`fFMlE#iGH$H#k#z_(+G4mZ z)80eGrqV8&&e5a6ez=$5I?V~IzzPHq7nK> zJFG_M@tgqyClj@j+)>+g=*j|s@ ztp5jZXW`UV7p;8~+}&LZElw#;aY}J0kfOm`q_`Id?%v|=Ef(A%XtCl_DDE!B{X6fS zxpV)6Z-zNDK;|SlXP>>-e%7;ot5~P-^77_as_{!#k83T2ey3?hMa5^(Q+hvAPh|AA zZOk=Sq{*Dj!GT~o>^oqDAtK77@(6cO_*!8s)L%Cs_^hilgN_=47pnF={w;o>yju57 z^VZaXXsgTn5*$y~ss34xPG_{%_ta#~J`%pjRwIyu-9jz$>)h1Mf9bK6r%hnJ>)e|Q z8b8?h4q$OwMxG+QJ0IT1O9<8Ixc`w~G zmYl2EWSiT4^=CKtBh?Q~s^{Wk8J)q})3zqA8qPJYdp7k$Sy!qlq)Xw3KiuXoQQ>dw z7S)m)>{m*3MN13~mH7yLdL%wJ*!`|Qzy~~HaupTn@$m~j4{iF`nXXqSCptXgX|tJ4 z_^1~ToQ6&7BlBhZ%AjJMKlEkVqdA>=D!{~boX`x2Qp>!%0}E#H^~uk#eTw@!H_*66_RQ;`V^FJ4XuuHe)A_A98_+0TIM z5Qy=f1+8oK50+Z)iX{QH-RIj}j63_JGMDxgkL@3!OFj=Y+!^56BdWS{#-s+ZAGL6p6}oQU3||9$%G^U}XZnyb;_c*6+r6HE_eO8^uci2_~J z^^;}aUsuNxLsxxKdY{Wuh1`&MLVE?QD=)6H3ts+8O+Msn|KVTO+#F;CM}|&dlis|u z*r^Pft9tv%J_7+W`C#a`-W%ewQ&mQu@j@k4VP(=fm!hYh{6h607_e>4NrHGkqfzt; z3cFk_%-Z|>{sqWux=xYaFH;W8LUlkesaL^;ty7&3_=UU~ zMiLHY9r!Ay;2#XY_Uo^CcvhyTIWM_8oaq?(1r_S!J*})N_h=vSbt?@OvtPYBsQa#U zXR>QjQ-{6l>Z;Oz-K85xC*}iWWVWoijPom4@pZMd_?ei^XRx+zJ_3<75M{uExT1yD z2p7PuK-8+q1~*z)@JMg6$jo2gWn_a(j8zGfuc$Pv zmlPL&$t-{$o5Z@sM5#xJn9>|h(hjQ=yOgTn_hg4AxbVi9mma0_;+}Hp*G+;ycBoYq z__5F3T^jt*S#TYkoZ0N`nxuto8Jy&NJ@s$7_9LRoG8dd}$+x5||5$gny*rVP-()eB z1&ks-!79tm`;&F0Bk}WARmDyk>!VyaI9p1+rx2G>^CKwlM|MX-S|9N#yqJ4WmFLj$ z8jo7UY%_MM^JDd6-e9iX?BS!ub@SWxkQmSBtitlpcJgPsi`5WZLZbEX1PQ}7$<03U ztfuRf(1-(8mbzTbVmI@dS4)hHYeMx^6Q7h-EG#xDPM%b9_^$6_(1(UKjD9r@wGsjZ zh=me#Hfl+UK>R8%ZrY?UG_n%g09oVed~1sjr1Ey z!X^m5j=fK+$_Em@gT@s`MagG|4R(TGe&}yAG7F^S zo1V+Dr}B+X08XQsNc~lqk&TSLFHE+xw%Kd=%U4{|?~W`|VS)?x4tn^I*_nE2brzw< zc)4$c+;4no@#qdl70o)Q-bkUHV+E7B?2YCQO%s_%Gudg-rOf-f0nS-;c0 z!ZlTCCTLYR6HQuzXMF!c4BZ2ijJl?}3LWF;(!jL5si?{d7v#6Ov|AVy#?;>JvbiWe zkRsc7!4i$&$E~2JczdiMuv$?XmjG0F(-4c&^gFJuo{_$qGeaX=q2NWIJ)Do4t}HBc zouc?#{ABNt)4Tj>>X#eRET9_qqc`zRWHi!&2vN%^(a?jNkd=8y>49Q6ErHq{P8xH4 z>fo~JSsTr@bU_JVBdVkl))@HvpsblV!4$F2%=(AxDfUS-4Y1W}GVWutaUShX)DDe6 zUq!^PPRYe)_P?JQibp!wpYgf#7M|e4yy0m2Ko+2*rKJ?!EAMo$J!+5`pK9ae7uGLf z_OB{}a;|boWrD5=4!y*e&qswV(+iRc(20%`b(4la7D%>;xmQ<5 zV(zP}m{B>LG*(r}*TN?^i65-8Sz9gJKBXHy*&Y2a3} zx&i!Y;h#M|S$XRlpP7#`A}{p(X|Cex^m;E7+X3@Qj)Gpl-&z zQ60qR+mp0B(`4V5fPcT^+qI-JDG-}%~DLg|BJJ_i9Y;`NY~AtLhao< zb|D%lt?0!FIUk#P+K*ck&1x(NkazVGb*)_r3%}VuF5o~K1nEVaIjXzO$ zPM4s#0e>>B$z8{Wd5+O%9|0fD%`uQ`JcXmN1etx4_?SqFIY{hQzL}@jJe59lK6Nj%<5ia)F1}^*3Y}S!r+}JtuB;feq}oC(R(Y zqT~j}k7oyqoRbpZ|68#L8Oo5hmDcw4-ki+G{ft zmHV+*=IE-OnU&Rwx7U^`VV&Sq4xG#e^be4admh<%2tv=I`M5HEH#0YsF@T1R`&tngK?|hyTy#4U0c&vUb zy**z1Te41qENOv=SnEa=7X-fOsi&-Nnu-9_{kcd1>xtS%2IM>JCqWqMosN0h7oL_i zBk)I;bWg84Fh*sm?|9eX%;4a6ggcP$uB+GQ@J~fhncp!{TJM!1#qx1klm_maf)5U^ zM8ju+DC$_C!PIGtOJX-e_!)5u zn=!}Z)EkTM5qh$8pYxKS7SPS4!-Fft(9}Pz;=iG}o0$CV(RlG>wi!+cE|<1ES^c`U zu9}$+NF=37W-WNn$AA5!xz(z$aHBp%-QuA`aC{-m3I7=~=y2J>e4W488RmO;oIM2r zB4S2CW>(Sg>}o1IluN%YaY9l+Ku=W(x(S$NcdwQ}2Wtgm!gDs|xG6wdi-}Os!4j_= zk*l%J(amH{?tynTG5h_k=|gU4oCA_vkAArE_pVQ-)3fbB_7oV@6J&z)_VP~=OfxRX zJt$=L?Y47_@zPSNOq(&`iK3cg62P2A)a<$UX7pQqJ*{6(OG=;~cEca}hQXaR=8};B zc~l_Tl-TWTG`b$y^ydRryw+<i&!Hhtq(|dhe{e4`Vl@ zKWIisU0k9{%Q&p)6|@kd=QnS|FU##|Or<}VVSXXu2GC?_^*tTR{+-S{#8W$M3L$-) z$L*&(c>y7(1HdaQj*e(0Vi3+}7^1)gPx=HD4^Sp)`JL{+#YKmdwtXHPM1NMySoJ?B z{@ZB|ov^c=y+DecvGu-403qvoEbdDE!SoN?GyT!J6#Zwe@-5;W+y$?g`p36DvU~gs zXWm&g4+}ZKw1&XKz}R*++yacsp7)uSPOSeNa5yOfl-;fl1)1;~azuSu2kI7DMBpmb zlNKZD1}~pZe*l{#qs}w<;e1v5$)a04l|Z_pr|0Xwt}#*P&DZil4R?AS%f= zYPNEz+{W+bzi}MP$%XBRpEg^&(+fW>ts*7zt1wnH(Qov7#o_Xxshz=JnfkUp4_3eP zkOP~}#`bT#{WBK3d^aaS{zOBUQ8h*{9cllfv-_8b=TT0pyWgoHlE$^kgN1b~XnEe7}OD2QtJht!hl&_Q%IDM%r!)6j-}R)n=Db?zv3gP|$!a&pq%SLt-!l2B z`6XE8s^#+StYi5#P0_fnzeyu%|6W;zK(;mwRA^PES57(klX72@`nft#|L`b8;O2M7O}#xIY_Td!Ky zVvRBNyMC!pSl4sR0a+lD*ze}pxs2vA&po!iKOb7%m#pm99D7p6(cbt%SllYB$kh&1 zG9(pEsB%;q8q|0zm*{AT)!lw5LVnLtS(gJo9iNIHp_f%BpNE&#(<~pnKe?&O+S@1f zUD5hgY1`P@8MIq5S1tlYCNcO2cu2EX+MSpfssXClvnCn54xNqu(RtUgU9D-Y+v}M# z%~OnM%8navJ3=sFZ@s$G;uO1)$+lYe($|HoPV9|PPn3ADKh6(yvoRBy90rRE>L z(!W!@T2~?K@>acFk7~8G+!P9hgPYFWV#c>mj1l{2ZSOAnk!-u$9{&@S&ZNJed|&oI z$y(ZZe(irmdTvC#Ll3NeJg76Zoky(8j~PZgPrUv|bADZdqCYPF9QhkHt=&a=ez5Lp zu@xJA04R``%bo9FmLHSIXhfaQJAKf5JDPQfNwWF;MvZe2O%8HNol72jok*zXM)ezd zCz98{zAaWgn%P*L1s4xW%r^K&S#(^F`Y-#OjbYE3+_&tZgcf~ydr3{TD_^eA{%J$? z{qacgarlr{ zLO9`d?R&NuN^?uWQM{p32OHx9q##%KbDqx-$lv)a14-5P*<5E*x{Mua3iaKgqQS48 zhFug%D{Iu>r2LR{KW;E_+t_cE{-dNxlLy&~>b@wPi}kxo0&SEZDYaF)aCuP(I`;yz zz5^kolCEn)$#T;~B8!Gl4>8khsBE>Im~t;$*D4#S8ZCMZBvutM zlWefkKdaCREOZfmGzZ9}5db0_;Z!1Ob4 z=6dhZQi1HglhWSAbi9fTc{URKP$RA4opB}+OYQp0x#42G)LIuOe9j*xQs!HFqjh^8 z`g;zRF;O60%Y%QroBY(R9YWmpM@Fi{Wgf%>V!~dO0O_m7PN^dYnR9^j!Z9ga~ZoX_3ujv9%YrSJ1zC|wi-_nafZyV4fgQ)SJo2n#Fo={D+Jd}V0 zz(cO)G}i8BOs2ZNqXvDM^H4EO)4w>tpR)3NP+VXlllD~V6=O4Nu7CF|>C*REhdo!o zYl1Kx!a5K!m3$FPYioK|e)X}Hot&!-Px5y4nRDe%>Mehn=lU}6-JI$~JFn+}r4~z| zy+_;T|4d~4l3+v zP6d*7_sp9FY{;uJMXPD61Bq-XYKWoE(dv`%He$s{Y;I4;r)l z8&M_fIUP>8FkGfBl*E>;Y-1c%k)>=kfifiQvPHS`oYUTTTDkG=PU<=Ey5sujiydE5 z9{|FG2FNE{4kmJ1S+PZ>QF47uwj`qL9+dgV<&az(|6A+L^6LHXI$%3;GE?lO-*EkNISMq4pKLUgO1T(B(d@_KxEo>f8sKC$g9*qbpMP6 znSrdkMRSkRM(`*pQJZichfli1k%+$@1ho5DSngc)&aQlw5ulMUcMO>}YPqD$caXQl z6_);x4SPjjYOBeS_uKvv6jk5e=!$F4+RG}lF~r#N&_X(Z0t?xD$3<5}d6RSYyHf_d z6QwXx-X6mxfeOM-jWu?*O&PKGRki=>SY&!iN>!K`*LgvU-HJ5e9^P092Vsv#=b3IH zM$EKeVmIVZg18dS&Occr-LVynvxv2Sku-VTD;cJQ>LTieBy+`q*;W95qG>riA3*>-ohDguDi~ z?PfoJJoxh$W@PV6?aBU)84;}6;0L`7ht2Tck!^Tb=#HouJ!+qdnXd;U06 zAEXqZJHS!8Pw^*LJoEj?hrc)1nxU`XIgoVV)4WB2ODfj+5KvM7fr=*nOkM7we{YobrBrp)oBw35B7tOgScv;S%u-m{gi-gI6NN(u(zA1D- zEV!bA2&^_r^+s2VY5McH*u{a`1Mr+qo-o+DuBhycx_2vnTYMt&L-4Krtzmpi2Zs3M z$g$9DMq))W4ceFwc53d}oK+>(py8&ZDCILz&@rN5H`$u)Nh4t=kGN*VF9mV0em@0~ zDS%ecLwjF?nVyFRUItP|cMBapmEaQCb?*r?L93&(c<4f`SuR|^YaqZsX#DS8)amXqRghF(n)N3()yqW=*DP6yBXtShb$~>sXe#e zxm`zb8k)QW$WTyKnmxLuj{SpAhhyqhh{s)uf8VkLlVj+O8Ub8OxjzrtaWjn$o#)B@ z@;HUN!y2w8^(CCWdcB)o?nBs>-S{Hjj~s1)lH*&+-2J}Ey7H^8 z{2`p8r!iu$+X_RToeu*iyM8{H?VUv*fAPTrZ2BY>}dTMFy*p1cN*mBVP|{cCejeQN=+`9(0p=B5q`s0{9;`WiZezi3%0 z$1=@%#Eh4TA$Dp%+7G6iQF3li0{K`sL&$%E4McNBbwM$1tV&(C2Pxv2LQKcon%f?FY^Ez_* zMGeQUtn(9+Ny!3w94CvfTCugx=o{S5*e7gcTyu(-sgY)}0G=zs1l6Q? z-RTqOn~Bw_^SSmd5%jh{X-D@rvjc-w!gfr;`zQM?c{3$s?Ud#W`XV^dTbsR)U9_H| zu#j#?h14Ar23Y}eepGb~2=C_+Ff{6MF-eqBMHUGe5}t;x=RbU9EL}W{euc9`Md-UJ zvaE+%WWi_*hKw_b%{f}m1XXc=TtH`fH&&V6V{ys#SkpnDxj5GO#p;ObLN<>{yu5A_ z6UQX$(qifr3u)eKr}JARZ1Oy-QOWDL2Be<@hXX?#BA#;m`bUSpRIJ3#-oh$gAf#6p zDk3VZ%}|UcX7|HXAB0HiD`beYCTi;NNaROKO8M%IU%!vQXgp7NnuXEjM0L2L5?+_G z)+fSzcRnm>TT=*f;#cZa9{VW{{)9x@(fTzt@8SN!{Bc+iI4f_E+joo6*>S#;^n1)? zSNKaRc$>^*vV$+4osNb$NOzFT+0N#bq5LT_1M>8wZ1F?Y>{(;j-1DbBf?xw@te+vO z2hhtsu&(Zm_)C4Uu*4IFa5PSpu7}a~!=GL+>u=9C*mRd60`N$TC0BpIsJ>WwB-;Hw1@PNzsNJrH-jTr}QKPNfi5R02a< zLfu_92N}NKeH&V(SA;v4HxdF}l5|(mqn{`-eJE`I5`q@7fy3iQuNG z_x)?u0qSCn7&d~x4}lRGA{@qQH0exvB@VyKIKIu17J*@mRHIQSsaE$tf zBjQ`?{f=K;>Gy7wI0B7R$4z$MWlfA8nS8|Vp|EfZNeYTj4)W6Qj@}C1?s{QA@B)+9 z(GcY|1C39xM0o)y`MWu~qCa%|?9Q*&;wF zO#c0FHv`l5Iz&zzN8&UqvNzC>&h6Q&bEn?XuvwA*%PCnq{LN!za$xbu&ONU9xJxLF z&~DviJD#N7xgY7ZvOy!X-%$v!i6}+We*7rLl@8VD(_=1lwYf!Yg=r;$OO?e`_i#8J*!12*1HwlrbdG-)#22O5=EkpM>X& zByOtKE<4#hrkix+^5GhLc&NfC@IA{GetbdqNGL~g&iZytezEcdhw34RpOnV&ga)ZX zwBy(rkJxo{k_XMA`e}~l8%vv`o=R-#ys6CxX*c6evMW$HzJ_p_+3YOqdWT~#YfwHm zqbUx7GA(hxb8k_~S~zp8us0Tr71v|?cEtHNp`wWZQTsGW@srql!YGbWp>_4Q2p!ghB)7AopiRfP#HEixCE z#P-Ur?vM?+(4^{L7dOX&yAf&^dJt+YID&(8Rgl3w-< zA==g;F|ogC`$p-J;p28v2qhO6+X=4Wp_j(<3##wc{G&}fE)xID*xvK5{wlp^0!Ux0 zn-AR!b0Y$Q<9T^MVn;#!)V`WX$~rm{042m<1mRr?!d@QQ@2kjOCiGNSQu@ram^9x! z6VMe=g#nMHC>oeO3<*4ka zwS>JMsbqDyqUjSm4lyD<-FTlqm4G~D6S+JLYb{*zq@d>RUFAg*Z-1rRHwm)h!rci> z)bd{h#h)s(H8f1^VhevJrd@dMaSy^jTv;^O|9n`G^qeW*;EPf_V%0xwy~++b$n6L z(c|%`=F%Ej=I`0rFYXWW1AqQ}wXi_r7AVFEs;KeP#54r8YSs zp|S2OWn$N6L;W=sReGWV!d+V%eVghC%GbjcUDoN3lOP89Sz1oMm^?Wr6q?IRlmFsV z8q(}t(ZL`GWm%cQE@~O`jkO)JRC12V`|X3teq0j34aO)esH^KfE;TYbe)`%9-MOC~ zI%p?i?mo^F%*nf1I6pad8;|j<&^a z6K7gI0x!em#XPSLeGLfrFCTYMC?l@bjcXq&gurijm_z!A&p7`xK$A~Ql)-t)%j@dt znVvY<#}z)e&`(EBOKW5bOHDt@O34eRDAzy);)i2~(8;W5w8P<5p z!SKn5_#pp!k-5f3D$PhzkGu0DZ)yjd zz-zK6VxnmI=IiJGl!dAey9d61FXfV9pmM~biZ;;jrPBD~evPA;8EJ2S(ABxNHu3eb zdw|j36-!p8v$`4+1wM|)9r(AY$%Ozf_;7Pm0Ro1B0W?3=1Qmkt5EOxu;;kpdbAb^d z&Bn)f2Bpr$RAFhr5-Cu1)igFn7Ysd>?O~eW;3OuF`4MboHqGnihxO7dqDVus(bMB( zrlv+8Nlw)s`$BcsrLak0hrykJBN-(cmG@_v?K^>HzbiZbO*Gd~_T1C2fMSr}-cBA3 zAi_ZIAoX4FJJodi0tZuPU_^8YG%@vC+S}uAP*G+@L`N#C4F=~TrO3H5-TBgilno5% z%U)Xr24ZR}Hwi$L@Xjf2WxA{I;JKhrl-&IRGALnL>c7Fet3pqa7?^x~shu@7RQ{KY}(1J=~0sKYgMjvq0TseNIm^kY=+$!^Md^9jZ9B6kh?wML}1~^ znGO*zm6qE5S@xU%(`)z|>gIu8Rbgaqk)54zKu^F#0w0$|8Bn2NpsplKc;m(2up26WeJ>6s zJEUZGayog0B2W}YhI zB5^vt`xgA7&hj1g(BMWh8XN2u&>JQv_p_Gtcx|jc`95yMQ`Bs_0KA{+SjqzA zD?`cIX7QO67vhLtZFaCnSsfQ4(+ESwM=d9Q@jA~&=DGnThX@Eh+=0tkJdSGU#Hs2C z8AmT)(okoZe{!|s7UT;1c5#IXs{;Ly z;pbiG$)?9d<-EdSYUqw1+{R<%<5TK|VdP^%3Eiwgvlkm6vU?6jT!;rIG)wt?kQCbs z@_A-j>YVe_Q&JSp5iuWh0`K|`KU(Muc58ckiILInZdOT<)jvFBH5KlQ%eXx88o79`lvE{;ojkv!+Tc~^xcF$Yd6k$9j`RTOAMc~$}gf=&=5sAS*}z^aw<&q`yWVT!68jJw5DBQwF`@r zm?4g?u0HHg&=+2&nnxv!O8yx;`A1C|nMF&2bA;^dB&)s;1vF3h86ga()8o}T#d(WO z13V%x-FGR`XapL0Ek22GM8mOvCMOx-$eLlGrs@#NNOb~3)ci9gU3NcG2wkl=JCrdr z5L&SNE=lAJdkn1HH-`*KNGM@^1@FQ+hrclF?GepM|7{rXjn}cnJ!SN~v-+Njg7wZ0h<;abug>3Y}EjX`0h_w0o2Ko z!oG!O5YLOlMPO$m>)b&Yo~!E61sg4~%A<8Y&;%*#s3NPKjgOO<`$X(${fJ={HT1Sa z$S4sVC3Z6*Da*=IN74AC(6Udhyyb41_WS2Ba4f< z9f)~p=!k2z&F$>)9(&&-mq4_&6$#*9zk<&I41Q`|#ODwn=gWnT&``Yj>i{M`{;*Nm zx4=50dVEBi5Fan?a268Ml-@oC*0`7td3^hyY28)T|H-Y9n z99|j*CewAJAeBjM0Z6@}?kIz)6TqE-NFk+{hFsQ`my>mxis&bs?Oc(>n9EUsfV317P7O7h>@#6OcO@X!p=>DT#f7d%2N9Qn_GT5;&w)fh-M_+<+m$6 zV9s|)*!V3lENRnRwVSLo9jW)CVy(zj$;sTZpH9E!-A0FnTq2v()1?g#7sN_RWm}{i z<-v-|zk=hjE@g$$vb%1#e%lLpyTqJ8WG!`=Qv=L3wX|Y1dGVR}TK3W`qe(=A3^ZO2 z1drsVHIuf7xzU<;83j)wc%0>Q6CJZiZ8v2Rmj7AF&yp7GvS(P$|3FO^#ej;AJ{GnYk_$mxe(Ek=FSVF$~ z%~KBiG}gHreEcg=4{%KKsxU%QOB}uiE3D>0141@}+)_VQcIi;ZmGunt^%c~*AWdQR zz^n+qp=@n^m%^klsl!MgkhVI?K><(6Js{NpI;g@YTxO_>B@Ej?U+f>uR1x0?tutl=Qv ztqke?2huPxprGPa@LcbZA!m_xcA;##X+&i{%fXRTZ5G=1I00q@YS%-FW3k$ zYnqu7SU)0$MOy5Ti%WIoX6}-^1vtrsZJ@I5?OKl>@GaxQ>99JRJTa+`cU@NrfFQ%o z9q;bkeV1`?y6$k0BfWZp5=t-Nh^=hk8K^w`?JLkfkC;g7rdv8r%n?>z0z0tE5D#R>>|P~-%{rI73uRr3d~(LHqPy`2ib$) z+mOp(mqsbCoNx;o)0yT_7^Wv1k%foxs5EZf3KKi!xjSEU%9d7z%s5n6tff1bn_ zmj<*Kv)N%h_2$ee86D)z>evMdm_PMMnGA;^e4_Y7ar@eB*1^ zkqpHZ6`qXE@%_(WG7%NejcwW&FRrWB1}_L}8{X1|WQq%l)Vu1h4!p|yxzFaRYV6+C zGB+bp=eO6A+;GaAA}>$cc+!@pMnCPx_CZtA|KKWPv#!D)F}Tz|CqtjC%f-axZhftD zb<sVKgWfo6#{B_E$^6B6bL2^C$}tvj?A z@Kr^*Z&7}X-AOp6-&DQe{McFzbva+DJtl)wEfw=llw3#2ovE20wBwgW`6`=xcGGoTb5D?V|lK%_*t1YH1&hi zq1J@`{H&-(qx+VqCTxowWh`*e97F=MAQ%HAPI6g-be?EEJGwq#S<6l}#K9++s`$=)weOEnRD==^taGM;Du%c7|rT zzoX`43nR?}s^oN?U1Er@m!*KDWZJbtou|pOr@lU(jDyYAz$-?v!lEKUMAM@|l{O`% zZN|(ro|XoH9=XDg7C0;J=$Kd?CrR3znw&(F@_Ov2eOKJ+PqUAnkmv$IqJ53}UG`)Z zlqt1>LP*aa_7w@TSud&REvw;bRQ_LNFgPUC30IRW=b*sZp5^?#{Lt7CfV;w#GakK~ z%Jlh;_7X5$sQtPS8@xrn!F{&%e8hj{(LvMtu=BKa4dhRO$6@4!rH1!*jPCC2(EfM4 z<@aGqJ#AGH;xV9`<{G2Aoqe**<348s;zWY&!_wqJd$ zqvL6-gZC{+obND+LU$-sw`!|G>kCZ&&QpmPeahZ1(V@>Cj`TT56F6n1pr z7DxqbCs%5_Lgi~pg2Kwn!KcvyFc7$W<#tpV_T~ZG6^6(YNW5s|G<|Tpw3o{K7b!a3 zXQNoCC*!}|4NDpMwYW%SNN697F1NG!M^WrFj<+*@tJeh`a8YmhUTe zcI46AI~heFf(B<{V__k~{(;D(0-$M;LzvPC8D0#S)j0zR0Q3Hez!4{R9v*uu%q5|B z%169dIXVhrQzWuWeXp$k7R1h78F&P0W7)Hypb)-2BtVd?_T79hE++dxMtG-e8wN^_ zh(P_Bny#Pt67EjI{Lv5zlKKsZ8rgQ=sSeLCi4F7&BawaoXbA-$;1Xl^T*9adF^3~C zK#B43?O`FtGM*-kp;&zQ=orvygHRQOh%Osix%Q~F45#tM+;<@2cMZ)#qeCH&!-X75 zjSUQZYd@BJ%_3gTZGrcty&X9}*XMvWplA%%i?Z~v4xG0ZB&}}cr zk5A_yvYCWF>30K1rV^6P6G{_I5Sz8#&Cpkyw(MyiZ}qB<%@yRW2iRbJ%kAzS*ZoH9 z+^>ngh^Txsv_?+ewOg+XyQHesd*1;=s2TOfCnwXjAv-G*z+vQYYknGO1eg)ByH7{7 zs0&3-ZfUs!f_j>mg$1%3W*82k*cXlK!c81c$ml5DDS#0$izHyU-DcLH>kh~g@R7hc zOH7<1CK?qJYc-i)7~Y|b(?BrkEH1VuB~EIhwFAopH%A25u`RK4sMn(V) z-rLKv z!gG$y!?Sc3O|UMh*NK7$?;!fGF?NYK=d7!Y^ctzGH0zHlmJvXdkY)xhAlV(?hi4eU z^itDTVo569C7{S$a*H5KHFHc3ADJ^1*HGqyj*yU;z>%MY1>9L?o1VExlc%A}{(4U zCughN6rpy%`gaDr*rmMupM{Mq$)&N3wthc=HDMtTOs-t4Lafq25lwoNH4vFj$n{5w z8nj#_LSbacClKD=zkh5icH7wJ8o^*dkpav{)#tY6ra|m=khHedv`XVeo6ko?AjtH2 z{FQNsTowfROEpr|W8n#~GyY^$0}2$hy68IG24b^yGcEk%hseg*_8Gx@bB-TDsyei? zVgl4}H9lwoq$QIhICCi5^$a%;U(G993G0iQ%L)SkP)Nc z*+iSqk4$S8Ot(bBuIM|J+?3@dAstl2q(p%2jh2EM2ZS`S@}Mv`KJG^ zr%^-UC6-16a(UGuM_$wP#RdPz+Y@@vS~y7j@-n8f!bES)Ym|xK0vk-`r>?@ydpiK6 z6resDv<=STqilY12&OnUmEWA0AO8vym^1vf#$Z=b`tHf05llby~O?m&n2zpxh&1fu^#4Mux>QI6c?i=v5pD^wMu|rHw@F77N zpMI8>@^DosKrx~$!IYsgJxog6UJ#yo-72G{dEXEar|aBbG4PKo4HNcwD-_fNc?O(p z1N~NDu`QrA)`V>x9|s*^{B=2xS1Kd=T^QO8rY(SC&KtAGz&T=ChOny`C7&5SuMKP_*{{_+F) z2+RP3@*t;C9i~z38B(Zf_h`S}-)ZCHKq}}^7uzY(_?R>DZ*S|b2?i>srOr}b{fesL z?f;|ft)klcqi^2?clV;jS{#bIyA>z|4_-=fD;`{ndvS_e3dJ3YQ`{-8#odaW{Tt(d z&b{aD-j_UOFha8T{;oCG{LGbC{SsT}Nr?)HQ##XZXt){llqbi)jFTq<0@VMl#e|6T@u?2N0GQg}T~EP_IMZCHDVgSu+cnB`asT zdvZh3Tw3x@U(s~~yE7DXD4v|G!ksRD=6tT<%?wGCutIa z$?uWqzBDaCi^M}0UPl%cEg~Q;RfG~=)>Qy3Tp4~Mqg}s- z&!gaY@K^a^P|USh2Z+KiOs3E5y1C^J447uce2V##HzKG+bf;>`6P#Ymh@8rcJv)JJ zk97bK2TuLsp7EMRw`IgvTg7do5ICZh2KxFK+Oyjx2csClo&Z) zkKfMg?nJ!yn_2Xg4y5TPXzrUAmlj$l5>c*l{HQ?oZ{f43mfXcgJ-seIX%e0YhkVE3 zwUc+{)-xqkOfo8}Tt-G)zioYIS+b=C<=s10{1Wq~`TblCE$!(hAh9(_>P|2+5eUZ(omjTW~Sx2_?eQjGT&xP8w41}wW0@dLd?en0+tE> zIm7z!6)6Ab^%rZE!TY~ z_eZ}5*zQ9_<&6=wNk!%(6wdHEIi{u>JuFM!W% zJ0=ye(ve7C7>TvwfKqfSEcJBN^+xJTgyNO0#>5y#U&1JJ3!PK_>IALZ# z#Zob9ji0ij-JyP2)`ZA5TkTI%*|Djrabw>xG(Prx7&1{x<}1U=zcIZ9aMaKp84so z!C5Ek2w_=fOJGCCY`)`^vLf^D%{b7)MW!&@W+6kg;=`)*v%e?DM>QckN3I^c#vW$P z(VXY8Hl3NPo0;G@i<5f;&36{F@L{x4liJ-V-6UyuJ74SB4&oN_+ELih&!jG^O8!Y1 zPO*m6RqKxKNaf>W`!WqYzEq9wX@vsfn~@LM?Utp#hZ$aq(CB$M9Fi?fo`x#U+^h~) z7?;yDsrapbe3?#6RTFp#0s6&M#{lt8AI=i%gdamw4eWoaj@p#`ux(%J4o-{}#`giQ zB*)r=ui0tR<}S7^`2nb;GRtLcld~YP)KhbMgb8qF{&d+JnN&F~{N53n^sx)rS5tbh zB-Od@db6ugRHdi>F_TNvUAPLnYJBbFaq=JkG!n)rpU4E`BUPgHE0Zz5k;kTLn^r3MuU z|1z9z)%cA5)DY8=pv5KoM3NRGw5ED_BlK%Q=(4)v^l7HX;W^T{P9iMX$@9xG?&Q$d z5F02sM1KJuM#rgDcjL7-Rb%A4i42k}|GvY+M8w|pua)Z_*hA}%00GR#Q2B_a2_L5` zzdzxn-7J>T)`0eecv+gqfYfB6ZMekLk!!$%V=F^6{0Z{qJ0ksMBm(RV@i)Q3CL$XM zRrWsvFHtZ8FLtN3wNLyKL|2`${WAs!9b^2HhT*`P^=fl)X|y3np$L|Z!@t6UVr;Ka zLfoCjUsH9?`yUSGs>bP}e*NiiTz3BLNCCAyG>kLy4uI~==a-E9K?I%_n#l{7zb&zm zsLlM;hiO2Pzid3zO<$NvY>dL+-mpDVGGVuOS7jX_FD!4*t?`VMn7P0S9}mfsrCUBy z`PiA=b`nzwKm%*5$Hs6!mLM$z_XLudb7xT(c<_~-pP$_0p*zhP;lUy1Z|UBYDi9n z3{K%+vSlff3~Bnm^S0dO$YnHV#|7$tM5V=?&TM`j|C#6qn74*$QM=r9ci2J@YtHgc#s;$Az3kB>5IV8c1l;R& z;d~HIFJch7NBl|R+(1#6WFidC8)D1FKlqAZ2Lh*a(!SlriJkzSX#!Xso5a4W|12pO zuzvq2k*GfdL6sB>Inu`~)1^o^&Oc~MU>Sw^AFhAaB`t=v?4&ud;9u7gDT%oji)D@950oqKPN=5)P0w-wnr$UFh^t(LIhRg;qu^=$A{R|<;$YAyP z+qI!8eVBRkLq8%ZTA`!F41H39pvqbJO**?q=9>Pyi;y zetdjmxYZ#Au%YQI>wse(85e@5g;wczRwXY)LPMI52L_5tBc5Z=WQxq)K0<$b#PJ9e z3q*}5N+#$UnH79;Wz(jGsZ?zYJ2%uni zd_qfAve*VGEs*|jh5i@?r7-+r3>n6FkbEX4O+#{gV(kq3=6lAJ7lxlj6%m08U%!_o z>iSq*7C&7S{Vx{}McO>NZ_5_MEbxxp<>Qp+3##9T+oJ?V z)RwO(zd!p59er^ItB{}sTTzDn7LS!>5^VJb+i?;aPA*xCdfan5#e!6UTc9K+6|3f{ zqwAoS4CoFDItzth0Zfb(QDD%P?w=RcE65$bCJ8=}Aj^kX2>WH_}2Q zsU*ak9t@2_pd!Uh5xWXioaA%@SZx&-K=H)%Vp0>RlJcPY74vf>s z*S9^;KkxU!A_M0vV#&~!#>OtdcDCIq?hq!q`;-j?z>qzce`Mc-mx*&1@l$5VysAB% zPqjrF6^-Ilf1PT;XRMMn%-UE!p$hTKp2bw>S3p|uh!IfzWZo4u+gFlO!12aCM;}dl z*GHt^b#;ZJWWsStG!Gw_PQiF^nUBoU-%&vo#|OZdqUsBRdpnBpbrlG>J*4^%iEHIm zmIp6jj}^wmAoMI;)hc=9%?Mr%18=R+w#e?CnroE$o}tgJ@*UhOX&iAVj{Rr$od+Hg zo70D>+C{!wLMj6QRDlPcS7)sS4{=J zjj%Sd;`O8s1!Ojlm47ff6@rMNd0XQ(_J{Y8rOf33G)QI*bY;Ho8^&5fRS?(?xi9sb zHU4LQ)1kaKEZPwYk_5WH{@MZI9_NV0w7yI*#H3@njnzuMbV5 z6Ow`{5wCqn1BN1k3Q2hwer-;--eKO{gts)1FOGfJn~eME^#jqW3#CDO{yFD^kcxEA z9s-=f%B7sNxaLJh>V0;zof!>ijL_9PuKmhbkm;w4=h+pZI8HTXOL+ZDWPZlslLg6* z6r`dsu{7p%FIvIuKC>kiLE7kZL41(G9-)H8IQs>t%H$~$Sns4`aaPJNs_*jP*@%xCinX30&_ki zinli^#Ec)BFA}k%V@{=w6`WF_38AQf?v1vdz24Y1-;AaCXJTaV>X#e{v%07<3u9O& z^ytrPQ0!TQ(|g|WQUv~w*Qpnn<6$?cjiw@>Hd$hGWV)0GPfQlt6+B$g4Zc>saMz?N zA7HQ#6d;utNC$o2OoLS**w?wE|Dynn2(V%PKqOfWr?zuCi|9Z7ITaZ^vt&+yjBN)A zQDYNxW^Db0^E)iJ3SnFl$qAW~=tua6KW)x1%uRx#D#JQ~=PD(MH@u;|9;d)XoW#zo zh{y;O!UUIt6^4P)`S})OyqHQom}G5t%Rp6Rgroa(Y&3-U4O_7xU5BIgYs`6za0?DTSXifI=+dvC!Y0${zJCsD#(PNP} zY#jQN&WJrkEUf&{_d>MaIJzr}2(qU2MnC)dkoupH=JWyn;;BHsh~bPCj!M+7x0Ohi z?)eBdEuMFY5Zj1wWc`!|djS8UL#1N)RkRMlt_Gq^mX0KnZR8lSvG@x=N6jFxd5k|L z{~{b7{zOjh1vthjW80vx(6@l{jM@Nh8mi7bHGRI`p2cN9MvNo`t~FHqkJNte>dadJ z`t%XSzuWL0_=YD&?GFyZo1%N}*b(3$@(8VS$EWp?b;7wXFw>uzuYcJAe90B{gILSC z_+7}J3vi5(gNG-!vh$Y~UwEr5gS>pW8?Euf!r%9z!1&fl0$01=7oM@Xfqh_UQaPe| zx4Q`fx~Kk14Xb~R;XJ)%hA{@qk=Nvcc)y z<)NOdUD}T$?5Zb|`9YI2Nbk@>B2bcS&{%yKP1Opw7Jr?t?uXv?{MyoFt|3K>Yex8) z-vBDgChGyP!Z25)89bgZOyi$q&#=y<|CJ)6$*_MKz7Y>hVpR%YKL=)wgSQ!i-rZwn zW})Fq(5G;N`Ku$LCWRm4hUVaqgRWBOP06%@)u7pHXQhvZuN@1CVzFRsH@+j?B#D_E zcnpHYA&=j*1f@@{6!C9SJ$(2pz6Fjvw#*K?GQ4!YPF0f)8Z9^`%mllY9L zpKg@^+HQcW+L(lEOcnf|wzY4HHGz^Pe>fYZ&hrwkueZIc2kKGh)pzx0cPufA+P6>} ziZH#Ex>ItuoRu;$4v$mm3y_FYX;nagkKsTU3IAfsvfSULiBF#@y!-B#z04G!h2YRNMfMkH*p=Ko|BrLg&`A*ZHNW}Na zIZ`H!tqs|PeMn*R9y;7qRY6Jx2MU=SF23ta4YPA%v^kegB*0+1Dq9-Qj4t^SL+Pm> zH>=Dv&ecxy{LrEpSEr%0p z!qpWNPMNm)98y*$w7K6`@H3HH@A-7Z^?!pu|DTba{|nstAGYWJB7FXjtKt7m`27EV zW2FM4JGQ-$kX(Laa`G$@QF1P8q@vPLd6})~^0*~S*+<|SP*&Cw{dlM^;w?KgEGDZw zHFXi2Gr9CI7w3GNFxV}oH9q*fIF=AtR@ZL$Yiss{rjF-D%=>wsdu5>+zS{6SfWZ@t z@HzouHrU(kZLhBnYs6NA3JIBidU%+ssr@FYEG;bTY^xO#6=i3wID1rNxN++NJn~cT zE^>$wft|`g^GR|mUhj@R&!9)Ga8%8YMQkrR)qMs+#SRGUmeLc8vfZ00tNjDp~(vqm?#U5HL-e12`0$y}YZ- zpLjrkpUF}aFwDECB#V!aS0DUq`|U2UxVjGvUGcSsS$#Y)nQ)r?HGCL~%(e(HcfjHX zMF8?l)zcgXE}~rz@toynw4ZPv$A<@rF>CjP*c@SK#`420`_m`?+ts@iT&9NShNc%= z_wk&z0^#OYM8?S`!gM8hzz6I_cOs-Dpe7+frl82__~}f@ukrMXx~ROI0|6f49CgY2 zSBMTSyT5or%fuw_FJai_a;*YszAUoQ9LB_eIK8y)1-1OlS?OB;Nz!850mO2Q{w^SY zm)6;xZ7$7j4KSv&VnH)9^{s74i*2?K{*tel3XE0(Lxqe0_NveC>Mj6ZQ)QLhapD`+ zioOA6QleDA?QYhiMAjS{`n92zhBD4WN5XUk+YK*;5DAJ zC;H#_&&}Z*i?ZldcbscZR}ME%G`ZN?dbvzazFQh%l}|(tz@dJxZc>6y`)NO&dH2dn z?>F-f?mop5x0R~BZ(ESIB0b>#$HafuJ)m?%pg3hFc}8S?P{8-7_kR ze@Vjzcs3V65&g*A?lv{VdISIPr0OjK!i){p_}G#dbpwW`sObx#lq8uv5-xsdlhL|X z%L4xTJ67uz#6%n;TXyZc7_!~wHh+6RR*!!rd}lK6DM&aH>9`4Vs(Lbb)m5 z7L{*duKL7vwna&)H-Wyy?*%JdNC@P~Ct+4Qc)yG$C-}cDJb-Y@XrWR|6BwW7hKr4! z#uB{}QnW9`Gpwz*Mn36MxPr6su}}ha`+mO~B?j~zMnEJgsh0v9`Hty$o~k+cq4hak zYS6NP#Q+~~Kbxd?I?+!y?^rHQrTgHYTp~IeWWLMbisqujgZd|cFL89}^tG}ZpO4G5 zCNeZwZJL%@v@45+XA9!7L@jkri;LWD1I8?Cn%e_Sut36IvsqV0fe=fraZWr zS|T-VAOqV4C^TstBrRxCNMDT<$3)Vg5)JyFDQUEiy&p7yD#|g+v3MuxJ?8Om_3L#ucCYF-?-5 z1Xj!_^UmdgF2FhO=Gze;1v%lt% zI2iebYWlRa^zZpOE*p$8)xi&iY0^dg8UYc)C+0(j2I(=4SAbr0BfZUeK~qXv#`^drv^j&Bje2dBj-N1F*bn4 z$phY6P#xElcyg%$EMCIlp@-}g;^y`>Vf=$M7MA3q$I?!Wu=iNe8Q6;{=quLK20 zvDbVqz^Dh;*n#kDKepxN=NFb08Lmylnjai21yMiW{p$JiDEDd!{o)oE{0P2)zJS;y z7gnDSt*q)>TEg-GhO@nW9*AMrqJ4yHVbh>Ulv%*1;|FiO};iSr)H9(lj1gC`B&HvF* zt!g(bAVcm)d(@id`aY56kxbV0pYHK;wj1Gy99GflS?|V9r}Yv+*@f{r2h6s>41d)= zIQS+@-L9{5<2=Rpab%Ds@OZV)lsB%;%zUS++TI@o`In3EhDwa9Zwkbh&WjNdt*snQ zi`gGnJW?8<9=J7!TW(uX>jJQToAwaSZbQS0cmoNi~_^b2NGwKCq zjn#3}xr+jVL38mrRTc55c`%)IOa{DRjwOL_wX|yYIPEs7mpS> zJ4VG3)w(-c;&W`+{L2K-O=@f)b_mpZ>)n_0#`NO7OZ>h0Ju~iDB}1R_gFbekz536p zMBZ}`*zsslX<=^xoHl4&ifhNj#NXj$bu?ve?j*EN#oRm*2@Zgv`f;YKf3f+Mi1o;u2X zNDtq=f=~3FEuFFoJ1DBKc6ovT(!G#8m82p3x)0F@GXD}e`)yG|IvJG}nB8owJdySx zo^s%&hRrAzORFpa}6OmeP&Fu9GN_}iQ_O1_!e|5P- z7b>JFC_XiVPgVGAQ%4%R{x!u?ci&i*{%ZvdgMl>^Exdgq271@qqv2+t+d#T2 z=2n}>X2zB`@X~wZ7esgtIge;lf45#8)iZf6e&-QWIg`oHvVrinV=>C64nk5q|Lf zkq!k8%=i~XZZ);j@pO`~AD?>Es${p!zisG)nGrG|5 zhCr&rldGqd^Dw?U&f!X^+IxM>UD=68&920F`9YLCv(qOzW&wo1WL=p}7kXiakCL3B zU(;eSfOwxQpUEWG1D{x5$cIN(J)$juif zH-5U8PU^u9;!W06TanzSl%l~y;gJbDsrqw21w=U+w*TdzfJZn0!~_Yk-pzF!a8$oK zCVTbmT;!hT0$`lcxLR9K><$fDTEg)NYQYu74WY&z0Cw;09t{SJpAx%sDx8u3Au*Me z^1$zrz^ZLWGwKY?cL2#Ozg|-+odgl$bXP{q_k*8{2RF7QKLb-=9gL@$4d_?ElvUY) ze?XK!&Ktgd+zZnLZQywBpHF086CbZU7b!fbF7zrZhNQDD|&CB@f1HMirwP zaq&aJ!6Y8|!|j3fER7z`fK(eVfeW|v?d3@WQd`h_EqdPQgxG%>VJ#Q&8n8Wpz&U%W zf=g6y=0iZbz(@L^4o+pkh2QO>4Ubj4>##UpygoV5LD1v=y)NQmcHr5047Y1|9+qV zHLc?*)?I0}Ll4rHw~h{F-o_~TbNDb|8Ul>WjrF$^%qa{O7KDILSzo^y7t)nkd4vGN zJlWkQDf}Js>(X-iY3^76C_0;)eG1_X4XgVLNBukBj^2?3{r7M;*ER%ZuN$N}j7&^n z#JDGjF$R#nw(Oxfw9pp^v*J_eF@<$Oj5d8I->3r3va*x( z@k${~@UK-;1QT9^C=2v$*?vsr%MYJtoBq@s^MSZSauMp!Efw0|w3#*1f?k?_^25QM zAb&g|X(`8(1;k(!y#Pel3p7=hPfJ~0Kng^uec%ucj>%(HLrzLqEZ`<9;2(7TM{@K0 zDtjtI3EXGnAsyxvMEwd5H|W};Zha(0B(xdL%t`1CEu*RW^Be?b!~2Dq3R1c`Nsu<| zjS4c*%ujMI+SIJw8jvxMK6kV~Wv}H-eb0~G0JJuxjWrD4hl+hvmES3w`*UNAI-0B3 zObBV|&XTuZiGTlY0gb+x;01jgSuh-}8*!w9b`MTZxd8ilrbDk)P+`b>5untcKaJeg z2q#b*0SeyJ(-gqwi5@b|{AB*EKHF80Hl_mGfmi>KlVw4DAiea{SND;}Bj1+y8>`w$ zsqniH916~UAE&)1by%9UYaB$B_3yg4YIgtk^(-R2&=m+G3LC@}o^QMxiDadbY=qht z+3THlV&yr2eg+LC^d4e;Vw=Ft`A^aGY_Gj!k_$QCvdbO4lSzhCUg4&>+?(#4s+q5+Qs-sZt#yv($)Mh7^aQt zU!4_1L80)75S-C+6PG$Ez|D&Qxk8+im0fH?m;_%C)cTx+hhUQq(ERD`i3fj@cIRO# zLPtbO0vfh-wcCggmK$yzL2o4ZHj&OolDWwQE!yY8)Sq2}asOaDZz$nBV8}eKwDdY! zF=8UX9w2L07JCK&JxbotQ&acwx2P+x@d#Y6ovtdo6K0i}d#nRWl&}e*%K)?juYczb z>m(|ez7<;ov2Wj$S+M_lGtg#0$+$Onm7c8+*&z3Wvi*1sSr?anYf4#h94UEG*@tgM)QH-0_}^ z6EfvLe*B)Ax=QctEWd4na?8tA{@hW0`p z)-QpZ%L}=L`GpD<(eKT37HN6V()M?pYVMVf(p^WPmQ zO1u9Q2_o54%Lfo?WTdR^RnGvr!C%9#aFF3KLPCpzj}+3xvaM@v-92l8!IvMH9oE@-;H5cr(V$o}oCOby*x z<#FqE+c}97i-x>>AmC7qils>d889*yVYVM`9xN{MMSMIjyZt8JDb+KnCvyvtIPr5G zxD&;(hwilRomut@uxyp?6JeUZM?kUnvm;c&jTL+dOZXAm%DZRg{OkX*Zo#gv6qS|7 zMwblL7xK+6u$G738K{h3IA3x<0J(Ec(?d+ah>&@l%+=6TooM_yzoe+7P7iBH@CqTJ zyd^N9`OwT0n9_YV2C^_<#7-=p_cwc?U+tuC6MtUYlX|@PFkSX+@vREq%mEMC$Y>>} zhHhc<^?F6CU2mC9p^?82?B6qU+KZlmrLBpkv^jl!zYP0Vv)1kxWY;H1@@pF^dhI#` z+D0EZK~S?YU`UkaMZU5q!qI4*Ak^szf{+9GZ0P7iSqE~7(W!`RIB*lRE(7055T;_X zf#{s*Lvd~SO(QZFk-H;_4#PFR7_H#HZLO^ei7j6N@X`q8uT`Ir!JoG1+#4Dcb4EQII`i zUlV!VNH807&BAC@29QW7qPIblLw`JdZ&;mYC1#<30`KZ=ZhJl|zdx&+^>yqY0{Tql z(r$J(3ZUR9IDYhRP(-KCqW1runb6TP{}gHQE^ai2c#XJ8cTyR&PbS$x{DGTY15 z6;99>ca0A?5g&R8vr6#Y0GC|cnV3kiqh)+I*!#y8R6nhRh2bloQ(?2Zi=Sz}Vfp#( zkm2~P0eZg+N7`^u96ooX@LvWzx{iEuWflXVqt^KsS#L?ZcY&fQ$j}h-l&_?!4V;}t zSd3fzmEVQ$j$L`EaQcAOfh{}}wT=_plsY&xxo1p=OX%`0Vy2G)MUJ#!=Q5Q3X!{D# zEkjG{6O_-#zMteDy%AlWJ!SI=biRoUPQ-jl4+TWYj4MnXQ@O&=@4H^NNso=NmLkjV z5>i>XzJB1K(O*FIMyfTrPK(D8Oo=u~m$gtCpCSda2$TTfJUe|^zVZNsAyK?L?`mp@q#3n;u>qJV zz>AVmGWE?3lS&1sw}=dvUa;s9e3A?U=)LB+SxJjm0by>wKVJ`+w=}!lsytEwJ0%R`&7DDo!N!k;Btd7dk%07@T0CSP?oSy6f18dn{OUo2sOxfKJ z2#S|iMlfuI2@w6+G?$ZSDgiYT-7Y-Ur=6|Oe}6mDbY;t06*TWbn+AHkx*y+HO}u%}yZEmMtulkcIc0l4(` zhb^?gI)lM{V4*C^^No@QjY|#HBwn^^Y5aJ>&B|uDocqD6f^Dto9uV zObc-Vb)Max2gachABqoVPp5*?-y727Bnh1l0z{VIX8KHfgv9Dz(4trXFNUARz)5p1 z!A>|YS3KY(lq3V$`Cisc1nj10>>mROih1MANQnUk!bsRAk5t*I&$#jEndVbY14Z>R zWh^3&iQlie7&V>TCf}c2ynjE9Vjcemi-atlU0&+qS8wUJFjF5ou!^z)b=`vC9fr~| zhHDVg-z%b8U^D|agAk?qQOWqEgNJGgLfv_4Xu1M-`Ud|{dD?ch2)JLLQU}hcRE1e{ z0RQygbbmc9+N}3Fb4V?Sr@&NBt7Bwpuhprnu4pJdpIWc!!K^=+3e;SKz-Pu@nC91_)w1tma&Q=ovoOhGUZ9?W{7|L+XRpQ?k^z#=KN z!-vx@GQ|Qi1SL3LDGo#AMLT9^mvQ1tT5~i%-G_yn(d&R7@u5$YGC$7c02#rfx`gcr zp_}U&IRxJbbh*#lXg%2{K&?(fMh&^g9%7Js`G?Gfss1%(dT6O*c|W02<4ksf{xeoZ zMD*z*U>e*Pm;iTxlu8is!t1Qfcd-9_uXSJ&K&$uVMZ*hmB*x1?osc?>M=?(VWSE|u z4Gt+A_5ReZZ7%(@@;6;APE_?Mx&d3ni6q`FF(!^3A-uFCECH*l0h6r@KhpLyyu-H* zxPRPu;0mJFp)zlOtA`QKNGqM;ngN3og{k{CE_uaOz(;Y0^78)UM7SZ>bJLYa4Alvl zQdpq;9f-9tOiNv`BtE#%MinTR>Fh~!-!b^%QP6oo2OH3zi_SCGFou_EVk=)Jd&EIW z2znp`Vfckz?PnO6$8;{1E|EYh%-VtMV!!BigGBU-gC;N+(1g($x=s6~{rM|YOwN(s z(0zLtTZjhSa`RNvSZ}&nzM?JuaOfS1HfZ|cWzpxfrn13d{L*y)wu3n{ z7A&WuBg>_rgNG+agdX)8jYUccgC&9?fs!%OQYwfH)C~&S_$8nd=UmZxIJaM3-63(+ z{$WMTJH~J;th!@1x1E_yVEpndf_mKR`Yz^27-DYwt%2+BvuxMu_8X%S-O6ufx^0xp zGW$zqB+>n(-bx7(DK~cmpHO3bkO7{ zoJ3Y5>gDXJK!+wIBZrk}jGA-Ay@^NYY{EVd96L**O@2wd_=dZ;UF+xjTUNup{$XJr=P$@xBC_ZBtw{6-&O;J1_D=RR!O`MKW55%YIT0WO%KxRj#Y0TVfJWJ@YU-l->l(ao;j6 znM39k5de|+E{K<)et6AA*o8MV#Y#P+$m-P& zX&4W%rSj^|ZW=r$5RFy}QCAR`mvhV*p379+rSPH*@2hF)MG{VZ;^OJvwWu#c8rqmN z>RrQ~WEut`KctweKQhX+K8uZx*90&u~BD9>5)j zHh&Ck|7mq>6DEfK&g3icI(unzvY!$oy`%h;a_wwerPf zW2s#UmI5qsUzy_)DLk@O8tH6yzLfw!K1%nvZ>_EsyczX+y(EBI8K9N&eGLqkC0<2? z;Ec@u{ABa`x-=9P8m;GWi9z7SpeixFqD|JGS8>Ll>#UU5WJH(e!4A@UgJJR2dX*IHu+hBzCbdseTXH zBjI$$`T92g5$(qNXnMGjRNzVf!P9N&P5sb&0x`x%4K22Kd4uqJLSdyo&k5x+Buan7 zu8WIk1i|XLwk+FHYtK8&hGa%A)XIv7!`Kyytluay-F(j#py)OT&NYt)`Vi!t+5OCzr{piCLpM$FdX$k}VRO*KPRV4;rs&z1i#2POtWThkF)5xxxNFy<0yQk8i}h ze70$R@U|U>w)t32Ed6NLmV!W>zYx?>qA8)r4l*E3w6&N` zuDpg0QLxm}w_k`Pwv8~0*7>HZeE%^Awky_MY)0$?B1K?zIsPT&2CToTbKf;_a!Cze ziqZNIG}`vVy3QFgqM~r8|Qrr_Ji&9 zE==w_B6lP?m1wKoDSD6LGb^mV$E%`&Mc^u++2Kzi;DJ7Wk!cGnp6oPvd3b@8)3_Ic z4i9TOm~du4@hVue*P1%--|dh*sj?$O&{%htjJ=vOlHGmETj-IR--tTh%%+)g}PTMF95v6#_8@s5nTz zys*$XM%e)eMi+1-y7s*s)j%nDF8bx>fe0o11K-LEYo_vZkS1Rj#lO9Xkc)Ykd$ZiE zpa3aZEfRu`t)H*^eN`tvn62IuOfkIlOcBYye+p~<9&5pMpOfH(Vs|v>Q+@ojc5wP) z-wK8gdY&EJL5}ppOFGl8aSrv&kP8t}o&Q#0RK9Y{LP$U-hZ_oBQoyfB4{AI&@3JPw zBB#qX@m1eT*giD}eUG{ch~9yTd;fcpjQ7H%ys8iv)mpeyK!(&-G6A&OpU^awuz514RSDy(%#E>wSW!Tq2=nMg8Y0%O+Hpo7Ouu>;P@O(MzVJE7(-ELr z=Ie6Pc)o_oeXMlky;l&zCRN-_Z0Nb$?7ZH0RroQx#4mQps?D8f&GV+NP~%zBBwpFN z1f|b3(b&cIso_aGoX2f_CT&0!{51T1BA*> z?PZEHj7%AdN6w39h7xbA;KT}GX*;Ls)8C7otT>wz5pbR9%-#Eb!b5yWWfWNk*Tc^# z&0+7qQP*HITYtJCT4X&xgv~4_T@T*Sh4rFOS-{>F=ePj2R8GF0Mjz@~V$VN3d&}%A zuKSfqhlfy7_qjuboP2&GHXs)tXVUj;j2vzYA8^y~IGOb(=b$>!`A2kP#xCCV+B8d_+=aG72qgPF`z z)1w8<)}{ZY{DFJfZh5Fs%*g7aQt;l5kst27&TMV z#H!MG=u^IaHd)xoF{ZK>moibqo@Q2g?qB!}pWtgu4CnYIo_pCBrxcuH=3Fer&k+f| zuh-UpAxEbc>J5JMZG>y2FIn;9XUmyC?rVH8ij*}ex3Oe4L|sRedd+d^=7Jq#-0=xh z+FAe9>M_w2bs)FW($MHNhrGx8x9%csaa$K3to%w-((y;8-oABTS+|0G_~|iw<=SHJ z?=4)(e>Fx|8QbngNN><;MRTyXA@Uq#e!f{0jvKzjZuFUz^D^JJFi&dgOd>ripDVk< z+DAKj5Fyd^G(y;1FW5TsH@NMV?Yut6*)NKZSby4jKUmP~9?S?t=(#_u zIbY^72DTW9Ug7YDXR|YMGMU!R!d{{q6H{OC_2cn7eaQc5>sg^TAHl?Yc@&H>&{{>G zToE~TSLV}#N7gnDMCy-BFYjV2Mn|Jkb5Z0MR^5nZop@%~jQw0%}=P`7`1PJFb%Z21{C zUG&tnjw|0Ddt~nO@43&6iT1$j?>TXK;ACF2wZ)R$;tCc?(o9$0+_hzxI^I&TL^6TZM(|yCv9FHTWjxkNv!sW{6C(&w1ej^Ndp8u zj(+Xs2FQIA@sv{i{JIm*tiux!63&MQ>rS7Zf`6bkHCskn3>^E=_GCH!^cx*Xt?E*t z#1*kctTgRpH)^`;8CLxwP67q5K&s1VVq--RJYZF}ct?ck|lx^wMa zIfDex$})1PCTVDJ7ie^|vf4r9zOZm`_|bTKn8^8(&%hnBMwtLyc}aI?WrhZUxL1}3IwdB5eVn^hob`NXUJujrAbwDj6qsx0hjJ4T5)8`1RcNx3@LRPrGOxNF4n^AiwMo$?y0Gi+E{ z4soclGBMx{_RIP@Mnm@30?V`@jIUC|MJgFcarTYg7#Jf0_TEp7gjBjZtLtyAOI|Cp zZpD%c36b|sG&-!%dEQ(tiKHOm(g>MoPtUBb8bWlM&3aQ~V(ffw?#fHSSmmvg!?PDr zEl>X8Y&AOGr>&`a7n?gY`ABg8ASPDPb5lGTFimZ96 z+n*Azt}1R%Bsx4_@C!u!AGevo5KnI!b0`z6-X+v^JR3aK5A0{)JsO(UBNNS#5N&x` zA9AN!@0ak86_F6W+3HtYR_({Yl=uz#F#8pVaxnGf{;PCg zY;yx{cD9%~GiV8=#^gx{rvnSnxaRAep#+O;}Xat3Oy1@$0>mGhxd) zqJHQ|B7z^SApeW2Zw#)p?ZVwrW81dTIE|e&X{^RcgT{6m+qP}nwr!)a+4H>fojE_w z%>J3ZXY$})>(W{*f&oZUrHO2w2sAka$OI>yd@vu3m788(3T~W?jIv-$AJEacz@$M_ zd8>Kg&1X?}c$E&+Crl6(%<*MocOgI%SYB?qDPyV&nMCpAaW z=Ls6cD9zlnYdZ3~v=e+J90ynK=ZGIEpZUYnzzc7TTGK-{0Vu-WFZR@XuvFu=EEGSI z%b#UO8$2T*%xp>3o5~OvW>BeM#jVlJVYOVUNH#fAovIQdWzrfEdaKP?&wT1mZSR56 zFe6P0I%C$X(+QH2X&XVgywq*mcWU+dcQc#6D{>K)Nz_liT~uK9;0EJ4Gi&4696EHj z{S0{l?{U80N4%i!E(*U(-SdkLn>$D(zn8*sBgjA>`C1V)?$RxYfHA*Uw%IorfM4?P z{sKSAt|tOwq~v${a&)K1NFHNQ7W_ z&c^anOoML^3PD}#qf`J?Uzr}o1P>ZoQ5I#R0k3Ql6BjtviBNFsa@eAkWK;m_ylg4% zzJSjsX3iJNyCdd+n)at4DT4-A<>2pgyFV{=9h_Lu78|}X<-$4Yw#0OKe-!aJ9BD7` z$C1RJxL$QZ*s6lUXJd#y4n{3CSs;PRQqC#10+^!Xi>NWW|fcLsIlu=3%*Q6Ch~y(YXhaHzi#MjJXD zSH}f|pGI)w7L6zE!5F0XvvmazLxnYD$+Jp94~x1QT*-;i4^Z5GZP7xk!z>@E9Dz*5 zHc$b&2V;#PXPO-tb%XtLG89WreRW{G(|$RuQ{)o_G&%Y9=y^i(Pe*F2fS0-m7=2XB za!gPi#Yjj<%0ZrxGym8!yQwx9!~NM}vk#}W6{*k{<49i<9ml8JHCgrE-eCrCHN!b^ zla+!Vn7)AKXCqA_aKo6`@^ju>wv5Zr5E}FzLkR>(oYWC5A-A{3pN>c@q-tnFj>xRJ z&BxQlc`sN7hIE@O$Lw7MJ+G!yo)moraZ|uBQe@Qzu%uJGB-ngReSkF2mS0iMes8#qKC1Rh=GMJ^fKQM!6oiC-o{cXT*AsA~fWYd^ ztiUyJ*z39RU653j5eZbt8o)JNk8*QauScFq{#pFW#08CyjzZN(goUx=`nf72J9`3+ zWnUcZ^QfeVNFR}ackV_$q!|hPEA+wc*2~~n%k9Vn?iv#hnVKgEohyiC&eO92CS0fg zIXtXpY|PS*PC{6S;)}zr@!vNn2Jqn8V?ipa?{N&L2u~UjHBzNR*S~3)Ubgjn@coGDuG4;z2Sz9FId8 zYY$0gkpTWI!1hzo?FK(=LyMB7#8m;p%I|@TZ*#Ai`l2xpRY4{I|Mqd!t;kH(gAM$I z;em#{JbGEZS9|-QaZFAqkujmz+Ng4^W1T~CaS5u={>K5D8W-o|{^0eroHWC_z*p z(Ow#nR?o~F-ZrpW??Ug&P2k7Lj>)L1J}Q}k*wktm=^bl{NK8#E79r(8o~LACwSzFG z6hj2sNn=eoDxqkte!qCBrES3#m`O!(3{xgT$INuV$q3M>&;E)?2ug<_6T3?LJplxo zQjyKU@MJq_5PSvo<&KS8;mAP!{aLagagCo}bnkjk4~o&Af_2p=d>x6V7SQTia;Jb8 zVm*`{idh{gEwnq`Jx3dJYBF>%#mUZ&yHPgQ`9kc=^e0z}<`B<)0b@=1{-Z$Rf+$4k z69-s%>B}P!`@$izhF((#~W4_DGnJj4gf46uW9-tlPgx zf(g6uf;~bmD`}d})sAZG^mL!UadR^&EG+3zg_ZY|QoG^{t3Mm!RZ|idSJodaN=|MR zGG*&OA6nA@m5k4bATQ-}GP4_=%y#{I_0=M9R9nRDO;bbV&m^c(F5t%jA!iR9myAsL z;{~7Z((S^@336V-LBus9Jzw@Ix_k^O$9a;ziH??))jZItp`j`Fz(hn&Ksl$@V?^XT z1Oct}+=62|tswq~F31u9+Blf*a(~fr969LeiOZXC-eo+VuQh)yd!-$NaX`=91fLwe;jd2#7ry%#tQ+DXB6KKzK-EVPnIS=pE|lP$I)f>Gucj zgwS=;lJyZ$c8thg#M~I(`*|lxa5Oui*&|RJ4G0=~mDV%C~$)YQb=!dgkl_u}D{cZ2{(=N|K- z&-d@SFZ3e&P0Szb39}H;5C#l9;$6FoV){F%LKe-%&YaP|4cNiH-GjxOzM>$2pdh=L z8V)XZHw*Fc6BZUYF)`I|tJ~l}!W8%FDjOu0K|jt+JP#kzF%!8Gye`)cLp@2S1MImc zW@x4hTpXsVxX!c_Z;gLp<1|b5a`{4RyszbmU}8F5>(FAhAd8A+wydsS58?Li;=?3i zf`z2-GJN@}=GdPxjSw~{Ep0{=5h{;@7epk$%uojTFgAWZ0Y?AzD>|HslgOhn%3U76 zdNtO^5(vIA-las@OV6}pj99Em1B&%M0(Y$)nfywLsQ{UuKvN%UA?1MwU$SA-3R{WG zK;R=^)&01h+B)lWuPzD|n~#AVEwn)1*?x3i<11J7PXI7(IilAs$~Bg@UT8J_MpKP2 zjMzWHy2bIMO+o1O5l+3ZzN~BXgHC)MYl^U1cdl^Oe0xx@FJiCKAuHT$vZ9Viv*4Y; zxWKTsMHW(^v74yj!u(RD+nGf1)7eM^8_^j&(?0!WAd!lNfS<#Mpq+Aw1edEr$g{K6 z=I-d?e90;gx=pptpHs*uXz740;k{Hen zY<4*|6E^Nf`314?h->3MCWpxk87?^@jBxfsgZ1yfj=$=#8HCId$Wio7A|XW``PC#Q z&pO7^mqAU9?5M>XrqHF+JPfJ%tkgE-y6~vFgFNQ7trC z3?S{6b3)Os2U`k&CgG=&rJhb!zioOf|Ei!s%=R@e4(P{62&9KU_r4lzm7((G@B>Uq z`=(p=bw+4LB%cj>Ibx0X>hy-ozv}Dm(9xNHH{HKXL2r#D zl9A;D+12T61t$lGWJTV_xqA5+J7Jtm+`vFwTzr$6 zI=#RlS!=y*aVlZkna}a$I&&-7lCjfE{XF7GJZ(!ho&DF=T;X^!vkRM=ox4$ZsJz)# zOZ&u4vVajCJzsZI)yrni#xyf1>6`a$9>5MQ>!`i)aIAyQ1t5~_mRr=Ysw$7Ipz2L0 zzZe|8cwA_h4XoT{bJ{d@>>=e~VCykgm()K)`E`EGWw!HI{-$Ys zjIw#FDmq#>n)dO$xs3+kpR$!8rwuk!fuQ@l$QkN~eI%{R(|!8Ya(Yyi^G4UQhs*WC zDZ4?pE$l|6wu_8idbV^uV$C*4`}s`Mu8v4V%D{&`?|r6Dxtzt5eI*Rid=R(AdywAby&A% z!q^PZVULfpUxJ5#g-PaEVBz1Ri1=>a2Z{OlA94H{hMXK1C{9jJI2Nr>8MQas+K5VQ zZZ-ruPN?bVrg(?V*y6SId?r|kQOA8Ec=oE{vosj^jBc76DFQ9}h{ zT9Am>Px&YZriL9Uz|_FF|1eQ~LDy~AJd2(5DEYp2`1kXV!TVi&aW#;>szK4@>)vz| z98z>)WT&sb9C{8`87VC&umH%)Y^ zbt@KrPrx&9a-?abgohh5`S?akdieP2sXMur6S47t<5=4NMFIv;7e z_1kN9QIQF4Is;u9g{CqySx*$73(?v+FCHf0v@$lcF0cSBFdpC)(e8N*=Qf;OW5QV> zAxXmTMu8gxzhw{G2&CX@U^J4MEup4P{(brnhlqx0gOp4T8>5LV(ID06=&a=$iJ$2^ z`AgqB9geNdU<9mRbh4)zRYIt$)|*Ga(EP%HFFXy3>=^g6XD-X#qpf;cfJvr+Uj1+!ldPR9XiZ_FoDc_#q_ z0(McR?lU3Q&I&*<)Cz-R$H{ANnasaP(!+ynw(03?O4eYPs}ggZLqoAQHa5`XnPzwx zIB6FRSz}^)_Sz7)ZStWcL_wkn-emfRP5XKy!nI0Kjmv4N`sWt0N5vBCK#~G z9-_MIVD*zd3Ty?+qR{U;@^z^c>GZ(61P+eZy}T3q6P+z(ThtN4&nP1|7uCb_F`w}y z8oXj+qGLDKX4<@6LSS!i`p(12sb8)VNdZ=rIg`8Y;Q2<1+xBF}U?os`UR$UKHG0#d ztPJl&9@B;ujNux5QAE3=fsu5zc8H7Nh+tq> zAF>$0=u6^2A=Z*dNLZ&gJ3$_D)YD7S0>{sDZemq2^BaNzv1V?*8k_*1^LMPQ)c2^N zS|kl>vOL3SiZJ0@<|D_eEpo%(^uAC^If#H-6-G~P+%u_#;6h)$j4nZo0>+HeDua$h z00Xjv007l>Hwe28l0N`>(o>oP39m0(2-{Xb#@O(l^o4Qq!OL;ZAau z5>n&M&t}&!E%!mvx-@!)6?JMUq05V*1f4O#*7!{FVO+z1z9AWUJcZt!An5WyV;DUN7H z^JS*Sc~ionr;iIKb6Bo(z^_FWj6q4<=tI?g3AqUWsz5BHM24Lak}IpmyJ>H;aY9 zJ?wmoF4mIg0Atv|gV;5Gj-^Q>Qmlx{-}j}I1wCCN=HA!;nnphtiC08j=v!HMfxtaT%;TcmiGsmG)oey0rzd=v$K*CvP%3>RuKZ<@SL2?(nT3Cy-QGqV!| zVRU|~#)Dno{Ft2o4GEf$g~fhQQE`P=UsYwn;Aa5oEAuu1H%>?uO;4U^o>>E8rW)oO zu%VAjt&A)^2B|o$8W!=#>`eq&NWNeff^jX3M%+jbZhj@3q^fvZZf$<+ixaL$#xOou zc(;Q+9IN@h1wHNJ8+e7oF*B)7qVV_@S7p}mLEObHo3P;Og18;pPEXJzSb0SUR=42> zh1_>WV9UJkR3v^SI(6b?@+z!8qlW(UcEFE&okHf{rI{vmBR$=~$t7a@ny3@*8_3Si z+r7}hU?n}`hDfkatBI~s+8MSW2MSLmQ`?7E4Ej<)LCsR#4fhGoMCIl?*vV}JrLkoG zsRBA52%SG^OHc~*Dma7$mVL5x9#8pdO)aRCb@}^edp%MzH5WBWBYjxWXCYhyltGp-1V$m+^1tsQRmKrD#;UCLh4h6@h7losSIL=3N$!PLZzIl2disKQqDgL?|qO0<0zBPrQU zglT?9+v@ZB9v(I-@Y!A~1)V8>H+JLdfm<5O{s&f{T#mzzRMF6&#qh@`T(;^i+|D6C zj1Pz7tJ8aD`tYT|hG{K{mc}#f@$aBcY@RlgRjyZaaC^B`y{<1QQ3{dFzYYYH zsarkt9+6(&b|S}(F8aLLXl0(^h^Sz3z`@tn7hP6C$?zBB-_K_6_`%8019YiiI}4aIeJSvYUP+sc&(twn14G$?%WcsqXi2V=cYBat!r9lmxzZ*d&I>F`m`w0mF~oJs;IQW+OzvKj8r?a{0)@I*{Pk* ze=zce@$FAUnxQom{`-=3Qm`CE0`65&Vu*0OaMix}AaD{R-FYyEqMjMwqQ8qh;{Lu@ z2pW)zEO6=6cJW-Wq0-nA!wmvta>NLSR}Qaxv2M-wX;|-)4mnNj?bEYL?qubg6A4mq zv^mHVDun?9*w@f-(nGUkOt@gOQT~DALx^7DgUc_d$)n_(Yr+N7u!W4^Nf=(%W@f=J zC!7KhPxfEGk>XmBI@2?i?&-1oAoMi^*Lamk>PLxqK7szxhyIBo&k0>&weG?Sto^ig zb7Mr8jAeliZ?A2bSCTC^nUp2t{@*PyD{d!X@n7q$0GRw@y;eL7{?Ew4BKdV&J9+oc zv*!SeM)vr>u$0zjza_^F99^Gj*~DtC_}T}1G~>NzW>V{=rFhBr(+Eh$$jdgKQ|pi8 z;+XJuLBr*Q!KirVfhrB0R8)VsWz~{v0rJs2VBol$oX(Ms=xJc7s}B>cH`^TM zE@#}Fe@$oQ_a`M)?d_efH(hXyjsQR=O`Esc_#n>x06Rgt>ez>do3CA{k`jRDY{E{E zNNWnl&?oFrhKL18$$B!7tczS<%=rK8s?htd*h-sY<}ee#+T+ink20V`O7?7*5(RXQ z{GiT{SDBJ|k)U$=#-qC3w}y)C^SRSYLgGD}M`?e$SBSvV1LsdsO%1JbOv|8k08&C3 zPK_A953SzCFSEQ!pqlK=BmZe((6H&9(_^@7qKXLGB{)i&gXXmp?uLLgeNI^5T`qV1O zDt`VQZhPiy5B$9tV#rldeBGJBE3(#!p*D|BEl;Wt9>&Y@Rp`{ukYE$aECeGaGn zO>1wy*6zs5)h@ibw7o*-}-Zh2Tdx2gP;ELI9OQ# zUsGi>zwz$&g@6VxbaVa7YRwQ5C5=P$Vm%zSc@=)5S>I*n^3-Kd$@Qcqt)j9)_C`tE zj`Mj|{S6Q$$ERqY5la>pH}XFJ>>?j827e~mIs()Jr)4u((i+k+>*IT|`u3;h*NLmX zz?&-~U>U?Vx&ACQ_n<8Va`x!2ascdpb$5*F#3^NrGwr#8|J>VIw>!AxGSAV=RO zueT}yF0+UuVYqht4$|C5!16HIHPqJwvK800ZNaB$x~Eg^@6|8>ojbl`SH1j`22<1Z zJ_R)XNb!tFtB143XKGr}#~%<&)3XGSl8P_22?=#zNuVWSK%d0x_K0Dg{WXySNJ}Mk z-99W^4D|HV%gcIQ(T&Y|z&2z33OiPS+46crs?x0A+VFmT&1T|EUUiEFd>nG^6A3u` zAu$)4;s{!BY1*%~KY^Os%;%c`M^=G-Oj(!mzDrdZvpvbguWDlMs&D8#sHo!qMn}!h z=GCAyw3}KA&k0|jpK-fQc5QG%E_%7%TWcM8UtBd-MmH=6eOu@V%xWvO4uL&aamjkl zoR{x#qPwnodR}-m>YP>Pg7pa)fe29+ppK2|ybFs!FMNe<=sF9Z<@sMg^Sz z2E5J;i=iv#0*IkEcNS2rAHI@_0KzT}Uoi_iJ+Vp3*}UPaaoUhFyo<*xO9@*ZAO=yv zw5uTH5+MlMy=v)7j|Gm?UD1}H` zcu(k)kmv!=qN`qxA9iwjiXFRA@%F|Q0ovryV6QvO&B7I9V9%+7; z)gMVX)Mf{(z<;m;j4f>*uPu-tcJ4nsYvGRQola5%KQSHKSCESqozIc}7K&!@?-PBq z-^hy)3J&(qSDagQ`gaqbyx}<`D8-aJ=I%9hQz#^Kwt9kGtdJc@>i7n*a0ayK#w78` zdQ+M01vpdW0IdX9v&QHC(%fFGSAM?Ws9j=0CM}IEndJpNoB|Wg@zn)y+_dzI;T$8H z3c(Jlt?&&nmzqeI^qVWV72q}6d+GXg$Kr+xzfO*bN_BrQrcNB>2;{#0bvpdY=*Y{H3FmpJ`kB=u zFjM3%nt6@VRya{zwe;=r@^8oV#tZp3QqA7;%12!@BP^K9)9dCkV-Hg`BJ_fIY6V?G z!yPJH=ch}QG%9MeTrJ`S`q*v?eM0z1p`T{gA3eQ7o$k^_(lSzUBijJanq(xRG+%em zE2E{#ZX97RWe&+3o2GnZgsNj3TI}uteUsPq_JKK+i~cO9LQTfzK8hx}W0c&Ey;o7v z^2dNZZym|y9%nLMGAz8h+x0~fCB7UUoA;zhI}GjWW|g@(3m7gcTIsfO`|?XK5A0-S zG@cbyF-CFiqnAIg>tvx;b5@wK0-M2`TTLFQ!+Dy zB&X}4t1ban+4t-iVEW2W@Oy z?MR#j;DEs^!1Ir)*KshQugCC)0ca?1RjGDl&`F@I0`4evUE0j-0Pq5W!v(C(%@uyj z;nEBhvWqROC0GQSHXOTVB6yGnNjUE4%`vcHQhUP}BF{S9mr{J=5c|Rt zSOv&}UD61y!EJ@(bhdyi6<6mIw-Jh}w#-pV3Q(2$FwzvT#EOcNlGM3jJiwB?JhuV9 zfY<5le;D}bFch<-I0iQy%BG0<5x7j6bQ?*Aa%!OS&7~Usw6ZN&RbJ#qI{MbuK}gAQ z^$NV>>pDy`cq$8TzbybZnk|?)*+Os?VV9SZ4X^~UyOY-2^=NgvBZd|zbvu3_;D>(7 zaRjp1>-B>>>SKSKlhPG6f+p(oOj82^BdqQqcF0Egwxm4ieh?Y3 z9nkje#3jh0_w3Oc8CVNX_XkJIeh3CrM%g%ZJlf#Z@LrCcI)z{r7sJ`4RT!WeFD`Mq zxIE<=V`??N6RWi1kiDNTpBq@(+v5ot6_T`x8JHOu&Os>_6&LIIp`tgIS6WgTa(Soj z?(Rl9DrAJ9^^j?)9X4G5z=7TIyOnQ1tw__EM$_-)Na9T^C0>V+$WH*!y!Ec3RGvZv zoCY-$I!O!%HTAL6Zrk0c7PSVpPdryIC4_4K_1&jer6<}7qRbqrAR13zW;mmX#tW3m zh7Ba)1h5Fvi_$ZKu2up-EsEG)VZjS8pIpe9SLBorbF_6UXH!iyjAz{aPnZ&vP>Pdgea zDm=rdwZIr+;W^9(+xae!bm^1YOrK40zS|eW`2V2+-KFv9_F65tPLS-j>L)#-Wz_ko{YyHE|-ryeq) z2>7hG8$lXV@pK#K=_4IXIvwCM5&UnLLEaeoFWP;hzE0_yF+#YdY)M>x%>gXS<<{Vc zh+4aMsYf<+5ite1_45`I3B31!O;uaF|JBWRQ4mUhvDwLaiz_uGI(mD(IKYVNSTjdT ztc8VGw-=0DKi3qX3S_4CA-W9IrxrzK4Cs1996(>um7Xs6%ve*|z>_kFV_8~pIE)Yl z+&|S&la@@q>J9p_+Q^6()MPzgV`q~Xty%a-=nU4HDjOFikC+I(blEHdbXyh}{s;Lv6TAFP;tl_%Qc+Q!Z%x!RSGT%jQ_yhj$ z-)w=mu8t1p$uz{MsPB-HuACiAH%LkYAe5%2m0S;f^q#mxcqsulI_F&xXbzmk-kynV zL|A<=(Ey{z@MQa620tk8ZXX`9O9>S{ePs_^QgFw_qAGx=7amSfOiUs_4FvhZd_VDF z+T{dH#M*#Yl?!7?*Sv0V&hgh3`Rp5X6Pf|TcD>ORq_GW3wz|sU!STeD9E(&92EKAhuKk4Au<}?hcHvyI0oIs+?HYaR_Pp z0xjvJlr2o>SD(E{&Qh$(1nhH#41O^3I6_SVPl%yT0KF=!hDfBgq6_REX_HAB<+bG|R5jrd0j#*t$4saR_FyiazltS{S?Jh(E%wU+Nxjg=IeAh_)!f9fpVJ;Ad0i%Q!9+ zyDGa8cGat8s!S1s{(SdOs}g?F2nv~D0$6ygn7w7w{-44uk&f#l4$|gcUdSRf#ml-O zlDb1)aVSRsVVhelz5fY#cijJOk&_HgQvK?hUoSYUPn;T#mIM#sb8(wWbqB-Qr!XRO zMSwy0gOe4fqa>aWi9KKz(68mpkBg+Evz#jhsGM$Lxd85_=@3#X(6Wt_Wf^cC)p1B- z*2BcZ149IO)1~Dy+`tx9MwdD2(o28|MMa&ZYBTsI-vZ4A^Y0;K)a_KPQkbdtE+nJ` zo%(w^eM)gL@-44D#Y74i$~^9`0s=HHcF5FxR^njUp^Rm<%H0b*HX-I4mc(Tn&mA3Q zUz0bLzDL~nO0O_qab2MVSwD%cotxgPfkv<-#G2n1@n0D7ZVC#*fiA8c;g_3F%|&^& zsp&BWivBvr$+8WQ#vo^BSNML>`2YMhtDyg7zb3zE{Ez#oXtq4_SGv2X@9KgEroyS= zH>Gzc?;hZ6A^(G<4(V{DB`0M)j8|o&Z~KFCcQ?NE=9h31G+I^L`G%x3I+8h6x}%oX zgvxQ3hA~&$7>!w@qqCH#zM!gGovfy$Md(5G!wSZ;8&mQjlD{1Iy2mBLhR<~iAghcR zJ7sfCTbIeZ`_MXAUA1Vt3O~Vx`VT{Sp;fgm*+$A?XA{2YzpyHF^^Vj-BvJR^VMttr?#bbw7>51;Rkq9{Jg~% zJa-N?HC+$JY7B-M8FKmGSI)K?OCByPBs(F1g(k-IC)XCUzIpqiL-=ek5J>~Ljo0JD z?d8SBk*sOJkq%&0pQBTGz^u-nozY}co{q@p&9{v;UGdL;3Q*@4$1 zrl8gzoYsQvmqJ#?!t7~kWFVr^@@Jg^sh7Er;O=*FaZ2DI9QDz@R(3n)xAcF>L=1CA zUK^(;LE=4Z)UIi5|8-X7Zk?$nMkPAcnZpwbJaxiA{+c^|s#%d-| zz5j4X{Tv>`LOh5}E~1r37kHOj?pMI8IY4LkEOiS#NOhO~q69(q2mtBCvC#Dx&r+~_ImU7&d<&YWpQa~ zlf^Nm#b)3%B7+KwOuaFvgFlsg134{S3zD^2!I#z=@n>z&0_fH4fnWg<(zo-a^7kC* z5#N)atv3e=4Y9wrrDxfU;1PJku&u1lkC4%+9iDAzVgkkt#esz1T9X&HvC1+>RD`Fx zmYTmR$JcEt;?OW6^%H>o2dt?6{`rZC51Ok`Ju%hQ|MG{KfnC6Jb9GgRiTbi6;V+WL zhNf(&?nsD>Xa7u%b;!YJX)7fj<%}KggV|ptHvtp)u7KMsn$#d0a4-OoDploqnxbzm zm*Do4u5k{HF)V+khy}cn2pnL`@d@9+xVsY4XvJ?-vG^BT8t8Fbb^2tKmFq$6#R__* z$XSuTfmXKBuTThqecKtWA5_gkrdKfjZU;HuEv+>nL7_uL;r@2rB+aA z(%j%oUIB2C3VK{8t?lhLC$l&qMxVKC2*KI6r|p0}%?yVCuhY4bg1Q)GI!-`uaECffum6R#y@duWjqi6HJbp=#0->x@~uPO?Ui7=Kl8hJ`50C z<37+tQ5^vDbK|)YQIVR^gj0+i-L+~9zbW+kj(8{dt{VR2Hn9x2l`WU8b6Q(l_Zw6x zZOHXs2w_Ns6!q*cx37@74oSYeOgmEoaU%+Ab2HUH4FL;uP$_Q(HE66hQX&Wb+;`dsFFYeicb z5FcnHH~I>Wg%xPOZPA_I)f>ba6l17MW9i{>_4yHefL2RwOBJYT8)ud!hfa)yCQV@A zrE}y5pICgIt$)7d1zm)!;q%Zw{pYIVoo)a2B`8w6BKl3O%>a_&8c!uGT0u?E67as0 zGTR!ww$&OHL*tN|5Luk3_4g^1woJolq^7!^6fBE@+THG)AuS*)093PapJ#5*KEp7K zlm_fg`_U!7jHKJ@g{;n@Tx}NNzC(g3iu03R^p>iJ_k_4$xBU{_95r@!;wSSTL1gO5 z0o6_$;_MHlzTW%B{=cojs@BO~e_=UX_R)oNLPJ`b^{St`cgM_m^hKo^tgKXW=vU9B z3~l5po*`RZ`+5;Fkmhk{WTwAep>5=j9d1si%K9F1CYfA&KVrM7$>AkMQRy{pe+4I`tX=$oz9 zTbLQs4gs0X7$LOrhwqZqyne zO$WwRK*-8^!veO0p2e))goZ@%oymA@W3KeO3M=OfL4~pNb!%f|x=_}7PM8LA7RX1t zxy_t%y$Xx=hLS=z$LEmo8*C5RAcVUa^>;BqoD#nIFHu$AQUKTahY#n>SC``_<~4bA zf71^PjRKKne>tIXX-}li+3s z((z0m5zJKKpQEU*YD0+_AeBy+t61HPa~}7<#%j&OaQf0Js#bh7HSR4Pcls&R=u>nyW$sul3XXj^>LR>05=P!{tY*m zFA{L>C5)vW$IowZU*0?QkBmOxa~hcfNdLS#VmML(kHanHA&@k0*2ZOJ#F#TyG% zqkD*#kD%S140?=OcZp;s8_fhX#n{d?f(!8$NH_)PnjAROKCnD3vJIdz#@2=%4Gd7> zK`jHvAzq54#s)HV=oN_#5N~#N4hN2Bz%zn`7&$sey;?<)Wux+-Kv)wNMsK%pCeEg1 z#t80OsLN@sCZl}Tal#FmP0qh&I-yXVpGIQQww%sM+BXharptjGLH z`matU8B@Qi^{lMw6CjqCQN0y0PdYoFP=A4G@JmG~0`jn{sulyio!XH2zVtjm8Y`}1 zAz?wVY+G*4&+F-JQ;or)+m25l_1N3mQv6VIoAiSU*H2#PXlA?QgGl<9tM3^~M;Q_N z_#mk2`yjE2(j$Tn1TV^Ys(v=x*_ttQ=Xf4PNLy<3FjXMI^HEZpvo#RZy>)@$k6ZxT z`r>A@MIwCjWM(_4tMn^_^-BAdFE5q*?Jv^LNcm=#q$K1^^Yg< z_4LJeVMQWUEh0T=Ngygkb#E^frWQzWlj|$4CkHkMQpScMp^4jpWa!|0rJ#9_$Q+53 zwDe+Z3=7(C&vxg6HAsEZTcEH|h`kFs6q(extnUh&MYifrGRl1Kl0y(bUg;15*QU}R?msW-@O+Fzru=PwK^E8MdNT$TkHW&mS6K7n%IT*}F!*61tcXJKtO!!KfgR#=YWr~C zqI`Ts)t~v9Nf9}y#BL>@bhf|S*O}tQUD^Y~4fr@9_73zS;N`j{d-l48dnH@LJi$Jy zs=BH!p-*x_N#|(~?sa;mtlWE?yrEH1;bCFzi{8+h=%aABYnrR_&9ECW(H7Jp_Fly+2I3`4)M&4)jU_Gj9E4 zOiYhP@l815WCQR?CHog92i|S5%A44LMnqj+e%>Ei;RLc=f^#UjT{1cd0)@L7U={8g z{S(*b-u#Exv`k&}L`1^Ez!ks7lfBa@x;~r7L0NyPEGx%n;B`=G&8;OLs&SD9N3rUa z%El|J&P3-z^@_3mgD1nsDz(ReE5avlv?s)3^|1RJZF;ODWS5@arexk29q?GvE9Q=g)Ria6`m&)Y1n>COHq}`aAUH~Ki^3=?&*Kor`zn6>_fG#YSO}kdl0k&? z0R%_~1^$N}xTQk^{+`5G-~1}@hJrdA3;XXzB*wbQyV7{9E|d%HS?kQ!h3>P3vI%L- zh^^0I+7nS_9@rxP2m~=c6YsX#NA98`@FcC3Tk*RmW}iFrxx5DCUiujV z7rwsysxJ-~*OO>4lBGfYBDurw3uVjh0BaB>h1fxa;X8$10RMsfRqXGNh?Zk-?_ghl z)p8x6?4ylyGuT0r12J1<{O|S+jnT+8K${g`5A@g6{L?DIw1A~%)f;wm#^Up&cxBAJ z#MxfUym9d4Hgi4g>v<#l-mo_Xo#*ZS;m(Z4%D}j#c42TdQO!a7;bQsn_g_Adm0lJX z$uo#bWq|pAXo!l6LU*Os;pt7BKCusQY9s*meKF&P7o@M+Z!KW|AN#_f{Z`q)-1WRB zBV4}y?-M>8vxRC4jrZ^Be!KPNP&dhk67ktGf!$EVYWLgbucks8ASbm}y-7fj)Y#;d ztiGV7GZ3qwT|g4*1_TvtcXmfcMqCI9UHd&IFB}#%XNZ zXl%Q&ZQHi(G&+UBD>bq`yhFyvFT z2Pjheu-qA}(EQJkT5mdW_NS_)u&(yxu^JWxM5k3JkpByf+19YLZ*;Cq+fdxS!Z*6z zofo-FnnKm=4?pXOMrG<1Ph_#X?60^CqTz9L|NXMK)&RtWczCMVutI(|{wgeM4*zbw zUjG0ztYqnW9F3>i{>7?sJi7GtB?GuRASxX3`E>oN{+^{;J#?LZesAEK+FNx*YF#TYidmLbMyqctzC4G{RaHv*bA zxS*jWXGy^#G?!QCu?|^<58E7akLK1Y zK@2&E|Y2!LdKo*Xbc6VE^(RsQ{OfRi2RxYsONWP2PiGq4C!o#bzAuDRGRRGTn zkR5^uWTvJT0!{_H;wOV#U0dw$)eegStkIE?N(lRL0FAUmzX!An|kzok9-|L*(<#5YQG~wf|?I0VAD$GN&7Ec{LKkr{&dLJ7c z`-PCnq%btyRsh;nb*p#yx?XakDy=QzJ76jrDFnt|8rriYTX+Pxme1{*Iwb}Rp3?9; zOdU}&Mvd~Mlc-*K8UA!6kh9jPviqv|3LRW45%CYg zafAOK^uK@;Zs9k(`!}F^=&-tVAA|aezY}aLDbgyEHss9J)m0{!0v!6B=uUKVNJOC| z5Zo{K(&OnB6$_Q+I!9H`(ODN_-cZWM=G*o!C3_0wQC!24bD%w|yLA^mJ|G}wdoSoNy?m@>YIq6p;% zm6XoczXDALLTfdF;o&@_jH>{XmpUx`Njy=5Ok{=y_?_*%0r?O>8(STmkciHvTgP56 z2MCH^!S}l~93xIxxw#Q743%m!Ez%$s0edbJ4Yeo$ztQ-Ph5`c<0m`QrMj=xGqDRap zu>M|MWo`eU!S>FSlll!C+sFIRwQ$edx*~DR?rOFW0cP-5Z=XV?ZpT+jPJrEsN^eY! z1fK3itY%Zpa*9cUi>D2Zal})3@}cQ|T5I*M1ZX4j2~+iniB3Fz3&8X)!beh&WESNs zo)MZN@)X;4OqrmZ#HUXT`bzX?@5Q*%GZy1Lj>T9pdizhJF8(9$3@Pp2EWJ-iP$sy2 zuR?|d_YLUK(Zb?Fguy`wX>}~8p+U|8R(g7xt=2#KY2c?ehOUNpf2B_yKMrC?v_r1oa zI@;eS?>#)A)jDAf9yo1<>tqSK<7Yd18SVqYBrg-CdCTfw@Rw>{-$KF!_Pc~QjAH}k zv!}p8r>=gSqr)&DFoH;+Nu+pofAs7D@WlGpNuuF99x1p`g(xqLsS!( zyH9No8EOP*+&T!3$Pi3gH@J;%lkP z2DBV#$kIydL(_z(W38k%_!F%S-~kQ#t?ES3@@JWk6Wsy5Og3^M8v0OjM9vthzqvU! zH7TSV8=~6>jR+GaRL+)pb2gOFoKmltS=iN0oj>4*=b~U z7b)80KHGkqQ!3ifu$nt52%(*W&uevL15z7q2J%GZ99?2MWwkQH+2 zO(g#MeFYVat?3ZSGY8$e((xSS;P_R_A;Cl=u9 zb-A+%DNDMl5mYCY&j|XteGFA+^Ni|Q?BMD@EZ7V1Y|f55%GKPk-1UhQQ84mbflf5i zFcr+ss#CL0XP2j>MAgjDP-X9#(Pn+3?I0E-aBN0XsTt`z2@K>{pfXITKd`KNt0wjH zc5gB>%PzRsbRsPx%hzO3ss7ZcawD5Ze_~$7tw2YL5{qI}LZmxc_d8o^SFPwrxt7Er z`z`j}hs;>Lh!dnhe-pr-pfIIFEIzji>BEfry*dagZ`JleP>M1v7BW8Jr1K=e{g%X! z^rcAJBp}pa&~A*k`x+O}`1?0~;8!jKGJQFB1vZ(8rWyL}7(pQ6+R{U+pW6>cDwY;& z%vUG0!p9WFUtjOc`n1?+a|lpXWV*+-#uTzyU=>$|q<>a_zDVh1)q#WhyQ(|?)$ue+ znlRXY0RaR!oZ(-6Mkp9HvTt9|fy#qA7*OdI+ANFC*;Bz zW-O*GW1S;`vqY`QA?VU#wcpG@fV(-g75u5QXfRlknZ`S82w8#8sTIYHu?kyp2kjd) zQ+79DdRmObg#G(_zIZoj7gG;70?xTNXSdrrJTi%l(}`GrL<2u!@tr6@r=y zL90Y>cXz-t$dVXGT%SUHwNgh!p&>bQO*V_#owo*@Fk!uSP1RSz+;wBG%}7XNsvsfn zp?=uJan5PjNa;n=NbpF&aH|x9#=m{=m8ljebmD?@{8Xih28`Mw(Vs@WHN?EdV2m`r zNeL=ap>036B61e=$A*E_&PB@h54#P>JY!uQ($umt8%4=>xmAagONs`s!uLmjt-fuX zfvmxz*Yf|8lBhld(L}FTD?KGy#cD1q3-0cCt9lMJG8s?;$O#Z_U}3QnTdj`tz88c> zUEHiFkc+HVYwG7UhPPX#6vN!^4$!KT(gDyPXeWq_4#Vb&`G#nw2nE^)KgOC%)N)C= zFYNH`MrpzI?9mYw>6JUYJZ=4^0ET?P1xt0*xVgFHJAeYr_=V`}?Bo>3SMJ7$<#l(R z<|Nzja1i`J%owQSszLH>0b~@Xy;3*F3tt+s7aL!SEQEMcvit+~2q2nk9!q`$P#pf* zNL{2%ep=La0+{-8*;9wUCjT_^?_u4V={cKlwzoNii2CDHLLV<5M1`cp++pB&MhhTo znh{5&yT>SQ&FkeC35xMFkl2Jk^77>eVra6#pIYlR{w(_D_hc6NV5Irwj`q9g$~hOV z%RgFYqfs`m6uuiMi#>6|gF?$X_87d84V;`eC?OTATb1fA6o2Uh-kF;sh^2?tJ|FVs&`2#b; z^$BMSySsmZqlM%){cd-SJGk!QBIWo1OMU2JExUp5!OiULcILx!vxGLnYo3|JM~a&f(*$if)0bC&Dd=k`+A z-v?+#gXZAl;Q%vBU-^AnD$6svg)S=p0EjA2$M__${+fUD0M8gbTWwdbbl}H#k)K2- zdn7q#g$21XvC~J$-`+}xjr}+%aqLIqFjdOo?4Ui{A_K;- z4lE}XI3~jI_#U@8pXZ@JJp)LzH7Tx&zeyu50kR!vExY|CYyg#!ddj=GyxdPlQayHB z{j=%h)AowLtxPNV@#<5ud5W92Eh>jt3QbW=Tu8_vmb}E*pA;rOF2gatz(15Y)Nm3P zV^97l=tV}efp4+8yg-SU5WuAgy_u8@h-3NO089Pxi%_iA9`jX^9sO08Z>mhB`Y?C z?jRbJeyAyCA5!%y2Nve!z??Y(sJ5-;VA+4n`hLSj5D6iRK5YYX9A*b~X77mMYP#qe z0|Uc={u^B=Ve8Q=)#|OfQkf$rh5YvGSO-AaZ+6PW5i;n zPOmR0SR4u}M4Mq^aFF57?(+LorC#&2#cHP)^n^Ei3kZkpXL zOfNcbT=1%J+VcNh7uD|Y1e!XYfH%F%F4yPn0-4iB;QR#lnQi}>qFn)an_O>h1urf- zOliqF4I)FI#So&gGSiz`?#`c1D60W0^c3IQ#mJmq%DXXFQiAsV?ShY$WqOxgkE!XQ z@~2#S`(ar+X~onJ5KuZ?R&Kj+w4f5mu8^3r1Ps)k&WMle=f55F$w`<;fL>c!PzVyC zUlI#TbaQhvaC@q&vkQR)Edmd&h}f98XdIF?C7hjwjZ}(HQjD`RYt*ai1-y4<=O?+u zLD^9?hp^(HBAkEzjw3z{y=7GvXe(U%A?)!rhcQ(~lvO`{^dD)nr({6SF+gi`h_4dr zV#e~{fw%6SzQ;#-$!Ls6BEb#7i$Q=!GWDIDd|;4bRM;Cx9ZIRRJ8_~c_8oourX3zZ z8%;zs70sf#sUcNdAFsRNzu zhKsH2=+%eEOrCg^X6K7F)jEu-PkD1m{o|g1kb%+J*y&;5Q+K{3$v?)`03`Wvb5#wc1^=h;ogAp?+4k@PHjs;ecGynkyB)0QsFM@zhFj> z*ZBCkWQL#AuXtNxreo;3uq@a`XZ!nFii%}k2=kIbg_5!+B>@?_1&ye2%)_y?b$@Rm z!2Rh_u(19BlENCNlv!b+$!R8@l;m)6UAbQQPWTE9)YV#cr~RI(dtmacE;Kau&HDa+ z{T^j7?AMrmjKX5GnE>}*t)uOX)Ks!ADh#(>pm(+zN^;yP{VIKBp@1zISRlj2%&Zw0 zVh$w?7Q?Dz5g(%b^e@>+-o{>UtF+2!C@e9BvFWdlSy=zZ$k)s(!fh5Bi{zTdUk@V! z%D$h=tBX+7jioEsh&pcKnIA?|)rmEK|H2m)>%~Or0j0$!!^cn;tYdntEDrT* z@?(>7I)nnOBq{Mn2Si@L4KLCa6cVJg(aAax^+d$yasOO6%xxqFLO-g`BPGQb13X{D zv`)_FdBac)<7y~a&_sN$94tI;8ZtPEC0>wLJV(+;VN(I6k8`-9{*@1B8!7E0VC+HG z!x3kvYehwRpL;}G*KHm7SBn=zPnT2cEv#P7=d({+pBRK45jrLvvyMPi+F4R*J;P|+;bn%mmM<`GX?eOZJRAg{ zz$td9V2}`rs8O})#rJRfuN>Z&;hMcXiS~hTUGD$7q#}#Y=LLRK(N`XB z;d3I+7GZ)`dJ%C1u?!CKzu3VUfrndJTgxySW+O#2*uq$WBtcs7)IUHlF30!H50=_C zPR`Ek=z$RPy&Mp!#6Y$crQ0Ro!p-@ zN`Z@U6|m{33P&GfU8W~%oBnWXAvtStRVzFA z`V!TnS76P(==C?hZtK^1X;9$N=aJ6`g@dTkGEPfKVrChlD?Ud9_`t5eH}?4y9PJ%J&w?ks}>Vr$<+u| zT2D&X7^mLJ>(vYlT&7#z7>;tE&0Xdbt)_xR6rM{qKVf+G zaL^AF_}S>0Bpmf~T~VX1RBIO51YLQ%7``+)Y3Y`0Ct9<_QA&!uw-|o2+2KRjDN3`K z1!owJmJ9pv^)UUa#dRneMJoha8v3R>A_6~AZUXz*@FYe8H2gEW=Nq%dh_lM34Cwv4 zR3fJXJg38(PGFFM5oRozQKpm^1^OS@UbG({P|?|3Q4oe~0e$pGj546;*X6kLew>P|#7kopZRq z$K648UpB+DA{yvU+!)R_tgSB^Je4b7fmW@JKt&Wn_W?4U4UTXXUEMXr5pKsV@}r7U z>)EM{NpTR+N#PptI)GJcAI1{Ok=7@|Z2pleDjBN$V5#5Q4w1JHPNFt7p)18MF7wki zcTy2E-(TwE!SuGN%pl7VLI-!c-_c(iiFp!byeVYb`g)AcjdcRW|aYPa5(q-vZOYAt54CsuO>va;E2gCYIDn&86$|B=W}r`FMmP7D%{alS`Eis zyi0X*aoPIsOey+WeJm^?XJv(7w1=5ioR z=Y%_X9#3(Ff@QKherlHJb>u1o(_%CwE`Ct7Kz4d$|9WrfPZUJ(!DA36PZExeYj|{* z9Q%ldL{^@)DO_gFab{4}D2ZE)6R-4VvGLnCv(%b;A%o|?1~?w&zi}O9ThrY^v0N-O zTlhFQG=~1wUPv-D{b+sPqEhc6YdO1yOz%MOm8U$;>*h#SwzJywjI;5ltu59W5jA!# zw6td@lbqpamp87bh0E?%S%DOd*`$#vMmYwyg*#!i8du>RNeJmCnK+B-UyufXXGbGp zJoQRFd1J7FTOs>`5O_}ys=J1c?2kWai&cT-^>sNl2*qKwS{UNod|HEbkB`w56l!Pn zDK|<=_5+f%CUlV=q3;uyTVE<8qvgXzLWyo}@5@P>+-xOXWPZQQn3UU>ZsV;eS4132 z^@?ne*q?%Fgje-*4_sWF5XLqEy%^#AMUf&RJ?VxXk~eg%Q|AQ9MG!9i6^&frdZN{A z{iBwMgnso0IHqP-p;NPKyw9~T@bb*p9-zbuGjZ`u*_bZ|Kf7)egDsl*0w0wT6`6Kb z=G3%Qv#L@?9G=cMB>RAGA=Ot2k^u97r((n?Q`iXMr-QN2;ch*6^A8k!Cpe~Y$Lf`z zzq_iqE1;3HQKNHZ+n&xvU52K9qF&bjIT#rp-cfaT=NPP}q_b&vG)v3cqw7F=6T;#W zc0^77b1;x$$H`&6s+?0;gta%q2MaGIIfSkYh+SXY-kuj08gTyRT3KvBoosWR%SjJd zp`bHh!N3m$nJCY(aQwPPK#uA3-s=Hi-l+nY8rH=w z42BT?!Fq@}-uZchbz7GYiXT22)|!Bs+0oqW>FJUMTq*103SSBvOad@{05cZ){S`E#tSj`|%f-#5abYny_DoxyQ=B3OW&JekQGARBw@~G3)fhdo}XLBibJMgsVR#I zh@JALaxk4rS`Pk9BSfMEpl&dNQ8S69qa}mfhn}Y{s8AL-eo^q3>pl}sXEbWO(e_n& zTJ!&@BBt}sHwNZ~E^ml3>c(8oa~PkSAypO~4sWDj9xbD3n#%%NIqlXc@l=gHS_%4X@-?zr|7c-9_{ zF*9k4@%Z>VTootJ3wY;q1U>2tq&;vAp9u-je2HxwFhd8_nJ4Hhc=?Q;1fjqaBBrBo-znK6V$rhKRbd zp241i0v|9f$Roip$^U^)U@@O#V{o+{7*9Um-EH(xfa_~M$+PtEDE`^@$domeRIDSP zedqM=0-qDFfDjGO;$`CzXg=NMt7Ov?4i~nH+a=;MT5n?*R=rXu@tL;BN<~FrpK1aPBh@A7OVYlaxqC!Z z-*5QAuIfJ)c&epH@0Drxn}tEZJLWlW@ozs9+b?M!$SudItbbW`rI(ln!XROqe?k8K z{-ktJP*6cJVjxAen;EzvD101RDyouSh;YD9cn!en{4a^)85Nk6l;l(KR*z}CU(xE3t#m}?ph2J{+Xf?k49#7c>IHc$q>s6j0 zgX{EW!90B{0(y1?&<0CD#OK*5`LuG4?H?JLq1{Aed%s)(BV&MymOOk9`J78hm#?<5 z``5PfWz)R$azLg@K7&tGih|MGh5L4D7lt#90t#uAGXC~ahkgqP-ltIM zpe1+aM_r;>bJDBpP#aTGq+=^VOT z{)JR&ZLQY?9&d}R?eqA{ej-Eyw(aEjdoVc!xJY=6`g)6%l%=!#^ZM6>>S|1k4~bp} zXJ=7K+bv)L1jCeoG84Dk-p#zs4^V!7f}NjTCP23MY2MyOn;IYDC_}CLw7NG`mY;p~ z7p|C$?aOgtq8NzvRr=g$XG#Jl`qtKHA|5A5$w(CzaZM}jr#tLVfkhyBS=5mqb3Gc1 zBP6reWHu$>4Gqt_I^9EmXvWBm<9fl$Kh9Z&V`c>v+c5ZN6?no7P78D_MPVg=0ZG~Lv3Pc+}Zf2s1T zp=xO}^F{fcaHLL!mW4(Kc4M!;pCJ@E zN}dD>HBxi{972>{W){Zng#sWxvbvZ&>o%sBYb_T}S3I&a`P>c_2jd>2b;U?na%SNN zv}VzeW`#;pTOS@W(emdfkALb|NIj^jJMK&Eba*J7xR~=(7KgSq$II*WYoAbi+6Pi# zsD8h$t8?tvmxYCY7$8KUL8_6p!FW*)G%*xZwwHsI$tt9p|7o1HQa_@+2~}|a7pyejV?h5`ZS6Pvnihx#+mCkyC-6k zfVUHDsTUS>2nQS-oTQPRYxnz>W4nLNXL4r<`w#BM_r0YmW-VhA8xYDUVYqff&9dGd z1cV)D2j!oaOY%Fj0`Bk1JURe@nX4aHyXj9Zck`V*LyrIZWfH7i^V9fn&=2}_3XIYN z7H?WC$gz&iO>h62W2n?WP*6E#ZD{fRUDpo{XHOHR^8kac4HLm7uNcoaySZs44U(ys zO#%@Mpw=#{GZJz8FcbC0bGJ~3gAX`^`Nxwwt#yV3OYC5Kq8PNad4w`|m6efDb5G1z zbW}+AB_qoeVGdT+F#H;)Gq9IFw<7ipLnBt<8c>Gm(XgU z#$WQIAE4d`bS{AMB3}!O*)m#QZpl|z3}HBwDqEz2iNG(^)>75!x&A(f*jVqpm-QKz zf(aZs9|+rN@Yq#GRj(^^ufZI3fd}X3tLy7Q1`!C7pw4R+U;w=RmuPC55||3)fl!Xb zf8kKpm_#7k3`3)0T_eMMe{Au%f*tqwP*zr^c!$Yv3iPirPG%tM%}aGx5N3VW1GeRD zuFr}m*)@kw-gjfN%Yb;D0~M`_h(2?3?Je630w{Nk4GkS^uX17w^7G-byGWT;h~J+ z77oZv1I%%4H8`lr%aCE=Jzh-M@1!DS$fR^$k82dGNPWme{6i#VB_$qw58>*Hj$c}2 z{%H38)wPZY8Mt^N8ZRg^2_>#AZAp-ffa{Z1gauE83TLqZuVC}O96er%s2BHQKD2nV(M@s$De>;XAP+=7p!Ge@jM$}88|;MMI1z1ergKP2 z40L`Rd_qomp%@s{v)mn}v0E|z?DVqPg`2p!UHv$3F-ZPd)k-{}|4menZWS%%S-bvAa*ZVj+YIz;}{DpSKQs-JYa3H|0bd~p& z3agRy5R-WZ&018^(q!4cy&#SDB{M~j6he($0_ysFzX;Q?&%So00pv+*DAW=L-v^<) zb}-gNON)<(&+E!2f@N09z0srJZ9j=d;-LPk_fa?y6RR-+443BWoCoPsi@1V9>-NEH z%3F}tp|id|`0Qk*@o_WT`yC7!{R^w^Ukt_2pPW|<2r^UiIBxZt2?;1!ka~a z6XyX^2H=5;+shiF3LuZTiFrs~?ew_;JWv4Atf?Sczp#GEk^S_FA4IBR+42J6DYy4~ zy;JBrg#TMTA+3VfMZy4tHv+FuN|a3xENg;@e<|y1Fw;rohpi5GaXvvpnk_f4Jqpr0X(Vy z)bE2K3Bz=RR6#tS#%iBo0}gujpI-+enj3(+kF<0v6%c@v-z}mK2u_LISNQx`;}a8U zK7m7nuuJH3bK3mkjk07}C&+U>xT|TrYtKHr8Bjn42ATr15fH`G%G|5ssE{7RzumRn;f~H6iNS&N86eC8+I0|V2k^K9upZ`~Cu-oqaeZgr-)~T8z5&NsFVBQJ z@7FVTzt1wT^Uia!N>7$JZ3Xc7d2#Vm%op!ocS0y`x4Ls`fNWc4hNr&Y>1a=YX0`68 z?NTjz_IUojFu>vi5Xk5K#w=gOYKdo@?+pMD$JK%ZtE(KGP0#z?!^g+QdY`4^x!wfjtr%xP{)DW|>bS0Mby)ZE!fU!Okw`F>HzV>(d z)GlSk#To?j0H6p1DQehn3LWl`?@v7{W|ctwF0%p9(ZHYiGU3(tz5ex4y|m z=Qywd(7=Jh*aD}c%lng^u-aM~K>qm#3@Elft?h$-Mq>a%D9(O&a6aEnjl09S>Ud)X zVjmINHGq>^!C}d=DtzygYA$3@x7Sy=7&VzMeN_p$CX^ zZy&_~X=LA!Q%T4xGQiHI7mM*ZYv=3n`{@!rV}j9H>(K};IjhCKj8U(}@x7mk9vV>o zDdn^L26)?EMMd)uN$JS7J?jmh$03dNwAb3bJKDU#3k&MqU0uPuI&y3KHoOw%PmYhD zFS8ObHs^S8u)DPNYU#DxwY6gGE%o)udE2%#N8%t-gK085mKPWI+PsEzxVhQW-@o5dCZ=Qo&7zP+U@%TD1mw38J_Ole;n&=l_~Chv zPM&=oyzM0Q&E4E8)6*q?{-k9uzWDK@)Nuy#Ya~-kMVlEhk9!K2jggUt%G~)8Hn13> zG`BWx=7(6l+g;;oE0*xqy@2yyBS|R>O++(j=&3w>cl_%+0Eg@u&z2*t%_XW4)e zthTmRbl&di5@WPU2qftMcLy&WJe48I3{dpf)Lco)$x5m^xjyTg9dD(%rKr2$U7im_ zlX!&1scab`4l?2`Up}N4fWk|xMm6a~*^laTj#|HuF__)*nDtV;HJdOo+xmV_R;-dQc zS70#n{W3da-@$dcyBp2Auq0?a&-VTgnDL>%PK7U$Y(`+)o>C;Fxl@s`K3S1h0EqGa z9^v}U{0Aljr{&TTr_;mgzmtN&;2qckG?0x3t7@usLE`7jj$(7zjo=lO&RjMSZ>BI& z{-x_jMyr<@T((=^SA{v}%AakQ>-}n=u;RI)-4?22K#K0~K#)V3u3S@bdg0vitnNbn z$lC`%2#{m49Sylc2_>d;C7^tNzA^Y<0sBr_9HtFato8@M$eIuD@5_+~v!|IPjE;V# zv5htRoQ_J5X|^(R;w$d_cj)1NQ+p#5iV@u%e1lQrnY#s4s_Kl)#hu>l6$4mkVs1hn z!pK3v%)5ihEg;SAU&6}m#s>ef$+Du(;{5y%$L90?FxGne-S>v2uJ`P^y7WJ&lB-V8 zyN1(f^g*QqQK+cQ^RWS5Ud856)_x~}LEY*EKJU*Ivl8Y~e|!Mnf&yirU)u@N$AzGP z*ypaZl0u2W<8C1v)&dJnpbr3$^8Ki?ly)4DBCG@4s!=W4Lkdo5r3#7EKp-fR>)FxoFQ2oq9~vk`^QiI3PC zkyY~%MYHD%7HmI=g+T@Q1I2_CuB+`D7ArJms=L8OcHMhN#{|QZhptx1ngyAdFo1Ol zolz=wkn;hO#PUHwR|VJW?S}HqXnBz4I72tRuQA!CiLA{eG8)}1IK}z-5r5u;3z(Py zMc30P+EHCK43DKENK!0a8RBQe#Lytct&Xpwu=UL$mkcCO(%}60fnfZ4(Ioh16jHf- zR;2eg(xeWZh)7~U<6fC!b7dtzjSM^0%IIovHzbyJ>o1C8^JqmC?$5&PKRALeg@p%y zP@sZTV6gA1B|wZ{kkK&Ze{c&Wz)nFK34@x+0jJNg;Rdj@G(IuOZCajQqDpRB`lIS2C|MFMtAr@>*%2{{Yv4Zye2y@JA>wA> zR3>Bv6XpCq@KSOSxK5_@-u+fl7L5Vtkde_-gKR4+-5%tZSA-~%<~n0YTU%h84jne@0BgD)zF?K;7EN(qiiF}eb3;EPER33c<;O-#3w{TbRMJXI? zhvDD;a}oS+jwIyCNTRf&4Hl@YzSs&i#ENVJLPtj4y?s23Udlv#@)=#>* z((cX49z+y7s1Ay<((-)?1C%*|j_4ZK%m+UKHLkh-8Y!ir{#)DUc53Mzm5Av#O1&&a zc||)ed8~&(Q4;%K*X6`?^|4?$0wM%Jz0j_zq~ulv_UE7tYBpFG2|Rw(FonTP9AI9N z7&|aoO`5uKJ@K}Cw%f$Ce)h+TqYgmuBng2TEdXzx0E&E2=CrfYJ8Fo6&zcJPT?gxE zXimA>4Du=8hfDmmriT{TCyE%^a5J0Bh0V~mhvP(SdXnC#5-tOq%wcsB^c4N8rgb|K zudhY>@?;~TLL<379!b%N?R=ZREK4&IMh~{R9sC^Yh*LMC+ zmoGpX7~>akm!YU@YEJNelXl1IC@S5x-NnS`VT3JjGZXT$H!^}2rtLRiJCPqrRP?Nm z-%9q_Vk)!vM{CpXCF&apl^Awvh~%E&_I%xPZ43`5eIihI#dCKj<655qm7F8QgNjzH zq&J`~!W<$#?Q*foKZwixCuik)7|2!X{N#k$R)xstrb{%v-9@ZNT$|QA+19t~B+WOR zk^d?L-V_@PEE9>|E7Ah6qnl_6mHZE>Rz>3`9UjKU2mvU00``W>p*7c8I0!nwBcvQ1Bcfo+ zrwI(8AR$>}&$qH|<{1%i_%LXbHfYL(5v+RpMj5FV+7g=gcM-82+MG@n0k?rG`n>U6 z5xprd%v7kb%w)uwW^nHW8kR0X*>E!sDk?ewn*H{+f%G)`Vs|$$gPYlsy(j;#9&iKA z%YQ8}5s$mD4(d8|wiu3}j}Ku;cc>tfqDl#hX4Iq{NRfH3I>(5=M5TYc^|jvFMR_HhWHK>P~63As$9`3rR9f%EY4LQCAXwyM84z%BG7!=OcNMw**)IPVQY z@Ka=V*?Af6p7N!zn^$`5@bLaH_N(#qe7DGf$ul!EnA=fQ>4ihyvVb8%IvP<@>SwGA ze251x9P`yTkkyi#>nFfMt)~mu&7qoeTj}ln3)o8vrC`(SEaHl@YW(Y8xL(CO%Skzy z;r{bHbabHW;%|@>VFTS;d?K(o?*JFnKRjlteX+kE?hYcZn5j#!UAlRF7G-eQ?okQ& zIIaLl08@>Tu)?l&k@u1mR%p~!K;wsyX{V$70CdzF<%dA=vwc+_p2*|CF(bbkx~C7F zzyVtVgLfT|sNDW^rxNF*NmphfP9B~x7mIonwl^sfX{tk?0lIH+`Pru;7AL&e*iY4= zHPgtlH=7;B!Agcfn44G~QcRebn3P4Z1NRB21~b+OtIfwiZGJQIF`NHd!`L+`HwiQB zVxOjHi1H(0JChq>ZbUB5Y0v2>ttIR;EQ&s@VMn&lB0_Zu!NxAbuF9#zkWPoQ-aR4- zW}K9%DTB)nNq!=G!$i>q9Q@WuY23^RK<|fzjhJ&tH~KWDUQy7EO46wkld(!NSOK2b z62?(Z_J43iLeeWMP|Z(~3q`gm8|xgT%%@$BW&{_#xvsDG8XX})_yaxt8`RX)&{J|c z!UZ@w@5qQ&LgeyRe{1(80ovINb+6hA)B}kT7RtK0os( zLfES;{H|L(J3PGEA7Ly3%4j6%N*HDV&DmaEU7%yUD>CgpA{n5xkN^AxEWpr@!d$@c zbk2hD=V|eR zTD88l)ncpDX*WJA>kHlPbJ)(o*cKB;?+n(cd|qC&)&t^2qVM~}+ z*pqKMhkN#4czE9qc8LdR?-wR7#|CMjq*pmSKQB!m|l*)xJ2iwznhQ6$#0sI((h%Jau*~mPTKtuV!)>wgKbGwaBcb>_W9f$4D z2HzLqR=i@ThMZ?g^Y|Pkh4{FA+NvbB0;5tTpR?oo<$6Ae*5#OxIfP=dbjFTZ?8n~u z1uqmgTyL+v5c4t13}avuSC>OcAJnwgP^pF#awt_J$&De6Kl*~5wd^p;I)XJA#&-BTCR`-JY3Dh%J~P} zudlWnr%_hFuFpIF3HKi++FHGR|Mht!*tM`l#W42-Uxh;daDUHI`Bk-#pN&uz*3VPl`=uO-d}d$$TaAg-t)O z=5Hf4eR+@Ciog>m0uf<+O(G3I)Vm7egoLG8S*9HkSNIpR5=GS@K$#v`#l0om9aRe_ zzBB#weAA3gP6l?ic9~`U(^Xq|rWR!OtI@wm02F-#>T%Yp6#&5NyfkvS|B{!MUZ~D^ zJ&Pej=!vtiKARk4WPY=rGyCFq3Xlj7cbeIetSEc9zXE z?Gp_Zozp*!z=tL$H3NecfP-?Ra2RK#!X?ancO2RH9PNOE%a-^Yqdk>JjKZZ~j5EW> zTa6MBQGLz`eAtT-M9$)QJAWbC6!_R34o1v+wODO^dC*e0XO z5#;CNB<}OW+qy~hA!dxDVAXv2#dqbshX>)30xR-r0FH*vVchr0R-*$H{s0KR3Bz;$H2}Dm0A3L_A0sz>g@5k2ul|g1Pq$oUqVg6$bUJh@$uTxhT~)5#G-E~6qM7%)RiLsH+qZc-ssrZ^kymmL`? z*`-Gl++F)q1@T)19VTvvKwIBPGXt_wOf=ov;FtAs8BX-X6FN@EbAZDDMxxC#;QOu& zA)Ty^Y&yum&@K2&nYyUEkhMw+Sz@pWtv?`KTRc3pKKVQ4AnhSK3a>P3r@NJtw+b*? z90kMlfbm?%nNWq<0&}%d%Xt^B(ul%Uwej5A1BZrM&+a8CYZQY?q(0EMMV`AzisPOF z%!g^Hco5l|J9J~2vZZEvcP?cj$C?YM3EAhr!^fXKd`O#|ECA|HK_k`HG01v!+sSiO zCedyw13)E$wsWLzhH?G(kLT97y93U%Luf=|1=3w4a4$DY%c{PmgbZ&5IBt9ULzbPx z^hj{5;j1Vte1&}hMCgau*O2552zo%Hr6JUZ+DhkpOhV) z-elkt#j`h}vWuY_(q@{Ah~ZbtLpp4hbIy;wqHPB5gCtAswwal$(}JFix-8&PU+et0ry^j$W4BJnNHPh74)+qs%nk z8vs%+%n3voMPl3eBm>#O7l-lfG~ZfbmY}m7;v2f+7$gNFuRkE3s?t~F^cA)q9?{|x z-ozm_IXRqHgyfC-ctmdWe-*vFy`9Z&TXbz>!NsQA;&B@^z{u*+#G|AGCi;4J4&JfX zDk@#^SeTd};FASDje-FV_p=yS@{gpEFcQuYnA{^@3gP$~D2BJq4`~4Tmweep2HdP= z_G)nLZ0iGC-*o}&m3iG2uR? zJ~53-P^e7%j)e?X?8ypc`nx3i1*F!DPTrQhWYjQ8lpqaRG2&4@m>;G#^JsUqkn3ON}BHDXYy_t!n1D)J$Qbn+lG0`2H7N8v_-i}%F4FI#)|%wKmC1-Gk|@rx)GChc=UuuY(Bwxp z8jR0Ds7OdY0fGV*K(cEt`e)-4FEcMTT|#If+-WD&)KB4z0{w8SBN}Tmaqb5c)XqHO zB_y=mMkKErT|6EO2vmRk_)nD6swJhS3OaPI!Ej}_+G1sAZ}B-OeNA2-jb90=0yR8O zDh178ELZf9XnA}-H8z&rlS5SEh>5^%yZoeXQ@#A(Nw}$nHT3wIeXL|sujSt;i+eec zkO0t{`SIhhAJH`d^P-xvcv@AC+E9r~&eui)?zRjjqj0dE^an*63M{}9!>%_@bvxwS zQCzd(t`vf8g~Q}W#Tj+sp7Bc)+KSOp#goXR2A%$@=wI<$R0fuS{4_gheG z^n8gc(Psc}^Y$b;-NN+Z1`j_-+U4iNUHLaU;K3XHS~_gOIE?wK-cO5$J^gLEJif^w z;WtbG8n2eBkttg$= zq@8wd0-BLSd17C179^qaf214h5@j~`4@Z=d^CPc9J}Ti&Va6f=FmMw4^rekNu zM?upIA+JZ&_(fNje+V}bIf!MnFjB9!v(s*5^7?i zK+Lr`abk8E{&ec*fbiFPt>rkp%Bao5{s#2M6Mr*)7noX0f{sfyg`Y;t79H@3hRGK- zaf%2(HAh=Qf}7(BmQN;CpoCm*z*`xsCffVI;`dkkhWGOo>0lN!YIe~ksA_hK2ZE<+ z1S^9Z^evH%Hjp%E&FzF9i@*A@EQ=YL&d83AZY2y68_QgJ%Hj8tr+_AuQJkyyP2yu# ztU@k?L``SP1A<4Xo7!N5BCf=%Yj>}@PGIxI5A_k8!r0OV^#^zv?zwCGTD|K9v zV!K(f)O-#$?3U!5&*O|HwAA?`Jl4)n+#)3)13<$U;&r-OEYwtxvHY3M#$fNT<8^aU zlp8Qo5%58xF@upk$4sj?jb@kK$?22((Hyj^A##_=%9Y@lWVv z1OmY)Bkp`x7Eve`fe>3>%>7WXK7)}1NeSwTe_lO@51Z;5+kJvk=42hBwQ1>?2oJUD z?i<(>WQTt>T_i*D?ixM!Z&vP~jD6A{%1vkfEp~dC67M*|e1$~X%Bmxal;6(sLQ+S{ z^ZbEl_Dj#u_YzNu=sWUwDcfc^h8IfO@IcmMndY&t-oo5V*zs@3ol{*ycrA#Lz0S8< z=h=SuwHqqfhYT$=tb?w&xt(N-IVcFTKUZ#Sa37}|h~IHG$8-lwcQIA|3{`<>b%rnq zdu9vs%lR=eRhhoa82830B?~@Ulr$A(a0)`CS?f+7%=-oZ_F~~Lbe9^UW>BOzDyg)S zEZEfOgGBWf@Tn#_;$W%Ki+0D^ah>7gX*dxK_4J|EOBT+DR-2!(@!aZ5SrH3lR5<*6 zDN%5kaXD?T0NK*0Sy_n$VS)_%8R_d^2d>a5k$OYuRAx|BX|smPLtZjGgNR5)XY+t< z+ON9pZ*(o{iz`|m|A-nTl*e{Rvl^XFn=<>s_U-Jx<|YurE|AbO!6qfWtAVt!5WjNGf)c zg+Kw?D_P*?r*kpXa7M+$E2$IH4NrEMjgVcku=s=ZK_2unsq2aQ@AFD4C_DVsd-)e* z6qoYnl#|=)#(o|lEH;RipM#!_t$Jeqr50J-r^DK&FU`$ZjW}Z`N2kP;vF0&pNdp?- zGV!}Pm=@n}dmlc7IG4`Nhfbwztx`hl-XHE7cpkCe*4gRma+tNSqaK9h9lU96fx_!m z-J;(+nOM+VtXwk|C$9%14yA#3s7B<`{5ei7epn+Y7V}1D_WJX`4@GcqEOr-}$0O*pYbN8?0yq5julO`fcHoo3S+@ZF2E3Fcc>zEgRfv$R?dGPmSz< zZEF-;;4^)EG6T)O*K@dwi2TJr-I{}3f;TlSG#48Uhg13d-e~_xv>A% zY}7pFUBz`QSbu^w!=mtC@SISzS2{R2oJL0NuF9L>?P~_vt6PZ)W&03EA=1G3_zwTj z&fKuxVh$IykkM!_TMOE~(Hrd`*!2aFvAAdqf3;dOh0~~_3cbQx9N(SwR13eRxTP^n4xlw7r6ys;%$avO`|`SR~APIy0Q3x zytI6M&wc<}RTX(`yTNTVVO&&Hd8rMcCX|&$Pdp17@6YC_fhacdSLis79so&WV4+9; zY83daD|3N5McezkldG_XpFhKT8jr2-1YHX8)(3pf=j3E{sIw6{!?HRqYX_-pmGQYG z`v=rtM7-^9VQ_aUBpJ7~&gf_hr*U(w)7f>>|gb-aWj+K?hWwojb8^2du>;f zdF^wa248*U>#jPx{@md8k8}(P%(8sGVPXdsGeJk+aU3T$@+p_yqW&y1O@-G~H-XjC z?YnC;=+swtmFcRb@XzY%ID&$L)rLEGBm^FgtJ@PNJAst6SQ&@}S1@y8hdR}dnmtc! zzYbFd2R>lr<1cMSq^iy`ztR8=8FtfEt{%>Iw%Za2;F#arF4?r-;+55`fq~w2Pvi70 zep*O@lBz0+0Tq7o$jFSEj!to|6B2DC0JXm~AwhvwSMpy2LUNKi7>(m8SQED7V<7!= zy~aeywwQ9l)KdV@TbE^_WHMH~ex{*44V(zGx`3hE4J32YQuMNnAGnNVrGa(HH0d%BJdIPTGdqpHB1Ol4S zIJv3`dl@S#?ElTUlUW8`=xnZv?af74j+p+QK5h&##Zd?Oqtl<35Bcq;)b-xJEyylz z*R+|gYQuYY)&c4TOV{&d5jpWr63WW178Y$O%`_GJIS*}()YWBoNr~FWBU)@wc&n?O zl;^YAJ5rFpf}{-%=5KC8HmiB{t{ioGQ^921`xTJ)eKOTFe0-SDx7q@vr&4NaLcN}L z{-~m%cboVdqwwTM^sdd{tjVDGZN3-pbM`8V)ug>U7yQPrPWSm@ujFOED-^AMSzd-* ziHeA1pi^>`^1Wq~lAX1Yp&VO3gctG&ID{y!Tu>Y&|6LI4A z_6j~M8to5Jm2c>-9wViSyR4W1VAkrfCpL5s=1!R@TY6-MV8H1>pO>0~jSc@JF6}7$ zDURA-G-xKL)Z(K2w^6p%TXwnho{C=D)e8lV|8fr}7d?Osb9QbiqKc0p6SFOnKw;zT zs(+!RLrV+Q^lvPV4t9ghgT$B@1^qpk-sbA;L%l1EJ5~Vi3d{rI_fA$;_j5ki;R%@u zGhiEur(B03db>q5NI*75hIF5o&vVu#C_FZJg46p!SNBjQ?0s0^9X*3@avzSq7MAM6@aB#%R%arBJ*ju%f5S zuOBezct;FL__~)f2?B~TWWg({#VckPSks{ac*GwR2F=!T;OY{MZt%!eTlJM0G6N>9gWU%q zc91BJc{GFVx3#*;iLnEaDCEN5(*?XFq@2?i?xS2^QtRN4654LzI#74bFn^JOKb@2=7ZPs(L;IY^H_r>Rnnh(pETGi zT<}MpfIv`Q*(TljF~NAL8xa3t`C>dZui*@T1Bxm83hg)z+heOyUw--|BqTdyBxTBr z(pXa?&#I;YR+QiXSA^>)gse;BtuiU1gO}wLS=0ZhcRj)EUN#?mT+^aen54v392) zJl=TR)uhy2p2-AK2!71TiESF-CEg7o8Ku*-=)trD;3`P8<_Pi(^aLYDvQ}3y4b%b^ zE{Pizd^4oum)f5b5)i1|Zgm3evLwrfC?Kz9UPo2+t7CR;<(_cAp1j!>+2d9~27$hU z&OfrMKp>U+(Hujr76aOgon|(@_U8%Zh!dkxqytfHSU=>6Cwx+vzY9Z{;@9)cga&1K z=gY=rgsaFPC6G;0A4cWK?E2sZPjK_&6KHc-`H6r03!@k0n*MnxJ^N)*l3=;kN&AKe zgN^@mWbVh-N7Oi)mh-1mfW;XNaP|idxa0grn;$1quN{d=DDG|>BZ0wDNHM7IpP6QC zPDi}#VV|0hMCM!O+b2bed7J`ETpzskEOGr(SDV5HOi99%6ECC{Vd!6mM$o69 zyV-p|ENl5wSV-}N9F%DcZwo^?r~)(^(Xd4};JsgHy-Y}3 z>=2jMvHhwV*6Zct^dYjGFJw0yikC>kE-Ey3z>O6r9*+k^|F%>eRT5i|!)23NINI<} zZE2!96+EJx4{oL1-+qt;YBYVRR?F_*5j|C=zHvQ<0v&^t%Cy0%LstaI8yrbBk1lONh=cH6zXBYt!$+ zLZ5?AcWs|(JrP75&;3;+D!9L?nU37;w@`=jOiZ*6R!Gq{;VONons0J`zGq7E!4s4M z#lnDR7 zBR$*X@KCnskNP`+YCx35N08oq@Rsu%*Z@M(?Y8IhTNk+X>Id$Vl#j4+vLwWq$lE1)NcIQ*Uef{;c?UP&~Tr51elz#V1f_&zRv^2A;9h*`?Hc0fRw>iO~ zM=@o}yk2BB6?mrxdd!d=;P0fIdCq#_2Z(5+U6oyFJF= zi%@0+od(}8QyON+ymuE84m+Swr}~HFObYX@7IOd+**ua2yAnT=qLN4lZP=+t7D zD)i~oQgJ}|gyam$>PUYcrcG{)_I#SWi6UxZGN4XC{=(i=1n37fuXQ$s+deT9=TjZY z{Xj8UImYX(Z)jVP#Bvf~Vv-y{wX4~tmMM^X!UgbeQyuB4!9z&b-RqvO?yYX5hVK^{ zeEt+G>nE1c%I>{!n&jxGpPb@4K?d!8$E>uIYDm%TA90zAq!u24FUU&^skzy)Op*i5=G6|X%rJ@`UTg&Q)}Ri zOT|zuUYe(xeRZXUsVJT@$SQmRIAXp(Yfq;Dd*0%iYyazu^6#2D37rSFW;gO&rMMF! zAY9|{{Q6;XZ7rK;-Um&pY9g@8&4nw5o7jXF|7)O_l=ocgEnYBa^;vKwjyL+V9252T z00a>G;p=;A@!!{WBKKxJ85u^`=(-USIya67o9pZEUf4#L z9Y!vTbrsg{gcWb7kd&40G;NX%8dQT6F2x6m*e?wY98+V9nfusa72ZF2f^M~{Vi$#T z9G_?*>IEk0)WnOw^S86zxqVwIEX*HMxU-m_&XaOP1BWB69tSCPxuPsDPuxXRdp!;% z6H8H08nn>FJ#w+_Cvpnz1yS?LNssbyi_PdteZLE3KS9n`dwL|u)8RL(_pIiC<|jVP z4O!Llim4HuOH&h0wq2$IkS;*4LE)J-59h z9_kQbgK|UQ(0CMJHry=(d;2BKZfZs?;^P;Kkrr;RM{j)I9afMcF=J)?dMMx*ts4tM z75#$4ma=f=F%N<|?aar#U$ry&gn~9AAC7>$$+m=F0!HDtrJ1JgX86G$YSc_u9ub^F zF@zPeEmMFR$*a)CjfPKFv^KAx#(ow^(hRfQ5GZ5*hblgx<(^nedf#c{kRO|0lH-rV zMjtYA?Ah!pyn-u=N`gKRQHO z^FsHRX?Q;~8GJW>?0f6Y_~uP@{!}EerjSGA=?+87eE z9lS@6x=8FoCnG+LCPmWGnUx3?MRrVAi9;Ze(X@txjjNeo7Wj_)R0e@R4O={@+k!9R zNY8@rC_gLOE$b-%V7u}8~61-0wBeRX23m-$YkqH0kCYyIr7|GTr98$ zesBcG9Kt{^N;l2g@+O_p;&?O&Hv63IjtAiGHvdxM9Q!*{C%cPD`zI5ZqOb7V2uM!L zjh?Jov8(O|J=2~7zXtS&S*{#^A)c>RW+!sC>Z}(Vu@6-6d zelwgu)7M9G>%2vx{#G3Kj?D((JvR3WRQ$V+k8AqT{ckiOr;W+UzH(tEgqB;?s zZaj&w00|dIN9gDi9Afnapgb9bPcAO@hrHKxb%_GWJ`0Lx&*L7Wg^u%4=zKWccXfvw znJtyO2P2lXG~+g+EvV(9w;(fsY&~ZxB6Fw;VvgRCd6(GqQkL^=0SmQpfT-@;WA%#M zhRm>p2g?26Xh6e&f0nriGQ5NxGfcaeKHN%*-BK3g!u{B^_3F zNQGfb6}bD{741z29(3G;8>8WU+?;h3q85D7Y$iUmqT&Vw)~Evvj?sR?muo(KN(sBC ze0?ixZg(M!@69e&;;+f8wq^0JDdYc-*IgNKx3Zp}>7RXgUVPu5Vz%nnchMt?-ZHereHJ0x?80#*Kk~yui%shn z8DdPUV(7kwz@=z!SV_Fgg_-JSfh_q4j@k_ALUqWCTp>OZkbc+p|!M=LUm(9o$$wyZ3JM#t0BGmM#r!Qn2m=+xA~ ze4B-1LaoS_b1U-=@Ye=$LeIa4Xlok>6|=eidfTh3R2^)rY%L|95UcOJRm{zAwkPd6 z9yfquiR$tLM7`nX7~jzo))N9Kl$^X#KK|oJ8S(q&o*Du5pY77UU*8N;7Zte&oR{2e zL9k4PKl&H8t-;mkGc#JYEDQXsiAWplkG6zgD44CSC8v~fp;YLY5F+R&B;M4tgap&S za5^*U@b3zX&Ghs21pP;@BDQ}xt^S0zeTMGKsyP#SlaseFb92x028Ym-XT||9tyM7Q{e>19hvePwl3d+nDpUEOQC z!%7cpdqN_r+M&*0DgB_LsbKD90sfRw6Z?B)+4mO$j`Lq+=Ax}Rt$kE=r>E+mDspzc25uyfanV?u5~Axq`0+gJBO=Ic?S% z|FJ(q5${-z8%nOM^viuWwm%;8&BG&Ze?POe?Gc0mhw^9WXWvHjD#IO#8>L?K$Fhgj zy~UL=!&usRgKx%%Mzdu94w-C?rFNt9)I_Gazx|6uE?0m^5*G??G^Dhlp{=OCu}C)L zPTsD%@y)mVV+7nsR?|t6PpFyEpw`N1mhN47#V(z<+Q8K4QnukEi}h2A&*|ymSQpv@ zR-L0TBh<)f%e$eWMONNtL;ZFwiYexlBm`7XpVmY2{jID7tRpsB&tJ*+o*IBE-piV^ zPj@kJ+1^fF?5?MF?&4`2`t>kKbV7Sx4c4Ou5xUFk@ONEkXoOgGo*>$wBr72Bf--t3 z75+R_p2Np^vTPC@iHZK!7g?P0HCMC--5F89EzHcAi?iAq+Sb8l$V%|B2~FfeLC!V| z#y7yc9W&#ZxD^g!RCGQ)N)lt}ehC&n%x~799rH?DudEzB2FD=woP?3t*~hi^)*_ba zktA_V6~zsEz0?6l7iwKmkI-w63V}^vKV9{lT%d@uFTX8R_ASU;M6)uO_r=a$hSk>X zO`DWM?$!@hA^wr;HbWvy55nO4F>#9Bs6=1Giv}%EBF@cu!#}1Pqrw^GrVU$?Fs{nV^rxzq-Z3Q1w~kerJqoYI1b0;sI)GOd5^8>k9)2q4xCSoD9#%Xes!C|uo)j}X8R!c@b`-O4RxQ^3 zusgyd5_zjT8MEd1WmA@!p;$s^=FpUPVRKXF>ZOp-ZFXb6+`MdSOxMt&T6dU} zZ+Q<=D+$41T?{35`n6in@s0!kc*di!}1ey{)&+f0xvhdsh#9iCZRWBul*Auf-)4%xNoypR2euNzvYZ-O) zO|?+}?6Y&+qP_dvAD=d%IbF98!Is7a+p?{9r2^WxbI&=z=A#B&5>yi*!6xn-czExC ztd8S;=D%95W)dl>cng)N$wyR0D5i^@SEQuB?v35yoG^l+fSOgB0JaE|F?p(PcO#Jt9pnl6mKf(9Dgbp7el+M zE-p?bW+|0`x?1vjr63gNJKUm{1%d@iWdM&6o{4ySgC!Cd^^>WFuC%J%Z0<#eZ1FE_ z{)<#oN-amn(*CO_F?HxT=F z%vlU+!i1P0-{y;}S-YsA&(RN-7OysM5ZLJ;`+a z`wHAgYfL%~+)uMhZNl#zweCc~)gZ5g@dzYUPX6v>inP(}Of}qr+`Pp-7ETl4p_;;` z%2!<8jQ%c6tau#ks2S31Jj!H*grUu)EM<_CqT-&9s$R5^0H4S0!Y}u`rOzLNK_k{+ zW}Ba%XOq*R!Mq|FNw{`~hSp;%D`HQJ8!Tu;!x=QOhNq?l?V`>1@+G|9E4onxtH6un z_lQZ0u`0MN?)UgUF!2lKdaH>djuwh*R9fpjILl9_Ro%d^mlNDoZ+XUU_E*ZOqP`wv zi+g?FS^c@d*e>{&^f&30_+O8>|JCC4-#_6%FTj5-2KX=E{a-u2{+k*Bq%UOW`XE3P zJco7gE&~3c8UOkB|Mgh@pZ(nbhkAnl!9)DN{}rPUDUknjIQ!qv{Qv&j|6g7a^yPbW Y-GikS?uUX(55ONqSrwTosdvHuAHg`R761SM literal 0 HcmV?d00001 diff --git a/i18n/ku/assets/img/android/rss-changes-light.png b/i18n/ku/assets/img/android/rss-changes-light.png new file mode 100644 index 0000000000000000000000000000000000000000..f88f7b40436ed0ec78e99f8ff1006b61a3e584ac GIT binary patch literal 94908 zcmc$`WmFwO|0amL6P)1A#oax@HMm`Z1$QTCa1X&P5C{+?7qaOmpdVY@-F`DXcu`$Ro;Nak}l@#T*;o#tt;ouNy&=7#XghhYr zhl6(ySCW@`=euy&j_he{*toNNF;jVGvtrDLyY1!UrR7sX+VJS^1uCJG=q1T{~tX>aY4G((RuNwF9-TAjy_8@K4X&9T&qim;<}~x<+hb? zXW8wXby%nV^~+PgV#aUj`thRR<$gltXW->J^UH02M)1R;)Jo99vib9QT8(ADLgd@M z1_=#z7v&cFi|-sKzn)eyd8FXJYQP(`FMlix+aEM?Kz&7mkxHoZ5OA!iL6<_+X33~q zXU`Dh@?vi->v?k{x_^VXhKkE%zZU`|SCF`uRF_%$?VxoG(Q& z$v8;zx$}OyA{y1=qZU5T&tK=Qc~uhJTKc9h$8FS)>o>ul`I~4NL_PLFnMBm7r#-xp zkNh)nd6YhZkK-=*6?BpcD35^%`Ju{(VCZb2&AYx9HE6qm_Nm9iV+hMH*G<78hNo34 z{s+rRlJ}oJD9}leS(n&$UQV!syOulJ@EZANVp=j)*!DC%JvUGny{^t1ULJyj=U3Q1 zs;1b5n6FXUW|T$merhfrUrovr_3~HN-cO>P`qrs3ka^Wd;SzNIyEGa}>gm#>h$!Z= z=kL~@g#FZ_HRIN3+x2jk1W9829nYJJ} zoKPxLT*^;QVIM4L*I&-4JIg>7{*+l++(8rjx(=;vm#IwZW_A7?7kl{%U|3!P1h zqK0hExZ5ewnuQ@fd8&4GtLOUp5Lf56+u{Y!mVAk3fyhVi@~7Gyp`~9EAD=J#J3+>+ zvhPgJ(d4SB12X>jYMc@}r{@LCbe#qg-x)GYZ0gJ9-I8?r-aXD^Zkw>Mv8;5CO^v5e0d_3k8lm9YMHg9J0`YrsO#~1>B5zIy#3P!`<(8b_ube4Wba@XY!5}KS_yuk zPh}=0tg0!zQ!4>&M4=z6*QIwQUu6+8L(Jb$8BWs;Yh zdERVieLRU4C*LS|-TAOgO+0Ll2I&CiW%TcS1jqv8#Leo%X{v@~gYfVEOaZ@%cL_h@ zT3-RLSXamJ0hlYpxjb>faokd+Yx}24(KHdlIYXC1nPg|BZHv<@hBdTNXaV_A@P95|>KEA|` z+;pIG7_MZbOM}HzU&-|l)%_KXQB|nCzs#4^w1;W^)yGGY&TPJbmAzEkz+Zu#j~f+! z9y?OK3gp79TR#LUW;>qmDGGw0+a8y~N*@gnW90pbr^cBsF3t*gKF)N$JdDXyHh*O|0nkRH(>cM?D-F{{1^882bKN{ zd;S|L{qMOLA5w<#-vRLdzlTVnLWCS&lU>piYOzjzPQPZ>d!E_$E-|@k#{6&wiYreD z+)TCObqJu=2~sR(hOadH*a>OoXW^#frZLfc7aL41T0VH5J(pShR#)6KLy}QMuIjMX zTiVk~)=+6n@w2_1Jtl6P0=&wnttSbexjxPYPI?J_CS3zDm6dTa!o1xRlI*ms(%EZB zf^d6lEvK+BFAMiC`FG>CmDMZ99YqKhA;AXn^0~!+aPxDFENoqUr>Ar2OuwTSirO@$ z%WIl3$p*$ah=uBxhU7G@J}7$1Rn0wuOJwuDByaCfeEyOdxw_W7LpAm5RqFIf{cE^8M_?RXBXHV-XrY|rucz7mg%UL1&zVsI4|T4AbfrCBz>^irr-yKOwy}>pa#nv-yyB zZ^UDSK~`4be0q86LS}^2UM)mJ0}|uIUE$P>>$9#`s4e3O!Lojv?phSv&r7g(2dAg5 zCu3w!{J`O$4+(9e(SS2sivl3m#9-pvfxtcM=Y@Tg%d1bf?=o5H*dMFPe`u&G4*eeF z;(X->l@%qk6A{*CV1ezqE+IuQDh5LjD=5Hs^r*zmP!n1PWb-!;{6Q#{58vZ;78ns% zkb0#_}Vdn2-qT(+p6<HLNy`K15GF>fbj7+)TQOpbHFw0u`_y&A zRHBr8KCs2F2tW@{5YtS=%?Y<1L~xKIgYD-fdghI-!iPYNLc24Y@p0 zNo1&&kv4h&7}}kjsE85ORV)|wEz_d7)Vj39iYE*zWRX9r7~<7*!U=+`kUl_HmRxW( z<1Zj@KJ)r&CF{q-sV&d&!tJZ1OVm*IlISfmIygG)<8c9>C(t(@M)(bPa3~~V z4(|wA1Ecg)q zv9hMN7cF=P23A;{QnZQ;ycV7FreX;43D&%{p@Ap**D};)>h?ww-_K<1u`+mQ10$T2 z-Q*vomc}aM#V?WxcRz7OcBZ7b4U5=2q#)dH)6$Y4@PWHXFtKC$l0)oel8qfN8(nE{ z{clsUQczK|#Mq^NX5wShV-#q@SzF1A8{+SYAQBIBizCb_S#;0{vk-Jv!DDts19hy= zH@ZzS$eOept$~x*)7Pl!I7GT`%T$8N_V#cBLhURC3rsxNhP=aFC<%;C(*fG*^lz*V z)53Kq*}HEKghoJ#kv_R}kE5>Oku2GLSvZ)LFgSvj-YcIUKoOD{6GYGr!K{GNQaT<< z4@&zvI`S?}?+>=7AjWOUj~B|*37f5q|CUlUFiG!brx)jX!~ZGPwf`Q)BU3IyHv5$@Gm)f(!XAXrb77r1cJ*5>auMQT_tFPPRy9%EQ=&5ave zQ`XbZJO_gnh_FJOzV`P>%BX%tO}5YQq_?MCj z`%}+I0mFdem_;bXZv31poI#Z~_rgMgktAg9k`4~(7!sTkEO>z&e9@Sbq+Qsja7NNO z|BIn}c(Lgt1BbRFs@2Dj;Rh!|35s+Q9#q6@8|%j;l$2z|#E1?S#{|RZxnVWP$O^uO z@Omxy2C<3i8X7MH(ZXnvBowIwx%3*iFMo?K>!%LkUNnUzm)iZ1Jke56U%sFIJG zP`7H6@k%ot5*5!g0)`@nI-z^?q+v)_YFhA7c3Y=8npmbpPjZ3rr-Yzzir&5~FLi-5 zuQEDr%m~>hKJa?cTr@diC5L36mZUE(i56{iYL3o;pXvZ^g)Q_|FMJ%2?;2N-2Tk8z z8T=Py1;uC$i>6nK#XF8Tn3e*L0`$E4@Mr%bF#JZrCJXQhWgtI%M|hG3-i@oBCfHZUGR`l^>IehYqUMwDS1lzEu~_smw6wk>1?%pnt^TwdD(AJd47F3-yaoOB z*c$>DyPrSGtoc66#V&FFtgdu&c078($6ZQM7ON3??twXS zv(LXA)7L)3;QXQJ4bZ9vf&ow3>NGh7r-iDoS`HOA=LC4}e>IVM7J(KOos5PLSF`#| z$n@fJQ_vC0;rZq1_jDSdXYd9e@1F_#HQFD~4=O124)~X0a1|<5Il^wd-X#nrwWu_} zSFai&NRw4F_xN`KfingB+mRZ0`V?|E$8*jsP}o4|F=rbbEQ^ zdb#F$Id>`ec>Usi;>n5sMf)Nd=sFt6ur2WN#xkTd`KzY$^)fjGAl@$zFOR6+AJ2c= z-aY{8!oK;-krb`BKK>NuC2rC0|M0Dl2;t+oluhu+eFH^n!m1w?l|f0-d6Lxq5kQUv z?Wc^R=_=Um@ni=}V(Y(LMqmN7MI}6D zn^Crr%j!8AItE`>{r(qLC#OTVnapvi4_{2D)ENl&v=9JVODf?H!Xv~dwv#QfpmHF6 zleVSH)qc7EGw90bjS+DJA<(oHbpPmhv2#qiq{_I_Zn~Aql#98&(Y9bH=y0Lgf^U(x z+m5xE&uIZG*Y{}9%bpovj{_lTsaX%e&_FQhc-%M;soOpm2$;zolX}UsuzA|l*cr|j z3)s#r3VScPS1Hj2S6^k+Le5Mj;}@(b1y!Mel(wLh}syZ0k6x)Cjy)Qq(H`$plhE z-IRKU(<*&wwzYg7WqH6*&SQpzta7IwvntvB>+aCcU&kjDU;7U)Q-zwM-s5n_m zOgISAaSiS${Y`{)9)7JSa9zD)n zGK~6P&w!k-u5mUxl)9Yyam$)0?DkdDZw`(p5SLh_1N@LznvYYyWRC74&a(0|4E}@kWeo$9!O<$v&$Dx^(+g~LoY;4) zQ_;^$&VJ^d$Dzem+OXDdK^l!#M8MZcL&w3nyC_JPpY$T?QLm9^4D$e&LNHh^y*-l)#LDUjS-1ZubdL zo_~dWQ%h8_viXaG@(Csb+iP<6S28M|o6}_O>pDGIvtVSl_6~g)DU9$aHsH81arEEI zlIMb4e{|kBtLwq%e!r|gY|VbN9o@j+K+9nDI~$Ijxh=#A7Y)s!%%M9eOdNjHnu2lU z$m|WcD+?jVm6nB#cV!Y*0FOCaa?J#AWa5xsrsb}$U=)y=5LC-}`48tFIP9f&G@?S+ z)DZKeyiA&39CGd+s~Vzf!lJB92~BP;^n){COaov}J0{*VIu8fjh5YS5ZTSc&S1oe5 zxP7eCtExi-_4uHTxYuFAH#F+8;{36@^mpP4;-89jBlhhHWTe@i;c&6bq10OW7|NLD zxzur_qoubDa>hoFc~4tdX$p_4GBJ^O%Ollfp!rT2m=S0Oas};!oR^oEwyDQ%JW6P1 zq>!Sbjd?!9eRVZ?U(hdRmlLS6B@`{xL2^Y#Qc{MtE5*_KS5q4ott4{K-iHiC4}dW` zPDn^Kp*_D6W9Ox-F0YArLTTxiwJf4198_jY;mz?x?LMWL#lVfzVsC>W2k=dLl(#D} zAk4HcMjWEP5Po`GO{aF)J%+tWWhMeKS?7OOE@UOrh2mQZQPOvBHkjk&)7O?<|fKE!>fld4HB-}!h; z)Hjim;b#;WKMFf*Hbyh%=RXGp(T2iX9QRpsm(_h%OhPfRX4J)BuQ^3qGmD`xa$da# zWDS(mR*(aTU%r_c6K{B6wRV8v>YaiRfl22o06{t0j;9CH8gLuIxfMe z;n>XnoVI+gp&hg{jN6;yh|g2EGvrBi98^-IJcUJ2{-dmyJEX4ppy<_d-xh)4(;By2 zEe3XMWUv5RRit^S&DB!HiLIga&*0h}#}uah9c0WoK(!iz#>U3)P;Gnq+@v;8n8AVA z@cjL6QBgiU+(mlU|5gpL?jWgF)&wIp`ug6Mme}yTv9jI<=K1|YL?ro&G(XZ?X*d%K z^Hs1TK>h{%Jk2!U5xh==Tm1`g?&LK^PWj#vi)$*XpcS)F4mAP;CiTvsk>#Uwp@3CQ zR()jDxAzZG-5SHHV*;St(i4qnjjJp4NPu(S4R^0V{_Fy*$~A533+T9&2Aq9n-cmog zM%nVP5dzRd%A{d>YgpXd;~*B{!H95|rPIG=A{*1TjNPh|{J?d~z+h6dOaxg;Ur z9aki_A&1YY6LR6-;8GfiS);%5B(BrRkkON)g5m;l$c@uYYiS11T=+}D(6bJ>fwkC98?MzMvHAB%_xee#qD4=IFAdiz^FV z&d4EZjzQS*aw|qTi&ommvZkgPRH*c$3fWBf)|#5~AFDD$hkcj9#q+kR*qpX9`EXKe za-sBB0trTHH&r=iXvePN*F^)0jUA2nbNkdr1#pyBH9s)Vkq3zWtudim#Ysl8Oew~H zQH?cU=FtAaOZz+=8#y3Pg`hZpONoizT_@Q@-A66{#t8e@?==Ca4;;;V%g>(V;W~(z zKAlH#DbyI)G2M_c)b!qVG*yU%fC!&d6RDfEgNK+S?#uf}4fVmbnc=WHIQ1G2i-e{7 z5=uzs5Mo3`FT{(UZSaTNDOhnDQ61ib2LG@Twu{xRd?v;q9LspHw}*R+z%p#8qA}!5 ztfJb@xM}n%CE-eKdluPsoq^3t`Pv0gpuF`Y;V@iq3dtIa8Eju|V>{YUBC=Z_!XlG#Nk`U1G$Ovm}oKo13WhR;jB4mM- z1VTcEu@v>=+{jU84W$&0f>yfgFB7>Vm(!mG5ilT30ip=bsMQ`mX}1FfLglgKUrHI` z3{V_n7f2zBKs_sJ-BjWCDRiSc4%Fqc(Qy+FNBG48s?ExeWgxsl4$(BQQk4=`LGFG} zy8DGyMwhyPMp*fXAj=I~w^Ig;3=w^srl*SqpWdLiM!dMk$BB}Ymc^Ae@F!6J=gKj# zP6p9=7&x+8`4Zk@i$$df%?QC1!8N@RjDcXor8v|1EWb6hT-F{YIO1Un9CaNzOjR6K zn4TdWx2)e=+qPnQVU{rDco-t)-kSR~Q3H1Xgq}f|z;N0j>nWpdF>v4w0JA|&{0%i* znW3X_FWi6NXECtQ_+liY;L{61=ytzj_Jr{d!3Q38Z?Qm{y!;HJoPvfEONruZ;GX=i zMDMkQgie??!=eqd{OJGFhmZ(|LI@hI*3ldeZd{0he^)4SKLb5S)Kj_&5wN%_Z(8Y? zs>x}Bn}52v2AW`C@~{1HJvhxe>7~IvVTDS);=w;<5E#XSy+uPqySTuHAI+RaoE#Y* z=p_z*(Uj3Dk7)2fp9~o#rP9rx4RWe1JX)iY%*hU2=!?QJ-M2FwA)9h|n z>*_DVaiXF`V#X@t2~Jp=7Z=Q=9zT|{U^k7S%29Y^okT1a35n%Pd$LaWHC4(FrDIe%*jbT{?>51-D(HrIj>I~8lu8tOfYVS`cA8$IAD*XdVA6svk}_= zVQl}uE0+IZTyJx#f=vALpiNBwP%>dzy;ceA_|?)03#yU-6=uw~Zojp(k~{7yuKMzu<+XFU05 zak<~Ai(5xWcP!(WEL?cc4j_^#2?fHFqd{q{Iv!)b?-u4gh=FhUW@Dh3p>$SnHtDYs z373gi+m;=+0brAA8$Ppy3fxDPkKsf7J=ld zrP`c5tT+k%{MngvI^si^)p2_t)pyTS>y0oY0anZ8ci28ucn<0c1dn7jSusFm3l?j= z-pU5@!pB{H9aJ29b{;N{(XqJ*^*ZmFPhLa2HOb9q%}Bkx484MV+B^NcW-BliQw3k4 z^L_C5po)?*A^ISmLT$pb>3#N(*0c&iU;q2A-xFAo$wq2IVQ7@O89DZRK)IPYrpceba1wmMks^vnF63TyZ3+8T#F^&J0vR;QS(wn~<(>5S z`#O)Q3vG!kmyw0wZ1OE*nW(^Ln<3kEMarbQWZpnJH@UdaLhM4S`Ctf2HWqpfJENNuXN9m7q;1pJrbDOXE?Gk6Pmp@Q5VTFz_o23 zIc@OKiT)Y`x#TNKj;Q?hxY-91IYL}@ru~L?uW9VZ+A^#tqRd$ejJc_~Fb-tD-m=gi z=h^GF9hxtV-Z&XttC{>>II~J2%*>?{yLQA;eYKyJN518Mr;$j4W{*$(!CJLFSqYbT zLz)FwQ6?>Hd;EFYLGZPNzyC~bub9uVF6jvAYtO;@mes_3{_UvpulZl+Tmu6tJdavA zR5E^we7r|^=BzR8YPp1)d4763Q@Q+W*$y`-{Am6*{l2QL!o!7TS;TAw6 zl0nbgI4Ewgzb!wCyjKtwIgEYYljP15GLK$k$rccDwg=pFoc>{P?r>Rsh7G0vbn}vE z41zVHr`lk|sf@&#v$0W&1!Zdo;buSFP~+fWSaP(vecP(bntw)2c`dBh~FsEneaT?WPmA@AA_FqA0Q_E>; zQW2fw)b!fgPvGQ4mC2RhtllLGELb*aa`vMV^Cw4F&lb%*?K7Pw%N)# z`K^$I@2N0FKwF!CBBhAm@gZX)2^1mCz4l_h6Hvg5vAFt>48Yi5w+{#hw%@Ol3p@KX zlB#TkI3>0vgW4!5QD?*Zp)|!~Aq{qu*XmiHOHOv1AGWc51oaRzR?MD36w*X!aR|Kj zaJoZ!mDY(w1WPrrtr-qnLF1@NiwQ@P=*{)xi;){bkGhMKoE;tJG1FGxDh-$B+Q(EhlZ5DJ{(quT}I*N^EeN^_^WBqr z1jxQenIz?l`LrzVveP!%j+reqop29Pog#e=Q9F$=WL)yT5cND2Uc_v|$wK8Ng>aMe zfV;fYO)yyz8zPR}%84jXS=| zqye7skmrI}=;};?@p@=jDJB z0~&jTSXN$EKW-wEdj3d=Kwv)pEi^z@GOK)ZV%wSrb>{9Oqow_>C4$eEga2lT=2i#Q zB&ilD6x~;%%%VAqkZAK4I@@F>fBt0s$0{M|HfCg3ogsO58)#pO~Yk zr!6z14y}a)dFo`eqq;1)&a#}q5A}Udv(`Ur=rVMJS^26b!UcsT73|vsAXgtz7LpK@ICogEInS*_`>kJ;h;jg2S5eqlt zWRNVwb(>0699EKu_vO^OT>tt5O}wb@DJdfHd8*_tL|P`)A_|8r8KZM^$fa+3R`8s2 zyv=6W2BmWS0+i-?xU|P>w@=B;Y};%%?AO8txmCB;3Wb9}Zga_Nk<8=Of{wgb3Nn+! zsJY#5HKV_@JbpDfMV;pkZ_E+47JM-z?zue`Wme5^a9XUc(08HL-n8iv21i7^Irf(P zv+9wNQs$U~}dg_lOz5yEgxZC;y)CN3^hJFVHLnudf_=o#8^sN%zNAz39MjR}In-RXj=ym`E%aG(HToI{>AjwVG6pdX?VLE)k8rPCy zqDbADVx0QuO1oan>LD5_85rdW_ZKH$rfj z2EVu&wXwZ>q@cTgROHC8;_Vvlm=Lcd;b5T*uLEw~uz%%v>~Q9M`lL%Fa67Wh z6^^%-DZVhMM)j@DLuc=Bsr&IgCqq3N$nPz4AT{Oh;G(Mzs4RY?^Ws*}Vosfs^m>I0 zGdCDJ)s`~pPeYZ$pe{ZLZ%>>JTvK$k&>+OgbT(Hr2?{vfTl=G{Ka;&AVHKbj5|IFK z(7<2$l3ws?mI$Dfudhraq&ReS&G>>ghOcK5QxGxntwVy*n5V?UBsFkXTeDFPkvW|l z^>_LGIV}TjsJhL7IwxKCUos-PZcU9FyuPYiA($@}j0|Hn2!}%oXm5XP*}OTH@IC)4 z5}}ITPbD$z_HgWB%SEdS>mn8G`bX2JcfUgkuWfApLd)dCcvF>peBl8M2}Pen!3p1l z*kAQUpOVInB8v-4+Owt$-(BeYKMkGoY`NblPo>GBfFk?eYN{ zqDip`4>oOf-8$c*I7Rq_x!$0bD=tRMnblVCbd>pf$r2mFXdtX=J-%TLH@~GaTh(3w zzbO)Ui{#$$$MmUJ=5B2U{nMS%z!Wc&jw-X@cNjA#Sli6 zS6PW0p>0trbccMv!<3Mhm?BR){Y5AEZvN5Yy|+$$Cw`Az8DU1+yMcwRZJ*|~9eU0+ zDdbpZeN)4JXF<2cvv4JoRV-!&kxPXS7wj9{Citeox3+oMLcKi%l;|#D!Np2pkGYU8 zNKRKLkE+LvU3;r zA^xTQHwqKw?#ST`{1-1cs{D-{8HLgC&gl%C?VFWyMi@xKa`Me1T+l0R{65zJ(!- zPN^eVZSoTn&q&oJ@5De(muu12QO&saC~t<8^|9V}=UR=WU<{ zJMUPvIMhB^FcvE&$Ws6I!gJR}M8avdFg54CN?*t8F61(Q_J=xp${|2>;V%H_UZpm3 z_v3Enk3r`@D(qYhS~?nAS2kAq?!N;#`;S*9#z(ukFNDu9fF;ZtR75-Oy#pO|7C$CA zR=T7&uu~ngu|?e93pCApkR;^@Z$_a{Ivr8UhQY?I3mO*i&<7ol^kONpTR6x|ycZiy zQ}iVH6BZnZn|b%y1-8nHC6ChrR}C zyl>8h0OdeOF2OZLto6Q|bDIQWQ8yC25&|Cc=MA{1m61kgg8il}1WY4FoBlHc3XJNR)eH%#IM*gNhJ5@NLP>IDT~lI?lQH)O{% z-6l6IQ`gM8EYPvgvUr_1O~P%74P5tSLJww_jj|aa*N4Nue(UV?^fG0K-*!h-tOiPr z4^7^%dZSk}W8s2k{8$+3)#0rHu|9)(=!3xW(pn|obL3Eh#D08xn_ktSO2v=KJ9Zy!qG8 z0~lIZ>efKiD-qJ%1(Y+W?YLnSJ+qXnIgJP@O%po&g&?$yz;{FZ2w$h_O~l8q!$<~Yev~#J zK3E=nrN~6YyzA$@(EhqG{?ipbHDqBDHaqSnwA!hzq+HPX$4r1<5QLu&y91hw69Cg9 zr`LvAOaI_L5#h$T=s63Deyo5x+rQe9vIuGX*%}!A^I8j*2%Sn-cSoJYZLvv~6z(Ee4E==KvgJ zG|z>QA{8otySB06ju(DfDH4|f{n@E1}K3X31?`~U=M5fbIC4(5K!Jq$#8uFS%_cK;J)O~;!09DbtLL)?xwk`T5gJHST4U@+FD7$g5jI%`j)Qkl#2myM%m z{b<-`{}`l(a>}?hFags1rGJn&D(yhVUfMNg1S2`(z)~@N9!K`%Zx26?K^B>an0GTI zTSf>{;~||JN8Xo0$UG+LwJ&b_+Q{oB;zBQk zZ4zTdV&$9y{T`#~mM#0{rLq}>%`RcLF{;^*4>$sG#ynrs z(%#L@iIR%HriUOYFzS?!01_3q7Q~2^XW^}oUPFIM7B4-$vjf|qins6%DC~^pv@W6op-qY^@pIX^Mt&%Yrz>I9#JT>EGh>Z9{8_3 zW)Zq(`!>~adpYF+lzapK;K9_yBpiW5bt|NkG`TghmHSj!RoO~1wf)0cEwCzM5e?YO zn()T|XsMZ|Gyqh@JZ``Aj8f`GpTT#(mFyJBq^+O`nCkiBs4lP789zjr9v)*q(?u!- z(7Ks)_lvUy z8bQzPC)v>WX1a^!v4YMp!K$k2x8E$Ga}5sEqY(;UQNsp+igt(B<9UgQ^b749yNske z3pR>I3*;Oju{>cn;u1Nou(pt6csWZ61_4GyCTK{+HMx+*_ooTn-KGK3AAn#PQO0TM zA`~w%q+h8Z^_K1`vgOxuS@Qni!ValHSr0Zv6Rkh>6YR_R=fNmAV*5`gQ33w9l;XZv zwuOYjQr;NiOwRg7_S;S0n0de!;^pN(HYxu8E%(SGv|?C>cRp@W0Fj9Wk>f}o@LDwI zG(ktj(Gb@DBpK4pgy`x|(rmRL(p+_g_Z!ykdb^T}B+^`D^??(XzlDaw)IkGWk(SdX z6E$@P5j3FpF9-(ENr|26wx93bjVAaGK#!Lnz%Gv_*2UKU@a)-eW*dS-E#l|HEh`h< zQxGRJ1;=ZY6F@EkVH>IlMTxtJKaGdVr}|Q6!qH?7!Ku=)Z1x~{ST)FN_Te6-j9u1) z;-IpwgDx`{JDisE>Y>Pquch*aewi&|)(sD_f;+HIyZpX?5dPaaJeRt@7<6@nlzNKo zR3C5?1o!0$vqv>gG6~+t7Yyjm-@=8WLKdK;GgU_xa<54|q@ib-ZaNMXCu&FQY}`EF zsCbv51!X*ao@I2&(fFTm0WRjb)I)}`^7`}KE)w@R2E+#HwV~{DIA^Da!H-H8vve59 ziT{ca>$nj0ptHf90TjfP|* z5K+pklzc?6Qug9-s4fswcE&cAaND3voy5rq4!jD#I|?SQtH*wrlQ$oG?dz%(Q+}#h z%j>R1>}if;5QEOTl#BexH0t$Mh!<`sx*H1ByhMz@HVFb0(lA%J*Jv>`9egn|ny`|h zSYW@=r(3IcqltN(7PKjkzE;ckRl=_=5^k-5q?K~0A zfm|4j<2WK9I%Mi^5IZ?OKI%m{5QjR-sM>x70F*A1J+CAuD~}}EcC3G-91!ngni^Fc zGHP{9I3u?GUiGA$n8tD#7I6)_eXnjJjwFh6$8343%a`)gx_TBP#6rK z$zbOT2hD6GOgtc9o{>`~HL!+gQl2rHLJ`bbzUu9@R~7KJIoD3SPNR32CR9Ip~^ zL8EeHCj3NvVzDtY% z)!s*p8m^cWk{kty(b>aZG*WdtAR9|Q?*uX-Y@(dcUm~>#wK9iR!n5|~{rPrYLuJJU z{zfW!Q23+K$*1PS{10o19PTD7S-S797Mm>tKO(@reGGXGq(!i>cErIENN*44Hy6g* zD4P)rhS(q|58~7YebK(3i(8%)5NA$h+lRC3qDQFtXwh~M9okYoxWH&SN$xRM!EHl~XLO$HaE@^3M}d{lC$oPFAI*iPw@H4 zu-TnE$g8xE(f}}!Kj;NLMpGg9#19d@my-|sa0Yxcw=u1YP-N|~JlpVr3>8`+cQhYF z1B9pfY_cLht%{$}t}B|6%+*@=1AKLS`jkQrV*wc8q*m&Bl9@Y2JnYIR9?v_(+a$@=KjG1@Ab%#u^ddyB=v9P^nmL+YPtzJavd@be5 z{YDCUd@mprhbsj2$mji-pX38)6nFRWD^?M=r^%*-sT`qAv9;STX+x@4253vt5}xFG zR%x z%TP_ouQqp^G1VEh`#L`$cz$pY!cYt8#e;U?C-w~+V!D|4pz84}bM$nRQKEFp^#t(0 z68S5YlQ?0a8m7Xl`VtBg^FMrLKtIIH5-th;kCTXi2Z?pEcSKIpPOzBbhRUWEj;^a( z(3d4p1_2m_gB`8Qte&4hi_vyWUR^fV>V=v^Vu@@uMo8+lbGe5ZO$8Ed0ltxuuv;Zx z`10;M(v}t_A0XuM;4%j}I^R0jotulh4%=z=oVQQ(sZ=>x4sc!VkXu?CL`|RA#ZaIq za8tm@CjI0e?*HZ@EPDLrCIE2n0pqk^Ei;r@H0W_SHtm3i z_$)NS2;kLSy}d*MI~)*&53q!Z-GfQnVV|WAicpk3i%S$wCX`CRg9I4g;X(uM<$Uw+ zv%`6nB}(Fhhz}@^w(6f~gG_$CqI%fVA(0+qY-Er0yMINJC$vi3f4CalGw&ybhRnc< zf=vWMbXLz3#VssYKM6+|y8W(*!;4$`H1+!eFt9?U20%-c2D|_Ks=np~DB0P`XkLI8 z3knGKdRmFEWpNJl$*|of^`{27GfiK}RqIyfum+_>w%y@I(gbHZF;_KPlv#wws~NS! z4;r=w&5;8S{eg5_NR+j@p7H)owL9s69op3b{Fio&k`){Z@CMnm<3%6Rl6-L|&IQlg z9e>vnZvM_>1|HpD&1OE6C*vwKSBkg-|W8>=weSc%cOonB35<_SUU?H$kDQ1NiuJUgR z0_HLS5rUNSv+RQ(<{{wVl7MQ1&q8}E8QFL_1)11#yt~CN94kr+i)h4w_fYAGx_lmrIDiR zAj&(L2zuPJ8l{_$^tc~M(#A$czsiW{6|Di=Gy|t+`61$8g&&oYL(yfl6s+Vy?}I&` zQp7*vWMD_X#r|uxRVbJ&Tw&`;^p00Z1RLB%59O5iV|iu5ffG@totkl&Todq7?mNF{ zr>3VA?R{ofA?bo#2(Fw4W?ZDsZ>qMs>%(Xzi#sU7$JTePs+Kafb?3K)9gq32;2a`F zY|MmDa#mC^h}mVfL3EXZx3nVUX!C&3R9^Mtt+6E+A18NqK>A?uw_5dyK?>xA$eBc1 zYW+`n2zj?plOF|8q1_>J4&2E>zu-W(_+vIJaFu{OB;})<{Uvj-^P{1jHu}v);pzk< z5d1)@>@OR>JXF%Lfi(chTxE?BqxWsyLz`zEpu0*$Oe)@&LJNYu!Zf^$T>ERIX}%%? zi>xFc=!HRr0x|*#iN1UoPy`f3Ud^nEluVNYQF6Y*=X^2T_H5FB|0$t8^S=i(VUqIq zvSxAo=hHpGwQAp|uMgTzsCDhy?ia0Zwqs5yjL{4^CMq4h~wzQuh4LrG9c8 zP1iB+ojeCwE7^C1gtzBjOaSoa53MV{$$nUt_avddV_e4dVx?igVr`~qwc4A7Muznus^^5 zlvg1*DgWL>$RH`jZR`Jz~5$ON8zm=~baY!*T{g(ckTO48)Yo=iP zQz=r+s{O`mKFA#^Yx&dFV2s%DJsVe5t$8E)Ym)8ttvw+?Hxh}AnBF<@UKy*Rot>Ji zb-#KO{DQZsy%cBY*|=n3It~_9yatj!Ftg3eKMr2&Ij_Z6y`60W9Q8&J z{ym-X;Kyn=?A!JLT*LSWS8nz76?l^tdrM#6%Si0Se^}(RE&DZWT?E*z1})!e&|lPTlj`kt z1m2+-zmTMbtTh#0ublgm+0D24oJ85t=Iss$e^P8djyH^J6ch1~M6O-0hcQB>tkyS5 zQcFkSO~? z#f(;h=T?WGrmKf-NzJ5h5QT?-3{y3PsIe=y2Xhz!vSlaEf_l%tt1iO13*&4N>fMuh zo4=1h*Z$dl8?t&!75N;orbG2*vpP*VkIM9}`04FNAR&+0 z)f%@E9jswih5627F7_r_*rsBIq+R@_yl9J$@s^X0*kMN~~;?n!jpV$Qv{NJkx?mvzuPm zU1q-t$Ot_Gzb@kA6Nls7oe7~(htI%T!r7g)b&DCXHOUj!7`D%Fk%u)#kY=ieEFC?~+VJXie!m`vx({GFet0*I2=0xsQK#aD zLFovfgq`1ed1NHz<*)Mz;sz*ZTYk%+pVCNk4huYP^GJ4{C zJ5MXxcL{R*lU%XE3W3~(E@`ZKGFuyE0Q6i*f@T9cVBZ1wwz)bqCe_&Vugsd_&`YK=GlpPw(x5+ z3o@Y*OT5mYN3~Bt9*o$}FH-$;G<~K!aekw>yf2^jsg>KoVTTM9Sa=*Olzexx;ay?* z(O_|!P)@#YL(Ft>uP88eo`!lYpL|-U&nK*x`Kn!e7W3F2_+xq?)qXGbRQRhiE%ai^ z)Bk++T7Sz7nL%gymXGlF!j=%ej6F9dR%K*c^;@=q?sDmF{Qa=8*zYe=9|{lwaMF;? zf(7g8X^VD5UJBnmIFd8P>Z2vr}|=KvRQs9~oKyu?3YA zT-OT&Dis&8=VW0TF_wsGh8qj)?}Q0advCH*SIFkQfX-n4`Ge?7(?rLaDOUu}IHB6{e#{VMPDVs1d=i zd#|;kcR+)$ayuv!=#4&*te?W9Z?N_a(mDMI(1J`am3tvE=|*`!Qlv>|_Y=5^szFR& z$q3>jUmWFi--qu}vJ7YeX9J*X_hkri3P=e{BAtexBjtM zCsM;gOaXrAbX4w-$q%du`6xeV&v1J9TLN0g6x+_~E8y z%#^S~Zv9~oSi6Y3ocHxv5_-dxNeG6xSgtS(Yo!8_!(hwcvd!Y~fCi6n1b{+4v^KAH z0Ldeh-|SOqM^ou%S*8Dd7h)QXJ zP0aN^gw6Oe?f&ZOM#y=uus^(Bdf^y-T}aRy)#$yZ=A>~JzGERXoXzc&_3Q4ib(-<7O>gW5YzT~>uK)svy|$U2reh^SnG{{40jAYIm$HN3 zNoSW@bzS@sZEa7rgi2Z}x}=J2I^R?b7ix=27F!56L@t;W(9=0BSc90Q!Umz)sRET* z03Tr96mK0>s^TG>+p?gLhW+S-G!ZU#a#D26NmJ-1;4Wuvpxf&<;|kn31n#N^U?C9h55`2i~4%`YsD&}tx$0myyx+sJs1 z`Ws~#HPo+@P@o^k_*VT@O`M@=qi_$(@P|=4^ui$n=xYzeW(|zR;qBm8>DQwY2pe75 z5-8puJ@1b;@A~URFt?A6rNtqD|BOa2Mm-!4liJ5%tfhFrH|*ZthO?G*yU2pka=u44 zlSKSQXR)wYBTiLH$@c?ill_`tp;p;2h77zofE9ExZz<_AF-J}I0YcF*@9Fh)W%6wf zmg&wB#^!2IEywK-M!QHglWN5?Ol%ELil@xlv$>2~?2ErJ6Xd2%Ag`K9tYhdjQXwI> zuQw=m&6dxj>ebvaYG!eXFis=x9r)l^gvumq%zE^RiJrxLwJ$)fKARz(84gGD5wV9Un`9VgD znIuK3k@zpU>zeDR^*a2$v{DrCy{fGX9JJe)`7HJl9`?ZWfc@auX3joL_0j@23^vut zGNoF((P&IX4IuvJfJqw$@=bSeCS};=}iT zOoEUEN$dBcAJw{`%4ZgqY9ImqsGPmr{Kh6XwrWQC0RqOs7N%B^m_1$f#{S_*Oo{}? z?%8)5C_dBrR{yyYs6&e$Rfe4Rm%-kFNR9WvQ_z~yg+m{FGNpQng~qg(K_xHxQD=ez zaq3ee7T!Byl^RaJ3}!S6{x%HVs?ex3fTGsFwe1Zvmz;y|?4HWHs@eL__EfV%iiZW? za0Z%emU?m<8iX-eaj#pQ*HZlV(W~f?EOl`^2RbtXiX=Q^!c{L-+=B#dFH1AOvlaSQ z|E%_}MX}hsnm2Z`7w&oQj3KX~_(saN`$82CXQSy1t>S8CK$R6)(2{5VJMo*U(*euZ??C?Du1rgYtE{#jc``Rc6l@zbvmwjyS1?h zRZxa_FdL)3MZN?TRma<%u`AiifXvPI+=h|R;3z)|aIy+A@iWs(urxl6XKJk4frWf0 zlen2E_4UVC9ZYi4-@3*80M9$_wK)dGXyrg<3~A?O*8!=)$C2ftjya7?|9t&$HTb@Z zZ7OPGxe&8C3LYc~8K!21y6Sep%XByXF(+bt_9fN~0upLgUt;o|w56(LoD^;Ec8W8)NqjX%pOR=gE9jIRAMp`#E zCO>S|6)VF{LG8@x^*8uZrHt@C{|dDp!>f< zpImfEgLd!m4C}%)0TxY0p=MQ+;QElk-N9gK?-T9WHB98MuJcPSjH{V~1KM^fAq(g* z;iuQS>YI;^g1?8Z=d$879wp^R-D!9Kh%^#v%(?%2kgs&CLW}U-Ak?Lu&h4tgYYlA_ zjtvU$Yg{BNEqs3Wa~~b-DHVyOkt{e5oi2TzzQVV5UGJST&9Mo!_=#wUpIWxZrzzMM zRmNPkx(G+RPrUiAi3Q&;HJz`6KgHLr`de*A-Jq(K7<*#tc*+DTWYT2j3NLOLkq#iL zWoPQRyg4g5`8wYhA@iTb^N-_M3G|Icv=V9@z04gH8K}0T-#J8Q1xz{@wCAYsHV}EVgOC3>c0N_l3F! z=LUFQ=GLu_4+3w2ZTj+crO*T!a@$0E`b+uA?fC5PU(#w8`?=dAMe|H_M$xV5LOE`C zEFx0GT?Uwne1({(@5E>7cc~g>q4;4j=Dc0!RF^?&-z1Wnx&|2_@whwLognk{@Wgv- zu74zo23jddje~2`5I$-GBI?KEwrTSp6eSmd#j|%s#!(})99nUYy5FR#knoqO4)-QL zQeCfHhm;!OQO-+Unwi(ct+2Cb2O))aX=xWHG#s|}@bHk9w>1^WSDaEJfywJA#6n3@ zez9dO_qbLZx5Y=)s)luZ1pt{8O&f$TFCII&j1Emp1r?Ta@&Q%x)=6t)6S~X!pCbi? zANB_Zrf<>pNn&E{FX}U-7OC*NV!Wb9DyYd{xF22K^P`vdtGL!t6b@Y@RO$v^b!kMt zHmE<0$xVff6>GxjJU|)BrVY3E-NO1I>)KR&UiD(U3nNp^D?QpGb+~@*YB&34J**l( zzK6os+!pWt8L+L{@Iec$J0Ec^MjV)*Ov&l&swK?9u>5CkhpOabR`8xl%d5NO@Eo(S zhAhN^702|F;LOr)X8EM*Wn~Q_e%H<;UQ*v^yZU8eHuWoaxKQSvfTmBo+)Y{4hC_uU zo8QS*oDHQJqvX18ug1gRt=Wl(=}84QtwAOB)<)cE$OeuKEZ+Xc?bAFVstR zropMK0i`mMWGoz$wodGTNd)ZL)9yJpes!+#L%0^lr}fv*Ut%_A*i}M$_rp}({&{*g zu>gOgz`9A0F2MC~5vtU)SMfodd}!VxsI@$}{HUGIfmtFYR*TtdP}*ZyVw8B3q*&KJ9mxBz6W9_r%4Tyen|_k1y!Ip1ljqa+-4DI{wXgd%lb|ScT(j z{V}_%LU(1_4wFe;Niq_zF|g2g^Zm;;nyT(xCtrh7WmaqF%iAJou$thXc`fwOn0#I* za#(%6nz@^Py@sH`B!muQ2Tg*IYEh&LyCAM0)I6f7-yYG|rW-a(Y z2#Tyh;Bt;Z{LA7}{Qw2bQN=VDzt@FfBpK0@JCKn6)4s6IX~&Q)X-n%HZnQ9g__UJZgKFxLex>vyR)H)E=)J7dy+rRU0-qt5rzbwUt4sO zSveMHycQ<*@M;9KW2l`9b-s*T z5xomt8!a4HjY1%MztXEMUBlS@5DiC_)5}W=R7-z2Amy`Nx>TmW(Sye)2vM#i<$j`; z82+2G9{kEpU_QKjE1Xc}udk!cIM+zDO6GR|tT}&6XoW@s(a2>d?1L{ES=Q8L-gVR_CHvC&cLw)Xa5z^2#*W3}Z?tHm zKS)Q|l?V_ukigWzXz!BeZ~NX_>)xv)qQ|9MMqNg|=sbbhB+cJ-uUV`Pw^ttE55)XU!9pJa~$ZsL-}Fx_}1-)kbg-78)6 z{_#q@`QMGhSI3+zy>%#GsjaHkWdo?FW>%qZ_=dZ=X{4jp=pAI#`79X&iU(1=;_j&2g%n)!N7rOVJXuTgN zP8pv4cn+%6E?4J_|%wBx&$7o|_33lM+I5qC$-3f0BiH#o62mM3~P$;St0)%>E0 zbL0d;(NrR={86P@5l-lmQ-@XONFvh5)mC#7Fkjo*pZFqX>;1px67p$dOW`6%eYwtp zYslb0JSxTSe=;iPYDBcEINfj?-uTj&58*5|3hw-aTBb;kO?Ylc9!!Va;ajbJd0`2z zk6~t$A8Ry8-7_19 zP|mBC_F-yB`h3s)1?tX`i;^Mvgv#ruAi|N-(`Aq(CG&yICbl8-J3Zz}FXXvbP_UL4 zNoKZZAiSpRVPdex$YcbWCiOJ*$Zf^jpXY5A0q3g;N=s9=`U>fV&#~m`A@8@6>c-vF zBMk~`rN!BEZDYwtD;jRIA0F$7W{c!WV~r{xzsHZL>zS;k1P}FA9gQ-XLU6~SRz8DJ z-WHg%`+YPtJ*`>RHFd-);zZcRm9^*lj2ESvUN-*lP6DwEx{$r;sdm2>MyloRv3ldjB76w zjbe@{d>cP)z0hYvy^;AByJ|?oxb8S{GFmk;J0k4dkSYx5wSVjMHp-2c0~C1ivq{)u z^cW#Exwc`4!LtEsTzw<-3AlqCfvy+gQEzBg{gX>`XiKu`*Poz?!*=T^Tl%b1?PWod zQCyG>=x_3gbtk1mHxiQ7M)U6uBbR$3V>`hbEzhsc%ryg->@?^sQ{|_g_+i0>$^Mz$ z_sRslRly)mvjVnT^(dV{W6y9ILtl|4PRO{vL(~!<4W|&<5wFFiyzXlnDP-7z)E~c> zwUnoAHQD|>-|c6!Cm{s(pI)p#P>Am-Pfoij98=4VV z4boyh4&yp1E4PWDLH=qF-uKX}cE+@BNl&b@N%WL9sx>?4SfLBi1lU>C`wOLyFwvYg z1i^q9>}L56q>;ed z@;oq1PQj-m-MV{)^<#4uuDhr3Pbt>Oorw$OZZAC3pN$4Nc8Ot9oeAEDfX-JlX4>|1 z)y(`Ias!Z3b*CQ1KOu_b(e(0Uc#Af>hG%|pKxQ3a#w%~YOzanIUb#q$c%?_GUN~~; z)0OyCEtFO)eQ=o%J%ZfA!pg8V7v66Xh|WfKUNKi|k)A`REl-4BR|Mcd*@)`sM7}KP z<+x4vtt_@P3nJO9G&59uZKsl)7qG0o_!z5Wf9CV|;t0WJ++q6##1g!Zm_hD_jb*1@ zky}O=ACv6O<&{TC4i^I-E>#0U;RsJH!P#>GU&b=**PRHBtPapniQ&_e&O&Fy3?wfP zl)VeD-}oaxI*%pvivK3>soKpL$|!xDDD*%8qfGkYp6U|QJWgT!qJSW2Z2pCk&qQq| zkKQH**ql{f&l2TA*6u{1R5MW*CuG&K3S>d_VZXloi7pvhz>uJdV)IbrGMoJFbmX*O z$fGn6*FMoeQ#`~zd4#@NimpZ6_krkw@|WtjEX=`p%ccc; zg1cAd;=h$YixF}AR&f&FEjuGXu)OSuUdLDdK6Uk75|#{EI3xyY++49?CqX(lXD!zX zxgKv^ryrOx{A0F(7cTqy%$TvwvJY)&S}5jKUXqdpJF!OH3z>k4&oAjDj=f_8Pqw}P z(JZ;1ca~K~WjwTl>ruqw>g(O`DSQ?uG$9^uNT(jrLo@_w%BDDwk)|l8mxLTLDe+3c z>fzl4LU_iWKp1v3?fF2e<#_=V@m&_O~ME6{e|z>>dVc zX9sH&=kUnO)ab>()K$&X33!oJJLwF3=2!B0BWZo``hTWY-0UQYp4J>3YAecH5X+bT zt`y99EYLdGx$o`&lA!P`Qtag$vpgB#^g0PqGCyp00#%o;Za4Czy*r7v%Z{9@u4ryh zv6WiI&MAVskskDFRjjy9Rh`eU>8P@KcwX+G9SIMSN^-Ggg}i$fsgq=SN_k!D6k(5_|O0Q%6}JEH*gj6Q}grx(EXVRQ~c*B zH^r7KnzR13uruZf87>NtrEymGPso9rS!SOz?!C^bCvrL;Lx@%61k$!gGqhrze zjkNIevmBPQCDG~Mp=O$xO-HhyR1LeZ9sY6cJ;3HH_*P&XILm7JlUZjvGHSRZFEvXK zn}`e;f1#zP0LNRdzLaF(l@@t;tqav!X&qJTDjZM9a%QEE^ z<9B3CvJ4>$BfDF2VOpPj&_rH)i|@0&;0UKFE&lFoQV9~_8UtV^_K#0!m?f*TqF3y# zx$-BK+f#PQdU5C15#Q^a+GZO*Wu1Pu)UNwY8d&8~xC(=-Yqa%$hFdo+pH*VgX70`f zd>$q*r|=%Ip+T0jPqBB^&t4du=HuH!@9ht?r4+M%V7_3_3r9iQ9M7hIDJ~1YKIaNL zr5-|s8KFVcMb@)73*K6WLbFhD2*l^{2mq9k5TxY#Z}rDl+V3}hY+K}#L8OWI6mCJA zE1N=OkREDd*(zZW6pmXsfuB;)@dju;-}vU?8wxe{z}ZAJG?lLTIdmx51vupiyRL12 zHV-x%j1@A%shug@#t}@6pUmg9TW(q|<-J!nzh4Q?xM~RshbK@9ewJnlZ)hxaKU)## z=cW0?cl3A2S)(39gdsCI>#KXm+vZQHsIMw9JjF}Y{x;=jObWXEeue%k(XD{hK%bqh zt>s!9_i2&SS3(-5?#6csqxC#MT+MmLmVHE)Cj0EuQ_6`2XR~ZC=&>^DiTe?`$9by3 z>aYR^7&^kMl#Yi@Lg9S2B85=3Pia{9V`vE<6l z%=K;0$na+DdiXxj7yym1(R4_p#35%j_>EL7B|Qd>YiSaZY#ZxL_e0z?-Dx0xh25O5 zHrE~_hhTHbNt)_fIrTdteIQ!td^VI+*Hyn!SRoW6fSm(Ku6^Q%TmAIgACZ{!>w-SB z6vhiQW`~3hZPPssPACPu9kZ{UTb{4{_Eiq9#Ni1;6P*A$$p;OKRzi6K?qziyNN8I1 z=D0>?&L$u{VWaPcmL5zCt7jY^biDWHs@e^|xC}9mRefshT{2^D>dkc}k$8)?vvAiR zuL52$qc1;Xw=4RHx&WfW05FS!9P zRS&G9@M~zcD)U|>Q{i4T8C%3g?1v52$!0)kdP55&dIhucGvw_{aHZ@YLRMM*z%JF_ z`X+xyI=S6C&Nq8Ms$gWM*l#jV#=CN24e04>BmSWh?{19Xog$tz^me0!HZmwfdg~Fw zm3ljA3cXym%|YvEbAJ6!d2#R3vBj0qOTC@K3krs z7Z=(+_!_}PrTt{mYbuB2BUrpMEXek}CS0xFh52SBaE}zKz}eo$`?I4GjX|8YKpGo) zduDcoH;fmf?WUblA^JxSMoxZtfWSh?FPfvETwnMeCs6vzX(m6%#d~8uZ=TND-^9Z* z0@Vh2k^4cIy!I=Rsv(;K20exf=Bn%jiQzp~GI81Hap{=2J=+$mqoJy>xI2j**>C}2 z0|+dzDvqCDtJ@V7Gv6U(ZaYC^FO%RT;f5{-Vc83ykch)Y-s?$%aV?Q7a)94#MM@%1 zm(nYbsP!eo9@^$b%gMn|-FD@c)PcBt*+(zt68(MKi{}Kkmw_veh0U#latg_ioZF5r z7e$D0Dd01?h+pR4^%37Z>HkEbd<83~R$SbN z2tM(Ro-+PlzIfgt#GHz%X&o9)hMSA3nohPje2JI~I+mO;hIU5AWCi1-!+_?sk=nE> z3QyM^;%Em}|4v4a%Vx2P2JmCgqmx^W@)@)}I-!hL4jFc@Lk=e)mTjU$v`?Qgm|O}Z zkmIJz%C)&2esdCtx_IHb3cBRR!iu11m#6W>a?l_^_C^(d4$=@Y>UJH^+jFd*qK*sG z(L%+K4KLouwA+6a#g*-|7F| zlOdY#=n$kTRC5g2V0M^TuGNcLSkM51GD0mWl74i&!u_lO1l!%PV^!@k;Gy6JrrH6Id|Zg7syL zW&2tM+)m7<5!f+d33MUs+rBvQg&%PPy+JjR3%n{30hX(6WB6v@Al?EdLiSuxaa=4U zIy>zWa!xYZ><$`FS}$@~f*_Ko?|iv8jR2GQo0__?oZ*L0MchAZHsv*vza{bQc4E=> znC0i)Oc&cY{1(9UxjZmpM-95m6#5v*R3JK0J7dB5YvTEr0>)>L4I(`zM@}m_whu*% zhJjwP$pN`oX(1O0sFgu4RH8A9IBcW&0NuL-2E;-`6%dRZN0lEY8{LqFfDxV${g@8q zBB9He%1vG4wD?g3CHZ8$hO5<^(K#EM@dgSaOSL8?>s}6mPRm0?0X^MLE97USZ4`KG zR*kF*x@gL1N>r7}14;MK!ZA>OzY{JOSVEi$cvMhaD5;gX%Y!lkn8vv0Ph13Q4(=U> z&|OSVZ%~RM)U*k?I>^q9}h|B%I1PlN$szO;)-*WMYnDWT*D0#I75bpqupJt`*{x4CAW`8HoiQHh7{1IeX5wC{49tA_A z3vj17bv@igm0`H4KmnoQrc7%kYFnlNFOJE_fz{0mT4)c-Ps()G-fv}P0vo4o-}pYZ zLovWCS4gKTt@Eb}G9|cR#~N(b;30^U} zl^NYB0x<5aI0rGU;7l5YeeBaX12KJa^c*HJ1j#rF)T;217GWeU%%c_W-lfJ5JP`pSOiV{TL`wU& zP1;~V>?F=eYV&@Vi?6TY$SuYou~gPfW^UKy3TaEnQrakNHkj*kq?W^&_WeoWLL z9lhJfIx^9j(%|vg7Y|Kx)zVNbf)*Nx_#Tstk3-PZ37%l*PXaC=8o2};(Lwm!JzfJ7 z94mx!d4%lGQby*dWG>n}>z|FE%t*j4f!`#NmxKsS?wi(m$Thyp4oxF|-Vh`95b7O^8#MwL6cNG*1|BazVNyN{ zNdU~@_V2s=UL9gSArZN5otr^Y()}NLa(Ml5s!Zu1TnywSmu}4A#1MERQwgRZCl|6M zCBR$l?cW`du?Z1CycLuYVTupj@O{`uN7iuNwexViA)!SJ*PCJuoP@%ePOa<~2iJ%5 zR$J@?Y-hV^bD4~r0nKEXv^*Hlm;Q7)texS#Cf>D|FEhWc{nkrB;7NL?u5bZ*M{GeB zJK$M3S%4VHyPQ<&JoZ0&hFW@y9@WBtwBfm?bX4FF0*!_v8yk%5);h?Y44y*K_qMp0 z4<>Nw5XtyGDk~c}g#K}4#`gsm!KSJ@gi&|eK3emwvBB;43{NHXEp@f0rF%h z&Ig{G0AYUv!vtZ`CM}weHGRHV6oO6WFyI3=)hSLOi$IIR+7MN=tUUM|7V+nhPhCsZ zxgwv4iO7og+&54vbGbFW(-#W@_gCo>1GaG}hJpl)_$aka_W+EBqrho%Hx$D*HB#pT z9C-LY;K3oc{%rC2`K>4864YcXD-n1>?KoR}!+2v|NeW>bg=WuHuOc84?BMq+@?c}chBgQ@ zEW-?X*JWBm^JOB|4WV4Xhfj-<5WTZo_ z*aWie0$t18aSGdb>Hc7$&js*9VbEEnYW=~ z5y$++4JKRA$!%&2FB*X_PoE}bgd_u&LmDo!x8!ZawsJGeI|@yH)0K*!4ku}O84(yM z!W`X=gh^ibrC}aWqfO~k%=_f?yJ!ol?%kf4?gu+`Ux;eXDo(f{z+^)C01abwk-c`$ zMj*job_JAIO(hMAPGk7`O{Y-N&kSK70`=>E^+Ev>y0{hLxPclyw_}~WoGyZCvltc52+afR#0ff-t;JbDwR5?-NcZ}_qd zF=Fh;*-!yuwh%J%wxomj56h4U7_mOk zb<%z^CD~#{U?pg@qD{juA)C%wl2C zLW%=6*8xkOd=dNfA9&|6T}`7bIa5Q5)LAJIKkjRi9yult?uY-4BmEyt2pD&g*IkC| z))bNQ(ZQthT`mm7i`@75p4{BN)>HiI($tPJ#%1v&i`U`4?t^^Av_YFkzsXZ(oQ!%^ zCcxHD6cW>@KLx^j?>`Q|bc|GIi;_jQtfrR8Xg%k5@Z zwoL0>5qQaa*=1EjXI-c{jfMZIDOUwgodm2cWNw&}q7fD%?T?=0e518YsicixK9=Pk zk4Ht(WU!B4Tzp#6Oro#Qm6+b*@>3o88-62@5xV^(ED%AWr)TiLUUf3vF78fI{aIW# z`%HVJF_!N1d*@rq=66m`i^Z#1EMQnnR!&**ruVRjAAsTfh=?Q|v*3oI%PJ1exb?W1 zU(5529G9}X(xfUqM{@Qjlx1FDUie9-a8bp3*TF6WxpjHVUs(24E^%LIKdXa!(HvTy zXH)Q&lwO!TQH)yFHHqwe&pHXO7$?A5aaE%Ph5@pEcnPEd8C?o3+vCtGsw zR!z}l{iW*(A#itT+>0srvU5SNFX)<~+-dy}>rSIEtNV}#Jy z+B}$`E6?@)*|9o1JUZ!0m|Z&Fp4c7Y2OA0{u2kZRJv}dF@oE+wjKA8rlq&D53EZ$fUg3mj6b2I$*Yhgx=4}C4F4gK2^AD3c! z{oEJrJ*V%&D8fq!Nnt97$mGmT0&l-0X0}}e=+2G#R+WxByMecTA|tkRLi4nc`5(GE z?|U&Nat9y*OZtVBkSswJNJDFO8X^nJUR&>6ca2K7QrEOj{yD3q-*UCqq( zC82h#AoqahOOuk-D;;#IB1I6b!Y#(_E!Jx1GtAItc)ay;(`pO`+OKwGp`>Q&&F^RH z{s^#^t*ex>9p_|%P=Nq1NruB(bsS~`F$zZ zu{p&*xExZ*lD4{l`$@l**oT=|N)eN3@AOA;jH#y&o9yf}77mMv(yhRtmrP#&gm_jr z^RYZUi0z^^zYqvbb&K4i2vnguoSmd4fg+I54CzZa#6uIiTdf#AG#f z-k!ApDx8_2rA`A7s3XydoSKrW9=gE}^et z*R#H>J0c@bBm6ttpElxGWpbkx854wpBl-#}`hA#`U_uJxJSV4hugcxoXAk!s^u-;n zw}6O^$pb*Z1vt1HhsY3;2&~;dH8QbbVxyw{pgRBEX4Y|)sF?lpOKfb0)LN#n=haEL zNlA1vY1hOz<$R1BXFiCi5d{5yYwmJ2AoSX#WTIdO3B6XZcqwCMI7OqNqL5gKc5I{yQs!dh@E-hQ`URWHvU@ z39l0ecqXaco@}>H+phYM6MwkTL9&T$3F%7g*8+7mqy?JJe~>+dzz&rVkq|iF%KhTZ z^VRzH#qy>sQ2nEV;UPED!OlTKQg!lUVxtW&v#dV54?h-`zAiX39%4FMejAF|{}YZz z{$EeuPTMkG8!#nNpqIJ?_o2}7J*r!s!+HUrmrA^Qe{6oXQ`Y?-GiXgKr_V4huP?M} zv}fcDRMtpBa*Im>Mlqrvv`~WBMM*y)|K)Q%A{!5B#J+}cQQ15B46-Rd7e)2X`Ek@6 z#wwTp$Obl62zqB2C@HUBEwu?0vRXhgilpc1dmVb6#wLihu5&&rTvy?=U-o>`I%tK9 z8#)ilabRMcjU83%oWL93tSIjx!R=rs0Amr_q)#$u)D)}_vnqkp6}-5a=-ECcnzr5~ zepp7WghuEAMO9Hg781A(KL2|1ypjX=kH-)lCVWuNl&7JgtP-JB$T?~u2@%#%bQ~!} zr5Gr31ZElpo?2W5c?~yTT#tDSE^mh5=^#wi3JN#j`V9<1{W$1x^a@BLu6#e>Svi}t zY^zt6Z~OYAe&k4b(M7<=Cy2r69W2d`cGD=PDn&oil0S=llx@7BI%!anTYxyv4ibWON<}F-xmNX7OH0RKu68cN&y^U*vvVGe1dwm zw+Y`r{gUT78bz6A*Ji5-DTpvNz5=Xf)qv=bsze!LeFD&&C&b}FGFB6qfH!|6On_iD z(R&&^EDThcHUdRKKT$nNHjeI-)h){x-tVD1K6@J%W!yJhpH3Uz^SHpLa?;pZNc6}M zEW~iSiu5|e_N+ZSzGKJhvmx3tR9@pWU3cAWF!qasf%hWR_8{4A>8gOGY} zyLC{=C+8p#&FMKlg zp+;q{t3e)MnhY|W_*IclJp<_CN?{ax>`DT6DT!n$U9VRF z+D}6Dn2Xn$|NmFvBa816a0s#3Gtg)Q4;SR0=noS)6mWGb8?P%jRO)NwBJ z4hNHe@sc7DDlBbRg@CVhq>s<(Z{oUee{_63@@hrnEw%Lb(djh3#w6juEwk7Ai&~k? z9b#smnC3hp@}5jjvtqh?NPM6E4=Ys$em6%*H8K|2Y^e*Mwo3(GJYvqFWCCOfc#91> z^TMUL9IvIvuadce{sk2Kn)GwZ30Owv1utXDbrgPNLN@C05=C{glztl(sbqpXX<3jmqs1G^N^^+Au( zi%#~v3_K{1LcD*cxMD>+DMRl%kZyG~0C9IRoPp7L%Y4+tuZe=+ARdBXw?hstJ-te9 zRG{shq3neraNc?m3*??|EK$zG0>!z01r@3`Hx1C*VDhrA3bkBWo}U~;?!;S+D<;$l zz{=k-8KD_ZPj~UROWK&D<6BSq1eZ={Ss%RlAO}210(a*kLGMw14RB$eFZRixGU2sY zPF-OQDtVsw{y6vDz(XiM?+`H>N#&}$zv`|1s*3qJWPM20p4=Zg-d1E{;kmN7fyBh$ zEl9=j{#`7(581uznf7?!P+&uFFdv9^5}Fuc+Ecjcl2K??cY>JvwOYXL4!`2fhG}2WAZBdKL_mQZ>Pe?X$cju zDL|If{jH~J*{yYV)Q)#~5;>M!Ag96dvryHUkVF$H#Jc>j^F`PfwSJEsC@e)Vmt%viV8>0HSWvP{jv!PWOU#T$Q(;Q67T2xwB(I`t^|}0 zCe!WXA0l~442_701lDTAmc9rCJ4OomoguJ%dypG?VZNnv?n+pfxSn0sk0XpmsKnG^ zE$k=B4Mm(QI`yyEeL@avFSZtPxghewoEh)1_~Qmo@bozdv(NoNkB?Xt)oaSJ7YOJ+ zH_-3igMYT0klI9A#*Fkj6I&xLPm>Y?5Q_|2t^aj+%8siq7Jp;ZtTyPNF?-0=t|+wY z`S~C8vfH=CkJ)CkX9qag(o;VBpS^1s&gPJKj8FqiibLeFztb@(87Sx=HTvVoL*@#bR%sSryXnK4+C#?Z+&OXC& z8v=9^O6g=CcMAOdID!EAqe$~M=Mwi{9L47!u<#@>F7~^GGuVTVq875MT6?#)FEKLI zP^zdu7rYju+0DkgUXok;6BdG!Um^yi-p7gOW7LiGjWnA6Kne-1R#|Rn@GUT6rx2M& zw6bc9Q^xxzl=XmiDCn zZpEh($zFgPS!u=l8c3DY*vegsFK61_-={RhqpXb{XhtZ-jW#tL<&~#?$TX0g0CRC? zkibn2>qffYPY$edv<+M;)Tc^mT*pV~1A4#zJ5p>30ld2c(gt5BxSfp_Acv9+HOG-xLgt{q(ag2 z`Jkl;>G_)VI@2LE^gIfYrO_2(uObxz8yyKK!(r1`=DJ^)Syks=)x&#BjRA?yQH^Sk z`DLXIu_kFc?%7uC8D78%G5vcpKmJqj99L#io+SUNGELUQqcdSrk|u|RtZ?_B=Sf<$ zF#W^euNP!F|5%*rx{l1xrhB_9nL-wugBr8QY*!`k$zLs4bl|016ND9?%J3dibeey8 zu56DF&%D2AOrxn;016i$vie#*req`}nVvKsk|XoxbyvYUAke9s`_6Ga5c}*{$YV2C z>(@J#8(0GAfWPQN{|zHWm;JxXkslRyN$(KisO0Z>?rH&EMT+ur{rC7(H-N|6z~-Z!ts>6$_6^@T^@VkRwlt*8kJ=mIwaxcE5c(OSmYQ`Ro()$(&_LCT*C1=Dz4LwmMvk z|D@rTIC@oivn{T(UfJQmoS&~uCbKE$1uT-gQhxMg%r;wjVl2Q6s#H!PQWUy*#REU4 ziI?s1JafWU_MrXClHDqq6eyBRT_44sJZ}fS|L#|~%Gg-p;MV!=6Qrkt@deIl4c@56 z33Jku9cgFQ9M^Tl%BJ6L(sEi!#m)65lKc%#uD+iGo<*VGTaFGBNIY1A%bG`yk>xE7 zH%&XsEPmExZMc)2I-!5o23J381|4h$Aa-rA%**=-mIe7J3>$%r@#^0@=p84iIMrxX8 zf3JEfdvYpvoM+w%No?eVs97{D*jjmi(5)^TSZsYE_aVFZUhJh3cDAzEd@R)}hPDfF z5j4+9<%LKyuCUc%q%w3c;5NBhia0PRLoKOXl1p>|{oBvF8Z2hp-pu@aN|mzJR9&S?`+1 zH%C!DV5A(m!jm4Ooh7-?b=SaB2l&VN^gtN|Ecef08D*U9$V(d~Gx6Sd8van&&)I+J zi8xGfK8TolQF{D><2p>?a^4D!%A&4s?c<$&(*`v)zPr$@fpQO}5?CI@IM8#vhxJUK zx8W+A9u0fFArVdB#9cFdmxFq+w;d&n9?in$YG;4F>7@Yu{^3RW+y$qGx4bb@zn_MH zpINYjJGL>&sTPbba^O<@meHsG@L4iW%@{F>skwwG~V0B-0kL&b!Zch z;wP?_m4-)Rz)-#cNsA&~pr)yfs2(3?ny< zoa-xA{M(vaYB~(rv*&vCc-naTwbOuaVYCGRM2`%)F9Lx=TWKXkCHR z5VZV?cB^!JyhsPIS{}bC4zrZ_7g{z1)4AsN1(Ko18l4%yat1Vc$Vy!YI6uU;^|Op* zjHTG`VgW^CjK+Cpdm{{4@0IeD#o9Q&AB>7=|9r{zt z-Mj_cZ4Ri&vuZ|vj>d?y=m|7QQZ9dee36H%fdf|^rH{}?Aay2R{IwU^+89agf8SO` zS?t}up@jJ>-6*zx*-Fx(?8RM>grIexfINAN67!nm@b7|ww-5_^xHUWkC*i9L?)Kc; zW1G00Z$g8T*<=<3YnG9@a64MIZ42voK{&RMrKdTbSWlYBY~;Ca_S6Le8)dkhJh0Ci$XRtYS8Bk*8Q zL7f@cb<%RmAq6Igx*R6+{!DV&jX_vbggHI&Mn1Rw-Nf^Dr3Pa?K1+8L(hCl|r+J(* zVW^OM|3P!j={pZ|*pzt=4z_&0Ru8!vlT-WJ62`k2knfaWs{;$j}N1PRz@Kyc%S+Y#?{lF6sAyZt% z&$H%!QE!b6&gnVRnxV^9z0vKFAK)N7-W&92&%e-m_nj?GmY_ms78xzXo2j@^EH`ctG$9ONl<_mv0JKlyAm{9q;<%a=mZ!q*ORFC&E1$ z45d|E*tQ=&#P;{d@C(x8OY7*wg&o(Q+WKFqudv!F8{Ddg1d_5}=e;`hECLDlBUVV-;5UUu$GT zR+-Ij$y?jX`->?0ticu24}w=9&UEeXriG}TBP-`UuMYE1IFsaYg>qg?k@aVph*l~xb3)m>STF;e%Y@zo`pWR0!Cm5}Q%J?&p{&Oh4m%X{G6K*W zD5TbLT)ae`JIuCqzM)us<_Zcdy}xV=(%}2fER=0xtf`TlBdh)(sHSbP-KhCD3WnwM ziB0yddW(3X70Lc1gDO#X+4p%2Rn?sh+_aXtc>84{e^R4vbSnu(Uwzv&>%o;5qs zDSEpO&kJ9X8|kI~P@!}m6ks+|_KFE}TbkPXZW>2FFM^;k9sBu9af2I`tn;2%&tuB> zGk>0}X?^vkGG2isj#r~|*>{Oj`+v^ioyH9A>z8N9yTIW{cWG1Qkbi^f2Ze7eBZjd z3JMa=5y&uu#1@F7fKOT4)&5k8Yo5A+THF4HufeJj*_d8)z4gt{-9ko$Z3^{lU5oF{ zVWQd}k3L^Q-*U5slo|X874in2?QzfAJDybM-Gf@8nTl{yeivvd@==gDVx05UeQ^BA z&nm$!%p{O3-AnIN+5eexW`tINVetJZndB+U-jgA-oa`l6yet2{jneLp^)+zZ_94W0 z?H7DM1*lhB-D&(0^2yOgX`FD^64j-Q+NO~jTekZp2A~Yd_cAE+&P${Hb?1JBTytRU ztnhepu#Yp#Dgr5sXj-~ez_nMl0%kvGdFc(v^#;++J1^|qL9~#^@FhJS;Y3Jw_Z=rG zfUJ2dl}8=UB~7}$65C*qQGP=AS9s*3T}8;;aE#dSP4e}x2?nl0iwcg$8O1t6G9#qj zADOM1wi_;uo^zbYmnNH^0Dgorm;7a4N_n#OhOP-&Fy|6=}-%KwP}vmdW(m!HC2mjT=b~7L(+e; zE6SKrcrDSSeLF$Ac4gIuc11+-28Fh2Pu{k!!p@pme+-owE4hCcT{eznYnNMFUby?) z9aN;Pqh=%;yw4|j&+CO>e{It7t~oCIH3EIOfXvMBo}oJZD4VWkVGb2K6>DUNfBx?( zHOt$L^$TClP3>Zb^lFl3;m|%s=K^u7LVA7Ar#{LC(hYcGKy%F})AzT6$rHSZKU~$N zzUK_^8`XWKwQaCTg%-Eb!&lY zSr;#hyu~Ts2RIfv4ciyaNcrv-v?`9PO0Yd;*H-ag$PRQiszW8Kk1JdS5k&$PRgVe{ zrYttR)Fto*Mb6G-0*7rQwYdVVfY3cujdX_)8wbxp^!+`Zjf<;SJ)+k*9=sg-Tgu;J*<-m!N#VjnSv^flF!C5;Px`f$zsHEKU zKvF=DlUXs-y$ua}YQk5W7LWkgQZsdQY-;-3X$mqboYCF!%ZrnrK=kvx969Jk8H+&7 z?~EcdDZa3AYGQ9c4Ni-8#Ao|pzEaryHXAiFiJlD|#mzBJiEZFNnTh`++5dNd;{WOQ z{}tW%zheHs&2hlvSHS!aCq2m3ye_(YH?w;LSI)gJ+d`Fo zto!XL7+ADS>}oaOaO(IVAxbKgG`@@3^KWZ5E3@Cw6IzZ9$zkFNNWkd9 zVL5$LL^Lo_+}wLm5Xy6I7(@4f#lRpd*j!)T^yAb8v=0<)9PrboY}#U;Jx(TpXuxhe z$OP;>_61SekKY{S=LG+D-M;VG_I0;dUoMv?v=$^-lD&yot=|p$4y{;bsi+I6&HN{k$?fu1gwX!QsTCkuj9CWx?0t>K@A_k}$XO#l$U=`;U zPWMMVMT4G!UrKyLAj+ybH@$wQ_ifds&lC>7T!gO)bSTH@70Ulb=OGL0Y^O-8{i8T} zs#8I#W}g+ca@G?-{G#DC3YlhWSL>IMys!mHu=P5HF>b09MC63&Zl04}*ym8zHVTGM ze^(aSXBwHtuf<9%BDdObYd?hiKbo=9F47?xf+^qE0%y{;jVGXLxz6e%O+XXytMdzr ze8t+p$T^=bNaBjXvqfbt}(iLn)^^;|7sylYYv4#1M zWXeiyL?kGApA+FKz!k%d&&Y~L^;}nfiMi};R2ug zk@ktAb+j$EtKf2DE)GBCkdm=o;;9dtY6SqH+P9DQd*u^eqTehV9^u24VW?H8c>$8qHewC(RZ%a zNV}X^dE!E;gcOZRe;u04O5t8)v+>#>j$pm^ObVEpxL{(1zFRh}MK7USN0i=LDIy!^PF34YAO~5f_ zp^6wnWK56E?}ZGS7l3qat)z(mEvG zx>T*s<>5~y(}vpXP(z~sIOZ(GEJfkTdSs|YsLIs+%M zpAe)@borc!uND9=vCPkD& zp-NzdJ5y%|bbkNU2zk$sC-uF+60|5uhF*zYlIS0OOmFkIn?v#D$VTEE>MNFJR%hOu zT8PGgqcsg%i27+8aV!)0Kp;Hrv_6wSR+$@Y@_--TW9y!US|>b7(JsT@u~g~CogV?u zFWG@3(@7WPtSnz}It$cl`1>EG=YIv-ijXjMmr3?ZX5+AZxLVHraVPF1=K4y2QEmim zif#{{3W0q*&^ejXp^Z>#2to)^MBl?#r601~ z_(lohcsQON2sm-O-n;2bX3~LsZy@}iw=ADe4rHSzJaS}5n1Dp?G-R8zx`umWhHdND z`C?d5wPBltE-S;YRS1V=Mw?{7D^%Fn`s2bw%)4TatfZ5GvH{lWW`fQl*Z6(nC)2BbAUReuIrekWNv7 z(k?hh*q>8o!glBG%?l9tF__VylU(2PCsRw`>}8V~vln}`vL|{MBCA_bui!iUS>x8v z?qVJ8mis;Y)29gdTz2d!IUBx$CylH1X9Y+BE#+wb*;Cf4F8#mNFj}9gjISK*`?pq? zOHbfxTh&R<{CyQ1!t$nwph(>+ff>R!8HEmP{s_U*bip0re2g!`KSO`6k_)g0 z%F0lY#Bv83ImjT@g8GntMjaXID+UzJyZ3NLBSKDslt@7hHz{c!%ccl{kDmTh@li|4 z%d@(E?*u>r;WFD7@gSko^RgN) zZJlIGoKVoyb%?|G`8UHg%XMVT(Y!+?+D3JQSr>D>t^^nA<1&e)u3^%VrWeru54hhsBBFsLV*#P#*t?5 z9kREixL2sw*wEGr@e(Dk1N1rBe`Ik0xprzpmBSjZN5bnuVco$PzEEy7t<*3lQpZ1y zx>K$6Q8@hYoHv}7->)bMWRJJ}@v8c7c2Sl>#J4M26va&lx{Bf=@Z|e8ddZC{1kpG- zZQ}Q{I5uwS^iq5$h6S*NYfS9i)-=Gk6}8V!nZP?lT1QQ+SpCE1;KB(%i1S1&z#m5 zhxSow^t=5yfKFQGSCBMaF9R_E640DTfb8J@PvOO<&y+*L#Q5ZThPsFFfPxyl${VXd z-pj-v(?rrT)ki>@+2|k;QFuS&K8bTEJKYXKuz-x1Agh$Um>0zP^0+^(sM1qz`CtvZ zCIkE|RGL<|6`S?B@j=Z`G8(?I?=Ux%mjg(nr9)WlE^K_Ro^RiXJ8KQ;%H+KreNl)mBi$*H!uTip7S@RbscE=!h9(&IkM zKrPi9+)ajOP(sx7OuYfDmqW%tP>%Oi7z(=Yi{yA3^P}P?Vfn5kQbD&i*C#rnsSxY? zN300?x-EO@Q33Rb_-opb58C$KUKk30?EWf3D`d<1I%LWEcN-59U#b99l3a?{$5l!0 zcJ=+23z*0@1%B+>n@9?yoXK{{hf4G5C-BL!)kfpF*;v$w}Y!r&{s(Oj&UN zzt_T`m`aRy`-_0R=_fU6=yj(zqo=O5>HYZ9y#K74pnd2GgMTy=cP~D|D4j5#UYlOSR=yogL8SE(nO(mD3gd&G z@)r-jF3%p3-DUM*`Jt;hel79=byH)b;-i_hya zgHyv?D-4C|myj>N%2j)?T>L#Y=Y;Lk*v7x>`c=qz29jNs0y}X4QE&j^m}DgNgq^<6 zv()sb0?brK6B`$TZk_gB->)FIa3!Ap$#s}&qe$Pk?R2KXK=_0;m%`H>>BIQ(Dm|4i zC$2d;!*}=N2qoIPxj>K~IsWisswTGA6K?K@I=eJ1D%Eb;IpY!WDx?a+R9hq@qfo?ZJznP4> z_Y_l_GXN8zQlkI{|L2jph1@8!#Fo`_tB}b8JMT!z?-rIU#SGBK1Jb&Y+H)B<2z*v7e&np>FnUPifxW06nk7TpBq9EeHp zc=ZsT(_$^~`>1da!3zTw6fa@jp9ZxZKR|ypsd!c|&TZlkZF7DJH@mC&&ro|Tn#I6=0()b5pgpmINXRHaG*(ei z=#AYnnC_b~P#}3EWmS%cGt$Kf>43M%#WU5VhWkS_jNa;`H_f;Dv;mB==e4n6%;{?S zF_*=g&a2n&SQ`H5THz^s+iJh`mw!D5jTxdrMz4f{Fqy;Gk zgqEP{(`C1*(Z%VKBpIBHfwQSSE+NZ#R$a>l{DLdHx>7DmZ(x`$6dfnGk&F0YCqu&C zhkN^nq+ri?hL(Qg))jT7SQ=0E(NTzDpfevom^IzD8K2QZw#3ay30GculVI>g>rj48 zcx?LunG|&jsd!jYMzHnRe#m?&BJ{9E!FXZ&{H|^PuCH=iL}>>%*&^oR59f){UF~@L3z-(uWTF_cdAkQXECvoE zj~6Wy70|vNUl-qRXV4of{|q8#gDezF{tYR9g4ll>Ue%8T^B&x_ejFO&u;cV-y-r)- zEl!>cK6~*b6SU=lavI=;rW!x|igVqd0HS>hPpG#3vB$9nG=A3EHzo1k?Ou195lC4& zOpEt9(b`(yTZi_Z2_pQ+$Hs3Ps{-{~Z!Pb&VcP;2bh_SLFX9B4d)G$nu>f|mV}INH z>tFcP77h;oLTXm%X#Wr+yor6zLYGbN!5bv&`TFs^8l)MX0mdGwIn=RK`3YKjBcS#a zi#%dmr)8_)>Jh}kHcvSL3A&Gx;(tV5e6EtsIEbk1`Mn3E3u-@E8##bW7IR0cwSzPj zAtBe^bkbKh0okM8AVV|>q*#f3`$AiEoO4~C>_AO@+YgCv;0l2%tM_o!5QtoeT~P(M z=me2jB#C7Y<8TF-aX)sFkL$ViuJ>mS&2`wcd}Q=(@a@6d58n6SO&HYG%nH`JPurYk zwSWB>z`9yE#ICP`CI@2nmtx{bTN(*ZosyIrj&#MZAr%m>9X0{B5^+x{et7JpJaN@m z^;tEeZyS^?6Q=1w3sxBn2eM@Gr?p*~&k*n8Yiceq;@MK$@{L?qv6TP2OK)FKoSd7T z-7;IqIJHF=Sbe>uJ14WC;+e43f?9%{(_i3ewG*`mP)+RsuIv2e%Y>v^BADNqye%kb z>y9*uU)4z*jM-h*!@8+#xLruXS+tqfFIvi@Y27DoUUxN45Gvt3^1)aA*SbQR7B)*; zR@t;YbAauQKcIm56Fj?2NcT9?P>Ygu6J5(Lv8)hL>tOEY%AAg>+29ys&3pyYssmeH zXRwRdMqO~-$YPb3oh%}GNi21c6B;BF(VQo%#;-4Vg1&|SP;4QLvFar86u-aJ0-x+Z zcxzK#&>HGz89R4Q)*NqixpYQmNtR%(grE2|^fKyER{!@nBzHs^=@y8QL~TzRs`%SU zW=(%<%u*sK1Erd_=O2=GdLwZI%+8dU`Heu-bGVEb?N%E>8#nUjR%H475+WQ3z9Z5*ciJ(8&Z|XUgH*V*gZI~e z8egAnp+66*O7wbKAf*b#EmBa}=e8GiCf9x^ySs38uP~;eC6Z=s&yHG2kHkC}{5f#p z9yg#4xHrUPZu)N8b3LgJe3mMs2&ubEJuG5J5g`JDW*!j_hEz_uB>i3<7H#L8#xzk}ddh95>P&Wd%9Cfh9wCmovY zcFh9eSJSQZ+G}ZSm9_k7CJ_Z~fH;}2|^(YUX-A~6Z=zX}QKDv$eFsGv; ze7=>9EpY#)^kegelkX5&!qSed?ug}CSvl8X;_3Md{!xWL#5xN;??OooE@<&IH*d$h zmJN@*Z%RdxGRqpXIbA&IxTQQ$LT#!hK?zhi54n`)k?~q8kl3A=Mvv!gzJCz3(c{X+tvWCc2W5&|+crpPae6KG{eovOOh zHTI9qEIKm+#^B^~`zumWBaKsaN?I#-lFYoS_F#Th^y0HStzpd^wu_zT_wO@j3^th*PYj-+RppZu3P!9?gq6MupSpUk6vzC zDp$*Vs!O|S*W`LcV2!$K|CRa32S@u++pnyPO<9{9t0G+iCOLEnug%+_Bb#Mb1c02; z4HP`CyqLa*MQal6u_M~Wsw%?p#3=&vKbxNVLo#!WzPm``X-Zk|0Z(p9OY_X+IB8d? z*5IQpIiDfSfER7DN)M``+sH$XUuOL}&>mH5Aq~tci*zU``0f)_svGEheiRthOz_zQ zygTCQNPJBp|KnJVpq4jN9YkwbYh3Wq zqJbMZ!#BP@0u;)=FIp`!#_NRdYx+6L7Bd0!~UbKNj{m1FgrAe}QqJC5KKn190mtwDB z1R}=k4|~cMmtIPx;_TIobG1N%0uR;q*nWmJt?5lwAa7X9hbmX~Tdc8y{Rx6jjNz|$ zUCQV6-G%#4oosK8?5tjB@uN+8Q;d!nYQ(zDev~boH~?Pj>%Rt03pic@cRggIA~{u5 zo<<{d0?r@vHQZ8Srr6RDxiWB#1b{FPAnNR#L`ISh)t7KUw+AIUpUMVk#G|h}(iY5@ z(BqJRyXaxs9B`$u727VaT=&!^{bS8o*-+b;K7^z}0lPu>?#id6Ni3n)shCu7t@HjH z>MeN-sXb`kX7?!p7?1QeJ(YlxxeuoWl>${U|Jp=&AN#pf#tf{jj#O(L!@_9sgHF}| z2w`<^Gn(888h&&8&#@81!mjR|0CeT_tMff08iqFZ`MGraHJZpseXX-G=fab8!7{te@`9w6dn+vkP9g#jpA= zfv+)L6lN&2%|W7{Drj!P8U;soqqHn2?n$7QXlegJ2Y6st$ZbKh2j&@}>;!!>cgFmA z4S(qW;#98RODorZs46N5J3KKYL?U`TLM5+sTF^1oT*~bhxbQa2+*k9N;qI0Y_Z{AU zDtR9zxQ+zSnRx!~kMm{{ZJXvIJShYUc(%%$GIlu7CI&GD2#IORJg9!R9Sl7gE=3ar z_eEBne83@2{;Q@4RfDi#rJaV?qs+5F%Ea_8ouz%N#1@>dRMj;k;w^kAO<;oY{Rokt z%fgOL=7-(j*FQ}oMsth zTYEhg0wW|RMn!I-FDm^EJwHD=)@xna`!FPyAEd6cbgAloAgnUYzs;AzGR<7RNPqtR zZDR%65Xr3hIH>h~F3Ce(_&N{GVl(wLDNPg?1Lz&I)7%?mG0i#;W>4(D$Ns_NPdvmt1NsO-?nORJSjjpxg9Q71CBY(iN-j+W@#BU$a4sKmcOgs1!4(}(H z=%saByTgvig4gHLE_e-c69j8jy{60xe-H%mGL^aVvf}`z1S-AG#|MsTQ-2M8TAdY` z5}7v9L`xfp&|@kRv50ItMy0~tUZl8z_&!<4wWo=TwVgRK_l)P?+{4YtB!43Qj!Tq! zp*67<0X`B_BIC=K$T$@r3av#Mjkb_I_A+qoIE-gZfC2*YiiSiTNXXHPWaDTBR;E?0QDdQWUpg&u*9%MRCVJrCiALHT< zDeaxgU(2hwSLy1WWIHonti7*qS8G@haKBJgb!1A08}_VpSY52ExN=mufR?$}KiLBB z7TMTBVn0HE(YwP9`{_QLDvRiL!?u2fVsa2`;~)Hi&+f5N77jPMCJJ<#5=phZqilcn zPj~T>j^68g?@O6ki$`j`5nFLtM|31?dH!_r zVdr%#OuB9@YKQS2eS|JeuP0UTaj4K%|?T6G5WLl_Cy3`bf8v&1}`5J6LVL3YK0e?9_S4bNA3g zs%5{4cVw-mFR;Aa6I9*&=W1+c@;v`v*#LUI;tn1AS8Uaqc zort+7(nzHr5g0k_?+MgDR6tr^63%_Sx%vGvqbu1)qJ7H);1%xZWyoe&;4s2Of$YKi z$KLG-%|`@o{@OLBF-FmXD8@XTo(AK@T9z^Q1yJ~(iJzR)wz;k@4(?qc6mGuf@Q9j#Rwy}3-3hhN?jYdI+nczkx-y!b_{LXyleujJD&aH_rP zG4pzK<5*(nHlkxQ%#8}@nYqRiPWC_e1ZkWMuG%~l^P(l0S2Hs~`!v(#Wq|1ZbdT=vmP!u!GEewb8+<{h2h zMiT`LaRjqy`jO*o>^iv#dm8*U-T&B(9NGnJh=g7Cw_0sycI;0s$4~-74WqBA7kCDb z7%yr55dIrlF982sY^!^0@9@VtdXtsOY6Sb6uZ0@Pv9k33V{?ITxDWUFc73Du5{x{b zOO>KWT^C#Ir_nsZ! zn93=4MCK=!yf4OP+AOHFXZYyI68PLA@1UhdE>>T`>#>c+!9QT*xiOd}|4%`MZ&CrY zhm5EIhm7CW0KZT1f%OH&2b6_2r2H7EghABvlq>(G(}Ya=@SAvYZJU7+1pvM> zfXJf5!mdVJbY^46zR^{3uWqDQvmnfGA?0`v_Mmbv@2P}Wqbo#fb3Y)nu|$Gp^S9J( zznPZzr3xCC{Gh!6n;b=$wnTleLMSc39ZgWyA<#(tv)>`Rv5r2`O3^WYW%mbSg%njD zpcf_@X7*h%K{+C$#;xt57jCc!3LjK)w#w$-9bTQ{JW`ChwDj^d_xUBx!Qp|D=G*9J zDynDfwjvAD#FS~a*MSJ|T%J&g7`prN;q~rGdt50f%KKn zi)^+GadlOKyob#gIu%rvP00&{+B-hVNw|L>gwZ1Hk>qOuqhcLv6ZY;I;dhxx_2UnV z(H>9!4hxCvthWG*>AKD`c(1iia57(6(oT149D7f-K3d7~C%_!)9d9+}3$!2S*8d8H zXCBQIQFK(Mp-FVnRFFH7l9U{_5=Rg-={+OadJ8oi$w_nlG_G&x`zjko_7Ylci3Ghg zy7E+GjVexIjNqa-@Ch1KdbNoDqwiqp$@=ewK8mp;Q(|bt-LZG>WSmehYl+Qn%{L+G z`3uaLYloV^d|8tgChHnb#iP6|$$%o)x|%Kv)1P}fGGiOyd=`Fx(^S?m#r6p7EZ#@4 zbEMI}z1r{|j`I(kftZksv`TtZ1W};B@eCDw?OuZgKjubj&=>6Z{x+;DbOKZWshJ16 z0C#ur4m|0BHYQtpBs_Dw%N_|&5F#|i*lPo!4MUE)j-YYUq9cMEljjeYyVaG4hMPor zm)t)&{Bkdt4?+tY-s|nlvUE9kT27Hy%^yTs2Pc$^s9hpbdK&i~Lp+M$ju^^#3ds2C z&_58#*Z=h|v$w>Lfqfw)5?fdVkeoIx4aqi3P@cFGq z^0pU0QT|<9U&{5hL_e1YqD(rn(xGZD&h;$eeQe8+HGME8{XY1kID0|7G;YLoaZOz?Wfu$N)Ay4*d^E#Uw z+VF?o8q5h!V@S2TTpP-7wBP&94BxMr%&upWEB={@{qX{}x4uI(|7_`tBomPr<>S^w1lJNd(Oj8*brZGkCdN;Ke=TSVa{6_~rn3=C4qU z1YZ831fU+SGbjuYrWaWYg%jir|H@aKb>n0GZv0##L+0l`0xnA4aet}H5nh&RL3QA< zz6uRV^&Q{ZJE(D^8>`EWH?m1n3u}+vunCg1dM(An0 z?glx8nJ*#I07E^O7rk-7vyB?76=1Op_n=P=>%@incnFmxs73#`q}C{cQx7 z{{)^5Rni0oFd1%In-@=L%s|A=cUONAzgrlHYf``sO zmOO3e<277FT^c9RHjZPKXgTs3JJbg8Dtm<7fKRRmhz?Y5BL8==`!Q0tf}h$$u)`k2!5R+amj7;gU>SA zZnCZJ!Bv{?ZhI}yGbQ`{`PYKuz+1Q6Y|AUKiVLc8d-gmv+Z)3-tY(NhB}~RfdFqZPP)o9B_B*?lNo%eK#eNPy z<&r$V^pG#qhD+N>*jqqEfaz(0P{%7Rrx@z5-*%z1tfVONsdlK(zQ6Ou7=uxv0{C*( zt|TrmrDOYD!*6wjk799zPjdG_2sec6hL7Wy#)elZ+|vCLjNF^;z|`Yo%C*B|gB%-| zXw$v3+-K2;^t&ImPn=4J+O7i4$d zg&N%)&vp+ix-*ev)QHmd-nH>OaE(?2`P@Y2G#U~f*00?(OXIk=Y&?%`4r$KYn4v#p z|7HOZ&9h40D7j1gO;%kWoMAzLaz@bYv)V#I;`TBQT9nv(B9yh`;m|Z?@Z-XTvkvj~ zv$o;rKX2ywdkRR6QYvEN*i!9JX|12q$)9x~zgj;JHQ*{AlcJA?n~&E!a;g#$-^0QX zWyJ;ppC8ep(7}Uj98|A;pk0cpwz1pOy7<_)E*3b>89tgLskNcSt!mIR+t$Yiw6*uW zjUsPq_g7RyL3OA zL$~i6U4w`@u#(8MrD({=-Vf~eC70?yB-LFWHYrM~v^#2SFQ?Ymvb?*2x7on>)KpSD zBKn_nFZSQRZ!C`-5FDrYg94iPTbOHdcTWz^PCbziI~zKJ>X(8KWK(;dF#zHfdL}JR zu1Wzg^3NJ+wZr-sZxlm?Kc(hcuOE3K$|Jg!SVWZ zDMX>yc_#rCiEDq<$E+AMj{%?kTOK`LX#vQwV9hsc#O=t#2$0Dk|s@V#6|+nnv)!Y+d=ybal96J2#-N zyg1r;a2B3s+X zr6j=An4eYEGT*v*=%ne@HCp{D=BVd1H=r!R*I@-!X>VmYG7$-!!!rDw)YQHnxQl`!)Zj zW+kx+QhVoYPO{?RC6kL4p#=&vQ~~r>DFc$SlX-;s-zZRX>D|wz9JkdVrR) zreBD9{|*T!%(&gmLS~t6@{U9$%Fi0R*76f|U3IXw^lxK_im5tZn0zCIPQwRhSZAAP z7}{r-J_p40VLR|pQI)mTC2==Co6M}a-R{$$NLeWe!uf#>BLKbW>8WMaxp|d|eV92sI>bdUc$jyj}b++1FNg%9>zJUlAmlI+1 zh1&Ne$VI`jLLEk~2sklOlavg%gGUJSx!)wh#LStQVJ{^pG>QWgJ`N7k9sDHF??=fX!;ZNJFqRE*X6D7#Q*9EZi0T09^%DP6mVo4Z-~`eOIs z0N?kW)g|!@da04VjiiYL2VqWnm?(M-pjX#Wzp2?V1Z$@5{aIs?=kXSiNAU}em0xOl zd_vas$;pw+6-;6VVPSI2Z8XUz=}_AE_&N(*p0dWGMpXXcqL3FFeaT3zC5#N~AN9W< zTro$p)G(1+!(Q7xx$ZVR-GzC$*(KZIyfswk;N%0LfWVqxmP9dVe*|)o#1P;^$%XPf zc7xpIMwNmHpde`OCggQdRAOdoslX@*)!o&|c&Lf5WkL0Eb7R?x!|L37R$P&Btb=H= z5w#xmt#XD4#z7U+6aF#gDHyGhknJM5Jfyxnrl!WelL2)4botG!nyw-! z9OB}xO0X~FS3<{#vAJ_!xi~&sSj0vWupJ)bn|y8eDn5ZF?$2cx>_zbu<}2B$u!k6R z&&C+-=vLHl0Ckt((bc}O$)Up^S~9HPfrG#B#L1<<0q|+!;Tu-`$c#xM9D-L_+3wGn1`2Hra92ijL;4a_$DurTpejPBt*seaHF6>;)7 zlT{;kiv~sLX$VYw4L3A^UYTitZFWRMea^=h){+7$y|(u?4IW}}b2k6rK|oWJorXgT zV(s4QCPRd!vyz2A=dlnQlL*X9q=LL{GKH%oOAnWZFhYSb3!h9PX*{0|03lHytUIYio@ZG zHxlfLIuGSyVY^XaAiKIKCF4J-e_HsyY;8q^Z3WdEWCMSR_!EvFzH${J`@jD-P#S>J zmlrfP83lp*0(d1yX8gZkzfHs7w}jP--S8smE1P*bYU0)gl!%IImkRdj?DY-5;R`-h zXx9w1e8LT=vE8v3p+x=@nu(fvWOFlI3&{}S4KwTD4rz!!Q0}kWZV&Jy=Q#6zw88=0<RT?K|IHwII$3=hloIap& z1LRC1P=#%Ue{>j=7Mt^`TCb32V|x#iW+Daz(<&JkmnJ~r=f-LN*n>U5T_~Y9k8KSL zMLMJu7+fGNB}Hb02Gn{A;(tJ+7Iqp>`wM%(MFlh#K`l)kaXsWb3fAh)P~g{!{})eZ z9ToNWcI}y=OS-$elt#L{I~+ht6humT=xz{@?(Xg(q`RaM1f;t|pU?NV-u14<{|>|Q zoO|zm?fbl4RukByFd(5$Cm5^!P;qp?9dk1QybfQ`kFVPd&4p@vdybxNC=@C^#!bRH zX2kK~eT=>cSL4y9k3#uS-Ed9f7O66r4(#i%`n)!g4qs`ZA;wd3Ym|ODcW^<}H^Znoq=*YG!6iE*86LNSiY)!j_4bia1yc692 z)_W0Y&qH1b-}#bNSg$-B)g8JTueCe(-Q^GW^vx?)q=gOisMl{=7&GNiYpH-=t=OHV zf8-e*lIbj-4S@=Ge4S~LY$wrAt7QNQ}(na%~;5r9|NH|mri9CjYNq)|Dbby25B6&dlN`=>k* z!{lfe;h*S{GbZ}A-}GO(+h#>zqCAG?!E={bzKh7qnsPubWYc6pVbi8RFOJdRu8+}V z1Lk^0QK+uASHdiKYslj$T>5=a3K#9PY<~tri4cGAP!E*Dd%qRCH)oGuQ;<{uqPLFCfvdQEj+PkpO-lYWAG)u*7nQN1K3y;fBR*`uvZ@Hdzcyr-7%Ag zGupsAR4A|!7epFAHGD3l$gZbc?*vL+F-D{bt@Ej5?lOy{hgR-tun{IVEs3A;R?5X% z)Oq9L9iK0AMiNGyO6E)#|SR`6HG8NOmx$n+8 z_YcAjP_cW|gbZA-DHTO|X-Nx+l3tX{9Tg!Q*P{dT?ZuDNg_~V28pwtUNR`|9%xPw9 zNb&D^UZERKe`R+FYh99E<8EJ5SDIUHnAFr+yz+5VrSe@e>9>RgXHSZ^_9E?_;8{}O z>tuZT>r4xmMngrlkV%VKsOo#RbdOQRgHEV%!%AvbmjjgfrbP|=y)FiS3c|SF;)kMg zG6aX4OeN|RF@e$c_tSBTK02LLR+d`4O9>1(J?%`M4cly23zA(T zzoTOEJrl#s?`;1r?}f${Q*B|^_J#lL+wX}Anp%1Ml^zHjEX=3x+sMz8W5j^vr@g1R zPSO?2Jm0DFpF^W*;de?w^lUCq;nV+Njmf&Vq#PT~zoS%z$ zb^@*h#i;05tn^gTk&*Owzu(D93OdR6k=JlKK?7f2g1Al3k-0M{GUP!>&tAq_Y6h*r zpo$(39CO?{&U>=!y~Bkg@$SD07KYD=C9wP4^|A~5eX)7SL_{~^@!>v_OhBYYtQwf0 z+7#^;yH#EUJDp~GY>G3`qTnXp!2-A_WLa@pCEr!BAHgVteEU(0&ITB}o7Th14)%!L zvjVB!A`#3j@>f??6BDvBpy{?d(?dS}7#!^IzNg!#haqkEcOAI64~gN>_%tO(sue#7L;9BTqu(uk32;8K&*HDg4ro%N|`o4u+MO+rN5Bpgf^q6 z%FcwLjU?mj+=aUM&=1DAq9P&F8w`ZmWaT_;{3?lI0dg<5ZA{P#||K{+3vdkEc zgudS5EUSH~L!dnR1VuDfG=iYjs8h(gxtTG3M->=fgE*T-i~&RbE0Md2uAwqHL@n2w zSm@dwH&fy)b`>**V+&-&wX6xapfWnE!;`0P|02`UUG!BDJ59SNFdKX_!{-?Qrr*av zZRHO5QDY+qJiR%Vmy3{yKtdwai-cW#at7*Tj$ojp#&V`JFu;Cx&Hg3<0dQ!``iZZCwy zfN5==*)LzvFTbEKi^&3_?RP@-_3`cxz2W%5I6#yerMGcRNa5$VqtBmTVH_Wb6n>?- z1XQ!h&`wz5dv+y3*1~v*piWVGF@;7y#bd91PLVbqL)G|{ zn1aF|=^9VJZ4c(P_Sp=1E0e#1@>Dq0KJio)FocEfRaJcqA9Q#>B4bC1VvZq*@xoHJ zx=+&1EO6*~^p%%y#(c{r@5$qVsd<1O4BGziD@b;$#NGU}M#L4|a<#}w{pTG!!RDVB z%3rTf7@%@Wav7(Yg?G7s3w(P2e!083@)eF!j(Cx)#N_p$kwP7mV-@&lZ{?OWKE|Cs z#49PQ*Z42P!Q=xOGQyLIiEIeBJy3mo6;Pu>(vdbQcL-M5owrvT50@2XT90Ko2z3=s z`Z>3c;Pyo!6}0kLDjxRNaCS_RCBtErJ*qVXP9aUGG)|0R z{}lJ|{2CB}9L_0+Hgwl}9%$#5f2aD}RPQc1Kh7017KvFap1i_2&Pi!~mQvYy7YJ== z>F8;%udb2b&Q8@iEYm7_s}$`~LZBazVQ8 zvw@G*pCZ;@vAJ)@s8#}V9T|Cgyl4Rz>&WKm`w+*0;(@Vn`=VhJ^_Mf~DeiK%F z@aCu3V=5%nM$6#+kV+grJki&McXE!=&8CGc8wOit026Vgr>}m=xmWlRfdo9?&MV-i ztWJmw(0n_m!!YzkTLZ?DUtjjf2R3M(%nkn4L9_laFgeZuN8$&sLklTlG%p`zxI|Dz3u z!EwsnZ<^HHZ~yc>>Z_ae|B||-zl=a&ASZC`lKFhT>|%7FgSesl9aR!I27B)J8UgX& zKabh2OG{MC^O9PFC@9!eNB!Z!9G#{FTKmEIw|rqhLQ#GBtBGH#-T7afZ=N5Q(&udF zrDdFE8h1IMd3{Su!Sl(kuV13B#w;wfP~StL#N6h9jX@x4KJ)sGF!2}8;~o12;9Ve> ztw6yE%~u6Cw-+_lr;gV4Sk6iL^#bK$N57t(ge`fw5c2Z}TZRa6J0-mmK~X#0Lxw=uxiDv}z$}R9 z`e(8O#jNY^M~74&*~APpDAexa$Ip_R>j}WCVK_mti2yx-47Kr`hbiWKw;R!wWo1?6 zJPDCFRF$1)@SpF-oYWocNb@Ul?e~R|4Yf@NV|Vvr6cca276fbw2J_E*qDa`-@9Gq8 zaDU(3c5CYyIefH?8U6Heihog1hgNa{7;@aMRcXzwbTaw^@$#uO{aBVRl9U0r<3d3q z=L}UN&t8?930H@dIHR_`F?9hCFLpQ4G_|z!z|*u-_WkU_%y0MJqYA4_+vLW+{(>J= z@TSJv?Ok6vEjjYY|L$S;@kDV6&YD@l#`{YXVFiVjzu8jmQ&~&m{_-#+-h=&&S65hzq;|b(UD%^qitX_aYA+fF#+R?yPD;&_e#p z&r_eP6v)8KAsI0w_pV%NBBtv5ihO=A5(kk!N>PAs;>+4jhPUeK+W7YV`Tg#g6sRV3 z>RkgYL^w7&yq6I&dQWTz8RQif7ZdFQjUqQNdnz)-7`PS`cfCB64lj+=9W0kUpeV)Z zF5D;*b?t_vSTQH7j(^lt@~}Mv+y?or<6|j(na?i3TV;XuM1*F_m-KdT_`U6fYlBK@ zU?e!0&t&`L+27OD!ZoDXE1sD-T4`y1tsr@vZDa>5A3SUiY5XFYWci>hTq=zRRdcpi zSBcHh_R}_=*;rBf-t8~(V`-ku9d%`4g-$Xz%qU43f4U-lWZ9&}QD)fk1VtLeLFb2< zsirY$ZN1mm%nDu5U2r%eY2j;XMq=(;Yv4lJz$o{ic6xL58+{d@X2YqKxIoO0eX%^NErEO5QZBgWJ3yQ6JJwV z>4CN$TsNUXqYz;c`tP%Zi>|?PQpx#7Fux+C@*-j6%~L73AEcFd{Q-IDkH;?C3pW%Z zo)n6P(GXQDR)4Jm!sripbA8(;-2&_1Tv-y*=3|ILEfiMzO~|IH^9#2M96dWf9{T<% z>2*f3PR7I_VjZ72Mv&V}bVG z)iMy{zqdV8?JfxA&bv=c$c{OpEwkl93NkMf6qWP z9r9X=Ix)M(pH}D1Bj$G{LS%o~TmnO#)5+DJSBBF(1N2XP2M- z$#Y&~`QeqbQr5N}zYupqM|OS-32E1bb%aBR7JfDpNtNW1BfH2eCGCJ9+OYkAG}vkb z+TQQqXC|vcHa0u6UpAJ1@5P|9{w6e$Je@Aht-|-)= zy`|xS7jM>IKR$L#8qZP#mP2U0G)NTsvzA8$NBbEyB!J-ti(}Z5NctfB+>S5cFU_lb z(i-%uDDbq$DZ}CdAB?3_+5X>D6FPVxsy22=gM!N&W1jI5AQs z;|6veb3Xnz6ih}K((B1c41$A|CLUuKFE0T*x0KdSkR^ERBvA0=YHa=IW|l5P8O7$x zpDD^(RCth!v^{8t%ov%Ex|jfdctknB$bWm$2Kfqc3XAe)hjwk@XVNG3y_aAu11*0m z43vg7wKwjaZXuizladClXd*0ug+JiHZYDfz0X6I8W!~PDgNgqybhF)eW0_JUIon;c z{7yJw=_0av6j0^ZTB=JE!{Om}B`(CVS(>>px68&+2A8k=s$5)L2~Ft-5k{`j93K=> zIF|m=!e6f-a0J)+`AJDDdTGq^n@^Gnk4oSW&@9FBL>osDz&a8qU48*>fMb z0oU5inpk2Z)_xx8ogp+jJw0B`cs6VCI#h5YApEZSK4CWYg#aq!n$ilEcT_B=zZS4h%D|e~R+&9OG5;sJ-Qykh*Kk%+) zK>x%<)XT2D96u5VvBA_%Vc2!yYawiO!~2=F+3xy$ra%ebMDf_=JalAxgx_R`-v^o< z96VwPbzQ77BFgyl{SbeWFo|KOH2&Bafe?|9LKCo(W;9y$5|_15Yg^w0V~&StuP8^Z z+=46aSztGd;{HT1eu1~n%IYcdylOF3?|j)cKo!O98)HYW7lr{3%uGz@Ttjhg`3Hi4 zBqr3wmpnNQ@+~ic(F`@%($o8$I68EzSJXM;o4&2vjoMF!v!y}TY`4$76NLxKDE6rj zX0HlE0o8D-8R`qC(|`Hi-}IJ+tCt^+rAWPwg}RPpLW@po-zn{D_X#&MS*HkWrC}f; zsSLb&Ar9iQf33=s>d-5Q%aBM(g5()TNof`VSkS$k{vL>Mh-i|IrmcZtwP{Y^k0{S8^QyL%zz;tP>n0>h_&ID!`nf2eRjGb;MpJ3TfMxtw%B#- zn0CNh6U@qb#^}(lrl}kx=!K}%^OieYKQT#L>N9)_4O(^n@PXU>Is~WpE$;K&oi8xS zPJbB?o&IPS*DxkWhPSs%z*ccsSYl1MN9^tO`0$8KfmFM3oTKOY=QD^=7x^hPFL0VF z(JEEccB@hO`b0DicSvp^mlFqz7EV_hT$`}-Z8vtSD+iJj{R;F8Nb1Di`b0P?k=9H* zdb?nFORfTu>wGfbe6ACe3$1pVVkJeiAU2>tI4-Ii$Uc&@Xy58;&xA(g=S@$W5R1LU zQu>QR^Cq{4taIhiE|dx)#dQ^U(-KmugSF(_3Ep*-5cM!K+U?sRt~zid#CG9I7A(vYPy>66~Wd>ddL=euYDh$ z`ITC!@bR%l-bgfnY!z)VwwTvnzj@2km;FW+27)r!w`Fsp^I2L%;cLmnI ze?|#lqqU=X1sHw0DolgLWJeiyt>dQ-U)R(2JK(MLv*@=mt%Vnnr@14FW3M_$kxoPR za7NXxYJ{YQaHi@Dvp%K;Q*57YpacYppkFAsVj|;EQJI;T_3-ro%X)I83TWipRY3EY zFD0v(8TpX zbh6nH37HQjLj;S4GLelUo;i=mBbRbXF3LTmie_R=IV*c> z9Md0`v|44SUO2YRD!h%XN+*wUhj0^`fPv=!!H29g%mSjhG{+*8YWkDGmEmyZQpAS` zkN{{~Itzh5#%X53$!)0wsV=sZKNuUETouvQcz%5Tr)fV6zD^hW45~Vhtn*10_czbk zQ{3X$o>lDWXH+V>w8wh8)bT0UJ4}PL(BrQR-{UL1zc>j0a8jtvEH@1-e&t9$9H``B z&-9-$_MdrQar+;ZCHSh`|HT+KR^xApUt`%?Z>#hPEh?#?9vGb&i4kj3)PGMc@$VYR zXK84Nns%h5-iL)52wIPudMz8Sdi`w>ipMQjGF*QQe{8t2lvyhqtG|4J5YgECxPI_)O-yb} zM{qKWrcAXf7}Ax#u_aBNQl?i=5%sDyy&o zY>1Izwwv2cvS@+d2zR{x-|dGA<|2&)`5oXx1Ewn5Xt{V_w_3Cskk~3ga@TFSbCUHd zd4w+=$`5(?sj;E_^ZZ7uLR~3ce{m+#0XU$_G5!Y*uucywh5Q(nN5oPwcC>8tP_m;} zGH45MCs@~5c~!-O`gSC(3$uNZNl7N#e}_bXV>6D@VBbodHwCZ4ww3dPH|qiWgK!qOTf3JbuVccl3u7ndCjL_rU~^a z{E5N$8qw-?)CqaWzq0o04vK#4zKX5>IJ~?n24ar$g1!X?=uIkvuf|#k=8}YVE}t-5 zK);4?=XXk; zGD6GfL;;s1$c1~Oht#XAK*vQGZ)AFzurc#{QDJd4OO|MMG0xS|6=&D4fi|&z{XTIE zn}XL1EnoQcZt$(<-fIiN>qRhx@7(VSILBjgmZZu_=%amHznbE)OX(eBc5jIfWRxhx z17gjxa2jBw^ihLP-m+pes7!N(N2x$`Hpd~0S6Re>$?jU&)fD6x&8g&)OKS(Ir=+4t zn%5iGRd)}FNas9F&oIwTidDyB%&~QqxlST06%!?{MP1aMCe?*FTik}+e!#rNwjxM# zy=CVLM+%e@=7psi=vSUwJnox=d4F%@T=e>?ML+WhV;sx@rKe@YI zA0B4({&{*rVXruNd_dCbLb(<0Fm-jlnO}HwbJv4B4-*&~9Av*duy#hfYl(V#PwYWP zV$8rO#>d-qd)XdMrv4c%Fei~qO1RNYZRr>)(#|C7eeR*CnATnl{);5N<(ya<3)0tp zpIKMNPiIO(B5n3)y-O|*4vqX?9TryO59gQN^f+6iX93NjV?=4|{p@f*DF%28Um2J0 z@sfP?GWd_kdtflFh*xo}x?{tW=Ou`j29-b`hbT*Ho`O0{wuZ|LJs9Y)`XRdn6o-iK z!8vdO{5`ZUq7#`OsK}d)j6_X)s2pwmH+~9&um@!~i&9#e+@bf5#GMETGUtlGwQbqr znvV^ax*g_rZ3Uu4I(7&0A@2xmz}4gSGMCn~%P*}>K9q5@uF4E-pY!yfe&??!&Lt24 zS)6^YZ)gZhh|v3duJ#;7Hmne9$&b=nTx1nIf`yK*r@Q#7$IT>JChrZ9SG3xC;(9(k z;*%(=DM|Qglal%MuKyXZPYLWCsu{2#(!J>M^-L@lmik1@^)=}&V=aMhU;rX=h-EbT zsIe}!yFku*Cuv!6UYr)()8T;R?xf^n4N6v{TVJL92l6bBZq#&1Y_YEA+-ll9i)ldx zg`X)u^hlv6V4{aK45UF&2i>MiJq)QDd_+b@LR-dj_<<}gN0;v1h;8AYubvND6YA|b z=<_%o*yn${2;PQdRAeu5@w7PzCpL9sS#Hj)YpCM{1T8EGBFW|(U%p%Nc`u8pbqY8L zrDQl)jKpSN{^Ez*TiC~K#p|d>qN_}=V&Sex;~fLj)2nN&B+)I!03(K+!erObd*X6z zrx9w(M>dg1M{`HovgyTJij_djk+OU(EoYcC9agKI9Wx6WF4?$}%vf#lca?95mS5$y ztehRudR&yiXB%VVI4<=Z923CElPKX%;1Os9(uAHA`km9mFfa@wM~w#}@87>qd8O_+ z^^oKiTrQ{g`3w~e6Q6--?#Xc&X9t$fTbrwSkt(AbkH=DL zPS2%bED%VwoZJt*GIaY_^LkTo%<-&w1pXiy&Si;S14UY1Vi=mPiY%f!;u!>4))m3$ zHo5cr(%B%`@STs#cO(uEj~u{GLUl%P1$>D_WnhF0cq;r`Io=77OnKuw+VWn_-CO3P z?ulRU6o;t4U44fOb`r2KLq%ZYp{OB{eib|EBTaSQm;wog^Y8F^rYP zKA{a!FqE54X*o{}M5ctM)cU3@lo<~{5erDBJRLV<3ksF&81vi9C#Q$Eg@2PgwWB2K zxuMEJYJYi_h7Cm<8w(RiaM7c%=jB#FMUKPHIG|#x6Hv9g(G)04q$|8nkyk!AxKQg^ z1scdx$;Z@15zde*8L0sQV}-W$!R>}l2Nu7RcFvAGoUM>6pS~c+q8UYn5ej^;{qC|C6)F{a+{Um^Xp_0dQ78FPL$*Jt{?53zJ2!qVqF4`1NneyE6^1fPV z=t>wu)XEN{f6*dR22e1QD46`7w1Xk6Fc~GT&q)plH3IeOB3Qb7tK<9C@9FLi`yoU?(3k>SNGi+%+(#6yIrBW4a=I{9 z=saA_6;B%UE@(GArdG3I&SF}s2Cz64kvjn772t;WB>SfU5KZyJa$%vas-P%NG%gbx z*}4h}$1pn4*oMYs@fKd7^>9E4@;)9CM>GVPg52d!-;iLWLguP6!cLt@_xlMOT}^{+ z){koWI#@`k?t^Wdm}h1 zx?v0!CkTRJldz^ru4?_yK1*@=Bk4$l1-d+p=0Ape4u#o#8uROXTFq#b(FT#K|IoDT_{+W@6zrkdE4li3%398{qg9Dr=__bjNF*&?`Hq$>p4vu4GlI< zL)V2WP+Ce6Z<06~*JkGNk(S`asi$dm$~;kKTgk7{AIUTSh~APuVswg=I>Va3yK^4f zH9AxbS_4id4ks|j-VzHd49WPtjpLa7{@Rm{a|t+5L6X;wdRlOtz9SULZUfDBV9)!^na0ux*U>paW8rli4Zzx;+**s018k#K)xVG{Wg}vhbt}oK`xH~ol zGaa2gAH$mQX6SY3-4>N}s5ve?aP~`->r=bnYawLDoE)Qp>GAQCC63vtW{*7V_ge1= zYKiu~E#arZjsc@pVttKJLIB_?`AQuQ5u#~y#);B|F$@P}=ulBO6AA3GZ(Y!0dzsFK zPSbOYP*Gb4seK6m?D^{b zuFd^~DIg^wugWp9329-;Hv&Jv$kv7y~R@J@WHj-mu-BE-;Pj2u~> zh=gAl1Ua#co}fz?KwIVKZ9-m*FIaVPK^MLp11%~E2Ona|-v5Xjo0gIGmxSYT;~O~} zS(u0dcLoboN+aKClh%>}DR)V-KDhzejy+tAGD9?w}Fe!Xwi6TI4gf!O9}d< zpuIU?>%IS(qx+7qqZ_u8@`#D?Mp5T{I+2(AfrJ#A_ychX3GpT!vUs7R%#hV>wsBytk%1d$-PX$=<|inkC@Q=@yW=uvcOrr8DVEQKT{S)c@L;9OKOiQzli z*PAPhz;M71@7}sHl3=aU)C5GIfc)J&AJ*Z6V5enH$O>HKE8%N^>c%^+Y%NVzMZX4< z#d<0*FZ1>-fR%bg%TP%zyQh`B)@W%6lfHh%au5^{pvrHq6D!FtJ^~o>dpl(Sho z!MQ!BeHS&nFKvsCA;xr{%?2nm)ay()G}cOU)mSBL0Rp=(+!u`HUj)m_u9 zGDt8p{GJj|x*-B(3yJyhCMPrVU5W*@$M64;?fLLGjL2m>sF-@5DH? zD3_M*gFB1=<+ewKj)m~OxN0yPy-|FEZywY{$oD?pXK2zIBFAb-R!1O zem|ouu31-KSLG2^USFIKs%Nl}P<8eH-55er=tyMcF!1yL@DbR}#^~tw2RYA$FvWqZ zvX8XDW9^3rhe`GsOWHS$w=$K;k%xnQ$J$-NPMmS(=U+d$y)dWF>LVM50dEZIuM|`Q zIe&Fw@gEyvSC8A-D#0@`x!1Kd_s+{rzsL=^P=5SitbIq-`M@%j*Fj0>;UvL)_(#9+ zXfW*S=F0jqF(IkM_^?0?Y)%h}uy{bghRiXW!(M)gvvS@OYygfe2Vh>Pi^&gMMoOYJD zTVll<&nl3$ga6UK|J!{V-Z``)t_P?4F~!Xy#;Nk3iz0|ifB*RS^ne7=CkfoYS{6O1 z-YRBT%z8*ZP>GEbFrHg$uyJynEbC+}>I*1t%m7^(?>p^oF~2>4O*r?j2Xqt4iqFlV zo734COyF^0fn1!_2grE=5C~vn?#_zh?M=SFYXjnD$H6$l-380kx1X5<1M>p35QPAW z-mBy3t|jp%ICP`00jPoWs}2$Zyr~oZcG71PO-+_c6_z6v=b0oxTjd+OMoiT3yyhb! z#f>U)TnpbnI4p7C(_Z;e^lk6f;iuy^-cn5AF$zs2Mc5+?s@ zhQS=9(>oN9hx(k>Z!a%9T$r65ZD=K0!u2GStbMJ6NQP6`4RB>@$yyt01C8LOzqA47 zV2Qgfm$^+it9tjCE2T|YU#f=6q9XY^eKfn7IxkD9D4K!!s!ozXR%0dLzdhTEd zl^F>@c}vMA5M?AzQ^VZR;*%Q!NJYyiqZo&klU49_9pu^CdPkhq7yY+Un%Mw1?$!*J zn_BA!%MV%c@f__wD)sy{96uysM)Wdk2AeP{pwF_8?g}w>lh;b(YHWb`%O*&`dZ`uO4Zi7!(AS5w3CvQO909=H8N59Sn>ZkbL2_dh%tX*Gam zGR153NKlC%R1#h&EftD>r4w2(}YY8MUdwoT0gXL>)lKCYVdP zR48 zJUF8I>~HSn3lC3n?!$~5!g^5S)+|iztGlaRraJ(vHI^3G);IpE$EJMq zro|dO2A>YJNtQp-{ME(57Y4>Kbbs*@@+S##-a#!Dfsk>l^Ca!?@Y-}u0tiaj8NJ7xNM)W6D zco{h)uuo^JvBjN@#oq7vk4|TgoQE9Ny~#ZeK`wtISf25KMvnz68vhZcIHp7dX`Mk= zS96iB%m!*OS}wvc7PeGB#teo1L!q6Wc_SvIxx)kPHOLV? z#uOJ>1NGU&KpwDq_6{x)QYAVQIp!WYfz0%xTn>_mb&AlbQhZj7r18nh@j)his&OU+!C_ z7qS+Px^|DNCeL>;#K9GOj>)n$=^$}hnqXPG>T*TkM~HxL_U6%ig3)+t4MX%TrSTL+ zo(LSR!0bZz$Y#p{{XyEetpwJFACXT`u&F{qgp~4s9ug;sue3m=AT3Pk<)rR7B=`*xH))z4KOnC1py=q zxh{Y1=ll}-A1wZ-XcD5rHv(^C1E-@WCRkii<)r>v$G&rw>kT@FB zP&imfkFjuBb}I9W0j@(OGw<3xZs7l3!?WY&LN-BU<>fVZDl1TnXm^;IreuxzIGT$=RapxwyI!1!YHqDZ9sSUCCPxJ zE2%!hKFQr9%z6DND#n>%WAPqiNsxkV57Ljg@I5rdgGFax)4wW z%~@SX2lf-*dz&w(*Q9QV{zj;^ikGUT{K9t;$$|=Fi=d=w!N#wH+78dY(>064qn#?}5tddU|XRKP7eQw?c zv)_Sg+3wGi2+4#eF%ocnJ3Nxz{ z&>ik3r=_7HBxGmeGG8B1MDYqc=Qw`VY-9Z!RXh5tWv)}WD>A)w=fmQ`(;7f$T;SKT zd7)*JMh5|9$%&bn8vrEY60Hqxv?V=Qw%Kbwj?g>#loc;-LBT`2^mhL`d+3y0S`*&= zopqSIx!IY4n^aDRK}Jo=eE*q~yOK_O33s`G8{JUliv1T-r8wAQ{}Iv=>IMu=_Zlk$ zeQS7jG<9^P^Q^-Bt=lgmZ6A9OYhg3O%P41FFi})DTw)b_;t%MH)3uu@*TQe#ig0mh z=@!z`T0qNCF#fgVb9%z1Yw+-s>?idSTe2xEXnZ>X#x49tlUc1Fwg{a40ANJ0E}0p= z?Bw{ds0UOw!FjA?H~}Go8feL7?ETD1&y=ftqyl5qqhn#oyjL*iP7FfII|Sa?c#eG& zb<7S8HRq(!FH*4B7I@1qEFPo~7~~`k)Ws3^Niqx#Ub7x9>|-Z?7RW};fpo_fMB-PGlLicQ!8qIL&GJwR}HI*gkEe>sHntiq zZANnQv!_u}WV<;=(oi~)Y2eK_g48^fGS&kxQKIrU0sctuGct#8TLqZ&TK4WrWLZVwi>1=8penV{Vz) z@2ENJ#dEt~K5U4Wua%;4V{IP!Pr$U{EU}XYdpT`IW@Z<$|5rpAXzB^g)*I#TAXdKM zT3msY`1t2G9$?wS#C^xzNQF)vuW)pHXYin@bPUcLaxxu8 z>?(({^qUxHh;YAq^_r)#)s?ljq(efm1ePoO7%c&x{H1Gw5c2TD70pz+ZxtZx(+&kK5+p0&F_5gFKUN{qt`8W+*$>s}~FX^mATd$Y8l)5!1C0+0hf0zXw zq{!(Sw0W%l9oV8Ua!G;uDo~+)2is=U=A{Nm$cf*RJff3`W#a!r2u8&WJog=2`aJvIqtOr#3$cqp7prPntaKcHVeEy+ya`6n+{|i4Y`;ONqW3#KqQZF$ zW#!=^m_uoP<#er7sPfmooe6ixV$QyCDyY{%|H{lmX>2jv2=#fcst1xKfH0pdGO_8i*>oOZA> zV@<9WVDhK22WsY`2@9Y25)Pb&SNdy#4p@B=L0}D(hYR*%%<_03-y^XLcYj0r;fw?#;8Y`m70CKnVgd8}2=jZz6nR ztP%{&^FUYRVfhD8V~lJ5M_sLzzW1L);TO1@S6f?J8Etw&PUimZ z9Y&jxkrw^!GB9led?sLK0<{i5X#{oe9w_oRy_fN(C!)aTS2jZREG;ijRz1Wgg|>IE3=+-ZN+=vACMET=B@zORK7U7nFhAh| zQxVzlHT-cy)Eel;HYmsat6#MR?#pj`sRj=OxpX;>AAilRjD}vPE&_(s?@70^hkr9H z`;Pz$Vka`Xo<%(Uh9EC4{X*1px3jr3_OWI0heWu@vXkBPYL=SgFv-g6e>2-sC`4_3 z^#mZ!jR+M??6^VdWA%Js6^x2cDg$Fh{->%-UlY-1*1?9Vbz+}-{nzhr8|n?7*1bcS zfDbXClzlRIy7i()UXiheqc6w^Ci)=b0w9V}QQ5~I#p(O~NB)J&^OgX;C)fWbbT01d z{4mjIkWxoHawrHbH*CibH9f-`jXEpW3{`&gDcD_<<0U& zgt+9escoS+;Qo3y@bq-HH8ZZ*eo?yKN5}M+%Y0vWXVgA&{{10Zy=B_}0wqHuhU`a} zP{`SDq{@J9THDm9>ju&Ar60R=52u*|qOF7T^`}C(DXuR|#UUGu!`9#V8^PJ{H>QV-aQ^pes%L?Ct1R-l?t5*vE6Lm{-3#~smnwZQ<8t?)n z(B&1?5xH@u)+_@l7}#QiOUGKapPK{F4#3j@)7Xj#eZA*eL2V&s_9GiZ&cH=wOKGb4 zhD%taZMLzr&pTwXnXa!uZ{ddEE9;LTW?U@fUNm%cPF61L9yfA>8JFv@y*GfSZ|fhKKoOAWjoGd_OwBIHbteOpU&ZL4fJ+OuuS0Br>2P zEqvn?>_E=!N70@JbGI`3t)81NJ-)-X0fQJjqT%PFpVjLOktlj$)1?Rq+E%d9@=RsG6fY^Up0gS% zX0id=k9nM5M*+!iCDBr!>>e><*ZW?#k#+~sS=9alBl~3K-(f?K$MF1kb4$g)iH*CU zE}$<&x2#<1*v|rVB)T?Z{!;TprMg8Pi|1P;b@GlFMCode0WKr<_H?4@(|CMEhOLb} zS6j@O{_&2$YraqwtA6}HQyt8aD!H-m95!2( z3FlYM0U8lUlIt#S!Vnt zDj8FVC!U|Vc^*;jQ6PxLEoeSG#e&6e2In16LD~k z^8Df56pff&X_K7fAJt(y3s98mC5>Xvgord4qd3qr-_r&bHy|!`@#{fqR8giC5vyPX zmV3$tLwcJtXZHWvuZS=(4! zrAV*I*x@`?e0gS)s=KkU{G9vhMSNJW3+CIAzjHrwn^ax)o&;G`ODM$0XX(3uQUFgZ zI4J>z9Ajp`zUzo^Mi?E0tWoKtEdlAZBufSBMYI)`0Rg$S(JQlF=!bRU8dal?s-KRQ zo&=DncUx?zV^D(kuZXU^uTONb447T{C^^`X?Wk0dvT0_9^jT^`t=OwV*Y{Rr3o+Rv zekR16e_?+Q0E7~^E1G@P+%TvNqrqSC3Cjio@~NmRWC0|nPFB@0DF!bVo9xo}SOedK zkTl{D>Z-r3@<{>6LeM9OdYa7ehM^(UbIr-}prwl*F5$rY7YS>c7di&A|LjBujO9x) z*ar)U3b38QpjF8U5)tC=2XW&|%-yVa6yd(gTRcmW91INLvaD)L<>O?a<7%}(7HOm4 z4D@Ccw9s%~n6PkN;9}tP<~oU+`voCxS2ZEwQ-@zQj3gdT->`Ju8OC$2e|!>Jz{le6 z4%gx2DgiMk*f%$~&0aGtEkgs)D(d)GtcdBL^WKh!7EB{gZ=Zv0vsoZyfamQ`6R_i) zJEvp4r)BjJo5P7i;DIvq5?Z?EAT^pBXg>V(4H7J1apaU+S+en_;Jo%Th?;OO0plHC zfd4pN{N?iK2vp5bJ-Lx)g(BD%uBOdip~`>*4~dO^8#p)&Cv0Rc%!byvDj*^wC6t?f z4Hk}}6yLpdLW325psMWlRPjvuAEpDwFw+x!``-?2)HJb>W3GdY4NF}sp4Yjxh7N4J zaX0^}*ff`MKtvzwTc{fA4Qul}2&`IH)qb{c8kHAOQ{nOjlgrUP>;_?~#)UqI<^oghgug;Ym|z=_K3<>9t0-a_$o2nNQ>JspMPA~VBR5Au zd2SBf{Zp;4u{mcy-^er0^78_-w##GHoOp@t6>^}IK3Zj8N)Z2o0~=0~c*buTh?=Zn z6wQ?KafoqdX;}i20ftP=)s0|UHfaz*0&H!;^ZOhudCT)RSzbQ9CF#UVV{B2tflahL z`43rq3Hj);;@wLL4>1567iaHhW`=rsA%{Q8L|ly3T_sf{acbE(7zsNy`D@GhU?kAe6|O&N1aGy$v0lDp|y#)K;!g~zQc8QS#?;^5;_WQ1YyoQ(tHh;Ul4;8#DbuVicWu||kBrYl0#ZmRe8o;=76&HVXvqlb5lf)mjAB3g{`K?=%! z!kdWJk6}?;^Es8u=zBdjXJzjd@^CINQp^`0k?6s7fnixss@v91T^=|&2YfyLFYO^y zdB-C6BzMk+E@7Hd9EEZxv+^hox2E(7Z19lj*~x>sHo{MdwP<(Cs06~_1isgid+xV{ z9+>kg=C{^0;YC8ln!~VlPIpq#KzPT(c_U_%*%@9e>Auih2{$GVScJdNQ=*XlY`Zr& zl5bih?*CRs*fZ8*exvSBjOcgb8rPLkEdK+>A41RTkWiVCCdcPEJZk|+>%fsh?YiGmXCv+Zfk>}KllP?*A{CCek^8-YM(27Ej!GN5>F_@If<9c6+fNSO@Yh1Vqc@B;PT%|@l9!6cR$f*j z55d+BWP~5Z7dD{m7kIzdQvD#j|0=0|i1g$OKE7PB%vWF}9wFHOqJ+v{Xv@$KtB|@j zFZ;&HE$8qIr!=ourl1}vTBH!YWH8(W{1wKXP!>25 zh!Kw>w>|ZL(WMtY-G+?_BXo^2v0N|P8kFRreS+dOQhykTiH^QV&|gX5At&uX+VW>$ zpnu`vZbxd;^4*$Kqtg?jvhL1tG*x*Mrt$gtd35P^Kd@o~mRPrEpbm);SqQKB?e0_u zp9vPqd@PCq0aD4IRriBAc}cg6!G;DVF5_{M^O}-U4O2$Vjisdv zB|8%)c9b+UFQ#aGsbQE|jc+ZoB_-~{J!6p#l-8xSi8Dewp0^_w z80MWbG%@TKd(74REE#n4Y@x{yo7sxiBi!5N^&AjCn>Zz=wWj{QC{Bp7E4A8hYGWS~7_*d#%p83CGzWe2)(efWH#fu@r~f)G=ha0i&C!<) z({8)@jOMC#;U458)PW%PQx%b8tLSUNi1%%pk!eb60t{%l1iv|V4SPqjsIs65ZGsqd z*fZ8RNRoG%S;i<95UFZT$RWiKCbXiKy6xdc(-}K7%@WR!#~7h>Ck);{fA*}tJ56oZ zp_WL;qn96>oruwA@U#86EkPC$e?6J*53}gL>?319;x>!dh<_K1`COFYPXzIzS`Rb| znT$&<;XKJx``zsRSQfznz z>44bW35_CV(@6Jo{Ez2J;VsO_<&lz-o=?4-ypi0Cq;cKf29!n1^`h(iaNE5beZ`6d z3!SPjjsIr-9_>9|`e|1lsu3ji9)D2A&N)VA>^vm4&}n_>{bsy7Yw={&yL+?q9V)b} zAe78kUcm4~mYl3*@!Da&t9M}DxP{q_1iY76un+u?ubt?#j6aQ4KT0}<$^w5>*S1tB z|IhXM47EM+v9EY}xYnAIH)0$f6JRnQ+*^u1h9U5!G^bf|j@ zcC*k702ssnt{6uY-~i_gW;yvvg~TA-GKkXgvtQdGe0rl}6Uk{hSDL;v1dx6iuzvBR zmv5Bh93H(2HBh=t5QRm&TH#Aqd&olKR;KOkl6^YgGkx-L%9EVz>zu>!Rpo6zl#FTD zdGongzLnz={Cvjm!VMp;GoRrLT7K8_b@yf#SMw6~+{O~~pT`d+gnwyMj2fsdpWL`; znrkoVGZL~A$2PEKp$~4N`4f_ldi|$){{Hni1}uj~9{CBXry`5udbQ4})4Qi2=o5*h z>iAw?2_HK(cYytG5SaCR(T!6#-;+C%25ReR8?rIW-PU9s=i$*-6#pRapZ$Cb4&SMB z6cx46mIfYKWu36wk(*Gy@L#EEy6XI0UiZxH@*ALLqJ;9 zjf;XF26iF=W+0wcz>_Ub!4c# zv6xZbT$iMAf-wsdEGW%O9&nZxu7=R93}*iDb5Oy9nfU8eqIJs=3U5P8ZT4l@Z21jZzAI zVFjJs8TI<8*1cU#zJSHCZ0+UkKy4IZGh$dwz4T}Te?Bc;R{q}S@u8z%-!?CIrAJ6@ zXS=hTrK^+q&ecJna(mqHIg{~ldQ?|35|W(VetI6=A48M6pOrNQ3*6WSML;D9xWi4? zZqD{Te7n}sL!odYNX-o`8y>z*O8%iJ>1FFXAgk6LKCkg-5L(#cc>7O2t%n%GHS=AW1CZra(CWX+>As?`pZZ8pq z5P`*93*yp-?uZsYSsQSwJS`mXsfxdsxgInXv?-oSn5j!3$P=F+d0p{O-WOD)Hnvz+ zeUS6`on<<#_@sYp>k1B!b?!@D+t-3I>h5iJsuc4rW@lst-}%2?fNnW;23ec7!mM;@ zQPfEcA1=E^m+-FnxRVMl6qVTAJ^aaX+ahld4>!Lfkr5mPu;({3hGM>yF$MhI@FU2~ z{k?om4PR)ObRb5C{)FGHP*`7L#P)icurG8nmKeuHK|!#0nUaE{LTEuikuKJlXaDaZy$!7(YBD|C-{7Q3;2yxmvN1ZgHfudXZ|*%!nsk z$kXIVFt=f+qF|!E94>oef3Tn#9NlZqxE%GKuLEz?b=edhT|XY5Tnbe%7|Y7UZgtyv zhgnz92=D%TmX^S1bv|qTpD3a%34fAv(J>BDmDqzp9-bc%fz9vxcJ?1^&=*FUWEynj z$KVnkn-{*RVc7DvmgcDL5FY=euPaMiSenb(p>+bPRLsceBB!^#rzn*QDJKKGh0Lu? zgQ$B7TEn!6;Ma)2kC^x0e^;bY&%zRVlJaWCg%PMb{T&lX{>p(Qac?rT+N;-yd_GsJ zQgsppk^-~tCUoO4>L0y30L zmg8822qwz@ixKAE5WnCx9K6bN$30@9c1~_~C}$jZ+zAwW@QL{1E5o;WPd^X6^`5V?XzydVTf4fGuVH!H@DY^8u&atA-z) zA`ydsh6MtsWHbc@aaB&ODKOkaqZ$6YmL%%d&b-7~qPycOhFjU~BMy=kN|!R)D6;Lq zPTyXeas!Gkv&tEx{uYM`8}!fQaEr2u-_H~sLpbW2Ao330x^Ee&d8b6?&IW%%td6Yt zzamWaaMqkjeS#7cGACN=?Y9GgdwY0( z-p9WycxW%wO=8j?nCUCI`Aps?C&=vQM0RSZqH+^YopiHPWP>tO9D%N(c8<7&ZEhUZ5-MD`g*Kb1Kd7%|-!6s+t zKG&A>A(1hYzDScCL~dPm4d4D=LiUE)OdOD zx_3aya_+}i`#oK#FuwqOp>bdmIf~_@VGsqZS+ySnN8*h84Xh?%;Kl7H6z&lch6Ez| z4*cs-4zk`eGlX1O+yCGtupf81(ps}#vkEDZ!QyTTS>G8MixKPx-7*)&-KnyZRvy{V zXCYqx>>xC{z*mX|(Tl7wX#cCecdH?!HKJSsnz|-@n%^1%dYjGd@P!>@MS>IK$18$8 zf<3k`@P4c@(^-p1q()ZR{OtZyuo)oB->Ro?o6T&BQdWGtJ@%fj@|65)eo7c)Ir{54 zfvY-RY|PYl@+ur25^#ESBtG6F z+OX63L_Y7)1`#MS`pG{qflrJijNURn`$rC#;;cpr=nU*C66lwfCMziAZ{;myo;PfOhPxwtH`p z74oNfCdIRCWBT6$LvMj0!b@1q1AKR3uG~dm-2eb?0?Nh_Nr*@<}o12DJD#IJQ@6o{oT$Z+koNP>ByfptO6V8 z-1?rEFbgK7XX)$tiAL?*_`I^sgrBS7t~Yb2a}rO56bCm11zO{iZe9$27gt#PyJ7=a z2{dBay51iPBUAB?d%oZqfQunT_186hiWApYfde)eD6|%Wh`AL`7>T;gr`^Wv4-P6q zFh&P>dfVHarv&zVeE!b{@KI%gF#<2cybzRE@#}JKZYqeIhRfvNzhl5uA=#}(P|Ir| zHzIs8p&ouXR@j@&I~yyCx6Cc!+Q8|-!Q?0d7CdUl6BUj!;dR7$I-MSftKFTn_L^*! ztM!F>4CCL_#-l<4`K`T8mae{D=4fpkXMK}{Dd&|7hdwoxH7(YbD#SI|V=T{YcDw+z zqKJl{>BLboDnd;0-&?~{r>oc0HR#K9 zYee6jWT(0=&|DQm)FzA?UwEOt+er-_ULIL?ES5*cQT&GK9M8CiB8R-tG^p_Lsdo5G zb2GA4zI4~oJZNQrnOT}!+4$803)=zlgRpn75BYSNx~h6lF(iM73e7q`KC&(-kIRl9 zg3X#!;k`(T+5)MD|5~d2Sqy%)leRA@^v%|ZQ}>mI-9!98t+P;j-W zqz+ICah)0TD{Zn8{XJ>l#f!BcvCotq5km(+fb0SG+=?}qtzovZf}-t|(`bpY7AscU zWqEuCTUOSLVz~S>tw&&k5&^PZIPZ7moqzA%AZ?D&QSd9ERnjB-c9_}(S z`RP0e5Ns2LthAkW4vk7^O1(;5#`Ox#kos5hs!spDM5|{!G9lzF@tV+sJH%9WAf5JJ zPGpX^g9R=c0MZ(b^I1hw{>|hR+4Or1G83vxJMX?FuWVggF*`SB?z8>yTbO>x>e7re zRhh!Zm+P``d)HZ3c#^=iSKK!*1|`|!+qb8lQ?TJfYiiqP_5*b~cD?M(oHGnFDSm}%)E<8jr2)_e2 zUbh%K*xv|Zw#@Q?|D+NT7*I_j{u5l%MeeEpGs>BzE4JC>9v>dmz7W+g zNgaF;bLK_fy9S6h{QDCTjy?37ZqVH0JT=$ub#zp>Y#I=Hqhz~pVx6i5gd!5$O64T_ zr-*oGYPIEMeA6c7+uU|FU%kP@#Yw+nILjj`NhN!4iRm6u(>G#&&L|eTD{(t1Ce4fF83G0B z;sR5`SA&+;|3;AVB`aLlboT6SMos<+Hg^9<3O%=qm+tQ?!V0s#Wd6)(R`WC@Rd=of zxgMdVd`3q1k^4&VWi@Or;9&~Y{m01$&(gXt9k1fkNzg0ngxu0IB-2eKK#&q5Y-WZZ ztzOO!Yxa0}CUHmjGyn2X+Qsd7&w3Y0d#;t-bH0o4Qid8xCHs5nz)iwFiBeKhFxH&$ zJypmd;PckNwBEW|fV|XsiNEWV#F&3G!k>wA;Y+G3D}yVR zY(>B};+~f=i}0Vr;SY?#o&xKd8EFP)Hsh~-o?hm9i^JT!OxD|o@vQo>@BlUrXSlAtAF|}CnA;1K5qsIu2jxLOH%14o-^(e`_#t$R&oygr)@q-<@ory zbt+qqQp^%`86WC{Vi+pP*<$@?dxfL*B&jRS-wNRU|gkC4HV;_G8Rb*a825trz)8SVH{xlmG)3Cccm4 z$zDS6`(ObW!vpIKH#Ba_E*)mORSmbe;f7$#W7aSw?|h^l87~eB{%82f8TwX2XzlD2 zg6;Ou7F5*w&2))d8I{|E9gg`%v7yFGB>#jQ8nsa>r|W*G7~kPk!1fOQ+(CFN2%~tA zMHhHF79_fZhc! z(Ud!o6n3Zg!d%-pP_K^YU0DNNqHWyGIp2%^E-dISUEf9MaHf26-lAScTOp6HB!Gv! zq7d)N{Lhvs&}Ic(t%R|U4MI*glyJpL*6k0^ZlC-u2GRxxFAuMK>vrjT7?xLJl5A5n zXkEUS3Mo0DEux&mMPWU&EZ3B4G4T*HMKx&GDg9428%X^}PDnRe(-d!tDGxO$9))6; zo0H{8UEH#aj@Y#iLQjf5f3WDej5vdExn}H!Npyn%xU@qe3=vZ3f9CM9) z)EEBr6KfWwn_uuOb3K38JQ+N2*PTzo;eY&CxH&lM>)jdi;0+T)(pST3@`rI8$}XE{ zGuW$#tQ@f7k5o>;If(Hz7>bYo<3cK%@EVcpCHLi2qOfdYX5ro)^3lwVaD+@$Es`L6 zXYGToA>8VnpDritm672abv1Q;y)j0Hb6vRWX#w9YfPYsPUz0AqQq%bjT38UN_u(%n znJ^6?j&Q;iD-k^e(j4YGA5XDNwu$MKg1t-;u!xw?^S-kuc)2u=jh-m--?Xt4&Xd!ozowJQj6F;h&Qe{*u6$H&` zI2)8u%9=CqGczB|+}njibn1ZK{e({8{t$+Totf;QH_wofF6L>ZNL1-ion^{DU?=oc z=sat2kmwsYbYc~`ibG2Zi$Oshxpb1O3`J!n19Sn38n#kP9dx;c7ai|Az%u~z`3s0L z+04}I37|`4=#FN8j*ig`RFWtE@>gSE@i)2b;ClrRkC7gyZN#nuE`Z(~25TmPuN*XB zl#si8kaU7zC)3cFEc1=2?U$SIWfsQAK$OtSu4fcm;xota(aYxdF98k-9LVIv*LwOB zo*p+dGryJ3D|7Q!K`hJBSjU2^335d%DEUF}-46g^YND<+nxJ?g@( z?9Fh)p%ghpBWymt#9lYlrJ`B%pV9;b)E{Fvf(1IrT$9hAB+I>fPDJ2k zB;haLTPe9$4)S=gxQa-bdH~l5{Z}xTE~hYgCeii;iHz!SX(>|pL_#s$?@Ek&`XYVL z=RLV5KE8AVa^92G*mt?owB;rQ<~I3UeI?6O)8Y+M>OO6B8AwWy5;{Uc^_D96Y=Om% z*j^56H6ZS!^bT$602EslZ*Sjy!b!n98PqOkryoIQg4|Hf3}5=ip`jEOrXh4u0%P!EMqD4kC4pp>{T=k<@N*fv zSF#+p<&cMWZ|&nsOY0L7ylwhEigjNqYN-C8RfJ=51zxC0iGyCWm?x}{sMfhbaODfF ztk1PPXCZF5wotX=PwcO?>mGmoYHX>@Ui(;|;j{vG^|96@`BkaJkKhO@&U!TaT_F0O z5x6^xnfWiVv~IP%_zea>VR|S^m?PIf1TlJni!q?zsY;$ zfBy3S$C~_q&)fgMpZkCKsGD`@M@ReOyz;2b4}N>rZeCLN>Uydtr4#wJd<#v#Yp4Fr zwbWHPz7&r#17Fkpo7tNbK3Zx@`aSxjyZhCJLSQNbHlW25P90}J2cU8E!$kZuTKrL5 zQc+UIGOo2KAu8nh6&?%a z?Q)xY_iH_`#v6a}oUaKPj{>GQch~*i?oU|!{abGVsqBUE$IV6mKerk90M1MKsp_qS ze@bG??4tPD6K-omm5}r2-C5E$0twZMsQJBo+NSvhQxih=W%iNtmDRsywWiW`g^N9_&W;`__XK?IWx_!PFFGbMpMeLfF1jo`v-!ZZf9q&siF~tZfs(x zq?_@^=7WtI2tl+qH;152wK1E%-D_BfO95ZWeb#iTYxLriyR>(t z{_Yqhj-gGD6qvK%W6KB{Mo*9-`%cIb!_aw_#K2JGJR z1umhIyb19FHo32*^=sP~IE@Oww~fp8NUbOr})c9@em|PmUfxQ)G_JXCbwX4e64>X6-H<;d@igUQvLAjA*oXw(v9~l@I;0 zxk*~i^NGgl%xt+)+?%bd;BBE*wgwK<$EA^P8(ouM$+c2y{_S{qw4omyWlmV7MW5MX z3VRN1hl)?DJ=_W&hqU@*cy|;6N3o?GTHDy_PCW~cj)uN#TMvDVAWTHz zR;HeIADKQe)W(9WoRAtzKf<0tig=EDPorKWX=bsm#;@mpq@(jwASvi71Sn9#{BlUWmdL>I$siLdxer}Y!EbyG5m6X*ZUTw50H#d z<#DXPL`HVNTl^9kzeQ#WsP14pXYHHAWUNQWEPGXtEP%(S!eHSa(Cg@U-mbNP8^s`m zKMdH%XaNdS4EbB)q?xnzhqpIqDaLP5Phb5?xz@#ySjL24AJmm+2&7^)@ykv%A-myc zD-CWHw)O^p47Jadi!SIxHMx^h?^*4RU@b^C6By>~VGB)sDGPCVxYF@7b9+@aRVn5n z?)lv1blk8uKKCT+j%Pg?!hM86g@@GlHSu+({zN8KR)80fXTK)uX$Qe&oBbbim|?DU z?j2@14#*V~J=0ZHO-A2$xTs~&^;QC;8tDDWHXCx7k`|j5BuUGO71g)NT^Pgx)BQYyM~Q+W>cI+T z02zKdg9A>is+0z_^2n`-(lPJ|Yl${H>m-aQ9h;5KJ-4QTa(Zfhh7HYtBIA_v9|n7m zT~Vhr!&*JDDoJIwQ$RpYO(F1sWmKFvn3$+=3he;~LVZ69hW8M<7;rK6$^S?uAfgJg zyXUE{#CCa(jE>IBLo@B(u?iFUp5IVuyJ(!AF6pb`dpG}m4T6dijF7i<#M;YO@I!ek zF7}I%izW5cXg09v6+KGXqyYaP86AYS-dGMVwai%06_HB-WD-n=1ns^`?>z2+ZRgQv zO5=-2NNrr`Y}4mHx(h6TQg(tGz_#?g-w1~fW=*>vsZqNtHI#-Fh@v81%Lrp81$=hc zg^3LOt>~20*xRSema59tY%H}lE8?}LfWvNJ%(F&fn3`?0;e_Lv1ZU8VXn$U)j~)EyqoVn=8@sbqX)c3fII#UPAlhD$J3H#{*bejU*k#GdHm93W{C#;PP&Q!Tr zOTL-3tc{onmO!vrX6XDmuN?d+hXn$2&Q;h;wb~UZau7$s>ISR{7E2pH(npp_uuCn1 zJz4r;Yiw4A^__kuvxN9JdkO`dkW{m`1iEdk#2u)ze+T=N8u0Xy9s!MpFvHN$D5y=8?hsC znegH~I!UtUeqPJctr^YMJ`wvIU7+*^a=w}m5K>`FB2SdwDSK$-Z8Au)1nU!Eqfdk! zw2cLLOw&yZsg(V4=Zmim5Av1A(2$j(yo%`$#8gl=V7ubZ`m{@be2R@W2loyqTOMDd zfB9S{wC$*4%&fLxLmxq4HaZ{B%*@}K(pl;Bg8skt4^`+#2N((*wUsCkojq7rs_a>E z?^jPXXYo5Ul}p2K*1JT%YKZ#Dhm~O|X=%bfZpF%l-<%D+#pxlV1hk`@C6QDO%)4CF z;irZ~*qDx|9X;Qsr`h=b?b(UT$w&!^q6_1;AX{3ye!y+FgIT}rlIgwZ;x(6C8dS9C zCm&KgCfo^dYs(_?=KJ`8uwK6E6%Q3(alLhXY3cj78jQCVzIMb4!7lsaNRzNdegxHL z!jI+O=VVX_bKv^nX0I4sh*VD~D_`=q)l^*;G8fLb&}u-i&HiDn3I^1K z7m5MFy|vO8x{FnD@0@jz7yH*3@f(|iElVH6weIrFXZjC753_TNIb5Ol@(m7cmB zMKsq6M&$EhF?Ak!BtR4OdXZW6>=ef2z=no=aNPfO>TGo9#7pHB<&J;r>CdJztRK&t zUBu5G64-`VZqK^ldg)6eTC6%KT;Whr7PfMO-+{D zBHXIrR)CRD`vdhNrotcXVjd{QnAwsUEqO9bz7wqN*no@vX zgyuz_vN9Z4$lMoaoqJn79u7w)^jR`BVbSa7yI+u-%>*nm7U`T&|| zl%vu`xq%@g($kKzZViL60|L3kN$uv4KuMWZ{0=A>ZPT0+dMbuVjU2|#%`K;HV#*0q z|E&4Mr+05kwDu)B-r`uual^8B#%#_Su2<4(WuYwP6zIbU-NqEPgOWxC*wa56)Iif`~* zkyaeT6xbZQf-xOk3$sMPmp1H>jgL0eDJiA_!LR&e?Ia}cFY2U+*QGJo7?~Kny~%gN zWub8K|0X{<9zK%}$Q)jCn195QoEO}s(TmmL(87Xv3*AT}1mmEOR6H8GMrS13jENGh znJFRgtR)z0g!#&T!G%IST^vJe|D~ z`XaI5v>qlc&{^3JGRSXTMtV-Jt4VB%SjdOvi)&n?hac9~1YM+sHZXB9mz!jwhWW;k z=@a}+kYLN?OV7SS{kN#UF{Z|fbu+%i-hgf+v}>3dr6NQk0-aru&$Y-Y_HeNpk=c;) z1O$%`q+7G{`?az;*93TTrYaUk4KVeWm(6KZ1el)W&g?UQ@G$?UBN6`8CAzY&ugNh# zg#rF&O*RzHgG2B@U>p*Im)mAKXFswizO}v{(*^m?&0Rsdk&JlT*x(gE;dyW%WgaCB zC=UDuOZ-jJclQi;gt#4018cjLgiYXfZy|;LuJDHQ#$jXOS?oHxp6`iV;cm z?~Jcmu53&dx%}qqB(uuA0a+^Zx!M@HXi(iqOZYrr7ZcK%_5MvVjgzu~Q442-Mhy{? z0e}1wBUSWL9I5&UO;V#Z9`?`*sd*_`z7TZ7{ql^Wtd`>_Nz#Eh zS{GTTNmIepFmE=swQxjstN9P62kf#qv3Xusa%_>H3)@e7k+r5fvy1`_o(YjFZGZ{9 zk_p)(+e|VXcvPd(WM+QTx25JJv)8&L`lg)a!^y9q9rY0$J_Ba#->8_TeHdhZp`4q4U2EhY zsx}BpOLrFDtvT@CgZ79TZS9fV6!}Sgp_%7WuBJxM2S*n@lZXrb*N_i@xC4?ERbLoX z)P0F*e3Aur$dSsL_b>PA3O0wd>99X&wm@AT2CK1D4nw3zkY^q?$@j#6)kcjMDh&HOZNYc$h5^z)yPd}eH-!dCg$ewLV( z-(7wt_au3XI&m5Dlxs=Bd_@{`Y&v>$^?s2U{A)#q*_D6tzMadxrnvD!^YyV;r(f&X z+1mn}{8W3p*1L`VkAyR4^x)RLlpB)SQe5v2%ddP!oo(T{?FB5%&-^i3Pf1}{hg!c@H#v;a;pF}C7X0GqN$nX#VfVgK#-_6hYfAF{{7;WX&qK-HC4<$* zv9Wo2DyPFv4pMcVkp)=e77qK^}O{v7vSbi*Sgh?ddxl6z$sfzVR!l36?&?|kX@ZsFHysR{VLTzu{` z7nF)@B2jUcKK`eYqM#bt2#h}UOF00Sa14@nfp_L}e7hD%*tMYC7i>a!ilTaohJbwr zL9VxkAJ#9rG)&Yj%>14XtXJ~?#`v=cpF^*a|5-7F43mH#1bd! zCrwqNyTP{F96&&{RA_#5+^=^>Y(DsVxrMEz6D9@p)!rd377j+U{VKC7E>DBar$f1iPzM_u)945l z3Q8(!DvDp;!g6Ze%AByzcrkfqvBottc^f-B>-)4aZ$Hze4X21=VA_Akxs?uWN##|drxBgkZowp`3-~H z4O+o@n1H0V*iAKfuK*WnrYR$a?vI=l^JRt{Iui0H`H~W@-MhQMPm3*@saVG$l~U2s z#XrhWuf#+e<3682XhA9H_rl&Q+KhZmY%9WOAx>HEQSGs1M!5{-`?TFz_|&&8kMLv& zy*dhp*6FVPC(v^9wzaPzJ4f@&E6Od}P5=RYs!Lj{6~8O=1w|%jfB0unQMcS`5FM@H zJ7>H8`FS?5ymsD+9d+$&OF#-w*d3Ene2>2j_<)BI3rQC0Vk{@zez7R29&iDfu*;0P^hV>ZJqCuM`KhdgwylfR1CJ^1jZG8-<>4E~E zn)MbsvY1BKf}#U4fQesQ;@wN-R;hXA*3u4!BCfRfH5Of2Fb z)G( zkhmy)z47(gXo{Td8~q0^H$5ZNX6|&5!=8J9I)`B7B253Ns05~A`crC%X;HiZRF>c& zImm8VJlbw*^Wr@q4ah+V%ZU5GqX`@xF<8aEMi4!l@mi-Fv`o8WQrA<)XvMS$4mGnL zmIH>zvwJxS?hA{4eU;l*s!IOp#v9h$EA|QsWHj}o6FhitpctbO^Q8}AM zOxVcUB?#na&Yc34HD;*%Z?vtPj4{!#1eJvQBTKJ`IZs?9_Hf@N_P8{{e~&<<8IA;7 zbJlX?mgoe{I(|;I)LKK_azht-Y z{M-U@>FORTA)RV2QlukjCBT8qlnkT3WvhK&V>_0o?RNbx^1MVY8p=AuufKn3YRJBs!XY8ih1aP4ndRK?kn;%{1`a>z9(> zCozjcr1CgDqLA-99v2@qbP!Iir@0gX7$G!j$cWsy@r8>p5MkMO(qw$WU;(qn+mqj$ zTRb)FL3yrY9+P#=%*;?%S)<{ffXYJeElf!F5RQ~ozK<)G7}OI;^Qv2;kshf`>1XAI zmcFV^JBJOV3@ANBzy|wXhAMgI<1f!8S~%7*7IT6-AN=G+O3dObwxz?|I2KXOmv}HJ zA@lrG7ib&|Bp4jbt?7M?u?)ce2@_&;cyZou2$J;Q8o?~bv+@hwbdu9D=C8Z!8(%lX{go08-BRMnzk^<5tND2zl;E>WG3KEh^ zOG$}?{I=(u_xt|NT5qlO^50$$Fb~ffX5ah1uj_MVAOk)Zt$mr~6kV8;>gU4WV|{%3 z`!ePjN79UgL-=sCi=pQQG}*BN6@_3Hz3XXM?5XgHclNJmhTSeHpS5V8Us zQgE&$nran_K=y zqdDgt$z0*fmwc%!_H78O8WaoXPRE5YU=9bE zO5jmtu;Y{kYlr4N-cHCCKuZ-jc%kRctSGIfsBzE&sbkMW!lO2{K&h*f8sJOohV(lND@lwc?>9BmiNVTvQemP#AS?5m9h36% zrF>Qs9zs&GMNPFIeLG@mY+INS;r5WUXUxvXM1>R+|MA%jXl@wLjB0V2j6!^4Z-dNl z;E+VTF4DbL2WG?S_7lN$_w?)nfwk~--3=JKBB_8g`9L%%IAUNS%NPyI$)#B0;OniL zyq=wNN2qCFa!^*jX>)6ePP|d~xNsWO7w41u@*k7BO4UA7eG8Kc)3Vb98lqFtZ@2eC z=^5_o(mzQG+}@yzJRDLVS9K1%b_6AkhN6jZy41r8@~wYIj)Tuok;=;QD5j`r;1FJF zq262F_EGFX<@LOI>!TWo4vReJJilWssRg< zF4%JII^)p|=#5k&cpV#JZK`*pw2#IhiS_OWu$?$SrzcDEuxSSmzT62yW)JhMkPwJ7 zh-2ZO2IB9<-07}9If+fR1_>k|jXzCRQ7A6R+_Vort;+8krT2Nx=$YG5t+zjcL{Q(N z7{wb92jbA$NIAK%1JOzl#g&x~)$g0BUF;667O35G*{7Yq9$knURqpJ3L-=H5lviQd z$Y$o*`B%viIh}80@q$_8jHYz-F(HcfJnvs>_(9-fV-hR2fL7n-`C)v+zSw;`!dvcj z^^0&%Y|9jK^10{*d%vVAL>(&k6~LLiy-meotApWU(LFF_(r&WJ=H znhPenKr$>MCi#9W9g5}QSjl}ey?Jnlot^Wm z+sBeS>MY-Rv%KBi9z~=8St*3=)Papmp-puePl1gpKuAi;%>jAsRTg~Re@FyQiIT21 z_ArqBl2%(0+%)tSkm|k_eWFQ81JDphJBd)s_s+=Nc7^to81ldE4X*yH#RH zwgtQsN2K4O2+1!<`J2?#@AsTrjX5Zx(~oru^FK0eW=Sn^Bh-Sno%ydGJlsI}>~76N zv=WvJyCh>utc~H(6T6jfWeFe9Fx6d)fTL462fd1b&-{Xi@Q^OZXOO&yK<_g(-aGZ~ z_a~;2Ogf~3iWBqNt;^CUn~F)T{e z+)MrX-17*}wXG`a$mF}Cl*@g606|&mTKm&cVUfp7; zqC);DkazheHM%BG$w_l?z_*H{Ib;r?TcJN_CNN97`I+xBzg02H+!mPvbDI#d(aM0bhT~|?cySM`FT!)48Fwh z=i}i%lveiqSI^?hdk?n&WA>;f=Ih*&`}7q)dGV%cR}WjuM)zK1z4UORx|0cr=_Q7T z<{Rv6Z(jbAv9z!bJ>EP7Qbf~CSJ3*FDS5HC`IWm7d%X>kku)yYD))P1BIZjH@RtJ- zA<%g4?phrm>wqj0qNDiPC>DT327+d}su#BQfju90iDt=u?&DMszTT>|r>aAOm8s_IE;}H^C+8Q7U`JtLVW2BsKLgTgO7h~H zjAl1OXH3Sf2oTU5pcop`67_ZQ1c6>n4b7{VuJ!a# zM`QJ?R~4_`*}2vt3^0CLLSnL#{BzCZ`nAs6PCIiC8od>xHf<$wOw0Nm;b<(q70TtV zy)kRrb~u`<%Hg3cu7{a@F!5jsHy#|s$OGyQ0fqV-S>GWN5vyP;>f~^pdJWY82d8HZ z(Bdn0B`HKv^xz=_45wJZB`Ersg}kxJ_sJ&>=YG;yk-JKJDUrd+m=S z*51#3f>luHm7S9l3IIzL}c8M=duAw2&?Ed@POuQHwu@OGIT=*Q!g?aMoW zPd*3UcyY;*h2w6?`#OU(jo@QrsB*41Nx=w63i$0C@x$GPY&tW(VY$2S!R)%*z)=*g zk&~DIzN$&wSA7Ov)a{!5DB;(_u?#cqLfvC{Ia$qIj#c;hD}kD@KtRPfDkbxSp;RI~ zXmpeWgdPxU6wh3k%Y44hZ9dQRi-lpAtxOJ7S@SY>ZGP%tXd;1M`_TGWs?bfH% zR-Gg@s^4CYStGs9T7vqf$0csuxuea8;DG#G)4NZFT;XlMDJMsmyt1`bTlOl6TO&UK z%K-bv)$fhRG6a8I^-yAv#wwv=bXW^4mf2*?>FgtulVYdj1d7kG^PXk1P+&bh>(m@h zexxMF;$mwwBibH%wF0a~#&6#=N52H#Xn8;DsbOh|?X_nGFF0SwYHAGw^HrCE<(oH? z6QV#x2|)KU6Kv|(%aLMr<3)?z>E+9wx&ed zFvkrsYbf{mPuw0IFONgcpHvgw;6TF7-HDn2hxIVse1p+pUQQU_P>hdaLmqt+;swc5 z0YQP9`%oC?=~y2A1>OUYw`rF3_^9+I5C76U&%xdo0^kz_=RwDDXBmP}WijRPaRJmg zqd8p>oj>NnM{QfY7_V8EHuF`{7{GA&^{^(dM3>(!2QkYN*9n9pzn`VSDt=ISeh5oD z(DsO!dYS|5p!&>r>Ru!{Bor5~icmO7A}J*9`l-{A?Y_r={#6XV8Vz=xs&1|!)X~<0 zT@SS_-P8jdRPDsC+N$iDxi8rbD&{GZ)h0~SBNPxe-Q;TYytn~fLPhl!R6g} zP)>v?3vQh-Cb{zMHy@c;%BW6_QQRFA4pZU+u<<*Sf_cFOV7B>MvY zK>XB49PykY5ihp8AxfE@$uT=$aQv|jRa_mQoVzmm*sMf@wFOxz*e0A7*&0Ax%%?gm!xt&(BQa8VmH!%q&r&f&d;N{K zcrpplJu$Bpa1M-;8%z-V+eIkcb`-uQ*}I32oM`Uf-DmpUP++Z!D?w3&H6GUI>pN!H z@lbtt_D437W>8@`vlYl{Qy#19EYZ}+(Uj6)Kc`~n<`u@qy8DC##Ziv0u4x&FB!8|Y zB`RMZYrxJ+0)@ZCLBkSl?>~O~iDv%kC!JNT?mnZALgJa!W6C_)l7<4pm;_1^nQ)S# zZ?H^3`6hMxrOVhOSJlL-su_8?>!)8JS}*z&X2awOy$i1SpQ)hD9XfZ9&&cv*N|lP` zfwbH%;3t^5kkCs`#y+^lf$A%(9u3G@TjAA|f5ZNDBWhnqHU7?gvcVC|pOjOO?I~8F z3XpuaW~(yZg3>ufB#FlKm1&?FdlY-v&}Ke5cT=I^6BFnG1}@UUHTcBR(v@+UhG!S) z^WI~LtVqo`{sXB^u?D+m42q0zR{h)9oK=k$YhO!=qQQr2E zT_ppeZ=eC~9c>szYAj!+S~crO?^ciR;>N2p!V*|=iI*9JiD-#43W8+%WC26wg=l?w zVejN*9;pf?O?cphg1-jAqZeahuw2^`$vf+N5@!|!GInivtzJCLFg0j=o@;J_m9gPs zjF<*GE+L`FJyXc1nBk63&I;Ys65b#-;mvEA{xb($^#giJKvB2)o- zx2`IZVjr_{R!=Y-<`?VMYf8_qD+xmw81!50eTjeZcsWsgYq4icH6=*n0CRQrzC|n3 z)yar5^m0FvN+)WdnD97k?|#HbIW0}R5`}{S;8h|(0Nh8uyo@c>UsLBXX^5PLKb}aG zgb1wp;)RLbj*{C_XG{(u;`K12J|T?2&c)EC(-ce|NbxuXT75^MB?3ee+BZ#1g5)xx z))qj9W{EX{@l_fe!SDqWAtNX`B{#rSjnF~;!|=0vVNGsYzZ2oWCqfZ6I?^{+1eA#0 zKRsNqyjfY9y`N*z%5FRvI|BlzH7W=(i9-!8;Px7)BYSfj#+7U7wKI8raOyCZ5wi_M z3iuoz%Y4GXRF|En)V&-o>Cl*{9FI5$O1v<|j|KqiC2bK1V03n~xwaoD9)1w1tfr8c z#>RW@prO=b92Lz=hTy11kfX3d0h(bjfXf3YPjKKsLqi6go}+E&JU8=%Xf?aG)py|E zB{LAa-KGua{h6K&KyJ%zfWQJmYwt$v%T1xBNqBm(V2N{|S^JdVUtU9Rr-SIckDn(z z%PS)GIbSZS3{S~iLTFQKBg_qfMC+5SBb-vM{NW~#tWLBkS}g8~25Rd8G=2;=`3Z^4 zU5Et$ubh^(Z%;Qt-Zzn9Pn$U7ORXqi+%ROn7XcP! z?-7?m8|a~GWbGSG-5);!Zowfe;I^^+(8A7}Dovm1YWl3i#OTp0GT_h@@_|&xtJ3c3 zlB3FMkh`6Qf^Z1bWKIRb>O1 zL#{YhP{55g4;tpf!-5|sM49axEEL!4EWflD(j#z;$;KW5%|Mo=zyQCv$Xg}#1T8Ny z;yTac8$6;hG~PR8tX)E}mbtkL6@YeGCmv=0=7V)7M_Tql%%M%{HA^zYin~FynS?vX z+hLvshL9^t118JL%Ic_?So}j95~SwP4z*gow>%6mD|DLbz53U_4tFr4VSM<%$gPWH zCvG)Au(tkfxFPLvQWjGi5y7vV6%<9k%LWXZ*n?Qr2@+-m(*!+(m0H42L7MJ$;z&p{ z5kzSdN1@jhv_t}&>;f1rP>jkO!72)SKljGHP{K6_pbTO0x5d;Q zb*_AL-T;ZU9RK9hs>Zd41)DZ4B0hEr^bai)#(O-7EA8w3Z*Gw8ugZh7{r<(T9e>UOU&?&;1~?kGtMhi-OtK37L-K)lcYi zBiR8H>*O2ljD|Qd#N|A<^+XmFHd%W~xT#AD&cC)qM9gn!oNeOtssTO3n{2X0&$=eX zYgFMp=ag6p?_6EnCvKar<_yw5DIHDY@_`7@(Fu{$zp>MoFnN0%?={r28x^8Vfe&FJO zu~FW+9DORcg1nz%o*#{tNHw$A*Wm!|wUjuL7$^vQVG(HkO!UrIh`MqT1^PU%`hwRa^j{c54)Lma@wQ=W?y)O2A}iqc@#%| zdkgCJEn-)3-?IL`nc-MND&3Kw!&2wr9Ui@^;7^BD4k?pg&lBL;f|D27hYY?c*LXAm zY;1al`Q1I&h!P94Qm=8Z2XW4{+>U;s`Z@RREneANp1ukTWtUwX!B{{14wHIrA}(>D z8{npd$u|%^6L2hh?;NN9k6kgj}rc_}<-B?%KD zANh`-|B=LWBVZ^@XUs^?2WrLf0f-_nCC1<_y1MWEX5y3s`#*Z*#1tqYDbXQ(TV#Gl3~p-vbV)0& z3hXvXK5SPP2XqiHc_?|^=~Eu6EC-|$KYuOZT{>N@@j$1?*7wqQgm!n`1N?DlX)?%< zN%izb0AIZ$B%M&l7kP{tFGU}bHq8$2nCc&Nl&c+D&eNcqU`{4hvvsYUA)H?pPk)8| zPQkQ)DDI9+FMVrI3V))PT9gluklBt-PR(o(=erybVl>Xxs>iO;pcuZI z8aEc!9;6;{sAvp3L4&J3IJ~}|NNPTCV)W22&2l5@woZZ$b;I23T$<1L=QhGgSrgLz zr0*>)0tk-or*WFifoDaWQBktF%sI4>ov?xeB?u^vZ?pz)`1Y11NVb43;5`ZXbM~B_ zIHc%i%ojZnE_!rv)IHSu*;p}z7sxQ|@a&(QpFOlY0+rP20@cWV|2DU(dCD_0Q$Iuu z&DwzTadCS)ZOZc8QEQM;bxkSp^Qb!pPzZ4xq0G@KSt_ScExU3rn4!|Mn)c_oNC%#E z{ic*W`?`Lu3)k6oPal#sHY|90L9BJOV62OL^rUkfT61g2L%rFKMsFJJo<`UQ8@}w6>WkhKQvTdkv$CGRlOAw~xB{up3 z&^&6$!0cWnNy(M=o$6&Ua~d*~D5HaLNn_SJp)y6EYR7Ay$uGJSAY9qawds^;c5 z&E-eW6NQN36RRy*eIP%lB60%mp`_$Z^XTza$g?0@+}zo@77*9VtEvuCGD+X_aeW(2 zY)Il>)=+s&`uWJPpY(kukcbU9iiVphRB=OVvKi-TurooT@IlBAXFSU=eqy$oQY7N}WTAwfmG)CudPoW&JBrK6m{l4Xo#uPzvfLLM+S;o&ah=wLO4a_> zoKOKOLQ~U^pt#-|l*Cxs%vaNMtgO#vWZp~uY@K`2`k)U-fTEBH^=)mevcUw5cTrHQ6{n?_;!(-@aUK zj01s;U?M1!=_lK+fY%Fs^sbqY( ze}5excL^I{Bo>yDU*55qm>9J22gdh^;8o|5|AscP$;Pp<<=Nf+Qu_1T#`x5-t&YwJ z@>1Rx;4W}vDl6Pvs@-wv!Skpb3RuuLhC`(~`R`emwTH=5QvN(YTziSdHF$Ad{Invz z%3XcnlC5U=NL_Iy|BK6IP50==gL2eb|iW=itgVF{}t4qm;U?8KZ}EIXgnRbjlZt^kHtUt^!Jtj t!wq87Izs>4{J*~OUyJ{*KdZACbG7-k#H{11^*IE5X{hKbzfwYk{};_sQm_C3 literal 0 HcmV?d00001 diff --git a/i18n/ku/assets/img/how-tor-works/tor-encryption-dark.svg b/i18n/ku/assets/img/how-tor-works/tor-encryption-dark.svg new file mode 100644 index 00000000..95e68157 --- /dev/null +++ b/i18n/ku/assets/img/how-tor-works/tor-encryption-dark.svg @@ -0,0 +1,131 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Your + + Device + + + + Sending data to a website + + + + + Receiving data from a website + + + + + Your + + Device + + + + Entry + + + + + Middle + + + + + Exit + + + + + PrivacyGuides.org + + + + + PrivacyGuides.org + + + + + Entry + + + + + Middle + + + + + Exit + + + + + + + + + + + + + + + + + + + + + + + diff --git a/i18n/ku/assets/img/how-tor-works/tor-encryption.svg b/i18n/ku/assets/img/how-tor-works/tor-encryption.svg new file mode 100644 index 00000000..f5b1e291 --- /dev/null +++ b/i18n/ku/assets/img/how-tor-works/tor-encryption.svg @@ -0,0 +1,131 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Your + + Device + + + + Sending data to a website + + + + + Receiving data from a website + + + + + Your + + Device + + + + Entry + + + + + Middle + + + + + Exit + + + + + PrivacyGuides.org + + + + + PrivacyGuides.org + + + + + Entry + + + + + Middle + + + + + Exit + + + + + + + + + + + + + + + + + + + + + + + diff --git a/i18n/ku/assets/img/how-tor-works/tor-path-dark.svg b/i18n/ku/assets/img/how-tor-works/tor-path-dark.svg new file mode 100644 index 00000000..9002c9b1 --- /dev/null +++ b/i18n/ku/assets/img/how-tor-works/tor-path-dark.svg @@ -0,0 +1,79 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + Your + Device + + + + Entry + + + + + Middle + + + + + Exit + + + + + PrivacyGuides.org + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/i18n/ku/assets/img/how-tor-works/tor-path.svg b/i18n/ku/assets/img/how-tor-works/tor-path.svg new file mode 100644 index 00000000..cb53d8b1 --- /dev/null +++ b/i18n/ku/assets/img/how-tor-works/tor-path.svg @@ -0,0 +1,79 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + Your + Device + + + + Entry + + + + + Middle + + + + + Exit + + + + + PrivacyGuides.org + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/i18n/ku/assets/img/multi-factor-authentication/fido.png b/i18n/ku/assets/img/multi-factor-authentication/fido.png new file mode 100644 index 0000000000000000000000000000000000000000..7a4a0d17081f34dc8a9109697f0d2543ec76c23b GIT binary patch literal 133129 zcmd42Raje5*DV}8SP4#%60AURDeevKR-j06cXuxYDN+g)w*tkXxVyW%7k76!Y2WYt zFTVf!JkQBRo@DQ}m(Dfk7-Oy-rlcT=iAIbD001zhr64K*0D?OJ0Jjf>hh3Q$^n(2X z1Ee9MYVHe%%O1|8H!igIUMFRRo(RMbGC0)jKG=lH)Z$v`)eH*83>8caVZE-88`N<- z{k*(Un_U+p{gt>osUEzvBVhtz7l*ed62E&Rs0R}SahSv#8IOyk!b$4OF)-)`mpuX6uw?!Wc@x7`2Z-EU4wy;*oAeTH?rBIIzc zaQJ81vHagOYxsC*I;tDpEMXhKwmfrUt1sN`Q#>VsIctQ8xH496=1E@;aOL2@cxk za-CDY$pp!ql30JaS|e(I0DK$Ia1T)cHlly_r|qtb+$zc28EiFX9t3!(g99FmBjvx9 z=QLN4mIV`z>gJ|~;$k87@R*iH`B8(x%3-mx@x%S&aw3RG1N@#cI!$;YT|9jfjPNPvi~<$HaP6F^ zl~sd*uX@LoK#W~q=GmHI zT#ne<<1j$1!C6;6Bq91q zNy^!nB+hb_>j74C?`QNY(gZEVdeKMY!9e(g?2^pEHC7-62M~&fUZHbHLVT3T+DJ^IzZx-4x*0WR4?LnZ>e%}{P9nMm#vGVm z{N~@O56INd@-zQcRCI7SAKMaOZ{5V2fHGK`D3v$aA1>##IOMEbJ*#A6`EHJFv(Mz{ zT9w}yEgOsj2vcf%h0X>*zM;`vQNCnO|GUpL)@Ou~u z8f{4hvS1`D7hQV|2)nyld`eWC#z@KBl&QK*K5yTkr!Xm48B$g?J!@9rM zLk4PQAQJ|NZyC{Bx|!jih`V6XHqfcN#%Ei5V`rX3^4Cbga^m6*h3vX%?}x8SLyeV0 zie3Nt;;HJ_oH^sX%Ansf@Y?zbI_aaB`d~ulWU6j8J`+wZgj+6B@;8`{9tLn?2KL?| zE#n>iw!MU2)M$lJY7o`~C4hw^xnNDXZS_E9K__A9Iqo?VL$J zR62q+OdN=6qgBsFyvNRlZThGyX3Uc2jEhQu4IyCjN6q5=5m|2bCHr+KD8%!;VwtjoWLLVkR+`%Yb4NzLAV>AcexfRLB>2-rJ>CJD+WjRNv{opVt0ww;7EKh5y`H9m-EfUUw}Cai3`=NzX$Vu z#NxOMW0rxv%w~`n{{p}L^PfH3(5OG2$U5kbzV@S|>Ah@z3mKvmi4m3^C=sy zBRiJv;`NEsa_&gaeSIZ79stj@X2yvO?QV`iyY|^#wWVk@*jlyUSXI|YHYc&jH5}WUcOaOzizqN^oYs)SVd|C6D ziRs+17mx&L`74>;U^4SnTD}}CDxL`VQ+>%atJ@^xkHefUnYO}_W&se0Fbo;&2BJT8 zrerK|y5AaSgAf_#lbFzLb%njQCLpRz)ViypD1G?ht~BZzynYH+2jA|zxCH$!3Hj~m zGKer0j)m5yKAIH%&dXXrqcZGpQRbOlZrq$Fw9w}?piotx_T9X4nk_B0wds&UyAbu& zcR%ggLnyO55_0XJ7ddvmX-WKSXP&bD(X5?fZ0{cebCE}qXJk&&d}aZF&>ExY%c~(V zQc4{`F#$PEJntD}q5dF({5c4u0)Qw65)RlDr^!J+Hq_=M+$pa@TqAPSb3Ypql;e??&9 z3zswfBA3&hU~NsY-uATm1M^*n7-HbKrVAcMF;99*y5MHd!-=f>%D6^Nr+y17kE7>k zdtMTUsd_0Qyr?s%Twn26cxu)o4^3A!L)UdM?ZX*+}K^AF1(BA>J|YVsPMSRv9Jx z*h%IQ%Ldy``Kt>vlF_T;%hX)~pHnHGWVZlPBY{~5>Jie^JH5WVyuwNAA3fre*Xaq52GYD;!IN5rhpEA)uG) z>%zZS{G`F;TF4-_J-!m~{DD?t^eP4zJX7B0?(X|C{v0*=W`ZYlSay53$(Mdcy+Rbg z7WhUfo2Q!(jEFo(g9suJksdKmZZzecHcOf(p~uJ&Na0^b(g$J#91((ib{ceMF-1+8 ztre>|{dc4+XutploNpp;mAM<=E5}tMQu8cvuSG{o=B$f8nEfLXLEGZrGFknRlFqw9 zO!TO#1dJ~x?6#a=^THN}#Sy6?eYhXE=F6S+YO2S1LVAKKRCN*ZN5uM!k;Dc&bIewG z4!6BuiNz_5=v7d&<-iFTVFSj1JOn!E%m{2yDSsRsFc>YEF2-?xd$iQt%2k(E71Ziw zzxGFq2usY0qUtUy_H2m=0R1qZfGpKuEd>asIS%m00T7a27BVbb_hb`w>076MV90$x zcIES*$>ufB2CxyqNsbu+kZC_jV*6`ipjX7mdE;yM3@-Gtu&9ZbsmR4CcVj90!-<9W z5{W+;AxZ;?itTM=Rj(r77DxdC$ws#Bkpt#kNDYA!J@*P}4oK$)6uO_6c`B#fnI$>C zP=*5|%B6rCIl*+4fsE85@Qm<~y@rLnnFKX)3D9|t(bG<&0p|%(CwOy4=B>rSyQQSB zVGEYv>=<0Ql$cG_ZLLWE&T$P+6FPr?3f$=Tvp@gB+Jd6E3k4e}0K?zFp6*q0p9nmL zi1Nj)_

m&S?{m!9=c}R2!@Ql#pJ{hSHP>7Dll003rbxf(#VJNizP;Y{kL+ryZ}O zLyEaCx=~$g1LlxZPsr>cJ<9tFpWYo<0%B=Caj;wdApAiT9GqJoK`Ez?E%#P;c4{oC zACVOY53T-LRG54J{YQ@Z{g8WgZadas+jq+I6F?~Fw;2T(C=H@GPPRN!IuY@ulOzxa zYisQ_*!p+VFu^%X{3DgkFF|?w0+;zb@_fJ^GPW-uNK=gDsIy0s9K||&1XQYmcI!`Z zaF%4!3^I2dG883Zv#Up@OvAgX%SuZDPb`O=0D%z=1aYbf0?bVyDEY@AO{(K7ycK-{ z1Z0qq5)Xgav)Oj9ef1?ZH}TqD8AtazgX?HaY`>D=%}<#U7OKVIhwRNl@1DMUFg$PiA6 z(ag>>7KNe!t)QK`Zu1a4WAqo?X0H6Uy=#Mg1R37)TXQ_t zC^o4mBhpZ)h`o%BI)Dfiwqe%)=WF7*o|c8G%t4akqpFs4%`K#g)ghVDKa*8EXcu5e zxBFn!{M1`}EO>iThM9gs5p8Yacy>QMKhM$Sa=HA^z^ypV^j>Yng8@{Z5Q5Fe{E_+|5JLH{TN}16OA!oa zMJUsT^37Ko;tzz}Yp~+rIVC7=U=}QzzDcdC=RF>F7ZvB& zQsbVYqBQidxg2nu{{B8ZZ(9KXsmd~`T6Yh4^8ZpoL4o&9K{?DHiZdKepWFR@@WN83 zg^9sU!I|o7@>QBrBoYn?!qtaYUG$+qj-d^>27D`qEGo3<oCemU~)Js-R@=5UnyZC^EDMDTBjyeQphxWq)zLh9}MfFY?L; zOnFN_L#7M?#sWefP|)kyu-OVA;_~X0@$iV$j*$oe${~z9?>C^Z@+!!K^E?4WB%Dlb z9t%K0M2zWZ1o|X`fI3Sp0K&$mtm=RZ*6$3~hbP;8!_#0g+s@Q@AC+Nhr5eRxk#C@| zSlDQ1qtgnnV#_J>+3256#A!}2nFvOs{3gywBqu`zV7D(=H1UXvBosEoHbA8Nc=C28 zB{G3Klz!ZKffN;&!u8(!tv^sdGI$0EuiqXLxl7%&yQ4m>4nd9;cQ-c&o_mZ?XFHsO z0q*PUG0G)4IqpXwIG*P|y66XHVru8f0%sHCV9acMHoz-h<`|6a5mG+;)2)(al;}Gu zqcv>@`R>S`Es~j$)pCMlOK;o|(wJ!%+JD-Fs1qf3HUKRU$es;`M~|2@r*Hywp@*#M zb7~35OpUY26rP1goc&5y$schS%Bt0jRvzHisWF2B454V9oj!ts?e1^^DoNJ5Myix) zrZs=~uD*Vak5_MR(_f2D<9GArOmr$_H%xU`{1ZqRA7&sK(kCAH9P32Oe?e6*(S5XsW%H+2{|i&hVOpL=7%3dp-&YP(M;~ z^1y#&mGw+i+`XvqqDK%Vaim%H9}9A3llZ>h^Q<{zye^%%A6l`oQT^%mm!zT4V26pX z8-?FP;;AzIKbZb%w5w}e-9~^E78lu=TfCipeS`igD^Vu5=(o>P5IxJhTaDGP{ML%< zFenk*Cs&}cikUn;i3RnLKhMM@_r$arIvkaIlA4Jw6OVC@Nf2UFi~(KiLw?Gurr*4z zM5vvag)Ocl$@mvDC8fHYiB=4~-Jc+xYmjCEihYkl^?$*@Vl0@4RK|iVtTKK=FA&h zq-Z`7ut-f$$9!>ynq8Cc@p{6GDey&E^??#fK2QgC&_xCU%;(=9uO(gVV7c|R(P{VW zhlgC(3~YN^#bAB|;B`E6N55Ha;y5I8g>EzJR^6{Gnyyq$3>6RNo6Cs_U-DwmRFN*k z*uZq8FJHtVs{gZH6@K=paMZD~<^aX5WCwnhnL}#is1;(&JLFR}A1Zh2aqM{!KinJ|9qJ4ExpePQshz+W9FD;O#sR`7 z?bjs1xc}Ei#HhHF{S$YW-rWk-KPaf1U@@?Pc`zHZF)>3FKGj+*!c#p}>)g1@;m-_~ za;yFA+F>0|a#d7m1ds%tlmlM1@-v-5cPz5j!d1v7hl8gcL*b=0L*+xjW))mx>@&O5*Ia$t9zXRa|4J}�Q|S)qULda9UPV0W!i@!~nv0piyxE61;ol=%%V_ zqrqdb)$&fA#R&nk>EDG(!xW34E^ua>lE%pycQhaE2xEk^Zt}T#T)VEnSIvLK%H?v=%Esbe3$jV^i1S(hq+fSxxae2p+Ky z@lb!cgICsWwR~qj5l!%e0kfOoL;BhJ`nZWK@q$^tWs%%~6B%I)xEu_B*PcF7nT8VW zY`v_zdyFNn!c=`>tF!#u5Zf3hKvUHID>{fS45u|fFV zY>K2G$a;WaBmiBUOf{GN#5jfM-)Pog8f03LNaJ5U^XZ_z)c!8Ufzf2RRxSw$Fowo} zZF!n5$yrP?ql^PCwB;B%IE^Um=|q8JVyf_LX7D94^&~SmzdNfR@=6k9B!SK z`B|2Ta}+^=%2e-jf|=nxWbGQ+gp>K}O%%u8gPS{jp1hoT6*Q`=KUPgOR?j>0Z4%E$ zJ=B0OQV;e{1o+21R{o$_0L&zomq;{Va+i;xL^FBqB|4lxxwBh(dz+`87+QP#Z0+O< z#JN17jj}E>>T9QS!G{3Mde4!__*NGdY6gI4<-grkTAvvfr(urqfdnxt^euHdUpP&A z##0FwK8*?jBIC>_l8~8Cg9$X2k}T+jJ$Q4U3{IcgRnrVoU2-{VbHQK$1&-mnG}bUV z6Qkirl8+<0jqKAC`lz~a;bwD@s*Y2t_*O-BbvIGY>^{~H>9J1B?V1L~ewkMK{;MLi z@uy3{6rEYsSxk{z6#5^&7t76Xz8_h&e`>lal9Scl1;K+B%_CJPgoRi+hop?S?B`uu zJ?6f#%FC@76aBJ|Qig*QXm!Y?(BrWG1A0Mt1#3b&2J zzF1Z2Z?t;$PiU6Eu5~$vb;Jpmv4JHnF+)l%55rO8>BqsC=* z1N+{wy$d|e(+}*-uW{x5g2y{zl$GPgWNDkjaWhyBOBN~54oyx+kX01-&KwzBH7fRn`Jp_Yr2shAA`DF&JGccmZT zuyn&RB5W z7rx{P6{$9CK=#HGga~bM5bcK&7ZEb34WHc@fc*om3oR7H1bqb*p-guO&ly_}M1G_{ zDCk`+!L;VgrG*#Mn!K7iCG8$|XQN<64rC=7CUng4wPhr|iS4Gw)iV*#rabzn=FbK~ zCJ4q34rf|bHpjyT5TcHE4dTW};jHp`_I74k69x0>HvY{?ln!U|(!ZAGbjtf)jWB64 zvyok=iIzO>`Ryzk@`JYIh3ICxt6wqwa&u2FyD8UuLN$*xOimzJ2_O;-AQM68wxoxr z(!@56s@35#L><%<7ujgP1u*7n?X#RX`z!oQcNP?_@RuW+INaH#YA)>z7)?Mv85{fn zdQ*l$w2a?mti#maGhMn}M*j4i(%>WGBC!l87S&lbETNK?!?9mW7K zI?fkKCzR}!+A02xF1njA+=$n51f`!e?yOTL-5fByQ+)2k)vPl2q(7%b!v+Tf=)AR1 z!a!G3-!}wu8q$CM9WtkR%kXzpFqA0%enTO=RgTizj`5OAgHRkeV3~dH8nq^)7?Qy8 zA6#0=C==fzUU1>#5SSg5ths!iI3M-5j_=6BwQ1R>Pd|z{ss1T2%~qlppTNod{~m+2 zKy^y#7aO6F^YcRQ-+ha*CgU!~3=dq|L=I)#-2bV=jnz{DQBjcmZ;dL%oU5_l>2c3g z`2Uj~wixry-^@#g{})IZL_N`9L;l#w#Q@FuO1DB<+oD{!atB^) z?s}g8f6oFiFml2)ZCKKJs!WP4K$nu1V#1`mAfg$O68hbwYHuQdFQ3k3px9BqYe zN}Ex=%ff-FY7)ZV>EIGgc6TFza`)FCc^wye!8qgJD_zYg3W^Uu{u>gM$i~$49}g>400l( z@)?QTp^X<19O!`!w6wKJg0t{Qj#+4} zo;L_vVS=;gRiXOP#R6PrSy^j-K5d#pZA}d^<*W;>Ocl|r0tyPsXom34gYSnAMyjf~ zl*pp~z%WRMKL%=vWlfHMPS>-tDBz^1n+gl}yCVpFZac9APTLSleaGkn&E zxv|(I*t!@)`mS_9`rBX(8zPA`{3IJy)r-!T+h{A>I*NCPY!@%S_j`VKiGF*BhdQ;k z%by>+KNss&G=L%%=eeyqd*3{)8$}DQOiof!Ixzf(0?MoPD3w)JE8WksA5LDzj%w|S zi;IKL+xMU_SN|$$(oErH`t#GYRawjZ6ZvCi_V0~z$wBI+KPyjOE$6d-%TrTz=Ib57 ziMt0U565n;4<&X!R$Jltes{SnC3@BGFgnlk5k+HU@~#i(FHSqL++5S|r}BlK_7wdV zE(8FqJ*a_eJEJd;{HssLBoEhD*H;vVHa16v>P14=717I%gG}-G_@YEO8}33c6S6E% zvoH64cP-J-JMR?`b}U|H4N#M0W@hH;_~iL`NBG6V^ffWD=k0pv&57UU$;-1<`oaF3 z(?2IW-KYo&1Uu_;V|1SQoII@FZ*#ky%-fW}EY&7sHeDvyseb8fv)Au=sM71^cp3IZ z`20A!xKo1*hTp!pJ3AAb(gtBC(YW~6R^&j3B#s^n{z4xfX`1K4y~S8^m@){J^KpluAc+=i&(phu4%oqqC5o9_i$(D zbD>SEkb1i-Da2metP3dKT3JcY361)wriO=x1RrERC|Qk*4Y%c3k4qax&ObB0xJX3_ zfdtp<9P_WeacT@dw!jJ7(dVWt=ioWM@FMGHd<|)&rUy_d6 z+SX#JBq2W=8j_**Dr|(H@lX6*TwLj+5zw9bS>4*l(#B)Y%W+BDMw?B$rx`oGsLrAD z8VM^{$olJo`TIFmu>2nXyj-k4FQ%Zp(yiTZz*_cuX>d9Cq^+$xOGZW_=y|ydYji43 zQRuF<<)#_JeivWnO%pHkzP8HyEaEfin>RSvl$$);&O3X(8SanMiF(@Q`s?IRnz&@Rz?L%U{_-kr~N(oYxMp{GNspLT6U1 zo)up%747P`5(=$n9LPQ(gEUGtdHq%%)!yChQmx*>cC**TFuD6$0E(q$;Yr=5tJP~j zB*m-?78zfY(awm*XU~#~inHs*6U`>~*b@}x6U7g~5K2RkQx4T)jor!au4aW{ck+8H z-_s!S!-Z-q*zB}kt*_!x#f5a^(JmAh6lk^DF8j1zTTu=reU%mahdV5{l+H5hIr|5GYSK!Q-Y$d(=2L^0poJ*Xpina+K$)8U{Sz6C! zTy&?+gf5c2j_dQQ3#J{GS*v{4Dy#R@Jg4{7Tb~wN|GMCo^p@GrtE8BKa{-nlIqJCn z;6&#!`L}UVn*je!o_^yA8rbEZ-})hx>vhcVP~hwR!^5Qtqu##0zTdgB+_p_N^S@2Z zM$>)PzwBK2`pOI-g6LkUIqGuny~WY%kfr_>24PQ<%l%ee?ee!<8l^g@0F+mxhbQD9 z1Iqn_BcI2!-j{8==k2}x3|kwUyE#eWWGUM00{?9DKEgB>-RvgmVC`CKpR;blo#BjD z%d36ocP1s>hD{8mnuvh5j&6J2qsOH2u44fK0q;Mju@F9ohn}y435+)aqc`YTn7De5 zogtV-8fD1-n`C6LjxzZbRvSQO z^S`&OW{N$wlkz|NTva2Wyefu;F=7v0?*WK};kJLL`4}Gn493;6vikkr#l^)xX7KB+ zZ$Q#lwq?QP6mB~qzvsv1nd;=l{;soFE+b_^v!pGh>eod|UFYPGg zFt;1RrT{`#60+OHm!o(`sidpxbK-Nuq+4@X+IWHtuqvs>fH$1GSb|WB24`XBV=(dL<8WV!2qapCnh(eR)g_kjSaus;SZQE;7hB)u^dy|e>(P=vCo=i#7y3Q za&qZlEtiZUU2b&40xVqyr0kOrXNR>R0kEOK%^8D&($eR&)jKjk@vmR3QAs+u-z~~s zsXi-&NJvQ3SkF()dw6z!fn ze5F~2&$Sl!Ua@v#&2M%FFl&Y7_TnAL+}ixHi`IAcCdj&m{kuO@jx!f`qCho`jEt;> zoRgDtW_mh7c$|nm1Q65LbwDETrSJnz8L~Z;?sGBB?RP=4`q+I?w(8q^l;r$LLs&xw z=0@aT$6K5EXLHS&l2r2*v@+t7x*qS)b!H8$;9^UVKoA`0$Jd0Eg=J;5tO1yrJo~wG z+TU28g?P18EC4)UcnUH>PvhBRUCJiY;ba)R1!#H21QOE*0&xV;KP+B|ms6S+~F!3LT$SLa96^1TkQzygz*Zv#$Sw{z{OO&RSy*Uobr88<_-=4$C|D{O z(e$aoW%YiByVhoL#-*hwH}}2FipIPoNMSMPBY(=f+&ekgDPfIS6h2BY#;aEV5pi)7 zRn?r$I)4$U{!ka%CNLNhY+#;*;9oc4aTkV;U5p>$da=zEibZabGVKbp$EoRAj=9$y zrc0g&CDFpqbJs_UFc|7MDtH4AH6i)x9Cok1E#U|=$N81IW_R)Uu@D$4f<69B{&L~x zOuA=oY16bdqfJagl0zs9+d|IB5bpzRtF4Wz@qUdxa{;X1)s3!4$o{a|>*+x@GB?B= zsJ%f24RcWAphW<%wM;3A$yu82_ls6vR&GXNyKE=T&337-qNXq;K$e9|Na%TV^;Y6- zoPnv8O+`upc;dIo;2Y1~EKCwER*vq;&791k6yet2>|U3Gmmz&+T6TkI%g`>zk>mS?}|>jE1cQ?YMpj&v>^g_!I4u%!s)2AEUd+tPi1p%c#;i@aRJQ4hDdq3$4&0%W1kvf3ti@OWTjnWtNYvd%ue`n?5ap3lr+I^Im}o(|wb7y(~$H+pffgwomo2ca!uBWD)9HaHeF9e&Y)4H=)0(REM zhnkYT1tTNpn2k}BOG`^LGuJ7tcWu2w*ZQieahMZR(gZvv*o7Yso$OjX`W#422NSez z|MbWC+aJzVn5BE zm_cCYND3pF#M9sBt6P*}i8|P?`?s=x43Z9qP@gqPbnktYVK5AA`zgK`m5ke$HnKnfzKxkEmq?b;-4Qcg#BO;@VEMW+fBYsis0zO)9TC9G{Z;ja-1t; zx{)!|vk6Ixj-OH~()p7~7{EUgP6ka9kJDGmk#Q@TTUxrbNa`B8RZVN9+IbjsjMsyA zCfgJr+THHljFK&;R*so12Bu(=%IDhI4I&P+YipLRuUqFZQdGH4rpL$jkqFn+2m>Up z$_6h5LWHqqpX>RZkHwk}FgI_;o+P{SL9$aRTf}wya&K18$Hv(h5AphNsnTpG-NM$G z=`TEZzU?J1E-R|-fd1iOrl_f^^1b~)-tsWwmFE*Lrde(v73@#P&L+N%q;V;0lpyjr z!7dQB`Q1(gQDC&>*RN9nZs6m1MTJra{p{>m2tbK0@}cE~M}aaa)1876Dxnp2iVMS} zW}j~>TaKR(X7yfR)MYC##kTO*FAy9x&N}@=+-Nka6zDclH5=cbbw3VG#Q1bSEXf2t znxJujk`m{8&s3#2p2!nOMMHHU)w42UD}omfH@S~9y6N{%>D$un%Du+JK^8Z`wp(~+ zQtq-nN;6{4>FFPwaG;%<+A^Jb$Hi@%vexH_XrId*e0==$gOC|9E$Og6nEQq?8n-vk zp`j$nB)<2P8Krv7d_XY>bw|Vw7Z)V>hke{%z~X$XBwn*onep@&qszXA0(EDZA_?`} z&%V6eWVGH5FqB!(H*Kvv9KSanFtfwzhzWRVi$*KT_2Z7hHlX(G6~oWosh_u|0sL{~ zwPG@~2p|U~Ksqj(xPubWsN-RbSQ@BsH2Pi&Q(o>XA1 zsc?Ue4I^e%Qsa{h&)YX6@k1jKqimQ%NtC;XPI^K;%jlTSK=Kn5l)&zn6wNTX>?Fs{ zM``zV?R%9n$}`#K2#@=Y!4nn-QGzz}TWWNFBRM*Qy+=CCZSKs#m&;|_- z6BE<$@GuO%F5mPBp(jL!&8~$7mN_6JBfom%U0IuNww^7H`4toL7IxN@pPlP^mns@2 z2R)k@6rW}YU4^yY4z{N9yD1PMN(Dz&brGSS=6Y*sf<`l3dRaI9%YFP2w zcPnsr!p+#L8)Q(p*J1C;3VVjbwb_9;w6S0JYtOZxVmGC{@|@5#XOwi{)RkU#PC`7)Qk1VT!bF8 zG|IMoBU*sow^*@xFH&gd&pUoX_;068iaz&~qt**mHWxKzeoyPxTwbuCZp@*ct9`80 z!F_%7u(0ZPblOhUFL#ccaSP$nrWqO^4+khX%>e+eG90W$7+Q{yXuxmc5p(Xb_|3aw8<9KU-)!@>d@-Sf${jQvd$yp06)6PRYWkK;m zr52MCoW7&3t`67M*9WcUlHpfIcW00NA?)|u@dZ8l4PS%B)m8dVOYiYF8F~FKe*m54&~EonA@*eQ;jhRXR2ZWr@ub2#u&yR64Vsf?*>Gg&nNh4CG zkHUlB9ZSZ;#5~KR#k>*ezyj?t#u4cP*@^Owh^ zo#U1RX2iAgB{CWZNUuwFVb_fBi`yn`pOQ{$#J574N#o z!E6bFe`hFG2ESWrY3VEM&GUB~sq;?9Ef2@TDcmP36%P?GspfdOakjX=B`+_8>E`O@ zWUgXUQuuy+#D<@cS?jhP%hz7ds}TVH%TJ;O&ZS20(yird>g)IFchX%*YdKl+poqR> zV{`V)=Le=ksn|!Xd{V~2EN<0~h?h%U0YNAa4-bjVx(h;Xr8_h$N1g%-_j2%SyRC1s z{2egZ{qcAA_D=Tpcpc7-HQe0n>{d@&y|Zv3gmL(CFe)*K!Jr+mT6G*U>U|$K zKY%8N7iRnRid!RSTU~9cY0XA2{S^}G90)EMLPsZNC_uSBMhFV`TL+f&{3IGI1)Y%+ zXmpeP0CIf0yZZccxNZkTaLi0e5M zZ#eXThlG2D%WY+8Q!@JHvLOGs^@V$TD9LJGVs0U9(qlZ8=crqAZo!)wtNZ$f&QkA? zZ(xS6r?}<$zNX$LEiFHa{I9T8vD2W8Iuow;@#BiqsGyIJ&+0Qw^=`B}fh7TQv|@f7 z!DKE)#hbCQ)4*=@=TofbwJ82$De5=~4;NR9)odx@XK!pk2uf({-LM@_(m5dwWY8PN zk{k>Jvgss&NL~g+@EZ*`@66Or!37DFBDdjfn_)^^PV+u$06(&AXPD^{c3f zG7>ShU_@#hc6gp27mDe87d_7iFv_>L&$qffxfz;89+G7;n832TEe?(HT5?)mSXdaa zuCbXJ>P9CVN#V#Z$eMA{0f{2wA+M_-bafY{+-v3f;=@i3Hoe2d+-Ycd7`=G~cnwx< zqNoK5C@Kvn_%v|dV_Pl>661}i2b&=qfk8InGLHHmPxgGZf;NRvzAMgKthnNJgg9*ik6BPwv zi-r@Q01!9eX?5{iu^4gem9&zc`Xq%W=EhE8k=A;(=E!^Y4kq&4!}NYwq;p&G=q0ON zb%1FkBR_a2*%jr;sLvql`qc4qBN@Uk_tiy-OrMWon!JH%d44{B+(@yO*VEI@>gvpl zX&)-@4`M9wN3gk7%G1~fEWxMCNj=K(>1jcy?P4tsvl89Ln&#%_yqbiFO^MRXA0htG z`NG3{%!5GI;?jbo+xe(Ng_ILW*5MQCV+Y2|Wd6{Jz2xjQenmuAz7O|Mt9zJb|(d@`3;Q?$e|%Uy}g2?R@T-q*m7K~ zRrxzUK36Cr7ZF$2AjaI<`f#d1b!RlKsI)+<%3S$vTv&1nEW?LI$^!~%hiN@9O+mLe zwtrd=t|9@u&0!g)oV*eC?Qlr_f=)OyJDs+FDByOi!nbUyeZt`@N{4H)G1tCcgzO|B?y23 z*pabeDWx#nUd41CURGAtZ-cM1t<}|iU=;28I&a&w*CCthGvxe9%xvdnbR|V{*5Qp? zw)&OJjcx@3qErkR6`r~slUgbqPud}tss9_@;BOOt2Se>x!Kfo?V{N;Y!4z&@4(V;` zI44rtq_A3d>89>Cy$ez{;}R;=-S~KQxL|-G1%ct}$;9&K>4%&LJsta4y2Wp8sP}7q ztnLouwT-Q1zE?$st7SRW)$d)l*xgK8`4~HRd3n(Z7-65OPcZR9?^hW&hSAnQJn#HG z{hG5+f{sXVHyR>LAD@o){mVBZT3(*W)igA`^kDC#Z6uWH<%p@A{hXX|t-l^_m^2%8 z{cDQ76GylkX2^){WCaNr%U&=1V#c$WKO~ezpT7-=zb`6E)L>#78l)Hl25yM|I#B%B z_rRCS@ATLh@ME`t9+C0DPxxtR)bDC2zQsTZEex@_-!k2plQt1Uk5FObtKqC21*SJj z|AQCk8zM+EqUMX8=CA*r1&|+0nJIbpd*fHkDvT8nFnDCM!>B=)o!zo@n>a#ewh#Gc5>247%ik5Wa>L(XVDh%Ix-Xbc6CCvB1WzY z(3!24tF&He`t1QztECreTy<665dk&xa>czoC4RIs7|PiFND68fQJ<=-i9HVT-k)*tgR+@w@d-FTU%Sp z^*$&7R(CTR`nJ$n76=^cF8@iB(`L_CGnlaDc5H28BF;l(F!qLKufRp3V|{B-Lyf7# zQD?Toh8hDgFvNh4Qlqi-z!NbTND`u@r>Cc-)vw`mJ;eD&3BqY*Di5KlG#jO75*O*M zSY0S0L&bmn>A;x%Y{_Y~yT=fggI*Vp7{HG;eGF@sm*!Bp4C zXmV}L-jcm9#Vm%tLax-J6z{Yx7wVq;2?~VNY`VIBhNWVgmd587W?EWIUAjB&)?<(s zu88adUo#tT|KPPP-)pTLcFt2^Mc_1xS{10J!gtH8V5-^K&E=49_AyFsXQwO1n1sX2 z>*B$PcKkf5G`nToi<4jI_|YOPKGCGyRfH2j2|^1b0{p4wQoM-%3Xq|nb(x$ScX(`Y zZTsDJe&t}@8$u$TBX2ncwrWXmHfE|(@Lc^o>rIM{e}^g2!3bDMaUYvB;75A#C94w& zraY7rEW+Tr=0oL2j|ky)+Wt$~_$KSj?815il{Y)?Yjqn}1wrc=GWqep?_Z z{>Rd`-g|2;c2hFy&B5-zsVU-?az)bekRAaQxBZ_SX@Ph2NmkUk5F>#-&f2Q$8!Q;f z--?nanJNC1l!A}#s@2Hhw9C;u84WQA>3 zp95-+^UbWOtq({il_SkFE9C8Af7!7Wuy0bCs6jyRM}kq7WQ`~@?DcDbiZD(Fs@L%o z+HNkJm@O|~?E;sU4o+vATW25gYwsknw;zt1Z>BXq^E&U2!SYQJ;ig~2vfLayTKn<(^*DE_4RFdKsuy59J)h7T0puaM7lc#M3n9rx?36s z_|wweqBPPVEnU(L@Ag^i#jh@w&YW}h-uLgiuM-(Sy{tV5?U@J%3B_4R%FhVcE+FoXMXAg$*+kwm3$ ze&b@k-wKYrzeM#`V%S^SAZknS@{05*a5S)0Rs^~vFH&JrIc2yXNt_+EV>=m9?oqp} zOK^I)6ILGbWa=JvvV?kYZR<%xa=j&Q3SwWAqoMp8i(g(|?%pa)xMYFT-0P=%*TpXf z*C4^ALJvcrnT$Sb7jimZ`~jV|W{@`#xdecCj>l2RgA?V^3sOeQc%FHRR4GE`03~UO zr%X+pnMJ>wPFck^GQ^_wn91?E`{CNL&eMhEjx}}Jeu*f0!O2;ESLGK;;qR>c;C-kF ztM(lqKI%7RC&7Q)?Tzjdx>@yi*biV8+#HE_uSep)^%sWZP1~6x5>p z#gqMa=6%@sAiAUvLiVPRUuZsb;S=vt^@TnE(;n7uwz&MA@BA6^EI6XAjwVqNw1K=a ztgX;ho_dLVwzFQ?*xDW*9@aQ|Eihun97bW`a2a>puZ6wf%rVZc-Y6ujHGx}Cw8A1M z2~{vGF`nTEM$CIx=55Yz8wvYVzTUOrdxqHM+b9nIx^MB(Q8~KNNp%T|2H_=u+MwVT zVNJB`D~>5ub)dk$`27tM(#4y}z%53L8!7Kh-|!j9cvr)`(M<2GOGi@+p$&q>n`wS6 zZ3}}%t@<}HNBw}%!Vpt(ktL$!m6@To!MFQp#hp*`qWrVrwk2Op69PL8%`eDugzJ(x=*3@#joSJ`iHV$_Wr&#))MEdPShpOsZN2m$5ZH!WZ zeH{~YZh?{ZZ$;GdA@SONOgBa#Ga-##$JAxtJFXdHhbi_@%a@@Ir6u$>PO5H;mX<#A)= zYPcM7(=ye4B!jh;<3WhH<$LG_$hnmXNDUV^-SH{4$O916)oSn|P-6LzO8qnv#fiEE zEr||do6+(E@PS~@He0hYmpb4~yCaUiGAwm!P8bJv0p7d68l1m;_l^EzXMWU#y;0-D z75P0wbbRP>c7F3)q(M{rz16lH)SodgP7uZ!NKCJgd~cQVy;X^1wd$tqop*@zD)IP| zY7RVitfd%X#p_Tmb&rLPr@W&(p2W!e#`{5LcG`kj;?#U^ij8&lOOTJXjX-S?HUe3k z|9A6nGt>JubZjy3BF#K zm>2r(*-srq0mDG6Q(6ra`AYDX(@@8tHvbz`AVEIni_xyQPhN4eIWq!{mTt#p9QQX! zo`JP_t4vkey%krQkd^rbMPg}K%p_Rc=V=x5+m#pyP>>3MY3;H zZJB+Jd2@nxZv&XD7sWUVud;ncetcEKWlH#I{Q73~t)HD1pb`?B5Fo@?GYN{>lv#hVpyjc0nXz6%^Yi6|x`Eif!)BXdRhH1S z=&RKxNCY0PG&-D}1J8;Q%PNK}_h$LKr77-d=yRPsvIA;`4v&tCdL}pvbBAYxLF}u9 z(o!3goIeV61>H6ox(oyh^L}m3rOhsPp%IJ!k)#rr=8|#uT?}qt`|ge2x6bwZZG7pX zP#mVYWfbFay{jA;gCMfV{wLxAPCU<<5@Kva4Mu>KqcBO)xWCc6c;(N6)ukz`rJ4QW z=F(W_^^amdE^-WiG-Vo1WT*M!`-&W?6U^x23x%Iv)try9IzhJZc!WN+W(MT_&%g0l zILJ|$j#^~tyJ$m+{wvqrRi>wi$^Im}&e#$n6d+P0n{)Tdu zh#=gxcjQ$;bpVPr=P+54kSka?uS8jCC1~T(G8yB@tOaMmqp_yy3uRm&3>MfSZ)~T7 z@Q$J<=}nH4ic-QiUQ_XRGP${?ghpg9mVH)#m45G-9@=s$$u>5kq{+E$33I zBK)3Gp*!tk;26@#rECZb3u9t5lTORbqzIQLB*g-!Oil(}IV8#il~K{TSt}}yB#A;i(?wVvu{}1zmFbAe zT#6vs9K(jDCrJ7{MU(Tu@tB;_QOX6gHh=#=Vq#>2Iyp2_>9{0Bh;{DAnEJN1lIGSb zKU&U`v^aN0itK;)=p8w^6aoPBo@@z3FNoFq0G!>lY+ zkc@9c3+Ulu!8fjR`*=T3W)m~(%U&xx%Ec} zJNK!8#GGl+no*VxHMRIA@8RL0l)|pt+F(i;a%g)!BJ^lwybLlOFi=43cCL;YDJZ zUaM%Gxwe}2)+S_7fQbOAZ09K5tJ^F@r%1-Gi^nT&mNr_lUI+~*@syy8m8p<-kz{5v zd*07zK!~@h?}cTvm4=Yf$TvtR`w1bqyBc{})UP?uk?)9Elgxm@ijI#*4?b zOc1UN3sYin=u}r1Hqkr&rw|IJofX4leF~J^}FIMQ+jOf3?=> zk;bRJi;9nTP8JFekq~J(j0QuUu_qWhMAf&>HrA$%G5;%Ere<24@K))i57?=3UyV>BBy2<8SMb9h3yJG9=6 zAxJ6x_XUy|k=1HF6w1yJ>Rfwqy7fXT4^`E%+OeZYz}~$xHa6DOJpVf&-tl2+A-^YInrC8q zzTWzHxj-)VaTQg(&T$*l_`2sC!}|b}>Xw$<3Aq;|-o0B}N>#^;Oo)J;;>a{6ejb9{ z-#8i+_miE^$&!+zxV!HsEsU-)eC_vHUyYjUJL?S zkVZpzoL0ig*cfo&nFA{a`}?jA+cj09DOp(@w9lj-{4TWpKyp-h9~ijuFjbtwQAS(% z9S#@sx@`Nq9vLJh6|s|zW~~8#O>ojTe@3z(A{>v!(W6a9l55dM&BKF^^fz!r z-qdPZgb{r$Vl(@#gVUZnbuyw35&#pL(wPy^GDM|C!j;izkW=lmh28) zd2Yk#cy!=uR#Q2{_P~}ptY6#KR`&xfm*&H;nj(@vUWf+wjF&4)lI`*c$9k!<=PX+I z59p@NtlHo-IY?Gts?fP6y+G1I!o%uCf>^z+(bb+th$rmd2oFL9(LJhooAcT|VBl|i zNIKNs)xw*a1WB=MXR~1auia-2SDqfPay(Cef{74Ge}DgtUtCUVX6x?dBH$?FeVHct zjJ;1n78dkOALn{;z?6uNJeoFtMo+qD&6%6@{H>#j$toaFR{D}veb))9IxhD>B_fte zT&upEl}ljE&CvJ{26LkG?>gJFjaczY4H?yASigDLvfz2I-)%7n3&bzZC&A^q*x@Fp z!SqF})_(SANmo}FP*(M*)Ys1H>hUw4pDZl;BZvUu)fhu5bXvxgT>_RH3$5^tg=4{n z_Qoty+aXcekGi*Ep>My6^1s4+2k%d8Qt!j`N*K+c4;ofR#pT+_r>IjIjP6BOy(GCs zo0;`^tKfzoXJ=z$WADV3CANr_G5HP74EZrkKv2`&jW9dSz`zhMkAx>9xI}f(;_2*c zV_}gNcZv!AV6^#0DYpso2@3KE|Ccm4G!!XIm)#zG?M&(PcRUw{1x7tMIAo!^Iyxmu z`0<&n1$4A;*oi49DaSKvzvag}_i>M`^c28Kk~B&TKI_^`OjS~olEMboyVbZw*cPAI z&^l%9cfAmJ-l+_rv9MSgH}_FY;~`7HDi1FWj})<@Wvw?c1YJx}Bu7kpvF68@<^`4o zAk2Z?-842$eBa9JhLNz3noPMNLJrQ*s)B)1CkpbY@Diw^p6(_}Oy#7$(b#?-2?AI4 z8&;&zu0gU~k9~*=Jwm_y_F|U##j~K7QqW)>b-I8!8*SBl7<$*^Sx@-L+!SbCC?hg>TJeZM}a^-g?5# zKv6CJS2+{o_e2H#;DQMozNG%Ha<}i!MELP&?)B|D4z%&|vb1=Ud?y(Qq!os=Wu>LI zS4UvUajMkmSdV?&i3L+G-=S~!+B#ayl$_c8n0O+b#>;1W%c(}5rEs{_{*1^s*N+$& z825u5&;V8rj`tCyHPzM5AReD^CcIaGj_B2*(b~!-8I|6QcCcz%yJ z+Z!7vI7_Z$a<5Ovdu}l6ZD!qEU0shm?kaEp{a{+Z&FS!NZnx0-SyhwSaW$Bp;UhNR zl-2fodVXep4TDXF8ErUG752j-nS^(j_-{RzgwO3t&~lrvYzh1-Hf`t{T9GR032R`a?$soX5hnOH4QFW^`&RTJkK*RF{*#{n`JSt zz`SvAM^XEnPbjm)U_UKBUe%6)5n#vZ>1i1C?M?&{n?LEf{!bPRUREMi`hPH^*HtAl zCh@DJ2`YVfD*wfJ zqx5XE@qMNcO+z4O^=|d1{7TW~kt+#7Z-I2lJSF+Wz}toqj%qtr*Md-B1T1(%Hz$G> z_VzR1=cw-tfr^r$l=p6Of7=RW;BK0D3aN@3cfrH3)ltZZKAH^=ImiUnXUA7w%nHMP zxEuBuK|0{MZzFz7C?Sh`-bU*G=eCjs;{T@W`(NkNzUJl2nE08P ziD{*6u8h<~k{T=||KMxJ(QH=H$iIc}SL%KPJ*Y;KJiWfY{@&i(SA2Y6|HWcSNJv<2 z)b8o1qB2pgTh7lS12bG&VzRTRnyn}=r=%jA_gn4S*|E{poo{f|FZ=JmG|RmY@ewgUviRs_khq7zjt!OC9fG?xl2uHIj)~t?xnIK%vtik6sl0lu z+;7qoIk*jxS;<4edr7R+_ISH5W+-MqQ=!}7aI?BP-U&)KV80Ek7X+6oJsnr{-eQ%2cAR$kTWcqsOw#d@Y(7i+Om7tkTN8Pmm%_PYZar{lgj}wXy@;}kJzacTYo__L0gn-ZVmE(e@ znwm-aUWNWE1}VH<)@k22%5y&fGkv)HP`)Af{=HJc8oLSNXmg#sK|&-&{Lo`tE+Q5W8!6Qx9gazm3_o!P?1Ht=nVJ^~qX8z`1kAQ$PVDl0 zANzqI*|I<2KwfZH{z?Ay(>t%jo8=C5+`^x`Q~J6Ux|O%oycdDiAg&NHe4+al>r-Fw zHs@!4zRwGval0jA6%lYv-dsYc1DSf>LKWlq&ckueIhQh1NB3Tg0c5gh4H(A+okVhHl%hA z4)@WZH?SVg^qk7GpsGq7w;GmYzF6eCz3euNDt@**rm3lgAO8m2)fbaF4-O_KCQB{# zj*gC8o#)>U1uZQt!EtXWg(IlWJ|70rfzMAadhMO>4yB4{RqE7Oo^Ad9`c;}|H~M)o z`pXK#p>LmG|LuxMX6wxx4-COnz=JcHzPm5jxAU{0RJb`K{(3Yd4KY0e6^-4ZREWvI zAg)!HOHCR^BHt7e>m%@hf>Z(qv08zQ= zL7q@E@kHV1<=z_2YPI;8uza-4Ydy-Ch~7D-s>4F0`W?*1Gcq#+ptxuTEmHvPHPF)A z%HK!F!du@QI^?LRVE^X4){~Ghf0`1Uc`P)xJ~D4}Xm@CLS@_!@R{7S=+m>q#x9f>% zz-^JMvGa6r$ZGs6nAt8CH9Xv1Rq569XsVSMYJVs>M>n!Hg5y^_j$sqU4uA#i@58a5 z-%^VkizwE=VbP(*FE_*EGg`PCzf)1}pG+x?T>k)h^7VG9k&R+ht}oWxe@H{|UQoO^ zdZCOJ%bFP^&zQ^jQNes=lN?_v5x zSqd$Tg1Yoy|HT;`AGu2&UkZN8w=~fdF+&UV-#<&0cx^$CXodVrK{>!Y&{1Nzt0|;1 zj}n41#mSmVXcO7}i9RiIr(Z54M9ncfG(|%8+ z#SSATu?mxtSm5td_s{)F!I72yAGP!!!K1a_u+E1=rx$|GCNt&vpnqYl?jgi$TvD~t z`E>EGa+H|{6MMYgINKWGP0FhWTPs0b?Jv#kRN*P?hU6F_f!!virrq`W*a!ebtFJTo z)sU^N)ll7LAOVBHeu=0mD!yPP*3x7zH~IU0P^jS7`u?Zl;AqhnQZY{Aw&&{7RR`|3 z!|4R|^?5csL0^_ENx$FUoXu7le>vZo0IgP|l1}a~%c9b_R!*FP*mgaWW=Rxt}x z3v6tlqnN3oQJZ4~u8(~Sg8jI@cGuRP?Ynl@5)^zm!-!;u6MF%6P*i+fGY_Fyt-w}46!y*L+F zmc57F4fSp%EN$NY*mRT~nroY3l!68gHRZ0AMDcGbZ{OSqN2ZJCuC3OvqkZM_=f?!V zNuB1ZT_)j+od7vH101gRpKer442(E=4L$6*TS6oAa|vmszKdfb`W$9pWM|a&#CM@9n;<0{2d-8hg$BhWB z9{66XBmd#|kyD4Lg&SS|eiM=jG>=xc4q1mU4w4aLZ*ZjY`7(x;5O0cHG9+M_ueKW& z*i(WxoZpbvbc!yM6gpjhSNQ-gF`m)T?u6=<6N_g_)Y<9TsKiHvlBKfkc36*3~& z>GpQswdPSH)UbVKSJ2UrRAx^MKAKyR^#z3cN_pS`-uLH$?x&q}|wbF8UadB~TDGP2j*fL{4Kt*94bn6Jh(I@%Z`}6A;=jH?j`RW?r z@HX#wOC*DnRyl`7YBDl1Dk>F5f_Qm8Ha0c^rm!UZ&*PJ~J$1|pP_rI|&u(rYOtZAM z+}zrfEtr^c$Wd;n!i28={rltb;clt$-@Vrhwk(sNN(b(+0sB}kcH=ankwNM7VNWx& z!1`Cpbc7hit5mf48-g1f8?^Y(L$D?RJ1f=O+hG0-v?isbg5b8YwCanW({%6O`8QGR zAHRSNn4^(`$Zc@&8~ae^h_!a)kGY)^s~BloI0#juqhn$i@zJG+e~ylh{;W}c$4ij! zYrG?T?j`r*>CLm35c=n6u<*gfO;Rz-&rm|b!)kmqOc^|WNC70SaL!8wYQ!L?7A%TR z*y4s={qOb=dZ;NfxO+!SN$!k8EhIoLkj^f9GO*y?Y>N;1qa(4dPC3kv@-2G8felaH zT%Dgd-z6vk!%+go0-G^t?c+E)53gfMA?ip7P+%l1cM=BB%&R%;^S)^)_Ly=i-` za)XJfsZaOUHLXXtU_l8$E1uqMYZP_e8piRvmKtyoea%H33x2+Q`ZP5&^UBbHm4%}j z91v5ujMu88<+By`Cf?5o=^n_L7`m?|IPm8FydEB=wrOjeOCD=PR=Oet^YbCNAzk)B?k8& zhnxCW%i>?g#zqfpxKw$#EHLyU`kQ5F0r<{#{_E(F;l%|uNbj)2==54)a|;WerA0;6 zxz14quCvG(#N&yvez#(@0y~hM;H3BG)T>vS- zhYuf)m_XayMoZJ4gw$Zxw(~b=<(C%7#hjmCLd|sN@1rRM$}4n50JSZ_hZQxj!PR#C z#_y>MoQkn}1-*Cv?($lPqM)iw8njseB|61_Wo5Ol-!8o5tj%sQA1aZ@kvhJ0SR}Ro z(!(;MaAXxzlEEDt{{8Os*Dgk_sz5=kInlEo8yan}1l)?jX2(m6gqQB&eQ@jaRX^CKqy+rV_}UfeCAe%H@Ozi)0I zAAtDb2-r3ZYIInnq@(<6z>XKdo#@pChHcq#=yjEbX=+I237A@3t)u-4QV0g)vn!l#j4q&@7wKL@)}w_S z__!S}&t4i$G9%lh3|B zIFSHY())a3EIF0yqv4g-yiSNN+$z54S^UyNQz&x!b;M^LPNm_t-dVUb{=8huo>)i zK!f^A!xuwAzt_Z(GPHQT+>VPM06|@_ae8~P5B^Kk)YRDmPDe#b9AHc_NW%Wj?H3>7 z;bCfKMrOHxecgZm<>vZJ^19mF?{fjjBIo`O6Tp7goCQsEYurWCl|O)L_F2x;@1-v* z?{swHj0g*-y1Kf=pLXOxwSkh76b&ip#9j0?wXxUYLY3&{+|t$W#GKS(emdHC+WeD~ zaPxuKMnk(YJ@xv}hr-XIyc0OKIk^I?SaUEL% z2fq{|iIA);L!jFDqMBX4f3QPeDVZtHG40$jH1yG|o`;C6=X1NEHK% zx6}&)L6(5ZujX?{AmU15CkC?@2|J}DDQF3_$NIuBp5X&$80 z+JXW0R-GgB>l%F zN|OaU`|6QHh-RdOje(#0s%y*pl25v6IH`h!o+BAxbxl#a;iD8^s~jtlNkUL8W0(?{ z#@xc5tsVUCul>e>ceTKJuPJ)jK^3!cetD_V$A}Rb5fK^rusz2o&!Xz~&2Iji2{*T} z@UNAXV>_mFW#JgA=V51OXNUp*LwYQ4paUwsBi%Y-+O8oessO(5^DdqWbx^1syM( zfw7GYr3l84gM;(*2UH8goP2A+i&j9J-~0Zg%CW^K(dugEgi&UuvKrXZ)9ci6)6_`2 zkXNVTl9?uVYS{jGIO0LkxSxd+(2I!6Rq5+y5Xh(T8TBq|Ri$x%(_5lUe0_!lW* z^xUYwGKKsmEnpb5aFJ}&^;MnCm}rF6652$}e9-zlv$r?RC3?4>UTckt z8U~Igq!=Q1!dz3v;~A-(6&bu<4YnCdsqEmiB>eHuPWzXYZCxV)0Re0*tdyjr;T&;s zLJSX%QQ%ilecakN7Qos7gjWaXBwLNJg049*2^Bv-5}#XIvP_?8zgkMoNy4a@Z z0Bws(-S(}R5q+@`Vk#HC5KN!NxZS~9V(Ms`zM}S3fzK$4bz%Bhtepu*ies zle^PY9%{=Q=Ho9DoV`-W8!QL~r!Sf46GtT;PpwrwQZ;JpMX63rymxy?Loal)tV=f5;oqFJP8dI5cUi#@}p$oUYMc~I)284`;A|6mq9Ch9g zb>0IF)SlpIvES2G=WTseg>L-<(P5SVoamrf;6)zRCJPIrnTy36l?*D4m)Zk($=iV( z@BEOFiJtl6(;}l249rwA8ygVU5DE=<3R+M<_{+yAFWpLs2Cj-_2bAcPl$7P=WxzZKS?!!| z4yi<|cr-V&X;%)%YzfBH!mUPXTeBBC{hsFfYy>G${3naw;$UNgPOW)&AaaT=!`DA+ zQej}-GKNn0UHAB1M|NHx&&N9)k9lABzIa@i?YQiz`SP$I^oVV&gnpp?_6B@WRQ~b{fo-zg`mixu#s>*jy>HxiTNGf#}~*Ak+6GeuT2q>1rI+ZM>&dD zjMEFSj#-{R6i&}Q5ar$P@f1Etg)>=NShCt>J)f3s-kbc%FP@~}b2rsLNT{5-E1ZRp zF9#A2V=`%rtAkfD7S99;aj3n^*zUh%Svu^U`xm!Lp!+FMt zCWg)Gw8TquIFSUFvjimp1aKp?WHCIbo(F~1n{T@M{oNZRjm%iJ^&N_mAnnQ0C2x8+ zoZBjW-}kp5GfaN5#ft}SI;w$7X5}Jz`^yV0|Ijcw$^qFzH9^X{z)&8Zha_Zwr`5rO zXxL~vul33Lpc>y4xJ3Xm1WJ*$)d>pWuT|gw(3k;bFd*u3s%va~S}uNlu{-7sug>jC zEb-1f)3(sl0u7e6Ubz;LmI9%Pj12N29;t3Mo^4}JBrQ4NSpRT4}SOOdd%QkJEl z$)85pg1CtZdNtv;(6>syNC9f;@FK~7=A5J79u*Z8Dk>_#pYu|s3`EOdas2dQ7bMgO zUEEQF5rZc5?rS|EN*t*G4zHYl?Y9<~RR{PRJp<85e_>8zU!SK(a1(OqH-IClu}Xn5 zM5oQ>1Y|k=lf|kpL_Xi&-?)N6U1?;_<>%LRu)lRJOR0)rGB0E{K{}pmy8zwaK4atC z{a(4}V37l7FwZ@wb}=z9xFjVbUutuk1g{ut7ai1?iJ=k!!WOXa9?cSVvzs1F)}5b^ z*?@=k@_ZCM!Nf}!pBj$Y&>2*u$Ny=82yqx_sCQ(hW6)%TR9hWpfSHpCn5HyjN=wu0 zb$ELK!5~-XFJ5lJu4Qfk#99=8mCO&FKnR0zhQZ$yvjIYljEszkh(Yi;YHVz@A3xsO zOOsY&ek3^fN#nkkf9 zvl&R1UI5mX_Hi5tH!F=awoNPP0olh(YT+dzZW^l&0gnSWMLJR_rB+bw8*RnjLx#Kt z7&)T=jek_Avc}bHL%6#a5~zt`rP;qJpR*C@Rfsf9{y`q_)rAP$bEpsJL@S|Ml7w3| z6BDDON5~Ad#fL@Dkq|>ym{2cW`6S-u z>x96 z@3vI?NeeC+)XQVk;Jf42;}@M*?NKlkMHX67*V|#^`>Rg(lV-oNiV88;%W@K}NvHo{ zNg5am@+QAlIH~ zFM7POjCmTfIw^$a?U?ubDKdf+iB^2Y>l*4LdDGxWS#0Os+Y-ZUKCqloA^_$R!31@n7QtY^w z9073mXG-PrpgHUWh724k|JwP(qTtEB)^h_^*9!ecpyz`~a1-h^c+W==4cW(L3;NtD zUqnntr;>wVDcyw4`{{3OZQhWb!+m=@J0$;vgoKlmldT!6#kU#o&6W>PTu4`WxsB^t z(f9B0i3xDVs+)oFRXHpJToB?f4UKcgm*fS9N<%fZ@x{g2>3J~spj)f90-nZCe^S(3Y4{#-AT9rIl;I%jlVYdrdyzjS7XWb|VkRets zhT8VCd?V*o?0R)2b#+r3Ry_(BwE-q+R+5qdnV-Np&~e~-h9us}vMInCLqb9z>py?f zzF{UD933=^x8S)sifAuJd=^n`*~ff5+W0WMP*WE3*|FFbqBAQ7mS7s*ZOI?8uB(}-=O>J)|N(}4}41fFTD z2jj`?2aH(~rnFLb?g3S;YVX3~CR>++H?vu2=NYmIQq38dbwMsaKQo=pWXiun zPICjvD=F!?XG2EitPm*{Co5OZd(BVaxejuDP<0ujh|mnxh)DQwx|wQhCCAFfwmp)$ z-7KVfaucjTabw>okDwM@rd6TW==%`jdQsJOdJ0!*d>S3_(r+3uSh6&lXWBF-MRl13x8G;Pbwp?tVx_sDWfe9>Br?GLzDD(q^TCf+s=*1qsPX? zQle4OHrK|hsNa}dldu5YK;Uh(0Opw=KdK!?K$x3CR8n3JlPyqSqJh?05pn4^lwaB_?O0O#$^o;~J*2aHFju14R z6pcR-`z_Do-_V2gH^BePLg;CIfT)9=u9e$kS!Sa!~+VW?M!i&yQ(4;vJyIK*QtzB_a{(^KUa zu(+~it$0LS)xxFEl#_g7O4;BCeCIgNpF7SqnJ&&$KxkRezgW>&M5htOEH{|;0`FGr z3!%sFc~UsOf9R4olOM0+nZ67h@M9?lX!`CQl__H?iKhS0uIM#eDNldz)p=D4cFTe> zlWs+m$3x1~1huubLEWnyYhT_3Dh8Roc`2F1q+{-1)+O5W#Ey$1Nf=M zVcxK)s0f7xGOlNDC4q*5*lpr3k6vq*t1Dh^U0sp}RgI$hKZ#SX5eZ}D zSOqGgmLQ=<1Q^Prmz1^M&DEHH?m+-riNoo3uPeI>bUfVjc{f9djlHAz$3H)2Di(={ z^;aWAN;@|07@@q@flNh7#Z?xpCrm%v@Xz=q2*hwR6h*mvLuhziF8F#xlgEcO`}Lbo zIV-COgJqDq-G5c+8d9Ml$qg`>{CcYshei|~^_Ei5`}}mXQb+XVe1V(Fx82QLXECib zWF5gxSCn^8cdrLb+k6|2`!&N=m4{if-3H*%k;KD6KP!IiljFWg=k@x`jVpf_mN%R< zYVE)EX`xCTDH!>gk9iGmwD!X7L2xji#-753@Y-+g=Oh_RGFH|I4Xg-+hsdG`^j1jt zl2vk(+eemmYE7>P&*e!gpm-W$9u_#RpF2ecrspelAj?8O^izazgX^uZ7u+a&A!(I+ zOM0!q4*cS7t{0HcaYYQen@z^y=j8efFkGficU|!TsP7XQdJJx7C>c9P)rV z?8))r@5P5S3*8wiu+s!>u4^!06>syn9}z#kuU%^W{GLNUB_~Jx^=see_6J~-Rf!&H zzG(((kAJWY-J0_+1uJ;x@`r6tbGb_J1_{M@4chf;SFpx!48+LLt}TAh7xx;a3|p!@ zQI&PX(PlU9u$%r5SSWG;@(X?)(I(OGfgN@SPO&8H_P}@8A7y=En^5 zpD_Y;Oma(0Vz!m{?Ita^_2q%w<0?+W?+%7t`VS#d&si*IF!DuB#Tm-`WP%k`CkQ!_ zJKH5ZC}XctHh0O~&Q&s)xXcynr+O(%J!tXHWzR)#2=G(KWwn??S423NcQA3U1BOVH z5aM?!%0-m{)WBjV>Kv7lI%gf8$d;`R)z}rg9$*x@pLkmYtsW7#z3sGpkIfBQTiIgHPFj4B|=u`UIEBU*hGRSeX2ZN_wL$B5l6)6na+oV2xSiA zC!sWa+T{!OQ4#y|x9#p)>b}0d|6wt9n8#|AL>+YmY^5~3D;|ZA7ZSp*8&tGg?G)^G zwlkblC&JvY=X_T%sb@bDbX0TDG*y-nR_JKeI}UySq?4rCS`ABs<5dr1Sy`c20)p;} z|F?=&05i0UIRg4~ZiY<6r^A&tTrW<7jyr!XmMw@P|IxdQZh#cW-(Bht1gp=8q6lV# zh(Lqe#@erZ!j{09U=R|E3+d|#cSxeNXI?yPOtf)LLU4ldApbHW8HSce`wx!%cgAO2cCgjv^lLxo1Ij6}-$3}>Ardn?tLNWt)U(r5Q1~~d0w*a@DAfUZ92t#vOF5@Ou zg>JfsUan+(F4SWGDunncU`U@-1;t{5w@G>t#b3f7$;2`_&@pE@l*OzD?!yw)?yDd7 z1JOSoT{2f43t#7@ooqBLA=%6X@#SiS8&_>#`(B>J*X-=qr(N+^;@7JO^R=LOrJV3* zwfh+_FK=3X>P@!a>S}=83$KGzu7}g;*%kNW_5PESn%=PIn;(Uw3WLj|qLh`D`&=BN zUVEO~6lv0!m}AAeP&TSpbzaQqhtF&f5GX1ro!VB+&d!24%+>ILLKx#q`6l27yuJ0T z(fOK@!AhjW#x`U<+Sb6`>3p9T_IQ4`;&=L!Xh za@ehitAxz_QF0V6N~lElN+uDO=7eDbN7beAEVJQ?**9Via}Zf9xe^VIc9NJq!w8{; z3t_Sp*pf(7I0Q)97toBi6}t~pW6)dBxwsj2UMvqz+pAy~0J{`1R+`T!OhNL!T-HsS zgP<~bJOlwd7ljy-fU8Vg$kgC+p+txIs*V`0+qQefyu*qXY1e*G*^pq6nbx5DQh+k> z?hT)R*Oy|(??)%WVbc2_o9{=Qd|k(UuG&urOCw2E%BJl!2Ge(UQDa{`{Yvc+6lvAR zKtRj57#<#e@u=$8^zGX}NjW-A)Js^9((dPSq+DFHk019MefJxw1y8#&!DTeF=u}l% z`C0goIbz_uEFjLV|Ji0PcM1~Uy}L|DqbWD|*0{hk-W`Pcw9fUYEiHJt`tlAN#*F*I zb7xKb=}dg3*7^z<1x*jN8-8slP%5$H-1U&8dH9;H{aEW|cDAzG8v9qSPf6|k``eWz z@$BUgCpfNy>;7J8)(xACCzIz>`4DPsOf;3CGxXJjwb>vUA$<{X;9ZZoMO@$WRjX*L zg*#~Z0aC^8r>%22tl#3}YoXy*rQ^f;Tq1Ebkhm@sTx3j(pHOuA0#j3@T>4UGm7CrG zf;F)Y`+05`aWs(Yt^qsX8h|nW>7xTz|E|#`E6OAizacFMxBX;s9u7QCn@XMc^O0P> z*ArntO#b&s%*$YwhL-pvuxJ7(?Fs!PT41!}cCRYuX=IxLA}@i2ernD2cmTxHPU*Wq zOMaJ_nD}ZfJSsgi)9bLFH&*OE4Y!1HApS$`k~`oZXJ)j3HFzFKn?(jawhzA;iMXO5 z|0A-25ucPJmW*5adp0$)JjDI-Yz%0w#qawgJH0oP-vQawY>x0t#$=2@e?AaA;KglU zqcaF`&F(dTmA$dUh=V9{mg5RugiwQR-*m!clW7ZET(4A3IFkY|aGsILLcsQ~K^aR5 z{ekKAr)`-vut{ZrfB8&|N8jf`kj_S${6lb`NmR1!^Uu=G3&?!c)mS5ZVG?JPR6|ot zTk{bA6kpzeMy{%_opp065XwkOL*@1vY>gfB`h!=IZ>3-#uq1Y|;$9h~R5aHuJ$Q-` zUOxJl^Sevw!mV{vI52)dJSMV}l(5;~vq)<$a$>C%b9@g5rY#+lgO zXGvyd5K0Px=8TD-?$CwBQkG8JRcP^I(N(zRsgb^*U?arPU@>8A*o~>fYy4)~0?rdp zJF$;wcxN|X6_qrTxCnv2kxTUEPh!V035G|ePum6cf#JboqtnNaJQ1`5E`iY0vB+cJ zV=ujZ1J17fwLb`NWmw$~<|crKNO8#j!^`=aU|h&`N8@{Q&#||!yBF)ud7mHQQs^2T z)lk7vY5Zk`{i@{7ieB+O3Yi6%Jae~~pfZ7$D ztxte@uf3(?ad5QGc|Uc7yuI0=b;)CBbe1*{vi|F+UjA>F* zh@T#hp8$i=9{c(>?brioyZ!D5{Jhsfa;`g`rmG&e0-m8}9?sZTb^5MVU?wI4iseGH zNaIy*B0Y^6UHSMVG~xmEQv7nq9B>3eU?K&G5@0ReR_tE~j|u-Zuv9;sh(BF}(YGjV z!(s)n{10$-T$>dyk&%@aDwset6j!c*^lzaa{KX5vOdcGRt5}Aya}UEY=rHujYH+4W z3*2bGp1VOL9oPs71Ifx$&N*w+u)36Cf$ugesuiATps}q(afx+lF}&P=#PL~~qEe9b zaA+|!t%-hqmg3!d*J=xED_Zze8%Nb>qsjdau6r3OnXBfXfa zjZfU|12T#m2l^mR3WfD@^S5ehbf#E|z#@87G6hKf=jOy-*`Kz=n(s|0r7%uBA9idR z_3hqD=~jGw=WcSQa=S|$xf-Q7rcBl6JF-CfcR0s_+A^&WpS?+n8q3^RK;eB+Mm{#;y0;wUaM zX;+8Cuj{5M0rhxy>{v-F^TfdtYK$r0MrFckBGXNA?%-HK$ver}mw2O>VOf3}sFWtO zw|ef2RSf<59WUvTo?-`9Pff-(0sUfTu$ve@WL^y}k|1Sh>e#Nxw&^JfHzMomZhkW3 zyJ%(R+gHD0m4o#`w2dHPMhL~#gAa#c`vv*loK)^Zt^>j$&7QHp2Pe5|80UpFF~(ge zT>$8Ea3}-U%0Atm$DeKDYK-!(qONonMd~0U`Jy{^gZ}n3S3DB{U1zKd1NtcZz~9}0 z!9bto6pe>shH~f|Rd}i8_v#6KxR7u%zaJ`P#TJBv&ACtgI7-j2WY4bvLGf(}YfwDu|GwLjr-tPl35+0IB`D>A%D4 zSER@43)rHFK9-UJ=br!5>gMYnZ)dHI^+|Dcmw~?a({@_t{ryfnlZy!s*PXY0 z1VOhNBNZ?;u>Fs~-{xTG^RSy___VTUX#KW5I|775!A$1)$!KT%8~mOmfg&|e^#1|R+E~a4qb9P0D;!#2gl#+ zu@?a$N|e9lW-|h7L(>#|?9(_5tyReH=VKW_=N>f({TcN+SRil_C4{8Yq4E4z@ZAGx zf?^0}Uf_^eaYj`W!G@JW>xg-X_iiZ~E+?vvJcqrvNmI}m%MsNLwZZ{cH*u5or5)SI z0?8ynz8!p%c6hX%$D90Q56nF0PKQxN`-EH0)}#XSv9K3FbQ8T@G6n8k<88o?#KqP{ zjX23sw+z<@hzkJPq&JW>0mEbQ@4eX}u#}CQvPS6}4M%O8FS$E>qW4c^?GJld`)qpj zDNtjALC5F&NSuGjx~G4JFo1Rw289B7VEgsuj%>;Q_phx!pnD6z&HSHuB_g~!J~QJ1 z#rdF7#t-!BPra8Q)|Tuy29gunpB!@J{kVGfRh;^ce~z{hv8 zn36Bk!}}sBy+R9gmjC?u0}ufJW%7&CWUv9aGGU+d73G)E6o}qZIiBdXhArwcsFCtx z(UORxOo$ziZbtvmf9>8i`Ne7PJ^${mDW}alU19Z!hZTosE(hx~grdaQ-nF&C%SvuP zL-2z(N9n#m)scl8$;TRgaAuy!Lb1F#8p3=^=waKLIjE8%fmtzE5B+8dEM1b4N(d#<6ni0RmU-V>Y7VHsiIB;P)=mlKLe6RlGZ zwdFBsEm?CO>lX{y6c#D-*?gOHe_h{rx^2yUI^NHlz(*cT7mw4n5p;o0L~`>m?u+G$N(rHUtaIJ{GacGt8+Y0fKO*l17e9y zAgS}SUaWe$JJGGK0`e$FG3t*hqd^C2TK)z#`3H!;RoiLc9bP%|CHC zpg}_cD%*4VTcbY%r6f_w!K|!oxq@$QMe~#SX#+;E%G{YJK-p3+feJL_SYh{eOV@J5 z>}67Z+_mY@G!G*{qX#;B54Gyu`FTojXU}IXzcx4z;5auB-*YiN$o&YtmguqjCPI6_{^PYGi~2~4pb<2i)j zNV|D{l(qK2!_Fz+zSHC@mp5hE%NeH}kZ`82|J>z&zNy&tEJ}OzDEd5UIz{3vSx?Sk zht>M@iA27Q3B*CQ2&UwuBVT6nZ zP63mi&=@39zTGX4%goFbLN8{m=q0<|h#(=^T|q)4PRQP1txmkdr&y5SUScVhR8ZfQ zCL>c&JR?o~vFb?r^O6;J^gz%VA|(AU--`l0cqy1y$}xGFQYW-@iM`GiQ2+vxkx#UW zji@@JG~zw3UwzLYS*zw$f|IqB!U`IsrKJqCvO(+I;riM(i|oWtnMAF_unXla=(j@S zQGikHBZ-6+r%q=7#xr;)1TI#iksT~nOww3m2$jUl#G$lkWvU`w5Wo*TfB#12e_iyp zPxiXnu&a*3YIoQ2k{v;=7{kL|^JMEF_cJB*(;BUvT|h~HrC;_EPQ#ic*DLv!XYk(3 z(M4fUlUb6HwWbv6cnk!}_$f$o@~?bbIZn-ISVf=H>9<`#)H(eP`O8FK%oRn^1H&Z_ zq??)9TjFp3pU#`t1{5GQT8Wd67c1Na!w@KZ2N_3xE0v(ZuAd$e;-m7o@(Pp(A*eN& zS22gJQ+Ij8TF@mk5%Tp^zQ=&;C*`EHVQ7tmybICz-g1Jp1dB4VzC8U*6;A7(B9>VD z!ELpkFWaiDfX!#^;5N)~qZ8IubCuU2=dS{dCZC?pn*xS=4!j=6oxXM*YyVt-+6ZQM z{vzvkSjQ#-Cnk(o?c5^b5G|4InG^#^j2I21f^1r^V(sDr2E|Nw7>K#auvvw3vo#YViakUAvgX z{%sWjFA9xFpFsFgB-Ov8DDAc+i0Bv^XzhC%LC1EieilEHJezU)Jdy14^1xHE2?{9ao zerFSFujrmrD>1;-%FAwWRtW=QP5{@K;rY(cyii(BGSO?%jaZ?R3JE>@?y1c-qV|0+ zeAjh>IO)D)PWZ6FfzskGl;-eq;X^AQBI3O`5syH6eLhH>-n(|Wg(&(BZp9AO=XJ?> zZ%;8pY42MJW+V&}I1rp10nHaXz4`A#K}4_fRHl2pg}=`&OD0~>=iL1#$#08KTdxMI zL)|iElXEL%%Or?Ym;}sEf-XEnuoFt|nx=gL<1;lz%9(&A$AcW%f*=-=EIl6$v$zF> z#^%(578GoyOddfTJp!f*7E6WIryxn@tR(Xl8c1g_C!mIyMKb@ab3N3VgByc@f0UL+ z#ghP2EeMRVS#*TPf3*eMPd&|+snQ|8ylSGikPZx&>-LCS|N1~hkecpoL=U|CNuPJP zW#q)Ie>*O9rL@NHxl5An3L@hqY_TWNfF*G<4ow@=_xA>lU8DIeu75wXf2}(8{o%tak{f&7*^nyp!orsXa}!|X zF#DHk*7i;I03EL}ItU-}!3O*OC%}`3z#EdT=g}!6n+770+v%1bQ0Rco5KOq4Ka_QGc_21#MUp&^m#c+7lrg$?%)OZ!&#EIaoK(PvaP#eSpkwD*Ag5Lo(d1sihn%8io zfB*Wb;;=5wzzPHu;`f}dhm|j>Z#4f0(5^i=QwzxF#F>D zny#m66z9i`5HVN+^7W7(XCeb%?)i~mVInH9sH8tegvgK+f`iQx%A%20low#=n=UHP z>C$5cc<&BwMUvD!8XxdPi~3xFWB&;s#ww7b^(Mmq^#~)?hQt{(3`*)a)#ERtuLLA(Ev}J)FlYs*0bM52HmwO-hDzRN5yQ+_V(uu49@{-1 z5$}?H3E@hS^rf#!e7K@xa&j#AYEUdBXx0kw6&Ism3fvz(A;*r`?I+8v`zSGP9q&?! zCQUx6fJYZhGt(o|N32XE(lcVF2dye2V_yDy`F_Fy3Bpv7Eh8yOrYaG`RY7J*N#=C! z?KEJdSp_`j@4AGEor@d-1YO%LjTnk4h%guYO@6=!(r^u6fxNp+en_ZuV0+&Ozz1iTnmX;;Mh6xnPGAMvb*TUc=FQwpE<2)a7 zpc^S*G?^H&a47sD$6&tKV9#*=%DppJne;PcX+u}8Bl1y;I?J!|wC+GYs-~zW2_^vT z8>a4ZgRWn}Bmwh#c?E zNEz_5=_564Cd#8Htaba-xzeY$)9v1v&>ff0fvZa}_X$>ZG~)M76aGfq+Tq_QJW?l0 z@&krAULyqr5S|!F=J=Cd#n5i1;D3@#bS5S+!GXf=?SH7S;lBM&z16(Y>cjo;7^4z2 zc}N{%#%E6^pyqiUI1-5sJ;iS8ufmeoAe|IeaV!0?@JgEvHgBEeyN=&k8B&UkO;onsEFO^q(;K zN_LLJ&6FTW5xpWd$l;Ua%x%}4iqgxy1I00<+50#*G=OppGK!$Jw_r!7S)FU@&4O8{ zT@)F!KpRy^AC*Wgo5&ZL#2)36*e_dgA~`D%iDMU|m?&v88=Nt?bWXA1bquUID8u_t z47(8ExuDBPCCN@CLl?fAj>%_;RYx9G`^|Ct4^>B_xP{P?>>fB;OT=(yK0HJ*A?Ip} zr&IE$3ZA?T44lnhMc1u$X0sRszX_I!8OS`Y#r@lbc(}?)=iX>!2zyJxfMz~J9gs}axRtqyOuhg>spy{zOuL_Bai-UtEl2kIvk%TvEf*y5;I&!CZ_Q0iW-M)18 zz|EVS6ZPZAWa`=lX}UgQb*>P$YK+J z)Ugq4iQyQxeULMicW}C({q8tscNhIGLgIQqwT25QyNBTRy6TrDpLs+1tB&Y*!JTJ_ zf%~nwXWqGKQ~Q8FGVW#WzGp65N&W0EXMKti->qZjPm*Tgck8AJv&fB@5mreH4&KRM z8)*n(((f=tFNR--$e_3gfz{wknNT+cua*F6)(-#Bw#aSj@V&nVZ%zKro3$M!-68Nw zb(r4YnPyc@JI6%*b}x6mh$Y32eFo=;`Nq46VJE!*a*}6qbUEE_?+&=ZnoCPYfFUC? zjj9ed=(ZY-?8D&ydWy;gNIAw#dz0w<;}nwTV3PRRxo2d*6J4A}K*@2%RxF2QK+?!B z-31*OB-zaH->5PFXnCRqAfUpK7-eKWovtxUOG+Bo8|dl$w`h%s@!o}`=~GwF-q#g7 z^1nRl4)R?%Sn$ZFXX2;iz3j4y>`~i%$Zf`@tFeVYW)DKv?dz6Ni|B#L%ed7O zHS}CNFjodr%*6Rv)FV%bdjLt# zhPjPDl!1cTkm~B8{fIBrWExmOcfM0&_{f20h~mEy#WBGTKESdXaulAr^2GqXA8JA8 zX)RjX-8e0bEz?-^-NXnYKN;)kbbY_G-kS*;22V)q(*2Q(G!oH=@juh#B|@`Ph`- zj(yXreN!R*q1#6k)+9dkK4oH@p<2ZQSyP*Bo-FU3@bKWTJT&N)^-@|0H(nQ9@~GWr zF$YDTbuB;HP-j@oVB~(ZE7OMxwg8(0&)zGS7#w)yH6YQ0@oZA?7tzdV+W!Bw0OFYU zx%=L^`%j%LBJ?H2$%0q7p2W!`;}WCRt~nXe1BuBVS6mF<@x+szU{KY6L?(zuHw!F6WqYGn78;+jkp)CLf+&EXSlU1KOt;`g z&O#}T387;=Cl!PmEN(p!(_IwKm_#$Q^FjccWz)W=Jvd>*+ESb)ba z0y%D_#BOctHLC}bz+v!BF_AtlmP0_+gX(ioM&sCPSut4cwyOj;;;(>x)V)d=)s7Np z%$K{$qg?fh{MiJKLCi0e88XDCyHi3&W#K&W?>dVyC@%mk5;RVk~-I0?c>aeY{TXECU2RXaTPnV+! zW@y7PK<^ta&?p(TU#6zg@7OIJRh}WC6QAOCgK1Pxkb${!M7a%|IP0)7a>s!5uC23CuvlD2MyKZsawCLbSoy zZ&{^TEwzATywqqf_v-+5;j;YCQN=#g+pY%13PL=rRlzxdX@Oc)nk({dc#4q3nH!-J z6%f&VC)vF?=AWxjA68Aqv|w`jchPY>;FfF^M#wX%rnP!OnTDvs)Z{4RnjmxoWMNUl z7zoT0IT{;p{hda07Hm;Tz6E^m=0>2*i^5Ex*Q#gL^eWEglJ$4?>b9 z_vjRCwE2%)V5OyzwV06j3S(1LHGn!YJ%zdeGr-kE-t<3}tXPcpWh$8L4UryVM^14aIh(V6^B%_9H|dry z_OVyYTQ}b3n1NjKuLnEi9mZru6U_@-rXrQ8r3 zd@4_3*d0keeRd!l%a5oz>)r4yNVpU3(qr9sYWX%jZBmdhwjV@p$uBc?-xmLDkztlHaj1JJkbz*%wE{EOH=3vV@z|4;;iw-!_#@1Sy{cLTq*bF zYILlVgho)syshu~Ryfes7V*Ai29fYP^^0)kP=20Y1S>r6#kgEwzlJxC&WR61bGYd;SnLLjULQbpJe|`D_J{{ zJVI0ZH>Q9T)D48iu68y`7?HQ}?r_wFV$>EzuK#UQuaM_12*jD1x-=16l>SObr2ztP z-Y80@;##>V_#esd-%!8t(0*w^`0(o>9lzI=MD+aq5DQ*(=UKcOW9L~K(=PdN3be#W z1phv8|0(sY{y%~zz8O&eaqy_o-@)@Zd0Hq~wh-t=1gmyE&I7I6d%!;By@1OPHAYzm z{+sPB1BG_F+4mLHXqR1$vn1~i;&B_y6tM%Nz;(DGV#8rQNU*#R)Bt5Q#%-C69>rC} zG>}YySt3ZLKxIp&2Tcfu#GE%qC_yhKFRo|0(&4j}jo-(Le;egg3l~+4NR2o7%(vO? z^w~U244S6ewjv@xeBHepOT~Y4YupnWN1AJn&`9lR1&P4%-J@>w>a{Cy92E$WwRlg`tM9Smum|^**u-&PBy)RY!Oz z@KXzYKGn+fdqC@5ByDWBSS@acFK!f`pP^)@685O0av!_xhb&+XX_SYrSE)BHvus)w#nvjkBP6!YvRr<3AP57s*Ed5V;!Jt% zhk*R#A@>Z}HP9A4dc04cJ^`OtqT;CEq{Zx&yKm6}?TA|+k7O&cWagp)LzOEvn4)$7 zAXXBc5?~o90{A(8iWgC4Oes#t3OaBz;U6;ik*c5@i~V{&dTIK^6ll^~0q~<~AmSQ46IU@%RQElP}X(io@sGkHgl1=cwlGWj}Un`;6P5Q^^-6kW;lF z5GBD>Trlp^Tj*maUpfnaT2WO+S(u0ozj8gpgPuSF{eN~_uoaq zPhI(l{&fVB+l}#>e#ZP1JqS?O-=^0wG_-MF*`LZQpZ||eQRw2l4`XUvzOAZ~_&R{W z9>F7>pX%;4UYos!gEodla`%U1O=x;dK+JGV*f%Y9*dj$f^af^`k=}&C`dJkMTykNB z%zBjM{H5%I^JNJ;p^6L)pz+U+JRLwQyswGIl9YWsz;y&3YBN6=#f+fx#as4aHUQt_~pVI6C9TXyyh{k1oEkU3idpp&D zQ6bf4LJId4o`{MYiA7uH05Zc5PZ#&z!)P-ip5hw}2PVa!V2!}F39H>a66mmDhar@M7PV-;p&>XNU7LmmZizB&VNm05>$+moYUTXliJP~tuP|yG3d&+3 zy>*k$XOd83t7%J&(_+0sTooC)685_FTifWE^;xGDz0L%TpnO2(e)Rw~r-nRB6yzr- zjlowPtyrh2sC?JTLsIGJ!n7J2?U*SHb*f>Inz8@lWBQ2f?KHKq^p}GhTEG%(oT-%; zM+gfQT*nRH4doN!WRQ%4NyHe)`q>_1&jOk>LBhUh^UpaRjwcYT7OY^m-~pY3u>ye<0GS2U$^v(LS@Sv* zm<%N`9KcR-O!SD`=Zk}v24z#rlF%6wNPnLD(sUFn4J^7vn-dLhSG$Sa&0|e2odi&` zgG7kcMMBBeG5h&(g7T=NzBlJssb-ZH^Ini%nV#Ewx?%V@ry%kga<#(xStx`eAAp)< zm?hi!zsJe2^+KJj?xb$b(;tMhFw>@B_#h_ZDIN$Lq71YjzvsxqiLx6x^h=uYuT#rr zPDq!|0)ji>?ate}wXVCh%^$ch-#2bMn8u7!7u>p7Vg$OGk2ULW(Wi{}B%Wcxw4E;`9_JPhm!F`}w zRCV39*|zKP{18y}RP1f;Y&Pp1W_Y9+2oV#GG%?XRnpf;7)2ivYX}G;qIhig){@aRK z+ygXCkk|4F$L4SN4(KCEZ@%wYV%A=WWzGGow<%o{q0V#Ce~7Z!Zhx6R1WMkNaRgKu z+GTb$mbx+X1f1Rz^_VfJU_Z092CFnM&oS{L%MVw48`xHebbz8J;%W(3zVxUvEqegW zkP&O31j^tcw=n*RL4;ewmyl_AF&G^X5*UVgnvaAulg0m{Uz{w^C0ra<$A2QHPUNEz zRPzI;g}M3e98-1s;~`UYbo3y>)J-}eO(I8wPQ$XT*01Fg7a+hPp4eMCJoIW(x5Z=mp&?%Bf~usGo7^`dJ|ri-0Nz~RhBmfp8_4Ydv+>G9NPt!Zb1TD3UD!O z+`W*W1M2qVy4{SDH_Td&V%aOPa6Z^f7D94{;n0cJkK-h=RpD4(9=Hf*@f9~W;~l(e zGngUWdaR%Tm9q5M@@q?GSsWc5TGXQko$_@Z0|Owzz40nqJ>kiURUEo~ATmWIY{UOv zxJ@nl-#pRu8*`%`gNO=i5YU6m3}6UTi3P$-he^ao|UBAF3Sy>9uJ0EZ6K z5Je#{bcAo{b+EGCV43^y47kE8v!*dT$#5hIZxR+QkCBNnfWI{8DQvu0*=>7FI_trh zna_sE495^rxTb{V@Cfw7;H~C=br=@?ApwkQ+M=V)o;phe!413$g z@A7zixr<%kq#BF>lJtto%2ensaI2rV{Wq`Ewr-%WUp9XTymtc!ZsJ&tHuIx_4yy1H ztoK9TRF>e-U?XCF97p0hw`A||B_-js==u5hv@6rAF}`E!KKGq+)Ek<~(pFZDSF2}d zjoTr8?90tyxIO&ZJLRsYGdV>fMm)Eu<`H6-dz7mdlYe^PoXgy11Jy0V&B9u5 z@r}A>`-sFxfVeuUZ7O%Dk^0zyW2$u4ikoO+50In)dt9U3xJkEiz7+@xf(Ab)TiI4+g{`I%R1(8_(sLeeI1PMfNET33e=QjKt%9bS=NKU0_f!5Rq zaAs2gXNzH;;x8m|J^ffi{-$5hOKLbHh7y*EV#y6O!|_z=1Tg!m-O#P@DC_w6K#E18 z%^&2p=<*^b*55Qzu1Ezp)E^rQb~NaawdG*AP^2?z$oi}hE%B3c)U2lV;5FvrD92x7RAySj|!FFsNQUDhJp*N5J7-G;ggnMD&CkYWn<8MwO|}RC{ef;*;d=!Wl_T&T$HP z68nY($E-!x$T<0hb!Orr@RygCJ zbHlg_yte>$%Tj4v=nmgH;KQVAj(jzq9Tg74ZY{L&g+eVu?A{FDMUvbxS4YzgOB;1rpe1snncf0 z)|F*b`q}>eols6Apd=2en@)a`zT}$R6Zo!@>7qFJo9iJgshLG^WnKSz^gp!(^)zB^ zlRsMQH{CQ8PMI$>AMTMn^+~@>_nVZvR0>W994IGKjU!2C+!&A-8Q}tz0fBn=&oY?c2tgedObNbTeFOc+2S5}CfLNIg+7KXBM|PCx5r4P6&uH*j*#nYQ%#uTr zc*J${ER85}d#`+H%*~5cm{Y%h|IWC3+5g9^R;#|GRYHX9Pml;*i*v$5YkZ;yldxx2 zAL=(z2BL0P{i&-#X=$v4fXG-hEu^+}osJD#p2dZQ%-F%_ULW9eH841ES*g@mwX)kn zftd3;nAUS((#bZ>YPY*hq+a=MHt~(lj2~nrCPt)cYWQ9DqNG*p`2hfa3^EZXstA8) zRLb9bedMqK=Q4Qs<$E*p3*$@aK}1Jj5U5NO({w{<0MY2k4(A>MQjz_{zs^4M+ph*U z$KO9k%AgP~p*Ta#qjW@UoJ8vLU-wEnph23bX$CDPzC*zO0&r*;8`pXtQio8#O;pp${g*kxFHwMn}Dge^E@ZbF5 z%(hA0yq>o9iJL%!*ZNA7@o1~W)J@WGMRg?`8;gx;%yg&^McS0RKu*spt^}uJhk>Z; z;oN+=X6JRurUwuh3GLSIr1N#2ez#EI#!6O!ZuNSTRed;mihIBOK{#h@*P6*DI&EJ= zG*f9|mD0E;s8}w5jJfLd<;~;erF=2h$LefOreM`hKNmp4)j5-~eo>Gr!=*rzroLcr zcJx3C+?#Ot(otwuv2{8Bc)-i5v8qF_!~kL+A8c)0diUye5LRX&v&5{0!ciG0z(F+T zV$IC66x%xkbvNtJBDy$wSE`<z^6&=Qkct(6ZS)R|KN(7ZY@rToxN!h#dQ?+r}rbfC@XEYQiex3{a5tK(O*R8>|lS~qBv zFQ0_1+b`0#Ek(6~lA&1Nj`#-C)$aJo%Rcr~%l`A#v{}UKx=g7S0vx$p^z47JUGLqw zMsunbh0g6z*bLyH4?jcgUeZc8^9ZlvC+~BQf5MnyL;9WIl9$T*)Z>Ter0Ebq5-f(o z?l&`f(fP%$yp^ux>or?17B=wEve1&yf3r&C2eZKPXtZQtfa%6GFV?rt-^?QFSl;rg zIzt>VnNIwrnv_)H^u^YN*^oXaMy)tGci-}a*F^alvfw(_X`lLHRm#4Wz2WAZ-^-FJ z!#mEedICwYu3C654JQ68y#^KfI-~`W%rSqy z9d+-6_x#_wgHr$l{&+S_>vax>`g%6OjD;#O$-M(;M=Li)O*Qe_QWi-g2V-!^)Z;W- z?8?Yrgye~iE}*hJS8MeDRqcN%GwB8^bMcKc&iOH^>8l#50N#Ara-i`CSmi0iu-v2Lh<|E5$`~Nl6oI`t*OKLX&vjHkb-P;UFe$46cm!e96CEQ5c?axNWq z3kMaUX*Gu8Z&O+cS^nR0E)b|vx8dJ7+Y3!+D9P})M+sT6R%?x6@e;U)|Al{AoWep&Suuu43q#!`zwBILyrAo zRUi)C9r}m<9bzhN)5Iu|w$I!;mkD zcmu*K8A?RPzdxsg{;OmqP#d*e{JcJv6!XY2)EA!Cq`79Y{b7o4*?S z`c4oi^oPknmksZ@u*VvI@x?t&IJ_==qx$3|Zj>`vcQ0vU!NC04`bJ4uE+@B>$?oSd z|7wpVq0I)h`p+clHMfdSU3W;s1W+!7&?A9vU~09*Y2-U>B8OvQ0tZi^m#gdU1n*P_ zFjf2+ceT)9YM0~WTx?DUg`#!+6u^A#@9%fMR62-yJU8#R4F0P0H_A};nnKJ%MV2I& zcvn6>i*MuY&YRsA`g!r9K*|31w90YXg;^D~DLfi6`>$B>c z%WyG;e~*`WfjA0#pf)`JLoqvT7D`zj)<=?|V?HIJ$G=UTH!O>;q4h1_%Vx_P?pEl< z703Qcu5tOB@1f<}$c4CC_(c;dtq6)R{rq#kO1$mvsqlB-2tC>6G5VX-zL3>@m_}sO zAP7|WRUaSZvspK3A~|SP#Px=jLwzG{>gaf3__}MDnwFNK;=nMBdK;PmvaPSZ$id(6 zvhmwmS(0&Q6Heql8 zpW<=Ig)R@0FHVZ zAXPY7=>^O%%I9fKL9<`U8K{wQAw1=yH*5N{vx`b-zfVNm#tE8Vt>hd@?Gx9R{gQgB zlH&a%g4w)h;|U#HJzHZpoxfM(g|VTEe}n&|MwZZ%_&f*A-qtR!@yS1%_K6cR3B%h0ht zxF*X*?h($_vUG~lfsQoyo5^|8cK5!vqbf-!{J3UwUDXqFF zW`}JmgN$|mx^#bkeGSZqtcwbB35)O;5E5SKY08YeG=JBn#O6I+9hVOY3QeH@MhJht zHgm`}IS!95!cL!gSM~o|fM8N&j2PU@ur-3sKMqRTYI6Z$;;>^O?Ypi54=X8k4(e#h zSUIubq-)>mvJ4glha`eHc>3X0}_)g)km%EksnK76t<`P`W5P%zNH(y^h) z)*WU)v#IpF%G#hU%XRR*X*0h7ZIZ&jMD}Ia8Smy8!hYsM$8v3bpFz{UDo2clntKNH zJVr)FmX|X+ywAw;vYAtuN}Mvpzc$V}r`kL_&ebeoL!4CW*&Uv~tUX0Ibz8We8wEEP zDU|&0d~WWh_=Yta`B6(3Da$ojPXcdz@3HQfRx=&V=3x?s%7WxKF(xhyb}U{;I9d8~ zha7;-PcOGK0onV9zLS8KC4p^OYj*ymFs4MAnwmb{odMZ4F#P}TZ>%=xa68dyXf>#w zk6d0*SzK65qW%oESjOX>ZuE*q89ILivr_8l>npgJv~||=s7SD;kr9@S10?;)(+y!k zK^_qil`@acvz98J!Q0jEkyA}VyojZG7JVDl*HADo_dt`#;r*mkpee>NDN@J?IpYRD zyD>-_R-Pb1yozUgc3*R{Q{PU?+(|9~p(o%S`l@%wm2KN`$d6<$pt``S>87A03fP5q z7#Qm5wL3jrK0iOtTsi^6%sQ)1@(nsDeZL&Db+3naiPvB;=oZn9W^}Owetw9p*09kw z`NSwgMwYh(2)h7q*X%6U&W$vqNQ*FZ?|6M1?zC1Yx zR`w8Ov^wMGR2};UfmXp@bl+M5f#>P1uTL1wZ^5sDYj3@`_~G-@?^FN$Z2hAmSMuLB zU`r~78kx2fA)$>!gDhn6u6M#3il-WL5CCII7MqfO}PxS_NG9IHZid(qKjk%l8P z)T4K3(A9oDyST6~v{u&lb+fvkpB9?&wJafKy4{&Zcywju@M=mFp!Bx2)zvjLxbBXz zovpPv1IAN@^o>nT(S<`(JZhP2QCW>3#8`E{3a*BSBO*RMIj^6>jhXLG=Z8PJKMvic-lNNX{;##6Vg2lGwNj&KSxZ|R z;Nj_OYj?UFw4mU#CjYG6;CG!Imtel)h28$1^|69mg4{iCKLdmI&X>IWO~B2)bIN=0 z$ET3OW=5WZf^e2ZY89{C0QO*E?)9tNna;2A`j^{is$F z+UT;az1x|`oUuFsvcY7wHUMjXZgD;W*p!A^TIU-!>Xhm8UInTR1Z3HHiuZ)@%tay5 zR?>DP7U69j#iB-mdg^7Wg~!@nB~Q(m|3TyEg^Rd2f1y7%&$|2CWHyIK40@7@%=bP%T@5jp0ZZxP|>Zjmd-+cS*_$&lfMEFjJ_Mh*@|joLsKB`#B>L zLpyC&doiyUf^ZEK^j^mFV}5ocf;N!L%(q5lH+K2|RffH$(P!jzM#x8s?X2pt?{ z=IJtynl%j#{9Z~@!pITYl_BGj=6E?q2ZK4;eCt zhShEWIGMgyI^eyktEVSFTl`0kQ_y(+(U?43B~_BPd{H7?q9Os9X(U*IWc>GocfaFG zap>u*x_tX$Km6I_yNN>ZN75LMnJ6I^+D zSpd}t6t>Ri!7PW9)8okrHj~y6O~LUbNS*8@fH(EOr1QT7`u>2AU9s$pb(5SKp#;TF zZ0q4XD1ZP3OVbIzkJ2`t9qAQrc5>UUJF|&etVbml@M@Sx=W)1=v(u0#4nd zN|AId+{|BKwRfLk6iP_(%7B+8nhx7bm!9R|*6K$$R(^9nbTde*N|c5sDcsa~{&-{~ zcXdwTHGTdg8g6&>i5g}Z*n|^%FQ+);R_qI&n`2S3jOIf#o@nKYz_DvH#_S@O;J%;2wOaI6UW%kuFV!aF0-ns;( z(+{YSzh|pDCy*gQ;im7T`ZcF2qBRmr@h%u$hI0_2JkQ2b&01aYP6~ax_2rIQQ-Ge* zq5a|!;G%5JVbM2Wo7BtRdClNtnvvB)Wc%Rwye&>r(hPO(=sg5@5+e3eE8+l%xZuT+1OW-a{K7?baX=Ti+o*pNc*%)UFy6CwJLen5ANf~ z9h0#RH_wyMt1EQ&T2qQEtlmV(L zj!5XUii8uPtIPEwZbLSh8H{izX9ZO(-7^$Dhp6N^O4rfMt-#sJxVY)E13Id4f4-^Z zT~epGwxAH6BRMBqGGJmA11ddPrUOMf=xOl)-)ALkEbOm}Ik0~OMZKK;{QMHk3l#@G z)1rR-+0^ue?|(sNzt(&@gCI$#m;Q`L@0{)GIPT(e$KtSbX;fgA0dBl_C+ zb~xnF6&ndk75g&z!(@N5vN4O{BYmjMDGRf{E*f{2CAuX0cSv=%uE);6RoBa5U3IL^vxaGn0DPLsC0~5YR zo>@MeZpjduV_(rax<4<`4_&xN#w$^F@>r3hUI)0x#NkOvsP7a@0D?O%^}(H|XgWhZ z*ZAL#mG1KNxwPBXP9X#i7JVhXa$k`L$tNqBSpZRA?E4Am!OrDCQ)A;R(57bli6u#| zKH$szcFhv7Ck!{l8(;AJYuZQR(GpfC*A@G2VT|p0+S_4jR55lnkXsbnS?2qGdS`+7F!FP)X#dC4IYmeIJ#9F4 zCbn(cww+8ev2EMwU?!f}w%M^cu|2UScJlS_;{UDHH{BO!ojzw*?W)>U&+GSbJCBHS z1jMFly4R$-av{&%E!q;Vz7#V&yj3;&Vp0&nSjln5YnZ4tSCkf#BV%G6Le23?IWT9* zK21&zVMO4(Grv3{cG|?dc#1?4>mwZ`jRzLkP1jUXL8~LE&iJK{X=DCEy*v)Oi|qvg zN}#x_O(}f4p;;8 zi@>{)k~SmZ6^A%|h}-s=)JEpw#YeE)RQaEn8o;VGR=t>75|RR_ILydRW%}VXk@;|H z@|4BR{gtlxua7#B_p@bVOnfRbXeqLpAqj$g|6*MD2A8c0%@|Fv>!4>7HS=nE2AN}C zD{amMdj2#~4P{$D1+H}pXGywB0Ey|U|`oN~c=S9J#w@8`-R zY58@fGzPO&>_|;YqwEsqBcWpspCF;m(T4`jTAJc{!a~+Q0Nn(k5p|*a;qA6JTqMmE z&yqIeG%N_oIRXWJQR;m?%~3OQ_H`2!@I03);5=?7UZ$s}6H2N{J2k`D8gxGq;Wk-; zs~7cqJ@*v$v_BArDIu}+U-@N_{+b55bPG`(xd&(WX+rqXSOBz=am zI5U<&gFkoxmb60^^9cSN~;~_G_kbZlP;ci zd@c_a5RsW6a7PHSThbRFFcPuuU<_%fqFJ)9RRUCk+ zm7QIXlNT?(+Q-tP|48S|r)clE|EP0!hm$ct|A%uNZ8< zT%0xnZcnZB(0+0EY@zU{eT_@VgA~z}lFS#+f&MOsmpCif8*sz4l>={UlljCP6_=+| z$k(X_DJl+`^ZhhyQ*Rg<`OMmwYbNf|G7Tr$T&!!jd+dE)s`4Je@v*dj}S_f?3Rw5)v zmu=bMC+M^FsnrWeOHhDwA;)HuOcZI9ZQMLz^tP68&dpttj&XB3b=kAuUt zF?&~xtG2`)`S$i|W|q-E8-x%kncHpf{VTx}$=5YMH(a4gQ&_TOi%3d`c*U>Tujllj zhr3=ntJy|!o-{fdz55|!424;62O2nEC2Si+h@f66AQh5ydn>NW!++zm% z{^{0atY~ip3`L&8bi`2!R!TW0A-KhDo7(nE0m?Q1{yi-17yvk;Z-}y2xF%5Lv2{Jp zto`Fb1fR@}R9hTU#Kn^uMlFEB6y>JAtPVbs{4^I_@wj+%J|a-semQ9s_}TH+Y>g=q z2a%E~fjX_=ip25y*m+u78lKEUt@f68oa@KJQOH(#Ji&;rQY7yXVcw_$gBY_&F$ z0c@lFH2A=Yqvd6*ydW1pv*ZI;-m-HmdHE!2>AM+~#ttWlOsv)v7n^%d!3ho1biqtm zii5OZd?n4M=qetb>M>dVV_n<72nzXpB5kZ=0OhtY*JOD~+odpkYhl7{x!^g|a8e~l zr@i#N?aoFQR9+JC`$}ZusmbXVOGDhZi2HW_MJ;l&KpY#`Z-vDBu_V zaWR%`QF!4h(7p6wTcFA+eb;1e${H)^%|5@Prj=%#oDz&uXpej-I7Lx1`*$BUqdo#q zf!#nBADQN|Igy{Un_soU)+V#r(33koo>Uv64^Q14x&$);)L$^7{1#U7$0!(wN0qqp zZ&D^#7#?Y*g`RtoLK=hYD36biyvYeM7U@hQt~!4#gPvrO5RDvcjh2$X(Z;e3HI8Ac z<4)SL8AW_i_4{{eNrqm$bJiE65=)TW271!5R2q&CTxIPdb@^(KA}O~XcWkQJ7$xVH zmM#f{T0eY=V$Bs%-d|$l2Q^_*3Odf%5!)L>2AG4$#c3lwVi?ArR281_J3PmyXvPk^(rP1Lp+B8$jJ}tf_aJ`>+rLv(3@6lF8* z#o?(nl3(R->t4Tis6XVwva6(uV+L>__nbBrT)^mIc*qYGDV@7Sz;X&@6syvE$fHH$ z4mYbll0mu^{lX-JC=?eXJdf4%yAs3_-jL+_-{F)75*+Z&*<|?#It&SmUM}iw zoPTXRjX#BfK7Mat>tx;OjEA40y#YM|cZ#kIzWSc02KLR7r;f{)YwD7=vf$t!YHj#c zB!dN0h}S#krF>P<@KEN2JoGtZEdh8L>s25UaQi3FSv zKWM{>F($Ab71y$FEAb8kZGY=+9Oz`wp_CxtQ!2s5FyH$Lw8`WJIO^0z>3f;Gl})cg z<28aD8zzh_CU|yiOeO<4#_?bQ9s-631G)(oxh4aKP)Rl;oid@`iy0riyxMqdJsWN7 zl4&%l6j8xa{!wwwvvDhNDV9o@H=TGR0C5-^dF8 zq-9oQdb`NgoGSPrb$LyK&u4t=*d1GH0@TNGs95&tV;XQv%#rys8}r}iv80|`%cAJr zUa1H*GY8Q105pZv6JS@CpOp^gR8;F&SH`oP<%Q21%~_~*GS6D<17~*{e;1$ivAR7w z|6%IW_aNRWhF)~moZ)Cz*5p?j^d$HWLE0C3uve9S9Q0J9kOM{Bfd8#3xqdxYw>M0! zSw09ejs46S^QjHCt#`fa*5$gY?)}OzQ=g-+3h;}5j+PvTMx8%Ob@D|Lt6UNuICi;u zYqNfvCa(&^g#ccZLiOcGWsr>5Iv=WM*$@mLi#eAu5a&!y1@C#dvcnV+J7>=5t8Cp- znqNttiGbSw%kQQn(^uY&l(WHgQxgM@Lh0=OCS!J~XVxffd|w5tIc1S;Guy=a7mX8H zmuEc4fg2vr<#$C5K8f_cyi5m*v{q~l9nO49-|UY#s=*4P*vl>dd-84n{ZlpU#{X@k zw73T$3r``2*P@W?}l;Ps!Bn7)NVcrw-{b(tjNiaIM+Q8*QT zNh}H8F?QtmVd;4#s*)FSTf&uh$;#4OIZ`*l6{-U|-XiD-UQQ^7e zoeT=0a8-24V;^G1N;j}uC%_n6$zdfzy0Xl*pEzBo6qJ6vRvJ0vHuO2okLoWw+E+Z)B{n{q&28roCL{} zdAR%zh991`JN`VtMO66G(RABYU5>j8GCjyaktX5(*@!g?YI*o{0ui@Y`?V>|V=CLj z-JwidZm2PJ90PR1VzkIg=jSWdqdG<)CmA_2I{B{4Yz4F(Clx&pN4mOX3QSup)NEc; zF>jczwY$bm_vgu@D5>G0ELA;Xp3buU+oEW?iA{4szCT|a%C_O?v`I6~ z&566!9Xx3e2aB1n?wexdKtD`J?y%r*?AfPanT(&8K}ZclG3>ln{x+El_ldEKofdgM zJ-0&+mI^oj2R~H+li4Cvz)k#4tEc<=(I0i~^!dSJ;bzt|W*t$Pd55PtroPxfS=*vs zt!Li~$qd1!Jak~-&i)IR&ooz_TF}9xbkmYOXJ*y8)q-asJtplO zk|L4-bIY&G;|RVwj%?eOB^bpFj%$8v^l8Z@O#=?BGERwRU0hSHML9Z}Vy5qj?SC9I zlVxMs!qpc0{xY*p(!B72dx+G7qI9Z8IX;F8^+-x-z;DXI^4^z=kuM^ma+|$SxbC%(d0Y!ZZW-Fh?xtzPLkqHCdsr&WMtAZSY z8~d5mXij;2Xc#r|arV+1;&EDqquyJJtRzGSpQlug-n%0~c;x=ru@ZG^-ki1(-(^+g-t3pE&gL*la=>3(Idb=h2$Q_M~#tj>X;5+ zZF*CZ^5rl7fw!jdvL-6Ul=-ZI$~@tCzDRp#z-rFHyZ^jNl4Kbcm5{Ww6|d%aIe2tK zJuW$(T+sZ!GjR3a)S^7~7t5&Hk@t{fHbDe$kfYDT{7VGKRoyQ5`gL0LxS@Z zS!iR{@S~bipZT6?Og63U!0m0Y`?3-7vcJ&K$m#6m@4)onT#MnV47<1&CHk<`jctGG z#aS5&oz9)f;_be3bL7d(@Z)u_n@fK`PDB(vDsIVsHE+y7v1j2ran~>2Qd!*Orx@rM zw6(omo}jLq$*)bmO%(}MR$D1q$s$-kR2$HzLRJ5OJK`RCqEvW$F1J9QCk)UIp4p<@>XDp~D31t7 z95g0L$})-+J;kHqn!49+UXn>>yIERV`Xq>Vey2@pzB_AFNh%mCi=vJmi0O<4AEUgF z8Sta|&I&amtD!ER`=X~5{fh3bO=yRZW9|<_eWDUm{C+I1)_1=>De>Au)Nx zb11pl{vAzKrC7$Fro}5YPzdccR!Sv`4=)$Gw?Yya@UYxJhF_>`jr`cPs`t1N8`u={ zBkGsQ)t@6T>3D0C1_J%s>vk3L&JHx3wkSk4$2zY&?e64#nA0rl+)L(*N1pLws(2(D z6t{p39W?+!71S05EG8ZzB3u(!R;0t1#M_I+bHOE6BAN3lqhiRbMOStH;_}{Q^-(dAuxHojItGQ!DCG)4AWa*+* zh6cGfktuYLI=t$mc;{s3Rt8Go_E={LDXLjxQRj*~I{bL)3eu+7wGLA$X>pS?W6)

(g#(V)8`GgZWy*n$5*W zq~`^-lKte)Bd94mH=ED0pm&ut!=B9rR#WY8Qo2k#M5m9>S%Vpt&(Dv!PuiHGl2*TK zne@+xpu0!$b&0^q2GrkVKG!uKGUpa~pO3z3k`bIE6O;b8ymx;ESg!voqB$L=VT4dUB7tQ`CglNJtR%O3;@H@3LYl=6J2?xYeI?%dc zeX8=fu+e`w5_7g+8X(ORM;s|T<-2&hs4X@M&f;f1OZ=}F!0~Rg)L^QCbzd;QyQ_if z_qUveO&wIQnqu!8^|z;>r`zmMQA%3$MG%)?b=GR>@$aGEzG60bn3(5b@_FyORAW~j z6u%LZ?@u;5pJLY+2V0tKy1OxR7=b1CltWmaZ=I3u%5%mo#jsV2FL21t9T5^6TdP(F z-T16@E74-6^e)U68adK18UVK$tq3#<@Z|YAI?7Z`-pT>I#e6&u+_^_&r=p>%a!4|I zPW%G$nF>{LI7_J{N-}lHY=EdHp{_&Qv2x_@uQ*LL89bgBPykTQpjZ~Ce>yRlu5H-O zsjfa;F^@WK+|cmH(C;HcfQRStv98U%xo7hg=*3bqGyLv6+CS2D(tzvG^E$9ez)};? z($T^(wugW44%t*-b2%-w+CLJp57%n%E zFGjo5hs29^W;`&D;Zt23LKc32N<`ul z9O?&8U?qi!g6?_t<+<_o>=9VqA&!@hd5V{o$g$(jig_whgE4Dj3tBzrE6bTtSNjWU zJDz2aP)IIbxZ=*VA#rRH>EwWu0EpVLC9hk43y|s~<*0IiGNAa;;Z0oAY>b*HIH^er zAjhVVFth1tYObeP!I(`QHus>TlisKgsU(=Cm8tWgvC00CrGG+vg&Zlfl$zI#JCqDl zYF8C<1bIJ54_)-@?3JNs_fqm;T*{&SRsth~q-^t`^Xa<6!E=_qz z^L?BIa#SbK2#T^+vY7CUgv5@9Z>E2)RCBy$V)_^-8$G*-;`(WKUtiajnkJR^z+h3~ zf??MQJ(8D~b@JBh)4B0&sycc-+&Cw`PnSOR>|BRspL>Ed!$56(ApJ2jv!Wdm_bxXJ zC*Vmlc3Rr^Nh<-H{a2}BGc|n&4Mn|{CU^ibNOad)dH}?fq~V09{05`uF;fAconNGi z0pL;r(hw_P$}6Fo=#{DoW?Pm-@3Q2HL*dDyZIN)Lur)DciaM(o2${Vahu!NUdcG4D z0C85Xkk+BIYAiWC+I}#S|5$WnxxT`g+%m79Uq65SVId;QasCK!9MMjqyfj}OVseVA zEJ~~9yd}bklvm*mp$khlwP+v`4_p<9<1Ei)i!3~i9p-yFt2*9!1Fi(Q`#8=K@qYtX z;Z2jL9Zj^%z1O5KIwOYz!{im9fWaPwytnDLrfr23uVaxaJLjNJ;K zoL06Z&-!d^yqX!wjCvVz3#K~;ye<>LjWmb5z@^*yc~QTyQ&8`mwfA*6k`%Tp7aA5C zR#W$w+Z}UKLNR~k2v`XlW`&zu6@yJuB>;;|4aW@0XWM~GB9Y|cl5xu8`*ibIWQEtV z?64^aCJYdVf-1_;vXzvMeJJp46*{x_r}!zm{j-Tjnt=E|5>}{p^;@>Rp+>Ow`dI9s zKd))C=sB{?hZ^&?!k%tr%RFf?Zz0>%x5jGLneh2n5iw9ACCGM^GMwsKCMu}Ce4Je6 z#|{TU6D|WeKi%+)ywap^SfGf52gbn-(Z>1GRK%KEIqr(}ZZ7iju|CU@s*yz-s+#cc z`P+vy{hF!Us#0Xkp$}O<(`ESGN)t}ope?l$IH5TGM-$>ZC_=dIi`1$0@8Q9Hkcs%+ zy72OldUc1RliStp?Fn4FS=<#xr6(6hD42^WUoxX^5wb~xNyc?KKiXY*YVa7>bGV=*`T;oW8{)6e5U=L=vjy~DxPTA zH$7N=sr4al-^Ot{w3vRI(X3m}fffdKad>q;jW$GQ%IB+;NIns$m^9U~e5U%V99GT! zdjpzy9K>H`iA09=3fG9#QW?_cxeGe_d@w=Gpejqn#R6cK|%obmrL*bc8e#ivi zZDvHlmV3f)#i`5*ILE)S&J@Y54WTX`W%B%x^O@s7RYb+pHZW>*)%`g@CCC0920K5I zIp5DurnkMPjVIdqRPsdm`NxvZf4)fLBB{xYiVQocIGwr915|btA>`v{qmy2Zax5WI zus2K+6Lj-y@0`R+e5qbREQ(M&HqCq%oJBz_u4o}Birhp?0E3x&h;0Iz^sEvw6@R1= z^H0Xdn;2|Q&1^Cn^7dtjYy8}7IN=23bq7A8Y}=GrfBYTR@m2d4B^K&Lb6MiZzazdr zmUBhM%T7lB;tmb%yqNT(u+*;Z68=_*$!EFk2{tbXyEb5MCNhTMoZJ;3XUFU5F3Eh1 zTJ4X#dXc4K67BFKEs9hlDP~j7=H-G6%Y7n#FuC@|jk+f)DK$HL15#APoZ_OCgEig) zG&!*-s172`3@MWcDnr2^pyV45K+N!%M8aV~3qt=Z#+w@ADo^X@z$ZE(`M+xQ z_^mq6bj&FCK1ZQAb-Q*v93d*qye3eHv2wS4OE&sEI-)UhM7f2@iNb{|SZqmHx6Sua zFEJYt)6(o;nQi-e9<};jqa+nB|V4QyXW@EgAM^kiO<%1?}t<`n4j z-47o&p1G{$j&dLgKthX0nha}i7C}Ge%OjrZa2O4MMDz-@au00k^+Zhr=}K;zEdJUb z$hf-xxKAzN9%5bjP7mb+MbS;_65MZXSv&7m`-sH5l~JdF*CM30S8uAvf?&V7-s{Ol zc;&+eP^M=`ael0_*MYMFnis-JVp)R|gOJXJzwiPyxxmz*5HyYkc#q~VL&HnZyOh6w zW5)h|ODF+SndPgTpFNu$ zu3L?QT38->Q=lR9hu#mGP4B1SV^EW)7Y^=S&emR?aL3E!j^pMkGB`4k0B1>p*ngXV zBkW%^|D$XG7S7Sl?9LCBoX^_@Ad3^qqqL1>to~lA_FONKjGiJ2Z@NOVYUgl4wL{bi z;8$bNTEMScGZL9^Z1n;|86R^7EMAja&F4@2?U$@$e{fgNmQNzKE;hlecEQFMr4bzh zj$4imJ2vG+n+Q3fH8dw1Eeh13!s|G#%hsn3x{6xYbE|iCh_?e-HoFs@9Ezom&~YN5 zHX&K2Rp_d%Vlqm;JCdUN#s#B66*`wUwwFV&+@nLO(OZzxc`RwPq$-=$q&A!KsqGYzD!vn1jW2jch$WV!}ZyvW*vrgR8&X3y3tBLJXCvp6QE!{`(fgy5 zaL>ayhz`#k1sph5Zo7k71=EmWBbyXbA)`x-&$)=pL?*ZkGl%aHs$cH6WT4pGW zG_J{b1}baxTq8mY{~h`1?f+;yI0mxFAXXPDR4V@5hB>s$OtLo0NFQr*G!)**rCMm3 z)+?zV&q%8rk~=W|Bl6tnWMq^+G)m5!IJ77R245^y1lGd`aP=tiI-hYogChIZWE{v` zSy>s!@aXj-=kVY1ljMM4Wz(v5ADA_?`yqVyUWL=u`)+(UST&dvg0$)`i|=krEswG8 zJxI#F6?^<@Qjy25=uFmJ`_WLvczq2`KLvQEFzVn;a71PZ((oK*2Wq-%o0VFh(BC2o#3fP z4uI~W;mKLGAxWa=6_uHV+{~D^QEmOHpRtmD zG&EGbQo;EMPd*=8A{{B##5kXm^m|@2zMV4Z(M^mTu}YC@lg zN*<^MvTWyCqFSuoRT=>yTAM;+9`3&DX3F@FJyKg%XVW%q8orQ|faKJlwb2*-;o<4} z)}K;tbicb+^PDi9db}UYMEKJoqC>J{lm?uTTDoPNt7}?E5iAmlRM&8xFyjFBRtk}C zN;>nU<<5e$x8-lnuCFs)VDw2cYiC%4jFj5k%gF3&c$M|+*N4B^9Sz_}$upx?V+(!Y z1fr1Xrf4ykaH2)!3gGmFDT=UDRITR`*%&0HN_xO-1%yO51M(xn^$;S(G z-$Aa%{ z!zBt1?GPt*coX+SypnX_(qfeeT8of@Tbsd`oEv_eW|7+`<$)ZX^#;l1ss7K+=W}~W z0jd?174kFzmL)nZHX5BWr54do0O+`^4YEL8?jyy$PCRW8GzMH;9h-JuCSO1Y$FQ<> z<}(G_@?N$m$Z6V>=}}EoC0FYUP8p7~&h4DK@6H&$u33cN|4v+9h6&mVsFJ6GroUJ` zis}C>@5wiEMF~_8!I`FX80v10&t63+@L?CgQ?l%rZvmWoK!}OM+JVJTMJ`Iaj{Wsq z=^?&t0$S+)*ug-;`+zCUecZuLys3yfdy7~0Vt5m-K_db;aX_5&7xp@&7qld#!Z8K|uCq{fvGjDl@?^QEz7DhD6>w9&8-8nhVo@DwO@{u8*U<7(sAH~CGDDL7Q||SH{U-Q`bkLZ_ zqL{zY!3t%U-ajM9x%d)TPezZqTQWvW8$or$#AAXZ(+m+S)C|F+mjV3lMpT%@R7i;0)CFHl zf;3atU`LB46|J$RT9^BSha-XPtUO)V4^Nxj*t+E=-rQQo83Abz0i*XYGAVU;_MS$1 zhKZB)h@QX(;$Mui6MrL9hRIUd&UPMuQw?MiM^c}Gtxt2Q3ppB0h~bF8mzT{ZiyPI@ zgtj_`0e6C3iqP7#koy=GnKn%kAbH*qrV!iQjuEVERo> zjxf2f`j&%}`*v!FlSvFp|EmKZ75TY((0cf2L56g2p)k5zgo+^HVqK&(L?*??cYZjn z`~m*){@0kCT~C%?V8v8RiUaUlgQHApK1KSEYCB+}Jd-(x={aSt1HUeX4m>`N=C3OJ zHus0TVE{keDUj+xf83kgeS;8$)bD|!r!DyNn^SWNbww670*A<><%&}ju@ft zl;K3Rk|`Zv<5Wilo>)v0(>e^6XdiJ>HF2yL0 zVqul^?TYu)d2SK?ZWO8SFg>D?KJF$@e;OG8n_=p}<8Tq@h?#;GwKp`dVXEl!z@jM- zg;=A{robqIyhTJjy1Mt<870*8<~S=Rr08t~GTdtCHu-aSP+PnNt#%P5BlS@xw4^0EvMZ@qOH0OWsGuT7oQ0&hL zH8W#mkQ&Bf1*6Jww9uO|R8GDAWoiT;B|k2Xa4ao(H>)WzozHEfU&ZjYlR7XytL2@5d{VnwG= zj*|9Nw!QbJand!QZAd34gvyFmtBWKYRP4q}8c}1rqp_`IyNOv^Yw7R``o>(%3}bXz zXElETd@17_^@w?wk@!1Jge%}~PN3SeKecEeGr2J)5y1eW@M0*HjU}k)5o((L3j$1~ z8{wpSSarHaRI`%x^zaHJUHexL>C9hML61@TZ$RAma16B&2>HMuOs<@B@5b4*{CTT7 zb~%>!@eL=>EJGXf6nUls&wNl}aZ!F$ZZ1J9c9M>k%{!*zwU{EOO^3xu_vO+mE9k2~ zp2g|vVQ{k#`wgzb4vE~YvRo$;^CNwh<^80Dqw2>Tu8-ui8UM37$>n>vukU89B0)qd28>O1Xu&MDVi{k4;5$K8qJ*suT^=N1JGa z5e^rG7F0xWEolDSb50i3vNK6dn$G2FfxubYF$AgF-6|GCLlH0LpY_(2%39WH!LS1% zT;rL!5czruwTeed{K$Fq)ni(0M9H;~uAp})t1&Rl4t|TPQcbFEvlTvDH}3y5br^ez zQfL2pHdt5pW5+_aoK7j+-g)R^cYyqJS0>$%zil%GF0Cn}W$BS|Z%Pi?QX3&Udq6TI z<>Gh;oOe521YSk5Ofb?1o(kA6@#yH}fAjNe*yBi6cP$(NB_^fvr3wjw$< z`@R1$5ttCx>8^bus=kxq^cW2MC7=$$YvQ>MlRVRYRw*=J@ab2@b zp0t)O64;Jwc49J`fBKEDY8vPYyb_Z%QXv8>wb%9zeW_ZgWGSjstSItJzYZuLRf3OP zE+bsZa~-V+p^-JX2N8%A(@ZAWk-)>C62)bqhjioE^V)x5?ZA7jJQf#Cp)=FT4xq-$ zbq$rg-NKk^-VXQ}~l^iXDvL=2R z9r>%mz70v4_g+&5vK$wgg`q4`TQn~9!eIGCd7)VW$v=zI+XcW{E1dKl?~X1JR4k#k zU)AmbkP&TaDU{K5qvf`K+6_lMgdZ+unJ7Wa|Ge8V@yxc_zB*7DVik@}1=2Zjkolt> zX)#q(m8Vi0|NQnu?{$Fdk-58(owJ^Z=G13k3b7ooK@Jg>(j3Yk%1FgZWuvolm_=Hy zt|VKU<0_fXmc>gSCQ%1G4na)IrGu4pchOcXnP= zm-xakXn7$7p&`^l%Fq1Ua(s>0la+@>&h-x~9-Cq+Pg7I_1f$t&>hHvS?iawO*#z>{ z`4`Qzm7Y0`Pe=cX{k%2#!0Z`36%;pR|0n_Te81NY8^KLJREE!qL9fkyCZ_k$EWfmo zn@#XYk`kTt>)N==Uzvt9mN^_69ftWNt@WSxE^aKIO3hCaP)f(S8^Wp-TU1-ZOkD>M zidDP%9{%kal~MT`E9+@Q|4|5l!?!ups!WCDdvG}WxGx)>qrVE$93)`Zv)T)LJSl?> zQd&oAlJ!qBd=lVw`Y%ibC#LVUnAd@vUe6`Vr_1(0K+BBqTmtUX>93${KwrJ|5V|44 z`-T~Qi$%pyt6YaC4}3DlP9ce#O8OpyRN4H!#&t$f5)@0@gH5~0tA$b}I?3zzoOcQS z0DmhdxV!SNg~{AmI9q;^h^czuD6eVNaI1G|NB6*^E4$VG1Pi2mLdby-EhL){bpkbi z>R<_8Z)?~2rn$~~y@KaDuifil=~CvatJnx@%vpVp@{^?t-=!ny-~F)>+;U|O>a(t@ zX)W9Lg&mU5%+;{MKa6@N6c54069*@kn`fJYSFMG_HD%>U(AlL?I0BtwT+Lm7_DeK* zA4|5BTKPoYwv#Zn?KM46f(ntApv3smd|y%d`Im~M>8*1X_5F1P!bPdqaZktyU+;2_oiFtHY9yuF_(VdgD_Bb52R`6p0>{Yzb)06VgP|^{A@ImP zS}lT8GImaUX(#=4B>_F^-SYX zT`JEE3gLsJb^pFp1OeYw&U3`Jlkk z+s)eh3&%$d^DF^9H(Na@Rii5V;IA6({=2vJE!3GuQQ{KBY+~<>Qxun#561A+1bgGV zY9H{wmv?ys>WWSX@AbTF5_toCK;xIUHmQz){%o(iJ4Dbl=o^SL@>mx1x+C=Uen)OP zQmK3!0GS`RHZp?g&AxQ`^36!*>evE{%U+9!@8Lr;)e=hh?SA3wVdv|ure+$HDt&<_ ze#*Y6<-5;m(pxCt+1^1szvnxU=(uCqUGIBW(9^cxb!iKTK${v^h-p`1xj&{Qsdm&YLc+2DZTq*1NfxemI$86^q$cQb!Bzs6zJ{WMZx zIAfji1NgdO1iCR$KmF{s*XXF)kGDL(>lCK-rOGGfnoOp(MnIQ+eS?xcem9^xOiqx2S=vg>{H+@-_G6M6@|<9eNS8BcG(g9|knn0s@Zj<)vW!y~!Z7vT`@<>e)x zTPZsOg9fJ5ZZ@PuZ~(fz2-?wN*pY0JyZ35AIX)WH$Vq!lIvm+dJ1qh(V&N{D+Uvb6 z#=QZ>=Wt2iD@fD+ZX=ycCYb{2H>%`rWdvexgS(BY>aS9pZ6gMNy1srFNcK9ZhU$F# zdtQ#vDTqH5GH$+~ZIc;^HUMQb1lQ?TTTuyM8-XK(igO9?mWzi2Hx9)+NMRF)J4PZy z$~KGRJC3u7b0PY2nSmA;Bu%u#Po+#$m%fkYw%S}6K?Xl|92-|UE-GdUj&s<(lwH;z zq;Z*I(n8OmE#Y?IT6AL2KKuc7=Yx;*;e9FKW6Q`d#*t!g>N<( zLIsm@aXkPSYNG*hi{(d69LIx$38zw0VPRo!@=rjJRq$*&2WVTSNz*x34pPUlkwJm8 z68$5C0`mo+kHDD?;8EZrhK}(b#F>b*8bd{+0Z>Un%*+v5vd~~S38WA(2-0var4oFi zL4H|D2na%6$Qiz6mcO-k=5dg4p`>W=a5@>K^a#|eD-5V{Y$I`O@wRbne&zA0bRgm?k&K*JX>=?E2_75rwVFltC{@#?2JF~-CJHBKnmx}wOt0p2LrP( z(D1NLbQU%&l6R7)J|cuOyPBqT9sSM>Zv}xb5C(eRY%?DLv>zZ%)gNi13uVp=Kj`?> zCijAagHJgu84bI=jZS+qGc!v|kM8f0!cnOuW$Yy+Byw_yYHAz?B_xsBVcJj52_ z;^Fa8AErRMdwM)RJSZfYH$i7A!sILv;o@4`+n=4Cx$+W*qspZe6&4K+4w|p!mnFOi z^TaibELB#XwJvLq_!#GN2@4DJ(&E-D7ZuKpt?E<9x=*y0m9>E|2US%HT3BKIsQCE! zSXfx7#s!%$>Dl)GS+rEVntb#aZdEz&*8F^-O{P^KsZ&bdse7)FS8Hi0H51dNk*LiT zEksFXWe4uUpYr<)wpg;;DQ)Qrg@tI+lN{EUp~F{_rudZt>f_JTcdFKy3E=w?kI0{Q z#<|iiS}W7^ zMTJcgWksd$?cWLyr(Os44DD(I8$fHhOzYI)+c()#azD-AvWzLEA63fsci|VjKapTMm&4h_HITT;un&6|}sv1Ty&Y zv9VK*QWo8MRsjKpG~@$Ly_;vEnLT%lLs$V%LV6Y_kOFjvfn_osAC<-9#affqY(jj@ zjj*!_^nP1i)oD`&5P0x+JXuIcC_9X2O+V=J;l#sA=D6Wt^k9Eqm_OnbJ&kt=w?y+G zjy&#Oa>|9K0w+>^T8c{zmD1TRC%}I0lQ;cA{QFhjtdV7Q%pV$!Tya)$lmH{1 zp!_Km&fXI~ZWwqnHB?sAxDI6|(x3ml?esVHZe78mqv24H5wV~Ok2Q0uYF|JK?2pU( zP99z!5i*j$l}dX)KLHw8*S%k#4Q8VtO=e;_Ik|pZvp&$6`}s;83LG3Q0|N+nYUkj9 z3(A%i;?(iwFy%*GbEUz!99>=tpl6f zM-xyYqaqzUUyjD2;e@8az+hhA6y)WXtMwL^mavG34&C`dqTO8wVJH(QsbBx1M5b71 zS@Gj>M9e>$$`}|xzw9_|cSDn5qM?yZg0`!TJqj5Rh|pv5_HYMyH`CtEyPNF>^Eu-Y z_~!fSA^O|-8;x?dwRQOl?b1SH08wu)Jcv;~tEsJ=!A?acoXdW6z(P~IL7*>ND>IJ9 z3X@H~>zl?abD)FiqEc;8q*;`SltlBki5xUqS_m0e8ATGSbB{zm!Iz=xKkj7oju-=u zdytz3Gd69{F>t&L4j+qJ}eyrJS@BjG??(tuFmCJy(Zfw`k5DGp6&X3 z0)+#NeLr7c(9(SaVMgB%mwI7-Lw=rree{AHAQWkIA!Uq~)y)0lJtj6*z}MT(&!0c* zs%k#YjlMelj-!H}2d|;U6jfAuK~nG+kIiXEX}us3Z~ZpMtwvDhY_pJ*l!Ph{vMIae zYM;Fq91Fe9yBPr-7Cm%g;_aoS7LW5~WCCuGNIXGi>6*QmhHI(0g#{K4&R4+04(J-b zcS<~Z)!LOEsNzs#AQal{O7_p#SO$7}Kmx$V-p2o}rp?F*$j?r`|M_;EB@)!rZ>*{H za586BrCmcW;_bcl`oPD>mzbEi%~W_c|LtN&#OC%d2rh;b5h3+0$_y0Z2E8uiZ3i6Z zg>dUjnoD|0w*nSppQZzV0li;&UwU^(>+M7B0$1%t?d_|k4V+xuj@ylgApS?d;gZfY zI5^5Cs5!}eo-^L~>*C+W$^zU7D3&@rjDmrULTwl7Y`aA|dJ zxS~8gN=JR_&n&tj294EFfm5J{7@U2^$JhU|7Nm^*!`q(zGxyfl1MMz3!^mzKv1*q@R{d~JJYVy2X+Ib!Uc{t=kF(bE(5kv$;62FUv z_lg&=-R#p83!m9-AX9wJqvD%W(A!36H^c`eOi@EaMMF&uu(ehhMJR{YDy0AE z>UFy==p$>l&-i03gTr#wzE$MwWwy)fGLxH$1q6Mfr}v%7UUTaGc>Mf$tE{R*yo&{K z|7nTbkuG+6dpk-F0WWuMuGD6vIJPVx$RImC`@X==%Zv(ffaU-U3_gsBZ@*%ki-W_~ zTGJ9TGIEM-A!%rtIT<(e6)61}_L!_)fMpGMb)R_wWu(4Jj6yA8aFsEuyN zGi}>}lcr7Y_hljal~GZ( zU3&;&kPdMu=~9p`l`iQ{L1O5X7LXnUaR>qFMrufDP*ND_PD$wwDM`Qk`PO=8x%7uM zbLO0TU;B!^!F0fw{W&i$QZ=0xwM-IBm0(suF3+8b@8S5AR@SyO1l1xoft=NY|4qiI{ra}O zm28^9_lXPN}M-=yeUy1@^vtFc=__Bzsj{p>v1%vjys0b zYFaR&tE;Q0r?|Pf8C)?ibIe_=pZK%Lln849oA{f5SoKorDjpU{AvOH^@Odz&Mltr$ zLap0)u584wU%yr?Ey0$BFGX`t)H5XB97$OOlH$f;Z-d)%J%Wf4asNL4%E}6d-Kf@R z!@S?_O1Fy5a2B_P{fy8{Y$mdH1{M|;92}f;Pak3eqDGS_j+aolOcet@m@xjj*6tHp zPi>MT-$u6mY}%~Ne!MX3n&{CpPrHuLCqFtne-01>U=jEOr|?gzfbCP$<_SAN2XL6n zLfO07pBmTNfx5Oil(o>{;~E&)x~%hW4S=&uq{jj5QAKH~KsuIFJp&Fc;}?#;_V(aB z4g`r7MYKW!1KDy8?#S?D20kI-XO>>v!Cb9d%6Ic4^3+W(GsPDI-{cZY@E>apqyJdi zMwq|I78%Qw`-J=cT3)&f>gDB=-S);J$5o1=;5_CW%lev59T!uM3XUX2 zVwLMdip$Hro|$G9q$?^Ypyd>?Fh7?-nMv{ES#Ysa<}l(D5`@%bnF#+&&gMdH{QXxODabDli%*sE3LTpFK2>-CIKQ#624ls#7ezvbJzDT=)e;Vd5EDNVHT-Wf^i;(|^-E(# zMgQ&+9S8{pg|3#C+wabMrq_6kNC;?CxF{Xf)CR+U8KYA;peWQ;QN&Vfk^;5`AbX}w zJP6^clY(KRnmRf)0oUhgY19Z!OUo6#j}`av32A7l0S=ah*wmzwtnBZ#i`u@H`l)zE zu1N0hfmpb5++vy#&E32fh4Mbl|M2uZwbVW7HCVe@;N7~weO(gyFfKUh(%aQ&V)0XR zO-0wRh0+b_1nd0sl%b7>_kq=dlV# zuwAMCgs2~!vo5v_Z4t*Xh$A2vlpkh<_Ga4twO3?*BTtC0s#thtlZ{Z&$-fzkTX{R} zmH#^XhKy)+i8}O?vV^NmXZOYPJM$4kYI4RUv9-&tZiYbJhPLC{id(4@{95b&B#EQ; zi+tuh-9ikh!6px$yKOM`e>}V1Wg#si<7NgP>xT9^R#bhd0S1T}Jfu8oZ2{Bb7DT+K z-rn^^6B0g6CWm-_Rnbbc3d6w2(_MvR=p4GRFfg<;CrIps=OhBF5{I&eD-Q$_9_~IQ zwhFeeLS%SldaU^G-MiOcZDDR+)ll>hf>|E&k&-8Hdp+6b;FlLDlAWP>ts#r1-@JXi zytqx9J^y@Bs^-#B#-pUzDJv_RuP^^nTU!hM@frY<^Kn!B8)&F0qwpAAsC<@bS(NVM z5#E!!>Y-CF;!@fO4z8-=4U>LE``^pTY47>M+}!l+EFQ#hx*}k=yv}8QP?7sBWMpit ztOUjI_esdjd7Tg<&WHUy9%a?cuPKxwnh%YEf#LSm&4SS)b0ITPdx&cFJ7C#r${5fg zSYvJGn2O>=4ss6*ykBEl2=MjE!HMKua9=QW71GOb5)u+6Sy3g7s!zF^QLZLxw-^fw zvakpU^jlWHfswu%>>V<#HUBhdb3I9}u{YPyhC=nZG>|iGSrfp>hnj*Bq+QtU!AVkR23%^chMn+6(e^X^4AA0g(QxBp% z4$`A~eTzh$A<+{SH180L7CM+ybBIbh^zas?sz>o4Ry~(8QYtP-l0%tO#*jTVI$o;{ z8R5ouQ#)3;y2!&HU*&1*n4V zxwoLGXk&3P2mj;y%v{jUocy3wH1HrU1Z9i*-G_AM%aX6Go)m68c%WvBEcf&J{9}7L zzo7y~o=HFHlL;PwKAbFr6cQQqleJMny`X0aY}P-!x^@`I;SJ~_^%)XrjvgLOq3GhY z>`Q<}Xe``A6l&RjvmPMKnHaw03wQBcTF%RMzw2am`z{}q z@7DXUi^svJw~4D4z)FTtdU&9b+eS|V(nDS=<-;>m^-w%G5*k`)&o--TVnTcI%Q0F_ zjeC$gEKFAa<2}YN7ngSXc9QOEN8$K&fZqUvwl6O)@$m3k(@eag&*0oSGY_Atn8koSdAPh{U)cI;DN?{k^$4jl{BHuBN8OIV6O7@>C!)FOqLmaKGo% zk4?uRpNmsNt|a8?Y1tlE{^*yI#|#sbbH1lNqrZL`S4hL*t9R7_($dnsO1-pA@^adFZ0 z6qIQf)6x5^?ZBUk$HeVCSfs9(@!V%>U7L)IjLq71PG|q=hI@AO@zwh)uw()37&A%& zV0FjAkvX3U?8?B!!Lgc+OG`tsD_mCzw15i~l_#g5@IE{o1Hw47?w%=O>b5uIcKZor z4Z*9gT9tDZNiGeeg%uZr;5zMa7Z(>x%F%JR%5jFFA7PG8`N78( zm4`wBIxT7?o)D*WQaPAI6%QZZ^t+YP_JMf1h->R^#W&D0&dpC`B&4S&B)|o!ALz+P zCMO;E{^>1J&v>E78}KXBXE7Dtbz5ehro=A|k@ff5FRV!OOtgTetvq z$3!RQzP6rhHVazk<@R6&PPiaH{|*>H*>Zb6=i%WFF(1xq0V^LX!IH6ikXQ9ivu#2D zI>Yg^1I~?9f(zQ(Tu+h)gD(5c`ibe>MKhs{(j;SJV=gUcQ~z~j7P%G^_&D=KhOvB1 zVH}e}6K!Ap&cL8Vqb1E@s_9p?EbQ#!N9|bPCK7=m5r8H>KRSLy`Z6?0gpnFYU4?MF0NU ztuXy+Y3=9tj7^SdEER?Ncf0hDj+Qn>z<&rAOe>wO`RT;Z{i=Qs3>GC}{Q$+JDfqmB zo0k2J4=rX(+xQx{j|vkpHZJh!?Q+NtYG-Prz9>7;VP~QQJW~iwDbPC!CX(c~3_v z;us>M2?6#XMCsrY{P$XG7u{6Iw?E%A$|Ys|8B71%@3d#J#Xo{B26PK@ii&Wg98+C= z1K=MI{~p7YKH$aPY<=3T{Pwz%uN?tp@bdH~c>dliYT9R6y$FoOC7j1}G9i&_?+pKi z@8#u{@#pC12vU>kwy~-~3c<#~d5?GxkqQVf&6%Voqu9}|d%1%mot(PT@~wQ2E2*Y;1y(xsFr@ z7xA%DeOk$~E=KYd21Cq;^{H44YX@Ej+2dy3alL$OIAIuAV3>YGL=ra9_maBp@`gnR z7yF@s0c7k)0hm>&l9|~s`eO0AjXm4R#RVt;8}niw90ly^SzMg6SN&#p@!IB$k{ z?@_2{FZS%f%gG5;N+=#t>kg`vLVi|X+kI_hbO}tA2+?;m4Y&nkV40biH4Jq3B;T0d zUY&s&0t$<8sk7bNBTZkhMd=*iAn$-!OjmqA#NFBl?Mx+rItI{&!~fZ`gs* zq~587MOi(0cfsf1@g9A4xoh!of4aV|E}%I}qN2vei2pk}z+Vgcvz33Pgo}#<`dJaD z8HNvey-sP*yp-kMc1@J%+>_3H=8=8zeo~ljm+LYm+KTUESTJ42tTH zF5CWHw*i@m2UNH9mM8gndB(4dC1;vWz{7fYa1glnHG6j78}de!w!FL?^v~dDnn#a@ zhKGw173Afqq80i$CIuUB9!DT}I`U#6!2-h7rN<6zSddM&1pBG7S)X^iul`+2{_}6# z>p|(2J_#s|FZF~- zK8+MfAbc)o&5%)9()2XQ``(Pd-LAHJin1G6UQqkys7;z1#XLG<0s#LW8GLNHL z#U#U_!(wH9^1b^h8p^9M1HI%j zfom;yNs$MjMTt!Z?5-%JkT)6E7#ju{mY5KD8Q|f-15}TVU7V)O$&CFx6RdU}0<)6$ zW?E&F2&c`0Wc9r%(Q;a!e?$;h8htA)FW*mE?+-c(qwnhesiPbb5wY}6;IN_XcE7ap zd)nvEfOc^@C}gKap|}mJmH{8CqOM$sd_YNAX5xF8wcsB=9uHOp{|5RD0)Z_eBrFcb zEdy2-l$@8giV>3z&Q1;{bqCB-vw!Y@@SJX&?O#z zs}*sbsk*zpSQ;J}czZgUJ(MA)6VIZiQ)yhgWee`axzEsD%L^25GfvEV_QZ=ibn?Ef+fJUXIr z{muuz;nIrcJ}2J6Oo5`>T2FASfv@3{wS8}VDKj&(kXq?8kBwAG2~o#bj{kW9JXW?o z)FLO!%DBRuAdpZmR41MBW`l`NDh8Vxogv3`8$YIrg9 zk*C#;uoi5?p&?LE(*bYd3~>A=jc)=E=2yf#Hd9pD)W%6Lk#2^DGx6OYr^{bm0Kd+) z|5at%wx7RW^QfIJMYuy+uN63?6A9e|0)CwD&w&G(3j-rf0f@R&6#{}=xSZ_XHrCdjP8yimyE?Y{UJinmn=P!jr18`_Rb;!% zJg&0suDQ-}THiol^6YdRcp7Rp2kMQn044?a@&x3&wY9YPg6`gZTTquW&-vSuu=Et) zApvWpoeG!8P$K~YK|0oEi;Nk%*^uCH{jNP8n@wj3?G$63Wgg{omgLb{S znHt^&gCpU{Gb9nx&0V?AYudEoW+VN_4`yEU?d=c67+MLpn=YW$0YJAn->WmfdH?-` zC;A7Ab^etrJ$-#dgoF>|Lp&allY5*^suVs{D?&yYrinXxJ1F<{t`-%lrn;X^ z8nCmmU`oAw^HN&6; zh^O`MN(dG%+FeL4v>8JYQ4NGRkZE2D4-rhKr^{=6^PeBId@I@fwRm@4nm%FEBC zO@aWLCg5P3zkFE(C63zF#jOD13A7PYHWxF<8NZ|zsqGtHQ;O|z?m&* zR#s8b(9>O09ctRIpNsnQ@q2QWF;*a=pOg64EmsZu~Qh-9LBJuCvPvU74d-g0%3k^GQIK2wl*lZct z)eYf*K264?Ai=z#%_s2vMeG3#A3#_FDEs0!Dq=2e?)AIh;VCIw-@n`YWhuJ49%hLb z48J%TzF%`>%X3bDeMOb*KYCSYJ28!QO@Q z@#8C?TncczQg52@c#R7_{;&eB?4Gy3m$eY3mYbWKr*0xU({TAzJC#7;@RO%cIXQiQ zhd(5u7X#|}D$EgntKM7g0L3Gk zMg-@VQ%g&W?c*mj>1p@z@mqa1GgDJjsi$vZ`dpKf(=X%`n$5EoKb(=*nIE$YU+<5T za%Z`g>pQx;S93%mM?>yH1oZS;Ok2>9Ra2jZI`fXu5}iVXq8!lQSWeH*GR6HX8Y+h^ z@wN_kCEx8;<#Axc`%)O7^$h7N+K(Trd-?c)2bT|hPZ}8$qpqg*Ln;HM5_d1Zmx7iI z6OzEDb{~((28l{@h(iK03ny%}fa7U*fqiXjMMZg?xWBu;n;V~k%b8Ts20`sip;|iS z1G>qX5l#Q!m{^4(y{9cTjGH4sIj8#((=PSOUlBxw_-`RdH&@rnUMtJT&w`NsjvA0Ldz`pNqYha+Rt`7WCGBTZCdJ~E^)-8}MN;?M!CB?;C z`}=rRhJJqjeX&WUC}k*H$|*5{At0zl-T(G1F9*+>E5NX%oSd92wc~s3JUO2(n^1Ho zuB`!(dv_Twc{pF^ah%tUSiZ}>13lN>-5rn*SXtS$D<;7%iK*9d)~O`!e`V(*#u|kef;};Xvn-n-Iu~bIeB@`s3<-%Y-yU?H#brzC$E;zgyyY;HF^hu z0uOHQWb3fkx!ci#zK;Hs+{W+boPp@^nUIipdUDd%$_hJ$yT)dS1;N6~O859lDXId6 zs-T2|TCI{~(qh#c4;slSD`B@Gs;ZHZD)9bN2RD|N&4*3+yfUIzX zgo=~lD8OxO(CzI~GBSA;_igyoZH6)~0Tt^E>f{lS$75+n^Y=SCI=Z`0lDLfc{m;vC zmd#Q2emrnA$0`>er~Tz0z!NOe($I*&(VqFea-8G6dLcOgdjs5BIY{Yw^Y{4n`n1Ip<2VVfjJ zPvPU8<&hEKkyw0pGMK=w0nP*T&!6%N@)pQb>?`nH10akVA!k>YINmkG4{hgQ4VB{T zhGmQUQ^GtwJqd`3J&2l_qPoeVc(GeGcH67F#8TQVkrZp3~71Df+*nL2m&Bt|5Mw$VGE17EUrI z2oz#G2xum7aB-YMLYlj{&@-kv7+k`_Hh@at9vuAdG+X~{z|{Ezko9C_D?mXTNE7PM zO0r2*16C>Vg@vd*z`*To7iA?`&1Rm4$E~;vHPk|+9A7yG{gaZjV_}3bQ&3Z*uH_(d z*qs=d&h=s*Hf>;G*{g=67pEh#TBM@@2+>Nso1wIN!qF2OiS%qXSy(U)2)KQkyn6_c z>0GOto*se(ZW90H;NW0rNIidaW_EU6o8nCbNi^W?V5G{X5QN3S^yp1zB=!)Dor{#?+OXcUq<>vmT}e7v5M^981yoCLoxmn8AYg;b z{V|V(j4Tao;QRcUwV!`dP(7GW*lUNPw3{h1Pn>(uRBupBMwE%^CgdnyCkd_wF^2f37>Nl$5-k7>-^NwpGZkd?Cn9x zzzHkkK(%qlEj@iAfd>I>)-I7H@}Aa+-bG^&<=_1iNE&mcrQF-M|1ES7ip0W_0-P-% zY5!ej|GOM|PBUP05+-?L;jVnY0~TD0LX|u=ANjG8A#gC%gNwE^c5qNoPU1y z&=7|_9Ks3dfRXg|^<||c;6f4|0io^78YLqm^G-(QraRd@amPt)^#$64=_1OohUa30@4hDTDEPbHZECDo+cNTTs>os zVmcpXI89%Yh-itqd(00cAdKaxLb6b-@+m+fmekjuUjXONZqPMYiZg%FdeL%p^oGbJ ziA9Ty)hI*A@x1Tz6T<2;t;bNzO#;Za#i`UQb1U7%S29*#@L0#X&DnS0J1U1;xA+iq z^Ebe~NKJ?XIk0A;C5rg*n#DKJHNE^gXwS0|nyvGDiXA`eU zJ?ra!Kz|7P3}q1e9C|mI2-plne)yoDiVD-xq5uTpA>gZ(5~?%R+4GT5Z00hp9rq?H zBd~xpA@a*NIFgqQ8)HoR(t45D^e<}gNCYDIt*B_7~*zW2o0#a=j74I7Rmc~mYN(>|U;7JaOoUoixGD9^~m zBoi0@>sK=xjjmeeCAzwjcrVZnyjr)`Kw1Y_Tya1#Fc^CuRLvc0>q zvZVpRo$b3-`c_7$CTIE-n(@dmNjZx`v{h9)G?J^!^g+2UYFv z@<8%G%1n`nULvTKO;S?wF+UmO7nHG+Ntrn7!UZLOY}qAcwM9iV(QNd!n`-XA57Nva z3B7{AC~BMKYXe#Y|MLSeLvLO-w!*3$h8{{e&Ij0xEG&Y&BZZ9=A6d=&)=D557}F}D z4!b;{iix&c9v>AhwmpF`$Uv=~zT;#ie+nqjK0bwlamD;}ax1X{Yon~kr-N?)=CCl% zw!437)AleocZtD~T78mUw1YK1e@qU^GZAKGH@z()KW0*RVn5Q_YegvZe>E9IXqW>9|D6@>j@RgE6P=xH1SVnY5Stw&vvGVb@klL zEpl^>jAns7`M>XQPM?2`c0y1s_x`=|>gGQN8ZVBQ!-!oLjQIs$AbF=sf4$?QMcUB6 zpefT*k=&eTpswK;sHx^3&K7U8xV_4{d*oArhpr>6qu=|R)6~Q{=+aO$cNR+$8uDX# zIj2u|D3z-R+}KbeqQw@+3*hm2-uzq_WtX<2OA9Fbn;(F>8~H(8`Km!ZS^HSjx&e+e z1Q?sk0fC^KeZb0e3}q5^=ep@hS*lt&0q@kP9X3K&51`ndOnz{8`~`+Hy5|yGdk31u zD%L0+uMDwQmrMU{zxnHzy}h9S_vTq9JO`1!?RKrr29>eV-vArpz$Iw80%OO9CRMW~ z#0Rt3qL^fQ%;R*lGAWKGNB~xte)RS5|R|p`6YThxZa&S+88qIfVwrrowU^&tV4oDG1s)l zWP>HfKKjZ)?edbx6DS0R*cF|Pf5xnlV_LQ4p8@XA+An@wVT*2U$@X&J<9#aaUpxLE zb9pgt8xyn!uYK3gMCOl*BwHHYRtxQY$AOU8DciX@kSY$GSw5h04F?4(k#ybMywjop zHcas6Kkv`gvle{;Yecui(y+;W3JW9NNV}9f9H~NLJ;H&x>CutzZsHm&kNb#X5KR$o~lbpl#x$}n)O5WcB?!NoV z%gX~eUHSb_6bdz7^e|O*qp%R&u=M%@AT9+(#m#j!kEILwv`T;l7#SIHi60rZ_|*;C z^!E*P!F)WuTLI*tE2k6K900|d?1SM8pMwh1Z^Ev>{@a%3HWc-76SNlKTmZbzcVPF- z&9%4}9**NPZnL3gE*s1%gY-bd?nyz7xTaj+t8I1RAFWm+g(*SY=k z?vD?X>7OoDS;)S9`?tJd9xx*22<3}CUtrMq^=oe5-v0M*Qs%AB=mYUz%gGIRX4_PK zig%YBGld#7NHh;V-4mBQ+mG+GtrPH)NG_((YAFnj6!)x`9(ueeY5j1+5P@fC(BM)` zFACx-|9;)|gC}w?WaA|}yD3#fwECLqN%!>U&QCKN&b6^~)NI zN=t#HZ+fxd=g=jRnZ%u$P_5jN(kdRp>@*8;w z$Nda}$}T~81~ild485;1<4fOOQ6yN{%(fX6PPxSfmLZzTnSfPuSc;fGR zVWy4d(w54W&T7sb12^-WI&xZTNIV2X@N!OEL4Q(RZGG$Mn2LtP<=WNRuC|U2U_8S(?7oHy?W1_~gt2m1V&3F z`rj!E9`oE(jexJpgpwS)7%=9Ag*N8q?dH6|*f+E9t=gkFU@ZCUY|eHg3{Ok1F8AxG zogg^7e1HW28@^V;aNO$toAI|ojkN1fMqC^T{X<*+RLfP%lcMzq1Oljd6H`;dLPDv7 z7}F--_BMelHNG?%Mu0OUCev6~*ZtcQSirz_S#bF3pu5_hscst(AkO#~1bI}|)FxGY zv6(zCJTETJSlL)9AE*%%60c`OynjECD!|Un3*+-)hw0(+uJerG<6 zH-tnhzEkE$sI1Ht&J~gkuC473m?RJeVdS%Lc>UVS3NgOz{v4!n#BF;YBl@j zZ(+J?5-ZlG(|n>G6Z8WfUILrOeP|W1X-`c}*45V=mrva@FueqsBb(Q5Um2ijC@nOw zVi&4s0yqA?rzmig&HXaQ!g4;T%=kA0wu$$1_lv<%g>K70DgwHHQ&W>p(Z;M(NPd?G z2DUVB>fqDlkIaF)71CTwyqwimFn4i%zT`qKbXv>K9lv7h_;SNoxrIEgM7c?!D~AtR=kcq zDHQyiR>)l5YmnqBytx!6JpyRcHRsX-v@*R@8-+F>C!YcG9N5K_s=L?>4Mz}q?*QH@ zdc&6?ppMN%`oSGld|xJVOshH(%D8f1NDP(I(j&gb!_mT#3J43xq@$xQ`2E{L*pUQN zaF2E@Y$d}(i42cSl$R){1U0SqAx};y8XDTaj(y;ARGytm5=t_r`+)IFKMpCweJ>%A zhGG=8x$s=5lR_^x!1Jg=;OT(DWr9zM&zmUZZO`Pi+EZT2twFG4u|U`Zg~G-*3=IpF zlh!T)p&TiM8jFaELf5*fS>1i=BF=LhsWA_v^Lm8hY<1=GJmEz?{w(0i( zD>NqPP-iSFD}&9Yos(Ah45VgxsR?25hQ0omOdWQ^2UF&lh^kkNIE}Bz!$>VNEL36n zz>ykLkM(bME{4jNMwJ_Iihl7Z#z zS}CXoM>2_TD*Je+Fd~?knXR?7OB95hfsv5SpJXfgRJ4dfP%EB5ff)_MuuH_;d^#D< zo5aG$#Dod|!v5tkN~Mx3jidY{Noaeyu&W?7@EDLV$m@AwFw46s#g{p9yA3^%A0_@6 zt1)u@uOtl>+Q-2h$^Z?0svpKTojr$;NW@ZD)z#8Ol^_`rPz*I4U{Yf4B(+x6(M#R{ z%gKgFSD#5;^sw{!JlXGmeb!AZ$V2ED(?B>Wp7^@4&=t2O>T`yh=}Q6$^3Dto#Mecu zDKny7;PADviZ5y;Aum&D|C@+?x%>O(+_yuut7DN#sN0Z` z-a7oXGjS*!xjn%)783ueBbFIqiprz!I@M>+$7cH~A-Yh)w^5O{09JU0z`wvD z*KC?ke0hGIk`4iz5?69P9ygJ(jVXDu2PL)+M9lcl2R& zhWCKjcSDMH5pIGetv_-x8kNx(lp7~*Pw(fmrkc}M{9%fw5?p)`AQAPVqwjd_-mECG z#h%%S&Pcyx%-26ygTuI}Cgyu)joHVkGUU@3m!1YA zcKMCc!z^Cmziv^FZ{l68Xa^75CXZO!dwM=DI8+o15p$y-kU4412gQm>`h(~bWWDucJKG0o( zLHlzuef=!v!>5Kh@UBmM%xg958}#AZlIM%>j-SYoi_5fK?(gCXwn(J&2PJ#71z_+d zTvv4VJd8L#CX&m(xo;M$*!A;nqek8RcVNz6qq&DmR4;iBF=NfkHXUCW1e4+pH9mj2 zUvjqw|C)5+WkFzp4RwP=Yezfy`C}tV*;3ppe7>GOs{Hn_rKDK`$LBzBGf`W-BYc}) zIuZ&jLmlR-k+B-;N_YgdJ58^#Zg1!6U4wpKZh}?5XM#l7IreE9zH>d!ObAkRe(93A zobE$W83sJ2&F^iMU>~&q+Zl`l_032uP4sE=ijkT+zKj|eqn5ifGhkjNDcHEa?PP@qWsoKJ)pMB_T z_BMtMR|>NO>46F5I@$ko11AG9MQ426QhZyC2H-vMJB%-Tt{h)Lx1!fxSuI zzRwUJsi>_i=%;d})$&6bV9^Ts9XS{8|A-qiAh0ymcDMJvnoL3&QU-1EM*%Dp912<0 z3Wy5vC@iV1tR!Y6k?*w=RF3b0jX%Kk%*93Wb)=B2SUlr{tL9U~Gk6PiQV=8%b7TpM z35v-mvm|vma-=CG70g9brr!^sQwO=b0Wg3)wk6;tVbW9-7pX0*2%A|n*;0apaMgWf0F#?z6O{NJCY%Crd*|yvmnC_d4num zk}yMehkaJK>Ms@W_1Tf~6PW~ES2)OAwuBbRrN?;SC zjREj*5iA~@nUM#vgIb(Nk9iJvcLxVE$>`~)fnB23bGTQhC|DX$`e{OrOr6Yy!zpeX z1F0Ju8%X47S(#J*=vF2cZ1parmHelMps?_lf&#U4;e9xL#_LMpjYI0`8GNRH%#PXH z*EclK6K6%mY>sRY6v;+`@JN}Hqa!>KCjwg|DBe)d=N{d`!eiCYTPxOS&%AR zZ~;p0ztT^Bm;muSz?M)F7XQQX_%bPVcSRx_mU~N+8J1i;K}QaG+Zo4vS?VIsiZf4> zEPFsgmo4@4ihQIEJ_i5k8FeZ8WxIg~Y8S(D%0$EqER7ww^e_I+d)N+Vl4D~)D3b9l zGO}FSwhPmfxnEJz(G`?xi)9W0q3C=4P90DK4-Q;1{g*Qe3T7)o3Z+0LnT?I*Ek*Ju z$i8-jSy#4RIm~v1Jxx}Lw-)D;2)H^0dBXr;&{)n{KFG=f3hx5&)NKm&SERr)Brkho0lf}f*vHdtH|sOUs}M~st>d)>4Pb;RvbA!WtKW|nS>$;7G;rku zI~h6o!sC}vlF*vTNg%U(dY#RJ<7?S6=L6c&xxxooj6(Tcl@tj(FACa^t>%L^t;(AWOw?Hd~(=VPOuT%4`4xQ?NlHuc{RxL9(n zGd{a5&r;Xa@i;jC88kUNdOUwJTr|56V~)8A-weFI(o{r_#SE#V?60r|U<4o(heDYn zNZOC8@|#L#f4^zg4d=swrm7Y$=P(3K6)xS;p&J`i$@!GOHGczL7!y+`Hzoe$76@M{ zaM}`Feh>6}VagzvWUZ8hhfZ|3A&*>Q6pwYx32HBB9N2(_NuM7{ZZSVm4)Iu=o-VRS z&C&uA8WKP>&p76_N=NkbKM%ph`NHU2G8}nNhQ%m}6^~>k;}YqU$WHg~pM+((R0ab9 zbh~`4#U6iklEpVDj8_5Rb3oDOG04d&n5!y0LtO*UgOZKq>A%_QgCmX#kK4lx0fASw z-^NfEp?E=8~ zI|M^m;t(up)H^K)2Ll-%fk6WY%6a$L(dy<)M=W2B_J?AIQV+$=e9c&%xa;YypA1Wy zy?XT=SdU7?#PrRUfT+nFK}`SRO>xO~RPyNGp8QxcCXOg=Q`1|J9F43c#b)LY{ z`T6hXlLld-VVGE$KbV=Wu7O8Ll=oXPhlGT>|2b3+_BA@=g^~N!+BRbC@0TwuGQ1}* z@B6*6l`c31E+f!r8!vZ32?>ZieJ+4WsjRNR8u*OzIQW+nwL*Kp00p7ChLw2qblE%O z9c-N6D`k0VDrVuE4@e`4*SZ(XI&E+7FVs7~vbDv96XcH`@H!j!*a_m`;%cPuGQM~* z(BHpirO}}2Je~I;ulPR`Xi51XXu<<5n;9bK*8|>}Vs?xDgmFeS7d18(6tD)_1R5Ks zv23?S`aP7X|MaQ4x|&%rh5;LaT;+~uF&;>&IywT?0XPOS)i+n>=gV{cTO z4VAWiIUWR(2wNJKd~s06}TS`FoW}rt!Srzr-l@|zN?Cm)P zNlNy?NV|c;9TnC0>CKuT=li?|SGd z*UeUbEHw>{qobqkP{#KD{-BsFgpO`Mf|w3782Bg@<>i~oh+cFL zl&vDl?m=X*2d85BrWO_!eoYk;W-}vOT7Ye2u=7ziHn9t_$&}E`r2j0Zz~{jzEnK7sh7kOjr^`xo|&(4X|>Q5*)A>Xi_35!O@Q?pok~9Yo^sg5cA1&vjRl)q#QMup} z<@8Du42Yy;TQDRD`Bkm{L!KxcjRa!?0C5X!I3zL@g@6cbZCek37=lZ)^D`Ub{D$_e zljr<@zH8IQH@S^(FG8@c@$vC7u>kZ&5z&g;@oxWH-7ZSzGVTizqli$S;4yA2uCGtx zQ{bcl_GFe`ds;D@?S)8(W*Rw=K5aWIcePRL!wjxn6C9Z@&M;C~ZYO2XO62Wq58-2r z3RNHBRQ(VWlVvLSt-5*#kkG(26Fce9jo?5Tzj~!(Z0t~XMM+7C^B3pvg1&y6c&+!XgQEkip#dZ=931*ek!qSvePW1+ z_maT4eRk$mdG~hTOxW4D+Ujd;gT__Y2O}e+&Ee^+$DBqW8J%5O88${b_Y&NYz<(9Z z_G6{{qdZrP=zBi4EZA;GrVMbjkg5WUp##Vf?e2&MGms#7H#0!cFE5cAnu~P9hOG`D z2Tnhbo96L9dVAzsWG1Qz#b!!M&YrDa$HG4PyIP8Qi%EyVV$`Idg1CDW6%>9^ewKM1 z;Uw&@1BYLx{#nWNN0mB)NxJY@3D6I?*YPdJSv#0!21C)p>4XqL|4=@boyYte4m90{ z={caM%H(B4&&|DJe%(-1&{c4eCvS!j#WhO8XkS`ttE!SBk-K;hGvgE;9bG3R1ng*Q&2S^FY&Tv;EGie!tv-5R5`;yV}th&Tc!}s~O%{UvG+L{j{OKZAsvA%>-e9 z=_r6?c+yiNV}PK*Xce{0XF@`p^46$V4kNOHZ7I(8AUPs1vV?eu`Qf5C5TZKcSykc_ zbV5Th37@T219qI-R3QYjeYsrf8Hm;g{wL)f*CB4v9U{_jum`N zrlv_h^^*loC=jPd{KfOw7|?3M4A%W@S;l~PWPCXS#EDwYyp1OYXk~-Nce7&QiM(Hm z3N*j~0vc{bC>2Xsjn-^Qcu9bG5h)2e1(lXUN*2fKdhnf)W)a-NWu>JWYHC6|$Xi(~ z&{_bim4>Qn3O_6UGFxdJTn7Bl0Qon2?cUuKiO6)y1OnlSSo~PJb`ndWS8ToqXc)Y#?tprz}9tf+=kXws43K$li(<@Jc@XP7x>G^p*fCqZ_kT97@ z_ZXN=+6kp?hR4V5`0Q*A-dx=?CkU|%E=K`kxg$3hq;~ZT43>PB{(K;3=g%4gk~6(awHnHh!Mdnzibpt}>Ac$Vf~-h$fvmfP}%r8|J# zJ=S_Y#Y*0B2ngs@PIE@x&&b#E6Tk9?SI2EVPN#HkS57E>^oSZ57C%|f$`_JCe2hho zO9?J(E3m$3KY*)N#bw05aMbVkFBapo-vzTd=&cmGFE4Dge&N~l$wDbX| zTD`~d(}B0&02;r*!#g(8skT|$)BvjL)2CB80+1Zixt`BY)F8`mL|+H4TUUCq32zv- zbF_F~Ry*l5H-7`dk)>tc+}s=n14vn0@iQVg3!Y_ui7vPYR1{_mh}914(W6$a)m$Bq z2hrpzn2^lZe~6*HFBOcu8i@reT31IOHg~N_lebM^d+TWyZLV8etIgIp9_EJOdQ{is zGs6L7116~w4rSoiRCb6`D67QZr=6Xfy9Tj_=L)otobm1NEiD*Q35=;nyQb5x>KV*@lpXhGZ)Oy9WWc5K*RYI`Fd8`H zx-qi^Y-7}mbo3@$j$a(NhXvive`0$}h|~%jip!SFM^#r>w8nVE;JL+KJ1CJ1Ns}M| z44RoSJo@i`qhV2skJNn~=(N-tz?Lu#+`y_h2{P-BX4{%{83LOlPZR?6|ACgz`{Gnr zPY)a?U{rt{LY^ZB3Os_c5T;L7lcRIfioEr2UwMXh1@}jl6{BKa9&msXkjIh7vBQFg zpvfI|UeUe0jnYltBnsvR(kc7RgvVMk)h zLw+zbdw&ye7m-qluooAI=b&c6!c`Z05SQZ~E-)mTfSswVhY042!^Xp~Y1c(*Dwj)4 zWn^T;jl}&oaiY~hPv#xwxRV+06n~%3gVh`N_aQKA2+6~T7jrFCttgB{Ih6%jR`?VgbN`!Bc_vhhv4g*-LhAt5s}4w84spE|BiF6 zCxwi>gf+7Kd|<>D8XU~|(gx{B?l65Wu96oCfg_Ip?)=~uCOi2`WV!mU)1~1R_f+1j ze0HE;ZEaauYpcXF{;RP9mAbk*01kWwY_`1oa3c9C+;M&6%F4wSif&Qd5 z6B`>_vat~ma5118G2wv&>@Bcy2`F5{jT58r!M7zs(mne6@ka=r-ZytH4m(dHX?mQZ zf^cS~XCa8TR8mI3Ig+!Gm z2rMIgNg|_tqtPgCe%U}&3`1E?&a1BY!-u9_<%?bS^YX1;=SOk{f!ewcl*F!ozPEz7 z2KaLO0!^o?(C$M?kiYadStSqDDVyU}Y=GGNl4)=mfJI~ddvJWbNPs-%!_^xC1D-di zJg_h`Dmwlb_2@pH&sIwa5Gl$Z$ji%fXqV@F`LbnZHM+8QlAm!A{caW|vz2(OV;_qE zT`0oJ7XF=aV}729lvFOXe`ZubP*8zW3PCkL-wvJHA6&D}K9H#wYE~sa{0&NDu=jzP z40cNLm42B`?rz&Hk3yhel`A}{$T*+0tzKGKNL0z&*(qO1zBBRPf2F?X#W7Fw;p>rA zpR9MY)6f_kZ9G6L#uC3PRKigozFv1v9^cM)v!TDgAC~I`ltf+rz%5Zrim3vr@m-Ox zK!Pz0tS$b}qdHBuDJYU@G^Z40pi<6cmY>Dy&Qwm zbTO^DSe~PqKCpV_g5?nHZ~56fajw~zBdy8^<`}Dn>DhtbyoCUEP+q@8{)r(fX0$tztP+GRgk*ph{Yi6?m_0w#3Za4!W?=7 zEv7s4dP15vpz`ZiY7yT^r*v?T6W+;E{h(VliEJ6q!a?+SJeM?@v7doc)%xC7knZ=t zL#^AvH|96n+yy-!uuu0reH6_9h4vhD+|RgT@*VFi>ihkrP`yi`OQEVnK_^o>njz>g zx3efL;dcpiw=}ibbtUSq2;N;`Uc>J}%R^2WACr?; zz*YiR9z5WyU?3wmwzE@yWIP|1eIJCre*4AxJxNc4xCWMU0s;curhS*H;EIJ4M5{Qu zv~&}UZ17tV;o;$Kn^B>m&l@aB@Efb<>8bDb-3vk{j@f(-2*7AdY@HCHrA1(E(5%b= zxakn=ZNAWe)=T( z%mEJ}EFwaGFMDN$eZrc*^WU3YGQp70&@F%eW;k{40tTlumZie1$CcStikM6KUex=; zX+OUoC;Rv%x{4rZE}}m@(E-bw_*l8gQdAo7)DHH`xVux$#_LtMwv=g;H`1@ms_W?J zoSmJ4rUMQ&;5I_jqy-2YQ1d_)Q;?IhFkBb|54L_Wi6J@M=%LYlot-fx9@cgyetu0q z=u%XeXzVh2OVnuW>}=v{6k`s!1CS$pd?9#u36U(!4~S&}6wljeqk~3EA++PyUF%Jg zUYGFOHMH8fe^w>esJ%l;mXMaVdj%0LF2Rcqh22UsIY1qRK$~cY_t_}lXBus+i1g>O ziobB{N$LfYTKg8P59Pfqng=rNDQ( zF3_;Q{NGPe7DAf*4@~T#4qX>#cGvnxjI4sE!ZlgUprxFsw(~knbK|7*@EFQAHhRTM$>4+TsRd5=Hq4NmmU?_< zFK}UWPgU-{@E>efZN2SwO&eZbo-d{Iym(-Ir@7__-F-%;y!^+aUSH?-mWOVVK2V5! zED7o+0F_dUI)ACJFdLYY9Z-jL2wV-a@hoT-lSuVm!&g6D8xOw2Ne7b&aldI%5bO^R zS8hC8RikEup6wjA1~7iZlHA^y6PR|-uBg}@kf#CHzN~+fpYhWna7y2$X z{(Azo8Vnp$Q`d%bc-s=E{*Y6XPnQ{cIcx6Wzx2c)TC>?s=k?fua_(aD@}jh~^sua* z`bFJdIxJXVpt-jfh6}B^fOxlC;yDh78wTTxO=AEw;9vT^JlJ}Z#MZkd=%L(yz* zZt82jeEH%jkB<(ucWu0^8`c1o%?&xEe|5Fnrx(>FISUJL7udnu&q?>3_^JeisXBN+ z%FD0ZK2R!TCvdT|_x8;+HGE!gZh0-F{ghE%KB<#@==w?g*T18ed-?P2Q83&3tkb|s zOUubF-fPa!&!;Ekyfur(M*S+3tBp$zx%KAcq93US3}C>?gD+ zJ88E|f_s;j3-fy5j4}HSp}Br!REv> zZS62ro&ANkvvc>b#Z#9+DMP%3ol%!ITS3H9=3QYIVHO64g%;dr>EbRYvlov_0pPWL z_2YniqT=if!xwFB3$%%enVFfhOk^iLx^sc1V^wG8J*Pe~GHPmeBqlC3 z2?-zY6|r#f!FWL+4dW?rK0rxO=VweEzuc16!I$>%(#X}M~X&BBYyvRheK}-X7PUm*|kG?J}}5j67>jIi$TeOK8iHr5Dffoo6`;U zErG{QWSIkzOtQ!aOq05Lyu2b^-^4?l)%(I9Xt2 zqN1d9qfL;JkB^C|uCQ$TXW0kgG;9IaNyAjDc?u9E!DNz`{MN?Z-=iS2LxW^;1J;1~ z`T2cGJnfeI&?;IKls+RiSsrA(+P}CzuTf&569he(fk9?tV@X*V@D;`QSZ*7CdSfje zWaqt0$)+_~S}1e;{4+US#cxqjQ7ZWBrKOp?i}Y+@=isn|K}0JE-aS?dx88j*oZv)& z9`IX9qxi#zVvLNf2K_v3EV+TSN4Q7wGI9W3A4nb_Umn`o7?)-D{`1&9pR{s63d|(F?5#-_b>gUE{HwrDZ2@cDv7_i(x&7u2Q@Ekg*&A;&URhRAyvq7pG@p=gDKeU^#)=2K zS*Q(JUrAkwDetGRZ>6j(^D5_S6p3sLVMkX=`n$yEdU{i1V}d|ra^KEc$YHpq$@5~A zX{=<*oZNVU*KY}-Kr8L2F-Qc2NF6QLh5md>erxxG-)5hueHdK)K}AI_gAgJ<1u}x~Vf_rSCWgDZlw%mAP?a7s4FwszEIi`uB~bY^e4etcewZlX z2lshgar!nc{)WAMW-N3JKwtwT_5R+TL1dMMlYTLuu~BfV^)N&^CSTFtdpE7;vdatUUQ#?U5OIDT(B9K8S74jz$zhgcCiikkl z;lLWkTjmM{%!(ii^g3Llpd$aTw-;(M86?(|UZHE&{4d}MMr&Vj3{uFB$>e#{ijGow zdWBj@BNo$h524dPhv_wpS0lhJ1)dR2G~kY_ecJJ~wRWK574_i00?h#rA$Hg59JMox^aKv{QS1D*O1+y)S+9eAEx14e%-f zrE-&@Vwx38^NX7d!tv z3W1~d{OoLvpE8mqO{A6N3tL&3T&@wt(zv1WYCkEmOveXXotcfpZ#hIlMOD#bs|9!7 zcpja@8ZK%my%x*zv^QPsg%c++cU05`rw%Zn`jr7 za2w}U%+HPm@&k}O|E>Mzk;~?SLvXPZ_s0)<=Ilrf6#!I>F4hSnfNuTbu*)Toxqwv` zk;Uxl;x;-mDnba0r3$uXgx5HIH0^p{Y0NPThliYCdpzJ(7ekjRLLG+~!<0KdBBqSzw9?8eS#y&bZahxsBLIqA?4&J$*8Oi-7B8Hrj zOu%JjxQ9{z*1QHAskMafdv%#5Tu$JY{|~lWP|CN98_1|vp6CQTGBe8$G538hq>7#T zw39)xGehVqx8wKKTyeGqD>pa4$28){A9C`4hdVoUX3K*i)H)OtB!!OX{0}?3yO+Bn zGulnQJ{H;*Fjg-urI9YEu9ipr#JNc(dN4LGBqW5SL+8SI0_4@N6YGE*hatC}qGDL9 z5j8b61vPatv}ad^XR$$i&Jb4{NCs$p7yj(83Z$~K6n-w`O6lRRpBf!?Ydt^A5O*o6 z{M2pp;tdxmwmLD66zV!M85vklBw0EHsG9(!PUFBUe(*~-(oH&g96srEZfPDt2>RSl(p?PQrxy;?pncQ)2nQ-t}yxx zpwid(JKqPtC_u#oVK~pgAfxQ9@dTE&@Pm;Fty%K8P7tq{YcS_rYINjS;Oo~i>cgUC zsT8V_1Yk%v`U=oro2ff5pFVwxM)QHH1jt}OwHlt0$b_CdZ;9`r(hWp&($i)sbfF|R z4sj>>5~nEloW0;J7*UcpiJEM0Un757a{s;v+Y4gZYuz(5 ze#>=LQD-K8K(G>qtuGabcw!W6A1zuA_5u zdFnSK?os};y&c!Mn|Wk;4|bsN0{3_=WOd#veYa{+3D~V_K1K|fwx?W34<3tpAFnI6W|M@dCtDr8H6!lB4h5%RLF~B<$ zYe4=49}kRe`m{8M1$YXus!1%U#oi%qPefn&2_-K;T3sR8+H_e++J3lIhXuiP-qr200Dir zTN8RySpZBAxCtcw&6~(uk#FCMJwxyJ)^A4sp6Y#9Ji3ge8x>Qd&%fj`ioJ8It>bAP zKpL(HX?x30VZ$tJKkHvq1TX9D>$fpfHJ=iBVPMbl@(wQVQ)eB^=Ak65Hv73}8XJF^ zbS01hV;VG^loS})q!HEdY^miB9bB8If_>_X2YTxmMS$% zwd(2;8#JlXN#J-P?&WIe#(sll z7A6<>!m?&yXPLm>0)Jl!?8eIqcNI zw?#(W4I3O%*@4l~75gz+#koizsCm7BcK?;;0tj2q&#^R1o}fq0NaV7UmFGWTF&7aM zQl0&~7tLJ6iVPgeLI~Y{nZVIx_vgE8s#C*DdF%l0q9H}-*_BjP*H>3pH#hS&`8<-Y zCiJ8#pxO8D31r`MeUB~HA!|nq-RT8y zxg(mm6<*@t;FB(w1h@6+yVL{(l$7vC!S(+JdzETH6F-)c`qPO^Gu-J$es30*H1%F} z>#p*W{!K5r%`ZOmlDtJ3tC(1tKR0*PI%xDc?L(u12nx{)+OytTQURsWr7CxWCg}}p z#wU`THfT_Qi>RxwhdZ8}Q~FC$kv~$drmT#BnKr0&>GoVvN$s_4Vp$i#SJK!C^*Q`v zf7W<@kn^-5%mKIs$~&)x+4rdyzh};;58*Ni#C#q3Qm$fPr!80jTWa{I8p7U#5V#=^ zc;qmmedXIIMzh2a#;FF_LG1Qte9zI{5&)> zgO5BrKNFSNy%}QVQ^2~In$lxRLt}@XC^DM!ls6#y&H!{K#9XhXXzr5CQ-k#brb}|n zQ;J!Ldz}Tpt;;~m`3=V`m8e`A<-K&o8$1U@UpH_{qS?=-NC{Lg-ofz8@Xs2|_vYbhCI0|r^!@bbVus(b15ke*&!v!D24JH(Klce#z{J85li5}7 zVl<}=)mRa27D{`Z=C|DY*~AG=-B;MtAUVWK8-(n`J*2`N~ZLD&CMA?V(Ra)Uhqlt93vhe($xkUJl3 zgDwE7<8CmqjgCfZkkBoJeWIRZoQ*UNLVV23oQ1pDaTaJ8$;-vXo*iPREw3jM2Z;B; z2P-cA3v|4r{~_zB`>57S=OWc}V9y~6#8lXMun2ir{s_MPftzP&a7dMDHxTD0(8SJ0 z@h<^jUhcfC0hgz=f|u86{6m_vgX*UJvJ+xrVqFr!smshKeB$iBI}0o%W^7;WX4F{H z#OgWk-Fsxn>XvMJe!Ij&@19t%hpzY8H;>)kR59RPMnU-n60fA5JeZk+sK;+_KwgJ? z@#MjW-4}!cZowupNG9@C=a__qtFi|_8bms6k=xLy!tZX*RQqMxy;CnrTF~>#n0h6J zf^r$UY=9_FjE}>XkXbR1Rv{)fJzX413}|vrPCOf4O4#U>j9B6X`D4)L_a$aAgZ6ga zW*s(D?BdfPbD@ea?4Y1EV~WA@&m;IrG4CBqVY$R?cG>=~Y19|H<@Vt1`7>)<29@t= zzVRhL#+gN^9`mNnG0h***8Qpd5Pi%djcftC^ARll;^PtyT@P=>Z2cs942YT`(C?^I zjVqj*bv0*Ng%uRvGwi;UM;fYBYP&p)Ez*?I>A9-_x)iq3Z;mH>g%=kX5v`6;685I@ zDWkA^DU4N`vtA3^x(n_%zZMBLw~WR>6UcHgGU6CApt92X-+2jmg)dT1s)2hHpf4af zeQ9B7)U2!b`oFYt`{;Z@8!^{pnj|hl}to{rmq7-Pf;`U%tyEjBBg+A9k0EAmKJwo<$(*K4qo=>Eb(b^jEf6svNyl&+A1q|0khSNgxK8k z&Bu=)otC=A9JhuVH!ccmgRmGEEy(Nu1aiu_A zQ&&psN%s@Ta5CW}pq0!X#VbiC!S>hvT#OX5L((N;?C$PX==eAb`$$WJ%qfD#&l|0& z89P^bDC7DY&+kJX>{ISa^AXt7k`pP`E&mz7!WZ}BG=QBwINlT3^%`Nx)8GH@_p9%r z7H9)IJ3Dm_^Q?br<%^!ZPvcJ9PrEZDngAPjemFBx>(uUZ_%MSnn--?xtz>>EV)CQy z`x$4)kNrI7`~2F1Xs^7B&q`nJFMP0iKpGKW&6D!*8byI>A~}iDBq%`6vuG zb<_5K>FLpt_t`d##amg?(B~}mq-4a#?m_!K6UpV>@ZV}9fA)YuxjSgxw`)lg5LE|{ zOT+=FRAV_(bnx{6|MFyXsp;~YTB%uNvg+U8va+D}`wj0tjJofnBvXYyB4+&1u|Tr` zF3LonLhR;RmAfr;bZ;umAgSXc9PzcaN$UJAsubh=S^E-ruXYK6T_tHhvm5zL&y}xffk| z-O{e8r>Dk?sV(j6MdQuJMP$}{N_v_o~furw!XqZbQUO~dkdY;%qCN^ zDNlAL%UN=E@1zRN3^*c|bSdq?B?9GL`SS-b2EO)M9gWWC7B%)8#r2$RN!z#o_SO#Pmu>JMgqovPvU6{zK4S*Ld{w2jKWR+uQ`iw|^3qo*lKzrKv9#nbQ6gx|*<8RPbf9GzpZk!{?YR)KtS2rMiR zR8s?I79uBhs&shnt0pIZFy>BTWo3gB`uq3qOlsY!>8QE%GQ>>El~sQSn{~ee8a7+cHFSk!7JcOWp$ZaV*J1b<9eH?{#nfs*OkIjoo!sk45-{mz!R4 zt^95M*%D_PCLtb;*cnJesw#N_=POaWIekjZD)K61U^Z7nmKO6GCW07jEzPxR!x*%9 z-RvTj*6IBHR{fM!M_C<-!=s~iQ*|Sz6%T=1^FhJ4IWMyadVX*??!t&*BR=2JorOb*&a5d^(|$!lIp;Sgya z_QK|g6k1ayltGD{6TxW^UQ|%T3IPH+4`~|xE`9L3^?5IQ1g1HYR8wCw-$?cZs05(R zZ6<)VvpQ*vx9%G6ie1+6gi%n7%^%K#eeXTKbQGxRsom{Qe-H`2f)$4|ye$?M z%OzGLq(724`7HmdxMLL#H_EEowc*Gb8swqGf5Wxfy z*FP&u$h4wkgurcI)hN{|E-+K5BKt*MDHWn7{?Wj-HWnA!AQWv|VmH;~Z;k7&zpo)J zx?e>2>(Hy9aAq?L!YlmxOfbx=C#+Vid@n<0u$qAdYWDT{p6A_M%~J)N*exZe-GKAc zb^cTETzPkE#TC2l(l_yhF~MYTg&{4AHPvC^6LPog+b$2$<2|>=moF-8ak!Nzz9*WK z5H0Mbe_I!#;I-Yws8h3SE4+m>>io{#I{k{d4>GPE=ky(QL#Y-xqob+Monc8AExO0d z_>(VVjykZmNMzu6*wrHwfy=H)Z=b(PNq}u%SjgFnfik;Ahr$VP%6H^hQc>4bN1^0E zZB_0v@f89`mB~2TR1&|q570|U=(jPu3LlskeF)|Hn;tX7^r15K+7i;g*mjEWaG(B3 z0h|%vfc6<4USZdC{tJu>d8%oaoOj@$fDE}8Ze_j$F>ek_pBr+LPa2+_R4b*tsB7KU z#tyBIeMOEnn_T!wWJ8Z{wreU^bm3c)u`z?OCUNUVRC+bP_1IS*FJki zcq8KRe0ph{lgsRGJwGPTiFC&C=yJ4a*vhXwK|s2Kzc6rwK%DlJ*DQ)Q zG?oi{9@qBhh!Mh-m`8Rh`Zx}WUh2Y%$i?x(;v6Il*84lALi`ouQCg(S8?-4x~ zC7>ddmT*gWx1ANt{`Qc|;W$~){aip2py`mtxVL{uBjO5bCK2QD-M%IiIr)EJ=}9BM z2Wi9$pm_i&nLv_C@v~CA8@K9;T-I%M|F{`M=M}$-iS6> z+nry%cNbrhJ-gieoTg^y=z?@}b=EDZ|5U^)EX>Nl;C@!(;uGRmBfncgp!zvw_ZqiF zI=?FZ#^9FUxqJ{V^<+HGC~TXdx||wG6A=@5@IV(Gmm=z^*SB7*|DB?#mb9GIC5_aX zy@VOL0QFXGt_hSOTwDVXt>x=`K|as*_F~j4yUfqUCSp9%;Jc7KdGsy(QGsFoMqNOW zT2%agNU99ZFAXCNU^Ztl>ty_U`;(VqK8yB=5`o;Ej7E!Srb$VWHjVEs+pr- zbV2L%Hl?3+nHl4i;EUZdFZY;xaVRi9+aVj;BHybuFA-DXIL{I5?Q zJJVhXbtKokdWj~{)~YNcltT5-D1__Y zpPLM#h&pfC_UukYNxe5gqlN6HP}ow=+vSwksvKyXd%U8qhw8M&(*;4dr7o+^k{eEc zQwGJT7{ky;o~t%0R?{HkWX-)|HyLk*$Ar z2D3?XEp2!&%S3&Q?X*ztZrQPCFTywyLx3Ly6e5%~H2KV|Z8BD)Bc`jI(%rwuSHGSG zl+pKO^10H=Ab$xzsp;Bpulm$xBA<3fZfu5;%oEu$hAw7hB>>iZQ&UsX%4Gkn0k~?N z^y;S?N;=o{+X?<_U=%dgok)sw>Lst+cIXGSp8xuJ5;bP^KGE?~b(iSZN7RvT7?z!d z#d0-^@9lEobv-MMrF@XqbQiOqkI@(}Qe8TfSrJLs#%wmJt=qI+w#xdE*g1_Xa-wO@6=d!z)o{U{jsk#y=YdouV`%*NxBedxYhL6U@w z4QhQDn&?)ARpN%?zI->$=sYdC{=ux+^3_V?x>cnxVz)8zTv(_Z8 z>@*8^RwyboOYg8crZAb4HBN|E;Vwb>ao<`Cf6^+w z_JlZ0>+8j>vu&E_^yV?VL`*ia1e=x|%O3p^k!pY; zlf$Qx$rTZfBDmKbz|)2#6*Nnh!bHrac7)GaIyvk=H_n&AG`>Zo!ig~(%S8}zCrLBy zrgJ6LCjax%wwoaO4t=6VF%O?D$opc|<=S1e?*++7F(^DKxP=I$4Gk>NKzpgUmnT!7 zDPQ|N5Q|xtr|6NIzou&bcU{dllk(}K4Nq&jhipz(51e$zL;Uatrl7d?s=1qyCbM;% z`sG60@{RZp-?P9C{L7R#xV|a)In-GmDZbSi1pFxt*$oZLopB#qq!jZbV5}SwJxWY9 z$(Am%e9u*Ip*Jcj{@1VGC_KDbQ1Zg0n3}p|NKuCdN19e-;p>5G{S+zcYWVp=IC+(Q zbbtSF*~PQCbTcTCJfd1adgCYV=t&-EqEbM!J0Vg~bn^T&s9>Ogz5VPCj4Qxo>+S7b za-1Go|91uz($W$T9NY%doc9DNEe5x)qcSY0)1GG^QZ!hGb$uM^*fu+uWqN za|fcIkOSPA)L)ldnsk3U9Wvg-qeY4KdLEDll3t3IwxWY;dSzc;zMhmJ@{3pgXsuEo zsr(4#K_7>EIlO()0>$G<3#cMyjn{HJ_m~-;G2lb5LDOI^@d|C zAi%dlEh9Gd3bxB*SPppg6>~FHcG{lq~%0}Mt1l0aXfecd+DK7XV8Pcd(Z`x0Z1bP;pxBi<-61r zK%6%G`0fF)er zDR;c|_Xq4k{g10}0#sFK_2%C~9R#%Rk)PLXz>XRMC~8l%NnB}$-IFI@7;b<;EQ9)@ zvZm%JsZ^rEbHox_HjFQjmA5zaI3mJL|C_sd{!l_foJZ0(7*ITW_Dt5J6;#6j^8-}B z-8JkZEQHxr*atL+^PoKkdC99+In~vYjkWC@n?X6lO1T zZfp@5hwfDp3}Dca1dwL-z*JfPQqsX;8#V_Zz`1}#q=&{v*XU%lVx7=vpa`tsz7R*= zzWEk3s#Q9$dT=8n+ni~-48XNY_dSt_`4Ds2X!BNl>G^s9uD}bA|E6vQ`(qjPlA16$ zO-~NK)Y1Ai{)^wb!U6jhhEtLBy<13!Ai-HHY7+gRY?7w;$k!Fty#!fEE^I0;vVny} zr|zWUzH3fF1ky3gt&c;KVv_zC^Aku5<_nlqQ%^2VESBUaZQL$-%QLAPHn&0d7tV(I zj~%vgsSl1JKNl8{!p3qJ5Wg$ru>zulp=`d(eeAqAKfUq>gE*s` z{ekz|b~`M?apv2yjvKZse%?tT3YgE?E^pBr#)BKBO_HZG}-6^ znZui#Evv-$ho8YyXF(8wcqhhqpINZx)3^XU7~)ff(Ym^y3Rdn#i|(ws zW!&DnjSW`V%GlUp7&|^psrE0nmk?*?jx5Xi55}D-{IXBeb;O9B;v1<;XGPKe)Ri^EHm{s*8E^@w(MJw^Qy(Y5z{>RJY^TR%u#b{b zfA`;)0uR3W(i8)R>p?8A;NNP*IyE-R%3E4c2=w>&oXdv~`8(5|^#?!3S-<7t`$&BY zTR6duVnK8Qac$_layKx7B^IflIwKcX2D0Kk%Q>t%3Kg(*CHZ!zxPp`iX6 zJw|dGRB%07>>#m#3@jE!tZXJLwAfaE^I2F}KyrpjdMyO^)kuqfUS5ujtQ@8!Y-^Wv z^Blox0eV{{B}dp+_}gXbl@;rvYwu8#HhS(`zV1LI$FVkrGaD1!eEsNAzOr%(BwO9tCy;mX40=+;AA(1PZq;;7xGQ z#g@DTNdM+R_Gn$DbDThD4=2i{`}lX$YIso)2!hZo)^HF#$tj#ZLeV2RF(WYyqe?HZ zj)X6FZXRXp;nPN~_)ag=8N9-N#6Ir#eg2Ou}1W=qqY$mbEm?Q0+2zjrXdq zRy*}VT|s&0&MR#-1%=3{usmHHL{U*BPg+ijs6|XE_{d)wr|LzY{%HwlfkPKzz?}p~ zy)9>~)s5sx?zERPzs3P@jkvsAYw&pY%FSizRBY+6UVz6+-%Ee^bNsNhhLy#2x_j?T z9wJ|BTdzURH}BYdsNwfM*Pnvv=TvqVUw&+xp3zT}a~QtX@7^8jCJ%0XZqV#6slc6y z(?2+#pyjsz60N8Ag8guMMrbqIi-)ZuUMrzMZfa#WEOO)1r*1Dh)5V<*C*P&iAM$vQ z)znH}R9^&xQhQV4d>MDcYgTX5bM#^Lq~rWsfvfAO(fe@Y?JED@7b=X`r3|_rzTM?{ zj-eqbEB!2Y;oIiQMxIv4^PWd3T>`&yGMay4+PK!(-uxuEM4W7rw5!(Ppo#f@cu8CK zH%sl`KuwaKh;9pCU-8cZ(xjR$wzm91k)J&34au33mkf}vTy0CVia`ws0$29){ovb_ z&HqW$O8a;B^zg+%1&~u;k8AV3H#L1@L!P7F)l6JGDCvTc z6`QhFMn3Ewt#t%@(@r_1Z4DjG)7ZSELxRN*98!pbjj4%|k z+Wp_hkaW+L!q>QXq9%O|Kbfgv}n?&YyWJzRvt~Ls7AOTIrj~ z)YgCfoMHTArmPmzLJH5kaWWPK(hkJTw6%&y6Km^>pGp6)BDLr&3j4`kRP!mmTXhtj zy+N&Cf?YGKM2N{_c7v{WhPZNww@3K)56%J6XX3FSXXuLC0WIV1$jYF_7oz!jl;F~i z!+V%-s1uJ`?puDo;h(fi?4(wuW5aMA3IFr4pb|Z6-r=WrF;7X*GU~d8nwlo2re6ol z1s%h3dbxNa6hLW|l+@u?t$+?o{G*gxQ(t_uIc3`UnC5cEPen4>ROUg}@q-=>mZ+>T zFEaTuNh7j$vF#p#ru}5AlH*xiKaaK9u>dUGMyJd3%d@IdvCHn=jMK>_x6Q`0ycFB= zBByy##%QGHk}T$%OzkX-G@0ZiOU8$Tt6hnIlZx}^sy?$@bfw-?9fDv&hyeNN@Xe+x zxaC5rAmh_xny!_R8aw4euN-lQy{(&%-}ZICwf1EF?UyYxCOpj7jRzme|*Hz zu;*B%{&t@H34L!p-c<%4{Jj40`bD)Z+q2FJC#TQR4RO;)yPQA4$Wx+6c6e~mu+zx~ znwL`#-+T!E%;{%4)yEli`}uYaE1hDw8Wuxsst{dwzV0^J=&_pzD=P`V zjo)VYZ{IGzu&umb?a=7!gMD4-qa&iw^M=9o9PQ~RLl#z=^K<1+I#by4o%%V&M6+3R zUhF?KGfLH{GLp$9&@2hKo?f`8bsxrcxdr}8_n5?S?`!4XFAl*Q%~Sg|i!+XkIeAFjAeIHy<>eN>{t@ga zF7WlwjA9rUH42L-rzWPVP3C|7`SYGRTzS#4P?O%s%aL-a!b(``0W$_Qt?3TlTBzs; z;(PKi{L|RT7$jqGYSr1lZzU{_sqz5?G<`0gHPKd}5mpM5ovc=8n z-B7KcuW6d((_9|!M=wWtGbKqXHXm#DXboi>NeUODu_=PL+vd)q%$1NJz^I-+;fWSK z138QM36OZ6DaLI4b|N9zoT%P>EOD`&Egzk=zV5x$Dl)SjB|_u1R<`MTsDH87cd_=f ziF&5NtJ-O!e{4+RVqU`c^u^2y&Dv?J{#h$L*chnm^z>5k!D6IZx`a!)5?+TdFDoQY zD>yc1E?YS+vcsnxmhOUePCkn2czpEYc-pI}_Mg_x_R<(7okC3r1!{9^TGh)q-y^$N zDZMB!u3wFRVGA1n&hjnz!=5$yosUAv`L73-_#L?kZR{)S>r-_ms|ihKk26k&^M94< z`wgiI+`e@y$6^PNA3lq0`bp{OzNZs2jW(yQ*KoaDDVH_{4BimA(=oGo_bY^AGe~3h z=Pl z{4o0MTRq1P#yF+Lr2GuCWxrCRV#{iS}xjda|a$3Su-&L9SW{h4F!nv8rPHTxxYQorAd>rdMKqg>$ z`=$l!5=B_v3hU^jzXAPkq`Hb&b886kg_r)uGBe6b%pnP>+`OL5#L(6~Jp!6AMy7L6os-R`k#I6e^BaPRY) zu7H>Z0+RPNnsspM-rq=dA0l}MGHV^BMJkb{l7@pj1i#CSL!8)yn%7F;SE7B^jO$(X z&Zhj1H$MId`B(=ZEfjA(P<2c--p@!C7g|p~4+hKJ^iF*BuvHZ_4TS1Q*t(_I))f{P zufiX~7t}!Taof)}OSP9&S0C!14{}U7ET!2&`0UBaDPxdhEj&tb z=m3OhvIlXBitaT+cFR?fIAK?tTb(a(^JbQXYUbPBH5XN6&h7lFP_=OCBBl=|?+b}5 z?njJ@KXm-5b^2w*?S{_O?Hrpj7vK1>(Aamp0$PE8adxDx_Yit8kw~x5eyG^pl@d+G zXI0WVGbRrX`zv&VXt9A6WdB>!hmGJ#TLs_wGEsYULf2v%m|NkIzmnQOS|#ADf$w(n zqq%6M&*_2w#iG9NF4V3^b2sllRx4cT@1HHvOMowBF<0X{?R$hdBm(v|U7p){O-z8U zNhw$3B1{?)kmf{l(jPK&nto_I(b%9-h%$%7JFQ}%1o6HSGQ?%SOO!zgBlN z_YCiw#^;gQ{?Q5fpP04(vhLEH|C0~~76z3$ddi1SnM-p3 zp|;z*PKK4N$ixb>Bbk3dj&mA815Mp9iYu_QJh}dqr{7FFOs_6XEEHelWBK_iB1-BGuiyzbic| z4%rpJ?X3%m32VlZ+#Lvi+AR9tb$|A&XX?a-mUqw^E=nyX*6o_JYlgKF(x97S7tx{dwgeFOsh)eY04vC z;b9(**Y|HT(9#nGV&Cv*rW#fpuuVsVS2A~I7!%Uq6+9Sdo-a=gxMg2g8j#Wpv<{P-M`!^mbTsGac({j zizRtaOX|q*{Xe$A*q71Nl0AQ9B1Skl^znm+xiX_Pv?@4K;)?vk#>x~39(0#?dz7+fN&k#}jJ7>}z;f-V zvQ-ixxCC|i`6i$poBk$S!9m}5(KB;)_!_spr1oT`MpM{zZS4HeZz?7i3X* z0sZOc1N!3{n!n$&z0AMz7;fqTzgSaJhEBmYqq5+`{g2NNa#19%B|61%bAlOq3#s{N zl}a88zL)u>Avd!dNa|D`XNannc=)+$NQO%P)HHg_YtyKZ(0H?7M>Ic9_@xcQtfqP& z_L|bCMkmjQNdIf*PjFZsg~_n^k=;yd`8`NweM;5M%^kqjVyi4(hNqZIZwJeHg5%QWl;HXi!$x{ z^Hx~|say%0ru2XEWlQp32e~NQY7Z8_kncX_t;{iL!eI$}VjqhkLk#)3UtQ(THO&5T zb143u^OT1g|fStvBaWp2Hy+k zRtYy_zti}W93-6+p-?!^Hp+R6sK-fIVX#a=|8a4oRhp+)*9+T8pWh};d&-w9Az-xw z>_zd&3Xp>V4RKYJ>WR3TBv;8(gca~{9q-*vwm6=7x{AkMHx%q}!Lk&SVC2Qz02p^c=V$4ITkssr2jR9%!eWECwCvTQyN$Qvv)D9TAWL}ss78}JSflL zt7wWaeX`~LQm|p7dAk0%2fqX_X8q!^}A6M8&5(p@mllM?-ds_JMa+JGU1vA zTIeDw<#!vLa+!&&%* zWaZkU;*b6foKj(=4WANQ>v zGDFXA_j)Yk%H6;r(9}$h6KU2C|8l1d$N#TY$w#o6mj(^8JkF`B#4%NW;`H}LF5WKN zC$3Gbf%taPEX)37IUSb9^pR88k z$+k0oqrUt6*8FY5__Wg0Z=0``K5L2Smfn4&zBcOn&_-vPLjFeKI>`ik@=eA+9uzf% zW|OaSd?4W#)r}oQHBnQnUOAO38|qw2c(e}lx~m`q`SMM z1q4I{2_>bar8@-?5Rj5@KTO$9p%9teWUr- zFHemODm^c_s}2x)U)pcyVrw&#cEL1ky?)v`BPSEI z{kiPt7gJ3)$nDsrh;9XZ4O!%QkZ*SFL1KIDs>EYPK)w zyp3P?)H>Uy9_ezOX#y?8cjRrLegwUQ0*g4iV$7t$OU%m;yG*yl;gcqrO6tx@i7N%n z$|2edt~dc<7$tI6FHXy(5{O+i=z^LW;x3lZKTfWeW74}2b;>rXj-=w56gXxjmB1o40>92 zwFOjcrYk<6H}wxhmb_QR@fxUBeqN>I2|NE~1&vbp*TPrRW0a&EpM7_lzht+YF9t6zRB zT`11Wm7~=E5LF!!tRGkT;|X10_&PqRE=AnGM}Mv|=}A$?G0{ZOSQd_*6pK$W6s&N7 z5HF*u2~c>dZ_nFyi+xnKmgJUUlJ7{3slokpg;M^6aMSO(v{7owNct8j))@omhB9Xa z)f+9!RmOEo=>|S}YqU*fh(THwTroZ}Ez1m+@eHhAu*14=R9GK>`=J~mT@h+s#_K#~ z;6kgxGGWUi2P;jC+pnqhJW%ou@qYhM)>xZ`41K`63saIfc>go;X}?x-ZdUC88H4%z zV8Lp-dJdBZ>NMN~`pxc<6OSZy7zOqcWb*w_RHW|H;t&u#x&8cqANb0VL1Fq)`|Ie= zYJp;blhBA)s{RVC<;kBC-7rW= zEFI-l*yS%P_fwOSB2jW#{1jl;9rJv?$->2D%-dM24y!2RUmS1|mzKYc(IEvN>@(1k zj32N0L^lqtlcUz6e#ezVT`o_zg&VFAF*1ye$z-OIii-6Kc@E;`W6K}50d(lz#o!Na zPL)9&isHj4(Rv*cAn)Tc5eYnq*4aul!DK?G;My8ZwNTz4L%kA=UZImu^#I0xCt?m) zpps)co_yR>131*s$9-rMtEOWlw_!!b|_R1TkkY^ z6azR+CX@ZQ>gHB9agkpAoSX5vcMLNd>~>XBq}VXVg4V-=?_(wq5AdsW%-9MZhHVX%khY0B3wU`` zHIp2Q&29N#F90oVPRaOpa2GMGx1&y|Wz6`uv*ch%*Y@*%(CjRG3l_x#{zo_4S|#K9Q?|d*4oWCa7}n6(+7;#0u}q7 zMI1D2Fyl$WS|6<~YMF8UYUN`;ww^W7E9nb8BLdy!@9nV@?B+kn~ z*v&YN!r9T$T`ehY1je=+(t@l|(QmR0>7iPyKeu`7m@ z28ITuMCOc=Qj@};iaf5=ruM8=9I(;~l!xGu_j*!%jAy#3Vd<(@WRzN` zBpYjk&$~j*PfNt3dAu3C5ajx}qHwO>b1h@9txm531mT(YO@8~S*||}(A)bG479v9Q zG+nzKjV9T!B_1HyZtJMl={Ax6ihQU%(80q_ZdU!N_PLX)e&O{+= z9P*!rWj@f3KVbGh?M_>h?0Dq3^9@w;C7}>-8JCfr6x=|)bpYGu`rI*a$ZmkY#MJ4_ z_jKelO-db)i$@XX{Zue~>H2ESz?s>=A}gO%fZ$$v!9#&z1h{C0FZn1bkBkQ)Z|k zK!kGe@j(t1fO7p)2Zz|uH&6bSr@*iB_I+AJk!qcWtQKQVHKQwpHQ4foPgI1ilYJx| zr}_<+6I!V(S1r`&mJ zIDu~irLzcGCAnx`$I+>AYPN9m8Jnd)pk{g&Z(Vr0iyOq|y%bDF8FiyJBHtRgrOz1} z8kjGQZ~sf5RxpDhLxbg-NP#Np7=(p*o`P+wn1;no4SF1+IOpX@%j9bZ21VVL>*w|E zNjGJd%<$KFL@}S+3akW^*7+(pbh?;bFA2WeFfT4NJ_;^s+0#?C9?=za>E! zDksIr$Z)*3P*q0QmJG`6&*rI86!f(C2>P${6Odi3V3H`KLq7Ft{lde9z6szX4i>ge zzMxlA_iI7Yzm<}*RHm6}F%rrB zVtcF|UxXM18~>qT0l*h)PJ%h|=6yW>UP9X|Ed*xIM|=x;h05z{eU!N^-`u zMxB+K8ulpc5Ras!t9p{{>4J2#wl~08HpOr>tP<`~c^X%YX9JuDnXy-ocMe^YB1iKt zpedDW^&%Ud>M_Uu+c%%AMc;DKVqin`qOC_w7NQ9zNnXBoS3ZvC2KHDqX-|WYQd7h& z29lDg8Ch8ZZc20Vw93i(9_wTBM{ydpPrSSFey#1v&=kFXA18)l=^WBi!qfZOw?2N5 zCIiQ~nJ-s!))V%Ie__&a>0LF`>19DT&H1)YYvYUa_jkTex<}bTp}?sBVAp;@r)sh( zMxpQk*eC;22`R0iM}*)~@;B4Dr^Aa##D|=esl*Wk*Gza9e$@Zm$X|L$*(3?mVBd}i z&!^UQm4cPSv(*XUtv8jDha)B7HDK;uIbGH7iFoah z3qR!JJG$KS+mjVLTLQLdVuFHkRl8I)G>yCOXU@;gFwp3}v}?fzrmNEGfG3`9!CZT9bMLC*q-i7kVRMfl8Or3w8`yuT z+ALoND+M|XJCTqvT7zM8y6JW>QaC5Wq#9LA^2S9f`U{uf`VWPMj~d%QSXjBjD!sVB z+B%M+cr)-rFikLtkPFVge=hY9b(htS5^@8>j53XiiN?mz(59I8c5_~b`U_r{^UaQ> zW04jdiIln__y3(iu|4f+bZSq62@QB3xa3zJQb-e4^l(r{+DuPG)m*xVe>)wx$Nyu_ z`Of)=R(F%h!W6r2HEEdz^n$=nVLpb(UDDowrg7Z zw)9~gF;*#Ndg0VqX(@<~TpvHr&!@j4%l3Y+oyFQ|RHG&N1%-Rdvx(b$>SC6P2mc5k zXMnc~GP1Th^61}Pm&4>>+aBZ-{c!pKhH!Dw#ct&+qEAwG^Kg5G33(~ z(yh~>RHdd#cbJo`(YCyNWXj{QMe-FwVm!Nxr)INu`QX5~?I9>dfss%i9-eWVx{>iDx;uN#%>S|qa#oKtepP?-GKs!yQ(4FZ z+5m&K^+&^d8=g11-hY0^ z+P^x5?tS5C;M9+eCLjs0NiIB+Q4WN05m}5_ewdj2Z!aa^Q=cExNFtWdP<`^2Fe=$} zD0<>khFn16<yhi=A1Ei8X{8B&U_UrBlc ziP>4GK`e{F-Y}3gY&d!f1cvLQ&#csz8?NR?Ssm?`!a>25LQOSc0!}Vh2fi>%!U2_s z+3KYN?3?SVbgasXZWw8W+_q1up;fV?wMN)U=ES#f#K=iN}G$Rty|;ZSQE&+k2;Ib2iwc*;hV?w?|j zoEJ)^fiO6oR!YffoA$_dmb-U{K;7_#ZU5xUB5f9e(y|gEfC__<+-KF%UHU7`g6nQ@ zFh2=Tj?16}9pX-jMJSYO!kk-e2HLxB+CM5_RIYaUZc^7vY;bU;fD#2q=7(m)_4x$C z-i1C-xBKt@Dl|uoM7aHYEmx}L97-NAxo%j3f$b(PP+Pv?`IKQZyuEGayZh!dT}zrt zVs!#tMEk$be&wh)z=ms>C?|NE7p>S;WZ3!HHn8q%d1C&n%)y(7?_9FuZpcYxM9V7^ z*$G9ql4i2 zYK0d4)f7i;$v{e;RzIyMj+-YjIDD6VOT5s7YAk5vKVgd@3j$XOhGWL(?^smpRJg8v z2)8EXCgi1*uQ1BVs-lCg}N>qI!@a55(Nd8H@Z2KqI*;?wNvrH+-sNw#c4uVzs2s6NZ*H|vLF}=s+-JA zFx;Ck@l=9WM8Mj1itfo1SH_7qDh3GTNTwt>DgPdqj;{!D3Y)&@i!aOF=<{_>Dd$8g zr?iH>QK{dq{Pn9xkK~ulWt0%({?DhBHt+TP;t6jCFj0}Ud+Q}PFlftpiXB=y|QXSaF<98I5CtDKPmB&9oZsxgWirDUlc) z8paj@w#>DZ(Pd-6Gh|kKQkI9CO`JZIsowyKkM9@MbS6zD*4qki2PkTYOJ%Vp`;qP@ zXdO%?_5txARe7HTZLvzpWVOOI^8N_Zd^h@E*b(3f$-kgQNQvH!r>^2J+UApuPPX-{ zEGJgR!5RDBJD}m9R?cCd|02BPc}Bz7t%J=cAvqkqWvmbeja$0$=KaxgdZL_J7VDn) z^b8!NF=bQ##rNWnTxn=rAS#G(%?5^kqt)K5H_UcMLVyqpK`rVL3@nS~E9j^M-&ggK zDMzH~YBf7^^vyAk>$LTc{u33 z@hvOOVw+odN1)acrPAMVcc3VTbmHIrXJuR}3b)?e!cu@_fbcG##!p=410E%t`eXQx zhVh^P$24}`6aqsEPa3LQq@X@q_NS*kx4c>@b3pEXFkGBedY(&P@ZY6@+-hCT^UjAr zi~;V7!KW|M>Fyi)TCTEaZV(HM%o8NO$bM~CKL4uhRcxVdI-NY+2?;!PoNH^TPEnLP z2Cyzh5vP~!Fh<|IDbDB<5(0Hx{7T~4PyIm)ftlE;rB$?DB)Iy7~kmJ|=2}l(65m$rc@vgPU$N--jib9jg;}S2Jnz z1%w)Pk{GWos;V|{2+o7_MvaJgRchtMR}~ z0eL*%?Wo0(^62BdQ(;xBpM%3&tu0(+d6w(xw(N&kdi&!Td%pcgyLS}VG{6|is)$4d z`ky{QUe4Rmgq`&`UqNqs97dnW&KgqA{1O4V6OHAm{$#CCIU-dsJRda1hJpU&v-9(i zS2tFi=xNy+CR8e(k4(AIRcSAD>}0Mq5oXJ=+yA%U(|S#emQW@L=~8`fUhCwzHy#md z1_{%Do_~x?%KS~Jh5NDK?qLGFpW}dl2;=9VblgdHM0t*+5RIO@D87x}pZ}s^Qh%7< za`)+5XUJl|Y-PEy`;aALzS~0sqv`{~ABDk-*ltq2O8vX7_D04T)GJAP-`UXmDLH*^ z{~guU@yzO?YjMPH{53@PA6cX{Xb?n79qR4oH)Ps!m@lNv=sI(oce{~#Q9rdkX>cUX zFWuO-k*ihu7Y_C8K4@`89D0%==+W`{GOrF>P;VBOyCNQnvxe(9-xXl@gH({0vW=ki zey9y>{1<~mboB)1GoMGBLg;T6K?v^BjpPnt5nn6F0nXO{ zDI$y=3JS7#`;?~R;RSFM3dY+WHAZp%tX3u;U70jmuSi-LIGn$xmc)+-7~#m3gwC_MJR&rUjkw#mg*$TvwAPp>J8WSdY^YT04B z!J=(Ns5Njc#9UX41acNE-bHkjC(0i#Qy~eFg+9GT-a`T6O0+w6VNVe`L_trRaa3i2l}gT!Id`TGkzz`B`Ce7st>1@vlp!o3%zS_}*% z77P#sHky9DDUvA~NpOc!3yoTbRo^E;+{tZHKa20#^7=86@&84*G;7Q^Z4j;WJOvVZ zdQ-zZgAnncZ68-(HwO854TJFW^8$ezi9tZ3CYM4YS?X+dwd(XL0I_7qZuUcIReg?} z2v@2`TrRS$Qzql37to;+WR^3nOwaFu8`|GDWwf=1@ zA?9&@F+;!?K{Dy=OnuAxSN|gP#(PVS!C)c@DC(<^LM(5UcxQM|Vc0VUOG|WAK9l10 zDBJ*;&>0vY8Sa~!0xa?J@ew+7-0L{JJJC{(x~W*@p{S%(D)N!!Y@O%4l-(*+d(>3q zhV^&hir0O-f1l%Sf#O*?(Kp9cLuwS9Df5t!Th_C*As&fu_5Ri6yCcn^l?)A*&dcUz z7G@icaVs;jk z`WYBiQ8*GRS?Q$GepljDDLYkG|CE;oJoc>bMBObPKWbDAgv1h7TRp%~>k;AJ^O&MJ zc~+4)W_fc!gQ_#mzPC6U4?j9*GfPM?jp5Elrn?F{H4Qu7LVX7`y8>3(v%=ZV!BRQ7 zTAK=f<8pq=BfSbC9v%@M9#({0Y_((v$8@zBXxu6_Cs6)dm~ZDCWYroMT$q^zbu&vV zt6JXjhudX(QmlCjQn?eH@-TwBp;T-xf`dRurp4>lA7`rWHK)@~GGoxdO+o@e28cT{ z|0vS}&5NS^{Og%!ZY)TNcwYGt-XJA(^9iITmf(xv!-o%3ib{1sGVnKN*~qcM)M81J zm3h^C0y>`)5{TprB${H`8Qa=CUFa6VLeuogN|?B?OqTE5n^09%)hVx&DTrGLPZRHm z2Gxeyi>5LSMSXPP=7frx>%6DVkKNr07uTrBXiGw=pf5#P|9zW(#0QR(k`y`xb1b$x ze*Yde>)x(QFLCR&a2CR^Bgr+Z{54aV0_@YbiR;zNa>| z>{jZRT5YD?+@mF@YTBt$oUG7q1#H~;dC^ph|AGWfK5if~`~pDMr0Bv|Kr>vi?yE;( z^ZogXJcX5gBQDvs4rlzM8-WqHG9<oLb?bpsH6|nQ$Vz;CO0_bxDLv+XnCZ_w4-z&?6AGG{F1fA52i=TjN z8Tbjaev%=rPO$M1Srm*A&#IFJ+p}v5m+$elMpt{mFR7FmoLe^7kS|)i=Dn-nb)(cd zzv)kil(bZur_V*l?Ciy0mheH#9+P%x{+Ij*^`9@Gbl7gu0|Ng7r^o#;OM*0?=Z>BE zxm5myOvcMSb`5cB6~oC{jinI}Ex~@tBw=&4Bk%gYnq!Of3Tj$f-#X4?-I)dvU!d=; z2=;Znxc;3!AweQ?5u}?TM1}dQAC;gLS!X~RJa7XvkNnljqw>=p->Wa+8T7C6QO*zt znSi5q^;pB-|NDP(=xO8;!N32y{jvV^ndS7$>p#6#0;}Jbr3qVd4TID4e|7!Gtk6XK zsCOZ4|4ULMAKoob5Z?ZfS2>6A^&Zl-azjH&+qih8=jMyD;9~Hs!@QBV;|6sFy>0|Z zJs5Zu8!osIP*q#s{qx*}KAT6pyFV+3f%KfgAOcOc3Pr2)eMc^)s2%FAhis z*jo71qscs|mzQgAz3lBj;+@vA7<%(20-mb$P8aj&fJfgj0mv&A?YJGT4?@nvmG zS?m00bG3b{JxA(%eyrK)?zlXc2>~ZvfXSViJ1d!F)C4%Go|cw3z!%8d2Sg&`?m@x5 zX0zz!4_e`20zq&>akXKa3R09dM@n-{c7q$e>XF%(ylUK<-GxW@;Es+mHk1YeoD zS+0MHYX`GGt$rq#XGb7nL_MG?GrH>$Pb-ZpWg^Jz=j`)4%A#s;UG($8qIh=tY!O}9bXo2*qAzD$N4}iD{jLSo{3bo6{z|3~e?+(V6!>m26 za$vmS{^z>q9f;@Dt)GeRORZ++q^FmS+kg*nBraXv@20&PD;DJwdw3G}aqmx>zI{^c zpVe&q{_KLZ)3p74A`xJ@eu*`I4y5kZKi^w@e=mjj9Tm`CetO{RA2#v&2Md16%h0qm zK;&2*>nQ~-;2O%f7)SzbTze1Q<3>w*5l*>P!)CghX9%f%m7}&(94ojWa<)3p}@_WL+_r#95nrt>p8#p!56is_+FZ>P|{o*aA?5~dP@7%p> zsk@%(y`E+z`e#4J@07NcN@tl`n1d3ivgG6*&1K$N>QYZqKC*g7y4`U=dJ;*67R7zFsWGv@$ zDhKPg`_+%hiI`_lD43K0w4vXiZMj+BuAx&?>kitos7@H1DO=}1&IcI*?;KFqzt>;Y zFAR!zN-FnRZ5^5!{<^7Aa-_lcw;yPb9oo?^^`>lR>jaGJR(&`KhXsamIzyMf#1$9= zGc{Vk79R3h9|ayL`o8Yp7Z*(mh9RFi)QO)wdAigaagyFj_w_nj7J7pjh@)(_+Yl<} z(!6Fmc18y&e6btT zMMcoC{}7m%xPF(R$A;XEPQBJgo<6DT?PyFlY)$r7d0m!$(F{6rv%yDs&$;TR7skJW z0eHmx>7ctEs9$ZDpAd^S1|oQuy#DJ2m?7{-cL}Fio0=|;!BgJt41W6-P!i#o@(e?b#)dKxNQ*8H_O>b2vh{_A5uXya#y_x#5B!pF z69xpL{+%9H-h{}|)DLyk65y}u=ZIdpV89(fm3hK75x7Q#oSMOAxGYk{j!l~Z&&*vh z*EFDTCoX@bQJMRWgTMy^iCoU?6Ol)YQ+@nkRAq$#wV=7t-Ni%W_c|+y`Gf%&&>-=r za%kzmRnLtJo5AyoXx_bCbKUgd*bthuw5#u4D?iE`-XtFSMKFbzaO;n_p-Teqf$iea~wUSc9nEGm%!l?{q66h?J z;TmDAyM8@%uhqt96O_5`{H@4uT3yBt3-#ClKiyqjccY?|hx#ExoSYv(F|R_u-Yw}P;jNB$SBs!Ve`2L8;A(RQ zjL{F~g*QO{X5{hblvi1LbuGpCU>^AU;KxM5)O%8jELCV83Ap`S{5&-^1#IX*9JBlO zHcyL%Ab>gq4wQLdWCuoQ4O;CkiH1ZRK_?I3BlU57d5cK)oSzY~- zh$x{PpCim(k>hj(;H85{2b8kKF` z^kGQ0nA56UvgHb+%A@_?L{W1+MN#*fW1P4c@@-!H>3N~ra?p!WVmIC72}naCB6GS$ zgXgmbAouL*R&Dw<(g%i)ZXuq{e%J@C^;7SBYn{_D5kYWnV4TatGb#pngp+=oU-JM% z58O?>984U#2eZIj8JJ)TYcQ&!r4)1d{Uwf9+0wG;I@t$IM_^ha5DhBv>*eF%P5w}D z_m$0O(pdbO*M4of!R6a_Zavx+HS^w{mWJjA969UrCo(3-GEOOcN-S-3v{`KiDz{F*Ho4G% zLh`*b!aWKvN~@L)=&M#uU{C;{V%Ik|YGc_I z)NTZQITc?D0f0V{li9;XEc{4SC3D?m@SDkk{s+JAEcZVLH^n|UUUr2g5c&NM@%uSo z?^6r9sK7{>*k$q6;d3z40X{OvcYP~_#>-=SRjYaaH{h_egI5>xXU6Y*$@ui4yd2HN z{7aB#0td{?Jum=m`BZOfyAd2N^>c1B=kw<+S!9M(FsZg$fL`}*J^wgq}N|)vbp^GH-{O} zXq|Dvjq??kdb$~Z1nbE}U;E40MqoxT?z%0~dU)Qvw=3KV=KmQO8Ck8#!@x~|Zuk0V4n)^xwz@dR~acEJo)gbV` zU);qS7|?kc;9vICvbOZ~>tA^xEj0iU^YXJlSG3gXwdpjVMuYY@w~v>As=?0AUY1Wz z$Nb>INwl!&)z5Z({mA6FtvGP5dKZI>a86FE&uQ;TwlDC*JX?~b+4s`CS~I??118B! zA+&!+u#8bq2`E;;r=|A2=EK2{02=(+1cumj5t#f7ihcoHY{<<}ysZmY04Ugec^oh? z!LOTq3jvkL7}wTCA2H&KK5ov_Lyv<+A$HgwlaWz{2{C$cG@ihyaTix^b$216m9rRN~8^Zqsd=|}bjxL_FowT?7@k+reA%#(E$p}) z)V{>T%M@0eBTY3@joLDC#zIITbn1}}U zOy@piwzeeF%p4rJ!EGrS>GM8^%2BbatFI5xYX*v;>_J|6{;~eS6YnSd&Nlo+omNBp z*4UVtT?Ml~tCf_OmmeVz#viuZ!qxm19(`PYdFx4feD;~95C6hWK+QwS$&3;6Z{ zt2t#$qJlB&M5ko-dtmY~J>BWsE(OIFz|aITaVsED_wN_jUrhSR%M?sz=;<|@y15mukSN6UE_L&a>T%aSv6PyIV&<~t+qwceg zAw4E|WqS6;dtd;i(x};{euknDcrNENxwyO2ig>-LsJP~{4pDn!OUMD8;+Mybn>XoR zBE~b)F(@=R1fc*vhLhM^#FhU?^9ZcR^g(<#&mLrG~5>7om!P*VaH)!xV1?!69 z-aYT_(&C9q!+Ur)@M#|Xu3xyC86F-6gI|&TO6tU*Rp5&bzt}4i03bUS5@1j~q?S&FL0T%rGROd}uWB8ZZt7xwopGzMghc(%QxbA_!nlRI)_p zhNqtLDgZxX00BrZlK2E4L+7||ehn)EpjF>V6QyK}q_Uc8Fo8dJfv;cg`o$@L4!K*p zz0a@7&xK!|0r$4ZCil&+pI_bt9RRco^;N)6_gS@d+4RWt0hoYnao=nP=v8lEbH(xT z`><^54ag>#+v@A{y9i^{uF$i9N&CSUU4+1U(9moK3BH-Mw6scy^E1<(2CJOQ#Vg{~N{Yz2j4QHBCK|z6ibKO;vj?r}^QPcbwXonJ-6l;S5qjFMGGN125SC2&QOOCz+ zKBfR0(e*9Jeq_yU0fZ3nh=6VM;zct^yRRJ9SJQG@exiT_1~70^NPfVW*m5{{EsB_e zO<-oGd0OTaNl^IA5i^G=G-w#yFR6q)IGF`cf&0$4M%VHlFba&^rKT3UI*r()5%2(c z75IqBH3vixsnykfBfSjhYC3q!g%zX`(|x$%_h*4u8GOxpn(F)C%wpEp);`Yta8sZ# zlR{7q(=>rl@Z;N>Q-irK2OFCYxUMg~{X_m29d5juvCauN?SNT>H%MTNPkU3G zosuP>=jUg>m%UYf`}S9Vz+^PQ$dQndK9LZI_AULqxG+#3-aT1xUpR;-3{nFK3bD&k zu^dsyv#5vjA3&~8NJ!Xn{N+C6?T_qiU}p8gc%j~MfKoNz%E2U79T&0~geT#%bx=s= zdo~ITfU11fSl#Dcb&QN?3Rh>RoPiqI2Ew+5xj8Wj$*E5ZI7b&|^o3i_>HxC2x;tJ| z1CZc(cFg=33Ylb{9RUlYOIIE)jb-`_b?t{(;^Wb}$&&;G!*cva_F+M%2TJYV-+Q{*1ap??CqGu&hKm<9_0f2R*H?U>< z=sxp|Kcs!hMF>Qt0mY*uVYeR_eXSRMASWd^1B3AZ(%27HrmYRf8)M_=b$YNsuZl*n zvWLe&^Yb274O{Es@eBxR(8B+Dr-9|=T34r&o>9xq2n^H$GOPof}1A#wa99nY% zx&%Hi4Gn@R?VXU^M0JHJjrWaT;ShhW9%~kk$3ONxmbdj4WF#%;CJRcZn+@MJ?4}`3*nx7mUWr;dAHZ%aeN(gw;GTQ0_ z!<>j4zDwu1y9wcx2v-`qx``r)EH;$`(kIL7|`|f;$0BDCnfcWCTE*5zdtM+IBWyw;LR^gg>=kZrElND5eN)O?Di4qDyfEe zpwrK+`h~6SZJ?%afP7L*SC`oY10yvp?g@W}u#hkZcmx2=0}BzcT1wOZ{RphVlR@FV zcc}xgyyIg)j1G9qR!ql8MoOxytPK&@_R`)AQ*(3EcHDQ8k7u%o_;uR_oJ2&*)Iu&7 zDp={*O@QxhB2N`vTJ{RY#?Iah-i7GZ>5#s%_S%h02ZgC@5#w(k95odb!aGgV(sFJE z2j;1HJachzaDXDP5o+ipj2jqqQul*O(u-^;ae}yt2%=tEQ%*iY1{r&lQ(4WxK zsUpLc(6)f2!lB@;0{1Q* zQW%a|5KKW;5eu?vzLA)cq8R_05C^&WcE(VJ45FltEGt4_50C6>p`ZmWU^9XnqAEb6 zJ!aFa)m(BAAjUoI>UtIOinEP!I5}Sa{g>4j@{7;H*zgPexzOnQ1Zmuuh-F#NN7*$8 zHSe?@JSYi)04qN4=BI{PbI#7rc>bk5J;46nvsDZvWAU%ETYkt%eTHH{rPU2ud_2F8 zzdut<`2m)VIxz->yr5}zc6r%Uo}0-=idb3#R$Eh3jdAm(gl;rv7X-Vk%!YEwC>H{` zVXb8jm+3}*{@QT30fF3m_~6Q_|ct=lthS11wcD_6&8RG8{NUsqe}H99kK=d_qeLFyE~s4RoR_V8QC?841F|Vj%5s++OWjii_*%0dvni zfXMLUN2P;6B&;ZrTO9F;t%$juJi?1rqs#i&LWz?=Au#p;c4UE=5uLrv&_Fed^v`fW z*!v)o4aVog_8lP*R47Jrtcj|E!m5Q54AKU*;v$XcTyrrE;%&pK#=A`pS#%J1qkRv5 z@`*pJ3wmEhxBn*L!q34#Xx{7&U`Y;-gUipaQZT9ttc=6<_qlSa%F9`)l09F2&llLt z*CjG~7|g+`9K_`x%ca1JqG+#fO&uUj>64atrUd!)m{TDhjvHhR%>zu;v@{BooMPYj zM)nJB7TESQezI#(L50FwJ;$B|q67fuV`?kHH`qkfqc-o4u)C;&I@f{MoiqPB|wCn-`Ph>M+T7(iu?ySlp4)6@5^22MstMuvZCPjClLQ}%M~rcwh~PQ1cEf@ z427Yj(Go6uM3hooh|ke5(?|&jTndKS#T29l!w!XoAJab2NWBRakK}qqE+Gd+1pO?R zfjV*(cvLY1i^604qibi(iu(CRw_VDVZC=VKyOh2y7ZZ#_I8y{AtHj{s=lE~*g^`BE zUn!cILVsIu{1KsjuE5-u8iC98>BA?{Ahl!*Y2dukF4^wu=Py0=4U>n1i9=3a#WGT& zvfx%6xaj(yj`Mu_AVi1?Rn$X;lFkpRBX4+`yE(?7(Ew5@4*YEiP+X)?CIo~F8{sea zNiBJ8dU_gUFB^PhHi4gED7jDHmRuO<=pM6?`tE%SwD=TXWh%fHfD>AiQ7ku=n6W9fdz0_wOeRT3(+H z7# z3VswE7t!a?cFSx6mi}@g1l(QybYC0NeP{?fG@0uQCXz-oOnNpir_s zF81HD9rmsA3Q45XT-*2(k210YaV- zU=rm)aym)Y`dfNX(^HfDeisDMvE{<>jnIzw*{VGjB@Pj%rT=~}i;?5d-Yv|~ypmh0 z7o7kt3&Dz$3*usdqJFWqJr*ENT!VH!j(-hqy{)J7C(*PbamK0cAU#{(AoFOR2S7CN z&Vb1*aF}%*)}T+fy0=G1W{(@vZa^HCgQ8D|L;b4(ZIkKkV?Ys3Yi))DTW5F>#o`J+ zbD?FeXLocKItdMYdjJs=+_VRDs`&Z&|4f$KM@B~qQ7stPyRo;0Zl&+~S+lf%GqnSU z`!AWw9&+s2+$XnoFF0AXz^a7%e!cV1a~}%>!~CZuJ6Eo(5SiHTXZtq%jZLq4`BOP< z_%YxS-i-mje}(-HCxCSAahdsRfKARd!OLEBupbtpf2~jWbbZQkLTlP{Pk}KyB8=JT ziR10^s}GRwE>L)?fMP;C$+(xQ7+8Xl) zCn^y@8)P0fvvZQ#2JMsh4_G=2Q9%*)eRZziNo&n@eUtz)t-n8VGQ%d84vn_kVnJa0 ztIK!>;9(7ySnaS=Q*#&4c{a}vz8?f(U3nCEj1&Gyn4h2cGZBDgnXm=U{Tu<`i{HaU zf}Vm8E_SQ{FqU_5vn;nIFFFNx{|UmsEWN8%?(|&2Ob_HmGrK=_c7V5vI+Eb!=TBP# zLE_P0USeTE{KpctYJ1ushHQTF%ugbpL|OKpHA^`q z1DOXcCWw%L(g$&hSLN`*iE|+YdLQlB{TDAz4}oiQo&yvDhvtU{f%?PY#*nI#5}SUq zrh%4=+3lS5bc~NlN^T3ke~*nNcCS>`c8 z;p7w)WbUg8m8vx-%w0S@1p>T8JDkG#^0|68gTIwbK50z5DSea#Y|!u#i4ZZgsZdP_kVTNr;1S4-W~+t*F}t z`9waQmNpvc&lL6J{pU>+)0Yw*`j>7=+Jw}wCTq|s62ACgBFFTqhynTU_iFZ0wwoj<9TmGpj7Mis)1gu4AKl}5GD z>be)Hg*g|YT^I(GPcJ`6ioP0IpzMq+<`9QQ-MH@`3&X`&)oyewck(oBQroBgN(q0jd1@~rTX7!l#H3?&!s%-VUx>5DfRLT zt29go_8DKl7z<)xS3hk1>(mDvPiCUDn2!lx1EW3QM0PE;-Gangq_LNV2i(7ZA1Hu4 zJhhX`V~HAVyj`0U6*G1-4KGF>o`Rad+x0da-DCs=tNrD52?i9_cHPdSXWTqSn+VXl zxvDv-CI{T#gA4z(ja)JCP&O$4_yN&1j(NOzer$7SoS}kGgW7VnT%wS(~NDaBOY#zt{ zC#Nv(ZbT;@z)TO}gu>ds!NdLi zySi>HydK)ahX%d{+R8iLJ>bJ>FI9~_@|x@JKM>n<&Y8h6UB^_M z6+}{|?2BdnrYPB?fY-rxX9xc#}zklETz6-qXheJsR zs-7rLajF_dUw*RV#^HGT$=btSqA)<3*uvM&7mP~X`Ydz%6h$jRyMj**=tPby2+rx| znEWGJ<+IOi>#n?C`*bjfh=>4I68O>91EdY{&+}6Se+^uMHga%078Mn_&wHM44i|v4 z{h53mV($7GDSd+t2TR_Uq8iD_M0kG^R$HtVDl{*ij zML(a&EeK8K0myn_&nSIZkNYMeW`MY+*-HP;GXM=+TwMJ5)4|Vpp*KE>_-p*g2nd76$;UToeBS1p4qW>T z4!y7=L+~PHdC|d4jdxXC=>Kenh)q9i-Py0GJxw1Xce)mKeshLpU&~w zQY62f&cLI9);&DGB$rJfUdc?Ftigi9#KVi=*?7dt?90Nsk&Lf3QAh%Ms=LlrZA`9) zQpP0tKq7pxH2C1r)x{wwHpYN*sG)%YTS$A9aug8s*Vfj+4hF#xe8;TGRS?Jy&{IG# zv{K1FZN1tV%D&n?ZiBRMaOkxNG1XBKt-QPF6hXA3|dng+iT0W4L z@Q0}N5~D4uVRU|B!R_3+kgfyGhj!DyJBVUH(`)PLSw=VTdi&^B(f5BveRn+7fBgM5 zyH+l4x<*{GL-*RF!ZkvXD`fALgj7aZNm;jnYl~calgiGDj3gmhNmfKgQ4)SnpYQMc z_})LO$D_x4Jzvk~Ip=xKqNls(vgdd7gRcj!mu9AAiCTB_FGE9kl(i^EKS$u6`+EYz ziI8TyL1bt}L0;ZC$8s`HIRK${<;9jePga8pYHL$iiDF=C(~w{KwP9+vw;*fpv#eUs zJXqG-yb7wDTJ^5IA&z1OzeXBXwSSdwR^UBZ+28EsN#>DW1$$FqK*l^7;65KcX{&po zzw2ZVKL+#d`$~F7#&fG<3h6H@3z3Mm-u-~U{q!CF;N^kU(0%V!FpGqwKR0lN-wqAg zYx;dy%Fb4>cVn(MSu{AI_mbrPG;7G?tgH&Csn31P=}DKhoJa%&n^s!BtBcF&U+*=c zT%LWzyA$;D$IUAvBA-@hc6SR5Gw3lvGdxp;rG+>Q^BBdT{+n6p!zun@+KUMZp}&8J zhR&`z1vy+G67hiJ$-xx!>)RoSJ+Oo%n<=%ENXqz%w1k9Z zbI2};0%T-lwQYY!`e-FxIcfW^l{Ey#7`guy+*LChR=qquJ+54RlKRA=!SBiV%6-(< zuPsQyE6>ZjhXSg_#DFETEnMu!r)yS$+a3**57``<)_dHC1)ak1JuA){lIf}YZ)MM; z2m>sEEx#3YfidRsZWQR9hC^W5;M}0x1DX3rrRoEJ$x5uO2|Ohc^$`eE3`T%aJS$Cr zAjo+<=Iz4iy}1G=6V@n76v{Z~oFL$QFe*O3R)A+zesZ|8 zWrsiLaY{-ppwtu!A+vw-DiB_+Kp>&u_3MP*N4G);6r)AxbJ>RpqV6ZFk1 zD_8j*?EogJe_kJr1F<*2GmQ5LlQuTM*<#8Klm51#T<(ggQrw|>j6b) zg749&XIgre6RB?U2hg4ib8`H1%!URrY8fCc_NuyDq&Sr95XoA)7y6sV|bnfDVT@;?IoVLbOz=P z&@-f`q=-pNj6HK<;zX%qg@rq?F|9r*hm5o|O8|Je^7iiRMbPeaKH&N3`}5B^8pkl4 zhlfWv1~gn{m6b*~BsHh+&keJ3YX=!F(Sm%SSizSS?62*b_PqDzy?@j#caaZgDX# zHSQWnMtZ)z1as0d$-$@|#0hv%($cP^E!JNU&1ZPw!cjCQxS8fa2Eitvapg3Y=H@77 z`p%$N4`f#OnV>jMNBwA7;?!tfh!P=8 z`}~1}5$rhQozMTgwZg!lkj}ys;O<`d>Q#uNuMAXv)e{h1`J)WdMgHXQ-+W#}gFMa0 z8sX!5tNumV=GcqR6E3|QKQ~As9LWklw}ZTYOzpQ0unPLpGPULRrN0S&RkyuOCX<2I zF6r=H{E!C`n}2rqK!xdMI9rKO%8i65u^=HGHvfEj@Ny$fOC*bOo9P7I<;OdG{O z>7pAE(xXJ^Qiy{l^@Yo<0&m+N0Rt3y_}KGt4!)2-aWM7M-9MCrH=sv=RqGrJ-;|c_ zpxmpOx0snLPTlq`;bGX<7%JqV;Az|g4{iY+JqpQD5*vXdSht2RT=N` z>`B5JU$wJvB7UvGDzq9c5Djmlt?c*j576Gtzw*En_RRtSMCN8@pdWexd^z6*M-Str zFYjBR$wNhJ@df|7QZp5@1BW1ZeglCOfs&Mv;DZeGofR5TWRy4j_!=oHD(dg&2L|QI z$;p~X)rR`a;H|oGaKnc9NDvP-dacw08TIj_SxLv&&3x@txd{FS3py9!QZ)l$BZz0^ z0&5MU&!2~43V=)>r>p?kI2>h({u+IHgMGBJNq_Fp0YcebR2S4;E&8ohSQT=t4FEtwEX%dM*zixUOaO# z=Fj5_C5gt0lvO6>~S3I%eECGbG}>;bZkqY8l%B*3N4V5l=QCbcwmYEn$f_} zkh+uCus}%f+WJ%V7Bv+W*D7;%j?);2SHXtj=}%G_?i1iGo1AWe1(5jr$fDwKwxr{6 zKqbTt4A|q`YeWN@E=wn0Y-t<%MV374sgU01L5JGthELkV$H&Llx5u$6x1gYI(o267 zX3+un^M-~x$o0hCx67sd3kfcxuGM*gO~{#|B0YoSh6RJJFQ}170i*+4Z2NJ|JN7M$ zH!RB(NNn~9!NTIPiRI;#enn+vDgn41(gm`^-#aiw{W`bZ3HY10r33CaZcotPeVwR8 zg$QX5^>t)-$cT%3h@wZ}^zUXr?q5jHN|#L|*?On-xk68XjC3g&bf^~gSrP3_DfUR< z;K*@0sP{TKcyaOWnRNgrZP#K^#->+qd3e~{+k1uB#^=Jv0VhrMC@(WTD9G5_09f^? z-pHSycRhPnM>E^V5n>k8CG^;J!g(1$o(1(D4h$wtgSGVDJvQyQlAF|>A_e*XLP80I z@JX*XfIMiO`X(cPTK<&Wsnx8k%*<;l$6ze+su_2eV?2fG&}%%y_D=vl{eW8@U_!kB z6>{wR_mUE5<@P`n5}lmHejCmt+uAF;YCG5+TmV1nNBGV$6~bNWb!XdqK;>*vU-suP)Z*U$%spBn_1KQ&Ls^SpDzA{N?542boBzvToec zHe(^h0r>Z-{QByU~EX(fQqXV>}s*>Y)ghv{^gNfb6 z_}tRc(t9_`-6?FcTn}t3{IB6z5C{Qh90rc2uXR*NM+8O(t1L|Ca|o*wc&yFQ0*y%@ z0cR2TPAzZUI(;hdnm(s1Y?U zGox~PedQgOuA$+4G4NRdJr}j&652<;Sw%(u#35PI3 zYgde<$ER^W68tH4d5D8dMMNh+j%j=XI631uwb%r@#HuZ?a>m|kJ|4J@?(CZOsh{Kv zsR%g29Rc~QWb!P0sv#GRcVd4Aqr92XMrSoHE@Y04nDOgX+$joG*4Trvu(rRQu ztny#AjX+UXJ}dSZ%r~&Uc?YjvNRLQKPj3jSyX@{Rrqr~Q(WkR+3I z_D=aduZg96^HDizUEA_~ocHiqK>UeBw(!b=f`wnHgP@;TZQc*LXgml&==JNq41<)b$3=BG zii=y=T3UK2Sea;Z@q^tS1|sq5eYbrF=Xzr(>d23!MPibY=XG@vNPE%|%1!?p5Z(#3 zjxqf4#Vp#kw;TVQ%^vI)fLpclC8H(!f zBA;TlxajlH8c5WvsHdp8n8co)M^_>i95g_zbq`)%m~CX$A4 zW8x%GE~f@QoTKI}zKRiusCGaP7C7Uh&%WxXr&y;d@)_W4BxyPl&vK36Tu+_L@^wL> zhS9VLb$UeqI=dE?!&^0NE=|nI?v8M*gf{oF6G%+dkM{ymILksd>M-w?4%n(W9W?mJ z%?RIu`9cRffw{q*WJkx166=qd`wxvnnrlr&V_0RZa=qJ+ovf2!X>LYpM9_Zb%@g9z zxKkBpADg5VE89=8Gooih(^4JR%8^Ww8Ze?&2Vg<-of>|dC&CAdp$(&RuWTxtT;P%A z7KS4i(q8ra8f;9-&?SR}Yj$?_Q>j@)JMi8D_N5+{LhN^dtAqvZcUctw~VJoKzgcp2&0D z(puxErT0l4CHw#fk?bQzeryl=2n6oT0|WxTgg)0}zqfsprDW6lPF>(5h&f&h3GoG! zP)~*N6$W4wr;U_Oo=h$=TE|lBe41HjKFkaa6`|7o<;a1+Fl)DtkAO}dXgYHe0P&}I z!9z#!bv#po1CDwvmUnhtX*tIEEpqE}kq z)g1mwj-;k*%~?7wR##okr^|laL6Yk{GDE}eovO{{HiQ%tk!kU|<)&O_J#nV#vN#P% z(a?#Uay_`VaI{1JWNZ`JafqL~6PrWQ@OA1{95a~ArK$RhBXoc0i0AA1=QN#0-I0-vy*nrvA8Vc;B&)(6f(PtTpxU6CC4i7VWM>5w zJLk@yj~5a@A^Y=g&RJDem5rZ22OB>Fm~_Fw05(#jMMa^p+hX~}f7-9K)N{Beu_WX0 zA)3k?>aNdp8bEVR9Dcx=?u)XK>#gPko^k&I+G>icM}r^mR5~J zh)p{JkF;yhv2Bh;m8qbJFH*d;YT`%#%H>Jo0}E2p7_8WN_TInSy>BYJ zW+r`amp(afrdme<-$_p#l3M{m+{(%^dZP8kgVXu++*}D20`#x_nUl!Y>u&ulV7c|^ z5r;tzDXlMQe!c{D(z3`&N!-HMFI?!)JC_XD@9@|Qz)|B{0eMJ+CJ*9gSYLXLI`%#D z;C7H)3hTIH_l0uLWXPP!Nm&qXSL@;pvkJScxYX_uk(Uv)4ehO%tDc_LHGWt1JtPEP zJIh=JEfcmGL5-whXL_CAn|wFhUWs=rU;?6mU8_MJUVn^_QP-ev8(yThr1N_5ZPPfd z_bYx@S6_m(Xgb@WU@#h|kop#QREaLB_bDGoN3U&f%)wM1$j-qq0EeNFld-Yyh5i?y zJ`E42Mudf}LjzD!T#Sl{Fm?++0YdkRibp6FfS87dh4nr_=Bmt~EHVddK-x3oGBvoI z!iI;3w|DQ5e%*-eU_Trw5CNmu;td7G1GV)DNih>LGVi=x6i8>F4T2w>vjAi8J!+_^ z;MY!j9tS|9|=g# zz4;rPHH0~D>ztOUYplO^H`E?#OWQLeDM&U;8{5p}|{2X;?3B z^#9WYYZgf#lYWty6S`>;$lhn*oRHOe&qb)y9Y~HFH#`^KJ<;pdBjHUiVk0n2hLMnN zTQO~{x!0oM#iZYY4{a$AVJnR{KTxO=Ng+*#y=0gpW`%m1**e`7J{8$e1c?G(= zqAEO!nG=mRF*Q|LIh4{GHY(M}ErgBRT8PI34lsw{It! zZu?&X6{Y|0_iJm*Z%J=vG$0!IUVHH*gvwmq$v5y&LVrYZ@nZhiscqZA-cEz>TulE0 zO_;o#9Dp=Oj~)e>Qy>i2c_cAWTf5`t%@@$I7ZqE6zoGI#X9h4W?3W9=m1q0>DMa}& z{0F&k)VvJ0PEJIv1YOtwj)zkVh+RAiY19Hs3g`6+NOs#r%ujjsSUMJL3pG6gMQHc^ zQ%IIb&Tw#|;0wPL4Q52SX#0z`#UM;w7MDBE)i#4oLf!)i>sqqowPQJKqrg zTeCS3Q9pbnl7^?#4+H;(OHCocAV4lk5Cu$xBZ2*@!ub0yYfvDyh>|u{g5p4fYfBJTkF$-=tgpq_7akrv zYs(#bq(zz6@NVl`-MF`+mE=Ta+z#~em0_^m!9@ehS5a6Y1R}Y2#aE?7;>6F5pE(ck z^oSM=Q@B`UJAda`;Oqxa1uFV^S2uY|^rxq6iEp&n2+RnLFvH|Q*K?mXsF}n0)fU&3kji7UK98V7-lnUX$pMJ>c%?^=fQz@JUjVEs+Rn{v%S<2r~11DXSXD zj@@Ks9z#h~OvYev>H89_Ld@xEp>UnVzt z`0;};u`nZ$2I=PN2FQp2Eljw_kGBJx8AFMph=J~q&R`IppQ$NRWIL4L-`hc~6Z`5R zwtP+?tUx6exL6-m#xTEp`CLqET3F+bedWuS9|2>`&xZ;zG6Xt#$%U6I<4r|H5$>mc z#^dSPo{g{E)7A!b48#AMsL%2#4ABUXaaR{?lsf{3>VkfKb5V``7Mxn}bYNy!&kjRz zGqZEjB5I!=v2JpOu-D-OE~u=mpg-f95-%Cwjb&kdv^=$+Kj7Ym)S%VOt`v&_ts2bP z6f)G}$nflN7CK-QS}-LN_a1|B`Z@herPhHUe*lFfG>PTrb&iwun_v?V1c7*$Dr}!5 zCc4O^iV48gGy{n{S`Cb{q?p)5{motoI11YP7if_LXEU8fN@iyLjUv#~`s{20JFu0m zck0Hn;nc{8i~`uk=~I8Ih|d}L&ya{N+-#a&ceI6^=Rp{XnGB;GA< zrQm(W|3^l*vxJmXm3e6lh57Jddg{Hl@V4CC+&oXeDl*TIT>N8uyE@kT;@kg@`IE^>wv9d-=#HD; zN1)|X7FFfJb@qi|au~KEY_fK&aTr`0>E~V`;oDe`1YFD3L>&Z4GKRM_m4;`d1OUSG zgmq{X+~(PnLDTQRA%|Zj;Jv$?qsHU8N;m_nW?ssdjI6yI_cSA-EHb|15!mPEZz*EF zEb@Bs%ZJaJjBz4jNB_Oow1dREORRiBBhE5BT5%_aFPWM7uAYsY^r|wa6klOBYVjJc z(v-t^c)YVKuBb7WjG+{!nOR$V%B3PAL~;feZ@eDGIFU4FJIoYf0G(=$=16_VTLL=Vy%|mW06HwH2B}^$oYri{wnL`YUCO*Le5#_AcDIOnPrs z#4sc!1}k^}71WWcyM=#CC@_2zO$|_$L>Wd3#(xH6rqf19b$0+EU8|$C>CKgR(^8)# z&fy539IHO9_}z6kl9%T_d?E&LO8t0uoH{bc;{^&E0a^?Uvy6`RfV~Vi9kB&-g*z3f zYrir#&$psTf|;3FNJ!>@yXAy|!64XHKwUL8?d$1z`|e#;N?(L=xiFfUULeA?TG{I_ z0s+gjWaH{lQWYw?i%r?F%2KGi@UlcWQn2u{v%US(oE%NlVQ^mn#;(>Qo+5Ujt%WDz zV14K?fr^QPV+PWp&t&zxp6dceTF>x460dVan~))z5&g6zcA>ajwIyb$xSpb1Rrq%Sww+OV0AHfz?X}foY!rIN5Y^kG>r) zHH+k<|199(;_26p0(+9j!!izMb{&fw{XB#pH(z~u!X(gX zt~FtWL_IAkrbo0Rt5fVwR46`Tm8`(q;aKmZoFvr+{B%r-CZ7Y(C?T`8Lx*dBt3(|V zNS**d-5#-aCuXdk5QWo0;9JCIw#w0jh%fOzLf((8u4{*OAe_##3)5rhNXBgzi=qjv zAOG9>Jh*5l24!^=HDGtpjc8(CsMzRITg;w)f$gLDIwZbS*W)N2jdM-9^+ZNW^h(CL z0Sv?3p=&W6od2Fvrkgr;hoW@EIcTW}x(w5~jOtOS1^Wq+xYsOYl&1NiRHin&H!r{P zYd*&7Fu24%jA6VbU2h(N7ah&Ob)K#b*yo}lv-1wy*JrwKc=_;O`n;laVF)y@b_?y? z6&tRet=lX2sRWQ6Pn>3)bj9?DJPWYc@wOkTzN7$2nH`W~?rs6i=5o?pgL_)2PEz2sLAM}jto~U5n0_Iz&G$(O zJN(L*@kuyBAQ#af*#@59)39~ETKeCD*ncmdcbmNTmyw@*(T=H@1Uaxc{ksPn`A)*Y;_C3bH7% Sbc${w;HRf;s8vp|5C4BZKTGZa literal 0 HcmV?d00001 diff --git a/i18n/ku/assets/img/multi-factor-authentication/yubico-otp.png b/i18n/ku/assets/img/multi-factor-authentication/yubico-otp.png new file mode 100644 index 0000000000000000000000000000000000000000..f81058d88defee480a59cb63dca806a439ea1bd1 GIT binary patch literal 117974 zcmWhz1ymbN7sWNW1t++>y9Rf6_flMoyE{dSyIX-$+_j}hu;B6)_aa5gpMSIG?8#MiwnCr*}^n5)KU`$y!^YJ5jlvdpdIiL1iznz}r9{~J4_%!%O`&dpsE@Q-tQRtlolUPO$e*r=!Kkss1AX%9Q%xC5_S$0PHh{I->HbUbhg6)vZ}W zcMyIxyL9C=3ld`D9SX(k3MF;w5~mxgIr+#^l=p9C0pay$ za}bDu04}s&BnE^=TB1DikSJxo`)#al_VOG=E|1B`C95GtSO|8FvOgPJFw@YX! zf1vlP{54`FMf2QQKL#C3V%LX zvicK@ppI)&A2HsNmsxfCF28&Vhl&oCDvLn{I|vC4BiZFT97N~Kk@q=+i^?sawY^O)+fEV)>^+k^z4wtT7l@mkv>&c{qq*OT$`(}^1 zB=fFAm1=V%%I0&m)sWE>HYp22_$$Z7r5vS`^-p~Su7u}r+4V*2!Oo>2nljcheRyir z;(mV!J))*l|2RCVEn*Nbqsa-B2t2uyvKTvkXJ7e4R>_3Rm|pNDrWFlh7`@f9ONCp? zlnm{zr0H;0)_4NTpCkakd+D*OL&ZYQx$|luoa&0(GQh- z#)>O)t`{CsM$!=Al}tD&mdvTN-euu^J-#7TG@;XR04~%OX7jA!%yE)T(Kt7)R6x88 zwmlC(6BR7PBwc1Iq!lsHuI&_rs??wwu7yQc0C#B%ano|t=lt3>JGA)^Hx?RW!?c$V z=t4NWnn{4Q@G^kQ~p&9m#A&y5S{e2*>O{8MgzS*TkM9LJRQJM3UcL zloA_HcoLpXq?TH>=+{ZYoOJ;Np1JS={bY^A$hvf2X}{}an)EvIWZ7wiO%0ic0kv-= zkWXf%8<7SNfK`sAOCO%r*+K(wDhsRX`b`A88Z+?^E)U(M7(&4@t|{7LoCKh*`9JS8={_M}yKfP6Iy1EzuyJv2Eo+@?~psvoyQ zcanBKt9-PB9M7b^h}f4|2`_#P35^fZC3z^($roQFA5(5@(pS0mPnO-V^a)e4zr%v4 z{pwl~^$X&O?dgB9&;o09-x0Y={d^UO$B5n&257jBTBP(1X%$}9ZolIT5iv$+{IcpN zygCxgctwnWtf4@9zY^UiLnkaWv@I1%B1C^BU9P0`Er|1RzhoP{}@3R2snzRDD{>ePCN z$Jl3N@nmf=wU>E)TkBN^5)FY0K~Oo6Shp$ki}^nrXaLFfQGM#_(3;A5&sf`I)c%`s zJg`@u2ZN}-HwDL65^rM{GFtb1vK8$=eZ*+*8cK8gLzGl)*J?HZQC~ois%Rn~ zLzVB1aA?y<5M`n1w|NfGsp#E@6WA3qSW%67=ISQKL)iA16vNcX)=mY+6CwYofy2`u zp(_vHM2=QK(jf(^d9E@brHV?R@-7ao3Dda#xw5`C`s$Y6lD8Q3P9^!Zp}Jrk()MNT zox|@NX3g{aZ){g?==37K3ZW~iu3VgfZIdLvT=1+%3AJmMHaM3HBQmVRLzPV+dQ1|r z!i*<;46i)5Y(5CijU5_JP#sm(xxrlCw6_MZ3k`2}0!Oo=#2-d@=nk!+Pua+-Ye;85 zc3>f(1G=$e_N{1YFkV0JTPbCO?)Byq!)fgBFY1xCwYhcP>wB#2vU8{gOyk&v`N5Vv z`-aBSWSD%}MS_M!_xqFDoiN8~`CwGCIY)8r{eX8vBT16>qA^5Fn298R!(A7R_KtF= zb*}OUHi+*+2+)*i;0AZX!&NBvcS#i6+)PyKo|WR%)2^ zM!2EAPPrtc>}R6mL=dZ^#i${~ic$x#1t~GX%<-_5i+O*uaf73iHXT}U*PD`-OfPB#^R!EuR;|S0(UfNlyhMCLL#md z4<<+wOkzB1Gl=ttNIOiaX)Hp%ekcxnK~zzs1~9NB_}InUW34A)Hgtq6Icn~krFHI` z{UDEc>~70M5l;SM{-2Xwy{Pp9JN-3P*q~I@UzLP&HeC#!c1ic0Q9DT0wN_5V@B2HTwg`TX5Oe>J zA|O9w5>FDN`vvOUD;b$UKd+3+s}}g~b?^%b<>urRiFi9KR!$4! zVpD&NrYkQiTbRnI#v~S&2)N!|s?mgvV8}UQ?8)|nKy!T;wuef%uL&Z!_mfg8a(vy4 zY&_agRxdptqWmS&YPSu*R)Tbk9%x<$R6@1$sZ(F>i^~t1uM3WIDJRpVgs-3(;e?cN zyBJeuRk=Q5s3oA~p9ZIOXgHY6Mj4O{F$W{B>6^HVpv+Ar^ZbyA9)xae%+AcDQc1Yj z+c%*_P=>`m9f83Us=1t>9@wkv>Jow^?R^5D)-paxo8WiT@-fgu_V_^GNSo*o_d~2W zGNO{uomyDrQ{ZnJzjnJoG~s=v_P!(23};JwBj1`K`riN8y$*XDcjC}m5?f=4ZG4Uu zz@1$_dfv65?yevlcpAwyB$l&nGcLPu^!E1l^P9We`ZSS7?QUncX^lr#E`?8s74r@v2FE#QyM|2^Nk zYG}+2guFC0Hsbx?SHgDj#i^;yU0tcLGd1-x9TX(5rH7;>Cs%<^!0vYe%_%9_+1z{` z6v(<>=_w?&@$YTNHonYM-C;1?+evS$oF!#HogL$^+J9dGMi398xUwVy%(9Yg_IG8u zFr1}xD@~BWBeKo#bf{tztQe?>@o7$SWf9;n0E7NC*_p;fvns4ZxJ-`ZMeBJ{?(D9m z#l_5`qKn^Mw&zCPw5?dA<&N%BCu0d&|Ni;AZ{13G?C!?nG0MfA5~zWrg2JX7*)WSMEbVAxu z1&l_%&)SV>(x|L-X?PcO5yRzgPGPET`?_NJ1Hpes_B_nY%qEgalXNSD`>-hM2fdG) zJ32ZtGc!j(t zs3m9xjDV7@i2=}~h`ORlNI}^)Id5WDSr=Z!qr`X=k~rRk{4xB^tFHSx4X>byMa04! zV!!)`4{AzEn;p(~-JS=YiZqczn{@G#q#}!u&EU;E9$Up^ZW*K6+D4fY+%TnAzlr4h zZy&dU-kt?Ai*0I{}?;>%ur4-|9(cro0lewKH((C#=)Ir zioSBFq>VVth#19*Mj3{~OH3{naxwYhM=kw@S`lo#(N$M>^7GnbYqq9WE%>Q=CAwJA!y3wSV5@ z!FWY2#*}rfNy%Md|)x!~`n1_LJ0F04I zD|0dfY|sB%{hWu$+w=YE!UCnJUI~&HJwW%Vg@T_I zuJX1zJ|&q-B4{)=g@uL1axgRo_}Gyz&eM}8u9PSV?xmiJ>rfRG?u!PY}CCU$`2lS zRBROb2%*8a36>7-Pu~cSoHX=>qh~in;ao=g@xHjYxPNu!?&Jh%v3!R~)X6C}WR)7_ zP>D!MTfx4rUTSlnpBKhAnUyL3(lH9Bi~R8n0a;j<&t#_Qz8zqjN<1Z-~5~r zuOK*Wj;IQ!aZK%uRy@*U$QNC?wA1vuKM_2_R4#s1bYVJ&oa5SNKW(h6tiU*3B<4>_ zO8R)VI%qlgucrqw4vSBVQdh|ji`J5E0T)6p8XUjPU9lHrtA=WvvQ%VO=jvD{wh+9_ zoHaZehecWLSlYt1TAh(`^K?V-a3!UsrzfwsJ_R%=jRD33rCGpV-cmnHBNT+Bhsv^p zz;kFOELdYVKYB`VnM7Z)QGa)qg`zmiq0k&vF@T&}!~{TUvmX|8iq{8qEMmg&m=r8a2g)@s&z(FX zB7y7e|2;pCKHs1148DiUM4=GKv1B9brAv`YZhF)XL?qk{bz(mM?S9l4*lOUHZMaQX znFTi0JDLzJnEV|!(d_?ZzP9C9-QP9L-EWQJ#ohpmRK&zyW^=g)gYN4)J9B93$X{i- zk(r)EXZ4f-o^B&?Q9J-FBoz^(b8(}~b}BYzMrC9`&5;!e<$&;$wa^G8QV|0oi}K^+Il{UPK~$Q<;j{dfIW_ql)1DMan> zzekYq8KvRfzq%bEk@xmb%PobbVUTL)5VeKp^#2dHK~TMcSxq(Un5K%AoFFS>speO= z|JC-(OvH-Cf(9)+ntl+EO%~v`z-p!RGWm z9P@p*3_*HY_(B%Wm?j*7`32K(Xjx)xKNNBmO1f5i~5qh zbUf~jZ{+VThQZ^r*PnXtgCW>&XLsIBX)FcQS)G!MuFI7!29wUI++-iP&8m(kV9`}3 zgX+Ql{!IXY<}oHh;O6vfm2~wU2=CY_W6OOF*jH zDI~P{9%OuH+rBbM*z^qenafkKVTeWJ?2_HXs;;isWO|fYSh%^ef-=}!dz7-WHRm+$ zsM6y@bSdi<%ah5%9fJ77a`caJEUK38g$HE)#%J2SHyyh&QjR#p-V>O#?XT~GPJHuE zt%zD0&h|O_tJ24C9&{0{Bc@ZIiiVz=-|TG!F?eCiP^gK%{(qO3JbsOV@Ba|B(#r?_ zaaY+F0|2pH`2xq=b)m?h{)U6jZ6@cHN~e`-=ap)gP_>2N+2#76>Kv;1mmi#NpJvNO z0aKZJfjgCD!Rh;XZW~?pc6PP(X*YDg&ED24wrKqWAJ;@eYJZJ5?cn@zZ8vJ{IXtl< z{I;sUWlKi4*7-~9L=KBMm48JXJxQWMwDyPS4TkH~z5k3_g(ayos#9lRG61{# zD`lPm%Ay3g4l|-LX)*ux;lk9~dZAkV3l>(&^W)VHY#xa~MBTdqQVPN{lCq3{+;pRR zu?JxCAAS&TPpZC8TSIc>zBnH#j=O?(69eTa-0pv>#hu~s@pGqpOJGx{zLV;p`LS~} zVN;14X=}@57cb6nTmy-#LG+3Y;QZKZXGt|M5*c?s<~3==CjyA0F^JOPInOqHEw;Ib zz{#DjbO}ik=?S4~*y*P|{cfd|Zm*z0Q73mz1Hkg$jq!dM$0l8da3dK=UaiRptIlEm z%Zjm{8EGq9%ZJS{+1Z37B!=c&5&u`M)t14<006~aEEXSG{rj6{SYAd%gw2XOgYix* zPEF#z5HD|6R~I@Cj^m`BZf~~HR~dF4{-F>cR$5o7R3P;bcrjKz7$Vr4a+zw#a}Xc zRmRo_C-OPYjTq~m>H#{G0pXDWP-cGpBb%U6X--^${4$qL`=BjS^@@5dR9`XNipY#t zq9}$Bh}E}4aLU|v;n8il+_9TdxI}0QVtF>e0ny;n=g$O5mNNY7K+`tY)rY%Db*9JQEUMxB;e%baNHT3#a!^Lq8xmp-9P(wc z{Vriehd*8VsAE0ONM78-Xb3f7g9yj)RQwls3zcMR4AAL+2>7EjCd~j(D(6;<+=z+J z=S%f&3DlY`Ac(DEO$GX70H8RCX~ROT-2SC=KrvoSn5mWMr=2ydf-j43T8FA(Jtu1r zX2r}u&Y^8;dUkf^YHPbO_zs7ZsB*w_=$WCSSg$3T@j(Tf+=1IJe!I(U19muHFkw89 zQ;9dbghaSQYK^g=ZdirG<-3M7FL0-yiiy3#H|glM1nfXntzGunIdslUr29W?SofD$YQD84QgsrF<1B;fFxMWm}myuFz-?`!m#i&pk}*?54tYx zM0-jUosow{6+Jof?C$FN>E+?#?;Qz@Dlq$kZ-BQ771@i$vDuz)V~Yvk(KvEa01TnL z9bMeqg1r2|kK*3H8|UY>#J#cTm(k?e;DipGR*}H0A|+#xHsFNe%SJJ5WOlC)bzyf?!|tJi|&%9#h>i(XfOwzD14Hq#^e!NPh^ zDR<$&E!1r_wXdi{QD>wP%uAbI9$47Ha_UVUqeHCrF7H?udb&Sa>-WCF0+P?4dwP4x z$;iqA0Dqr>((LrA&K@)ru7aD7c^bxgS8+!uYF}5WB{!!akPlm;xzW+`V+D&AW~AmP zwAG&^{n*gQy^(wh`67e6aUwH36C&=W>%NLPo^D!;{>A+=fa#78O+oYUM=rG1=WrcL zK<>6j5rXVK${3E{S%<&6s7-Hk^1G1+N|Q>gB}XRqXi><2isSa$8KKi9{p(}DYZ7#B z6!gbkTYCZKXc+yqOsM6I%a}Kr`RP6DM*+zwXQU#(D9El>xg<(|-P4JtwcNKTF9+vV z`o1SW==EC5-KW5kxUFtaTL%XNRaHz6G+vLnkI6abNp&*Q%uFa_pvk$jUw;H`Q^KT? z89n5aGmYBTAiOaa)r^gzZ%C5kc4xQ&BqJQ+#NPqH@d$Vk*J|z`J{rbrrbA2-CwHUF z0^FD&fUdGc6Mouf?i#I7osHn+LJM3*toDW~36{3H>gwvv%{~Fw6*3?|u~Z45Lk}w1 zf7y!#qo9Cc{r~)noGi3zFfDE_${TTp`tdovF~{%Q6>KCFgP|=1ofb?ke<_!WC7ttz zJt{m8IQ-7njJ33`FE)h08ob0Pr1P<{ubBQ6(m}{IJV0wAx*}}(d)5jygSnA1Rf&{z z)aZ=mS=ve7*WVFo$p4Djt1@_4z<@uPGkK6|$HSWuAWD#JE2NEGSja>pjd;zd1TUTq zvIh_0byDjTFL;R2R%x(z8RQO+FL4$-1!SER&f2vSO1Y zhB%)OOk_Y((hVpSRzQ1LX5+z42ikv+ivEBoFp6syjpo7ZrwSn_v-%aW_YQ3Apudo$ zDp$;bum8*ol}E58t)u32@lOC~iKAYA4L_f)J8sWd;kkL9s0Z+t*C79}OF zj4zM(n=N1VcfJ)=_YU1U(^&0;@9arZ!fvj-TKI+aB3M%?iO?S&Ijbcw&z;Ygz>q5niM+5O13 zLW*H@*jT2n4rfUc{taRCW|Y$=A!8bIkbelG(m}zSWKMr^ijK3ccc(GI-Pqs%_V)4! z4-YRW*cA|x42zIsv6oku$m<)#aQ{PP%1etqm;gxa3AWPrJ=XC5Y(x!7btex9IvOf( zm890~NF4d}5^%gJQWp|%SIXlss;)?8VhRLMf2@_#qZau1L3|$;;o&|-e4zx=Y+}u2 zOEY5G)ajyzAST#=Uks<}_V^JeRBq+^8)9|kfx=@1m!}oj>Se{Er-%1A28t62KQFDU@CZ=aTX9n;aF)|xMeW6o#*(fZ0nIiW*iz46IZeJ#&DC&9 z6zBQEPs~g25x3I(y0U+*S0WnsvDk9bYb};xh*5iNhRyX24N;Bt>ArEkr9vLYjzyK~ z%iBpYIHpBk5lO(^4+u(>Z}TkUdB+nV8@-htCg1Ja0%feJ@*k)fDVcv zeM3WPVUPKhm5*a+1d582m?WIAiW;wg!1D64@3B^h9Sb(FRKf?A*X+dx$)z-L063}V z1Bq4}Kwlj*!*&EPVbiuBT-ml(AGi$`w8A1MPN6zjad-SH_>8NDvD-+T1lN>WBTHHs zt~)MsfvP}I0VQcYeIX~KT)>nkPb>BLGRD!kqN-@uQ(f8;MgE|!!;nnP+`du2z{7>A zS0FFIQ{>0#rYg6KO4IYeTBo&H?Tp5(9 z0`=ak7=DE_psf#JLOz`lu@W&h{<7Bh6oMjp0Z(W~>Wj;PqKb*?8LuO5^Tb3g8H@%9 zKHl9GcAB@+<3~hxE_DHpVgXRGsOp=VQo`rQ><)kb{8Azn_V5185c(#0e-InNw;_W@ zR4Ok^3G4S2zE(TVH?4@zY=_Cx5@dA!3}auFLNKP*>b{D=wip;W7TX9dSB~;StREoJ zA<4=gaCPH|b%e1IGFhILZY2|Mj-5bO+Bs%4Hj7|8FA(nVl4grQ zy0ya2`)L8HnS7X?{)Qd>SRS-JJ-Gv#Tt7L#=k_+aKN#I@cQ0&j$;JLJ;rNY7lor)1N{aqm<|#<^xhrPYL)qsYa$ zIljM0>%8-S!`aAxM$kQ-A3-1gDeu~04d@@o-J`y@h#-!$YwZzHtIFXus&+`$sFVN1 z0b3tQN=m|^mb9_AceAxU+w+8#tUEe8iP}4n+n+sZXvFWyqFbVns7I&u6Q^jC6T-7t zB$5_#^eX!EBVy^q`XV;n*;gEu9>WKK;IhT!u3J41v;^!3rYCD3>aX0_d$M#&2AF_S zq$oIayPm!0P^CWbY`y3FfG{C1RcR0&<_Ooy?!jh2x|;Ji)2c zoWK5!76hE&t6(6`ZuVBP_-=0FW+4xlItmf{rDY~7+k9Lx%+i(@tne`PT@mt&$n#*s z(xtP(30GHvv(8$zx)6cwM@D*_jGn_yrFe)%q))PbH+4|R53La`C?$FgEPXD}e5joEye zp*uTP0h_Bj-^j=v)%aMp=P;8+LJcvr&WNelYE{9?L3S!}l$jNd>P+q;7QQFa=!aBO zHVUFVvUH?QL@_b5RrhH5D=@;C79oyM!t`u+VM? zv?q2)8$)P8PI8QJwvnRgNBWa8Olbuf)=2+^QbEu=Y-`0G{;e2_Im;g$Utnn;kuAM# zak5wm-{!WyfOcKX11+rI5%QI71^v^&m;?qZZZbUc#1lkjq`@i{3TKI0zEaYKcGsFT zDYYkBb{GDYK=yGJj6b(Jz0IU=iDbecF_d_JjQy`;Rv4e4ShSTTKxxDAeVe+#mUeQk zaUiK%0#G6rIEoAQ{iq5kl^V(;BwR{g(AR_Chp+IU?*5n#EmLVjLM#!TN*-MoOjM`6 zXh-N6rST(blKT?mV^4yFlOKFBR>=P9U-_d@(9O1_j zVaW@AK|j@%BNk2$#G|f$s{{`;2O%Qau1H+nl2&hv`dKd;!TupQg)&FSrIAS^6M)3&UMgabvycG*DO&!7E-&1vCn38UtG^e35-`*CgI z5J}ME8ac>#8LM*hCdl~8g}IGZpUc6LEW3d8e+kyP%R1gKh%qH7If?{W_f4#gO>If$-^^k5YJoo(}~D z&3oh+Uyz5E2{cUaa*C68%LXySMwUarF`H3#rpY9JnkaO(V!8H1B`ablv>#$7ju(nt zFdT|!L*s~r-%qIxBoh7xu>0bClHzSSUSXU(>{SC?YpaTqS(j;4hFP+5W zd?{Zh(B8pG7UrD7n1d?DN4PE_DsW!gQy$}w454R5tZEmvS^3mu1GhLJwsD)U=@D`t zLrE(d`O~e8po$q=12~*rdb&B-Hy4QCCax8+1AZ-tN`kP7XsUT_yzG2(e0F<%OP4VX zbG5}p^0rN+ZHr{DYElW&))*(mam3_zlsF1w)wr6(f%quce{kTe;@JJq%-+-L@!~ZIA0oD%s#ADE#>=QU^H$xLNV^y?r2xbb&EBXzF9a z-*3L%szKW^l(7Wk=A8v!EzXR)l_HLwWhfm|G~bIc7h)vdf9dg^wxYy{00s}j=KoPf zUgI(qioOJa>-k`bHZ)0*JVw@aed&Q3KVV3yErmy$o44Jmt}_NVOsvT-*8JC=e|&QD znyBti>|XnrlX3t^&*(U9*I)9mxq2%@4ib6p01OZ%=3|f2A3u?uO%Sk>6PIbcLPB$! zEgwyMcj3O(oH<_PA9}lPY(vHGA98ZDr&n|+`(THGe)<@9Up_rz6laM|><$d9<1zAN zGvR6^Ol1T2y&HB$Lr3r}c$musT3YJ%F6)z*hf z^*(G5!P%FHHK2#C>GThy)Qj$W;+qR#PJ8baiuvd4$m=LqRr z@44owbnsvMYXeF|3V7@}buJHa=zWbl2t_D(Ua=V?=dx_6~c!k&cd5 zF6^?L06I$^fxn}o{Y$WFdlr5PW*|ODlXhP>t~qZ}5oR zWO|yS6rS&E!;>Y*l6GG?hLU>Uk>o~ zyT7OIOOaO6?~Px1>rPL3bOEIMtHdBBKdL8*M78Z*7te%uLr+U3`e`y6w%036dw>9({8JWg>+5&@16g z?tJl)BXJw|gh$g!CQ2di$@HqR@3j4RxAV;L97@sR(~oU;qL-R6E7u}=uLLY_(M%WJ z)kV2D)O1Xs`~@!@wQR&}|7o~!Yoh~V@f-5!oob?8X?im0-BK)egV!9Cn5De?>Tm^C zaldMy+p*|{52Ao7Z%>alL>UfpW256rFcA7yQ26xvBD#Fj63+x;r**1g{Fi$j;NQ4g zo=RPQuK;N~#Va^7Pj?A@8oss<`3Y{}5~Nvg$1cti_&J~wbfB(Wrvc>=1%+BjdOCl0Pj3lmQwqCX)woF$o(|rxqTfcR z^x$08S3V*FnTd^XGnCJ1Pd$EK_0&F`V+Osld{KTiT^v&88_E^SeT_}vXUe<^>q`xr z7AlSoxSQJYdOD6zlRhfM6%^{5tBwx-3lCdF_dr`+M~ETms8gT`qK#K2Zy(c6i^;ew zGDyW#2Fv^ukj>;{_Dhh#xT2Q%TpzaBOsg7JYt+%eY*w{m?X`b*#m(sGk^YZf_HU7Z zb=*c^^6Sc%54xEjkn#59GTN8WiHL>2a|Fjp(Cax5Gn2*8AB01)3uRcsEOg$9dKEj= z|4Ri?vPikB#IfK_|4J*bW6G8Sx7DS}WH=fvlV_Zc>b)7R$KjV@%rkt+Vg0A-X_4Xe zspwQwX+8V(XQP*(9#({nppp>CH|jV==M2|Ldsx@8^?ISUZrQPb`$3WY=@bXP_(UxV zFHDINw#Cv!=OrIB&BxR8Bm$m7>f27H*mAi9g+uGFJl3Wal|`M@VzwS1DfvBjIQ03) zqs3n>kyUG#ZgtlV2)?rv_w9{j*=~EJHh<+C!wHPGn0_={^9=7(X94An<1Z$N4$|`V zJTb?=f&99?ePqY6@1`gj^C!%tCt@t%`+VUI#h~nEGqZ0m|`)l?QC& z4J_^&zW-EYxuYsEr0846#BXB=ZW0D*J>XcsBPI0lsGR4>PhTi5TgQBo`(;wg2?bYlX91N0n^b|JU8~fp6{B%TydR<^Lmr5*Ftb<w$st5h3GR5 zdXunz6PR|$8sY3+l3~_6CYqi<_u0FiawPQaj*S0Ewd@xjZP(8NjK`xZ}n9|$=Ww#(L%##=rXBc(;!7q!PZYThxe+vrK zL#a*QRIZv-lAjSq&v!(9JG#1#f0@g?|S>Z0V?BIKnkqkRX0GHu*c z=bDCzX+Cf1FWp$EpePi-@=j)<1umAK-!As4nEj$%wYK?ki`jAAd#@}EwqS~6W0^^^ z{7;e#Zzj!TPGBnQGg1GP2HR;N)`%Vfk%Vk9y#Ppzj>WRJn@>xt9c`MvOWt#^JUj^> zxs_=zLLON#%h+?XZ%&nqgDpr|p3-7~nX6xqDgZ6FZd7>o*CA%$@|a}yp#kBM9-96h zZHsrFit_Bt;%VU#Lr&FlQ4psH@$-wNvW302#`jkX8Csozs&w2ZKXgw71=epiJDQ4r zC}mmkbQ(E2I=OZ&;qNkSeeCUO@6z~)ysg4*Qj+z^u3MZwHOr8nV%s@@_UH&7QN<0B zFDS#|+btIGG1HYus>N86c|CHpCkS4dcB=Tj(t4s*>}2M*GU$nr;HeVUvV~Zt8u8Wz zpRrlRV|+g=x|q=(s?tT4oUeP9%5^9c-r_>AFr>0=h5zc{S>h9nOZYuy$8$-9yhiS% zd>RXNs3CG&KQ_>&y@Z4D)oYBM%hG4_P3?7w5Kq%WVvXkqWb9mk%{=?~dUMFqA*@0tI8D~9&TQW+m9+ttL-cVeamM2Ln> z!7|X+BPAU(loJ*7|KezBX2%1~ix201qJHapV^eJqYTWpdqR!NHJtXCmb!L!JsA8c^ULrHFh)7A%n;ti@f;bBkh}1|BlT*f#Bz;KqQ}#2Dm70hw7=^i208l8Z?JUGk zV>3%F#B!aw$k=N$lhi&phjGLJaa3_myP{VmLVCQVp25@!z*lG+(2_Z&rL8kR9Kokg zB&<#6(jIP^NjeD>rdOrjL^tmYZqi~Qnx-?&k}bd1+}=(JDTJ9ZIi73lqHE`_ki=8@ zrv}@0SD>Rpf>CXxGyP(0AHu?P#SwmSHGVl-d_A?ZjT)3N?qp={7%ibyPWh$qORxJX z$RdK7mEU2cJ3-c7Roru8rDY>{?*~yCeynk76wwT(?#*4|)8c+1MonN+vA7DZpGzG* zEki}tEoMFT<^2q#Tvek{t8_rN7PhDRUEAkkhE6>Ddh#N#FK{Lqtj zJ8&K%2?^L6;v^{;Im*V%Ui_V4l>wkCwxAsOH2?1vwjMj3;9Mk1W^n}Fs$vakwb7r1W0k0GKgSGQ{uy&KyZ7{pPM%Kd~YaN<& zOtm~D(aSm1-|q7}n*Uc3Duh76sIIW|RQTo7Wp>R=8Nn}F5!r!k*q(T-Wc-^d?J}N& zNfY_FNlFn9_FX@2+CS|}iCl#P`=Qs}xko=Itvz8dSgQW9`Q1%Z&nda|TH*RlF$44q z`_dN&E7;87j}B~rag+Z!UPp^7dwx`qzb5eU&D`gmqZsr!pE`-IsiPe@Y`&6{L#&AU zv_&UZT!tNoA}Q&;Pdix3%GLj8W}N)k2lPm%AnyD$dJNNUkR=%x% zkgII_)hWhTJ(r3W+7tG;HJ8SZO^!*HN{J3->rj z^?mW~3O-6L$uC0nIOTrCNq&Sr*jA$QdP#G^}pH2LqaXv#wwJ#x;l}GqT zMENW+WjN)G$=~_{e%GHBq^!0)ReRqtu8Vx!X@40iru(wu4$C&aI?lbgR&3-GkbL{# z!#2aY0h6M@;Y@EP2}ku3)AZ>U)MaiQ+ldtvs6;i7qMx}SnQA4NKTjjm16 zv+`H-w|MRc zG&=7S(U2YZqb&crX?zzGT(_~ZH4#e(1J%xPk9}s5t-Z4V)9=5v84mX2Tm;3{WaI^n zCIfQ^^V6WHdl-U@qE)iK)z7DsRf9t`ab4{8# z^AtYCn)leYL;H~km)MtSMmn{a;1lnU+lBdeu)c})y{`p$Clz+=A3h~dKcu2z`*xsm zTDCt=MI4}v0xD!}XA&)%&3YW}V%?a;=dhQT9tVklK3pSn4!7V{4jK3~9sKs^hm&tM zCk1ykT;$k7sbQJ0Oz!BHIgp5$ZC|xSTqTdsdjN*fMD-E@+sl&!l7~xCJ6E@o+~K?1 zJ`uH@A-A*3-EhVHX-Z1T&@vj;R)?yy-}k0mC681et$d!>knt=<-DZBk5Xo|53?rg= z*z;{-l`G7PjN2ou4W*B_*)9-d*pY2d}uB4|A zMuM3|mpEnJi$*3&vEZQXbL3;M|BE}!RA*52PyUo-0*mZ>&a7OP{NB%n5@Oir8zF0B z0d`YSwVQu37b+&^3V0qzPS{ejYTQf)JNur9B1hLIl?@2o5Z*>_`2w=eDR?t)6@s0e ztg@H-6zmnaew7UHx<5p+k$f~t{`TrR>Sr-<3`5=B5xaQMQ+7(u8_e>3$&0UmZF;du z0xHK}MYn~g!gNQ0%7Hhk4GCSnTiEAoJ&yB3!@Zjic=i+We)1MGss{5~lkT_|3i{Sh zkU)8m$oE|vga8Xd=!aEEoOO29#U3Np7^cz}N&+vSLO1Ay01GUGrgq`F8|Tpv=%qy* z5=Bh*`FbkNSRoI9+34Mpk;i2Idnpbd+5rVO|&q`ju&!Y^SjUd<^8ca|0FMSb7u1ozN_lS z$T=@91sS%GM)2oYfPK==gO>+fq0r1})B^ z+E(j*wPnl4sYNkJr?@J{*ZOlQjjENzf}jA%bSmqE(KpiXBD(nP6DdXMxx)mv^s~8* zJzje~v=kVB@nMQrM8YoPSa{0)2D1#zgJb9hARJnl_Z_?<$|87}ev9`L7f93VGW!SyW>(dPZy%waheMtg1M_S1V^?5l zJ)`qtO4Mr2e3pGxPvJrsbw)q!!NT;zQ2Nsxn6@ubIF=936^mR!8A@O3%A+K3*Q*~w-Olk6gxg3N8w?l~u>GbyM3l3&>yFpo3jG$kM+CdYe)ERKjCTgb!0 z*{1u-{lfo`!f8ia{xfS(%QT?RMg>*G#`0fVrvEW3gK8aH{h|xW8VfNGryHmo!Ddaj={*i@nvkdQkKRNm6X1h$;d2ToZng)rF&iro#{isriIGFRm#Au_es zuWUWf*~sduyt){S8m+Q+WX~>puj9o>eb-SfmiMOLf)GO&KZVMuk~Gya<5jrxW!|Nv zsA2H_J!VJF4~B_eVct=96z*T_h2dsbp^L3RZrbDN?luCCjgG#j<;D|l*wDT@zpW6d z8j?8V?0LWnNlGiAVSnanHI|OHb~z8>dPHnTjS_QWa=KXy$oUA6Js3e@?+-ZY>W9gs+R^WXfStYTlL{nL z*O#J=hq+>&tK+gPwB05~=$HainotRlq{ys*i9*~X{w|V%Ew{=1u*2uuMkqeTgyipX z9?rZo_S0+1@+?sMt*JF!XMhLzsN_3jThGq?M>@;lZlvMbzgdkP}|O>S!b zD(Uq|&i`AH?noQTM1kKl8q$liu_1cywc+l__g7h7R>v&1Dn_7(+;eBolDx|_`J37I z4;M4`uD^d2zO!c@g#5Qs|KHiXdi)D^jx?pcU6K;AzwB*V`8$3Uzd3#n%2DAO(V)H} z)h~!tJtM`Ct%y@uk)WCxVmEk{f$zLtjeDkI0^w-wBnl`Jx=e`M=Bk*V4W`volBlnp zCDE>Irp!3nS8b7S-stROyCj5F z(exsd$`&E^2Oh(ztZU5rL~qt=_5YD{6;N4iP4p=U0!o93Aky6+9n#%MNDD}(bc!@c zcS?76OG&37ph$N}sx<$w{%^hIW69^e=bm$B&z?PV<|c1@Tt9bEd>z;7Zb$vTc=Zvf zzP6S&7*8QtWGnHCfC+jP}!-gY5>@y`uqXEtu&+x>&Ukh965 zC#?mF>6Bzqd5~bkMyGs;u8QNxz-VRTcDZ=mo_f+sz$1gVtkjw#$jepbonhe2fRxIx`dznOxM zBVUsxS$OP{#xLKWm?7wG2<9%iXK2_kVxLGvA)(^1pY&B+B4h zZ!#L#0iH>676ej(@cwWHkL~7PuTiuFK$7F*fIy_L14qd{my&oysPUc4tCgC_m$cq9 z2fzL{>Bs3(t;wED%2I=|W-N^(E1TwgjoVNst3DlX&jC`(G*HISzxL+M4~am2h)5tN z_zN>*ZFt2#HaE%8zau{7c|SA z=}M|NH34V|3=Y~BtP5-cwE9YCMt${dvHSU@y4$>#U*}imLql*%OBt=-$)$5n8%liH zH}H2`{i>kZWHn;UCrL)M@;xi~zo7Zq)1wXibwqHknn82sy*UyQ^$qF#Cdah{e^tr+ zGFR-9;OxXji`=t8KZrAlsRo`U_xY4rb*|j!_8z%hc);ru6 zPV&xX*+8h*{Z{DNJegT z?FDcv=a;cuWsA)NPGMtpKV_DpW>A9KXAXFnHT{rUtd5F-6v705dMr6RCzm4V^c^@$ zhM)`t^>wwC89OX*zg?8!uQIk(oT0j5BL-dFp9pkHZLo5nr+069*LP1A?O7t{Gh%AR zH}z&FS`$Nc^fS+%CCgPirdbK~t{zIiS`Leq9FtEosIxe4=3(DlZ5IV!izhqNXg${k ztsY*>7y|d9MgO)rs$JRR)^wh9)bCPwC0HQ$fI4nSfeDKi(PPOc)R?yJUs%02(S8R( z?EN6z@7NR)QAOQo8IH&*G|{icWOUyoYQOqOJEB!ghk;2%XkM@+xhp@FtNAp3-uM@K z3%iPEaL_Ui*>B2Y8xek~R&sW&zGotFZDN9QW$eEaqo_f_dy0p@>$3X%`1*x!)3y^e z8%I7xgGf)JX&&yvA1?yJGj8fK&HmW6{6wS&V)Gq1F@S|VAC@t4yebw~dvetiLWgAa zdc~<1o6cVxX<5KSW$&@s44*)->tZA5IyxdsOfyL93EsnIccNCZ&=iH6_@76YcX z=UtIVhQI!cl^#LKRe8n1p`j&#kl;)!A<9p&Cm;jCRsv%@JQjzo>q&(FM(>L5NNeYx znRo`o`kogwq+gi1DM`a{KGw>{>`i4~Hhi>oTl^HJP)vhG{WW(^`zM-P%%mqNFt;Bn z#`(D5Df$Ezs#DBTlXapp;x_HK*1FEafQRPVJD^r076t+OfwW21PC?%EUot1?4_k+g z$TwN$Aw2W5?{Q_Kqtkq5{w-T)`uZ0vUM3{!xsNdiKTFlqyE^s=I-hLZq5xJn+c$rj z+sfX@%&U+>w<68MIwpHU_itaY^)lCxtf&hFm3-D@;rJ5pXDnFhga?@ z3m0{%_1ASZrCTN{I$uE$|FXZd6?|5mok;VXgRf4iCvoH5;kccQ1O5FgKM@i!lYHD< z$_-0bztgG{SE@t= zk9q4d>iwT?W|#UcR;7C&dlnyNdkHydO~^8jy?Hx4Y^&4ut0{mi&n99c*Q1f=W*BhI=t=8L1E!0nuLYeMvu@_v+1W6=%}(9UJ%t)8+Gy-tg;X&H$U~d=Oy918g%LXI3+%`(#fY&-jX1;1g(?{` zYSNPv3Uu7$O-l(4w`IF7fZ1;6*0G_L z=4ETo=8ye13pXfZlTvP~cn)7>aAOK+=60hfI&ACizKwahC;ri0+~r+~{Glyz8}S8NC=gdRTcWk3Y|4K}@3 z>u<5Z9<_wmC1-A%YcvO0D^wq;@#qvii%Vts^PJe%%A>OnqSCiS@H` z<5c%&z$M*DQ~o$%_B231c<@ivA&V-#rB;v}OZCXK#z-Z-SgGr*3-=n<9;4^a(OA0a zXu3l4wUuZ*)M+~D&v~W%6%L&dN+I4s@5B9*996tan4%*ysD?b_0<{M@#YYbqY!{CD z9Vu1NQLwXlWGka6=yIE|u_EOWd#_sGzrt>$67$uY#`}t)gDSmhp@X3hWWOxTwXb zmX^3gFK=|u)vq;dG72V*r{(k&E;NXnDoV9Kq_=s+i_sQKLRq7P#$KeqpHwMBul-)VSTR^Dhwj&-0OBqhwLKr%=~vMo zQFBCQVA)_pK88F$WU+^(@qjt_qvj(3*P5{4_J9l$%hq$`9 zpLLFP&S+^M#8RsBl7d~F^lhV4PY2o!_IsF89?h&=eJMmW~?*b*4YAec=>GZoew2iquHxyS#fg z?LKL!_Z$em4UdJ>FgXXx&lDde=YLXHND!HlzkS2heOsU}^y4QTi3?4%A`>O4b*6gR z597(mg52UXDJ@-rJkC@x8Ifo4xM}3i)cK3(FbbvSq(jb2#T|IG*LPiM%tY6u6f&?y zU(-GdMDvV$EY>8DHQ)aNHwv3B8!ggmiY{vMSX}lDTgFi)`@Kwn!=EhNdfdUMPDLvC zYPqfaxnl8`@`yA{6}io%iaZ{2(e6soWUosvilnG%4sWp^jJ`HMl5+U`Kulwj(rJZY zj)37f=zTn2tggAH^R+P+`R5ph2hA(9l%Kb;KTu+BCg)=rX#Da^=rbswdAr6Zr{Kv% zK^3R+`fGyKPg?qo7d?+(iBxfk%g7g&Di!N2e?ea_R%+Ld3bkm)&PJ1|B9z$lPNPqgIsdbTy$am*qC83_8;>vc6Kj(9At%x}PqtbwjoO>Yt37_+Yk^^q`8A zg?#XICz%OhezV+je`_N(>!j}wkS1EXP97ERymYcg3O5WUj)#U&dos-y)W-*;_}+yz zl_jNLZ5P{3OifLVuMRtwmX>yl^&4y#rF}APY`4Dp+%&H-laa0PuG3RctO?a1-VTk8 z^%;ElYez|)(=3juPl)u82Kn{lY=tKZKMi;0*S{R8*mBPH_E^%CVPqH2BJ;2Mh9Bp> ze}s!CQ8*N#)M!`~_EuTeyD+tvW|yKy3JZNe@7|Ne`?4iU^clg(ViFS11wGFWm%D?| ziOJe{;K%6_jW^obOBnptVvJ5gA3Ut3K5>0d!|S1zPyOY0(ZH}1b`QC0-63ADPc#TU z>lTWR+1reFPGf&*P1(M>uBlu&R^gbQojuDqynxHXlcA!ap`oHeZSeA2b93|av!hiw z4%`7fE+RHd%gQMKuAOX-{rU4pU0ogW=OzM~(BUOh(98Yy=DI*JQ~S-E>DHpDCN9Ef z&!DGCo(gR~U4TnslFZJGtMNOR>M(BOU+h*P_G83V*zRr@Yo%VS_E3j-sdX}a{ zB0a=9DRD4C^(ZGDCs}Ue;6Nziu)3jvnTaU_4j&FDv%~o=7R{G3Az}_|{a9#dVfL$E zM^d>Wht}ytX#f1(g@hg&KEsQ@#(#FEF`n}i@Vl}EbsMHMJ@O%smw_h|w3%;|j-`Ub ztYz8Re%~|Rx@RJ6@^f)%ym`aN%}pSrB1&9)X8(*HA0s>^xt(=mE?#qKvEv@w+1N=k~L&y5_>Lkk?PdlMzC ztylWD7l}1BC-L+e5)ni^ro%})I~I?+;oQdY(P|(3n^pw4MR`#X?4VbUni?7~TVdam zo12^K>tC)hUi{sE7HDW~ZGAQe2N;FCuYxlPy(nV`;3nbd63*;c=zLy5a_0>s+D#!3 zHX~Rg6u=fCU4|PxR`TwhnzR1c4?$?!sH?-Fr-Cq)K!?V{yO4 zROASS?GfkO8!uhmUsqS2xQd+bMv2JD$=|(u$Ii~~;_{DKzugl~JAy&LA%p7rdS@4x z+tY0v!9r;4;k5gm@x_b(xIW(esqi7@amdZjHywKL<}lxA zub`lCb8`cYsGf1zq$MUk5uw%BUwq1LDhIzGN??SQrr_pxSd;SbxP%q-__L#~q=bo$ z%?8i#=FLyozuXuo@e7fe*Ea{>>L|A_}O6V?d^?@j_&O23?m&G9IURZlb4n4 zX0d|p28Pkc!obG|Jum8WbJqZ8TAcS&SPcE*EK`e1jj zuCBtQ{8{QmXbpgg|Fbv8PECz`{SO`!PFXwI+q+%yZ(Rs6w~pwUW|!%{xW79kjqgLG**W z{5@D)92&A*AB^v~{`(9)h(LT)rGIi!J?_PB*M~iog(`(iiF*r&5>rJn4@s{{@k#w( zQl#T1PAYvN{kAL`I%M!4DUnXq{i*|6&$MvV{!T5vGkhFx)E#09P9i$(Ak3WPiO^TF zu?9<(h@mMyUnmH^=n|IoM_jNhSx5Smn-RmI!?yPJ8vvS)+ZzvW?;DstkJByIccW== zy6z76VCcf!^YzwmU}wW$J%04am45*y*5mJ9lR@WwV@BOp*XUURRBmX!6CM#^V{6+` zRh7*CE<%o~#eOvqY%0(YIxSsp3f*q+?X?@{8|1nWe*9I@X7(JP2QNC9w0IA5%59%~A?|aM8rWks1;fIg=Bw zj_Xf>#E$s@J?iVnf{5G`#iOjX#5Y(4`M*vJjUvq>KYYpJ{nf38Sm?BjxzuN{M5H)1 zSEsh0Y}O*Vob@@$P<$6t+B`$RBd~kf_Z|Y1PUF(S-Dhm`K5S6i+sRK?_jm^Q({d z5fDt+=Ad}EM74KyS|-`vdf5p>*;gKh>=QV%2hR8NUlGSxIREG;d;%HxOD37JQVG7b(n&-MQNcpZ>~AP_jLg}M3lN#<=Ua3CNNKG%OV z0FO8{07!hUjwH>@wqVKKPq*w37TWy$?jr`VB?ILfnVWMvTmggYe~^)VprouNBkM7F@v}M2@pXqcErlYc z*w#b2yjLZ(ABX9ja_^B><6;{jx((92EIM2wlIX2kuA;YK6aE4n2INLVKT%Lom1|br zov|edzF|hlZjWDFR{rxBt@x zc4FGuGprmE`b@BUp&s2s^i zy+%7jdwW(vrVz0^pPOA!lb6@Kxaia6j{*>Wxm(czU;PIM6k$+Fsi}$?{O7=wD)c)R z8trqMn$D++RN)c*h24MFTRU!!dVvF1SH}yTJG=N(B1eT2)(hL7P{6&mtZW~4642}b zk>#!cw4Cg0C1g}oR8xRSSU4PN1*;#m(8vp=1C=o9PfEaPSh~yu*GHUA2s*x+m*`Io zpM~uQq*&j4{tj7I>F7eb-<7iSlXixTJ+%EcGkK%=o03}$EW%cgdS$WDrRh{-;*h!; z|8tCH@rq0Oz1%F8m6NajxxFdUOaRv;SPu+M>Su_drk9rhD!Umpg8)t$_JmnUhktu| zYD!I4moZxEu*?FGJCRv`Jm<&cq~9Sz-3iPD&<$Gaf~qR4Sc07o;owUwM8cQySF80`Mf2Dnw5*JXWK*<&q#_$_JR)y&LHSnmp~TVP-y#CFm2 z+J)WGY{g1)*1Z4eCfPaBe4~q&V{aEV-A1O&R=qtp_LmM-AzZmH<1gx5fht6nM-JgY>RJOesJQEJdd-%_7m46w?-v8P9ioW^?Igm^@lsOE-N|wF zrRto)UuZ|Fl?I%?CT2zC`I-dE44*?!p%XMWYaN;vyLWAT(DeJ}LdQ+kKgvbYKiPH| ztwY(Qx?ZZ=6%O(uDi9hcsL_ficVT?{W=OXtMbIr4yjTDF@DO{6Q~e@WxO$RB#u;H? zR%AlJbreh8ji@NZ#6pp7ZQC@iTQyz|sc{-1n>LIGd7*hqC`hROOME6TDdn1kUjbI0 zjgIIDrKT6z!z2Zik0=!%@JVyl4CQca?nQ?vH=}Zv3ICu}XTYbXpnzV6{HjOCCnx0V zIi#rafZD)3igy~0j*bEX0-_A7sgRPIw+Q6PThPC4&<2J_>*~#O*)G^M>4cU*XCbe= zd+cYId@jEWFYb)-^=o`g6as6k7e8P8SSz2RL1U&slOD?tP4F#gC#A=>&UnnN>Nn9# zb*~AtKaE|cOYSl1RDtiU|96@124deujm%#7y?un~n2%aQ@PHG6%N@5#oW+g|uU}NQ zC84tqy=eJ<12II$4h{~jZEcZ6JlS-tMa7S-r?SH#Htgx`1)`18*ko9%UT_^noGxN{ ziV)j{Fk|y5E%P3YiIufABNJ1*({4gb3tx_`1h2}`b8a{$z1kNETXQUKLM5ookkqRH z{YI7j9v2IFU*wtL6Vu0UaTAB*;*}Te(Me60<{yn$6lCp;0}c5g{N=zESQjwJ^^FZM zdjyvfm9ZHhm||pDH=f7mo@*wQZO{f6d|h%Z0(+LeQg0uRmq zqM$A{KBEn~BK&G`nV6UWFjFz%qNziVFE0Q!f!F=Cu%f~in5LyAy^|9bK2crq{*!Ur z$D|0pW2E0WR_x%gD7A|4ABc&KjEqL12VT;-?9m`}Q1S5aNQ{fa%tJ0sy~$z+fIkC)y1Ce`fTQ1X>AcflzakA7Dlgb4 z%LPtmui8Pl4vy*>MbP!>wkk}fuCA_`nHg+3Q4x{nLf-Qw8qB!A{G56!mYUzR=0Ev? ziz9hQb*-)U0Z)OtLD$VRez#-TA>a#cfG>D?d4=R`I5g29C|O$WLe#m~>h=*}E*+rR z+|n|W+ddoMJE$AT-;0%pLcib}(rVb`O2$uoAF@i5av|RQ1PI{={|23qWfG+<{7(C$ z$@TQ~&d<+7@i5h!Itikm5ikhQe$#zWH~z86GS(?jQR)kk>ba)8{0OYjXc`Yf!-J3t z7|+Jq8m8=H;mH_QlMHityYQyUhtc0R)g0N^tuS{HOk+nh zaS$O)F7NZ_&#s7p>sk&uvBp%j6A3!+Ij1OwpZf%^6LOC`%WpB)ll+&v{Bf5Zn%kGX(6*=jI$Drz^*c)9r`oBg4ai7$oI+dF#u|A6^(koD9(~ za7*BYU8}a5I2T`fBe3S~)BXrwsI9Nx*xX!%hj@yQd)^Wv1x7N^-`@`lxzszow2Rgw zB-!$xAxj$xyr<&Bgu2Lorj|Jhg8}zygE2Q*omMWte}DZv(gpMucq)~j|9Zwi@_J50 z6z=&r>Ji@;o&E6ghvPp2XVSlHvHcJ&WX3mPV)1R3!F$x|c0xsY_jzFd78v4#2M?fw z1q}_2l)SvSDW+d{c6N4aD?bqMu7m2D8Z0^kg4fWNAv*d)Y4q{2!}G|Q@89oO1JD;^ zSs>%2a3S>`@nv@aMt~!Tj7rPPzb;n-D-jTAgBvt8@jxH!q4n%mn;tB6H8s1Y`P0+) zQx3q5^z;@0ETOxpgQKHzJmuOeSs57+=C(9cia20^_QA@fwY_)A2;gQfHypL zY=izGm6e!I1pn+fU%t#QD0m0W8GhD34icSm0HA&K>R#fI*Uc4=4L9vVCgIdB8+y=I zH|+77Rgzn7x8q#EaA5DCKlB(K0T|ZX{7Okr7XXz3WZmqKN;J54PX{28kdQzl=P*;Q z3$Pb2lLrD4gaAPW1=N0`Aa@xr|J|9U=izxe_8%^YfNb+YlXj` z?{9Q_@4O7WV3_UGqw+7_kOR=x(gH(%{G8tv8aTt=0$~*b1PDt3G{Cn+hK0$3`}FGu zy+Aw+e*YrzVbJv=8|7(#tm#$J};u`%1d*(#8?CIFdcX2wQGZES2n{5)9f=z!*m zA3ofh;EfwFCM6}s$HxaufhJkNEkr)i>!GIzqmdDj?P5mf@jthP`@&Y=bZ7!+2^74c zwsvY}hJ?dR33%4TVm%0V`rhXc6bEup(W4JoczBwCDPdt@iE-~Ov|U0AH1G5E#O@%B z964mjWK2&?RMplJffrX4x~9NI1=G3*DzeS%8hjmo) zF(L9>cGU@TPFc|`$5(;kAi}}+lg?IMA%y!*fOrSa>>ge#?n|72E#K&cbY)(h&%YRQ zO0yMqB@N>Y2#*=dR5XtIA?k>U!PeK;pXVwyqjh(6g@u%)!BsK9Knwi%ARd*YppY2( zQ1@Y_AF5}AjMvW+BSNW;bRnNRH{j;xCLs|R5iuG;%(u|t0}Ye8Avpm$BdE`RwkC2Q zoT8Q;OXE5D*Kw;$f&B~OCz9JUWSNCPei>L7ST%5%yu7@3cy3~n*V1wsMJfvN%jJx| z&r?FeV^@APbaN1SAo_x7fhI<<*NO@YXPX?~L0|`NThOQ{7)Jl78&rV;x#Y>IDT-*R z;DogD^4}?(mS9-#f6q6;)q&Kp@$z24-08PCTZ5`ssGPGgntu8FR|^Ub)o>b*Dg%B& ze!dJv4A^*TQW8jaJzu|~6R`YeA}U@JotzA6=k)jQFF^$aJrMe?Sc+2*BjuLiDDB$ zPo_WH-!>u31r!cG5MXo52BttP^9{OoD=0{0?)|8fg%4S@n!5U(PSUe%H<2w45CxKC zG${INYPcxqz{8w>&(8ti6&4o4I8swmfa*L+uL9JbHp$?!%>Yoy$XI}Z1?MRFcY`Ud ztgLunUogI@59iiI3<_36Q7vCB`9cK$6I%=LuE$S5Ts zG=28dOL~SD#>C=6<7`0y|Tq*BHZ{s9!-UR2zQL`5ei7UbkO!n$v5nSoYv64m z9Rl&q*Ub}YI|6KMvS_KVpPq36%D_Ga2mxOG^V_!*xE{DT@&EP?4sL~RPlUkjG1JkJ zEhusm0fAE&6@5DpLkS>Fz~@}r-tG-+Z_k8D1Wr7I&xMJf-*c)^8C1Np2C&`!PB&1o zh|o>go}vc_v{Qmu0A7sf#7J4}J1pBW^$nU+lqVHSYTrF!CO*W21nB!C5ASz{{542<-w`g$Bzn0U><-JL#%3HVF3x2I*VyK#2^p> z)KG&U%5!pde#yZBz5tTUY*iy*Rhixw=09r9Vf)-^&>->xC-}YCu{b^sA}fo@U>vL` z#67UlAOT6n-6QV@#s=`Q1R(ek>9L5tJs>;C5pV%^4h{xp=00^-pUa<%;OA!-7M|na zz>7&TKYxCK7zF;SP;D8+x3JJqxCx{qet~KYskQleD-#n=_fxYqK2Km<4#C-@si~;| zuIvH=Kp?ioxZ|WKxbH9}>jDq9>pTc1dN-bDF#ba^cJ)qJbe)G9FH3!`h zyxbwc$myw^w6wX6jUa@|uC8aGqNk^&0k(|S-z9iF1v?50&EVUGNT!~ittBNTN;H7e z0>BA#a_&+U`~m_KPeDru*m?Q(>!Zp2t=(M@s3m}01c<$mqt(!ufxu;`uMc_C?=TVK zdRNy*HM(nXhE$3fdm9^pEy2;3hag*mk8p(KC)g)E$;#>~DDg0(u#>~q>L9fU1p=9D zCZRz=$j3-E_>x8L3{MAkd>6Yc)kwFkjE&cdR15A969-3CUw@1#{l)I1sY8c$VHa`< zt+T{*^xz_)c~ak4GryLrxLxdnJm*iyKZkB?M#s56rNuA z=@;hGEC0}$J6Z=S=qwBh%<1xUyL;V1$n#A29%SoaH(Zb1UMa#voqGyat%ElM(|n@E z-S17nV(H{AVw12`HmTlAouhe5E{0MJ47A%UvKO|@I8MTc~ zO(hu6INgqo5fDCto)ivP2iy(p?CUaS13J_l;4^4K!fgyl3$teB3v%*q0EkGTn^_<; zAW1`?>PX~={l;v7j8$*@^x8eOfEVBqy;fHTUI-Ep^sL+3*@3ehutLCUQj(I=1U$a~ z_(2#X+M7J{xqTZfyvk0|!-LNT8RD(%_ZtuCAdX8(O~q66^%miG0k#8>3oZb{z$l}~ z#N+ex;XnVJRg5<@Rz5y>#QXN`Tk)tW^(IXNl6_U7AT-+K9k zgh*Gh+DGQBJQq@k2$PqUyK2bLU1r{pelIc^dwW%N9Tp)S9PW-ybWXudb)zgY=|dGe z0*Bo1wTlKIc4I}tE^miKTv*r;%oR2cjD7WYyyHlHxYWVO$Rs~0gt~Fl$20GfLNqyhw1|63|kZ9;X`ha=Zd4m9?N~= z=iTX;rQB5GjREO!G=&o_x=R?L5KT3!<{8%ECT_>Y-K&1E8}u}lsY?rSUQeOX@9-^5 zsVB_95B`g{WhD$1@VDx(G0~ZBy&o;>H(}7jFV_FW6L%Ev@nhRYojP`f4DwxmjOgPF z6s*|WN}V6$6Fe}>ZO7&;+>eksPLVIR3Ii}Bngd`vFr}t^f<8zb_?|6S~Vn^OWMO#z8_da7$=uO^P{VLk`t^N#NFHcx_unZI$G%4 z4nri}@u_VVU3&u!$x)|>Im5BiSz6r&ZgzzwK2d^qImv~#7RV^Ax&CnQo|K0GU zOnCWUNW%BPV5g!s9>UV=fjxuB=VN2XBbJoh{Fer^MEX2egsvh4risUA-SE5KV_gQ?KIFX^4`Ct>j&M2SQ(L8`6wVi( zzju2^;gS*UyKdyE6q-nY>_imUbXIZ5lTam<*UFu=&>azr%y$XrDyvf8pK>k zhZv1W+%7mrf%vJ1RMf{?`XCjjc)Ugd$y(Y09|sAFg+~63fo{5iq!Q|%VY&Hnnhk&G z4Db#tEIdnn4ZN4l{4xC$yK2zM_xOh2`=L%)#pqk`B`VJ=z2NYxsF_BTEo?@p;>C>n zkA3k&Q}@(rl!pQf8Q<{dQ4@)Eqt$nIF) zqon`jpDL8_r*~=OX2d=+@!s?f&T&O;(sTOFBK2_vyG5RxSn}v>R9Ct02t`_vpzNit z9|^9+bGorh@=&Z!CnRCnK;rm^a?XSAi#g4rg-4F#b=CW$>*Z)zkb=|SwUlh>yOv^C zcBg+|c3H(JptMJ;Xe~bxT_M>%Ic`SBsq9AGt3?lCoEfSUwveCp2`Qu9SL8Wg9CVNx z+YMM>EE8qzeE7wh&6DwRv9;Rc zEzTRQ&agcjTQT%9o*um;>FYhK*q`RO&PiRKME$*D&*C_E%h`x1_ng)aQx5}MamWr4k9!cd zak8C)Srys8N+q3q)Z~>4@_Dbl!DQc1gfL0CNAxzy-Q>M5IE@1oi8`U#xtY>`E{CD0 zxcC%U==Q4> zS9(ZhLt4)uwgTh3`tMi+D&l=n!yP8;d=H!N+$-kjF`~JPNRN;Lbyld4iu`8@6ang4A04uNTI8P&OQGM2 zdlFELi?Dqtf()jx7adWIkN?q&_=yHb1}cA7;?z}U7!@Jj>xtm`7=%}4if{fzj*uG& z8x&xPiqjn)K)U}fwlZQQHQ^7ThGg{5Hjf51I*{Mc9zCjsEV!eitd!Jj%{z>Y*3{kv z#Jr`Gqa#*!_Mh!uEt8obEA-9H!P`T-wu)Dv#d1Mz?q`Z6VD3avtiZqif9^Hfq4f{ROE7)qzl2ZjE?$KFt% zqW_Py*Jl?`C(vn7f#RLZYiuFv`|sS^90(G2h5SVC+YIc_^R;P-Ep7YbR}%|!q^{lm z+#bP>@>MEbb8K=_Wtbt!4v<-qTK62d@*`k0aUB{nC`8v%|E%D-xuavvq*Y$e zTMo!_AUz^DJX{vd{s5eN8#D|Yj5H;@)6fpY`<)=SC{gGG99kP9uuzZ?GZhB66A9Rv=!8AGWoKWmX`8zCe)m)UpAlB zglV$$q12)SN(CXD?IjoTx`2|R|KiF5lkV9UeQsfJ>|s+j0}t8N1aXJENyfy~nWkqRy<7Al!@8cd`qjTY%qPB>8Yk!` z$Or01BJKuRED6laEnnoTth`S{PFm3D--et8VJ7}#W4$^5xKeyZ)ESGj>GDLa2eV@z zaRa?oZUF7tvagttPvc#J1eS*gW;8aY6vIFLY>PnGTweyyYn!nnJ<6~7NT2POXK5pQ zh}y4;P-1Wt^yXA;oLTgTn>IWc=sF`6qY{j9B{NzZ3mWM%D%6UmK3H7Nb5U;w9->qy z_PYu(cdVv|>X6khlYO>8e`Vc6I{NjbD>&z!bHA-6@29sq$AlNBUq^h|WuoI3&CLd- zy&nq8*2=7}wL1jTe$ZXQk#fpYA^aX^{>1%{W-fEzf9E?u0wGNPBw57v&-+MxKBr}assL|X!Fc=_G&UjhAkgz!SXe-` zpv*6+sK7u)g=%Oo$eBUC9mE+x$>B9JV5o{NE-ud_?}|X8qM|_DgjX}ZsX@xj2b2P7Plhv4EN zMm&Sy1xE7Z*|RXhCm~{R4=5@9f9-Eba4-!Wok%74b%Y&IzYo=YRx6{Uc7FV)t?B(uD_3uT zONE}`TD@+T>>>iAU3XaQx!tkaklAlylTef{Bkd8aU>+X7ts-{og8;XfTI$B1%(T=! zqlO|cg|s`9dj@DCYOC3O(p>o{nWsh#yIi7n4fF?I2PD<}>;IZpvN7-ND%h}x@rKe~)IX9qW93i%>t%H2Ni)y`n=ATgK5; zZBN?ki0jZJYHws87ugmWV~Q85OGga3c;~`WmyM~|w!O9{wt{O;Y*@?i!pRvr=sm&1 zW7KJkdgvg70pZG>cc`kWQh8{SN^1Mxf4=`oi@j1is71Huwz9C$ZgY2nuqReJ&`c_V-5w z`*d6#7l;phDS3GZ^R*}c3=OHsQbE`ij1EA`mlU9Rjmte8FW!@z zGSJetIL@(qWpTVYcwpDBC@tfL%QQOFIrb)sAQStka(bo)bLp8HQ-4^byf?016sAT( z!f}z#i($E29p%^hTFRpW{Uo>+;Y82&_rKPmGr`%v$6!pwomEV-ch^8mcD|9yBgJISB9f}xQ8EtgybjDV` z6HF_8;qNwvMt(e)nXTYZ<0qp>ao9WWH<;8H($Jl;(2vItw)8FR`P1Yr{U$fuKWXF3 zNik1Qlu^916m5I*k#g4pz)pi@4(YMKqV~*#6N3jNTlIRYijeU{!mj3{tRBVEcWY^N ze*IzT0kp>vev4qF7|C@j<7Tn12JMHBfy6!W|TAD6e^dzMS0xrOO{begt0^!u4}} zJSrt+XMG*;K_IRkX@5_gYyuJk2lGuI%~~P31PM=&Kq0@B)urN!1~07!H3f{Ntf&Ya zC3w)#PoF5A^%(Gxk&xUWkLBj}02vt)JCM|u5EFCt@Svum@;*Nnr;4Sdq5{1HWRPJP zATu+D$)hMK3J?_q1qFc^!5gP6t*kr`m+nROwfNk6YiZ4a`tRrG2a+5p#J6x)fDZ6Z z;Lxu@bA~KuTbnKoE;y=xAiL8f)(x_W&8H4ps#+x3`c6Bk{Rf z-rxVUWH*^B4Zto&+ z-+;PYpNt9JP0s1|H`ol4f>TUbW>|R~P7V>GMy~ozt@P!s<<+f8soX9<)Q~Odk)Q2u zM&>NwJ}K9$H7icvPb*R-ySD9Mq~&e0J-~gFx*bc^bnrv@%~v6pvvFhkp`yRe9ydR9 zs7r&<+_yL!zjAoA)XCzbsl?X2&EVC1!#AtRr}-vPNHMH^)7F;9e*4M|{pI(X0`AZg z2O*8P2j@DO0=@PZ6qoWPuiI&vS`VD8H`WHqhZ5xp1l$)BI*O~=XDT%H;?uP>v;c=& z-nQ*Z-m73?^=>H{lDv2DdwPhSN>T5nPkUS5dP;8?MZkHZeaI4~^;(T; zNE7?J538Y0Xr=pob8>_vsf1rDHZoc(`wW}^#Kb!eefme*WJGoK2=QBSTK!R1#esybhbyZ1JIYBPm>NyT3UBHLomw zS5Kd;WC}?Qpb>L^b=@v*iY21{!6WAyvo=<-p?Ap3;gr7*UxE8oIM^Q_^Vt|@+X{A0 zt)4~zEE4ByGwE{n{qRmp@Aj|td+5#i?qAkp7f~isa;uwcbMptwdCWMkOH&VOjW7Jf zza>;8XKG@+Gt z&}xWEF^PBRB_(q>^Tuz%TEoBh`+Dg&lOkTuJJ|{74|6_y+iGz1-a|61YE?3$sg)$C zTf}e=RzhjjF`bB{_Z+pj>6Nk`j0juJk=)33B;}y;{W=jn-$@f%!P;Rae{iGGftlff z8LQ>O8e9Ute!f2DOsvyk+`HGLpbB%NaZJ|UNawv6EuT>TwqT^%Dao|XWYdBNT}$D2 z52Z{%hetFYaW_%6NN6F(ic6?A&oQD^fp+{4msv`|UdRUQY;8d?*wbgvZvXzYedrBu zTIYn5iIB)bC*;`r@&Q4ms20Ghu=a~T3Usq{f?7E+_-|mDE@E+=6hv06YtdNkEt8<>C26BD63uaRgZi*9r(_zr&@9i;E!w zfYX4?y3Ow)vDhPSzCD=-x-|p^*HE!XEuV4>U$%qMg4=wCyjM0am5 zB^Q?qq$_W)7jFe14GL}pFfJSh*4cUQsq+8dLS0v1|9xr-$~)wsdK;5S#oykg>yD^_ zbl=_872Mtpha_$RBY~9?vKsX)b$*2MAHStTpmbYr{zuYPhDEt`ZAC#)KsqF(q`Rb~ zyQD#olnyCDIFy2PD=94vN_TgMgbGM^cZ2Y)c|Wf6LyyBVGf%9&)?Hg;DYbtEcFts@ zroLxJAcZhl7=r>1xByT%wr3O;+5mbV_P-x+B3^+f?0z7iKbS8TG^M7Y^ zX)ip0vW52p&QGEue>g?Z0yL;WuczPZynZbN*u98IGY~XD6@yqWf{3FHbUl521)zuF zyMaIY+#IC^F~#+o7R*EV8MZ8(Al!u#AXx#?-7Kej6-E;L@Bx~EA6y-g(tl$sLCEib;0 zrCvQ`G|3sP@_|GDuP?$H zv@SUp23G!|VzRlBxf<{msu1a2a<-0|Z~Mt;BmbIa;Id1jol)w2#6!w)?D`WK>fpaP zGZ|&OHErkIfs)#%-u{MzE(z8yR}1dY=#~F1V0s=26##lizd%cwj#=iS5WPn4g$3Nd z=O#s4h6+VjY2pOIu|M3^l!NyCoYgI+D9nG&I)3xnmxAA4&Rb}WY=rk6_$)g%5&$4Z ze3POg6Y5j=p3;t{=5phbNgRpKqWQ1a<Wql!cm?khr+q_8poXN5eJqa4##=z%A zuKGHMRINu{(Xb|D6TbM$IYzrbqUp_ZcG~`^oRDu>Td4lsjMr8XkFWJEqjs)K5&^ze zmypt7b;*+ygJXJ_L(?gzq7OjwY0)(;SG}7iR%K*s{UQCU;OGGRS7#ZOK^|`MO~)xE zmBEunAJ^^kX#ZFa1MhC_B4^z)r_-tM(5O-ySey8!^i&2LNjx1tFG<4JgHxBwx`VIb zT)ku9yu8dS#?#$5biKXu&)0fLYOkGo5FPnfvfkOSa-uPH-YT9(*Fb_`@7nA}&_q&u z_%UY)^-*6c>nr{Tff7!rfel!42F6)fWejo7IfsS(@{4RM`nd(3f#aAg^MQP%HwWEM z9UUE^McRai1Ge@R_PLpc=@Vu(VBqa0%Q`zcvY=!DK?%CBsw!yC&VXnQ3JXIRs(xlj zjJO*9&no>G$X;;Ra3(Ut#0U)xC=j81Lbr+V&O!qWls53bp!nHZUN(LEmYk6A3~CE> zl?V~d-e1rP{s%%@Ev+h(&WD16^`H_pnS$=tNkb>PdkF|eW+5RMd)L70DF_FIq1G4q z5jqA&Gsq(U=O)es)C4|~iiAXFO${GJ2JHFVdWedODk=`ZAPlNKY*L`~3Zb6_PY{%7 z&@n)VX;AkrKO+MMSWpK5?jyBz3(Ey!U?nF{jf!G7?TG?~Xm(cC_4Uy(%((CkfPGY# zk7EpMUtV5@-WTxPQZR{v<^~n>YI2gw?KkLB}0aW8NG_z zngL>m)Kr7FZ+D@+{v^Htyte}%&Fn+4wn2Xlystf2mO*wVa&z#QJTkDI(h(gB8;Ovc zgPa_oO`%kzAR+`sMoWA95_Gg``5MdwxLg0dAp)(|I3QuH@u4^Mp!kE&_UOKER#q0G zUhZB6Z_O26chxAm<=QmTwE9v@q!otnovZ~35%1NnHhXn7`j0$ z3A)|gztwEtFo}>$RV;g#@3HLDScFWP24#F&;X#_c-WYR!^Jf2Xb$#9a*YzQSw@5_> zlQq`J%7rL%4W*Vtwp6$_HpZ$0D-?6f{mI)5RaKvTg|7dud)(N>GZ(Qe{Xt`j*qd3Z znynOiG1%I5>7sg9e0Lb%47$mbiF&%x+X%mK7v*g(Qp~NG)`gkE_{Vm02HLL-)VtC| zy#5mtCl&76GtEz+&WrPF=U0wcZ`XhDC+&2)+as2*yZ7Md!H?&ADOFWZ36ls~2%R1H zDpG{*Zpf%PNd#g%P1bz!49mG@vNec##=~?h!I4%uG*^%%Rd{xETdV`WDZ#HjV`mu+ zDhU*Tk#Z1(zF!EfEngGdeo=N{ke8d{CpDq|v`GgOQznu}nryboVrS@I5fUk8C+Ww8 z(0Pa9h49QSqD-!cCvTRW&$ta?p6wxY=2W1vql#k zCmx1=(5uReSETM9Cch0YAGMjhqh>?pObrb9H5FIT10VIL9dstUkPzyhIyk^7uo9_q3bpKw>#r?62b`-~QUo4NwyMf7=e9NSK zb!G>BlhEUhnNLDv95&B>yn!LcL&wWwG>WGn#&fowNG45vJW>%xY~ge>l@X}=XPcB6 z3wzUjhOCv6gF(zhT><6w8>oRG((G3-fy9*tSA97Ss3d25Bvne5~vm? zVeo?XK$Qpiejqd{mwUH2_8_RB@k$W!@dn5WIuy_vuo*OfG0q0mdywS-;>UFE>AY9L zlA}NLo@-QBe*dlr{S)A~P=w&Qf*F@6pcYh%AS3wiqz{buP@+KF?FtBONl6db5bFcy zO9~1YnV9-VMjU&hC_ywF^j89(29%G$+v@Y8m zLZqR#vI5#-v#u~=FjRrgj*Qc^2fz!M$U!d$?>F=FX9<)PSXf|muB)k`n4`p2h66*f zPXS^06gn#EIkd$s^5L(MGe4YH7m+ipA z0h27UJp(4t@oRQ(p6AclH0F%xfzdvnq{sz$7oj?i42c%l>+b9hO9RJz$KHH=AMa-sQVS9k&b%i~L zNf@T|CiBLluO~x*-7(^ILED4-L;8V~`$6aHxhsnuGUjuW-6Fp&Lgv(_zRupI3O(LE zj^?j|t=7l?f|#zYhsJ1pJY*hu^Q@iM>SK<5SFwlYc5p!kju2kXE`{ZCvnjSLh)2I1 z(1|SODUO2jErjS#&0+9o{Zh}@`3Zh9={U}O6bu+HEH<0V78S^G|I>>S1yJ%`gXcIW z2L#)K&v1ezsl-AqL7)xDI7rgKExiJUA$T&OXYxGE8gqkigYmI3y-I7)s7ip#4N4&r z5)$6RK0K&QTHm2=VWHlKnHC_aV$TolpdGfhv~+{A0s>kD78We&+r+}g_7pUZpezKh zPQsTju&ePY6eLjU8`e17b-~vx1RXUDRiF!H5Edp+DQ#*Z2S3aOv|~U|i8IE+hzb9! z0_Y(f9kdEBd~O=@^EbdD1@xGVuI`gEPY}gHMZ8_}xd9XFGE9owY4-bgcb_V{=8zyzA_#l-efAJq^d4$Dg4jFgPOes%t17+vH)HV@^pim z5^pcv$OU!3c2tsD?79z7kKPUen+a@)bFR`%xx4!7{q`dn%(d?Bx6ZGs-G-9aKX~lc zyT)Z_OU@nr*_=G;3tsy8r%@^3@yiI*;-TTnRQ8)u)kurSyJ-{EGEs4ygR?_ct6^M$ zmO-E(?e6I~<4^r*l$JIeAUUY%e;zdw5TL6Q|5YXK*F7mXCDzY(mJYPjc?TT3m68 zJ#QBu109X2!tnCTZ z+>B>8CO%W;BSm>}`b5BX9>%+Nx+?wC1A3fJXqC9)&oF+ELFHrMyo&q&wfx=5^au7~ zK`}z{wAX8){CuxMm=qZ1OH_z#gq$YIemS4j+6%i_*=t$h84mno)s8!3y z&z8int`cW{l=)+)n@q4?U1cz(-l1;_BlH?+_%FYXVhJ~{hVyeKT6&BVz zEQrHcaz7AQeRzB~!6ucPy9ONsxGRAM06ZR=h$wJ~jE|cd8;|6^dy zUzXoW6@q*(#>tF^uXgb6_pBK!=;id4ubJ+RZ*?qe0o%rSCqv3xS=c@5$3TL*n8i~;cdaOa1HPwzQ zA^IfGvxGwO3YlNJ(&r82x-ZyWjUz|`Z_SGqcuJONQ zagY8m&)&S4c*RgnD*W){JnhP-nwv_~i?0{YuV0e!*ZxT7%z;%HP#PxvWUV4Shr_ni zhO%6wgZFdBm?BgEVn{+>xb3eOzzhCgK~OZue*lNCnz5nfS6&X~*S05ndQnLiaM48u3S5yDmgUU>kRy+;mT>E~d{5;&-!E0GbfQ zE)iot?zOSbVb-w^wH^2U$PBt`P;aa%IWV|~P5mso9{ZU5so54MT> zp1kB}E+d+-mLKX7-5-}k)?l`_38l+$U$|jzi7ks16Scl!%4GqliBs}PjZ3PJz#6w^ z7Aj~D&eYkQ08I2}FBz{##h)Q0};n9IPFP*s6qe z3@`(<;D=yJQ|WZdP|;CS^DWo|ughGc2iOp`DX_3e+%FEzpfISbkAVmQ*54ygf?aPD z1$1_IKPKj+0mXkoK_7UY0A+#z7C;-I7yxtxwFwsFaz$Du7+do4z*r4<4FDi{bqJr+ zyLaHB0&6e=RDy{B#0s#Q`_nE15N~X3ys)qUMGJ^fq5u%v9P;HvLXn7_GMtQ=N6Isj^Mx5%v~39 zsk8~xyinIbne6V)t*VNvQZkD9+z=z3A&L{>8+&;7d@fWwra#+s>$)mA`G-=k_QP0u zMy8l7clF=2H?%yQZRTy~zMsxFuU`+pk%=ElJ4@9T7g*J|I;i|YSM^H9AFnq6R&-tKQFi)^z^H|Ni^-fT|~XJ|k`^1xlJqEs~eo zB^9O6YEJf`&NAbd!c@vt;gEVWGYj&;#xH{&p7ZO5Tx-gUOTS_YR(_iZAK>B}_G+%J zUzc!&zEg?$1E2?kyYYq;_7*Se<*rcS>S5>fkNQ8~U+sk@2Q9G-?%vl|(Q1`o{pC_L zAKahQDR^3sWi8*c;`dCc|KEQ9@6#n5E^>sXz{zE*#D$oHgFLN88b{%^3l%|zY@GkE zb&{LhGWSTY-4t?>k?&9|zQn~0=ZT_D&;^*|`0{n$pUh22$PMr`LlgUU-~QWcX;?Hn zF&mb9eoaSJW4=w@16EK1bMK^g{QY$_n)6Z{F`2#>CvVpdA%#lZohE7gX#!9j{>$1&4@=LS3(&2 z-lMc;h$>Dr_tQ0Z#aDr1k1G}0gk*TyeH&$XUnta8d+vCissBa$Kxg>rV@qxHv@)nG z*37tIrN-(p6Ks#YBpoK%1+1p{b+u92)hY;~YAYN*$?gwXqnr41DyA^JKzp9g%9~U#9dHJI1_l zeftMUQGm5Rg|Vb;%n96EMhjYWH1FO#d8A#WH}Cl011bf%NyCd@PPOI&xTuiZ4J4w= zOim}$AC`&js##RDanwoYUFgwVl$V{y-bpJ(jg8_Ief1=k1%2{s zw{+ypW2?;=&Ge#zp8qC4COkWLhlo?iS=rdxNr70ln7@7+CMqHU2ecoWaX!oOz;$>R(NmMoCDNZbOHIn$ed&mLm_pM*=1Ob5@cE(S{HaMa zeUU6)zeg;6-YP-x;!l!qg~3L|^y6LBo@z89n&YfETMPKwof&UX&_=nI!gP^Ts61ZQ_lmiNk_aU6R7_XQ?(~B2#j=Dcwrx^-y;x7%d*gP7Ws@KGA4?~Wp5B)vm0;AnDoQM|$GD4;o z3(8A=FR48-VN~YOmb>9H@iOw&lu^_ljDNZKs~5}lx7>VBK6}Tq>9nUBxr4vPe3s;_ z6CM>qG!aLQ()6qSIJRm6Tt?k@zpdALRyJug%oh9cbLLU^H*rk~zrJ=vuZ=nydbup` zyx;o_WyMxr?QEILi|K{I?p%burX+@zbId!PUXmhDq$f^ic(Yhr{J2|paP`h-<5NbGhV`e)J9!u=;X-ObkJt z2WR#zh%>TxrKdt7utr5=r=@>kOuSsj)hBIw`v>FSd|51|BBLoIgBC zT}EYfrwxyB2z|Lo6HKd7`PwQJGmW4~YI}J_Hds|QjFjW5T=dlmm2idtj$tcrY&k=0 zZGB9mYTiG+AEMa(7Le71LtiD$D5%(T-WScLK0p~iuru(rOI1rtyXZ-I$O2Z#n<(o? zp({2f8ejUjdSAwPQaNQyRm!?x#A-=tnUNvQcto9i@-4hyq^+;E7SU#Nk724$KrH3! z>iq^Kj1wh+>t<+#VY*I!ZciQ(O5p{bH~}ELAs~Y%FtlxUbU}RA!xbOZUodWK zA@IqNkPjy8>Bli6;Zi9zDZwr}tcC$9nBI6!aec9rG^_T7+Vq=QmTZjNc{p{;{rs_o zci^@{+0q~hO))ettOIvJK4GUTce zo-<5pr>dP}*wVQU87q&joz5S|8x*BxFV?g;$Ud^y-=(~F3Ys5PW`d>fCd8;IOIhz`h(-<%Fz0WBd zKVIOL$&fh2^!67+k89A1f3KN`TtFrc2j<=Pg2M*0ltC7OJ|GTY*s%RMd!kzUk@hr6q&`KKoS)1YprAC!a$aCDpDnr0{{ck0>BT*z1XzCjaZ?bL;(oFx3KUmpg@CzECK>g7R1cWbCQz& zf~OUdDE;TL?DxUi3Bd)ErEdb0k|0tQ{L!Gr)~m9u{qKbFp)I5~pgw*)S7z1^XtT=l z4fsl-jjT88Cjj%O(7#AU+DE9UK@ky6pcRN?(E}HViU_1py-eo&c!{{;p#IpKs@wwC zxA@+BqSi9;%k5qOgMDJQ;{1GX2e{r!Z)PPm4Mp>CRH~#H((nf zMpA%UUJz91B{1JYE&;%L&*T?oJ6%@B36Tasqv+SWLIjQ_L`e|^=)=bZ86D6qdf@fX$S{V;Xm~k7fCn-f zplz3UT)-0za0DC<5;oz5g_)V^Iy#8kE{4<|E_mKbU!Oc7VLXDm0G0xP!t*<-NVUKz zvFTL}jE&*8E+EodSYMwP`~2I2a{&wt(4td-Pl7f?HKYbEoZUpp-De-FtExcx=mT;f zIk{eltp&p@FG%$O{!0c$a# z|95zJSOD*FHN15jtqnRrjy`R$YWtX@-BA7RHQqe?#=Z))6QG;Tt zgnS}nqPV0aK}b~r4hu*gI2B+zs0EHhQgsL12#pR4Z9sN_=;l8-=|C?59|eA8$S%SD z#VE=W`GjZF5c0%RQuGxS!QtKud>E(|fu{mK91+0%KRwYZ5Y|AjE2as*;N>NFB@B{K zAiuzNjgE=g^#}_jM79ule0!aC3rI2%#C3xr^zJ>BZD_+GC=*U`Ud6ov8*ccJ$d3ph zp6tHGc+?0$v@Y;aL7MOJ)}K9qfnF9exS! zd^&wT4C|`{I7=p_AR!`prVRg(1abKgd;(Dd8X7SH0n%_sfI_vn`9>Fle18692mL&x z-=kl_WC{{}NUEQhnu37a;Lm2TW|I7JZ(-kty98kefrw^e10IHESz8*BG zFn&V$dit!UUCd;4An{FC*aaL7l)rF40yGV$8a(rUytKdpiu^nNqQeZ4s(_~n8qgEj zN$}dw+M1iw#>#`29F(Dew!pRrh+Dlo67>5#YWDzFE=o@~f(HcTz(9;bSOu73u!1G& zTdm%`<7V^%unh;2`YbJjtO+wm8R4XX%mJdqz7>fo?VxCL&1(#*Xl3huhmKw3%)BAW+5 zbJ5TMvf@_y0x$4s!_@@%5Ah8+IUhcLoCb6#R8gQbVd6Xj3lK1-j_^<;GFgQ^`Q*9B zK%@Z(;P^Q#I|$Q1Aop-}*H$6)ZW=g1L?9U*9SAR+0cHfxz$NI*PL7YYiVa=>fC#7q z6!pyeh@dA(IY9g)Byg$PL$maDuIV3SZ?Wjt9fPtBzydhQpmNxQsq(+mZGO9{3W$Y( zH-lVXxUxQwegydkZa@uq_k!z4>xZtHt*sCQKEWBRuB;61Tm-q=Orr;(SyxqA*(Hz% z5G&w)b73JUC^vlh`#{eHlpYPk>V&40mvw z`}qMojT_i5=HLbZjmXV;Ca_IlbFbOM;yD4*2kHl0Z~S)l>G$wmPADY;KvvyjS_UWg z=CGd)QmAlg6^Zy9<`L<@K(NE=1wT-lKnRo#^#*S2{O{js+A{q7?gbb_L>QDMfLkD- z3OFg5KeU{jYQR+i?z4b}kqatDuuZ|obK5WlZ6Ad3+t~qXYpv1I-qB%-;9?*z^7(UE zN&dlE2L{=X^C|=BrFcdO{4a?B^pUYKXBU?r#l@iUaRpi{S1BnVz~SGe3lBBNygMny z&QJL^OD~)}HS`0Q^`Dfa*x0aD@m;QyP@{Rt{}fN`E2iGLePFMojS}E6j<Q|^>DEfNs$Tct-ZY)fMdg|v<_KkI?S{1t3dSw zd=2;iO+Q<6`l9&yuc;|SrViCG9+d*3yZF+ZoRR{8JQEP;1PM{p)R}M{Q~4Yh;YFAj z7|$XQ<{h}L5y34*Vww(oraf3O9iC7;#V-EaLE5O|WSsoP+A&;_?zy zV;E0`lh*~oa7zYiPFN*iy?Jgobqt>h9$KI+!DxiYaG;8|gzRxx5TNgbHs(182Lt>G z1Q_7*$v=Xm3D^NL9LQ1NL&K0TadB_}@ppmzooLzR#l=yW1wr&c!PnsZuTF zll}dlBO}2P5#Xu=GoI?FcEJ2FN%;`*>VOD>cdh_YTTNiKo}HbAfEo}!A;zMxux)tq zLG%Ve^zc~$z3is?@L53R{x^xtndUKRhJ0Na&}dBttz+~GWD&(PYNVe!-$~Ns5t!nM zsUv+{$@7wAHnV_BblJR=B^_BR$OW}Q)yl7K{``LJ!0|AxF*TYLLRVVbrD#1zB_Rfed5 zmjiY{fX)GjG~x-*Lt_2BpQ+8ww{thA)zGHY*VI4;4lRTeR#u*XGbFDi8Z5bQpSYT5 zXVj>Io-mA20SF$r*D1;nl4$56EUm5O<>fEoo&w(nhm zU?fD63b-R^Qo!l~IzhNOci~iMV9oLfwZmtQ$kb|pNW3P*xO~R$WP3^Srwje6R4gQYn4VeQS~ZfBv)J#?hW|4hLg z2zJ_js9K)4(6oAAv4o5LwP|S4Sf=>gzkty)@9}w3B+e*ba}P^muEflP{WPTebrePR)r`LX7nnRjnJi&?(vZ+~gp*IvK%*yu3AlY{SJxGb&+0gsBQ10NAymqbQdiF|-yGgqZJoR(VbaX_~_Y2rimhG4&i1Git5=$ zq&9+v1_qRy8}D%Gv6-3hCz-#jM^IpOgO{wVtN;cT_YZm#h3@DF4gPNjZm{}QSz!5F&*B(9ZM-iQ^OE0P# zBnnF<($!J_7*)9ZLbCjnknqfODzJ1;Qh#vk{=Ll44VhfzG&DScqM{_DMx(@N_Bv!i zQ4;cphvauNp9LSBy6p)|wyW=#V-paZf+gwd@)9TG_*^cjF%{z)>!SsxggHyxt?RpY zp8Ks2Ks#S9P{3#OlZ0dAo9`r6Rx3^oUaC=2hlex=Z&Kc7amfCGBB)FQrM`;WsuU+QIV+j4ngGI~7bghu3hPES+gAZ^5;fa?hK+jruTw;O~DA4|1Zb zIT{vM8fG4N>i9=zeSBL)Wd39%4`Z2Dw5*uVh@o3%Ih^ca$H(S3v0e;dYD*x$){Jgk1hk=ajfhbKz46FwM_e6ZzKAzppDXGm(xatwy z_|zbCo{Q|J_N{SWjOQViYSomB=v$#ZS@Ew4_lGH~@Y7dj`Zp)Z?o&A7$+a=7YBAFs z-c6fFZ6Rm){F=4L_7NWeu6qd9rLYw*elf1Jy482{MXo{0`y?H7bo*)^Zbw@Ok-|4G zx{ti*g?-U!5bM!}BH{GS3H=SD|$TL@HqhJN_kl4+E#A3{5EYe0KSt zEUgKSPRUl}^LtwF*;rW2Ld^8Y6NhRt>E(<6{Q3231rg z9im7lyp2&(&+y{tV1hn4I=WhkH!PX}!lB8QKi8NQ0JpNrJ!s&f>C1ntM!TYJ#I;~j z?r?v5F15@+fh6Gjm-&W~KIALxXapUlon7XiEzst8uMQ9&vwddi@9m|u{spb4&r#Cc z@#!g2y{cm1oiu?!ZBvEqn(z{ata$-ns$%Usy?Tlj!4=XR*p}_DtGNS-_ORxNJe70V z>HPAlYK)BW(0j>KtM5HXr% z)^Mvvg)LIosCjPmIP4;+HlU2^qPi(?H$Y$^7{4>qpiaR=oG@hQ<8y28eUtEBQlSNR#+B$6arml)aPW%>kNJ~+SF-o;!*=KVPQG$fdIYE7XtJ0=o=08R#$nA+dcs)!Y?SOt)=w@Jph_% z&!fTT00|@txpR(@hS=AhTMUccp=Ah@yq9=a3=i2qn=xdeWPeixO}6->C4>X(@9WSa z&(rI^5S$iV#wfWfQQIJCAF{qt<^HQuMH6_mY`#NBaEvFC09k8#z);6f5W zkRyiW=ZL7GJI>{&J}9!yMIu+)kG8fb03 z3Ev%t4jtHq4wmp&<>mkog%fji;V@^HNIjyMe2d=hRBk>k*Ew8G_tg%hA!#J#t4wbz^mY#|_C zFimd*J@I_jt^M!cBw|6lquB+s#Djz?7jp*W9KsONGdX>NSxa2nY4K>fPLTMcEDNLA zpf^0;`S$jnVnw=9Z+aAJ_`FQC<%dywCW_(cAViL5Ly6QKtHm%PH=uWHAtXa`|iDz)n2-1G5ufQI8%CQ+s=KqJHClH zpI3SAnZ5tO$3o*49IUQJbC|VHiQ?_j&`z&gs#sC7Np^UsL~)s2MgE>I3r(YDb>?$h zNWPlU3(JQT#{+_-K_eMF7=${-MMWU*-2f8dKz0L0C73B;>#JxSZYz6XXKJIMf5Pkq$OhzjL-cI(#cI;&sq4E5XlekIxPeY| z3UC@gJMYDF7!4@bD1*A%x`1DJgkf?NnFW{UvzvgfUj$*~tm9tKRi~ zJNz2#?(}adQpEhLM7_|RbH_++=2XI!vngfhGki z3Ahyq6TO{zKgVLwz{kn?xi(Qb7qQhHtY6JnyY(=xLO++NNc%&p9^fCiDf%ErBKF5) zOiUo@dbJI`Dq$N0V7BJVQ9gVxs9+fSDHziNIwRw~I%LPg*o+aNKkDt)Ks zfqNgN&`Y7nJKo$iom8Kdu}Y}-_Pejfkz^iTt0QB-EeRtt;Z~5d=bnAh8OeZ`(Z?(K zG?AMU{pHQ7l=uC1qK0f1H+=%XRuxUnPMVZ&S8h;c^EGr04I@K7AjK-}yWy2cqM3Jf zZFwIQ2(-}oH<%U7_d1-DQQD=SOY+KQMml5{(e` zi|c(eyt=vq?|34XC1hYQ;)b4bJ_&~w7f1&bzq|NY1Ru`sEIcqEO&a@)Sv*LF$DD#0 z??kXMAAheM+Kj!!3;zqO7z2$ig`Ll&BNG zd{ys%OJb_w3I@evifmLK~jFpNz365u5X`#9RIvb0z{GsP5EO9;IcVvKds1O zb=Faeh9^wZa^T{*nZ_)Uan6XDGZ=Z!X7pH~P*wlXDsUE$My+nO!Z^79urX9Rz*X!D^Qq)p;hX&swRR!Ye|!D*KZ9e~ zk`4|N*djAy^SL=!`r~wXiFnkygqz^7jSUZfkdhg@A@5LSK9<_c8y{tQ_vI({zys~k zlz<`yIJDs@(UGKl-E;1C7Vfh(2eyp%rft?E&B6q-x3i8l#@qERcClJHq&NLFaSQ#P z?mCHTp>H3Sj~VcWxf3P`jt-;PtgM`jHZuB5lC00avu7W|A$dwW@sh%1Fv!y;h*2SE zL>C835|@3bJra$(6cb6>*~9Fq8VzxcWGWAvL@#R#thOB*6U15&1%hdARF!sX9lyOJF8TCF6!{=+<(Zi^$i+U`3d;{e`D!Da( z71WRD)U*8${>#4Bc)~G>nMJBh^`_+!1J;Ev(m=uoT(mFUH2Bdt?ObKQ?zlY>MlO7d z8b7&Yx391l#c$9|8Z($0*Efo55|-Njx2KjoR=UVEyv=D9dmuF=Zl%nj>+Muy=1Z~2 z&SdJOK(|%RpIUJ{ryR+=lO-!$x7@bLrsxks%~S?+f=-1i<5(%q#uW*pD&qrIOc;rG z9YS*dX+c}aACkIR_fbWPj0%e>LsGXD7&J?>%Q7!9YSNhmi3^Ms`Jg)H00crEHO zQWA%sY5F6Mgxz|+jtA*BQsunwDGjYU#5_QKEF{#D z;-oZIy1+#QmuSD=N&D~9!!G*?&Q4KFl;>2J3o@` zDmd{Ug~xFCMGsJX`)oBapiJ36KtK4C{*gGhOb<6{S}cjF8S)x8+v6TPy4+TRA*S|@ zKAjt?E#37r)78Q6eDUU}+Pw`jx^M4jW*Z0a)@rF(xn2$Y8!nw|SElK==uD6p&BKsP zh{Ahasg0+SwfjJ|-#_Cs)rmgY{5ILa3roV?u=8DtN_s5a!1H9O`ueP>BXO!?-&QpP zr>Z+V+Jz4?-UKpYgl=V+QhPJ9(A}r6K38}!tn&#oTdOE9Vvs3Z@~M=|_erH?q>?bP zL=OZ0F)c?|(|sGAc}5RD?+Ybw_Za5(&^JFcb=@6ZUK_kJ^?rrNq}$bMJ7_@IF7c~R zL)TqZ6WuG^Jv;hhMO8kWS)Eu{hq%48gBcSu3A^1fHRj1HF?S8`SEi0iq<`_3&UMVc z^h#$W4&^12;jb!V!tWbcNqXiyZ~qsoH)S6%VkVx+`Rq!Smwai94;wQOD-t}m%^)`$)Cw~GWipkNzA1MiKTs4Jx9Hhq+Rzr zsy3WyzYRM#lT;{lFQ<>nW`4$|))=|{njy=z*!RJDMgE6SBfZ;sf-M0PS5!`PU`Oq+ zKA*o-$Vd-vnb#@l6rWFTg?|K>vf-?u3bs=Hhi%8?*?!N5+0q8Dao;a=QC>dD9Zm!* zldrAj#Ap2S2HzQtC;Z);V+kcrL^C|)+C&y|Lq~=Up1%ibzf@f>(_qwSzHYyEnYiX! zsd7=|2RbB@o1<|UrAMoC_ zWF$Sl(?@b>fZ3VL*!>rM{-`@?#rlLqU=PdihL9>%rj;gS-^<4TRUfTZUWF~W2=3V! zJGHfK7cJSHG0uE~GCB38de=2c$;G3fjy3*g3yL1;iz*nznFS$A&Sp-0Rt1l|PNzqM zh#~*{YMGR-L?-b2x&%gGxHXG6{qY4hHCq@z{pUDd};Y1cDDUR(ITN^McFxM;c_ z?q!@Df18KHb}R2C^IiN+pXgSVV~cr`s9mCGEk@y|PqoG!;3rgAF`$V5N~6rQFYJJ_ zjPC8Oh48;?>b)pI+Y;R_p|VN*F$WzkPJ+nZL&ksy?ns&}CP=hmJGNe9-@O!cMKeb$#F9hH=0GBoX+?|1Z1@uKXK#JNKN`6d%ePaz zv!p=Mx;&VYUd;N}lqwv&S;6{zhsrPxWtPVd3i1_ex88_ z2`yXu(U`rgyUlq-8BO=Pt5ci3EmyuGlT;T4DV%9oueh5<=d#{3K#tO&V6rK(!2;TF zMDmp5;`Xjxz4lY*nT=g{sr*=`f~6sY7Ze!hor23liTzjaxAnJboT~b3UxaMd^jAkT z-p0Sr8T{&YJ;0hRO+bG8Zfi($Xp4|cxRzRhxL~yJ&6p6cyL0OzGwu?vB2h~I@AU=rbwlu^Nlr^!ryFD z9+v8G9V~*HUDrCcFGQB(rKkc=&J*=Z^U0&-*f7(k9TzSaAdZIAd4`zi#9@cFn73%n|`JKNOUBGh*gEE?}C*EIHcY^Pgha$2Qd zsQw5kv~X!xM6lWOmr!?X`LMx@C~boL@g6Fi)Z&@t^%|$4+4dwtwzTZ=o`+1|isxKj zH5&I8oP?%cywk`G2YoE(sMJpqB>r=r3e`yQK+_38wWj6 zK|=9$MY8!1E8lfqFXE3vD|eTeA_c|`u9ZQjs9gG}L;-+2A>NGm`P7OxDLc@1@ z0OtfP!X^Iv_Hgh$_1Htdbp~WROs)`#CbBF4ze`++os@+3|+; zboK1qyePFIANDLNtT_B3s7=P##KSr`#&z!Ms5E`^Mub(LUuN;PzcWc@IdK;1knqKI zyT{96k)v8+^EPemnFvBH>0y2DlZlNKw(GY;sUq%O(|fT`E}ZAKxYm>&ei8B7baB~j zW02$bW_}kRZPX_#XWGHTA}fkco*%aKhmm+T!{`_Gc}I+|RXtYcGW!zB9(!BTQ}jqY zab|(&=Zbap_ZpVwCCScF95&gllI1>NvFG2)Fly0=HpTUb(6UH8wolSz49_-aFbzPp z!j~M6;U^=9^On$yR*@B|)}GU4$r6^9=*GWIHyzO9lCZAo88LJ)fY%N}w)pL04#$-;>UG*w#X{oYkR?n5sjo-a1>zFy}o0d|K zc`{ikNXNUU6Rccqb=Bu3Q?(o?t(d|;JNWOr8g;yxTjOo3U@qIQ3DEv?dO(w_8xC^O!>9_>~;ZHr&|VzsK? z_Ls?wDg@Vhr+J<(lycR>$FAFI2~aik>FQ0$8l>d3s^EX!V5{Y*l&nUrS7Lez_q2RC z;_&~+(OE{-&2&*1EpEl#-KBVOzZ7@Zi+gb>?(Po7-QC@-xD#OQLxjP%Qm55%=_C>km|VSJ45x`;&2}AH{yF4XZlhqK}}-z z+c1ZJ6juxImvI6)Po%FH)pQIQ=m1X)8_wV8!y6W3J0%ktNRIxyzz`!Y>SEAFmm=X6l>&j zp&m4hD{Nl48b6VxG%;PiC&>r(&oaE0sJb_}`4>-#o&QFO9C?nOAbbcVMIHz3aXJ40?)` zkneKvC`p3Kc)s&LyH-h z8ym9~O&p$~E7E=+J3uw&xytKuI}Qfsb+Od@(#fp2xuP0@r{jgG8S3f5lm6>U?OI!~ zRA^xm^>*w(3I^G`ji=E27fDN>?VJ5OV5nu=e^B;3zm`V{Z@2l~t?Q=&XN0eP$>b8w zpTr#o(wLIUY5C>U0ZeCLn0f!ObA-Ld+G+z9@R(OxhYexR!#_?ieFgT>a;ZMThXUI- z-oV_31v=4cL7_?Sk?iZZyfxRC`5r~#54J|$qB4eMp0}+El&E8-^lSsHY+Zue#pCsY zV$PM1HYUDVzq6@Z_Hva>-o``PQqxlRf*`{#PqVp(jP|qeghHW+**nn$1v6COmu-QS zx=fbmDo1|emXnd0jRe|dtJG77%Az{`5#@lP^1%otN*j@B1nT&AQbj#Plvi7CP@yFV zc;3zB5;F zalbUIouAlm^x2yiv~mfLMJIaoSmeozA-R|Q-TJ(rO-~WzNsN}jUtPzgMdH$m6D@EX8b5N!zwzq*n zZ2?@J-)^-UYNI_|VLFX`Q>;-hK~zY^t@ntqWb@G;nf-)4Qx_3g2?R zK>q#t5Ic5T+^^D+xB0bpD*fJ9RPwvy#Xc}hbd9_)d?BZjq6=Wf2l$Sh?Bm+Sv4ac) zOqv*}qWpaexALaDbSx`p1OM}3--ToODHa6Qs%Y)D?<2}9IY7@u>i42))mOcD)|T_S zJe~Owq(Uj+9T3se zk_#8jcOc`TDyBXVFx?pKG;c(IUugDTc_`;nu9b0z>`V#TSj!e|^Y~lEj@k2KyuM0W z65~tNU9~v2V(%O+o5JwL8Mt>lQEip1%n~AIff^=kJb%K6RPrn>1RwpQ$#<3@Gf`Cw z{~lQBaGA3r-n)S&YpQ))@!9yHEyA#N^Fm7xvvhHS)LZY}c4(X1PB(vX!v5>`93k($ zR@0vJUXM(Rx-4MwUpSf1FR~|ZXD# z2Y}YvVYPb`j+;!i^e?+%-#RRlv{;lH}0DK3!} zCRTN7sk_ZU$tjpf-?c^5wiew1$f-EI3Wn|AeqeGos2i_bWv2@rzh=15+HJHHw9(ja zCopp!`3RfNJkicvvD8E$MSDH}OTO+Qd_4qK0#lVDU`MK8gBwe7KMee>YQ08?;*t%o z1ODBxxunuK-H-hSpsQ9R&<>^W*l)q!@BIJ+&G?Uvc7{%>Y@E+34OE-jFGpbiobv2G z>?YIl#)2p)8Xb7}5Ag}PzIz@zM_I{Apz)d?B!memRe`r88G(htnRe~7HLFb^P|-n~ z?F!T6C@`qK+V(?GmFnZ4cPfDB(Ww@t3-4*p-VDkv4n4 zZo>Gkl<&;(Ksn4Wt=P zBe9iZ!cj6Fxtcf;*}{^pw(^l&6ua6r z{1nu}5IJ9KxhMqRtWKE zne@&`l0qF)P3*@{Tfv^&|7pfqPJghBKW0bX>WCyOUn7q@_Y*L=J2L zR<~xFG)!+?Oo<*6wJ(Qj%*7WFh))@yJLWc8-QZZ-30+`e=H$R<)WHWyh0Po-POSc} z`{Kkkg{X1#hUl_J5BB3&T4_6Eohoo&)(nmF&!30b*Lr?ZMqV5u6r;cnZq$^4{|rw> z9Dj?i-Sy4Y!*!oSxwH=<3@bVgu?x6KWktspxh)4p$`TWJ#Ljo<*02%z7_+;lkTF~m1$b~J#}S6CwZcs5xxP5J z@I&f;|28OVb(|fdsv77t-clQ~KU?23SLYR1NLOj%P7KnFqkprj4$Hu#>?jC<_^u|O zE=85EMs@d8L9H0lZd`h0ZMlf-fS5TTpZ(Kjn&v}#M@#xqyA@33r8o> z1?f#E!P)#Ms6j(3tKOQWA)7l2WRxb>gr0S%wyB~s!>6^>#w+IQd=FWz&sxeZKdqv> zU?@|B9;XO(s};!_LYhkh?}uX7J=aysjZr6GQGsH7!{P2uc1Jao?CB-B)C+Td+f^X5 zWfLkDP%qN26kY6Y*}e(|+LigjW;&nxVaIYal=xy68QUNtN$rhij_qba!)m>Dh!#f8 zqOFD$OTa5`uQtBaW^5VF{sj^bHVaPI+B6koo{H!gJs^LvKA@)#gF`Ux+^jv!6gJ6hr7fAo=U=Vu zo2-2X0-cXe@P?GFe*VruO-KhOE920BDhQ>W6T@2yS#wawVoiWj1Atj@I;?)H=Lw;Z6oFR~(yH6|7abNt3t} z4wSSDhXUTx3@|7X+<)4;N40uhoF}>?L5E7&*~P74h%xsS4TT#)7Oj_Im)}Xq(d%cE z0WW=~`7%f#GTK0GtEM^M;l_P7VS8@y zl|NUK95gNBs#npj52j2Tj05eCye4uk!qe8y{%5dAkXrP>#U!SH4|cE$#b|ize)wK; zAJ?0v1RS=N&2U>#OEg@0c>B^Qtm-v7bm}^FR+8peVG|H~!c9g)e$zWmYcN#%aZi3$ zxiX)zn?PQ~K;1P{u;Yk~F#&5^!PXlHPgekg%|>P(zXz!RM@B*&-868%vGdOhlCx0L z?10R)iH#x}Pki{C0?8(K2?5IvmH9)*E6jrwOC=IEQ31sIDM<8V+v4>4+TF!Pz{>mf z@p0*67D^WgfK@a}0}wP%0YOe57M#h^nPZ9?r^_UN zt<)!vdM7Bd1J|$SxZ^`GMmn=*hOl=H2rz7AUPSg}f5(Fchfp(&=t(}{ z3alLsgRw{hchusU2q;!Yoe9^8))8$Nj?nK6;4A6rN~p*Mhf`%r5%BV$aV)X8_ro*~ z{5xB^1c}FNqO7u@9nHuisgU5^69x=#5b=tB33m-pQDs6YM&cg%BC;Labl?!VSWXHY zC|T_Q@=dakYd4h?9fQj8C`(9AEw+9tkjogkKiRdCzed6HDLn9ge^(@&_8S-9h^;N7 zn+z*a9hQn_z?i~)Poo5;XnzvtJe){ZDog@w?K-iC&x! z=~r;)k3Ceduc66y+#s$y>rAjrYBpn^#saX4aKOJ|fA0S2R%jE7_y0*_Rg{D!K#}<^ zsb}?MOs9HzbMs&5O06XXwTX&Yg*zNIC6bG7@RtNJ z9wT6i+`^=N}S5DNr(Ih;UDxN>1ug{65Y65&Hh}{aHnPOXTPNF!UYQ zc$&bd2R9f&?tz0U+52-(&$O=C!l38!`pxMqk9;D5D^R4?dzy^*U_a4RFkr#V-fv!o z`sv|k{{9`%Pytyr-3Dk6iL&f2^L=QiHxfmGFjmn^tK=@Qd&DO5ks;sG$snNwUo*MZ zf^dlsnUNK=4~TWdetBG@qt>r7J|S=AxqbJ)kv+j8L;GCA3jH7ii(Fcy2}f#ia!o9Q z*$un;dH#TK3`^YKi`Kj}SQ`i(mH8AONPm4R1s4&ip-ZxD$ps`SbhNiSg<|Wv%~<2` z9hU;ZQPfmaCy!npBCv@sQgT^TkMU%?{2mF#_S%(nYu-|)Vv*^;%G%j zOyIQ;SwXb6EH>LS$G(5U88jin$c*36p3gtwGsB|K$!=q8ox7r6=OM6Vh*(BZjQ{kf zl@YOzW|oEJr9|R5x?30aiHG>yL0iEct+W70KUXK(S~G(jCcg;+IzSVXy>g8c0f9Uyem0saENLx#I0@IXJB3o|7IdWKv^nu|grmO^o&v#0>^ z?I=^e1hBsV-WN)X9`7%< zhj<9?G?c<`dJ%QvF)VaC(lG%JK%abAI0oEMC=eUipJ;fX8((f(aI^++Ik1mHEXXC3 z>BRm(U)wl+ON7Gj1xj;SeNTkG+>rzv>?*a<|Y0J`iD z_>{?xs!F_EpBgf%|NdwsAZr73wry>^y4|;cOIlFtY=7U>W*hL90JQSdRGfJ@SrJd@ zernASK3bDAh<$d#pQE;E`H3=upt@zsWI5;zfhaiAaC=$b6T zA~#x<_vwJ^$PA;JL+EA$Ul)&_eoAa8V2D%+uQ2CCwAlUhch+$utdpO}1g`1q?y|=@|j5ubq{cPVA9CalzsnCrcSeXLE(BSzK8G z6|3kvNlcPw4O04IPkajeJBtoU`O4ka-p&WG_kmaqN6iuEAVAm&u$Tn^zf^0h=F||V zuW7soK61yjz~2T?vr16#dH<<0;<*L%dw@m8+1*`}A%&==agz{vbjd&w4GC$e3sG^L z1yBOYhkRLubQWqu{lXTo9*YK(a7^o*rO8f+ez6z-gI;U&KUY8CLI#eqht;sd1RzvF za&lsL>sAY%D6fh8$Z$WU?zYlVu=jlI$e<8X`}8YB;Xj z_OOTz`WGR+0NVLJ2zq~(EgDGik{g*)8L5Ub{NhdOpEp}nN{zp*YXN`rCm0w&DZWl% zIg|S}Y9dy3Pl7#o`WeQCvM&R*>z%)ZHbx5Y;hAb_;Soa&N+6y(DCF=T9v!7-Wbm=E z^<`nnFl@+Ue5Mb<_H8E0@?YeOK4il~1{^aaBqV_7T?o=ZPhTJK7wG_ay|bDd)bD-s zpe}@=_+G5^UPLS4^ihh$P~Y6db5-V#laf(TF*-+y`UAW!ktBMEIh-IWj381v$nH)0 zXHm)}80H*59YozbKiobmR!zg@G_+AhTuv__%b=GFqxo1||+y_fzV_D{H@uT{VE@1AOY7A<%Zr zfL0r@yrH6@0ij};vs^!ljZV+6t$9@+n!ggd`Bg*^T#&tcNr=fy=)86{avS`>s7*u? ziV9JaO>B*1tqsRG;$Vlx*-3UseoS6i2mDxleIl`OfY!1dh>jqjJgokTlz|GpuN&+ke-D5uB`?~-Dm*cW9~75RwV8VOkyKot>v9(lx~1W6!X!Y8!{tP)h} z@^{S}u{z)ssSEVmXnM@)hquFeF$9k9)hYzXml@H}3&Z+t12RVdrExO1!63!pPs~yx zyt`Gj6G5Q#C2J*35(HQ*0bw~n!Z@|0P+edF?6LrB8D+amgxUd3gao=R3Ym5vy*U-i z3MI7MYROYFh8XLlH46Q zb+#hF-G!R2N6ot#4zK!Ike)IT6@#=0i!-MlSBdPW79*G?FvFm4v>zxXWo2c6Yosuc$!UdC?{@w(Hn_BRWRLB)Q_T#{3*H3DRa*&6~a1mY$)? zZPEBo(Wn{z%4k~*GGpSkE5`>18vy!({BO9>%k!;iik$hs~# zCs)ki)eYpPUI8~Ku)P9I6b8qhfXuj)Uw~Yk+3Ht9YchdD0e|g5%Apbvv;ic>`97X4 z0WHMe*H^&Eg3*8aC$gb0hn$@(Y%DRdi;+L)zob<_SPrOOBO)WuE-r#MShrYULpfy_ zBjEu=XRfTVD(3BTFzhRIV zA@uQ&SO7qPRYTjzUcm>h5Ou~WV6jc@)>JKwNTD7YPkR6DTVQe!K#uV)YP_rLRDU=0 z5u1jNNo!HU@{5rng@gJF#h1%3zAEz+dzgU~g6_O(b3q|RN2+kD8H$0u&!Nm#lU*$^>?K!@P~PgV+*^3(oEyL_WND5{-O2D_nc+a z89pnE_Lsw_hfmQ#?rYYb?H#~}8F)$o%uNI1qP1&kK|xzZdz+l5-qMs#c~P&Z;ThJE zA73vwu4a#(vf63ritDiYbmT-@F9XBe(?yVG=7&04oNBpuySX`MrFzN<)%GTie`(avl(Cyck-Ny7*3)>Q&yrwXxn>4$H(WgvZg%4j(t|o0c9o}Dud&E8A zCu{M7rUgHV9W;;~EcG0RSp?xBqv=Fnh=L$_;p>b6a%;Fh?Z_NfJfTFwK}3>D@DRGO z480vq(rGcDSq61uaelSh@y)jJz3RI8yVhUlXTvYQpEF{T{=RZFuc33qQ0#9jH2&kf zp5Z07!3C@0qtG3ui-R4=T*}H8>n~KzU2bo91_${~eV++oIdoE*uotmiE*I+T2!)ah zBF(ArmhGR5)Ta?&#=sz1o;dT$P_%bvL)guoT~`p2+Ehza)u%e9GCR}Rtx)bJ#L4bD z(&0M3CLj8#qhGe!c#L50!8$1~zNgauXM^r+V_xmlXyd_jLZhjQE@_AN^0a@(8RD_s zO}34moSw6Fd_}fM2P*#G)wco&Nv{sgHFu<$yL#A(Y6o0M0$_(d7}ah*Q{H4F=;mCL zkxd%lK}$|Kk?jO+e%18GFbkiNsnDKa3zM%b1Z$=eiURxFu1D~ZgVq%>M>jtxXtX|7 z!$+y)vWS_>#+`T)Q6r;u*C$lp`UT4H%3$gSm05b$*kz2%8~kLy+JWp>*s6v9=WNO? z{2%5$@7JI^gYK>{;5ucoS6$S(^V&{5JVX{xr!M?p9({g1IqddY&R3ZqAcv=lw~M`9 z^0WIDtX zBqT+eYC(Qt93`6HH2DN#oc1?xqP|?Mf1^eEo?sRB{UI_i#G1R8D=!6{o?xzX;x{dj z8E3@pkivA5vLL82Ih}R7dPT6{k#(!6F_^BYCJEiegqz_~jQA&|VSW5E!x+uE4Kj6$ zT*uQ2HG|tBzQwvJzhF8gq_c!aJm;Zz5Xb5H8e}T#?QqL_xkon2GH;QF=72fdr+;XR zNjS^3`?YF1-NMWOcTymDXf{09bf=KI76eCLE=Cd3=LS{T*q;PXW)ZN!##}qRtNzSh zD~3WOTo|CqT(23ghzG4<_LXlkCahch3n9EZ+F-PGN#%;VhV^EB;iiy%c5PGAc|rZx z8IG22A|atmc%2v|w+6vQm38#_cS~Bz)p19D@_KQkrg)SXj>}X&sj+79P<*jQORS5~xDOO(sR;|@zM^A3-D_|)7@_2A%A7H-TWk<+eg3%ooj^8#H^;;_NtTp`XevL$x7bzR0-r&%4aK z2@q%Om&uef-6U#=k*hUFPaymobsU4GgID@Y!q`K$@T{F3Ywp`VGHZSDD|4+RhGmjy zom#}S7IMO14U!^E$hbK2;t_KL!O8y^c~v=Ip{}2DdI6oLfc4Jpvy}?c6%Y907u2Ad zi%-KwdRa;o4i4>zdrBGu=KczcZprjCcwS;IH3P%gwC6qYbg(&<&fRX^W53BJN~PXr zLCRH5McPVstg)035I2vH%ONAYt=7P!6y)Z@>o&&+2JO%?e#Ar>14Fd zAROdOW4+{9r-o>jq`8W;g((%@YK%lV#e}iZ9r1`R=G~Zm5md|Okoe3?lNl%{^Z-a1 zxXzVuKkN||JY*zfM={>AKY%NwS7j!x$=x#cO`ELXWCeiG>j^n^HFiCm$);^)@n}cE zr_LYM(FioQYX$tMU>#eakIalj{O{tD;wItY-7JM;l;@M{9~K8FZU93hA>c?{OpO~y z{Lk||?$SDCHs}>}JY79GTb$)|HMZ-W#_F1qw#DxbUMYzIKJp<=HeKabX72gGIKzuo7!7z zObUb&m;|xr@sd0bbyw=?r=~Wztu@SWxPm2CS16^4R(tGb7U?-@d<_$`7qx4I{2pXZ zqAbRUq+|@44C_R^Mp613$A~y)RWdS!T<*~3403^qf#Ug|oBUAUlMV=H$ol*!|8(nu^nodXZ~~(A99*G6_~y| z$kbQdoKG&MKqW0xlYl6vs?3_D!ZK2BEcHcli0V*^#_TX{`8ahkbdpnvP{n!a79a5d zb%g5B>sk6GWc&_vo}PYi^-ubVh&Q!x9{BnDzogj#v(rcheMk97X^|qoHlk+c-liE= z`6CSUlx)?4vUzhHbx*iaFW6x-Y)xFv)4RoHQDs?`-te|XsP6~q2ZC|_GI{Z<(F1Z4 z9fSU_*f5bhV@P4$bYaq={W6FBUe~qQ-A1#ig{e;SF%@6H30|QlDt@1}{IOVe9Y2pOp?)u2jRv{ybx!(n9PqZxzvs=h52TR(| zxu;}je=M$JZwlZUs$5~`U8E*D^;Qd%NRt|tA}MQn;9?2S&iKu95-ncLEi@7Hi_lpZ z4uEDGq)8PyL7tnGh}O=h`~d+yktT+f+^UK_0a7 zY`PM4miP(HI6g4_*pCwHIt5#7LB-(G_!d(6$VeScy(Z6;`>Ju_i_Heu5Qw;ob^30X z&c-galx*JpFxi~LVxZ>cyC|8DgZZVQ{*?K)j>v)}M9 z2+}`1>!ZCgj3a8dm^}Kb%MI5ie8!;Zo|2Nw_x+dCRW_e$=?PYdJlx{EfP}D}R{P$3 zgsHxHG1r>w>Zs(LQs&X1Nh(L43jdr~zk;oWc|Tey938_nh5+n(aUypZtDlz@Dq~iu zJir;+q8P=l?0vI-$N=#~F=pj?huN=pRJN($;-zp|O+*h*W*;-_@jEZ_+~P;37j3j7 z5zUo5Z1_6wl-W3`yC{9XLsPZ5T6Z_w8Yn)l?U?(dtGw3b{V|t^){dpgjhp(V>!Uv` zAR$6gFo;OAYU}TPg7UV{@gJFrvc;U23K7|^ty+{L;_Y5$fJjq;91>^E;m&vV@YGr!u$2<1@Me+o7wP6 z;V6-yTSr@i_8u;~%~ioaX@%+B-e*9S6@4K~yzoU$jpG3>y@^a?1Qwp@a`#~U9RK4? z8~+99WdG!*FWG>%{Jw{0AZ@SXH~%Xgp43#>th2gGE;k&d?F8Ccv`w__o_kLIqtI_I zjrVzri*O1#@6#P9F3Z((aBw_5t% z>iyaQcR-GjW-*K3`2FvJxU`1rpW*s!g~r3w#&>hDJzJkj8&Y@z@**DuE+=iyWlcDVK1#n@bUiUxCm7c=C#jcY%EBf94 z%GxUUy6a3H-1mX*;5)k0(|aKj4r{ODW$Z%cH{iQjx{4`vs{~b#f3dG4r0z#4i!9nl zKL2Jgv9zb?sb`%MPU2S=_a=_2_A;XfA|+!P=i2Y&tVg3i-ZR|C zf-Ho9(^O!kV+GDsub#j&jPsbu=Xs;GtwQ^Z^!9QUA$3=8Sr|z`|a+xRcB>?ZS;28`C7BR5u#8(V5I}T+OJsm zuiqC^oc8&}iRX9pmby>7@`O4HP^gLd1LFzbA!zLmp;iX#bk_=b9^l z&S5y>R+U!afSq-AOR3>te-aZ5QDKMl`3QKe~H^byu`n(b`b z2Z?+4_l?KTC^hp(jsr#Iz+$q;u<4TbOI8(3$KX0f#K7R1R666sgrcN&%7Mt}m(HJL zjG7h22=w6cl1ss|s>e)Pdrjbli6ufB`Ah~7V-dA=txQ!oO zdTZ2dv6=pPL(%=AqIT95XmZ4A&|%(wX<+2@k1QlC-dOJ3U%{`y8p&uwe0RQRxl%S+! zih{CLXfif31xxqL18N4(A+?sZ0yvFxI)Cl3VEoG<<2O4Dm!p_R6y8a$g1B5FzS9nj zOKi$cK8OD2k!43S)H!eyU$%flb_sczG^^js-t%sujn{+oIuUoP^h^$q{o395?-the z7T>uC{KBXu6489zrz_pLL8=utyFZSVCuV4WYByHNVd{roJ<&aWooTZf5d2yhV%*%R zolG0-4+6? zoV-gqDXwZ(+J2MA+~vK6fE)-audPQPidL$rPFDvpFPqTcuHhT0xWLb;*#q3O&RxBf`63MxM{)kqu<^{Q#H_YlJ5r> zGqi`7fYzmyb!(&f+OnkqJn^u$vbmw^3{t(5<3wbPV#qvM^d?{`&ftZM?WoyqpcE2! zdi+xuBYdT%b{5Hy3EYRX`rTi>rk;VWr=WqJUborxxTly=b8;TB7w_?#yox=rE{bZ4 z>xljZ+U4hv39OWkg2<6_&Lbg@EAQJ8ePF!>{t9p?w`<|hsom#@q-(*{l7p20zHl|z zZWT+4`~y?w6f2jyrkL}CY5|m4h&$aeRdrVH9OvB|-uScdwPE|eQfj-+xo$5{_ui^* z+L3>2bKi82T3tsUP7XiUCfO`cpPj{Z`nr=gBvk9qfzrN#GY7Z&(~j!g+1?LMV_wnt zo=_)r1qyMP|Gu9_?XQm**_k?uyJ$W6GtoWl&Aw`K=nPw#b*Z-#h0=)l)aEkIOC?yu z-s2eTeDMItU;0F!Jz_AP5r>@bDQX-oQ5Nb^B|K4UDO~)y&ZKk@#myMv*pkp7NnvcQ z+6#d>kUs&|AOgzA_UyUyR_73|J(ah9XjBHBQk+AYJ8-l zH7#IPyql#8ZC9kFrc-7_iAxLOJ3Du9C*^fJ9r+536|rX3jG7vI*I?RF{3j5$dIx8k z{g3<0wn?7rT7!>$f$JVx5aSqKMK+)N?)taivF!##kB_aLe~8u9PFXg)gk49nkyfts zdOSbshkAcj1=x=RiVw@1_re-bYHi2)RlU)8Bv6+oRMc{S0+aSSi<-wP;4(9?n%uR3 z>#*T@QE$KShxzvtmgbk)^sj#REt_c$TiZ>pnznN9e{JkBd-9y$D}J}=zxL({eq{&I zE3y*Y4r>aNI@8oxsDuWJ+T_}zV2iwvTOEcHJga0*|C5pU$g>? zFILGpT@~#mHIhZ?icbqYC1-nH&Kv~XSUevN!Y9j7j#=$0YmkV9jfdK!bV)l%-|eSL zx85y)!u0X;et#sc?c?N^q5!dU%uDzoF>2OeZvXSIa7NXVAI!Ic+S^2Dhwff~ve|(S zO4!#)kZR9a+To&(@8D?v3DrANuS;__!LhMGJ93mNqQYg+h66euB;WU0SPB9Dv#38m z#aTJ?Xee&sk!yCF5kQ+Qky#k7G*nQFAgqytgIkk4idUhU@92}u0)#7rR?kyfIhp!F zd*s9-3m=2<%1>Me-VSIKT+lI#@NN^CCl-$?S>anEEc;|zQ+Ui2T&3sD>F@1?`k)^w17@0Cpiepfsf&G z>37_+-PZd}$ThIkm;>o6>inKwbD^Yu{7y%AoY(QkLixif)1GJRuZmsEwyPc9ANBs> z!N%80K*f6ldgC+Pe2qfHLDQw6=w22zQ=^E^YalK-+$Yv2@-_#Crs6NvAF=CyWtPV@H02a1ym0A;@Q^xO|QZ8s>gTgdJqz%t6VlIiJ z9nNE&{M;Un|1p}F@f7FM+MGfC?l64|oN0X;dO#h)O_9M=z5atdk+nYHu=)4ze99%t zv@y^gk?*FtU+W(^TZ`))1zkaE*Xt1AxHgZ9m4<4s2a3M2H+oxkT7rsDIB6irzac+M z^ds)7up!vW_+ZQn`Uu>j6Zpi_UgE%~PbFCftVtIsV~MXEz`BMQCpr#>y2swCqD9up zAsvu|{fm(!zG#%wFrM2AM^no$jHk?km38>Fb#=bNYED)so&P~0?UJ{X?9FmT)TrcV z?h@~S4rA0|b8V_#6^5UK)|!?ryCt6v=b3IORP|q zyB77Eesb!Da3fjBzFLo&*t#JJsQ_A6+SXO_QpezR>&FO|8X2BSBTP-iY~5-{t)r&s z!f!egw;G)jT8C)(u0I#`?3|E(FztgFv6%rT;zF60+)w%`Z01!GD$2*eb8QWs<>np! zoObGU##Ryv7I}8v>nvm2?_dmn2AcA)zuoOMNd@y>M9I3fbD1Y}*|-&T`E#61XVpPO z!O*EXL#S3S2)_r|8`mF~@v?vy5`-02-Gc~z@?IcTo-ct(kF2e{$wa+kgy2Srwh#{# zX4skhd7}o10A$ZD{JxbmGIQFSnSom@^l(9*++xTFbdT}+f%#R(E%G@!w2V3t5f@_w zv_0Z)-rDpsqP3b5^39o{4!bca9LzYQ4uzL_*nTxraxtX}SM*9HKIO#=R=<}xHMiULC16FWb+K!Yo#G zG~cpJP$!-wQ+GaxFkM_^V*JF|_K2!|O2-YWyfz$wjRUEvOJSE9fs@UTz5F1SK@)Qt zHs0P*;>8$Q!oA9}Ec_L(SoP~9UL)7{hc;*(>r}BsC~}E!;a2_o8PAj=Gh!0O{R@FN zC^UA+LbnNNyrz6L{OBk>CS&w{F9y#A33y~$S_N_X^2uyH$jTmTsh;4X-Aa75sohm$ z{IKG`ciU+sS{a%8n30!Q^CV{Yln~k@bR}9N=mgA+#g(+q?iP!NW`7d~FHg;i0@)hS zP8smQ+X<@gY3IZ`?v}iW)-9YE?UBFvQ=uju14I~;ljP3X3Lm*fC&1i@6^t#Crscs{ z<(5Y_LCud7MaWWgHrzCOqgTlvO{US0^%ktt$=lwB~Z>x}Ab7G4?2 zGvemJmfM5WF0Z$hFLS6;V5?NHN)L;(F}UA!^I5q_lX=WVRXylN>d!s~NSZ^Mtk*Jv{6k)Y`V=0!V9DkW_EpGxw4x=hL*4=a2etxAcm>@$dsOn56O*Y>-yjPS z4wem`kj5m>V>t=;5KS$j1wPw4wP{C8t6I=B!g{xwsHyo?C4NnACgv)klwYExfrD_@WTL67?NufW-X=(jmOA0|(N(3P>Jl@>?D=_PdS5VXhCfsNEy(=Kgs zg;^H(DeH*r^B`0X*Y!PSMjfTP3kQ!o2zr=ES zHw=1;l$J9IhJoDeIFZN^t|P$t!z>P|#Jj;k&xfe+dM*IZ}j807uq?CiBKN$A-4 zr1$}UsfHzb&$x#qCDb%Eb+@#eb#m0TViTu7j_)&t5vuW(ulfgzx zDhR;P7AsNFr#w6Xp(V7otU!_t0TB@v)AznCaFlR^Lh0nobt6F66aw-wQZI)G2lspD z4$Ukq05zA^7H+l1E5Qs)f(+Z&|3H>N(D%x(=z#&TEi4B}D@}Cy#Iin2`Z&mfSShZ7 zeSN6{CkW_Wv4Kbp#a)r1x2F9u)N!bQRjb>z7`Jh947S3M<_NbTPq~Q*A z=}I-5q~zeB7^!_A*oZyn^!WJ6aK1(JI}SUnt_QB7;wbANclDeS!Sgi<6gI-ih%@ z;D+e^xA4aUE~3?aRC>}JRec8rBp(cctS}S(mouZ&4t_|2Rn;%O=Dxq zVq_pl>1<_xHwx2K4ST4oGr1V}d{54u4ye?#l*CH}YYY6@=qvtgL&bXhqYLvthYBo) zD(HnmcTjl<#A?EgUKWdmfC265;KVzNbq$ZwJLZ0_TW2T<>AH89!PaX6jMckpLI!r0 zf|{yR`8QAD12lK0Rj)fcMnD3WvNA^CIbbya1b50^d5xMtu0=FHCjeqRWrc%-1L72b za3o_c0w6dA;LwGIhQ7SM78VvZHZ*u#W0dv-;BD*X_0iGM$w?4PT5D@-;i9pFgG22u z5aLxXCDBv+ujytWvwkQk7!NCe)FyWLh1Cg4nzOvLFJAS`J4~>J(p6ToB;$a zLXTh53q+d zwN8KUv~qzbXHX3$=;}H=_x~Jv<0AT!1aCc< zI3hmhy`hMI|Na5oYeRsd4j@BP@%x>@IC5%_O_6Zv0unn7(I5bgxz zSpmA5z@Q+%kJoL(HphU0W!|Q)g8w3+0G_5p_v7+^kS<>mkf~o^&Q|rZLvdG8kx}UEoqS}8`hh-Xw9{pN29p?%gD4D#G`x4I&*H?~U zg%0y<21MpO@bv!u2828T%Fu1k;~YRb1OVItv1qZ16-UP1{XHvhlT6>vE_J3HwkD{5<>9v@R=r~q0cmSjq5 z>dW81r{DP_3jmxs!1|1qqO=wVGO7T^YBvxD1gM;WAT5AP`tM%&;~t2vn5*Tn-*|qk z_1j!qiy-)TTrmXVxgrbbNJ;ZP-ey1E06;QK($@fp+8_^3O8@!+T?yR47R)85&{vqE zTDY!kSk~{TRaBB^q)2TzlMcK`H_taFOGJrMdN75_j>@pnxp@!`ZRsq{(Zn3yiB_oe zB1aq;zW&KJ5Kmd;-#sBkaSST=Pfx8*jXD2E(p5lJxi(!uy1To(L@6Z?jdUp8jdUa3 zN=XO^N~Z`aAxMKrNh63zx6*l$_=oRjx$e5_UW9Yr^UOSZ_UxI>K?TMW9r>h0cQKjU zkaO>L-Z4FY7ck%E>fk^r9dZfbB6WSfQtvzsTYh03Ja{>QPfJ>1IjAN>U{iTwVj{R& z{9CyB7Yc`M`jg%Fi|=kBpuEe2O|9VP#B1J0o88@heNqG7U|`F^&Bu2yTmAd@?>OYV zl<*9|giPrLB@rxir=j^bEV=g}^m@)l`09Km**y3ly3<1Ddx|ovTg!o>o*t=b%Eoum z1#eGJxprY#-K||G4$|?<+h2FKYie18gw{9OkuA^6qRvVy6RyHjjDlLjY~lEdtJ<`I zh_I~`>5~7mcHIj)nBhVpL=%%uH&oSjC-}uCk1ouozyk^w!7-G+cfEt$2lIiQ+GfaJ z6rIt#KMm@c;d)U=1JB#I`{iVOSxoq;vE`LJns`RE`a+VYJhhH^?6r)(EL5`~)}Zg~R- z(h`x&AQOI_;F?KiQ45lgzVS#RbZvVs-jy!NV;9IWGJalA4-{q6^~p~Rw?=S^|Iznz zcJ|hb6r7Oq`>Xi8;;dp}5C3f>Y**E6!*)E_~DaE}NaAvtR_FGwA)=Gob&h!2&i6E)< zg3)U62Y?aaZ@^+_n2=m8>3FP)QRtA_*M!wGzONc{*!9$Zmwaym%aF9VR&~2YR@ib% zcIks=p)$vwsa;@frs9|rbsMFEb&Cf8VSffJ#YjIfvcchlideI-qXX)Ybz{?5%U5ru3CJoGuZ|*uwIj9)!(}2=yaZ*PUn_irWJg z8y)>qI2L|5%C-hciQ3P=aoVsee33g{wd`NYY+BY)u`KH;Ka6>kg9M3a@ zmFtFuV)q{~ndNaSzqRnc>|%~U(HRUMW0{{}5{^C9r(%t`P$3yyWK2O4OFetx&W)$g zS4tFlg(6EaFH_XIi*m*Gjn>!CZv^cAZtXb0pF=5`{?Y4h(S_h6u!o|%=QMd69$>r< zP7z7s;7gg>Z`1zo_g=%(-?L!F2cIBVWeC852Zu#FFw<1f2B$)Bg$KVKv5-r#PY+vL zTVa9qe^WIf_rOU99$3pkFAc0hF5O|6rzI}%ZrO{TN~B|)e`xZX?3_Op+l3fyoN>}# znaDoh0Dq5!fXIrFHlK{kP*DK(>e|kH9UR1Y>vwBh|C8>Z;b7%nOHtTBl#F3_8_K7a zy|}3sc{Of4uE%nuSsQ3U;SI>jQN1s42`li1c4AnKF!|XBXt*Pi)mlvP4(x8_kV&R+ zvv9%838RU#^B-_m0moBt^Y=Y5TBXG)<_hxxa5;&BO``9Pk%z~J zF^6J-vcf`UZtjFPkL_U@Jv;kh*I;osU1`;S`i=91b>Dq#rovKPvhTXxd| znC|cIpTDyPE%>C zLNOxlBFx$?^5t!q@E2EScP9-jkMF9J2^mv>=o_4fhG{GK#{EAUmj)p?v@`i+6W71^B^Un4UjmDmbub+oUlh=j@_=r4=NF&CMt3^F9 zdQklN{h9|jxWP-MhyBD;y`Bfl3c-K(D|gm@R2#z^S0+R2B1T#!Ebhy+_<6r`?QisN z-9p*=qN48UY0-xdO&=>$@~fj0aLOIC(K3#R)NDtYy1VK;NZ>q)8iZ(v!v&@S;j*^DJI-anaWt1;feR8xrQMr44UDea`DksRmDH^i|L z9j(Hk*Ro8!zKD-v7jRn16-hDNxp>~9s4erIPwZF~8MB1+tqk+rlkh$=9aa;md2u~^ zdwcNHOr#Orx5oBD-N03ZNduVOfblQL{#~^Ash{|fMcC%4L}|kdXy(Som|hKnJ=gZ~ zvZvgpC)|86^R~XWCPWo@qsgaO^r61~9yj+kUMt#J0J7t(brKS&M@yXi)y@sC)Tjs$T2q#Nt^mh<=F2Z1Cv)Kne22A0| zSQ8dAq`YOdnJ~l2@Iext$4~Kle=-hib|nAWf2p${z^y&^{f7!&6dK1@g5wrCZ11u# z{GV0(fhri7aWYjFdFEzwWRH_#o7})pR$U$U?gMMJE}CkXZGnj_m=5yrBxKqZ(4xB;)sB(*vVMX&UD|yu5Su&aZSTR%y*^rfZDqohC{jp+_!_7RV3gKwxE=@7}a?FT0LZVL7V20VQ za)6Lvdj*4O&d-bfK&-*m^|?6{vkZpdPD|zsn%sMLzG*N8w4SF6;|{}Y6xeCOCrzju z&%!y9T>|%XP7d|C3w`L4KjtKNgi?=M#6SK0?f4d5cQ?1a(3`VRC9E3QMgX2x4561o zd9(@)cqK~$MsRAzd5KCPy=b;9%KP^XJ?w8Di}sb2-u6AM*r0o z&OwS-cc-%WvG)9IOECqS?7wgY%^kAZ4O{W$xBZioddBtXju#H0q0(=JxgU>GqR`2< z5j7$GNwLrXrrvG5h6O7@0HT&=!%KrNGOTgrFZSa4GFog9#9}y@4l_d=>SGeaSSpyjc1_nwW zy)M<_1Q)@m9%DFYT8UNQwF_mp=)HSj!3EQcSK!qRac2C%3QhHK0Qdldg<~pBo6}UK z&z~RQvt0n678nG>w>X0{9TbxQ;j@o6fo=dh$kcTa9a4QGqvmJ-PQh7GOhTftiy3YJ z0DNGZi^sfeRM=IA@?v@qB;l%CI%g zhFZe^xK^fW%D~Vt6x>Cwudl(U9j2Z=JUzh{TO8PxsVYMNRRBl2Sfs7DR4aoI0h)1IsG2k>Vb7A{0#6ve^Te54L5;Pi$9V5_?tSl0yPUP z&v}|za0a2G3ILxND5876eJiRE6)=;H62-iGvs@2r0hAL2O;OV{e=aP5!)++oGQvXz zhg3+{vct*!h%=y7pW%v?pO{#I1dxASGOmQs;}2Q0s$( z%k6aIt??k3P~I9L*L6Xid;Qp$|%JxDc~|BcOylJq?EjDsy+! z0a4LL0AaCFQTc)m7OK%ew%gI@P!-oUq`m3QJZX90it;sl~ ziDapZzDn_TH8r7ot!I!hRkca!B-J%FZ+bL&^j!^%j4()t1gojx2*>*P_&}gqbU=ANn;SS8q9|vAR z6oN;qz>6g-0Xw`XCOlHxFfUGC&FYD*uI_F&Vij04ker-cR#v83QuvRSVd~qr`;5Va zX4fch_BteyWa}RI`+fNOskTQAJb<+sVq#;}O2+f^850$|ofG`0=og=4oJ;I=$p6go zw~VMcb>e7+tdNzLw*$57pFcFDq^zmRR#sMoTSTFpRXeMBOb7P~{P`ljd?nAr7*6@< zveD7e0VZV&K<3UR= z;t1@6G6vT|LPA2%yBS!Cfxfc_TVWp@j-om<^pUnwXk04R}k zU+jRzAi}ZGH3P?ODWC0hqw0{uRTZfD0T00M0%!E4ot>+%6y~F}R0)N^9WHNd7(RIt zur*!+P!<3yTxjsatKb#Adk0LW?0ka1LaO_k2b{F-Ho!kBZ~-EXE<&wDM3rT=h+l&VSyBIAFg^dG_+hyyb1zj z+03wAM(so4>&o~!l*K>tq2^|0yHJ-eEop0M%(%{BjN@%E+5HHSbP`}K>4f#IeMPSL{k&O)h1-UWOHjCNR~on*Z#bxyp|97Y{V zu83hEb8U=`X)a33$~M4?94?FyfF=+o;0*lw^=t5YU)|Vf47m!-p(BAyg@VFfI2+O` zI93_dm_7UN(6(r7W^4?SL!!cS@~g|E5ip1wI$B>{gZA;qQ+hb#uG&Jy4b;Czd<9b4woUmFZWD2cz8zk_Ev3h^q*7h%7 z62tWjXuC0KF`NF{C5r zINsk*32WMi-JB4RCy6vksOEj4q%PbvA2Z|=&A-@H! z?og4MWm+d=HQGGOWkogpD6*6a#V5?}I|>Qrm?W8zhM&o)@JS=hk<+M|4*2FJdch|b zpm3jnjRx1|Zy*<86@Z$%w8ck(oIBWpJ`W8LzL&kWduAZ*U z3YRuq-Nh7rG+E!KMPgiro)5$YXT#N>0^h8p-rmAauV-L(BP-UH~Et&J4G!9 zxFG%#AG~6Jj5osH%8{>jaE)g-A4QHhlNn}+kbQ@*4~Gmcah(bgF0Ov3hx*Kx`Ymld zZgfidEWyTT`MeWEK$(;U+ZEd+zmx!_P z4*s?bDRTfGeT$s%d_Rlom*pJ!R5YCMOCrm9Vy4R1EeF9umEV0m_;(~@3Ger>MI(#z z06kS$*flaT(%sD>E&W#4^T%PqyXtB@e0;?)?z^%iZD}d|Qm(2zZ_Vq+}UlK8@qg!&2Brn-(VSUshdc)O4l9Z;AyPI+hpbM*=O`A!-M-$sL>@BGIdOhwzU2m z@hwbN=U2V4pR)?9@4Q3guQ@(K(&FheiNS9>nNqQrFBB9jj+4QLjg-KC$lj5-5xPvYlS7B`E=t( zwxCC!sS17fV#G@(Qt5h*H5s40(|KnQ?*QCRB{Npg4kMdKo)O-hwp zPjaWtK$)(MW|VL!C8MH>*ZI4pgK%dJc6TTI`V{U1fM-Hs7`4$Tk8xU3l?%7f+)JO< zC`E|kE2Ik(y#0W+=`|nlqI&(nIrH%4B-41hm7sc`nDQO2t*tHfHNj4Mj!JpeG-`({Z1SFCq=LjpAfKVP;&5SNW;R?P z_0r5AoD~xefFEQu`J+FC6vmCQytPa>3oJ<`kLy3fPA&uSr|j;JdU zN`deJ2yWKmKCgDcDe#c_uK4kF-s@KarpE^djxH`edoz2wczyf|4AY?+-jbH9J* zrKE(7BV}ENSTq-}*-|IM@-u)15Vol)7=jwI60+=a8>r{Zh`WyI-6ZfvGE||2%x*|o zUYYxqBTj{jo<6X=vy&*dlCnjrjf+{RrRlxLDJX9o92qXo)WwXmkDwbz?|$p_!g!65 zet~3VKHdcAw5!WY*htTL$tI!K(qqjjiANY+ywnrPfw3B>&x0&LDnc`)NJBBoSFMNdQ@$Ae3?<~$Ux<& ze^=LGj$C^M_k%JGCmS1@|9KpCM9fcEHC@3f?=3;_^`C|^3S65q+u!$(Y z@^LY;Aoz0{8Epg3+1jem;{3bW6X*RR>VrPlm(uv>yixznUMegW#K8`#d`5h<{KlU| zZ|efz!!kn9kEu}z%r`w_Vc}BO%`r32{(3p7Z}TI)^c&)QzBynA=!*FG_&O`@U}6q> zVj^8s46(#8H9O-gtPIjuswKBn(RNYaG4Z+>ysEH|JrNNRV%tpn{1LjXDz^9I@w@)< zaHDgjDnrKx*l$!plzl$8r%&PQD1_Be=uFymp+X-{vjm7KZ%RenMOHfv-0+qcQ2R0036mGMzx6gY`0 zez_ZQ33#BJ;rBaw*)G|1U%=LPlGjhF)_kU))Xd2xGP*MU73X%FWq*G`v?iDP zyD5Hy+&Z2(r@yj_oK=6ZTFu^OX0F2ru(t;nuN#jF)g7bRi@n3cI^=KFvkixUodyxsk%aOQZ z2=vBSzi;){eS_5a;|H_57z;}z{;T=+(1ref#~<&WfCD=4^FUc7#K#xJ=;ObU4tM!q8m1id2 z=SHWcZ#wZMeeY=xv`6}z>m$`g2t?Wa$pN4a^fVCg!*3;N7XKA~WNrPx&T!7frG9u4 z=zCFD_2rA?ON~;Crfk9k=g*V0d(par4>1d0qBNBH00-CK-!F2KdWMg!Y+`+puPh_X z$cXd=aXE@~`KE6VIqGD%M{s|Zl9B@4b@y&s_O=&Pw@_Zg5}6g)H&!PulC2J$D5$2A=^xHQbpp&@ zb91v|GQFv`wvdR(F|g8bhIL5S_V(Is2gwKd$DQiqo}{IwcJjn?P@1vpi?Kw@gyU+a z?vrtkyw1*!r}v3R96|)at2zJgKcVjhv9TCeY01gJezh1?Hw={B%~nr*s85uUoWwEW zg&pMQb8fE3M}-jYL0DSPtNAX{A@4YFMejTn&c;QLgnApSmZOh0S{}SfCoK_~TorZ1 zj+erl`fnhjctexHq{aOjh-A2r2wNR>X0+VP7xnwPtrRce{1=DOQd6s1XAzcYiP=U@ z#B_Gb&XOp2J|Vori(AKm{Z}_C%3sYIx?6HVF6G;JUpXX^mJTiE?V|?348E^Vd06I7 zHnHWQ5Uj!_71Je5TJ&hRt#S0bQ)0i(on2r317g&GlN460@o{p>tV2~53hhlmD!}6m z4mtw`0Ij1cgKE&BRlR>tFX_u$Y5c`@FcS!sDuO2HB;evAeozDyrd&te$=WxOz*Oes zZICNgvH7p1Kvff{g}zCsHlbv)wYP^R1?VmQ{8S4KZPzH{;o<^4g>osjiZJ}Y38JWm z>zH>jeKg|IPhVWv*ltP=Tkc6jUy0ZL%^b5?eP(~q)zIPaeCpe;&LqV@`j3?&JHs4) zz;4W7{{=oCzS4qHtuj91%ZjRj5%t8T(6b*IJg?vwLQ9G7?sqhV$I=QfVLG83mypu# z-ky>p5*!$j4c*6|DTYy$t{oH=(GzqF2llMw`c7w&hR;6DR+g5si#*X#S1*qC|0@^Y zWsSv|p}?J?sGu-Lo~n#XAYF=N+qRVXhT?_7CfiH8zQMtj{8x2gY`%TVKKky+t=Bd- z`mOe*mdk9xAqB1QEGUDZy$L!i5RqL%zYGp6-1bnGLlN1yb~P~rQA!>A8Rr{KJVJKq zHS&@ca~L(f>0L@(i98MdS3v;*1wXw2vdGKd$vOQg$6f(@Pft%z!7;eWWOrpHviKw+ zBVjeC;|`YYbkvQH!sah{gw@!gq3|#%gmWcNsyjAFLb4IT{1}$Knn+)w;!Y!f08t9+ zQ|Qb2uUuqI_Vl4Y()P+5=YOmCNV|~t?+=0L+bfcS0$3G=@OxwNe{&aCoss=e3yGDq zNp)mGKy?7Di?ef;#Y9(Clp_zBgrp?RcXG$)eXq-L8dI}q(bb31Q!``rvwuWIp-S|i zX-}?@8Fp7OO*9JMzfb;K^?@#~IS0**mPF$}(2`uLoj zErd!xyYOD63jt~dD21Vk3cX5bw83kJ_VPJAZlF`mKiMUge0<<#S~lTP`BBD(F#u<8 ziL4|(2ETCG*4+f-Xb~#VwY4=kj0GtPas@K=q4DhR91169X5v03)2sf@ZM|s_Ud_{A z+LMfJ-=jT!<2CbzrckP4hr7P!YqZYUk9B(m>n*5gxaKR>^~zza|hJT+;jrl5OQ z&F$jI>FB8S>tMpfT*ufnoiQ1xU=u5=LglEdse*5aR5`N;nZrrR2?zw37&-C?W>azaJkl@;77Cx(X5!-o5|tr@!&@N%aUYHpdEOw)G%r=_-A_? zdK?ZN(o$0NC8W@S1;!E1r3f=K%G5|9r)q_sosA76g9H~>Jpc1JzddgWI#pX)aw7Ss zT^N2$H1bbVs^51jO`^_;X$*n}21J1=bNq51E)O3xB-xz^-^;6{6Dp#+x~Uueml!?o z#)}i|3=us2sSy|Vq%CG6O*FAf_OTct%8L|qA9eOLXk_p2yF+-SNa>T=HvHlK<(+YC zzK(r8VfSJ9ft-?>kEXr#Gkpz%p*)AJ>%onr@pY}>(Iin!0gJ2#oSuZ-`-o?VMZqI6 z3<7!(ms~G($2wvR19u8EHYBDYLX?QtoC(+j1aBq%_>az^nT5$${M}Mb?fH~W$1yTA zbhNldKE@%qkk7@*(W+ed8Do^B%QH|Ybu@#DR#g?7y5-%=DA$ua zs4vNWhG(HD9$SZ*q>PX2%sXUTEa1E;nVz3d;`U=^CHMDI`4Yiw^NYAimXPH62Tr(r zl*t4@DTdW`l*zf&s@r%NVnlVCFCGgn z$FGE`Sp-MZ&>5<&t;N|Gkq+^emgZ(iu&xE;sQr&54<-=VWI*QXU5vvvf7||oPsVfbV6PX0q|df zo^r_be;dH8GA;Ll0`68j0IiybJUms6jc4$k(4aPM@+^Utgv>(oe z#BE%Ck2;Z!jjcRT(ZfUNQC=9T!_v>Qb9I~Z+!%ZhXi68|htA%_WN=!4u|d`CVqR-& z;K70Q4Oq~$B<^o;+3x5-s`OGDSnAhR9$9ps3BJyq=Ef?-aLw511RT zUF9-(=6GLeU{mM#;xRRJlSpZn(s$fM%T20lB?vC*&$^~Db&h{k<| z(b_ut&rh_)RCQ1_04>*iq?@pj+3g6iLU7r`>NjEx9=Nf z-wc-y8@Q_YY6Y%-@9FsDX--ip9z{X_F^Dj=?vQUkufTA2b~a_(+QcMRe@e*)pM`}5 z`lMTHYYN(v(7MN`f3OL(&yXd&)hAD~&1%{K>cI`ll>ivz^}`_Fpr9|E7IE?M+0vnH z231oIB9PXxqnBU1wPE4mxjH$`eze6&SetR;`_y0s4;3$6+rpGUXa!Ay8Ch0{xDo12 zK*(ZbuaX#~+pNAO+;;2DT4wtDD{5;~>iX`u&-M59$-E%eFlW+6(=$#@LS6YsBJ6g@ z)1A|W?$O}RN#HY(;(c0vnYHSC?u?_C>*(gDqDms1KNTUfzFgl7 zq`F%k*SwFFa@ky7Ike$KlvXWgh4yr}a{tUQ`hORV?#!1BYf;sQtWc8~sD;luW8)wf zdRT1n4CK^4&@+4b{`Ko$07VN~ITjZYY@=pPz_V20p?u^vz~ zzv6xJ(R)h=|8XGnj@4fAk5z+-T|yzW;X*ft=~^aJ#~j|3m&=IkMns^fso0LER4$6+ zU7wUzB*WTg0Cz)|v~`})Y=i=tbl_J10O*EjbP^T=)6)J0LN>MrU;&UDFxLS`H&L-j zwZsXENnBiBUS2&;(sB%M2~&8e3ffIgP0)XYO9phQP`$t@zRmR_jyiI35p3yY(|=$T zCiU{2V$o6_e;k4Z?VHjj_6abuM%4y_A}G_2#G@Lk94f3YK}}J*{61@G%*@B9Cktcf z33L{KZ?>?=XH!(|Tvd7}rKXrRrt1@;uxVV?wIILl4j4%(ZNnQ^q-Y2RXBgS_F}&pC zdoq+|A7S|Wht=uuNKwCtiHF|HXX(%ShPty;1`88o4riL?erj%I@7uT=ITdn9&KOxP z8u+{%1Y$J>V+nV!I$~d3Tm&M{Ksoz~8g0q{wl4^>EJ?5RA;=q$oj_d;IRhXeq!krb zVj$uZ3ZeN(ⅈ@nBM)*59rW2-t8?OXY}fml%q=Qg_O}VJ~TMkT`Lms=ev%@Aw{t# zS8Kj%N_lRxPDS17b(T8&EUgad)Y#a;m=c4&fdR;ZhH}M^pot89dea7%C(vPr4rVh* zKA?LJNC85wp|P>%@dvAe<*%T4&;?;6NTjp_=U@xIGbG~_cI6`psZp(H>#R? z58n%oVrWV`ySUW32ol>UnHef5MDsBaO#~sLTNk;XsGEoa34-?pYFrr~QRBo_K7~PJ z1!Q^jt?li?=V^>cx#j4>wf8aiF)3Z8TSgMvlaI~wG&X={gwx_oafGki5`+CL`xj}W z&^AfB)h6xfH3Uo}B3ZBAF2Bh-IQW51DOeYGao)u51sh8Qh^uesNE-G8SN9D@#b+AAwM(A|JBUR$&A=Q#yLs z=ewD|lZKe?@m?G)#WL90+XEJd4qFp6N0J%JTf$j?g=7=Z!aB@Ht1yd=XgU|2sd|BCQYp&-3_k5}o9IHn!+OP6C4DfTMM7QZi!VkM2uyLkd9i7wVBiS4g9Y zANw8ial$e?1fjC*z2vvWw#K96b_QziPOz zZxPRhq`uOv{GY|LNLj7)gy7cUXrtV~9zK=1Dn3X^&q1enaWQ_F*!5lxmn{7cog9K( z`5{e9_x#L^|9^)i?hC)TIt?qIlUy_#|2^E=bDTKy^J{RZ%)lB@4^_x9lqC)qM`b4^ zY0WLR+6sTy=FMGZ$q!e;VLdDSn7<#*sO&oDxCeoudd_< z=mr>xVrt?|I;_c}tfW++0VYmMYY~W`wY9I79i9y~Io%)+OP0R=4E>X@Uu~h+?F_UH zC{ZB0d3kw(k{kq5oQksL0Igx}v?vrZmZ;0j==iv>&-Nq)enR2;aNcu^5!hi4N!Dwq zpxPPwotB@ZgjL39DHmJ!k21R@9k66;DX> zQx=(93Ac{xK^KlC3VHgUihwZ7Z&l%lFTZI1121*`3GkuuX+??<(q07NXgL97d z<+$xvj;I8^oew@Ng!^%u^pL^pwpp%Yge|cHe_IHSK0yU3q>^Qg7vhu@*5hxd*Daiduc^s1EpORcjCtENc49}5o^5f zJXKZBAt6$3=N&)3j805^0y!YyC2U1u#M$#w&zV{1&oYdq!`pCjb{6^&+V=@tpzOu; z{bjnh0k35Z8-V42pJrhY+9NNVl8vgMO?6`F%zT}I>Rfb?`%(_>-EyHd;;YI!)4 zP@y{38$B>a>1t-g&KDMSN78U*)FtS1U5qGsC7^KLM8>Lyt=sysaBmGE?NY(Bv**gN zxx@JH*k}7+&_&R!@%9wZ+a+=a281d$_~A)tqf3j4E=y_S`_wP9G!z|?%I)x6ahBXF z`ef<^pFa)Qx#g^7gvG_FI$I*}m{!GmNaMc`4=ZkqtM`rl@PNvy&Zhq*6S=-~WA z2q_k6S53j_4 zl(i>sL8E1N49pS>Jg)74oI;7AVy171U2UYYo1Y#Ux;L-Z`tAA$;%|19P#8Lr=2>w@~ClrL3$ouf=(-CN< z0d_#@{V=flu`Z4_%TTcKYZ8g1*tumBC;^~D4jsrs6t2_esOH_nX9sC9mO6;S0D*=J znCH<(^F026SryK0_G$px4gGKVW4k7b30m&)XL>(n2XJqWM_-fu_u8Fs{SXZ<_sh?4eN{9k)|1Y-*zX)%PHho9C$ zwL$}i1t59_RY+h62^pCW$m-^e$orU?m-#EVzl|+*k4!O=X>cMfwZS#W&W^6Hu+ErG zssO5ztE;_GrG^A4BNvyyAoPS0BY8PF;2>Zc2FOtZP&(;x6JfTy{eYs2GnC9RN+i8YH<0P&ZSE@68BUE#@m6c1*r~9 z&d4o19o+bCA;|cA6G*Z9cML|?*f``;9$Hirs}rdjyY`KYyi#U;^5jWwLK)!|weenh zr^Dxz4+C7sBO>a}%*U>cEv8rU4-L%UuCLpHtRK1p)HV?|S9kK1=gr7aG7s^S5YJ1* zdA~pBMq}s?eit#@Hia$$x?Fh!zl6G?a=jBP?-naFCg?#&j{=;oSJZ1;BY=pv2)F z!oWMCcid4L_y$`;Z$j8_;*#iyu}B5mWyw=}M;rxnCktY6zG%6`r^Ur#>IHPaR8JmS zf?2byp=;=40kUK~ODZg9QA)}Macd!G)%re2^)`6{fsQ%V1EPRPkbeW#QKRMBMPOY4 z2uw3iqTc_&DxnaBXE1GEt&s&SG#LE92IbnAelu@PD*G;6LoAW138jR1U@q{zYAPZb znI^Fp2npy#<7;6Z;JcoTr+5gqEO!D}$nBo@!Ve17pZTX@xwjj4Ra)QP`NMLoMT0~%9%8)Bst&>9j9EzJ!Jh^S6B7d@(cDGn)LH8^ERL4P-ttD8ds~n<9xxRo^Gcw zH&L#0(QJf{5g3d9Pn@B9QO4ZQ`OEuCppcq0rXI5l(9Vt-vg~jkNU>F7IM!1mJ*dN% zwGHoY-~UV0l8vAWf-b`S`(2|tr`A5WLD@6YqfTR zPpJ=r5%EtT)``nfUhTxH1J0&*mDL!z;s>h z=<0e)0-v32xbOOJyvv$4|M{{({Nm`A$YgmT^0)OKQRt)5z!fqCw3UeJGggYR|ERaL z)lChq);L(cl1n!*)_mO^G)-`IVR&=h9pz?YshJ`^nOQPzxOQKUf^*`IrxiU}k6I-e zmZ|FrdUt-OpomEE-XG9DRXV)qk!3Kg{yoHGGt*_*clYPxclaU=f{N);l%y!dtXNKQ{@!Xl866$n0iP-MB92LHMs%Bn z_c;>tR^gOW>LhpNC4TDtb+jD8yWq8z3Dsphg89{;b~t8LH4MQo0Q3W~zIJ60T=2kz zL9ukU^J^MJUFC{!!;>m}2MH>eU7Q4h<`>x7@%5BK&RJR@1!1j%5cH$OY0X3aD^X`J zx+0jR_4KEO`Omz2&Y6vkqH@(tj-jAT+$<@&w|QXuALAQZE-FNp9;>}ViB5qxFE;On z9RNx8$bOr;3s#Y{DSGwX7z>?r=g-W?J74|_!tG^J=g1eHh4Pq)h{#)<2w71{ojB=^ zKp48WH>%C_*t($T!GAkE7}A%6Z*ML--@2Jd80FHz%Ic!h@+Pz2I_8xV+*PDl0UnxO zh4lExevS9^H=Qyb8KE6nQ+Q#ro}j2O!w88$A>jdtJ3mGPNCr5ZDL2z%b5~8xL|?yT zVv92Y_)1myQdb`u7=ZCT5(e_<{OC-)r*3Y^iHQp2MB4lDHnNK^X+?gsJa}MIHX-{t zc>m8@btzU&EQd>2{&P9^bgKP$efRSuuU;@<>LJV=Tmzo;{M*OUQak8d05Jp8kTCGh z4WiHL>fg1N-9R+I;xqOI5MaXvaQrSv7dbe}K&wdqFfhHaJS;2>(mP9914x^}`V1x> zT3exx36SK+=bfU4uY1eE2)5f%5u_EHRY63IWs}`cO8sM{{T90Twxgp}pir9A65C?(FU= zdOm^rqv4$8ya+01Xb2W~{M>%_7aCT!FXiOqQgWytP-AoP;u3x7z)8ZSA>p8=sHJFiVv5Rr+DAfzzv`j|pL zTK7p@bE@c}Dv{lT74vTBQeJdrQyBoMSXp}c(H&Z&22pLM zles;3@;SI3_r}Qz+{6iJB}hm&#(QE zP>NIL@Z*ZU&&6!f#hlL>*rBbLp(B*g>l^Q-SCWa=U;|j&cxPDy_EpAH>I_XT^g9y1@g3giifX1`_>P1%k29pHu;uq7kWoFDm9J zLDhTKeq+l2swjsHkcWqd2h@I?(Mhk+2A)@VUfU)_GL}l!_zK#i5&(OMiOI>&-+;Oc z`aNy5J2p?lMZX$^0-ZH_KTKKvxnVAO8qM_2pZ&CJ2Yys4#mqUxWo_cDf7Hq*nCx4@ zqew@(yr2M?ZZ1=VQGgs}`Y?tC6+uizI30CeT3iewBPH$(?hI8sa`DxBq~uoL7J0I& zKrAIswv&C&6@;Ds{+~ho8vAolJVe*+k<8Zjhlf~$a@VU+N&rdnDz;^-K;qla&*kEd z&sM*QC?>qz9Vr%2YDl4Ay-N*HKljZ5X55eNCGywv1xVJgh3}Uwaj4P%zFFJ6 ze$>?8_Wfl0&HLWA`ONgy9vBDecGPVPb>FjdvU>5p?PHO`ud%|NEtmIILm#dy`pDlp zFuBa*H6foj(WK6^SFT6uvAP^|1+Hb^F>#9&Gj*9@Pt8k=r`6P>{kG9SK0Ode| z3|j$&40yfFs>UuZyw$N*KP?a)lELTupm>Jr(C>VI3BaI{D>PuwVA{du`|$zsK6Da* zERe;DhDmmqfCiB2`eSr7><}L?(3q;TGmonulpQI}G;jK>@%KeUi#p7p@|$wGJH(hY zRDfVUI6j73>pcVpf&;XP5Ga_EP$3xnR?3&c=hA*otP~fmrRTB}7bTF=#>l)YhpFnm zD68(B9Z(J(&3Ht_0D^*ytU&n^L}>2r?!ZLaQg+!0Z{gip+X)zXuIZZi-#FJ_Qya|G zjScu9$BM;&2Oj+!pEQo_nHfbdPnh_TB``Sa8CJ+9;yL(E9zU6AUka(k)jePN^Wo{C zo7SFS=lD=v6l5+}vqnAg>%xNO+E3LDO&``L|KYI~(fUlyfv{=HyNFw9^4pToqO_>$MwCdPxNZQO*!wLF(gjBaPC}+&#Ky4NDEbv!#3Wl|vj;$Bpyq@fVcO=uMc6hq@$K6NP}juqs8=8- z=Hcgm>g+79mj}9pX6}zuubuy=^X=~LhHG0CMzvrml3ibRcI)EqZqhkjF3Tty-BuNx zSz7X5pezA8LHUqc|60Ux92QfIdQ0*0;%1PjC@af!y##SSCMa4ZVXO8(&{7;DGZD~K zUM5|_MBM{_dzcnfrF;&>yt?`eXc;)w1J$lHXb(DCJr^=h{O@#dB{oE7y_bpmQ9Sd`{7zL>-mB2l zt#2Pvk$0Lacas!dpEOq|mx}CUM3ne$2xC2lvAmj^8U(YfQF@n{6s7#|0shz-Q2u}> zVG!@5NGz$s@0NgxuV14z^4~~3lW@NuTO(t4lD)gVE%%t#D8=S<|3dfXG^<0;hJ5VSD< z1JoBxG!~$ua?)j#) z_SizsNDt1+foD(p-fB6T8&&>uA0IlsW}m-c9pYDb7Dw+N7mQ(3Nbq)3Y=-Rz+Yqkc zP(iU`o{>@R>E&2P)2EPg&s7dxj^y@dSLzx@-d?TE^&bjli@5oQ$EPwH?i+YFicXg6 zx`e2{{OTWTHN=#AjhOAvjQ8MlqJ%;H7u3YzSXuXtPw-*s1K^2tg7E5eFrA%mr8_$guZ_Lx<8Cqj4JUfA9F})rhhcP z)Oxai>@}ZCs*w=hVSyOZEFG0~a;mgVhP45cB?%gAAh>D7Gcd>!IX<%Rg!^Lp@ z>FkK6O&`1RbKyA5q%BbkU&pk5VLDv-(RLwc+ErRUVt^Nvg2`@5bYWnoORL(8ltUol z+qcSq>3@G;PiqKsOQt86R0XS3P>qbLO@AOt)#qv0S>$i&>YLRSf}88c_Mx|TSLU{? z(SBl`Onv3UvxPs^c($fHCsUP(OQqmKv^gTwOp;GE3l-CUv@>Y+&P;3~7&l(P&=25% zV$Oky2`?baZWrdk#RPN8Ab03{00TR}AW%S52g_BUKX(g#0V2Y8CDVxF3(f9)9-R~; zmBfWimL7N>VHL~iOH4@#Vwj#6bj<4 zyb*6q1lyyr5Ax7@0LrMck{dOVI1v_F)`bVXAH(27ZEoG)EMw zVC_%4vq#Iiv1xX~cX)!F81L?t~4&p4og$r{nRo`HS<*G=cVWmp|+EqVIDnIQyTzH}tEY(&t(^c&nfq>)@21OX+aq(cy;MDZPe|CeLG ztm`V=&vnl=bJl1=1`VIMIF(2&Mg#n*klOO)OTbi)AmBLv zv(~XQFjxZf0cQY&MsT9`lK1{OWCiR1T7o%abJ7FAvGae%t{Q!SMVXnH0E)ea6QPhm zDLwUM_k$Hb-xOU8Rq-c#Fvn6B)9$%~UZpxbJ1MEJ$|scV;e=HNeN`cRn(Dn&_6X0p z%1TQOrr!3gi|xJ#DG1aK@Dftjbv^mHh+ysNV>tfK*36bFngQ@v17f8;V&}p}egUK> zmd2|BR=6O;gE7M{pP_UBywzA?pC8^|5&PWAa~EmxYx1^cV9kv9zqe8U)2jKc0}5wL z(b>}AcI}s2qL9|M_cc;_qUN7wPe8x?IZaX~qr;2Aj$7Pr)4~U6_+|ym)i3PA>FeJ; zuBk6)6njR!eRZ67WHG|@<4Mqu9Tu9P2Q-9*HM$<}7WIgRzXv=&`9_7w;qJgQGJ43C zE7A^Emwf?tY(r)O>pyM6Es%Js%!EiPkbv~h!Z~XTFe}i!8M(Q!s#I_B zRNbJ28ccV9qh82j02y>0ulqmD&hi1}SEXGscNr`c2{$Y7KFqEINg{ICg5|Ib^8&nJ z%1MB#wXr8A?C}+MgzMGFQx`30^;T73>`*~=lB?^NsL4T|_rKo)nG4Da_)CGMw>J<` zESdd4e}MYB2<&4(s>65H)s?%be{^yp|1qt%S0et2?A{E#XaEzwdnbhJ6GmU9KTL%A z#3zz&$fb;B&+^}3S-L_&OF)3+D?SqL5CZ(e`_TTqjY#}Q%QC^a+%W{`A zlQ9R(h#dF8WT&EQgTs6eMVq|ny~E3wKYsp%)WQnwB5xXkIrToT-oc~o;4|OImKS!8 zJ}=w??A$CpIy!m9#D$m#{92nWO-f&-zH4vRH8y=Pc*{0H`aq1R{2D<&xCM)3ijkvO z)&HNpOPASV|ELnge;tTF#c!xSbJXmQ$rFbBB+y82F)@qjl?lH^Y{0&($c~x-Jx>W*z5r>4{QaVni%}~;A?<(_DRXo`=Gy& zAR^@OIe46PeCHfUV~4fwrKu?#GF0@FCD&n~;;IFd%LugpVhvVqpIG>(P-q#U2Q=ly zgG3fTH=^YB6@T`xNMDnuB+w>}h{RC|!qT=Us>yffd)G>8J%UnYO1m*&xqkV$e@v}= z+XDNzf2nV?l}u7Ggk_ns7pg3qLlw`7L(Qv~i>B{=O-XiE475Mb7PCzx2Kysd&Y{ch zndQE>JrW`%A%VCRAE*@LECl#9tP)e?!lL(evIjmkXi=MbdkZULZkLW=ERqgQk|YN{ z8c5rpe=;ouMI;Z;67o}?J|&o%I)Zxe(YVJ{gG2j~fB-zaP6h0F9~m`5dlM>ZwboGuW!hGpI{ylr5fO6Vo8dP2}` z4q_20Q1GP)o9nd{Dq^A!=1LnOp_u*YTQrlqI{WcMwrVSH871w+Hxh3ix!KUqPfVr* zhJtJey|RUwn;_Z>gbe?rB2G?lw!eY$4YsnoLDR!$`QQA)0t^f^BCg1Y>7XJ4?!LOJ zs>A(Y4qiSj`B->(Z=lhH6d*Y93eKxgCC|ho-q%CH%FCl9DlIIjkitXpruVMrE$#2l zE&7S7LzmL5|5tN{r(;DgqIb{*GtzO>Z&XS&vZqbr{1ix6Uxqye#)Tq1l7EWXi zDWccZr#kG!)#v|~+}}UAr~N$obHv$amc}FK?~=_P(9meyhRYpVhuTmp{zSWp${2dq zzwkDA8$Ie0a~2tENv7rkmoAFwj@`SAShGhq%;V#^dEZDbbv`lXFodj_>gfqVY#>0> zOb{9gUjVMYf4>f+H0Tc8kIf-l0|;?=SWns0D~pH0XFhuwbqr}IK7gVsYvR%ia^@rs z;b)_SMdu-VBM~5xI{*2qLNX{dJvn|-yKeuggI`n`B3ivbYcRLl& z^vlLEkpt7R1D|)xcAYhv+1S3Tt(^oEi$0l%h{*YgxVJP}a-3oEv2#u=J{}(J|IBIo zqp8nm88+Ol01*Pk_=0$w>bLD4Pt!cZ#-BuYo(6%C@Bsz{EjIcI(V*^Uku-08ViimN zwMz0qg98J#DX5OmUVvT$`e?|hg!os8!vKMO08AcGk!@R-p*8~Z^18q8-^}ad>#LqC zGt=F3v1?kcwf}|8|adc5t8e-;rIh} z2?J+R@Vz}la(>*qlrBdDmtFCRQY@VfFBt9FS`mp1BqAOnUVvZx=TE3BA@7H~#Z`6A z(g)_nh?Z#kb#f{T6{d~#Xa2Z!L=LGLzZtuk&#-wXs7qpV9U|FV+9bO{l+{AgjX)Zs z_%WaS#S$RDH@|+-t71n#k$FA~P%t z+(@AV2@$tA@ z%m%ORH|pQuMM&4e5sKm(IvQTVtR7r9fZK+_l9iN@Ut=Kbiq~I;_C3BN%8U9B_}0*# ziQ-5FD>YB#J-`o5N_;>`sY+<(W6=U`ogp6!p$53lwWIER#4eeQI-eSjd!hO}k7O$H z+NKm4scY01Z^^E+03wD;pR(c5@y?Vz`dOfu{ht4r%Ia@KGpA{NE$-hwg@Ew-Z&=Z_ z4}%~*04B_z=jX*15B%LxCA5N*t_{rDc+oa=v9G`}Ve(mfglgJv;MJ68PR(e-T&4EQ z`Ko;$BRfY<9_0(h8*g+3l@r~l-wTG?ze9)8mG&Ya7M3vJ!%p~Do$-HLL?4j`C$ z4P}0^Df)7!7_vWA8S5>Rq3vSm-~^@~S;Q!x{9!67+-(mn2EstfmG&9zPLQ$j6N)zQ zyP#Nrl&42RLV;Ibyx=W^#(|xOrvM;vEiDiT0Ujt8_}d$z-az2m)#V2d90EwRpFU-c z`2~q*|Ke1)#|W*2zaz`Q8Ja@?rXECv!n&@(*nHzcJ8?QHIjN3nvI+LBIoWT9bFEcr z++f6nGB?@;`P7iilCkhS1f|it;{nL2Ku{qtIkBy~X=siVMV-ZLNCjfGUrYXvtO1{bX`Fdy;$BJrIO@7GgJ~=kBj!J zsk^W-c+xJoexKNmzoZwP*2ex`*{Qu)t|urNL#SFZzgPyL4!%MriCQ?q`!vlrTzB;% zS#o=m$*wi~mrKQSI&6g1I?;NP3)Mpz5p!URE2ZhuZ|UpKZcrCaPIH_EsNS_6V8Yrb z$l2aipooUq7F5e~KuemKJbp3xpcN#*HUB?d9!$v4Zf8Qs-WSLi3j_&s>X-nGS>WPr zX=wq0B;+$xE*wIC(b?XvNhAm)C8G$AR;r900-QDoxOuBi9aekGPU)on#SJJaqA-T^ zmldqa4WAOp9+r1^n-ppKgLg)83Ae)q)NR>MN@f*59)9RVxDF|ofZld?99!-q|5}HL z^PSDhb*RtV+g4RNI>UnP=qLxui_T{F_^)Q4Ruhc_ie^IH!mQoJ)| zHLCltOu1ZXKP8+d9AG(LvGV+VZ+5d_8(V!)C8^?Glc)wntSB_A8dE;=o)~_dMAZD7 zN7G);c|4OV)^UPTk7Rmj7`YHe)yX|6IcO{hTwtGWTPrh%Je%mS1klsE1E+c^I`l2TgIQ<~vZ|15x(D}=;af;fPL8@8tPRH~z=*c+ zd&>Bjvk*VLn+O1F=o{hVWndWOXF*Gs5y+0~ZVp=Oqsys<@Do-dO!W8+9naUS$kY6h zavGByC@K?Jmd?*hW7>B`b?bj82j8#qLbu_HsrU~eQB~BeeCMquf0rt=Y_wTMQ8N70 z@TWst2Fa4&A*N2b>>Ogl70ysnmS7#mG6ckW%ofYTd;i|!h=e{u?agDdDg$CvR5NfY;rFU^JOkdIdcU zh_`^Egi!}>YaqWG`^~Q*mk8Vj|0lNteV3YC7bIK&Nu?-N`0m{z|0G6GFp9I6Qh^(I zo^x}Lpje-tY7lyvX+=Gg`mry{LWzhdmOy})lhwnW!TMNr#1MSdA`9xruJM)BB+n@}eWlK2-G`7dA{_9IZqp@R7qjBJ2bOMo>81_~_$IH$>D|F!(uN>59p4Z>nl zBV4hx8%*XAfCeA_sGaSE^y`IR4TF>?|1>WRjhMNFIibQz+6DLJkHk zwor>Z1OI@U8*+?tL_OH^kx}g^-iD8^KmTuAG5`KkOtFT)F=Wwj^J(gmyl|~pn1C_t z`3oD0_$N7@{f}LNvP=;y>gy!bYba}OPJI`yTJ{PZ6VvB`w_hCnWEukQ)tS|IaLNx2 zLp>~E!ccN^tb5~RYm1H%!E1+e_C=|Q27MvH)T{4aFue`^wG_D{t{dT-eBt(k;v*+r zPg_H2qPvnBuIZSb+jByck*Jc6dFX5bZ_n6Q+{2V5O`ds_!^9w{27u30-fCslox(b55roQVnLGd*fHo8?ZD z|EZyai(TM%zbn-X*`UxwzlSs;{a@PhvXKrg#*`yn2t9HJptW^o@7KUKW^UeR&g*}( zlL-t%Ea*Ao;y`p#%*xKfVgm~q;N<`l@mu6JNBkYg4bfy8g)6f2ug?`R?|qWr4lAPg zYO5e);$~xO^5_Gc1_-CTH@qOgsWa)AJMV;oM9OJk9{U>uQA_I?iVitskC8OJRqDbI zEyS!zvLp>)-Dvn31;;t@1H;+@^Q%-aStc@% zjj8cM2bPYNLz3w$qdF2hln>S^4#ZnU+7CwJ$h5Vzias6$UT;Q%a1XruHq(^QZ0Yo& ztBFB}lAo8?d%cAPco*h>+j4dY&^Lpu(-I>%++%|X(Y%VexCCB(HX=;G$l*7&8aWd4 z&P+`~Xg!hIi=|GF8u-!2|5jC2YSt{E|0tY-#V|ZmIu1@wPxz1k!=Ilo)nPyQYVb~> z;vZ`C(+`mPk^!EhrCs5uPK7ovP^7sg$7`glR=ME>PrY>OW zCt{C(^4dw@K$~SFJB&2NFFcy0J1S&JOw~Vd>%%U3P#gMRKgm-QzdygFbv>iFEWRD>5O)Vc~tvcmm4x)#CDOIWdyaJF15ECfX{QLxj z`1p8t+W}J9$@kJw&6NVeuCTii2k3F|YOCt&ac`pBcf2N7DnA_o)R2s-3tLn`TMGIX zh%?cvHxYqn3hE;;1GO{(YbbWwE&FM2kWd%89lQ%Zc%G@KeMe~s3ieUgjFeUHM8#mB z0vrO$s-jEgJ>tT>OGt8)bzcQ22=E@rQ31C*WTsgG5Dy5V7?db5-~EpR{YP=CyMWsp z`lV8ZX2@EDk(Ar`9k$)7!LrPdSZrcqWZG&;E&h5i+xA%-#T~D#PCV^2$q&CCQ!^u@ zm|$&CumXVr54AWTYl;1b_38dTD>(9hQUb41TFNNeknDx267rGT#}Fy$j^zwDWaFMG zR`8AZL(eRd+n=Mo@m{YeXEZJXT(5q|#nL#9QK4h|Uptg`zW=0cS{t=WgR^jLJC^W{@_dtW0UsEjGeN$ad> zKuABPi($1No?7wW_m{oDyP_FxKLw5Wo!;)||5&^7e`w77a7>li>V*smx)LoJZ3wcW zqD(L+-dibJspk&ZSyZ9@4i>G}K4y(g@uXuy|J`zvS&f1J`@gsSii!`&aswsP=BwAL zopjr>vwy%xNz<`#2u*9f@s*q8m7AdgCtZ!k#ugeZ*0S~Xet`H=uZB2NvRpkUj6)pQ zHCV#IWXx1)TG-ys#>q(}Yoa<_U^tecYL3Ax#D;49j9cHxC}+tb1K(@5HYX{m5twXg zyt%nK$l{~;$uYF{FR+&4RrkL%@|;0{=+Zg#iwlC_#T5=eif$dUjNe-E zr33@g`53A8MyGW7(uLr)uFVw}C`mc^ll*FYPWT=b=9b zb%$*TF8%*5v0x=qUl%c6d9S3$C9!*1eydx1$8qClxV~`X$8CLlcQbmK|9wThK;p~7 zLK*hWzI%iLi!C!zxZP#Zlj-5{Q)u|Fm2r^9-7-t1?GV5vjm{+PYHxqg@P2ezYko(>N(PZTYK%`s zZdLv%Hn4~M9j~F`h8N`L#YF&QszTM?`VR<}D($v>~1nDQ_0oxCrQF2(CM^~~cZkm7F5b?2D6?^O@ za5gKDM=eH=BBFx;}n(cp4F;0b-JQ9|vR*ej`37z<6M~f##OL2~m!?{u_m`5$) zA4QY|2{`y@Xa?D;g=Mm5bxhgcm^%A9-JGhFU`Qc}Zidl^MLe*LGZk%-xPbh(KNJPfWxQ2FDt*+A9E>BDp<_5KuUmr zQ+}til^2JM5%QH_M)DMy9_uN`27p&btBRQ>gv&pJuG3%a7ZS7l}V+zN->Mgf7 z!9a-MaKaU{pF13%X}EEiO%9;QWmhdPXluB3Uc0|u$2z9evQXZplii$p_0Cji<%l2E znBwq9V98S>d6>M*Z-2%o9A7oG#i@!*J@;gPmBApf^| zPw{6O232^&8c?ty&J)nAP_{vS=JsjeRTq@xVns)IZa|oVeMl=rc9jxxqhV$TFybe8 z9^e03Xn+FcT9T0EKqDSEHymQDX~%;%0~H%fe|(3V zh`lS!oOl1i7b0^&7!O|xPoDe^lnlY^Lq;ELt})c|T@aEZ!_s|7wGHYPw98Y;00#~2 z;hTh<7Wn7axtrvPQQPIj6;CO3C7XC^pyysD$NHbcAHyTK4)3;UUcFDTuTguy^wA`{ zC;k`r%xXq}(@KcAF#zLk;MPx0#(x_Zbw{LLl0o$AmWFyxfds!y2C7wR(n()(0<-y& zxndf4S`ngMFvQ)YtB_&i~f7UZ|;$q3BKvzd6>Zk)0KLOD4!9}>#PP9}M>a(OYGwSbf1Mx{Ub=!+V$Vbiu(2-~;O zkk6k#bG>N30Wzn0>6QO6Px)Knz7Ir89U&Bo=0+|2;*`1q@+8TENYeQ@uls4MQIk?r zU!#9Zsvvc3N^-!guHkZK^0m*#ESQO8e-Em@F}Wl<@~wH4NY)DTCId}-#NYge_f(w2 z$m+NL)5!oq*8Q>1F=P3)OoF332=HSM8!dT1l`IV=#cM9Y%+a>FZ@!>wo`>}|4NEGhE6JT~MqG-zM?sQvkw%_*5KJ!Y}w4Ukko_oh+A z*2JCP7+-tB4?)RHv^D1w;(z#V}s>^M%59Iq-bHuRWsi14sgvq)0$lh!GN z6~RZ>fl4XvFeAhc5?Z4P#$M$qe#S_hbeqj8TMKh(`lg)z%|Q&bODCQwu~`$B-d1*u z9%J?y(ifD%Z?C#|Bz$g1PBRwL-`Mx$&96T*dvo{t_*urKtd{c6?4i%kz8eGX1NS+- z>u=--KVl9E_lpvdFw9pEuce&WEheMW*8whUCZHuZZ)E18d=>qJg?r(2dXJ} zHZX+3RfJAiE-`P_r$&SUi6(?K^n}a*eJbc{s6^Wn#xk?4tlyR_eI)$bsCr_wR=MQk zs7u&5^!BN#DO>OUW6WPRGxqH)JI^}~=-4;V9$v~Acl%S{`F1{j|5;9F6Q_q|w2$`q z*k^Gu%dM|p>-0G2m$mdC^%)58R;oypYXwYHzm}bTm>M9)#}|Tm52%qY6Yg_4B}de5 zas&~+*cJZ%PlR}Vkz?9K$eR%KWXlGDx{pLfF{S6wU;c%GthTlmaH(uAD z(u$XB^dw4M>HA)plHOQ}a;#%>cSm%E@KfMy}Pk|0tAah{)-S1`$r57DXwzd9uKssPFeEU=iv zZ(TXTJ2v&``_dagQMR6up3e3vM(Aqq}@EFXfSWcu!FTQJP>$VrF9#bFaEh2)Yk2a*Xc zPgOh0B)onwcY}n5mgUjdB=b`07Ds~=Rfri=xG?*JyyAxPQ7K^9klp0xdAj`G#&|qC zK$kR8FzwH(6-G}kSA~=COKzqH4)r_kqo2E}(OoI2DVk#f3v(t(8<-};ugBs`&atxI z2=q2=hz4%Gbaf@r4SbY4rQcwhe!;$dbLIUwO8t40!BE=0#mm%^b)B$yyM%|0HP&9B zT)1Uj;OF7dNE1WbB`QIA4ih8j@T%WPFKR~UV~|Fru^x6(tRd*lv5}#HX;1!Zb!n-b zT=0es84b-Vdwc%eDF{4m7bv8jqAJ&MDI^^1_m7CA%T^yDVnOB3A4{ZrT;H#NRUE3J zg%rOh8y_;LpN3p&AoLu<^-T>7+M!XVTCogLUro1>FnH$P(sV3mc@s_XO#ghwQ8*i~ znak-2WDiN?=(xT~hEG%rkw3C0n&9K4prN|U{rp76yix?pCdg2rSJTQqeC$!gD=HeJ zL!(6=Z0?SGf8^J*`(Gl&thm2DhR-lX71nhQGZJpRf`SR}uPU=Pv|y@)=?gl|)9=m> z2;QXB>|Du?rtS~Iq(o50!Nrwc*D@OQ4bC)d(@80Ytp5nTB4Y7BO1SUwnPnC0EJu~) zgB&erzsqq%hA96RLhHCH?c(Z_1YKV( zHJHCmPK=-g5F7o)#$jYYT3@CHo>0PEDrhNmQ|;69VMPd+ zTmaBc11i1)mPS^T={(FuEX)1uc(uNHpr?a94xp&Ava&LPtuxm(0MzJUoP*b~{qlVV zu?4xlRqB7gu2XBc?^V2t`Vq!Bfv+zDpLz{$!LerXs+^~%5O-uL4c=D9uBO@>hCTDX zWL=5QjKZSo{%UILYfE(1GHV=_Do+ohD@w=0e%gjaq!0x53BY*0&xfL+HHQqwpNya~ z+*+ffB(qfRjgVYhZ6e{a?87m@|KK2u1HJ|d;$aYLGpKYIpX0KMcbAtx$tJLwx820r zIy4#I4}zi!m-p~*n!4sf0R*{#7AVFYag?Gv{oN(eH=l3Z_zJ1=A}ib@rFx1TR?q@Fz4_2g|K4N$?a`M z^>_bG(TzOMI57TWx$ojzMv3{UI_QfNgl~0@S%JCf=_1RZbuIn{{!KWNN{fN{m^c#s zC6da|H%bYyvLerPeB~sb0}uo&aY;-ciHLv=HajOL=6PF~a+0crqF!92)W8-ik%P{+ z{Px84Q-z@~zkmB%+-MnOA6coXg^M)`su;PYZ!p2AGV0&%tRP@S}uTn|O{eG|SjhXA}SlHha zX(ihU&Yjx*`P04YOTrIGQ80%90wkSh+@y4-9KqTVKl|uJwc^=C+1BnsqEDrsAFPDj z*q{w0Oy-i~?@;77Ww9NK&v2>HK8W79vuucEaExnEiZHWF3wbE0eZVGssAfQe-}h9H zMh2mR%*A}zUtaIV2~FFC$|(fyQhc@Y&Q5acP_S^q-Vta}l<$qA(Cb*?u&p^Fz9H z3^Z3!x`zM4Y?YNYZ-^c1$9f4C_{6E2&I-EP$pa4U3O%yMP!)j-B0--OO{+S=cmt^x23z{CPC51g7Yt8s`XGR1wAGw_Jz zoNL7+!Ibt|Rs1UeN6(&7$z=VTJQNi0FMa|8QCS}~jXLONv5AP~(9Ih))-9!Aj))|g9S!^!{hwj}@KDVUEz{Iz2un(!Man`n7L&|A;SMyz35CLshl?ixZ<)@Y@MDS68se z)5)RgnP*c*hw!9l+50s;e`s}2>fI{9|EzVq4<8bi^}rG=){ned8UB{=rV{L88 z%3usVY^(ealprZf4)2y6YL)EzxKwc>TJjnwvdKB|nyqyx;-b2Mb%OW5vXi7kib{bI zL--b<`Ar9+l`Ofclpd_m23H(N@ZkYK=Bbtk7wxz4e4Xlw{v<7&ZB=!x*R4j=U(EkB z$%^AJPcr5-$^JozGMD2d%`#C!Rk@&9Khs6>LXNuSM(DUcb2+`b1-BL?=fD8;d37}o zbJ*pl(92|ZbOX$a=%Z8d-iwUmn}5qFho1vz5~s&s9N3G{I(-jqTczjIs$HzktLWf) zpPqk-(XehK&9}%6zqUYU82`@}f(+f=Bi?n4eM>TaW*pVeEGm?|9v(#9`2UULJUBPT zbsOz}wf*r)$SdSap_;yOb{)k9e%)tZzY31SM*=-0=(6AoWXpyCIT{@I$*|)c3Td}$ z)SIU#o%)X+y{^bM+g*v9vZ+32=p?_&R2a(d`5wZVcaMYfuu^B(^V7VwaJ%=vnVTl zOwWtP7bD16KGG;Xp2BBnT_=Y%I*EeDLiZh8;@7&)y?Gs4`B<{b)xY2<_$N=lPaPK> zeFHXylEDTrblt%U3+~KVhSS`fJ%qH8?e-#nl=s5l@(;)V!2h78ruGl4duy%Y?k;dR z18ShcQdd16d_+Cs*vF@uD0Ce!9S{p_^>n0G&!II1%Or?A=d$V~!e3}x+QrNt<5l+g~{8fR3JI>A9GP}NB0MQntq!q`L zfHS8RHI$0qv+!9AV`7fLU3X0yJMX`;5mdAiLFw&%&K1<}+f0j+P@J{6tiwdTc!*a! z({U^$)%P?%hEcW0B28?Ru|m$nRv7ca=D{Rz3DA{1QK$Px8smxYm>3%i-#mAwiYE^? zn{311xnQIY(NnPw@sNK^;^qEq34GJzxI}+JC}Lw|wES<8COe6aRaWo;UjT~M{?4^> zP?h_VKBP|AzI-VLvS%>r^~w#J0hItN*ue})+{z$)W@X>cDQ?#P3dd(ru+cKU+T{M< z@ya5sW6^=S=$xkl_uDt=_oaI0#xqVy0R(~ml`U4XESgybw0BrsMlUVQu9B>Up; zS&)myKS>vO)Lz-zeqc9Le}>^Ig1x>sB?%QW$_7ke~@NYa z8C0MADpUO#e3-Ns+d6*_PY0sraM=+^alB8!x(p2$+htt^?mdrZWe>elDLx=o5AeI> zSH4Y9y@`?%yyx9&rD#hdyrSSDr&i87gff}J>>a7IiXG+1Psd1UUZwRC%e%&aV&m!- zLT=#i{I_iC_k%#`xaW{r1AKQ%YAO`$^z)B8D*s6f&b=Oyc|*ULT$sn>FJWeFy#u{I zhW5KjHMs_G@xXd!;e2&N5qw&5j00WsU&z{fM|Rj3hX6UkR@^`!UNzU5U2w$Vo4q8r3dd^6z80D$N# z5o29Z=OHt?%%A_~ao+MA&%)p=ezvU&bZ2oe$Q#@bNYE^gNp!`arl@ z{vw5}K1CTdjP^)}G06`$_3AESlX+%zL_>YBb#z>y&&TY1C{{&|KhIs9k&dQr>+H!Y zB7}j><$~O8ph0IFDv#u_X{04$=hvp?{JSwaCkh{ZqYzinp(M?!Aq^o>;AMQ?2F;uAM zFT=va(sgtiD;?O#I1f_(S+%grFsUT$MFM2!Z9-ci^jQXJJb#IT;phFcFSyJ!JyzM@ z4=7bQ$01gl6E`@o0sx3GePu( zTBLcfNvm0avuKEbYdaC>)V6|!i8=YAS2;hBT-3Kwm1x} z6|?fN4{3KI;Z%%N_2AW|oyC0g{+I9#)I6N7_FP3lnX_!X_J@RRC{YAWFKQ2e`nMBL z-k=uIIFTK=>K%qO< z$QMSba#powSaeT!_gJEL zH8~zLcI*T?hsV2~ZW^s@-Gvep~uQP$?@5tv}J{-pLx=ljgGQE%6HOfO&NQqnMcTFV7 ze7tUhtQfBb>xf?dA^+p+Ew!JQE?L!@yH8d9Utf~Qw!!zly@2w{^pJfHFJZNss$!9O zOfvdYyugLki(rE;{h7PkIZ32Aey)d+%Jp^u0X^y@#f6FTN^1NTC*0;ALSUCpocp~I zjFIn~Ta&-goYS-r5f-zlvf5NGBZI32LW_9vcQA0I)eL!(EbCbO`au8I%35A5g8Wp+ zK;eCpGs-riWsa?ZM`qeuQLUx*Zjv86qHl;!*pm+%zIb@(h@6RiM(tXQjAdS|esrfv zAIxb>|4Sp9F{%so8`w6!Be1QXf2@NWNf3Bd6%w@3iCllkbkxN9N4rCdsZr#YmK|>P z_!UA4N@#+=M1nzy)*2mgiA|1;%c*8IcCcThkrtl#WgKTCvSF~S@@FZlrb=_33uXAP z9*#waR4H0)g>wROWrX#X82bLqUssZpag8zy?Qvb!s?am|t#!ZGQ3SUO3~`kVL~l2u zTQP@)MRxE=zeF|nxNx7_%{C(DkBpf3&}f9R;ZXKlL@xaWJEdHCc;a2)$JEh^w3;VvpeK&8Eh%4T0GAnVa$Vl@I+D+PCJF15VJ%+$Ur0V8uZv`fXlOS+gF)eqvO-zD5henoB;Oz;Dhc!AK zH6ha*O(qV-Yukt>QJ&Yyu$87#>1)WMMyST*-6TrNptwlq_hdCT*32#wjn%-|ST$4h zpu zLW#MgIM`K+S!H;JGX3oiGVNWc$SQ`U6_ksLL7G^Pekv*V7R z*14?k@$NN08{5$fek3pGS(y{j5F|hRz2$I>AvD%h=FESzA7eMEk8`0wYb3JDb$hZg z27e%)^{QvL5@C>ioM&IL#yZBSa+}K4R`)2o^`=o9y?NewJyupmbLQ(%TW`tkUspyt zbnPZoolzTC+Ex8d=~}$%Twl`JgcRaeW_SQh3?vCgPXlrel}!c zFO~dC%|XY4UytsV%~!Sjx#ofYrJ!Y`b3r~26>>Z8e5l!VR+&_Q%Ay`wxV`J%dC3XX z@0OJlNA15bGT$oQdcY2O=nJZxWEB)5KOKb+p=2)>Sw$vlP9>b00$}iO1NVn)=n`rl z^u7_v6hxzGx7yYe3g%?9;<6~7J6mwxInoH-w0bI^6(i?d?)sy)7Jbp4q83pY_Y(=h zDSEanE=eWbjtsVoIGs5g2a@@Q%zsG_Q^e@-(C0HUeMC?GQmsA1@o;K07D;F@JMGbV z!PTmBr_!x5&cS2SE$2;2lzvxZqEc1%w!PHf-CajSLQL#rK_9dFW%=c^7h{~!XKwfM*mql3T5)R{i1%$agm{Vq$3XWMAxuO2yba3!R?>k&k}U z%`@6$!k^UnVU}_;pQ`smKUGn)7}Y*)if4r6mB6FuT|Am0+{lvtMMpP32l2tnHx{|T z1o$0)+x$RsHA@MK!nr}w+#i@@qH{CWR559l) zlTmor)s)&fD4BLQln@ZU?BI1jlAO@jPsVt4u3>2AI+FUpDeTXf*#&FwVYGi`ts|h^ zTGO0hj_AE5`Px9$udU14b)YAcNYvuk*{FNhOo_urFf*>i5J4N|`hz~Xw-!^(; zg>g%7Jim#avAKrP9)~Wg?L(E2LS#Z}Yj5+pB>hp!2(`jbJ7*D7De%~EDC8SB&Po50 zlF>D2zkRL$+i|}^_E-8nNu43g&eH#cyHO;~NBy6Rg|$W5xGNg(_pJoy%Ko0FcVo>F z@SAC*YI`JpPPR(I$Fvi(QJ^B)5e8IxH)Os^vK?N5eeeVQ2j2G?>m&QqgqhSX0qTl+twMd~|MF#R{f z(m@hACq~pIFA#~J${-kK@pU`dpoBX7Q`s-wQKj?BZ2C#7&h&TVgiF#+SxuMi^35m7 zflT5Ofg(9HkC)BZjOBw?bWV!rL+RZr^Gapl8N4Z!xBHLY6aNoIn$HW8aQxPkljozp zY+N-z-2Mha3 zRgUdi7epiOOC(=EGOG36ki|OV;I%z@ZwRh1pf4v#sALU1S!@g}8gVtp3iM3AcLiQ(FR(_g8tbAV?)p=cjwQcdv z932tY5yR+@v`3@P2epbvt8{!;5d!Rvsv7Q^?>UC=XB^fV4C%BYvo;j&P`Rf0=g~WR zD>oUsJX)o!F3RNB;M-#GE#qbGWqJ47KWKJwoKnJ(vX#R@jw!Ihh=B>O2HRbJ3a>|Y zDN83yHk|Z9bfnKVLZR_NhL3|dwbC^g(dJ;XhQ}+V=dP=RLR=qNQPE{*)pm*=OF3u{ zS@Q9IyytcsQC45K%GSd6<)z>cwj9}|55zsP@8>senCLpuZOMdqGom^$$z+t$wBEUG zYfAH}vx%r|yGu{H4COrz(xfK+8JVXTYc^chQe6z)W7yD3^kYP%0z-2pqe$dx%@j$*_Q#?X#O9&OvIAQr)OjLLY|F(hAbcaFNTi~qt~D> z|BmajQh0#tt3#)mYrN19lZ9!lF*LNS6Y7>ivusr)(Y89eWF_<{1J`#GJa(K2i*ZDy_o1CznKu@g&ts#)f9VrcTQNl{1@9O_| z$6o)0xMAXZf2h}*_s-7!HJ{s~bdG9Qw{M=$ekij_5_mm4c2}0klHfEtK;c!9#U*=! zNc^RN_qDt5z~AHKYiIiA`EQqDcM*=pb{;Q(v{KlrbRFpxmGusKOzd8M{{H$(QMd;G zBkPyY>4ja&Nv`^8I}bXc_%Grno@G;cZWukYm*vyF#{=W@t0_4``U+Q?S?*u$Jh0PD zoSv-ao#$L~)TvvY$>`&+O)-a9Bx}cpbUKy2XWb**)LUncc2T}$@r$%D!58t#=-&*z zD|)=0dhEO;MK@?@piIE|iXQDEK*9eZfhK_%L1gV4)c~ zbn_1r4ZZrCsP;8K^Y8KLu{a3`b@=RRpSdG?TceDf-4yFrMsjvX_3!5?xn^{+ixYm0 zh^A%e3&X9{RWQh(WnIK0r#uUHm_2w-Fj=H!F5cEQV()%KjiKA9L&5J+8QAK5*UfR` zGfLE&nJMw7izQ!B-^xLwLEw5X)yiojxY}~M=Al^aj%lXlWgOWK*})Xka97apO|SQN zx`t13W}^Em)RioUY7-R$qe7e6|HHM;C%MEGf6yKMl=LydgOBk(mUMeFg#C)LdYU;X zvkzC71$l!uQ_^bbTgpB>{d-&SSI6`tH=iGojf(p8W6SA3W`DoOzFPc?cZnt5{NnGQ zbi?L7E`!If`nQ^^Iy~EK`isjNrtWUfXFhfR`IZvn+qJLv=5fKz_ZZ#FH=D6L9zou_ zOCQS}E`-ZgWa9$ne5%75%j(c3IdPO}M<(;AD1>?wy9dRtlr#K!kA|w^=dKI#&`acm z2cJwYOQy9s+~j4N`Mfw#XqXB7aWfw$oJ~lEZqKZ~ku3A`=IK&D{0iByPWm-@AJwY) zD5Xr^L%muJgvyvf>jDf(D*`oZ6d{zgp`Zb>>@c6r%??(H9TxVe3I)c@Rf2AfvE8%p z72@c}zx+ha2;BD5K1laGJ!F0}M;l8-?-mu8ZHwD=WG`vbzER>u>U8az{^_87VfNka z2#tiV*QTG_-#6~U{YUO5JtiH#OCx4=26w|FH1uMT36w&S&t6UWwtjiK>*n#r#pFxp zUDxoBJshv)vw5rnM%RNgCGv)pW$B_h#Se;tmb82-1ab4bdS^}p?JtKYFBK63_munwi?V;TAV{3%;`W75-LlM5@NJu*9#jyZn#-d!M(3-S575)RZqQd?P0^ z4xhBJmfedpZ2o#hW#@&n?Dsf6zvqB-d^+a`x31vQ>KheZwTxxlpQ-dO#qATTxmu*F zWCw-XI){gQWPdM)^*@bUBg4*?wR$G!_TWL=T6?;_y@-xpvh&fU{NMHkzxT(kCrw*# zUr(Lb%;Jl7J*E66pt6um(RQ8`-Fa2$|7lHEMIviKEa~AP&p}W2>)y^2j{0g5JrmEy zvaflsY9}R~JlrcTaCU!<)RkN*ldnu)zs|saITaRi5Wg`8Hw(L8^0qo^Ig>`}G7%KNK_OZ|{tp-DyO@Z(G7egN$7B)1 zwx9f64BHR->}HiGk5E9(*DP z;d^g>d=@iOR=N8cbeCAt<+*4&d1ZkpX@wgw9VPNpq>G!G<L43t5!7N6$zLC$1!;O{WUB3P%Mag|K-q|8QX*GI7I92q_9yhiY=T*1h->#{q zn)f%o$I8Y53NtB*dj6fiRy6d3Zb7K7-{!6>XqtbSdC)ME-DW=f^kx3kBH@6%as7ql z?W&o!n~JHo%M<%=O!L8y_P7D!nX%!% zalXlE&0Vbh5>{I^bz*q2@at;r?{)5l>pQcLF(ga zH?cyG`m~1@NgkXZN28Pf#9r}zJT8azQ<^{wTe*8s>ciIkCzC}sE&Hj&uL8TAX73wI zaI>!MQE>b{ID14B#BXzSncmQIXX5x(Dd@wmspYHPse<0^*M^G|3Q25mXzo_9G^}_3 zQ$R|UuDJ?a`gOWqAa)v_UNDvaW7o`;`}iDog8rQepTAv>kx34qcM9lo% z8Pfpy>30^lH#c8-a+jywJ3g8QTrAmr4D1s5RWep%KlCx%R}K5}za86s9(T0@Ls177|TIY>*JUu{Ji|AnwO zX};%YH$~?Z;kqS#j+<@nBvE?D=l%ccI;*HQx`qp5#T$ZCoZ_^2p-3sgDaEb0OM&80 z2u_jUR-EF+f?II{MT%Q-cXtR@D}JQ?5C= zknOWiV9LYqQn9f!LDqUL5ovDHMc_>5cMffF9b4vqcMy$0Tn^Yd4(m6%%~@kpD)n=D z?Ir1|yhmPE^Ouyzpq@1=XN~$C-y$CNMn`v2rgO~65~teVYzP30ahbn$KLc=EH#C(s zBP;(Jw`)$hmDJdbtgMiU$%y=jthTjxBT&y&U=)Cv_0n2_3YJYzAS3+#KI<+=&YNEZ zer07nuG8JYxPS{E3*_78@L;y0GdD20?T3KwEkR1KO}vgt9*;|&4iEV@zN7$pRBPm4 z;X%*Jx91SzQP8*sQSi^%)?gy>{TW5doNFC6d(-Dbd6#hO9{djkwL3kz;oaS z64Re9Cp=|WM1(SUJ4aCGiNe%T@_rvDPs5m|$~NsdAKD`)VQ%ZYI-547=fIrj7CUXE z7%TtV;BOF_2X0TMm-CJa6GO~4+h(;koA9=RI*ZN>$L03vz3=L>UE5=Xf-q2asom3b zD(MM#lkZf;(4SKd&ngPp2=8hRP0A9F;w*QV8kZQnh8uUi088bE-1g}gTiW^D|F#I$ zS@qL%w(|zY{?}cRl|%C+#KtS*#BKJYbqGb{R=3;rfF0jQ7X*~Av0ZPyR63rAvI zuG{Udr@LvhHxH$VWs|?)`fB##H-fja!etzmbMmcHl836BvWrx;MZVQ{_SPz1CCD*imHYKt?rqpeMp@?vOzqhK*Uc;i#Wd5CY->!}4 z6=g&7+HXmeA!3dZM!$SOHSNgZqO7|I|2u)9wK^LFusg*1mVC36?HK;R1WrutvVOej zUcfWDJB);8mw8@fhHzgK81@ZB8vk2b577Ip@i7Tgk}8lS+w>b3j%1RL1f3Y^T%EdH zpL)92Jo^~QPJbm^q32qnHjLFZT637ELKk<3W{*|Ed4mC5^WujF@%ZbWrgT#QH9{e+ zczC>RZTa2J2D9TRVtjG4ti-78a6`$s{Dr##fW|v^w6T4~{qOII|4DH>H3GVkaC`AD zo$8-{`VWCAqavv{FryOs7z)uJVy?2tkkcGIy{ zGZ!J92yv4HX}qRMyyScOyT}A-G#lDnZyn5rU&2`AoDUXVvCi1uiX*S@|7K@9I^)kS z(n^DU*Lq%9tGk$eJ=DMKtl77cQ!1@39G=>4)m3x!2SjIT*wB;3OiiYXE(`i~sc_ak z!)(Sr3VL2rM6CRyp+)S!1!Jhm@C!Z+t*t*OTsqp@rM(-(<3191(IXQrbJ+7bOVVAq zW^rqDNaMpZPCuJ3fET7~?kDeZ9#~=i~k6S&+infxa%?je{z(2TxiS5LM zgr^I~n(=%?){05A(!*NQrs(P{jAw6q4{h=v)d5lPe|6H6l2uWxe2K-`Ud;y+wI80r zn<+Q`QX=xse4DQF+L{30aF?!`$ETr>uFj{)O2V|?&mUYZ%lVjtbjWe*|5q#cbQ6E= zmnQ!CY?-^owX!>r^563Mi@xx(#veC;7y&n{>IH2krV8MhjUdeCF47-6t!u}BgX$GQ zls-^MwV2?vxloCKlE<4EXCl8SKUM_h;-O2CJ9wR=Z%mi9-kb=&?zE{uJ#3cdcs?bA zJ|UXcKA|qm@=ph?43oNZG&k92X2k>!>r$(UIDH$DL4?z!k5t$*A=eO?UJaP&d@&3zK$(S16S+ppg2mgdjY2s{E=`e~_Yntj6`cndm{G-y<` z@zAi6b+JDrTsd;To=-5y|F(+k#JDrL3B>0f@T)cbEJ9M}yMbLiEdH1FXq2$jjd|~FNJDmM^ ze?NcH(0w9Ggm{v-lq#B}4#gjOWGvcltCg=~7XPv&;J;?pvT!kf*pyxIC@A8f;#sBK??Ng1ol@DjNbC-a_g*&D_}MFUhjq@sorvnrBM6&((gxA+4wtZ>+XUN3-6w zoz3G0@s_ z%esT~(J6tk`Nf&V*_lPpe{h=o{@{%e<#3N;o>|Z3pAjBmvCJ}uV?hT6GDNrqUb%vt zrK`Om=AlOpD!_9G2j{6~CEn~xT@OKl$}K%an{{K}GA$M2=|bROB;8fN#bMs--L0j- ziXYv>ZMyrP(Zc$#&+CLRW3oTWwWnkAXDN&faFu~aElcdh&s|+w4yH>s%XS;Z^nV>K z)z~{Kt65%5QOT)feDXU(_U;~~z|-T+BVshXnzriLvFiCbD>rvG6X)ox$tn zon7Vc*tW6y4;#}XTo=H%_#^g$$`(CGfz-vKt;f&9*Xs$K#=kui8S;M zuQT4W)l)0**`Hx?K1e}}M(o?KJBTP6w2g#qOGFL{^o}tVh-3X5yjS)gbMZWUQg9=# zd>c&rE5u4GCbLhm%757v5)I}CNE6G^iU#*ZtF!9!4PkfI-3STzJTrUFfZW}oix;I^ zUS*3BtR_;qu@z6at(la@D>NV!OAEX6FNNji=P5AOe|1^G+h{Gedg*2PBtjF>OorPd zu$9YHQq_T z6-0p-#Vnq)VREW(bneRaWn2xkVmU27+szjt-tf0n{g!n@wHMQCWJ~r{dG~FI8qTDL z;cO}Jkv?I8%l4-(4_LjX)>u9F<+)Tps&nTr6QLzl78ut@k)+n+1co=iNAdsmrBl|uF;dp7*fXNm^N zO4WBH<2+J}zCiMS@n8cbnJ)5=bj>h*juQ1-i_)(dQP`Cnw95htw$MRbPse zA*8V`gIxuk7~aY#TWmHY1cRyksMTYFN&4Lg7Q92bwFK=~zSEC8y4q=Zod>v{YSjoQ zEi+JNQ|LsLxNo@FNkGFpdH8$sv_)SgjK@+jeHdpO3VR75HJ{VDho{|07!>usR6FbS zQJuo2NG)gP{TQgqL_8#GCBQe_0d8lTTTIxI;yWEAVGR0_GE|dWA(Mwu6(gvNMc@~| zIsYrzskBBTam)W%Z(hr3>dPcNba6`Li-0=Sg1it7ICR@B*yVYqr%jh?fiYo4RHD7) zoxO4^w(O^3meAUd9JegT)Di-|W@?drpC~k6(RPNPtYQ~v3CYNft&!GBNVluppbLyk zYJVm#pi&SnXngoy%VzJ8X8XCjbxzs=Zs0~jZhIyj!ze}BrMH%f4j&V6_huS)BHrhP zT12b~dSLg~nbZBO%UKIkq+w~XbuFFItz#cFkXE4cKE3OJ!{0OtU&21(M>uFh%-m1Y z6(W4A1{6>aOT#oM>g3y_b@=9ZdD)$!&CR%Sx+8mR4RoA>j$$X3>ewzoB?gjw8kq_d zxm?#JBPcw&)Za`b{A9T3N2RGlFq&4$U-81IBlhATj1ue+1cXjE36tU_nOlnSxXSY> z=*vZFjzKU-sZ?JLd6kGlf=CFTfo8L~_Rr-#)q$0p&0(h-5=g0vpNMX_G_3C4bhAOh zszm!xHJ)L$nz*4a;@zy~mmoQM)B{nHZL9_faf ziOSZY@7iq~8Inn|!qH*XQZf&?k=kS#itwrK1Z9S?5GxX`;`u(7_EV+1zw+%7bQe9=g1*A zj`V886jIx@7Cz+iGg#SVt85$hc;vwxW_>xHxw3+tA-t&XIvK_8v)b(M+~>RDQw zEA^U9QxwaG$-g@F6D<>&d^duBLYL?nxS#i8`tWQ(ft&+}%7IsQx7wzpLtZk8mVInr zjnA-vP_$gVgEndPW!unqxmT$1s=p<*?;;FNRP_YF-_d*O6iIvgiQ=l>G9z$PYEvk9 zlJe9fBI_JNd$>8(*HYM1WcQ_Hf)yW3OPuec&Sfz_Kw*nAg!pN+41c-bX`t-#sb?}{ zlZFM*>|ZMO$%Ubvi_)j&q9lhf%Zc_c>H=oho3_A(FG9Rgls_%t&IE5u30>Jr@Wu-^ zdprw5(h^%x8$1m`J!fasI8FEs>)4?3T2Cz|EoNEGw9mO(7caLi-{V(Zm}#P>&D^lI^rnnrP0GfTp-sGV3EZ-D0Yy%^O27n2 zzO`e_#pyeA0#8U7EMShk{kbJ00|b}{9-W1#k@kj16`lSFx~B!N0vxQ5&Q^Og#&b)M zTYuQ~)~jcVm)_Vi=(Lx75yjXl%qB|BSiKs^x1m9Aq&ZHzQ&>Al@GN_Km4p^Eq($g~@1&jf+D-du~ zda9`ezzz`loK`!4G!~2C1vq;^dOG&0RWKvE)n|v|6ms@jJ3;*C>@!ta6wt5uNafE; zN{|)MZX5*M$p$i3U4@r)>iOX1g~Dw?4ErUDYi1^4fE&pC)B$F~vPk~1-3hUh9UpJn zups%_n&om?3i~w6Ahdu zAp8tC(!H`A9FkYW?^P9pFe;9RJ*=Of0U@@YO;Cv+6?4GFMX?FXiUz~!_CC()8=tPU zk5BmAF^ytOAO+HQKYsiG7`y;WX=HR1z{9?$8^lA?y;u@z-%DcL9Afn>U97FI7XWfG zdv3p_aL~#-M8H?D;0p%pV792Li31^u6CfN8giCaFb%BUDreKDifRTzxh`T)&)9()G zAzB&Av#AnGjyw$Zpdp4AU6Z$yi_YbPvFZE5UJ4!?VKkJVvE2)or9#;59pYzXjji7eNkX&}iM1qag;DGR>d7=$3)>FaLl(y02e>ZV49&i9l>&v_Uzk zh?%&LeQ4IqCf#A^kRXVH6N!U~2|WOY6BceNEDU{jR#I_Wj5B@8n&^e2c#OfLrD$!( zfXc1SLsoIzFBTez$JeKeVRCDnAAw#wG7`KN`8beTu!&1iM$FYP^7^f0o^{^NAYBO7 zX^%NT(Px4g0}gh;w>*ZpT;oYDn-P+EZ4dGQ)5QV4@?us1Ljp z^kfu$z#wQJ5a}25Jnb;6&KUs+-2hsw0!5i9U{a?b`T2T&Hujr2hv~a!G##{zt`{hR zvF_5&QKp4~(pu`Ejh-oz2**0P0m^$1suo2R{Z-wx@t2t6qENB_qQaVq|cmG2VJ@pmM^sJk>duY&NDR(xX`Lwt-vY4(zQgsD=b#!IjB)P z_yBHu;k?`rtTc}kS`1CoOzc%u0xer=0c8~SH(hWgnO|%-|Fs+dtGa)7(1OqX>(_l_ z1@)unFq$p>U+6R2dR&xD%sBSYn^V&dA8?k_06dx}24Oo-2-Y|fCBR8aUMH(&yT?^L zNwekIr$0ZJ%^J%Y2ES>f+`x;%%p|jgB#ps-;&N20FYTW+xgXr~1C)iogE*^b73jgh zq4^NWk!bASp&!TblD>cTUQlrnDs`fFc+VhPk+{H~NaXw{rV{an$vgw|@Y3e_qHA?ICKIGRWkwNKcg~;hzD_HebXNdf<4Yd9+h9izy2lmtPXyy&qx$ zXns1DeQyTT$pbx>04N^_TjSJ{k_rY(eTZv95fYQQL#1Fe6B`QWKt{ z9>V?l();txaO2nW?E%n}1s@RqS4|m(+z<-&25jQFOmVt65r)~Sn##hr!2bFG#t^_& zm*qf8Z9qkV5HHeH97vXej!m-SU*ey?TW-=*Q`tB;fGiUbDT=F65Mk7b+a(}13;B~; z>^qWp1aBrVCS$al=Q151dc%L}oY9Z1kvLMv$xxh+c2Yu>Q;Gcz+lzcz4wHEQqb zUW;jLVxmDiQPI(U7S_k3{Eg3$YjY|P{&_`<%41_>sp1dVP`wL_APN} z&&F-MlFwtPI&j;*$2r{NimUGA^-BdkbAtv3(TQu4AmfQqwwMDYKz)rrwZobIfS#dz zP`5h{fIVPPZsFI6V<=h=f1UWigU+(>U##zQOoVsU$a}@o=lS1Oz(VOxq=4JfgsHNN zaSPl|XV(B>V?8Csuh&C+k&_ICb>LH@Ra98_sDzL;x!VU=zFZwN=u^bgtyM?Wm*2x@ zdF0nM33S&ZD~7*O)btc1A#K+UCwOgX&kt+Nt~RO3nk11&d;Q8JGDFIW7FBtw7Kw_NImznBZ8(GQaD4kwFF2)l%*0><}$Wp-r^WJG0Dh{kG(j z{qhG;jb0D~lhyk}>~j)AO_{!G4EfgRBv!?O*ue^!DQW<)DDk_RTA6jK2-S$?k4}N) zB3zW%3+p2b9SlKz)acThHdPjJvudT8h@bb__qPd95Zt2I6R&k z29$G9(?&dG678F-WCi6h0}hW_7Gy~DrxzwTU9?lwBHgD6ox=&2d5msiUAxK%yB>95 zI>LmVTCylhbF7n{QI0rZl<UL13^cMtU4o(uy>5B2gg&HZ&s69T)2( z1Lr4o8yzY|%fGvOwkEdXoAYVS=_Q?I=#Ct{y_!+BIh(ok8U>~<8ng?aVms0cAX`#} z&*P#WRX$hr5ng>){03GQMn>l~B>mmoy=*Othy_A5+ocyy zra40=L~vfNj6s%8x^fhx_*F4BiEkV&>>au*X{wcVJ2U_X-@;u`hYG)mu`EARz(2@c z)0Hi6bs_(zjK(-B4q5&4N`Mar1O@@dL(0>GmjO3Z%8$&Erv30B(R?!k(?Q(P0YK+z(_9g16VcZcBal;T=kiWPS#F2x zQVfI$uqY5L!+_+9Nbvf6UnxvVR!Q66D-Ca=uF$$!O6~U?cH{fc1C>kG5wV+4XUeBw9!}BHC*-Ys8an*R zZlu!F%N`NHTy@bvrX*PXQGUnU!=$*cPcMnCQ@WvhbP)D_?f5@$Re=O3o@^-JKp6_l z%!*4)M3G6*;K#M~W%?i)ih*g&f{C%Z+4}Fp7DDaulp+P_yWBB4ZGL4t)26%%aQ2-> z0XBL3spYyO_C@;FSa-vxj|=tKHz#JSE#VBbLSBedvA6HK{$oZ}9D$9W!e1vO&I#-1 zZK^z4gw4(HsO0wIf99b4$Jogdd$uOC^}0F%Id-L4%GLQHd-r~;ChRqKwMQPEt03pG z$o6Z;H(WOH!~eJlEtjWzexmC|Cx=WYjBZ|uNQJUEMy*Gw+&Jy@gw)xs zZ;HbqQf+G!d@@NL-sYCF>FxcqjnB?5yzNl2mW(X%EotTSmS~4hl-GDRUCuPUi)9SU zXoQo_^ZzbUD(m=GRKlTLQ_Sf6Rd}0YoN889xT${#*2GHEh%+i`ZS6J-|F6b(1CwLy z)I+Y1UmR0Kf@~uRBvd3m40-&7IHs}(9nnS75?k=kx;t;bp;Z`ZD6ELYXyLZuXs-Gs zPewdD75Kf}+43fZmF|I1je&`?e!}Sky2gn3lcqzf`oA{f026!}A*}iWi%rW`uF~a+ zmwH*kAAYVr)E3g2i`q~{cBT=z|XHyaiWb)k%LlEPfUcpUf-Q8 zB%L~3AOlR%`5Fu)38^wq6K_A&)z=UCEGBXUy;?XbR>?i82;dxHgJq8dfB(^>?EjyT z*C-XI9Dj(DrDi;8l0pOo^$ME?_{GEn=d|5@+2<4`6F)5B*?39);p4N#;m#4o`8WT9 z)+sCnufWH-f~K@|V8xaF@yOR&%)Kp(uYzKUXY*EJYy+a>=K^Ur`;=mcU4HvLjSlIY z2?13ZRsfJK7P-U?Z&fjBtLvAs9U>^m z4z0yFv_uC@jO|@t4h0E3#<*J3J`hgtO>TThOv+Y{DcBNxpQ<48;ELZ;*;`=&y7+5U zD&FlehyazW_?;e^2x^(Fx2hHQw*vi}6^v6F2hj8-?_mr~XlhG+*2Zb^$6%N503crA zJ+$q+X?JXmH+r*NaB|6Nv2yJ0M&P#hIiGM?D21C)l0ki4*Kw^ciHt7X+v)Oh-Qqxn zu*lI;tHEK_G;FmK)q)OYYX0V*Fu%~A6>cW}ynmBziUph~6BTf}FukoGnm}&qs3D0p zaeX-+z`xzihZ9KD@(BXWeI6lZCz$eYXJ#Se3yOTX@-d^|!mn zx<9($ryl~4tAi0y&Y;f=LlNKDDZyA+c(1?2DEyACJQsP$eW>ScAkrMT=09(IE{k6( zV~PpfV>A&oVitC2(_43#=pMXS_c`aQi9w1XQ56p9MJ>GZ+~0U^-)7Yoe~@c2WkN}r zMgbdE1hSzCfJ&97>C_TOggt6J>FydlXWF*{a_J%0Mg^Zwi3lCS4Z zgK=8>Hi;+?H_pT0_#pWDjQnJQHVsCU9^ICwtW2(-;4d9Xmc-!nxS3_+X4^YI+n`d zT(8szF1uR)mis|%6DYC$Tfs!o;#1lWnLq#Yj(C9*I6;?Lc}E5rFa$P-DNRX4XrTVe zw}nX3q<7FJZzlSwSV8g^>bzJ203KZ{oBSK#k&7g5d<|;`2`feLW{vB zADqs^wNYDfv!(8QGDQdW?RzAWkTCZ{Ye;5ZN-_6junXt<|98pC(hAiW4(c9;hoJ;V zKu|0v{r<`DpF|q|C2%$hUl#(};6u#K1@0ERq<;G+Bk_&eJ8s8p-iXagW?Vdej`#$I+362PVKK-~(izDxd3OUiS4`wc>Hu|aP%24AD$6_FT$nILa0 zWQ$ectw98|`$uZW+Y_?a%-Of7uM2zQG60SIu+iof#&%<)8`PUa@>aqP@0Zr7Tl_i& z3!OAQtm_}Ul-C_94N1$ne&8_v{Q0w5-Rq%i`PtA;#*4C1OHiU1;tP|&mF!CjDtK^Q zK&;zXEXUZcoCVUv?ef;$_LGXZ3>I2FsUTyqw9&4sqc)!k`^(94T3%9F6&3JPKD(0sMpdp9jdd9E|%$r@>u%^bpQ^Exm zSRxopJ4dni7GxVuDDIljkH2I+5QVq(c0Q6^@6m=nGIuFH!9WLM|B)?(1m5>N(Ra}5 z2?gVg$wl5+NdM@MfsXzl77Tx+f&F*NGp1v0puY5Ci_&;{db)m_pPvVQe|orKlEHgk zuZEHqk~J^mex?g`cvtYk9T3o<2rv0>3B}pto%B8_V4>kH(T4;le|cz_pH~f(uvEkV zXn)fBSa3mF>!az>GVDcQYJSL^XKy}4<@@K7nvjZHQ8&y2Iq;X!BN`lk;X=vfll|A4 zxUFVukbm~~YnoV17e!$J>F>(b-ME2%2&Qi!C_xo_VBAnJ3;3tIa2~=Ilc_DAt%W#Z z?3UYETaSdb?Y5tUPWrG{YL%FHsdO$F26ISCKx;{dSL|+nU;1+*Y%V!W4ap zIHwj9R`oxus(Q2FZB*c$xP*n+hR*59c8fDKjW}9Y2ht?$#K`|EOUjmDNxUv2KRAs3 z5sn;-mJ;Z}J8S9iGOj{a&BhIshfO5vy~T^rm~D^`6vRsFe;L z+&j(kDM% z%^4W$bkO}0z9C7=$SAK^syA2ZJIA4x{`;hXSn+uv`rMPFq0Be!fbj~vGLQl0Oqe2T z5sd;<#6u9J&CDPZCwxGqKn5l!Ctp5Z{K7{EX;ytIB}n<;y^vzy!;s8k(D4Zo_)F*_@>bA%oFvI* z(n3bR9|mE!o`8vSfJaRs6Dxecya%XGx*y=m*bF6T8F7w=?e9W!R?n{-Tr*xHMJ(`9 zd{y6hVfft*{;%qqEigs8q4k%VoQMo#HyRt(~feEweD_z=_n$p z-{o5P%C|D)-jew;F`CRFYLUmm*yPIX9#?sD`kqm%?z^PvBHjX70xsbPGo{q)TR+x( z)EsWl)XA1?mYd=_?skYhHiGcK)pxjG?0AWH&(3NJHOt^LAJvQ?w(?m_!%RdPgFc8t6Q1qA`% z^?AFtvtVE(iGZ^#b3(TS3gA<#QExCbiirE?-DXRJ?MnL6V{)8Q29Ht)e&c@yXA#*D zimaH4xU;x1WDprhIjiYxbq}h`;ntg9(O?4WwJ4u;h?wxa_4%*Z7&cjLwUQ@uW7 z06h?aaHr#5Y!I;OwIrtV+EtxP>gi+ob%7V8rKOFDqF-V}pJliDqw-HX9+XGnF_vZA z$=dl?*VC+DYaAr|)O~qa-C1S7`CB~KX?NV1=(FW$j;KKwdeIN-1&I_^gCg6N7KZDv z#bo%uhH0jKoqE|X&Y9{7LdPArJMDZqFTi9dCP(yQ!`|0E7rMKrm_nLp_IYYaWj$3B z>A(Oc&?&v0jw0s8o6LBAdWhI3_qp{yZRTKG&Tn3$_9O&3qXQXhx?r)Wp!H??+dBq~ zN*y?IXHL3fE6Iz_H?;g>NI`0ql@=$i=L&`6x=%EDqCfAeh3DQe^~+=7*k#>-CEroVcG-ilr7a6Olm(Iu8gqy#Ma} z`Swj6p)l1ze{|j}Ur}I_S6oGb%l4gS;DcJtca5M5=wOgC6A5}(*Lxrwkw8i|VTNXA z$#!v^hKQxy9AL0$F1+oW_6hMv?Tw~!x?i(=K%hcAZ)>z!Vw_6l@<;N^hdZc8TZSku zvx7$TYVH-#!0Sw^quOY$O3$4FFhP;SYAAk3Gz7EX>c@)tV)|<)BJ(TqX6rR!@ZhRQ2 zl%~W7r5k%j|AVwq04M;sVH~#~nU;>1e&E9VusF|MWh+aIX4ugH`*;5ENWlkP=zO;< z-2B26h?MDNvt+ZO?_zQ5Pc*ktVF)=I`CXU5^)saD`Vg4D-9FO4e1Q zEM_hZMAGNYqd33zLvGgpz+V^^C7!G57m&{J_(T9Qfxy{!fC^bL%~D2>tx9$Y0-$<~ z825s_N{>M-mmg2u(4>tmyTh zFAt}k#`l#!R;h@IGlXD%-Y_uXzVx2+Oskt6lpe~$EA{19ws3>ft}^@6L3wq!cOIVM z>1w;NpwO7i2DbpG#zlz^Ut@siX{$BJ8QyC^i479#v*NLkaKT#>$Y%A6-ZFIgpWK5nK z!$m7}CUc3f8+1vXS)Td!+hAZDtFuPDZcUGzOoVE4toFio3BY=##RU)$km;k&!h0kIjix{@<)|QdnbGw$E_$r2YSkw~PB%_C&Re_QUh$ytu1HS(vdb z2?VlL%96xM8BbvVe>32t?-zw586km&oY59H=saAKVW6c7=&@a)nzjuNzq=J(9AiNR z;f-o6Xl*Acyag-%hnGPNA%>qn!@nW3z22?+XSKbiK%l=2)@1LK=XcfoHy%4&!VWd~ zuDSta&C=bTOJ;p=US}m474R<$3q&G@{}2aCtg@=H6p$@Ml7Dc+AE&PS%_13c*lFMZ08odzW1KtGcJyMLaiJy5+(2^KS&6#mc%>9;5n^2t9^o4i3)+Q; zBP~ua99`A2gZEHC#>*>vs|QIswU@WIZ?k&8udXl*jTb3WP)_ck=$+1$t7oObQSzQ= zlmzmStNeA7jtKHrO)YLW67AA^ZEqH@(hkR``>TC;o#Je)si`SD3ZAntH|GUbx90gH z-Otp+*TJ3Ju2ReND9Dvp-2t|OX>sR+RYnQ^+((4wF~U_%;p1QWXKGG7qEDR)P(KABtZ)FB*QHHfa*I&sq2B_RdGa9H8|qeC7AIt-1N` zdmt*d89cQz%F;JnbaizNx?D;S*041(I^np#u=ZxvlU44%^_#f(ixtR38=G9BcCLCK z^wzj4Z7K@ds~|iZhym2Lut+2!%BxXtPO{cahND?#jFzGfW=`(!!@t3NBjjcnI)VOQ z*nSEV>&ju=V4qMIlB0zfOGpGB&Q%X+N{K;uKcRk#34a4k<+URtCMMRct^5#zMFO2L zK7dLg2F=TmIotKU%?jvQF^ymtUsAAw!IU%#iGsd2xv|$^qMRGaq$ueIKcL-coM8V9 z&s&Yf!^7hxe4D)p@70QoNdJ^}O}TI4xA6QV2a7@7vZSC5?a>_7i} zqS#GqY8}avM@{W>V8ImlM9ZTn4Xf~a0F>07wCJ$vE5@G2{+2j0^Wb1r) zZW^SmtBbCd?FNUmjtUK2D95nO%R=~jR@vE$#KXhUA5 z+-A;*Q}!<>dbyoWv`7&eR9i_0P2-NS>Lv9WP&ho6Lm#NhAWNu#5q!x&`tdIbMSV{kyxvx2L@u()j*ga`n$ zv&B{fW6`X&w=&#aSH8_sscX-2R&E{im^YLM0vUhbEobu-DlYvPc6GY6A08eA4>KGn zMM-dpw0*alGb>J3G7o-Wx{;wOt07i(>`-$4V@)pV^NH`a4-hEvp&AOMx`!!z>2fiG zz|l7xyybYzv^UIMJojI1|FBaj&C;<$d)xLabLPPF*y)}o?TRhWQvq*cD?bFC#kK!@ zKn8nqMe0Jbqw`mqnhrm9ii;KaXgQ68T=@Q^3|A@~%r~CnBu{P$vfRq{hQr&s`LxRU zM%xtu2d6ASH)T5m|(r~QR2yX+iliip;+@O8O;6SY^N((Bxb+f z__BLj9njQ~iKJ$xu;x-Qp;wZL3UaD7#I<*Nu?v4}Et?6P#x=XqVlG^&FM_&iYUb|l zFju0}ugy$!!Sd$7&dIGL`#tO=eD)Nka`+f3cDiuPkh)f9st_I%Q+#w}J!zn=70qys z+1KB{qwRWsX;FLhGwhwmh6y&Dq`Mx?i@&2&oX~|p4gyRdnlOYAQVWScls3r7f&WN7 zkco>KYB&$wph&;jPt#kp3WtW<48-85jJ>n_2o3ly700aaI2foxG9q{CPV$lN)Yn7x zZK0eG`Lmgjdmcxn72-#)LaS}3>jq_(CIZ;IV-L}>pA&|{Cn4cJzpw^SZ?fE0C)1po z?AAmapcNGrpo`J5vA(thdX@?>B6XK$8`rm_dZF9!~sHvrfCu@v))n}XCFN&H%Wn#z* z(>TrJQ&R9v&CFDbm9x~7MSUJWf+9B+P)BO3$%H);1@i1)p1s*Ck7l+$LaO!KOW^cw z^CdA6RQLTmZr5iE3x*wj0Rg-Rmo9giL;w~nH#avm#JR%b>LBb24%S7_77-A9pRTmX zAYE3{Iw?PX@Um#vNg})xLq+)A=I)dr_(%>Z$@c*hQ|IWkw`by;bPvx{b=0kQWs%c#o{;{?@}K*8@Ie#gtr zY7V(GIhi9Wmm8_Q{y|Zsf|{cV(+MUans;F>Lf9&|=tw~UG=V*jcl=v9>tU_u{FGFF z`>XAqyAy`eC{J)_gzt$<+oCh`UH7?@!aK4Wzn0Kgh>2go7Iv1Xul{HDi%fo}pIn)q znW#I6eD+wOG|tD18i+jSjsz5l>D*SD{=4}xFp5Bk6#jUExPKw~#)gEo*V{Xk;A!M) zL&qC0MG?de5DuvdVOpA(KfLteN}5TdxX^~MV=3o1%AlKRjLJ$#D+>oxlX$kh+&fk$ zqk-2M__HlXfS8ztaLQj=FtJTv&<_@DK*xWtZXKeI^<^ZP1rUIg>AqdgL_B4mD82!w zqj)N(e=hTFmKwwUSj|>I5dlK(S|TX==-*}vHrudVn&QOQ=W9P3FAfdKDUS559>DxI z?Iq1AB=LlVg!cY!^djNac%3Xa8xtZ(-ti$&zJ{jdbtQNB^}y@r<$*#z4V7San(FC#&H29i)G@vN;8kBA{Y4PmbLtcy*^X_$we1v6 z+E!_IC*yhLtM{Lpi5k?Av4a?7D0=W4Gzko(xq+rgz`a>&L7A_Pm~h#G5gUAadmBpP zY1;eF(KN&rPFKT^V^@)FR$4Te`bNJVU{gN5X3HfJjul5Vgtd_`XltPaZFXRNJe;iz z>Wx{%BzdEWyPj$Z`vFJIs-)%@c{ znYo9Xj=(*M*uJaGkoYNs(}V%sNtEo_YKxZ<{2})~jx%2miGUP~x$!Vr-YK(`e0jBe zzegXw<*z!}=1p)G2*Sswm)QOgi~*Iq5RVp_GGnWT3nN@!xAvCsFieB<5;6iCd}Tq) zH`}HhU_+6q$Ze<5;p3DD`bS!C(z@JPao5d1th0||h;uj=@^J8?SrPc4=)jl^_>GdU>Z^P-)p`$! zj!hsEM%*hgi~=Due+=MP`XSa$(y^Z+nTl~NkN{nNUe=P> zH7rvx_9p~Rh=+rHv)~zNV3L=01-+ZwlsQDqEk9hR>67}#W5gn67~F?dKMOzyLMBRN zvSN#qXCpuQZo~r`l*R11nmvNlmI#Y3cVqJ}6*35&2Y#opQbdU7<~2f&joI}1{F_x^ zh;M}|4Wwc9!)+qGsU)ih{7vKl`baR{?%I=a`6gPcfp;72@;#-GQ&1V z8k#7Mc>Do+8`(h7EF(fid+tH&PFlAy)OmE9$8Bju&1tvVrVXN}w)6|dq%a>&WC;HQ zF6!sQT*OjOn-wVbg3&zS~iia3rFoD^|@x z6O;r_-LRNL+MgdvH|9q!t>&({45xTHLg8Wro`OL>B&k$dJV%jC&Q>EMCkOAJ4 z_i4fE*$$w~?pUm#;;RyVG0dP(KSyDZGcoZKSB(Yrk3jf_qk{H>vd$lLpn~f*SJb@Q zxSZ*8jLj}Oq=a|fFO`hl3EMyxjxr+(i*bVFxuYedc%47T%czp^*&Am6foBjZh>g+J z6a*Y21bvkHy&1Kuj+lFAa(~sCrrx}S}JtrN|!9Bmsj#6%HJW$f6mAgeq? zQQZY@ImVOBGRt@^dz*hsmULZey28lK#GN(u)Wh%`iVNV%k|JXziXW&)**^0!Klkd6 zCHs*o6Qj!t^An{@FjzSQ34BR-h0~aLLM*L4RGOHTth}&K==F{bPBb(`@*rm1!0OKD z7W>Wld1s5JU-Ia{&|7u0jVldYNT`Z3y;TZC$8##G->$KE>nnsu-eblf$)9S9pX$DZFzOpv2B%_SL=`G? zvQAg8@X8so%OL_W1%ENMzLt=tD{KZpM(-oGZw|ka@O>=`rK?2$5}N7sEl(>ezsY-! zftm*81GFA>93B=L8W3;-QPA0G+l6xE(W{!;{YA&qA7`|PfJiz$+(d&)2~(sXE9LGP ztFWZKu6*kqw}6pLowb{&TwglEh|kr+f6Cloe?PZMUEb`WU(SVcUaE!As#kA$SuU6Z zj`2V`$(%tfe~r5#Vk7;5&JJucI1M$&FL&ceZ#HkzcR}m} zbYYuj(2&@8>4hl+Me}b1!1+*phhQ%e@^s#wzsAaXAEZAr`wnsZ6Qzv*6{Ya96pjUK zQ5NhGbMy1h!|*b*v8lYk$>lC2*Fb^PIAG?Ry{iW9Ha1`0I7q5CuO{4M0bK;E-(I0z zp^_Jo>na!L=qTfs$_z2=CsI~Un{^RI#X>rtm>n-LX7>5bUdbe=9LKp^VhR}?%lmXH z!v2;%Fi@9#{hLEb$eQVK-s&8ldD(GEu2XMe^qr3HwkII1{c;?PL{1uu^=^xO$7RTuXW?SKc z^}k=C`1U7@D_)cv!!9fOo{~rbi|Oc-IxbTRZ5iVd#VdbjSI@_pI&PE2g%r7 z!$JvB8JNz{d>8)9K2-nLJ_oMqZ)G85w@O-Z0Hu`}Mr5$H$ZnPWD0ZqlTqTDf_?zmE z??yH*TjCLpwaK1^F(jrZi#wpH4F2p7JaEg*D5lHRI4#`Xxl2XrNf`XO!A`j5Q}N`K zKtbnmQD7aALqW>2e{=f?of^OO+Lv#V;N~SZqLxgCno8C#f5NEKA^Q~ajTqr^Kfm_yrYJ^qR&2`n5qMFvQCIZbfPz81}x&IL<2 z9;lJOQfcZgin3LF8^3F8dKt)?TTT&a>(;DrcKKpTBVW(ok5ceP%TBb&m!5ccp`-W6YMZe; zuu}JcdC{oW^ftmTmXAse}9R;GFy+|9sAbR7Bc(#e*v#bA?*SQ!17rW*1B@p}UM z_p&BBShGWonc>}2!{whT7Z{vL%PT1rMq-eK)iVYLyf-m3E5e0LXe?=h?6puJ1Wo5= z{;>!dHNUf`rgB7VM4aH5e2k09KBEeqd2ohZHa~$3H%I;gn=fLv{LTh@!1H(516;5U z`|!pk+q1pv;tOwY8p@+un^IZTRx- zDLP?ycckU}-gxRkoc09=ZH_3Hzl)@ zk!aO-U!?2F?;*enB%eDN`kJG|BT2JbM=oC)gT7Z8<-T@Z>7v0$5(%7N_ZU3l3e$i*GGxD}}+j!)cmy^&Mk$xDmGlA-#Aopo7yp5kHKSuBPU80gn(@2of(uVsCAw|Czbp9Kzz|VU z2tmVn5dlQGy$Z3~Zc$lADiLvgo472!Ebw*D_y}3JcWz%rzPU-?nHBZs-VmnS`8~`o zx_9+!QL2`+z+fKNFGDEo=;F6M(3(R5qY-b)oHPh)MM6$13(O?);t_6`pQ!`*mC_1X zem>0OF6TL<9R3u>o+wZ&UMogvqscU^99r~kMr_gO1&h@FJ~=aR7WyeX#@YRMzQDqi zcd8;(4ttQ+gh|^YrZAFu#WkXA6lS>6{Q-k|JiVwz2YCsRz4}$n&`c< znlCHacpC8bd+2UciLu7DXXE+^A1WjIrk)pqO+L}`y?lSJMHCku>%6{2^jVBaiy2P2 zcx!#(BWvPQ>dbIL@C-9Nep_bWwlvN)^5YAk)I?TN-aDLH6>?C8;BirEOhfT4&6rBT zyPN{GLkl`0@$TQe$>~Z>WnWuj77@oD24T5YHnL+SStQAb`%^``6(avxJ}O&I$NPH<;z=QaP(Tj z=z2WE4${8ngHx&?E*=vG=UF&_CnP`t2KTTYRxtr-Fc+Z!1?92qDn5$ih+HlO(f17t z8U&RM^r@nHZ20cIdj>+^Bg-y1s3``SPG9Aw_Nq}Dve&sOolS(IT`~Y6D{X;AE4#Jl zfew|IbsQF(&4LG1y9}nk)t@}=Q^@nU;XnhZ#Di79L0GGb&t^=$8zhl0N4E!Kkw+_KbSIg6co^}$C(hp zhMCBEveSD5wCsBRk@vS)8i*h~@)oTx8})R8hUxXJLU*UNgR1Ono3>y4cLN<>aryVe z_p1EbTFhEUx((ZkB@iMt!51D+5F&kvEtKrRt)$(64MO&%G{u2!%j;N3?K>% z&!cz6#?7Yb|Vv&aCygmM_4=ISHu^OtX0}hmsQ;m*X^ffY`hZe-&9i6CSQ4U@@ z&o>vMrxm{zH|{*b>Eg+28{Pe%XP=!LzEb%z zlotddCLYOdAq$i+&bxl7`J8jWA{${fuaEy(Xnnbi3Y=N*e$ccf=PAeKo)KtFeyD<< zIneo-x^rDJmzgc_!US|5?mXU{rurP|4`aA0p@1}bF+pneZ-SBmSewB_SbthV!t+cN z<}w}Li5#e)4cOt?RRbjO1HbTng>Q$~O^;|AM>IK8qJmnSG0Ggd zfqRl%zN;i<(5Ee=tUJ4oGO5qfF$D?q%CYciHNOa?-er~S&^*%$QP)v$*~Rf3pqR@0 zk#a1PJxh>!pB;Sr@Nl@D`34h=3En$sV_X^>l>z{q&+p9RYkP38A_reu5ddTO*2w1# zGQy54G7cE|06ZcY(ctArV|A3zYAAqT0}gqigcr5r-fLgRO2wu+aPB5R-C#!W?Kc|m zV#Vfn-IeJ_E+GL*jRIl~Nr-IA300rLw=>}Oa8YR3Y4Ju0#d@pYE1euW3e@6S62nI#t`gq&%D{<9L+l`BX*by z-UYglQ_)4-g-7&ZiJ4^5t#-aT%n-iq%Xa6Oq%k}Ai4efn zds2bk+In));H+nkS3#y*17S8qkB?5-re>|Kp{922XDEFub%p(%PjqWe&K@g7NiOUx ztX7)U`ppIry6^ho12C0kl2J$kteJd1nU=pFBSpMUNuf+I+fXVJ5og)*0b$=0=HJgd zOi=@YPk;4nTI@H3JdZqH16vpg-Vd^~f>-t?^JN5t$*-biGyovjU=xU)&i}m2Is$tw zUr$R&s`iv%$S64?SdXW}9Mfm(c71V3+v7?Ks&VD0S2qCUi+uV}$2Rc*N(%1B+vyMpcyHc8#{aM3j@ z5drjP1&wQgt5}+{W)ef*;hfP}k}{}A+O`;`JOZW$mkrv-Rpv@r9uEM6^QgqtT4@s!Qq{hIWFCf75^bip^R- zr@0{3{j;Xmp3l{7_m^35Cx$rX#ByY|?=!#0PMZ1P(rx%~9nMNi_!H)#B~6hjq^m{v z<$+IIvLNP73-d6Ik8Gn6&=z0yE62CU|Ac-rfkllNR@=^R@DMEY$TCzYEp+(Rp?DaTx_F*DSRC#&(g z*f&u%A`!Dx#5-B19K)E$GbW+`vgnzq;zAhv2sI8(=`(qS>Va9qex_&c9G#?qronzD zQA}(6>EQ}(7VA{$PuWS%>M&X41A+0S`;poE@LwHI_=~u|czf*k;g{~v=S(#CBQp$jXTP;unhrVbV5)i;3w*#` z%7hPbj6OVuL6!F*1R_0{W&) zFn@gM!Sf8412>tAEJkM6To#rJl9U`GDOhqmm)Q@~+quEu3Qc^yRw5NGgJ`$E0R#Wh zhq?LC^uS~_#h))3zeHgrw;-JMu987n%AS%TBE)k!fvmdg{QW79P-m_zdku{1;F2D) zEg56-yLL@UihqRc^^&|OkBBOz0TxGn&Z%Pi3ZIcmDaoE8PSwa-`{f>)7BajB6#*Wy zqE}LM=r9H?NRuloeIA9sM7pQpq+0TO!T4Y1feg>{QICh9ZD**3yQakI9O1kfqI<^| zS#cYDsPso`ve*fHIWIBdr>Q;GC7SyjIU!+B{_O0yiu8D+`@ZtC%Zn(Q#e*E_Fv5j! z@H6dAbRJ)G39RNwM@p+K%3`69pFdqOU|_eI4R zd#uS@)oq_vi*mMOj8?Xd|t9cmm!*7+8M=z`TfD?wPVHwcf}1jx6(!RH4p8o zo(_FpvORc^iWBOP?25|YPxbL%3cIsv#BsIn_AIFIeH517f%155c zpKFPKseUKv(BOwDOd7Yq%OA1Is{la^3^)p6I^(*0R-v5`!1a*;?Gx(7*Iw! zd_MB)IToAPJ=WCMwkmzRrO(ZeptWB!l6+@Iv&n@>076*=g!5@HNuHA&;YuVRe2AIZ zUB9`2@7n2?F#XQfG8ZYaeV{Cwe#)bO%++3%AGr&psm-+h;}5N+%**`l;H*BbokLFW zo@tbXv^2_h+q-IMbFWy*_z1jF)<(`wnLNoOtal>*^^XzXK*X>^nNqbnG^~@62C}jFv^T}CB?_jNv9{T zIN!G;5*XnN9U1>vJA`1;V;IRf+J4Ynf@)(`{+7iTHTEH*9*gt>4&89SomJ z{=5Agw3~x}5$o}4z`MI74rJ`E2LOpY>`^DpUG9gFhu`tdJ?h`winR9$SQRVd_^Cey zV*ji~5QWdi?QT0boY-|dw;(Wx^{;i#;9gt_=fU6yT;|5AElB1Nu=x8$Wo2byQ0fq- zsrYc?&c{n+ZEcGY3pR-*M4QY{MW+=N0&4zWl-_!;oq-X z2oo6EU58Gdq_)*Vz(j#7r6M0kG+D!w#R4Q66`Zviu?OMc(|qrmvr$W>>}4wkI6&fp zetu5Pl*}|0Lw9pZ|18>U_I>!>ec(uP=xeboo$sKD8mn$EM}8+AcFe;w17ciAQ=@0G zv1o}C1OD-~XnhQ8_!^PcY7s?tGTl ze7FgJi3=`li-u1zTRndHR8L#fNM;wj;*uLCT_Q}#@R7L8fTYe%FRM5?=7EqF4EP1 zT>qfDdVNvDd|t$@eY#exD&%GT8+fMw-Da5&-kggf%^-eWC5DCOS?B^yl>PT+8Q(4nS35B`q(q?O**lj3@% zm+?MRP)1~RHGD1)o$|ogVI{NCc2yF+(CK5_SIXnn?`n~_xyx6(@Y5$#b$wj$b4mj6 zX|*JzpebowE?jhjX2-(i>2x;DSMZG>a@u}Lf)1q_hF9MW6bb$NtblQ3AgM6(W3ctS z=J|^gqr2~X4A~ETG0OHisBDf4XxRz#?ujG2ZFOG>5wkeLwFHTVaj1zex;E`H-9e&O zEca%Go}U|~c1MzjRTc(O8lw49%@q(D%L4&=Ih$ zu%9T#BB7|_%syeNW|DckPD6c9@e9?&aP>!yuX2XjIBW$SA5!d_&XnD;>vpssh{8A( z{I`K@;GxY!x&76(zY7A9BRl)JP13f?|6}T{!=mcnsNbPsXc$5|WoVG@p-Va>Bn2sv zmXH`4>F#cj5jQI9eU^tz2%I7qg1i28Dd4`1Yn*ITOTtTG0t~oGZX%cFhXc3u_ zdzAT3d+UzlYC_^WP6@YUdZ?6M&6*oJI#8voS7~zJzc5kvujEA;_ofHCNI~5cLW;r1cAvF zKMxM9XJXrKj0rOh$Gfl@nP!#XV7cn%Plse#u~omD3)O5eA*PH`h%&OWM88a|tgNzr znoTmO&~pQV^b1*!J!-$d29eQ`5C-lY1MYGET5|&CL4nACC|&gf973fZzto(54?K6I z!;L>n9`IZ?x4`ja$XEvJ6F!UuLPj@BOJm^%A!7d5+3~PmI|UAqHfz4(2%gUu$-MYN zDxoYvj!fG+{@{+t`$x$v5v`iw2HU$q%x%c7beI&BQ>59e$Z=xy2K`V20lSnDw(8>B z9rephR*u~e%tT!#wO_2F0fBV*cMC&9s788WnS?{wagk4CeEIX;(P5hk?CrNsA&&NU%>;6CjnKFv7leGhk5nU$|vi)oUS2o z&(|E5CVfVy+lUO?3#+DO*@&srcikfscEjfC9^KpJB{(@Elb7|rJS^4V|5F0Fm8(I+ia>8 znB{@yxsSS>2V3yPJWW0rk=S_WZG~=`j?Pl=?1eXXBV}9qETaZlZ52V5%XoM=0vK0# zliB0Fdg-5BxRe!yyXCTroUT)$;XPdCSW?o@7NV{A4u%b{qZn-&&K#U1Yu6EBlh8k=6vYYeC ziYT2m#;yfx6n+(kLfr89WzZ6HX5QiPxiJSy>0=+fTz-=EsRR~S;4CS6pW&{<77ooA z5IE*>IxBldbOTc>3+EMW4k8hX0Pf70wGbO*isVwBk!VaJ4 z#n_c68OnL54h?u$4cq})TJ?d*O*9+|==VDMOKm71$!o?8EJkrRt_ov8b~iLC1n$E> zFH1|U6cM$ZS=LivG!=cY&XNgHRkP0g%%b8OtJIX4uxqt1<25NLi9kqdefZwB*wsku z%UeSTXS(S*okp!lpcK(-G4rpP_$W7-w=#!yKmRiw-UYcCHMl{5PR>9+QV-8I=@s=JtFU!r=lAN>5X>>Wlk1A4a?q;#MqCIK+-8LgH832*f1w#ew z^p3q}KhRf5BlxG6Mxz6%Ny>dQ+E{Jxj_Rw*Qx(STU$2#7eSajP(R8;id?6rQh;21p zX=1uawh1V;YW0dlkH@q5gADgR$C+$z%vXkfsJROi)=`=I+Tb`rZjFRv?bpV= zgrTT<>or(gJaAlxUpQ()$58*E8*Hol=K36rRa~#@gHPo=ufZ;bC%!jM*nxS*a$A8x*nM_54 zgU;?2ODph$=UuGgroX%c+&r%qG`Rt4rRzxYveafqWEnOzZmo z!@-WmnvJh-w0=qSVZ=lgWEaL*Pqi2+!<3J6_{gex(J|gZe_VfZ0eQy@`5|V@CB@of z-A;rJ*=QRNpWCZri%8{`leRG?0Tv)RK~6-^%Af3Ecj8J-o&v(_d~2;;d;+%Dy)U8~ zV5U8k-)8Go(qg*a5&>Iist6r}|J`^hD%{R%WY35+i3vfPwCm`EtpZGZVdSK`yOqb7&>RFXPU9u_B{S2O{n!4P6%>8h$`@c9XP;q|q}qbzGk{uXrs zpb4TGPH9xX-teJg|57BIH)t~^M)x#37Gs2zKTl1#=oQ-Y=tEZ`EQ9+S52bS0rXXFX zc{&@AxQ_`#chsV!U@%a?9B31OVk;oqF4}Cb|?E)d)Yx=6A)1J zS+T6;}@Y4SpHRZfOUH2{smNkHWK-{0(@YFh8Myfv2rD!`nOa(GkFTh zhdRg`IcQqa9C}(_@?EKEn zeFL0upnkLKm#%ec zqKW_`v=-prm|5!I$9Frn)h_fxip-0RkC$?>8s-@DG)$?Uq(S50u(P zH4EHedPw24D+z>{b_@=x?894g)$5LF3eTA{oFg{!p^S`CnVF)ino8N53X<^! znBwAX!k+A-qudrB%$3k^s9th9P&d8i890CZ`%?2@i**A~4~}B&ID>OxX}jh0q2>BOtJl-Hs3R0-j8ozvcYH{?rrOR&l}U}_jT6Dht9tk0 zBb1M!OgC8~pK=umyD+V-=YE;xt#g=?M_xp>Z~U6k+nXzL$=eRix0f-UAR@(sp;FEf ziHAsC#?;5Z)X@jp_mlMs+xen&&NktxaZAX8BXZb?fl|GjD?2g~$!rBE5y{XGEgRM( z+usAykqe0t5b^X!7z!zR<4_Fe?-H}K^CqVeT3-lzLniG;!XB@`)7IOLXTKgCVC}>; z`{7!dt=ABL{HCM#oKYIQ`y;%zXg_W6*#iUI#6YRdDh>Gk{e9`^GPZW60lXtG5Y2ib z%q$=N(;~RfMDu%BRQTi)1QyV4extY^zS%ERXx8?pfl(Y+#VG#$>kJmnj1%clZhYTT zt!q7OV5(MGzmy(zdsy~kb^R=3aiP-)7zwbF-vffCSExu7K817$WGBX3R&c}#N>d;E zNh&UAqA`dxdK)mjlzY()H_KT&^nLlT^II~CIp{a#48AxKjci5 z@B)7nQ#U&(I!173r-Be742wz-7I`9SK7*GoXhy;QmMi9m z!{Re2f=*2>##`%!dI264Rh5Mq1RtMPh-ef-NLawt8o?iA02W=8d&7j~LGt2-hNWcQ zFQlTyxGG@M3zRa;g{KGg^az5nut+q5Mn<4Y3Lg1d>R}NP^hh05EY{&*V7>ocdlH<9O){ZVT1_oq?YxRthtJ6Zd{T9tIc zY-09IHDH-b7~KTSut!FFGtKOi52t8x>28AqulEHwTG215YUcm_8*}i|4Mqamb4F7P zMnvR1P;DG_80~o=+M~t0_55$LESd?fDB!j4KEuIY|8~_X=RXx@{l3za(_y|H93U7C z0`!c1sw&lvxix^j9Sxq0H7k>M@Se^ExpAWgassdvlfx#6q-4(G#x)}aH*e!(Sw=Fzl?pAiB!U<50QrW6@#_PN`cd}Bfc^KZG% zWc})}+#J3+Lv^Q(hLVZ2)pRkY+`iGP)sopqege6-l8BpW#sw|Pe%}Oqdbr@jT7wReri4m#5&JPvBZ$B&7bbIk; zriXi-nV0RgC1r`o5U*p8W6~uKrBJ$+3D5gM9et~Re^71$q^^v8Y*ynfS@v;LR?H^T zFE^<1O8?=}B^(?q@V2+=D3dgr7YQ|*IvfMaqTHGj$41A~S6M=zjm-f4m32okJFmwM zdXfuFzPNN}N3{C5O&T}pJeXatPMfV`ThCLXc6LsTl8sCD_Mlq-C+)DXd~_DnO{S(C zbNZ=%+PJ{?;g)%;4PV}gyO|{J{j;U3vlhU|NU{aShJ+8t=zrX}%JF;511LNh!tO_G zWY87b48V!$IB-gic6qdDD7ath1LLksNFW4^tr6Ki|MXFyx#DXL+t~%cl!5_o^98)o zEL(Y0?fw1A6}UZdla+=7+zz)FyWySyR;U;lN8^f$is0Dyot`VHL&2g!?RIDv5Ms|# z>s%VJB(_L8srxP|G8#Lza$>T4I_W1YUVh$_#3}c<$Db*W#&HyN`?rYTFoRVw_t6o9 z2LQ8EOfMe|r7FDK9hYz2{CwQRv}fn&(8IocN`(YuHOkSgFO&u>h7xf(nw8+I@iU1 zyX&~7xBJ#eQ1oBh_5v_WOo$Q~S%Y)ySXfSXrD3d6BFQ;cqo@n}dR0=NQC^}V* z8q3(^BXlm;Ym{EX5HlHs?010aqXdKSW!Tfx!Ap-{1=clrvG)g@bCPTOKch#SeLTIxtx4QXO>BD%PjaKI$ zU?Pfu{$1?|MQMe|N04xGXlCijBA^f!=pHNJq!}SNsslcmW9NM_=mB=FL0Ee@o}v`p=Ul3cQ_i{klWBQv3us%cUQ+H*<#Amqu8Uo ztu8td(A<}j23J*OW+lEvR1hg?DH*if+mgoL8ITSH4Sjf8^ZoJ!ii8 zWL%iJl^BaP+I&EX@YF-)3hWTcH8JUYC8KRi*F|8-WP$2#vZ+J+rBy@dY9yu%x0Ko zmF0^Rs&28NMRRd-GVpzZ2Wgj!#|PA?}=VZ(x$udi88q@J?$lk?kf(2Otlu72B;JjU}XOvkHjw0j$*HgD$P95duK0`QFfY8k@X1~UYL--Xl_0CTBn9>)YM zH*lm0xP09jF~YvOy7!jV<+j)&-5Ds&C*iol1bfAbD& z#)&9!lmXw9Hna=igJE(Ucq=~uFFd$Z64{|G0A#o9uMh{`kx{f|__NO|w~)jGcoR2wBwd<_ksi*#ryXADmW z44@jns&CPe0n5dZNdoGj0*UC^C!|IvI3RQ2Tn6e3l%f83Y-Jt-_8=Zy^w5&*B-EUm=8wEE&^7#AY!x+kSO zB@lFO|IUtS1!g?;^ND5`jjO~1f{)h0k7oceu%@UT38v!9~V3iDBr^4b#_Y8*j17n2s> zCXf8;il>KTKi9JjMT1%k3?BgR5MHOIk~>na^Huatz8npPfI|V8hi?24Gr1}V^H<%m z<7{A<*`SQ{^sx+}-JK~}sMI?eyf^tZLbn7CmZ9Eo3GP7Krp7}yg%_metauNm@sub` zR{^}!Z)V+3br=}HEalh*aP88q#5FfJpsC&_085D_zPR*ZqD)KHCyEU+f=kZ-dVwjO zs`c^VYB`)&h%HCZDIacq^Vs2ogYXui=9dF)t3BX7?|gds@};@aLO&iI)hi44-7#5j z9E8DT@AD|SB#bLhfTfTvSMPq94=l`fQJ`=6c=b3-y1r1=r>W#Sl zq|buz*b&Udn&11kcfAI2QKVQCJ(P1hf6HvCW?QgMjVak{Yir9VSK9}+U&5s1nQjo? zeJPql3E#>)*A0u^dODR7FAka>8jyM$jUzTg=-ccVIt$nU{Vo!yn`-`xD_d__cLI(6 zU)vD{(NO^MRrLeA(SREk3AVnP zA0DHKosV77R7FWYs)|s8+ru}(@!}-h&%Pg?kNJBE7rk0K;?i(LH?#)D^JH_-EB$@` z51RVXkc^R$8gEI-rc}?%xyx`%Ce^KtiIC9lEvIXC20YTwH~5p{L^4llA>#`3*6G&N z(njobyLUXa6K56FS#^MLO@xHRVKmRW?;ONb;-s`)?6zyR(cfsLc%)MnU= ziF{d1eC7@x|2w>6CRBof>USjK)WGzbvolu8Cd8-qLMn+z*|ECkFeHu+jWjkGjr!~q zw0F(secDOFvYu*6Wy=YA@xqHhMMnmLh5c_k0Iu_KBDc&L(#Al-aPf&E_@2V1aI#13 zTZHEKk@^VQ!E~X(ANI3S-3+y2p7(;35?+a)6h^qM{;}1?rT1IAVDD zrls+cxH(nVYjyW)5;BRxV>Prwr2<1#7#;Vrt$ybh2GxX@05cZYY8QaPLU5vLPZ+d0 z1a*(#+Hcik$AuCxqiJ0k0s>Lw(Oa-R;v=-NH$#Z7TU4`z*A&0qCz1?_)1YosW_@m< zWeF%nYvdCW6b$p+!`%i+J6`Y#^N%@D?@@=R_Zcn$?wfD#qP!`dPH*g8277h}S>>L5 zENmwpBfiQ}w(#&AocvZyiH>5h8dT3|q+0cn&kAUa-77FgqsLsA#HJF}E4=H$#Xp^R zT4-#S1eHrquvttDDP_~?;u0umWys2v?vAGKAbHKX6J z_}*?LsQvY+pc0b($#H<&uVlz;WQ>n8I=N$moL5$s=P#)*i{A%kBq{#3%69r zH1w=X5sP)%49f+NaSrELZr|o4RAnrDB)-Ji`4nVsD00(*?C6X4R;|6$$xDmX!tLfv|_(dbBP{6I9;v285aSMVlP zZdOi9$^ezIct#Uu;c$li6q8TzNnP$eV%B+r>8ds!<&=6g9(9h)l6dn(>28ZK3X1h? zxDLvcM5efl>Ql~&^0DN5*8tMg%6#-II!!kaQrHJpOrwC6o{k1hzW@UYb$D!Z&;>Qt z&W{hXuTEWwhngug;3rLCw}>0>0U}|>)^HBz*|$|u<`VYa#kjjG+fQdu33xNlk^;Iu3i^Y^DTf1DHq=$R+l#mW{BC`uh4`!-+hoAWUG9L!^O9 zp{1%AfVV3(Cz6jcLw!%=oqggt%22qIw^$t$6XPobVY%xW2wtp!^6$=8+I?xHCnDkC z$|bWUa9t$8yLoUPt;v&=mt1vDggtay9%askyZj~mylLmMcFi437}JBWhi&jM{}zE* z!BUtZPU7EuwVFexZ>(=H?(IlhAmkiN83mx+FW%t z&za9UKCnCfw}IyMwR_-gcpX=vE^WDn!3qmAbmQtT(stm8w;5$@tV@5cI#6^h_4o3^ zH}IGGzCH9tG3BPZ$zMtGyGJ9VkXYs9K1E_aHXs#$3=G*4KU5lA->K&Jfth5Z(2FJ!TA=OcX`V0)Xb zfwXq!X$Db@&IG^9W0pb&&y7!WKsB-e$~9SM;_4h1Jj7)!Hdm}do-X2EJ;Z0z#P(YaTFFX*HDDdquXfovNd) z&b2${^k&Igs@q1#i~^;VI$zqc9N($7rUq}Q>7L45+!XOR?!Fbz5w0)+fJ51eH7a6C z&TCh;Y1lDrRMJuBrOOkrn($!AZpb68{zx_lGvC(yCU9vGU-~tle#V_iEjtd5W>>` zWIt6nAsfetf)dm-S!C=2FCn;5T#iU(MFPN@FZj*t!g=i8C$HnV9egNEMU(d`9rG&H zij`bnPJSx;aJ=;h+XuocW&)dIVXGP+$YhzQ;$f>KUh!KTK2zh&G_{<;o$UB!3iKZe zdUpcU8Uhe~(YM+43h^Otlfqlw7+WR3zaNxY66pd#!%u`d6I|<1WqqA|m&a$v-0kj9 z$v4htP0u{K0O${?a+;Ik-!YRU2`H&vd0>D(NnkSId*d1c8Qjs01&2X0KiBc;5U(Im zhOamxk*UM5b+)KJ94Gvz#!vX6I%m*M zP;(&_Hx$}CJe|UCzd+N)cilL(U4$59z-JdGIio(ZuM-YQS_7+%$G)|8l9BPYKnbS`fRtd>^@`Fw_6CB5pz3KgGC{3AuK zuDvF%q&iF|eU47%v>Vs=!}?o#;zbZ5wL~%hq3|9B1Q8Lb%r0h$Ow#P=UeDT!$&da4-}2hlMa$&nD4Q$6 zxvk~bKm!(*s}r%mRrjIS{B+}Y4US^pV(@eG@q_!|0IyohZY>@iI4%yKt}vK-@Sf#q zlZ$c>vxbAM;~K0=`pfgvQ>K6H$L9X?q> zE?k_tuXQ+M&L=ImUV;)bLU=}?i6pCOdX?PV-nglWmw0MiKrNISl1usfU#Z~t@7o+S zpYP^bKsAo1ny>h|wbI;oPBa>wC-oo)edk`6I){IOc@^%$(Z9H;);TNj=|SAb<&2x% zIl5>fQae0snPw~oge9p_z|2k`bR<_ac2yE+laZD&rw7Jmpiv?;4TP{51qKwiO(#n3 z{Rk{jZFzFEw=D6yzdn^+I(h~g&#%~+m?5$;qzP;3YJxu#V1bKN#FTmoHFic;3IA*Q zp`f8`GA(+nfe~H6H<6^U|_I}SHRC&@*;{# zAnxD6Vs-7|V_>K<7MSa40nlu0Xg7Ll@%dPv$a3CZdZVWyztmEaONN@N4u=(946vO= zD;M07NS96OOT7A~Nm+Q|vj*2pTQ3;}zV6m%t<;5)XfQ1kb|{>BFj1%`0z zPd^8;9!dP20xMg@fL{zYJ9&@=79o2#X_BI_W7)_ z5q67C3bzChtKr56AjpRZ(XCI1b6<|pA?NvrYXCBt-5`{O1o?Zplnkwd-GpWUS|H+A zC3rj3+i`Re-Z@r(Qji7UC-Z;h!n1pV-2^m==TLQDDwJa7!b?Wv7C)Col2t6MmNrR} zoVt?o+YWdn@sh!UMHh>+B(t>})&kmN&FGnF-Su5vMS+3khj5eauGDz7m*%1t!o_5n z>8(NS98;imE2D$3!)iPl!O`*+t?0~;x>{Y&+Gn*tB*f?rS7%lj?=C#sj`d3@<3WOwsYKcbm4wXjA9|uZ`O&mPx zxH7tkoTcJOQHR>uxMPl(hl3HA{!9t<8ovK~7jcP4+v){E6q;j^=R%;fJ`YnsOYX&w z0*H;}Sm9lOfL;9=;WFuPy|QM56H#QhD&GH)S87P09!rm@pg1z2i;t%>~mFIQABsi7-{GA_B(2(P))YP)H;-(kH~)u=@D1Ie(C4!?jxo z7u}j15}RI>nT*22b)fXEL9Hw6c!?0HuM9Mkn+HjmAFU|Fp~^?|cw%Q~CpsVfeh*O2 zNzO-O9svAPei3ahtnm#|J(A-F0>+MI^fy8ab(jHxS84yWUuQVcnh0VXLYMd7K=^VEKX@i6_Q%%DkA2i_Lp@e71IxvRxm<%f= z!*MxL$4$SvGGZ+x+|kFyeqK&Oha_UF(~yJmYY_pA7m7jyWqGa9A6MCLIH>RXt21KC zX89`Nh*;4LwfO~vJ#DLbT{{8J{>x! z1zM@PXIf?cd(eEYG3?VGZ6Q0t%UInYgv^oFyw6uh=8HfN;cF&gcpbiwOcsK0Mjk5S ze%>1qI0}H28E3&c}GZK(6XnG(RH1-U@$!bufUFA+f zgyaTZpU?$mE}NRM>DmO{fz2KlsJ|cuFUAUdT+q{-&3cR{tx^Uypx+2zVxZ~IHoERJ zJ0B+n6PNDo=c&(hZu(~XI#u$aKP;J+EQHZP6ri*kdP1o z$?<}li@=u1^m2ciWE80)^vHr#Oi%Se0~PlGH}`Zcf-_v3{`J+)sC0#h`Cs%-cMMc7 z>2JKKmhH#HsIG{vJ@_auAX8OFKtjMK{$W0my5|~T5P1Hl{8fBtk1}QFSk+~>+plB< z_er(*$Ahl=cHaIDU^-UvA_}h`QA^xQU-i=J~WN?t9m z;8HR&g``b-vjNglXM(k6W@cp5!VC==`Imq%63Ah(-kj=%j=O1(l2Dwh8ZTlTu}mvqPDgg@#{Y znHF=rrM|qBk_NVA^yxW`uDf&~5PcR4rrP~Jkc)B@VcDPjrIhzke$=JXpdMMKbRKvN zA^0eQH+@n{ac{3hoi`LtANzCRHqWi5i3tR`*mmS?LO#45$HHtcAjw3S8<)O0UtE%S zEcTgS3?Q}U)D65|Mx{5U?D1wm4>$uGHde@BkCJh&e-CIM%=(cfkCi*QAftFn zgpKrCy*Yx$Jg8)Q8UP`mnwoNdftQ`0Rp|T}JwgWPW|f^~5O(GJBtG@g^U&vmO2}cS zZD`aGJqEUE=!#-Xt@=4g9d?T!UZC-70chWT2vgihxrk4ik4s$x;SnRWN}`lW5xXYu`j1BoQ<@ueJv>gaj>GeEb-#t2PYy5c;Hn@GUCN zw*LLyYob!I*xyub{_;kMUA!+ENv%Bme#AlApqFPUo`!dRE4y&5}|<}S}<9>a4MI)z(S&yZD}S1ezR(kZ^ZP& zKd>wlGsY)RzNI+Rrx3SSY7dj)7)=TsaV8D%r1bOi`zBEl;mXt?(Q-dQ-oN3-oiF;2 zesR9Np=-a@bDbjT?)Dw98(xL=x93{IPiiZeq?K4Q-Tyr8$T1+b0(~^uMZ~T3^W)W3 z+C6-(DB|K@L+Obod-&0TiFAcfln6*=w}rJebc&MyL+Y=Oz=KLK4rJcwEMTTC|M5H* z?HmYmwpJ2bBYVEJ!QqVFMTNyyng(9Uy8l9bEZG&_@Vt^^u2;fUi(om&wIMc~JAcnl}P^QotDX>@~fx8?n2q7@*kx1RCMf!kt5=8pV zK3BK^QA7yxjvn8zx;0SA4v?xzrjcR(F0FiLr>D$XKzdDLMDprF$Ex&S)1Fw`d_v9o z1t%O3D$n}?ydm)}DLudn<@gVQ_!mE%3XUUZ(8W($ry_)i!9>lh3deuZjD;1%!_*}S z`kSZ1Qp{b2v?T8;D&>O+PUogxOtOH+jwi;hF|<(Q2^aR}n%dg-8IwJWyM$O?aRjUC z-Hs(5;_#Y9h@r^8OtJN|d7;m1UqYWIh`f8hK$xIe+MUV{0BPS%IE^XJc@Csgh5n88 zbL6!b^~f^7S)`>|o#r3k9hjU?0z)i(nDse(x4xI9z6?#R?$^qA!)`^>Vla7On7*`K z&XyI3*f`Oe7ZQlO?FpIbFZhzhj!X7n4cg&4MJy!eC6J}0SxDB) zEP-bVxm-w^DM1<`V5~w^ zt`0Yt7XhkUhamcM7Lg!{kQV?Y7vmlR^Ln0HaO1`X`Y&1Zu0y?nR^bA1CNOa1W%5}a zQv#6BS8l16a$27RHLWiaG!Hpn(k78bH@)tUX-vd`UZj1}qd5LeJdOfMU2-jnAg*HB zRj|KfFZq1*m_z{4JAj?t4II0q`M1Z>%WD@uCtP*)v=X`t_Bhg<{-unC9|>Gj5Ao3< zc&y=s5|4v0XXA8_H$sv#NG&jHzS$(~wb}y&XTok_*PU3$J}2>1ISJo7E?Hmk%r^%} zD~PFW!X9VXCHk|p@xe?>VJtN5{@Ro`7-B&#$-xlTP2y}k5YnzFoKW-zHFu>RXfBi% znkEIuE`9g8`*gZN#fR?q^zc)VNd{qL6&()_VG%rsGxB!Aq6p}aL0EO7vIYcQ1|W*u zKmt?5dR$Ud>_hF z;gwF&XZ4{czH1AP;;$TQpXaqcV=8~A355XURw-@oa$U`snw(nXVB>_V@O7VMFaC$I z_oz2w(S=2ZoMrI#A^K^Zt_2|E0WH4sm4;lG->NhG_^e895r8;n5&Q zi~L*N-Y#(zOp0(IGU*u;tzZ&4=<6nw;EnIVypA14^BZ+SE8|pngUHsS*0kxCSb)$M z2d+RXZENVSe7(ub+|VWE%ied1foCid9b89|i901ZhmSSV3XsRSpgZ3=7QuyEgw-`ON-ZxmTBseXU)J^miSMu7x=*tL3i#);zp41K1b* z@7$lW698N=7;leYXdXGNG3e!b^+=)p&)pd}>OOU{lCCbkNSsu!QQri4*PellcJs4h zhPE4i7jW@|xftgwC#?L|utFfM$lS)N8v3opr)%u7$}>SN%=UZm{t&I}KznFDl za@bwrdb*H!r3;snM};6YJjz5*b#Z=ke~8z8P*K?Hls|3B8x|puU4*i)I^JmXre|PI zRGd+h_L7@reAu)sRT3ez!aswF-zjVHY0xeptGZrT?c^Rxna_e;TncYtL0ue=G*?e;VW8Z&qD2U1`))8~wV>-Y-c6-;y{9ZwD_00iwge&bV zF=eCtlY+X_q`1|G^ydDG-Im?=8y5<0f7gk+jkIBT+vdu*4k0hngv);@FM7^O%b-qW zebRy>?lBHzW>=BqB+8Au3y0ruH_*`Abu;4P8`b-r|q>$D;CDPpWuPajatmI~kgT65%g$%ajt;h0@g;SKz){~O+T05vcW4gx4l z`Jf+!p46RZRAeXvO|0|7QG%FQGy~>d^Dq|N2<^)BNo~L=AzmCm=!RjFmqWAHm?x>V ziyHVEtxkmTIRS{_RiTyjdBj?;&oX~Mbf7zB(r+yRPvj?>8=tMKG(bZ8zc-Q$va(Y! zWLkYnAFirEq;{tG(@L zNb$IRBgFVJ9Ce(}4s8HxFd_kJb#obzPoTv61pi*jLt5V!olMm%|B!4L@o?O*$2^z9 z5{MX{l!O8$Ww)Q!4hZHR6L$Hxh#x$vponOltFu>->!GB`x;VrCf8K^EciA%AZSvoMF(t3k#&^9MN`3v`_mq#0j?UbzlP#(NnF$x)t845#uKgv( zjAb)jpysKtpa!IA%>IAB$kSWvM2SNw{C9Z|NEz+11=ND~lwNs%np^9z!DC&+q~xDo zxB9kIemu_@VENX5aOez9D+0oxi2mOnf0MQ*tX*xKrKzcTJ^y^(ELvJxo5v%|teDU+ zAF@xPVGj$WJOQ;lJU4^yi41=^RD|HhVW#2MWVGQhL@ZnR==$6kOjMiXP>Fi9E}yXx zvzqAZ>8S%{%gy8A%gvk3B20BI{=Es<(wp2b+%2mW=Bz7wnZ_6kM|0^ zRfsu_2bM3`h?Qk&X=x{#KD%!o4{2>abOPV+Sv+R+^b@yIJET{9&pt^xb zH$*1MN=1!W;NU%<-YLc8_~CjWsQ7CmG3~5wuXq*I|DosO zoJHerFBDHIVH&w5%dhDnSJYPsN1^*jcjZf=A*f6Tk&(t`Df!O5Y8@%&Eu(py4?`+b`^bo#i`4_X(N+lN`!NRl`tC7mLNDCd--mnl`c z&EIM9zw3yOewig)_nsu*x$kX9%o^$Q0ndR0>U!(zu|?I6op{>xr3C9t!X&43kODbX ze!K2iE_9lTlV^M=Hp1F6%LVAgKkBau^&9Ge@8^HF7(Oj3gLr*S-zpvTYUX{OG=Sm~ zkmU!CH{%-=N*li!(*_R?Z$I#@D0i3>-SF__aAN-V2_4xcTK#|!>aGD>q0X%8bH*{{ zCdS!6-ZZov?n3{K!@yDl2p;n{FlK-Hh-((Fl28$7v3yokK63lVK$Z6Bmu>oZ)Xc8g zGv@xk`Cf;uiFtP2mgp;`QK7|Ae45e^&DyH?hiXKj4acrw#rOIuEpzubZ`Q4WVg9-5 z2TZ~h=B3}L1RE45oyYR}`bX{4G0|@4Fhzm)H}!uxWX~T2-taMr_~3p2j(ui*{h#Y( zZ&X^)u+FR$O#kmslQn6vm%OJf3lM46i1*Quo3=3Fdx)lM?e&asuzwCT``>})@b(bY zNovXsRI@;PD0Hl;gx=K#Lkf+J+E2E(BtkXi$vmn72uT0G6YMLVi+8I?=E;_pL5M!Z zqRd9hJeaY)kthr0S*jz$?fUz?BKtpoKZn$t;=_1LyK96{`X{9q!dPdeT@I)7?f<`z zaM$rucQ++ON0->JA+q|CKZkbycX~i*ax$LK2=7t{870O3xp!_MM+^3UxAT8zPNb&H zdmlExzaseX)rl9l!~ZK619vESsk9`7`ZVm7Gx5;*rq%N``R|~e<*B!2>09_2v-+k< zN=wCA;vSBjrJWtDau3vGK2F2$J1w@&NJ(nF2|GLM6*D*sfG zH4XoF@rg{*ZP9>(b|!Bi^LjYe@2g&Ym5V8A0V1QjbYmM#4#}Vhe?MKZhFrdYfRl^- z+YGtx9TsMDTWm-IJ-dvs(!*_bIn~}|+H78h|99G@XJDSg^K@jil0-_-u-!wgk3(cp z_fIRWU;Sj^jz+`4VLP#xQLa^6-2=Dln`g^cOkMB4WsS0Ko>JmeGT<`?c`?5 zOmuloaGAVbHu^rMl%5^aB5L$FKJ+!&r2EdLQZ2@^;cC?5AKw32>W$(4`F{WI*g+(2 zto`*Df=poOnE}^Ls1u(3Oe>`@a|GfYqv%$uI|3T4oKz)=Pox#^FNK{V^B3QC@;;uq zcBc9Ma{u`&^vGfEmzE3#7M8e`+VfMDtIkKesx)1H?SI8}D19m(I&)+8?i~Oo{oT<~ z_Y(_?l@ucL{}A<-VNreI`mnSNNDd%KhYTQ6(m8Z9Lr8}pozfvKEgjMf-CfcGBHc(z zcPrhzo8S4L^Ir3j3x>V+TF-jo4)BL8?dS?k`i@g8z$!}^6PGdRLDr{ZVr}iKQj06j z&)a@Vl&79>wtRp0)J_D3W~Ahe*g>xF!C%1OF>%&d$ZgZFE3ra5^V`=FO;Z>i|M4Pr z{P68rpPAU0JrEBGmSj%b+dlKxJe?|7k*Z^dRUM}2fynz@h~QFe1_fYcPVlN-;&YkI z;5lf&)KijX%fE#pUGe>#+I&;E=HV zO+Lb5+&vccCEkCyTj#wq*w4P6Q;dm7eE~cZb;x3wd85fCuWg^%O!LX^>eAv|k_7q? zPzL<>1fETXy8`5*ThOS}xu$Wh!O-eLTv7LL2EO+i|Fmu9cX%@>_5peZaW7wuSM|W% zWXSu_>*e1S41lJhJD{{!^sA7nWUBRGfk&mfj2bpu<;V#bRAZejwb%pf!)i4C;Xzib zBhK$7{sC9e*H*)CUGm>sUr_(ID-#WHE69esqWRHb#@o^z2Ww&VYh1I9GP*aL+x9^y zN86ro(~K>p2fY1*S@!t(x~m8Sk4=V~m3udf&7A6R7vd4Jx6`DeHH?wu#*)Xa_XVK@ zMjcG}4aONRgN)%W*z?>PbH2RYNyZN)J?rXXtG&k^1itqA%Y|Bv`uozx%T&H+2L1@6 zsa->zwvR&kEmc8)4D^d-rYk!S3!8Us%+lb1q2UXsd3a~Is~er~dg+GuiF=c-pED%~ z?w<(PCA$j12rn^FD1hrJqyvt{bfD9JCX}lU{u!@?Yn2bv!bVp%0h#T&yYaQh>$u#C z))8OUN8;0E?`@^|8Z)xPC7}?2?ZwS8I`3Yng)!#0t7+)1orjgd-x{~~`8FuI(P)dk zS~)L^zwK|=>DkF38{D|>1qUvkzXke4n0T9_y4Z(5p_FTEs=4e`ObW94drSHGp;>_Vb)v-|~ zZCYWwHX-265SFl8Yo)ty6C&m5p@7eOnio-m6HZG$x4sFKwrsSRp@2G^hfAV!Rzo=% zGr60`QXWTJPpiMTK&Yi8$`r+k0^>}WM}2!yMe=J|V%|Wb&akF>YuW*-- zu-Q5*koT>N(oNYfnYGVVk*%zV{Hp(&rf6;GK_lq*_FpMi*`j~wO^1JSBP2d@(Eaz5 z{BiJfP}hfqE#@?!3DCTc{p@PX2zba2E;>;1WeJ{|tNln+08}E5Dzy9Y0d_L-(?_?b z?wsXy*yu8%or37}p(IP~&f3LAh7!hCW#VtVv{dfYBb3L$6xijrL;>EvTI!(QqS1*V z+D0JbK0{Z$WVd1{7^ToJ#|N7!krqK5r3GTiBY}nltmpti?GqEW^-apqSIn;)utr>J zB(e0oMPGOaP9*^(J3z0!ZaxpXioJHuiXclGBgN9}o za@wD{;BX)j(+2I{UoH{jzfeLrj9wI7`Toj7GS<(N|3LB7ftII&k9~+lrbVepqMRgjCvr~o)TK=q| z7TW+IP)>w4O;pmxREDSoTU&np=T&WK^SG5(S(^9ef1(d;%rO$#4+W?7#=4e#Hu_Hz zTlUJj41MoHuxds|xalnV!cvB)=7ECuBVWN=Bbl#kt41mXfFdIV#(p@TqDpQbak@_S zKd(Ci3T0Dz3#R-tNAld+3T1 zc==Zd1mIu$HILr&yM6S)J|MxJ@Y&TS-(sDm2R*P0`}Sx1C+tm=HFAfy*dV>!|86B< z)0F-Qen*veyHaaz-p)IElJUyC_-iqBAo6_Lns43DiZeN z?XvYdV+WGNI@)uc&}Ed z1(FLkpNwsw_*OjQCZ|t;BT3PkB>1~@_SzmwzmDv*Va;xnGIN?4My9g^Hp`3Ns)_i0 zF5%1eCkN*{_M)vME5tOQYp@@y}Bp8Fw1!6Xzf(a8K~?@SvlW zZy=LYOCzn5%qnLh{7{u#P~B52v7f*14jJoiYpEBwK)MJ59zDEk7vB9&n%g0YPZPf> zW~A-=HXIMaH=4!5zgh}jf90Mf5Nke!5_vk3&g@)HM*;y+zSgLw0Q))R5BLf++;UEqvq@aX8S;u7l$S$_@5Vg0{VW%gwg&wtik1IZ&Rn~>cB&$1O zmq~APWORArM(5OwmrR_v9Ce$%>M_7#Mlr`x?J*%o^83<%J~0ykXG{FLH0dKPcb?gB z>cLRW?jMoc11?f<4gGDMyfoNuI5$*=aSq5Z>x{3Ii)-+MXr~~Mz<_2HANx+B9!|de z)N~I?ma%#nWnE^Qgsp(-PLVq{!wIc*Ka;^I4(#nDsxb>f@Px5Rzp)qc4;4iZH!F)4(Ih2XKpZ{W#}r_kGl%W3#L4hFLq8`o5|bD76~C9D@NL z7@-~+QsTc~43xRM;y)`z@shhK<-QXfPG`RG2WJOJTmIrK3-te86eT%EDtMS~x5bzZN;(+rNP;&2*0L*@uEBVD;?xP8g0@@i! zQFnk|6?TYTn;2gQbT%NGis?LbXjTS}uG!7sUxm=q)Bn>PHh>3TAqzTDv*oj9YyB(! zUc*Tp0Pys@;PbjTAUMu-J6__y_K2pcJvBt`_Wp*2wfsbtf0Oj!7XVafJRV}5V?SDQ zrXd>`STFa*Y6F)P7(8L=@YDz{vRcOkq~0miHv{V&U=o6Gy`l6BrKr>Gv5cl#$lpEF zYGqfm*K3d1lz-Yh29v(i5y3j7B3S|;dVQleTR$TUf znto@wgeo5y0bE(a@3*a*^rOz^R)v7E)LJkgGGdV8FJAh-+yY<^)LH#5p|y89-BSAW zN7(CPL%RVOHdPM+ew>Od?GR4RBEUA4d7o0`vsU$Ifb8aZ-Ol6!@ZVwkMDW0xwE5XhJX>I33)gw7rmvX9_3_XW2?5A zud@Wf`jQ}2I^P|#2bux;T)62C2=x8f5&D7sfA#_fMAmSARDNV}QHUE9OhKZ#K^D|? z=CDlJWBp0DoqicQo1j}nJd6Gjc&IXpN3 z?_ccwW?>}%hDH3piy-j7i;zs_nx5Z}$;15)@@>cAlNI=#oJXFSl78$)Gx9k+)qXUC zK__)Btg!$(#*RB!g)^-|6{)S(7RV!QTw#NtZfkV3T4?*DURyBGbGkQ)j2g}t>4h=* zBsRi9U_smt`zhNDd?zsXUy~-|wIjEkuamor22*ajM3M8;ZegIKPXNC4l2$6l#yKEJ znPG>)YI2sKTa#AjAOKCe5MvMlKEx{J-OXbPNZTrNUUXN$(jM*kO4ypzHHfAE>8f7GY%h@vJ#4 zyYqEF$KZf&))+@;jpgLG^K5CT{%Yf4mPo&0$LrCezEt!NEMX|ow(nk46o?4C8-W@` zIh6u($G)fNdG$2Lrfh*UOHNH@P;Z@fMo?IXuuLS<0tfFS%ukI?H2+&;{LEa{hrndutbI?uI6WOC z0pr#C0iiuVl$w4c%3?NOfrO({x6zLI)?e83Om;}3PK*=`bY3lgeI;FcM8hHuy`IHs zFzx|8!F_fiOo3zDtAbYzv3(?z^DgN?aF24JVYZo(%tmZE-;JMOayHETk%V&}w5Kk*FRF8pzfulYo!Ayv15p#*9 z1@rOdgaBJMMpaEsiXOEJ>2SXOzZ?;0rvkO}G(k7P_UN}+Y(aF|d06Ihd0r41nyD6y z@{5w%cx~BBH(t1k-#eP*^U&0= z9(QacLy(9`ZErFDBP=GO5(%rQG6pH|DTf9A!vR9DBw1W6wC&{1fYmlq+@~tWP=GKh z(0}47PMB$tELaH0Y{n+nzrYOg4>-MRa<;!GJ85w@_z*ojEbr2qw?dtG->DcWpmFsH z444H4m%4w_I#l4DoD7j{x!b*Gga3qmd6<+>XP^ zP$fkH;o3Y-sBG@Zg?@F-u#;Isr;5EdDLUtHjGoD@$we6ocsI%v1pwCAYXv zjDla?nMHgL4;w(${kLpEFDhQ63_N9hKK4K%k2#&R(QM4rRIXFO-cn7+v?1M}i_O~` zmE(oAU3|c`Gy5S{MAA-QI3orpW<-4e9`u;uC^duPsP}EfU&YmHA zd3mk+NdV$ZtRyhMY*|unBEK*DGnLyO6a!Dfu25OQ|MGF5Eq(F~4g5CkrK_G#lkGwy zOV?!y4-k2Td)`OWJ|(D}@=l-7KXf+_rjwu#? zHg)y04cE8wd!qIvr@#{Wi4yO-nQ!<&5QnW$afWATo5Z>Ix0j=}pT~2gj8lXP!~s1C zqGCaZ69Aw>s~V4BP)JI61^G(Oulf%vHd7EF2K6|=$fI~F8lSH33MkZZg!XHTvvaSJ z6#;eGyQ7KDqSk$UXN}yLtOOY=X=kxE1^6dyI68k9!jgWg207^KPstO0?>I^d;WGAH zQnh~jOXcQ9qqorp+bU3S2@by+Ey7MC1--W*K#)vrofKyulkIP`y z#w8U)YhxrTm!{#3EH4J)p-2=n@ZkUN>CuA*o`G~K;IMB6)5VU?V%~T>O2IB07lqAM z{v|}P+4e*s-iqAW{h2SFVYqzXqmRn9;VZ5{8tiP}Py26vjkS`cp?7~89g?6C8F133 zPTUK;c@vYTp869qz*8$1hWF;`U{+q4tAL3JatWqm>(1`+WWS5{IMKp%yj8Q&O^Sh$ z0|4ll%`s?BTj}P?!_leD@O8pLN-yxuhUWVUmvp8- z2~5qaNJbHeMsCnvoNl4c3o6yJw^Bg(=tKFQm@kh43ghAJvmANTEbJ}cZYF9I0? zy}9>m|MbSR#wWbPdB!Y!2aphiE(6DGbEs4XfF9xlQk=-xkJdVcWh3xc2qRGsWHbs< zosTUYHXMt~t?+%s4{i_zH@o8Id**M9sEJN&7WT>kIrq?{yR zD>^_5Ua70rGG+bah7Ibel=;iPuRvMQ#>8;OEQql2H2H4$Y1xrO6!@dl5R16|tw`p; zDl{rlT15{B?ipht(@F^7p!^>W5}5Bm7x04)6bHhcjAV@_6%_so7K8?WA|nV45SfM) zv2;uW7T(D9oPo$QPlx*{aE3E)c-D6J7xWUl+BZ2^bWV}doUX`8wk~isnW_?}durqW z10mpyKoqr^4lHUkKoJ+S%9z;=L^xo;(;P62OsO%BM@=?KtpS?+KnrBH3I?Y}>bk;p z+ZxVE5RBSrvBnUNAwN6e0fNBKYrf$WIiz3TB2GB3FhzlU?`Z%cW-3`5-~ZkN`_f4Y z=}R71UcgcUPS*gJywm`5+hFyu3QL9E4l(WiRFW4kmI@1DWx9t_n`*)wo+_YX_!ue{ z5hlS$G==Srn$MWR^L4R69ANQXsLMQJ)fK0iejk)6_yF=ncLqC(KBI25kKbBi9$BQpe_cn(y=pP86^O6o zd_l)G=@aR#Os|Ulo|;_DvdPIGj;?sp=D+s~TVsct?u;{N`FcA7L4A+m5CDzdPe zVzNM`8fjaFaki=KM)vty1T9FUoTWe9EeD5DuV{MO>n#6ceZ!x8HXcC**O2yE=Ma(Q z9a&Z!K2_&0CfA1Bv&wNw-;AI#+i_%iKKNf4ixZ3wrL!Z=`hNMO#j^gfoc6!AccGYkS_o6wON#`$aH z@d}c#x7<^6)ym6m`Im0!W1{8~eJiRjU0PqJnvet(cYA2z)r(#x&u0apsoruSO&xs| ztrvcAn)_PDduK87=xj9h)_Iu?gP68Eqv+-}iKq9uzNdF0S6llDPFur7n1Sx9Y$dB( zp5`~fvC={Eov%*(f#L^dn0OCyKH1iUJsG9%5Pl=fOuUOso?Uh)kA|0b(3Qluv|WDB zyVg?!nN|YZ31Ba+^hjv@ylDuWL+)V^Ns_R<1(jwX$<|oIT?XRcgFc`hmaEc zp`b5Bob-Gf;$60$F2%wWZd0tSK|y~Qwq@)-?ruTNDx&*NvN0C_x#W)hZJ7`@f`ZR0 zP@l&w6Wvy#ViBI9b(j_@USqXU@k zS54&WPZ3uc1>kApx7Quh+@lvr1niQLb17=ihY_%Xns@B(`&&h;Ch)q!lFwa!E;F~6 zb749_%LBL=pO$6kCHU?4X0_h+r78EI7cL9i;^&%+xgDCz`B__n07xO7BvY6!CojKB+QeldH6gsX0fg)*?(BHp$)arMc)NSq1HFVSEe!nk-*DLj_+nOW0a0$Nk?_!*2 zpWoKfdzF)nJ|RM%jLoOA;enW%;Tf?Oyes(#1owze1r$JnHzMRBfFvUc2`R%et+j z{}(XFfZZh0P>9l~U)+OFWz~9%e_y|ebYDH4=%elV%_n(VvYtWq%CVKzn`aGOgUSf{ z+bdlJ@q}Tkc#Z2?AE`!2xb0+j(B=Q)o3OHGyfKP2c}x8#=~-u{fq}6M z8(RYlK14{nC455V=sg+>Ci&Y`epsQ0+fHP=fqJ<;MB^2{#P8RyRqIoV)ot5RF$d|j zv>2h?JeEsKeDf>R{+ef_1k`n2R@JNw`|=;{B%S}>reEf~!)M(UdHefEV2?UrZttIk z+mC{o{Wy~Sh2nL>)(*oSaX6hMPEO%L?vLo3VyV{xY6lZ)lBU>L8p7v&KgW#PP6sx( zNacihWK7lk`hRD{or<(8?&$-~%}d0S(lG#%f0A$uU-EtQzF7&x1=Ml;THD$b>X!jd z0Fe7fUlFQB1)SD;UD}}sIX**k77ll>DwNcZCg`@G^j9-eciZ8=*^a^Go?Dmlwe^-g zpKcmw8$2G5K4p+i_DO3`HB#V~k&j^?ixb(krCLWW&;k)WHBK{unP&s0ItCm3m1Ry`|atMkSQe@6LG~9}IeHfe9 z4`nT@mFosaVnq!0sdJul(zn*lCPnf8c{|-yu*j$I!LYs{ugQt%^z)yCqDgiq&(o|| zXX3Xl>gAv(ro=tZ0CMw7g~7!4O~RM!IAd*^p?S$83K{8Dv-tQrVfrl7T?3}XFQ^@*6JLnS$L zU{;;rozcY=x42d$zKIu}Jh{Gx=lVH#@f`3ZkO;xaCuY@wSy)&^1;(c<0^U1?RK9oB zKW~3Vp8>LI{Rr5|e21^-`N14;6v)M(&-oX7qGv1r2i0OO36OS}`r0?}%$gO%1kuD_+ghSTS;+|3zjfy-rrn>{O*U1Lvwe)LPZQxOkMN_{4#tG(- zoW%Txb+O}$=0p_C2%8{)M@lO_g!r*H4A}^IpKxTV%!r#jk@c9Kv*&A=|9I~epLx6@ zethYeM?#~K{Ewzm4)IshKsNMVC3QI% zfEIWiCCgt`&z%% z9j?f0IRU5;mq@*TuY!TD-DsD=_h6poE!}Z{@e23`6;n~b-83(WRd)gy_9#DbfNZw6 zw;9Di3mO1cu|PTF=3Of>p4j8VEt~gAKjYaTTgMo{%;?z4Me6PGA&VUb59yWh|ni+4rr zZ@gMCelJr)yW~kq+GfMrb$4V%6`a(3IfzE5!e`LQuqlpP@cykcPp2^$R({K zvB#rPf3!RrR<6cE-fs#qRb#;hdhYR2iw$g^i_&?*9-n{53W?ZB8)Wg&KmIDWFu6yn ztCs_|g&C^LQB~5zVSB_MGjAsEtJ2uVV3nOwZ8LRSR~AF7tK_3q#v32kMR>^}cJ88sXAi4nXp4be zT|rn+5>t5q)x|=Q*J`>fMgB$}kb<)~+Zm^=e-1~vOBTn$!Fl)j%HiK5px^NY1-s|x z&*$dnW7!hM0-T(xeA7uuNyax%YOm6fWN=m0xGQ|$(_!BJu`$>IiRe5Kn3 z(|GMcjHC|8q0800G<%x~U&HSjv*u4!x}83gvP3edSB8vHA;+BZ|KtNBK^*|}JYl8A_* z;M*H*T581iZG(jS4Y#9buS{2f5%qV3!^i=;_w+h}_xxaTdxixaG=PNrPb>7~41wYCs?SYuTT zu~T#a@ykCgd_3caNOniVz7@}Z#KhjpW0C>`k>3sz>>3i6^~g9uvaibzL*P6gFQ*TU zc~ipxw?MJHP61(p<}7ysZ#n2V;YG|cR@3?OIJ&H(;ud8EOPpxPN_RVdvC{D+vDEMm zV4eWG;N;>gis)D}S7!B}ymUCWlVXmz>|dvkZu~JxWUWJ~b@)&aDY*F@o)Y+a29lt} zahk$q{*&-CU#IBfU2T_t&}-#%NahV-LQz56^~`*EaZ#V|92h-ie?k3iFa@aWf)}6> z#H<7=Es3TdKT5J_R)8NnZjV|3u4aYS#jjWP&wDAmqVE*g+9ccCJtX2@@!I7Dzj(!5 zpjm0an(k@(Y;U2l(pW&Q*a)=!CX4Xm6c|sGN@6-hZia>*81(`A(CBk>bFsO(xqdH6 z6Q1S_Y5;32sQVuv6B}{?%spC>L&MQSl^#Qb-#r#Bt!yL!= zI4%Vj>wlZ6!!hG(W;Fus5ZAB9MQc`)acbx=+p*YL$ZW9G{gwzTL3v zkp>k15Y6TT(s^poglMbX#6QpAACZ$ObCT9gBEMW&W>js~3{|FZaaIgJ=m0#%mkyvR z6^n$28i0OF^^c~APItb{8BZ6PREbyH8iSQ4WPxsSlc)c_6%P869b+wJ?caMTZ5Li^ zpn^ZH_BsNVerJE2Mq}gSWTv?~k>-Op1|(6RA~Rcbsh zk61Gs2D?014cqnZ0D+fJNa#;AHFtsN=ONgfv!j5vGtq*6o2N$JUoimBPV0FBU<1Nt zPz%Xb{;qzu2V@(DG>Iz+X}P|?)l#|UMq#%CD0F2`Yy&KEV8;7nJ_;OcHrzjEu~!wNY%QfqRzU3+Q?=W_+im__m_6| zR@r4|J|&lV^8EQnid-@j)}mikg$^*afWXn-x$$j6yKxdVyUA~p6h+f-7;lW1C~iK6 zG7K-8=W@Y9pZ^;oA@~>pIv*2&wAPOY+F>vx2!ucD?nZn0J&I@wb%lOWx4nHraPl$U#zZ>m3zjQcBk` zRxg|itkww~n<<9}5mpKey76)GK6P}#Uq@_cL5b72mH)svw5EJ9NJy`}qeFP&#f&Y3 z$Yf{)g#&BW;vhMrI`~S@-CGKa)F4TdRQQbk!9+oB`f@apW}z06Q$HdTAj5;tztRs( z34xrtGOafrJ$XOhnXp@Fun%k^$ymc{W>TUT+2)8k4f3fj9L@R>Y7yd+cr zRT~%r%3=HlY2X=o_;PwsVlgrbM@N5I|9 z#yqmN!|ZC&prxinFg9F|4#0)P8lYyY0S4%(G~Ca*k@zUno##^6hMP!CMF9^JF_d!v zakz;B+VKSMRyY2rka_v0{Pwe2$JWvX@4oclLuUnR|Lc4GuDG|*|u9Iw$t`oe%Z{bQmIwcwSk~2^+ zxJmdY3%Tqk3$Zeano&W9IF0nZw-@tNf;2biXkLOuAmE}paFVv0CWi1KgDKB`B8N#rSV|)3b3;mzMvrY&1(im5qjo+jC;W7nu!0_kseuPVfC|# zU^<=S1&t&bI^cPB5vcdj6G0M@Kx*-Dcb&5ZB~Cy7&>hTFFz$`1a>flE0rrNhfq?;k z&%23ep&V+*?Sk1^tyou-ZHnt#fIb8VcO!{ZVfPH}-TJTG(Vfen7XUFV?6KNj4<*l{ zzo*M#&D1;>;Onlr7F1+cJQn=Gm&s_9P(|RfkiK#UyxMT=J z_1ikc-Sbb5j(6o)FG}Sk@BQ0}3w_|#o?*JoA3{6c))k7*vmutPI~1iOq9%DwY>RHh zux{!KnY`_s!`k=Ur6uuwEI!5f*fodv+yVvHTv}0QrFHQIj0+QooXFwtoT_W9Q_(7_E@wKTtX^b9ykXx_Uhw@lTKhKz&qiB3CZj0%)#^6i$cw6m z>~!js2Xv*q`ojPV9c?t?7llDU^z^dCSutXEQ23N*7FQelX!ygDnbM_qI69VgX9M`o zmN)$2FPnVvKSI;rH%U9&Y@w;26{l7yazrZeBYiS0-gCpVV%p?tppSH9baUjGsMGDV z-u`W3CXHpoOjZVoSXlce#n70@Co%xLapqkz=t`WCj-!?p;&Zl&Lv{+Q`Sqjc zSqaLu>-G7Dfxh;q$bh8)WPzI>O+RNb{rugQJY@2AAlpABd>^hE?}1!`*$@GgOGL%2 zelLXZv-q6~{E+T;){1WnvwWB@a0`jKF=fM`yjhgOo}pwI{E3!;(LuO(&JV376vA*< z{CpUR08@4nRD=pll1r^i49ds9kI6>gRk64X@3I7c$X$7v5uKiqp>ctdEp|JRuMl3x zBD9D>{q-e>xTKLo-`v1*A8hE^>X2zDI=~ zD5h`*L9>wqkkP02_#aC`Uw;7*-5pch)TX`HE>y1mI&K1zzV~g3WOp@5WcS|#$nNU`+LNtSxarx8 z+P5gZYnFmUbXe{)%w)1gs&Ype#EQ75!`sR2rIwW&a&Fz~=Xf*%q7;;f0!vNpeS;@( zKT9+9KE@ol$uB<^zf^&8T&3>%qD3j|kuPk!e_PT!mcH=+rxQs_4@pA>u^*3F+<2d| zdRkVX)&Fq`B*+E%zWCR20bkKAhiv7dC)~_MC!FV_f;v7ce-SqeOcysJyComD*=;V1 zt5`Ja4{nV`0o4Kt&^btW{)W4alkN?mE!NX?4w9A7AytZ3QA%u|%D27GOf*_aYxTpM zje)GNSzc#NJRXMoE~>d`YLPElS}K?S7}SRh|LzFQ{-PMJ>#5_1Y-*ZVrcCoXR-8<+ zpDEK$NCK?xBniylIUwLdt}kbSx92m45eZ~T^OJ8F7%9f_rm)q`fGhzQ{JG5z4ivCE z>knH~Mt`OH`IU&3&{kS6=GWy#hg`sm(IQkX@edT{%1F>^kIb(uuNvH1HzgL{>*r#& zUBJ7mHFt8AE_b_GFL&>4FLwja-HHoPG3tM5k82W^?WFZjpB=ulF5wzXosSaCZL<*X zlgdFMlQtO{jgp0te<%@#X>H3lBCnqWeF5C86OfRCLvYz2t1R}MS8&?c7t-J8VNqEM z^jYu-CyCKqEjj2GN4}`Gbb)fE;0t4L|aR%0uNL>AfPEbp5YC zIaX?MPM|b+r61BPthS0aGE*N6<%(9x`597)=OI_MqN#?AEY`U!`OxIIq8r_Ji`(zR z7~Z7*K@4eEI)}n)Qd>%e{{)m>)qusc4(}hu%H0I>%DqaQ!(ZO01&2(?qYJ+7L zlo(~^H#VU9%AW9A(gx?>Z)4U7;;_D;D!Gcj$y{1omp(pl%~jc+g`WczVQClvwPJO_ z{3L@|vaQncXl(%%$r55&+AvQHm-RR3dpY&|sr)$f!||(x!+JGA#L9}IeMMUq8wAW4 z7Xy1v-`CJP5|Wu^Dcx%~M}!UggtKva%LmMQH!(o#>QEZ%h1xUUixFg@@KUU9%VKys z@%#f3#6_M-Is3c9r%PZCw{}F|xwyE;(}v2+ zS*zZ(I9l+k5wr0&NcTBjdn#c`4@Ss%L`MPRZ|ScEGc!T}bGxhy4VZbw7$TlAzU05@ zbNR-IXVR7k2>!}8iKpUO5y5U@Q-GwK6N25TmfxGJ?@K$mtwO=KEaq|{eY@p?ely(N zqFh`lX(@9uypIt{=4&1YL=Ih8&f@-YoCWtEWBA<69npgH+{8Oko$0jzTOEDLN zw7HW?^F#;q0VGQHQVgVzF3X0=o8F>{i-Fgm7JBWmK|FW}{Q^>9uexyqKSkSG@=;UU zKgT>7?uSA5y>a<|9&7m3MVxxuC5LC_w*Ca!ij>YgQXcmngJmQZLpc+E9ygs18g}y6 z7h~*?+}@lIl#3$QfoDzfz2BMU%2j}vS%LiJww~VaD!y+Wm-g6W;&CWnY$*3{&JlRE zEX0<5;I9ajjz@K;W->)yP@E$0*XcI2WagoY@!HLh7KHe3v5B6Lo}ZP4jRBTl&Gb3s z?@{Kv7D|^?Gg(7io?NzvS_W%Iw#fEJl0*HUJFf46R#ryoC=l{p&-T;l#l{*7QzPib zw9HiMHD}?AXvFHiQAEq4o+Vz8rpkB0BM~F zrN!pE4V|ZGlCi~I)|jKg6*xFjkfwZ4H(h^G(sGRSd(KO={|J64EZ1=R_V@fD&7p~S z_egn8r6%b(N)|O5!I-AXO zlC`cu#a7Fuw}`PZ!?uh(FJOB0T5av^?r9rs%Bur9OdKD&X0^bb2Gke4`7`ZHaGmxl zBR}y8o1xf33NC}0F>|z_HzIOj|1h9 zJb81Gl@v)XvHfyon8%`E4pkjT%_y zkqKjh3T2Q!#07!8cBteZD!ck;yQ9etJ5=b(#VztSS;(4J!Mo{R2+s;Lr^@D-QeWO1 z>t3JcW5Ob_01#NH_^0BeTR>N-+IIhaH_cg{jk%}x^>O1N+*%$ncHk@dsGb*Nm$(Dp zFWFf9_liu-p8g)@#QWR2J(8K1yMWV{0uV;9I}@SBy3dT6Hlmui;q|L?4p85fHIYz< z2md4B`+AbQRogi6YVa~FN-nFm_M`HZZrsi<70IKxCJj2yhu}WtLNUL9bWgC?xz8^; zki>Kt<|JpF=a;wg$)z++1}!24OfsX)*m>W*mPn5po;*B>(nJ3j{}4_Nxf?tF3IhL{ z8*fG7eJ6$l4+8LoVHe-Ekx=WXr7la0bw?+&6o9=994b%i!{UeFL3Q6ues1RhK^qLWzBFp(4mqx znIT8un?1byLmOJB@~2=`kk#Ug6!oyfUqlwK*0}ev7_jfhZ6Aq%eV;4~?ECGa?Hi2# z`*`2oPbqJ~>P<{i-f9tRJzuQjx*sli!81o#o)bHaC-(m+q+ClB^-EQaB_qd=L zXWBjGi5r5}3_c4U4bv-;9s65ecf?|OT@`=?lEV)g8p`@>)d@eb6$v3Q2<~vw|1UGL93A4gsCD6axd8=n}@$wY&cdz|r%Tc6nd?EPKhA#j2_+^*#;w^!sN(qmfU5Nkps|Iza$ha#+WM?9^Y~aH|tm zw8wMdo`$<{f))+L{-ST5fT%5Euj4SAib3nD;(`C>#9pmrY$8~`(Iqchz%br#HL1ik zdsKqx-I;GeiOJ4of)8nHd=3&QiGVyken_74RexD*)EPr;?new}!bPT+_-M-owWyHR z_VYL0w~}f4jFkftfKMb7?eofISgQ&<1L~KOOqs%T86;aR4wlo?W9c#LXY$6znZwyn zxSdVCCsfmaTzx4V@ZJkiiH^v3g@`c=&zCQu&=2Eeh-ZNk;rvP~X9egO{{H^PTh2o- zkc*y?QXGl8%3z+<)G5c5XzR&45^}zV`*}Me)hFgk^-ao~6NC}%fetAggnKHqwTMHr(JuXflO(6!8wzkzzr3ph@z`G|iQ5fgUx|7AkT~&bo9s8~_jF@nQJ53}pJtCei2F$F7c@ceE`d>i zc5WSw^u}gApp0o?IchD($vhLO;{po}@>6SR$lbd$;@ie@zu%qCaPF7C7D}*C52b2l zT*y(Z{a&%`#LWuF0xG>Ezt6j6FRk=HN7b#6$d*ve(0!IL#F zKx`^s@p{7zE=YSw9~HoR3H-3{%>G@DB#!O`W#c#MngM|#j7O@+>y%UbvlJf~|9I~N zpn^0=$_nG?N+vZWQenlb+(jE5FNzOhe2em2O>WF&0sV|3q~B!f89pyBD7*z+0?{Ex z0j+H~xTp~FPj$ZA*ZQSAX?DIs)WxUchB*j+gP{?<#G=kdNu~DJdv~PcE2O4UN%LfcH&NKv`n=Hx@A-~qLXCZg%z?(b?3(h!V#QY&%#+ixBDQAY z`Z9_!)JJWN2qQ>J@kf$>n#j*1;wDa1=yC70I+GpBw>gnOohA)tHX&b7!`lv^9Mg?` z`=uYwtZv%DmJ(|o%=iIcLM_JM|1P!h1(7vJtp#=g$E!@797xgtxYv7}zJ+53rD;*I z7cE2i%epH00vTp%jrgU-AtM6Kw|yZ{nh+?GessXmu~O~+cmV6`vr{~Y6Rapj67Vym zP-3H~C}7SW-`3U^N>4oyLrnd{*svE~D4|@pzGq@3G@Ner=mzIBDWOA>$QTbMV1LQ{ z1Ez@_yc+S=%+9#}nL_y7Z@-)^OZdhe!N$4+WC5{a-k>KieY=*-@yaLX=gQFV%QhM0 zAeC=TW1GF5WKMK?7ufWJ7!Tq4&BrR2-iG0!;+xlnJGtXtJGs?f3=1+;k)o1RD#B7! zD*SR(_ilb7Wc6Y4dsdU%@jiJfW_CF(1`o)19~bt4*?g9#e-vNqE3jRIp7IeDc0Qx& zLpDNQ339SOe}?V?>bMtEe*_NTji~&NYAivpk9-)RJS^vopS~i7{5H~pj%CiLKZ-G* zKn};Zi-EOf)*!n5VKAoM>Z79JgDveu{J_k-g5b=ZQdndBMC4ogLnoSkYz9B}B(a}s z3K|Lv$j?BX>#jv+GIlBdFlTaD?I+T<{lV>vUt3FeCkC0kb|T$isSAwKzhHGig4b@k z;(*;Dd@R{EB{lHrnq!W6f|g=~$`1B4Ea=ZEYBPPT`K7eJt(NXgOBi|{5Q(LYEakX1 z3-0Wl%N!4ln!@^831g;(K*3wn>gC6lo+q?#^kIHsBf=_~p_m;@_2o7qH252P6pHPg z`0Bpls31bc;tO}e5@BUD?D}5$F?In=GI}GerbpE+0diq}xp4*N=Y=8zD}Wh!IW9EZadx(#gnc`(u2O65B(}h8j z*oOfR0mr$cjO|N@gSU0n~e-rM?V2VDJrK&)I>6NcY?(C8wY-6Po zVrAnIo}wLROyVnBIg^C=UVc2DCVUM4vwGQQyZC4^`SW!htP%HK{j>_=`H+3_>Bit@ zp=wSs-1SO~I~qCXxjBO%>l|r)ht}3a<&U8u@=s%_nLe|DnVO_b69Jq#l9<8ELRg5G zErQ^NJ@RXwG$kKfV%QarTDS|a5Nrmjt-jBD44PD8F>E2v;i!Q4-W`8zS7YjiC5t)$ zxn#Md{U6-wKtTg}6>zD$4opQV9@?o*E}^TJZd+Li?a?cZiHbvycPP7_>eQ9RS-ETWd3J&F3)X=>$iX6jf~F=XstIcTkWha#6cs?%8c&yI_wA4x37(=zgR z^N003FE&0D&~y%-@&u9M=3P-RFwKi8pi#xO@l1@6L-amn$0=0AwV5M0yE%s*O(EAM zx(?6LLcYj9qmX6`Fkspuyi!ee6RR>Fy$5V+PO$Qx{4r(y4x9czw%#f%s`n4~rekOr zQaXnYLAo0RhLVz!?nXMLrMrhN1qlIZL8O%KM!LIeFMj|1Ue|lDIROq}t$EgZ;v4tp z_KRQ6_T!L-t#&?(7*5}*6;pYq9!qet^1queW-Po{FLH{U*Dn2(x5->N!hg}=k8yTa zCU}ckt`uh#jtgVuU_uGadDq1Iy)p?PO} zCCg?%H*-?Zusl;zA)fqqEq2Y*hkPXTY`uC?<8-LqSNa_>NXsk=7R=xsQVdQ(E|590q+AOQGYp+ddMn+&$=p>#_rU)DT^6cu`u{HopkcYv&>R4sFG>jaU+bzShm`Vtk^v*=bF4dro9#Uk;Pob?df~ig#8HmvAOFDcKh-MS?EhKansxW{esp=a50gn*Hc%l zpA(tJx384F6c0u=*<`H`?2uny9zq}+wu}-#GsX1$!VV@SXx{T2PEby6j{c=@l{Ca| z!MNY<^4M!zQL(tMR^M)~?iM<9DTr&$tyt$^NHQD@6#8$%_kMGWwneV{|neWDuaO&9+YpTjp!hn$%#=mu3(L%0A z5C5~4UP6F=F1WaJyArqE6~YBO*{Y?weUrmD9*=PU1=j;HDl@}{^gCMZjEL;e?Nm+F?AnARa-jJwK^$g#g3ct4*w zgB-1YQ}A!J@2jeqe77&S>G@T(pn5*-@W)c@$``kn6 z)H#vj@6$N+t(^9;Q=w^n8R^W1_}#v{z8P+!hzwW}gF=6v#nBL1kEAopXF(m)x++sd)C@DSEs(7_90lx;<*c!M0@C8oys@@^^U3;;JfDB#7%5n( zkwvM>*BEyW^8jj-=k=0soSjcg1h(_8ulO8W^n!loPq0^1Uy)Yw9Tf(Jhim@b2`e+( z8jrIttq?rd2iNO{gnrd0&5ITMt2o>nis9tE0A@&}AO04!&%3F%8 z_98YvF6jm+$6Z-x5%nE!gVOYt%Pi9A>zn13*^kCG+%izvxm$~7KTIraZ0^^qlEyB0{(;5v*v5!YMN;hl7O26LzjqPN#HOMTt@>U|( zh(E+Fl^C^;fzg!-ZrnNSR=6pVFZ6(Az+Pn=(tFrQlEllNE1p(cS~*9`F8 zam6D(TUIir)tPts+gBnWXhT5^z<1PI)0=w&*RE75tQbVIKr*g&$NInMH074IxA^u1 zo0%z3`FQv`&bKajo*ONZS@ORmzk!2(_DbLrC11W@qR=o;8TWq8=;L<5+)!^UPz}0Y zEDv-4(}obH-#!fuT|=$#$tFbrEsC_+OsQ(dx)*m8%_MHWeqKaDp8G)mN;Bo<*okm_ zq*%Y7_)h>uP&2#WerH?lel(szNb~!(@c6Msi$-=GZ}%g5cD8Vj%-+j&9j22*C{3E(LoRH zlS8GyS-N$Jfa9N|aMGiIhWls&e{<(dd#bybZl}5VqjuFmN6*r%>>RDe(@Jxl@+}nk z${)*#PrBO@fnQSXV@0QezBU$-RoOGt7m%@j-MuE{VjW=HeR^#?<^d2c8b2!7Jq%!m zB9Obw5R$LxOtFZtE<}Z}79na-XoJSp!~xIoO54==0(|uvR~czB2C_@MvEu99zhADI zP4sQfat*^j=%m7a{T;W89PukN_f3MC1mcr)c`|%W1}Gn=^-Aj9k-szZifB0{;AQ`a z@iCzR@bf)$ zG?)0mV=WL+qL!a@@b5JQEF_8(3C3<8wnc5Z+#o~_x9m*Kg9~f-#sKlPa+Zbn;HY0V zzOFDz|FJ<#BA1Mb&6)tMIVTtL`knVL>5^td7MkGTua1m7C4Mg(p7YJ%$WyCnlc(}s zA%V7kr|6^p9+gms#jC0E(bUQmYvm@2*#5CA5kohR;vl%dvA;}o-*D*!jYLt&OHmv? zYUCD_RhSMrOqS0P-MK{zJ_`0E3B`*k)`S}JqDZ%Cgo*B^8GZ?9!HG(ONTvChT#u{0Fu7%QAy zVre8)YX0LC$DgW@nmh<((cRHA;%f?tL&6|X!u{(NuW;9sy+xS^IY77XQ!x)lAs}?-wPFsa65Zddw zUbKRB!lan8Ujhj4!t^wkh}PQ?ApMc@4*J*gH8TCfoFhtXc4vB_+4{2HemVvWF575P65jJM3+wTrj}09> zuTD6?aj+m=lQ%ck9H4078c7$i~?FPQ= zwDzX)o_=oC_{K)eKE#M9B_R>?E%!|m15`jx{=lB+QZW2I4@2MCME_$?LE$&jLk;Op z+w!bWSeKyACy1rJ+>n+n=TE7R=tL+fjAT#fW3xC>jLKbH1_i z7d0M{bg^?8_tGrd!_G||+Q1kD3{aGd6U6yMUt4Q!-3T1e6)jodEYYnm;F}hDH*qeF zI*VsH^liM1O&dCg7_F6pd$IsGFjcJrd4 z;M8a%in9T}LzoBg2=Bu=R?dj;d&nK{HLb^QIp&?iOF4wzTK!qtz3H{%^*o{^>olSI ztLv%@=IU!##O=e3{X7JLm=|Yw*P6>Sv@+_=3Y!!dxu7De@AwSGWqr?3UQvR9MQqc33mHSZxO6}b)Ze1bx=qZ4Inyr2R)Iy38_VH?{~TU0)Ukgz)nPtBzO`3lpj z!v?4A+qc3o-)5}tSsc{Q2mkTRGI})i5Z*Z#d_@9vfapJkhbP^?4s`WDkgv`Q*r3g< zFRK}(Y={0)46!OhUG5giyDbHw?ghb}UtgEyPB$so9gMvVML0+ulXYd|&U5tVO~^~x zm4eUbFZ)(Q20dsBERW8{)01E-?gTc&b7b}OXc_+`jYPSCw-+m@GRaA_m~P3ipVa8& zX^eAz1D0)Syef6F_+Ci!mb=e+IxyJ7lX%)Fk(6I71QYI~_A%g#qfVGGSS7pwv9AR0{ z`_ecy7WR$i5}#_yu$G*;%Y>WW?+zsQHJG=HPT94_>^03PUK$*01r@mLA2tLW>P6$Y z3?%iCwBNOggdyQ&>S{8q!@hNe+aKMtBv2bDC`5h$db2g&`loGvmV0U43hq`x2gfPE zOmg{9{Z?#TpUg3rZq4CD*%vYqSSw866OrLD#Ghp@wy$LZ{iP@Wu@=Tfa%fTS>AXY6 zq!Ux0;_M&gl0^vFP5SGnM(81NVft3F@XZA4qoE(Qgz4JTzWWHP*5`To-d~AVuEKk~3nA4$NRg4j=j{??EbMl|OP?Q% zWm)6=0ZRO&lIziRmKbhd>)LJ79cLXLH9!aJl75D@!bRz|R*%uyw4yE-O!_}Dz|(G1 zwEcR6H|F%~&0qS7M2Vm4dT6&ua?#dZ2TL_&d|NPC`Hn=W-)%9#u%* zhvS!NGr7(uZMqFrd4rQ!#kf*J8fGRYaD0=loy?fe$|*vnB$30GmyElAV(`8(FH2`1 zBC>XuL+Nrs-0!O=(jgaIMSB9)j<-byDDi74=*Dq+> zNBEofLx~IV4jFStq6Si;FHklB4sW@90Q>b^^n_+J*&-)g2Pr-7e_gLi6`ZR&9w?mLxN z#ycn8LZ8Dcg~sf=2j56PN+HX8KK%A!&5-Rek?+6C%3c$x174@0-f8Bpec67YMj&52 zk}q{ZCTHkq8kvE(-uI}Le>fBJ?ol9Hm)*v-R$>9sqL){MR~xq&y_CMUqm1YK2;ewN zno9*Up2pV3jgt0g5hWU|U8=L^FAQORx5Tmmng$_ZWR-K-c!uT7@Y0X;Cf2tlm9e%= z64J7Tl$*!`zmx;pv!3LP+^q1BXEzu5(jov66%B9FgZ>{vW`zt>LGCL)VC0pB_og;= z1U^nbW2=~0rL(tMJ{~6^C5B9v?Q{OOAz4eBZuj1I-yRh?sXQwU|F92DpO4xkcwMz$U+WP7xlNz-r2_SphETeGJZzn4KQ!V=iQHoW4)A53*ha8)Z}q z!=$Kn2+G(|aU@zHCNdfrhFlR8VyX^M9R3s~ByYL*#6C-*Yg&HK)#ka>zq zAofwx>DU-rw!R{i6ZW~RghT%GMPy^ggUs(&EDBWzV*oIOl_K#6m=x{d*rE}5& z3)Uj%Tn8&JT;q&74=UNWZJx`B!^X0w)`N-_4&ed&@)gwq&#o^OE1q_HtxM5l?41ya zwUA_$E1I_m?W>0oJBp#`7tQZ+eAH|CkONQo!vYP}ifLbJW2aLA1;31eRI_+xg%I82 zHy%2Muq{LMb>|W`oJ&~mPeIpQei{ci?v#(W&{wEL%xPz_X5jy zeR_VB!tY{s)hvEpbjHS|P+Vw)pPz$RZ0&Ae$-A zw=I0CZk;9e7JxP}jpXi*TuxuCkz=rM554Dk&B8sAqVxx-B+<5uFX>uLVD3Ivd;>tT zDd!i<8*UfN#q})NUixogrO2-WlNx?g=*$Jm%Z~Bv;lZKQ`Jb%d*?!yLz3ptyGCQXG zc@2`y%wx#kTHo=$#V+h89Se(eveo?aF)-4d9?$gV)T(eLfI10AQ|qbiLl@kW?T7^# z^I;krVikNQ-3DwHU2u${C;cjwyv0=R%zjPC3`Fp{5D?5{x@zBA!1KuGe0FREK3l|H zp#|pbcd1nS)OXyWTzhm)6^OeZ_eHllsN46ro$1NZn9JB~f#vx=zpk1(IOM+jhvHIv zORV|Fe93~*knSZbnxvk9#Ku=k1YcECv*)sr;BnT}T|iKi6-9#_S+Yd7g;xQzXTUCy zbK`iAi8QB{!WJvRHiZas(;iLq9k<;71U*_KjSe(sFruFmy3m7w3Ni+Wp@8Ls zo;#bg;S?ylglf@*__RqtGUQ>IF2sM`ZsgntG($k^k>oB+$QWF8U;? zv^?6Hy2oAFT*ZsKM&eMZUk$M~=hXt`V1IgVz$sVkpV;+7Z0vE<1O$ku{}t-(54mQ5sL1ox5NEkxCJ$L(i|b9oSpWtZ zWK~GxZ^fts(Tn0A49WylPNi-i`GVjmqUTlki!9`wqO(HX((}i@ZC-sKm5`XMRl+?z zR`MOgvzhm_f~Q#ESS+f>2g6EN9k^ddt(&z(v2iT* z6nrvw&~;gCoKUfWH9WiQGr9k{9sj{@l9Rs8uJBVEVwjpHe3&%~@|(sG zn}YbOiF($0=E(&{BRfr||E<_`er* zsBF%Em}nzCeBT^Y`dr1H$A424uFEOj*WccTljFf=z-_@J+fq(`T34bRwY{)4LI4Z8 z4A15-y=_ruQpH`+dc3pSTdqu<)$!bMQJww$)D^%TZG4#RWPMDFn8o*@Sy#N=jj8tO zqJ^)!wy$oEPJXoatAU39*Hc7o8|hhNBNTz3b=;44EJG*cCX-G6!ifPJc4iD|bPnkI zzpsvURwdwP)Ghb1n&oIpEdNmn2RwLP{X3WV*e+FG(~+8yF7etQl69pt{Lnv@E?ZXg zgz~1)n)IBiTzEZW-K0kkXCSzV@T&?uHpIusy+8N2Q_EfB3Ex&M91@tS=&Q~3Z5ppz zSyd1cK(VAqm#c9DQztF11kxoUY9v63;dOVboK);omx;E~f=>PLR7W1@kT%Tan~#!m z?nnil*~_MHBPD}lzryJo4Huno^xj86XXi0CRxG&Ntp#Gc8{ZdyT6KOQd-d+l+&g{d zsf*kB`L({RcilI9JFMPlv#KTq4T;=GV0?s~eJ3%hc9v?tmc7y2)=@4l0w<|6S0$^a z)qY&2c12CQ62kt$!fR)$G1dz^sO#L&2ZQ;dvgli@DV9MVQcGMcbyQ>-S!@miTFPVHawYM*5?k%sk7}XTOdc50 z!UPU6^|#JM=R%v2gtREuVbOQ+#SbPtjlZE=u=T--|di&C&Dpi2w-iKGyjxtKq3Z=hCEKuqvoDO0FNzd z;R`xa@HlY`CGzr8a+zWL>})h51k&jpTmbY#iG_V_l`v%;(U|p-j(+1(#6J=miBCWZ zj;4W_fS-DB#Bi?(iYfW34AL*2UsZiB?a}A6hZR%l9W9s0P;XrR-J8-rQtaQPdQh|C znY;3Ir&@SZeOdO+k=?*HsJlxwH{~$yt3FNI+U3c^%yFlh+qim;yqqNbyX~fxU!FnX z3){nyeL={V4(3oa&u_%}$k91VYWZ5UM6$?WUFIoyXqCIcBQk9)z#RfpYPS^dYJ_wt1dHX>_}|=xry)NsaQ4e0EFhKmdAscatcHeQ1U$} z4-K}C3Ge#!c%)w--U1e1C@Ca;s*DDS-})M#(aVSud5B&P&dBi?+x_nM?=}TjVUCx3 zWHy4X>aWM0Y#;Ap6hymuzDS#L=eP?V0x8eYAA0p4ODRiGL6Kssw@Fb>1_SyBi!`>x z8@$Y<;4jxls@MLsSfDs@P!Zmo1h}_vkVgeN+i70wWmN5MlSmn6A&Ul7S7->4SMz;$ zMroc(EH*Q*4j0lVmZGA?AQE`|vt#D0lSIVk?Bw(JL_IeV2>|&9*yFqxm49QAQ-i{F zRB~yB;C~tk3PBbI5|JiZO;q78<0N#$MV?gLEGHZh{rAT7wGF;mKQ!A1ha5h&|C@!R z$US!d`WgD`j!gVfLA`qTL-y9?J~K3AM)kP8P=T~h+8=q3Dyc>X6aScGtr`n75)ihMgRS(1eNj$ra8S2-qPtoelGO z6_A>q)v&Y9@OkWM-JK9d#%0O-#KSQ`vIt-{&qG|r1@b>Z=-TIr|>rt}xi*saczsXAmOiyEh*cT+~mZMaVcRvSj!TK$HM@K3W zQGHT69DvTyB7^Ko)d+0FciuHv9Fcnt$0)osXpN^gnkNoWR4b*ji~$aVvVbF}mDx}N zpZzSf9b0m#o8eUw#*AYvJTipwpaO#8kAbN^JHLhvbBR+UZ^&nizOK64Sn) zyg?i2Cd6n9R0u}*=yAO~^zvO6YibNM7fr)R2bKb4kWSfKnD73~w_1xKX9^bpx>r?a z&OSR^XZkm}x@hs8QLvQWz@1W~5)a1BQxdWTO4ie>3*WdA1q^Ei6_>H#LLGnC9@pi( zrjf(LiTSuxUzqc}7lf2#cPnG})h^2Jt34lu_`fB6tXP;HcYB$bEZMKbtCKYO2W)S? zr8^(Z&boFdRhKCO0oR9G*H>U%biH(aTO&($eu@7?7#k>%Vn?Awl<=1Qi(#Aek=V!( z0G5BT^NagUqdjRg9S|tj>UzV2rs#chG;ILX8vrPD4hhy`*!)BSP) zn!%Gt1>A2OLlLNHbXigN`CiJ{@6_RtO~YG$3L;|w-60Psz)JMuLBms|#?V@l+7q_) z-~a0mLZHP67vjHEy?WU>wE^ExyBANEFiblmA?(h4^LqMy#{9pp!eg>S*zY zbWb=|kyFQQxKbLM;tOKoMKu5K-&sIjI3RUQ3=0c8djO_oaWd2S(|xXiVf@8s_rNKB z@;McR5Iqz*q2S$On!kXd1!34r6YYy34XL`~fRu)yWudt+J!^Vu=nM3BE*W69`d`gi zH3U5RoSmN+&D0nt$HZVvebLkGl2&D*p;^mau(q?C06>!~LI=UYw+L+BW0W4Z3`?$e z;X(@xCJJvEDsc;~iXPE{ivIsdwb1@@pHi1Ud~<>j0OFPE0gpMD&dF&)^8=s<$Q`#| z=gt0}nMqdy7V9dVno>X>HL3_$*~EZ{Q~A5ibYpA4lWMRoy9#AW&M?vh~p z6+XTOL;@b57l7I{ZL+hz27`ePGx!&r^nZ6>Y*#@(Lfy(V0Caj<80HFpEEROyDsI7! z6YVIArxGvyZZ`vxH#7`F1cb|g1s5LhyQ-OCzL>u?u$29CDN#z@S^VKfwoga5qH5i2 zH9~0-I7tgAu;uk;0H3cH3v;i}7Z5=HYC%zm1Ar#Z)u`bP;@UHAwAXWWbJI+NCyJvKWuc@)wgEuYWO!J`WHg%< zfYx|W%*)W-N@_0|;9)3OXb_KABs6MeNJt)c_h(i7odsYtEPr4@cSz?(qT#j5FB-Cq z%hPCN2=%ql_rx)PoDdl@-i9j|HumPVw~wMHFMx3=`9>&PdA9!LMT@RvBs~6pGFR!{ ze7Cg-IRLn8MC%g~63RL_Jgflb(ByYJowbB@H`%4GAb3QX8Cv^^It%42;g8hzk9c4~8E;(6Sq~WxR1*giKe=kn}$@1tB(uVv`F{7s9)8y8#b&=U}e>ANL+D^Z=74 zs{otVdi(AL(E`9db^t$b+WA$0P&-`!B^$&3kyrRFNJ>MCMphEAa;*9m5@K_Gq+Q!? zUT~oCKflc%)Wsguv9v#+aPv)0E9AZub1up%Ub(NWhM~RDgl-3y0J4&EzV%~`7daVO zWnz7vo~ZYkj0=QDpw4xTZGXwt)fN8|wH&_7TKtLMd1uoOq3Fsu;I@QhSH6s<81WGZ z61o-B<)74(gRk9R$r2!fw1V#}tI`~4me77-s07)ofQ2z`R&R6WuZ6c4FmZnO zrw8vl;Ch;d>FI8s)V58&*GKjgh@H93)0@Wzl8DIJM@vIYK<9OZ(tk#tQjTcMgnP(2 zb)&ZUHZ;!FTy-&c7i4_4k)3;CMb?_P=Of}6b`zzsJbTfvFy&0ui=+FI<_$_2Kkr=~ z%xQ`|T`f4tnpUwD$8=SEnwSO12xD<)zoG~}82TLYu92DFtWz&v@C)LuY4Jp7vbg!>yQ(jPa~v3#&tHrr2_>a zk+f?3Z(KM^A6DH$CUO^Tfi$P*Rq;4%)9iTX5nwYl$VBtEk@C4bWV{7<`o zY%Edic7wpBUP-yxw2-0%6V^(f<2N!_oHyTze-9i=N9fHkLqtF^lWLxbo*;?_ z)oG{p^W)D|c)5u+=k@QVH`Rl9vNAXT!s~Dj)@m2(34ka0-;-@#6hBVLS3GivQFJ!SIrAdyfX*U2RjPM(?-wjVaE)J{GEqJjf!tMKBFM#$ z_|z~g`SS{xEj>&Uqf5$l2Q_EVL)Uo{kD|*dt_>So2u9Tf%i}=mBkv@@wY9>fNC-RT z59q_D6oHW2U8W2zX4E6D249C;Tb_ZLx{x(ErvgLGD@OhsF(cw*;_J{!OC6vwdNf0U z{nkwep9KHKln^ECJ-B-iAkV8sZ#JLy-#+bu(9m${93l8}d5xIJ6^f$q;$Ppdzp$y; zS_7ZOQkga71lCAId!BJAtR^)jHqKRQaxDRa1(_K}wCxxvn?-sTkxK+Efs1BtvtpbA zuQ@$=2L$qf;x{l{;x#WlIEK%R-ON8@Nd!mgoZTYUajYekLVd~@1O#2@Q(6)%;W9{t z+#$ZhFOP878aURF30}i_3bc_(B*a9(KPWtFQgulb<0Xb}jK=G;O0?u?ghFUK_HQt# zgU@4E!j0N}Y;q#*$jKDYdAPaNr*p;p_1nZc_9G)JS^2jPx_qU~k(gx_#FOaSZv21q z=-K@DMhybTie4wi!s5uR@_Z*FS@1@us|@_e-{(dD?iAZf419cR3KZ9sour z1w&C`V%}7Y2R$DNY$6p1KXDc0y_ZgXKTtrmD{wRX?;~Q-Rl?#Te5ZvgnW}4KpA%M= zKz}SgR}ih;^cOv)Pq^xcn79(&+*YUnU8CR)O7MoYqK{ilF@I1<3OzYa#YctI!Kjv; zKS2ns3TyyMxd0B0&V(cvm5bT~jlZ`{EuUrIh2VETSm@4VQgwJLY;+Bk&dIrpJ1b08 z3|FoUmsH^^1B(eE&8B__M+AQ7QcW(!2L2m1R ziUH`WK|4fjI8$8EuT$@zdO?@RE1k1MJapQKs+85D0t!J|L7JZPb5cK+5RxTnjwRs* zA8(Gzg=cS$)<2?mYT}}Zo-8G4T5-*D3f}<(he&#}Ov}T z3fE-dD!_AXaO3S5#S7%M!39%`2C@%ZK zXU%IQG)sthOfu$Nw2S5HbS^oQTkR4|Yyz?*4!z~P<1^-_uO>UF17C$@@5F^(dSP2> zQdR&*x#vhJ7j?%!bLzS;ic?@C)IClSK@DE4=KKNj5mtHkJM5Vu#|xa#q}G|Vud>05 zDH1X9$zAX>LRFa)b-NUYqmEN>6d2#VPx4+Ft*AtSD%ljN57ldMmyqOpn!(v%@9xV| z;$5 zC5Rvtf%S*0-7q!~4blyGDsAP4*Z=yRM&Zjb=Q%+367zpq#2=3u{f*ySSXUpnU9O#Y z-af^2BkjU+HlRMsp@vifT%xEh2xr5$s%c1OUrB};x?h+VA7@rR!io@-$W-#5Cjx-C zkV{QENNF*ne}rQ!M1+%5AI*Nnemy(OW7h2G{J1K_V%*{Pfv4}j*_;88s7Ye)w?{g3uyWz|P3nq@?1SZQQV(&1zp7h$bR=vl7qN$nQh37lxA-n(3s`Q zjT2g1==1jxkjGqOjL~vUp*V?lc;H=r*`Sb%S3STp0s^vz>25r!8dq@3H|e3Yh46h$ z{&jj(KUo*}uvX&xr-{b0`c*5x^&(6gb@j4j(BFqi+Z+WB`{8 zjWl>RE>2`nHar4Jf7gaO^o%IO+9IkCV8jscVL^ywpZyj5t1;Z=r6L%9ASN%yY5H#+ zl1DH!X(ND-vMxyf@68lfDl%$FofP${vKbhWTIRlW?INJRFBJ&tZjbRt`DgibbH@8} zGiSOxeqm&v7V~zP#V=+9DltKiz^g7R2{dFE7+kmQ6i#{YG`6Wy;m(4^M*Sd&E=zxpPdeo>;M(H9HVY@sXi1> zqq(zr=LuEU?$8)S2(C^0$LkOI&WodT2=8wlfmsm@wf>AP`$KR|FMwrnMUhY?A;93| z!m?k%kAAc(7^e^Tl;@5M43uhEtXT45%^uvHz7G*$5}%6A;`~1B*c&+e5fW z17&uK=j647kq|DB!dM)wE}8~3ZNhc|xtL!ap*@Zm<;$?ci)5Ojqe}3I#s-mBvSq;*24H`*H9P^CP5=`H|ebfsNKFYkZNpaUK(=poe(*ZJ< zdecKzj6C!S5qkM3FDaI4Mp0thppYSU&a9@p2Cw%;J$|+V|F}HJI?_Un!hul_mg|Av zo2@lV{3yrH#;*=q-L z;?Em`1vv=oA@0-#5_G-4)b7rhKHe*OR8K#JNPB6TXZ_PaZ zqHO~0C;c0SSp4;?;YO~yz^YfxivKkQki}Bfi=&(e!UY1^?*PUPJY;Wg|EtmYVJe=c z={!Y}+Ivs^eCu!Td4*;f%YAcmGZe^U{c^q7c!wGW;EB~6MtcrmXFuR{18&wLJ|Kgd zpOVN=^?H%PBKCJF9d_f}X@1Fpe%?a8;o{q^NHM)WWgmL-qgF7H@!#IPzvkOJV+K}N zn#3J%6Z%6we~GHNmC}sa8+!_z*GaF0d=l4E+kS|*p9IQwHsvb^?vfW>GA%MwLp~ez z^=evs@#faGs9mBQgA>E_53Q1%B+x>oDAB0$6!Mt|;~?bDe;T5$qe%roR>KavzYE1U>wXNIB!$b=y1q z+rcUNja*TU+$#C{k`L_s9GT&e8XNo7>s0{8Np{dmIBFW5!Xy9sQEvxRTg?S?CKWbP zsMOEoH9}6n^!<~*3SU77%C!3w9hX60Oq{>8W|Lry*%l#W@~Ay-4`)GnYT*wU>ioAS z+w!YGL1Nrw-~kE*IWOC|rUckY1+s=%1X_ zV(a0q#cFY+M-2mt7V(&vg2R)_;qB1_WCA0EeAQCZ&t48MP;RbRTa2iB@Z zJh)Q>Wu~+TBRS25T}xi;D0Wg~e^ts6sXG5Zw z9(`njFBbNVM?im3+7@k7?5Ozpg-e)@6iTMdf6vPMe-{>pU{Dz>)z*UpQc_app$HtR z>NT`MlLT#O5Ei9~E?c&ke@g}v3|KQRexg!El7(-;g0j$LsGQ$}1rd3mvoV{%=@%7j zF3Pie9U7r{EJ;axzgG)`V)T`{~htWy^;_KHAJ$&WMC_tiZ9ze@f~@mEP9mS zYi+fFAgS26bDPO%W%u=t8U;?*j$2(gL~8g;3{6aI4H>Ni;rLVvsKSyvEl>!V+0C8c z7=b~5{h6E7n?zV`=P+#HopOLf9*|rEl29`lpRf&+mXSeBYI)$Hy~zq`AR9#(Z_r>} zaH_ut3-Un`p#&_kZiF4?c~QbXfPkV$jCKZqe&xDg6blZKGTRBdrL%o=O3NknzHM>(CuU_2&Bfu`Hc z-pSe;l13ruN-uk-p??mUELWF4i06>k2dt#DQIU&f*S_OvCupX<#S=Y4 zFME*R7%zRyJ9?;@;*G~aVD=t zWug(7LRY#bir4uO8VyJ|2E%|$!>V7Fa^DeWuDHbZcO?AUT9?A2#3rY2Tp|I4WQtD9 z=8nq+iwOT!mU@wiqOl;l`ugKQF0-aV{&78Cyc_@$X4tE`AgR+)JH@9^vxRELs|Pk{ z%F5HSy?*mXl^AR}lEccKEYCTv=cZ?GceI!62A7%*3+fLk7*=Ud z_80pAg-BUiSuriM&L`2vqFw#vUx5PoZW{pWOSX_F0g-6Ywcmr{_ zkRh}S$=)>!-iNr`y~Rzd$+xb<{CStqG{aLgFt#xHiOlzw zu;fOyu=>t}9hFnR9#R~e)|ldtt1Z8|)fU7FRogK^R>j*6rI{KFHkM=yVY2N+iJ)TU zF!^3)Sdg`h)}MvK^@wrTHjY&W5g}E*fb&zw(be6zj{C~_}-kLxzgZy(Zz`xTj*F1xW>n7rkOK7vTAXcZfZ z0P^$*9MfPCtEH)VKf_{uZ!i=f_3!v`JSqFB*x_f zKVvyo7~BcesjH!Hqo6!c*LP1f`ro!}#A0u)leo7wOhPiPBXRg{QZqr$6EN`tjJzOe zFlxcJSo-acW#-FCh;QvPU+=oT1Vy_p!S3{b7hY6bEr4pv`2VHaqVL%b9zo8J-%Nmy z8i1|cq>A0XJ|zXt0_@P{Jv{0(itj#bIo<*rT<)0jW_J?q^htC$3ZnY%H*(SFi~4H* z21Rgvojq?~?-eG3|e~2&-W* zLa1G-e};TyapU*`?5{7M;2jKFZ~0dvDbyD*gmnOtQ?!hXG#guAQvYM_Co0=oQ zk{eJHqJtD(YoLa44Fu3M6E>21+!E1)1365>ma4h0Cs>HYYZw8~3i{4t22tM~DPC?EpQbW3!h!NCM@; z8_q{-zsy9(Q%CFE&u?3KUCy<~ekiK5E!tjvVBk=RmVZ^0`_>XG_s*i;5=a zd8p|@GsnvO&ntcZe?(X*({xMd+ifQK*#hz+a(j5gdj6D=U(jX}_k`yhRO5m}5{F@0 zw4ealTVJsXjS{7rap&mS*|R@M)jf*9JV3yo?yhi{t7C9j>ByycBIojp%kbhxCpue7 z6gBOrxIfmyHx;#1yzV1{RiHd$lrZ#2&237~XyTSQOcgffl9}_GhR@LW z$6G%pAXiD1>^AdIE)JAZKM~(XN&&}k8=y39Z-4ut`AMJ<$~6fr3dg{50nxAoii`cK z0oe0^k?IDx_!CeT->jmunXbBLT$JF9A1fi@*YUh?>pBq>`b?3kRWs@@8Y)FpJ(RbE z^6%U&gD0^);9cV;mp8yQ^YPr*NvOG(f(JQI>wbB_uNDV{LIf(aNLED2I4vzLb)os8 z;Uo1xS)PY&ql%7sNyPXc3YoS2%jNZ9W5}f75Mc1|clV5l^Ydk&m!tfw%q?`9<9=OE zmie*+`RV_8bPWe}D+|;esA><` z8xzb{jEL?7rV0pR+dxFU8AE3?4|KUNO5`%ejwI1Nbk8S=-JM9E0zO!mGe6Q=CTnd7 zPRahiR(I{PhO0n+qLIzx9aO3m-0iZC!%vcksh1diaf;`c!w$M?SkE`1N`ZIG{ze^b z0*w=6J(*(1Rmpur-eXI^5F`=J98!yk-=CU6xW)3E6282}n29~KrudO?D`DDv^pd~< z@-Mh5JLsrHhCX$BNCv=(BtlVjVZi7%Oc7VS!KDyxnv`F(#Pou1IgHb${+Ak5tWKJZH~xjI)RKc_PG z!#wFk?>2G-Ss=UTVLu^Mpu?v`;3acc)(%}XFwfA$9qySt3IiYtWQ1Q?* zKRfdbD=F2+JCmd{ccobE8i=D`vQ0p3f;?fPIW8O#=)S#S6F!+JtIFwDOU~)15cb>v ztbgBExYBk4zi#XY+(>T90M@ea;gRRmbHoFIn|aoBqn$tqBVbY;?Mp(ueY!u^1Qu*$ zE|Yr@AxlDRtV-#K|6;R?>vfTz3q3GS5;omRi&zUff4S9g|*AB z*BrIv!&krO>dOapjHA$GlIOqgc8nog2n%e@4m+RARRYE053eMGPt*Q>@CW+GwUflm z?AKi%%Ij8Mn!4+v@xO%$8mddIEpT?i&Mf{9V{a7})%V8>6H-IV5Yo+%lF~@GFr;*f zG)fCdi*ySjIfT+6EhR`u_Ye}&l7e*0S@`>(_jxbRGZ)?n%%0hMt@Zt6KYUIx_MLMj zwG{JIpG6`WtSnQ^aM%0Q1^WqP#8i(TthZ|_f1bgwH^*a>Sut|WF%Yco|}+|N~k z!gJQX{?8JcS@0am8+FU3|J@iNv|4GnSdSV7vL0NWJWU}HwTbGF+#UZI{r%FkSyy9i zKZ!)taf<6w)$Kb`a1pm?BB1Bs^~qVv9%h$@Zj4p<2n(=YSha%e|Ch+BA<)<);*;?-g*#ij$G7k9WNmiqzg~{yVJS-Hf7G z5Z{*;_;`5L_i%dR!CknWM1sTCTD$g#q59>;p^Xg)z}D4ZR@_YdTH|}-z}FT;5nS<9 z^T%E?GuwTQ>nKuA`KUx?@5DHJTie3KM+MmdZwwQw@C29!2IL`;Yx4C#`-2jZl9FP; zLsw(o7O<}_sVxj-O0E*S?tmp%57an+oy-WiSW$kC1zmf6Ym>|xwGqL(biv~O)SskpKBNEUOD966>lm-M*w1QEAzq4Z|(8DQ9{uk2~ z@9yCiA{E2?e9w8C_}wWRE6rpGnd!R+o1MBR{@nI>2JL)vIESAATsbc5%Xpz?U&pJ3 zJ4H_;Iz&&~bz2VnA~NW+9{-iD$Q98%oL3bG4H?Svth9FksC0)^5gN1TZkoeUYz9V+`dw6#b;nxXn?E7|H|H<1Y>RLm6GW=tI$ z*Ev}EL3P8;Jb~6iDZH=Dc6vBzb>q`Ac6HT9D{$UxOh4J2&4rnqfrU(eI7IeHH}kR( z&=6P1=4OT;HZwQJnHZDIrl+wML45aCL_p2gg@RKwl$E+tB)Frv&T%}`kmmLbOU0eP z7lFbHU%V|Hc}zY~e!2_9-6u_90W`CPFE@n;)7evpCMOv}U2ls~+-8xwGN|#1zwQ|% zh%+_PK2EiS!}phvpT^9sa!v$nf!hQnysyCTjBe1+o94|(O6-$IM?V+Ht@5M>%(6;J zyLYnhR9X+<6sb{1RzrvcZ^Y;4PcAhIa&vPrVJLXWvs;P2$oW>k225DdG{~SOW$m@kVCJl8eQ!@Y~cF0 z6X?Qb-2Pto7s{?KrJrgaf)-bpqPr8cYWbsCIu~pRd1=0L*FKa3pGQ`3RzZ=nK-a`V#lYHEZYI{o~Ej-@3ZwgYTUPmaN=^6bS`| z#@#0SmJs2YM%5yJ=>o~Qda-sMu!pUws9q*W><5d%5EI0i2WHN55gTcpODXxG-yIRk z585M}!uQIJK8if{yc?_6YV%`)&>Sc~)9wSiWSS=G$m748Om5;nnKHpNtapG*H%9?t z^bvkx06;u{g8zyyrR>HysS{?gsa^2#QDF!kBrP6AVdRb$84q9cAwfqsw&=(4eMps6tSf?Ux3@0f}%N>uqcnr zwVhE_Xt_#V(%n^|qI`B=MoSF27fy90^+-Sk6#{$y_vpQOSA>)peV-8CHtV!(`*4N% zdmdPk(&GfLcf=sfgPuwY*TYqIM-OS5=Dhg5dvKTcKgC*^ECgc8jH}k28^~m+fEm_; ziqS~Qar)%zaCf&tE$gIex(=x2MQIPgz?FxLDO;qpOqA)I-MVrh6kDadcnHz`x&T|)^^EM3IO9~ zboVqk2@{lpTh>bcK9j#)VFZ7}Z$TryAGZ|7*_f?6NxW96==DSdOzm#buY5msOXSX6qbN zoMq+Y*!lVS2P%m{qn0*FwuDbdwhuojCnAHwdvT(twCmLFQr7?X3Xkkw*)e;f$C3dv z^sd{$Wtq@ey|@H|=)k~0*P1`4r&9)TQk!WiLXRG$c64;e6Y$sjpKPb3spDJ>!7Su6 zIsiZ!=?~`>b(-NF8)@}9`lVa*{7IAhMw|hgX3{;-I2OUft{f=6CwSS4E>Ayr8WqP{ zEg>lxHgWi8SuXad^R%~5v4OmRAHjS7bLhsa-{3ruSYBRUEve0TCni2fwyfD>bbGJT0&m%2wq2{g}yOG zeWzcdImzffBDpI2!!!L}8A~?;|Mz#0;=lTCfGn2D1}-$f-LKhLL|cEfdEnAeSxZu2XB83XQ_o^;%nE-4IkD!&vjX=zd@E63a}jV`W!yn z9?K7Z)dJ+$V`jv%8zfHTG&E0M{A?i>{tdK9(Vl7YINX#r%XQ$8{eI<|caDqt8nmEA zZonMmqm@J+5wV7CFElrxu^Vip2x3Ui3VUsi%B+gKq8qKT9qGFIeigp7gigS_O$e8j zVey@k1Iikx&rbuaAT%OmiJn^7zYaAzYHF_Rd>uR#Og9e?sKDahVp|*HBdtx(eddge z&_zy6jC$a9`MeekuLlqJINtbm)Q{X>k!8Y zz3EU#%1HxlC>b$krkb1c{FlUZLHj%jr7@OFU&EJ}ZwY8hB%W$!%+}b(A7;B|g2~BV z9_P=Rt zlQ2FjGL-(JH(aIu>q2S_Z}-MP45W&`9T9#kBjaYpW{6LBnq=!XB&l}!nyu>JV`EPA ztTg51?~(5XJ_JaR?kBSXz1OdGBvS!NpN7<%w^$Mg8YR<~3@c6umJNC)%p%VA!|A-C@wk=43qfycoh;_Hd(Ph% zX)^$b)0h$Q$4ro6++XAQBt0{3Gk+T0K&QpZj#L{4o4qLkHQS;LYUB0Gg2|K16UVU& z>|!}02mIko(PXPdAS8{}I_!z3i-ywITI!NppfKG~WQDI@uXN+`<%LtC766^srQHa2 zp$V-IRuH0`X&a4KEGHdK@^Tx=zJ38NnkVzM;bP#eq@jU9L~SwPBa<>RGO7ta(|da+ zIpQLjxZIkc;|RDKgAzXP1Jdzm#E%+V&f+IT+A#?lZ>9x=g+a`SkfnARn7*JXK2SHc z?nik+sX5AF)&n%18^%Q1@k_{RH?wn-yRr7`-jPmSQf4ZgTaQC47Xw3N3#OeKZNE&^ z*@y`u+}|e0MW8`E#>%l9FFL~spK7}%dq4db2}Co!)Q8{HGC)bKq2?8$ z6haQ~(3rp2TZaQj^^r)P*oCsd3C&*==KvvaC&q^G9o7{+jSLkM9_mm zqS}`gb|>kT9c* zIVvS~~3xT6QutP%Q zE}*<6goSgnv*{fAWkvE2>F2xnwzKu;;NITeiDWF5SnWkh0)U5=7eoUM4^3n@Kn;#; z@^s{j=7z)(PfE+n--r;grhvUfdmQn{3>6!NvcP27i-e_)r+SG&;KkhUxaO zly)L~A5PJIr=$7rMF4bj)BdNEjD40rMi77W4<&FPntvUfa)ockq@#EcaBRxngn=q3 z@*9~7*AES^;2(>6UfsKo^SGFGtDN0;fL%81ym06|GhQXIU-2I z^_-U3yIxC;rJ?%mT7^SU*jN9ns7*9X0eB#*u)*l$B&l;H7AUb|4Ur%E0od{`vDz=+ z<&$QxuJROjfE^8}!+Ycx$QU~gxlW7Jf~7w+r@SVlgdj}lwVzuwBoVZvIif&RjPnuHi%j7#E*5K@me*CX4DP(@)$tqV{0@G6qNCMayvkI#a{jj^29Aw_>y7jzi7(jSD^b_XPv4&`CHxvzULwZp-32ynYNe zw1=54wPkP7zq)T|j8Sw94yudnZOdLgKS?hE@J@t=M-Y0@+ub6$AOa*JcTC>5r^``M zL4kc_jNf-_{NoBArDP183>)G-m;7FyQd@e685y zSdTji*6dDI6^;PXzv4wv&B9WiOXms!#8-3|4n9>1sP=Y`F8wkoV1GnH(PsHZGDQWt z4}n;SqgV+DnsqW=u(`7m#onlJEhor<-Y`;(F^X^Rg@B4=tb%gk7yJmp6La{q2+puz zjYf&W|H^sLfN&EAz8-DOU?l4alo1T_sDh)LWBK;u1uAHQyp{OlNl4qe9!Ec4Uw+tH zRcCGgYh`wHrYxQ99y1p)2G`_CiP_c9Npa142pyN^A5q22xA8kD)18osgUIda$ghce z2X$;$@3<-ua6Prjiy{v2))BDN6RIYkvjYSWptGr)e^|)*Of>;6maU zM!?IBgtS`9!28WVN|YcR0;Ur|#XTF#VTyt?3uZdgMC3+R@X`_pI5I+F^}3Jtj)RTu z*Ef}&v>8lKjH3J?cm_%#U9u)4DUJo>G`%z^5zQl@5sT zf?UrdWGfGyduc4KsALTr;jOrnQ}Jv{q1TF-50&MpD|-bZfs+^lL~{D;L-d_3V$GN2Yo4p{0M!d24?UZP(nJ+b)~<7aYoNX1~pDN)6PfHTV#=7T?6sDE02y&-zIMyS@Doq+05tcvzwjx@ughWXsYW%eFEfh<24ONR6`-DV< zXB!+g0TePWj5Lh4<`#OO^qkiAe=%s^JoB4qJ@uhV@X@IiO5g({&cp01bje>d(jcBH zn3iq28GZWZkLHY2Zk(9$)=#FK4onCOv%4k+lnfvwQJgRYHpL>k$Rw}G@}@|w|CN`j zvNF-!l3#p>`JhSs*ab0@VnihG^6PxRgn1img#k=VOk|z{uGWhn&u!44MSj=0dUH7N zkkXy5z*`-uXhBy%%@Bt3JD)FFl99%40d#=}CR)AGP)sWixI_9Lw?npB*7`WdOmT|U zBC?m}!Qxby$Oyi;D}o8e&csDEf^20LzOVivS?2ZX8O!C?B~WI$g*V-b`E5Kd2t;AG z5Tpz(Plr6K2t?6BVANvXDZ8e0+8HtfMH;t5$XCZI>5VJQVG8o(tnjqb6ki5+Z_KbV zdvHWSHo9-c^SAwZ3F4n!}}N$89YQoH(g%f~XPzi~6Z&JrNo99r)qVv;Ro^tJ8-^Cc;!)8_biO zn`IAOz{3#@T%H*6PyD!b=}~{Z-g!{IXv;u*`_qL$h|)93h|o-7+C`EF4*@r-ev-se zfQGZ2l)|+wd^3+0c2`l^F|pRlO<&>0+IElVY_t@7&r2eSlpswG)VfvZBy}eN?u@UP)2xp=;(qeEH0l z%|Ny3Y3;ja1`Kjxcy9_e2B0!)An`H!3M58P^6NXN#;UW(jv09~D}Em5jbYj{D~o90 z|CLl0npJ1x44=aw1w~+G8NjxBq{)3b4>9lEsDV-uFc1g5&x9 zo)tQv7Tp6jOS+r$)p*LeTvJy1)nrYnJ~AXPEJ2x1)?Zo+c=#Vt-)CAdca70|u5&*s zq{eq}4R&)r5P!U^L^r<3efx>zc~AF?EBhA5`9t$M6AW*e(v!jiRDr zzq@)~Sf(2ay6+N;GSlXF*n7U9Fl}e=pp0*j33t_~XZquS{Bf zJwLt(a40cptmYSZcq+q@n28n|qUW(9(}e&qL4RZJ0KqVo5Ks%;k#(|rqUyl?obMXr z|8xq911~zAI9oAu>pFk=_N?(_<#}!d43CmexoltZOT%}!D{(Jf5GZe1FYFA&5YqU6 z)5Sh;%o%-2cPtyQhqrsa^DvED`6RPmQB$$26xjj<2FQ}LI}2VEiIew;xH>DviN!d2ReV~!z0Q*2 zK4DK`H-1a`$R0Kx^4VoL>Bow2oBhrw$}8PULsKsE20xmG(^iGmPq#{o{x|_msk>OzXD?QVIT^?9v&H5<=n^0u<>KBQ+r`V8| zw2WWBepF1H|3(#r0)}|$)A)?EHtGZTQixEcZ@z(nS>Ex9=rmp8y}|8hV!w;#pdW## zB%@%0SGzN&$GHR4U&{dR0TmUeC)Q?Fe1wdztlBWpVMR`*0o}yyo@M#R^jGhHh}rH57F3kdO5qFp+LNE}u57w&e3SyKt{s*zC)<+gau= z4ndo zBDA2sxv2_sHLm1uY=tr)(r8?L$hR8@M4{vo?SKq&Us?*4t07t(IIqa2hURM~aEP3f zT3{fq+&YMU>3hr=Bk{5ARd#v@<7$`hjP>G62wtQLDfIsR`yZVi91iiL2P642)PH397F5Q|(vnQTz(fuYx z`pmc`x_In{HX^r-g?1@|mlcQ^AJ0(|*}g$seLc@WF=TD;0oT;yKLq)WNi~aJO%MJHZGHaRk&@6&E_~z*Fw{xHD$Z)E_3MzrL%aDm|*<+q$mwVtm(hy6dm$ zFB8TyrH5NjUZedM@K;{gFxD2Z2Zr2z!LORR_YJyK+W&OilKNa>a-Q-thnV%W_8~X4 zQEZ zdE^4Eend~22yP-I=DLuj0Ji*{d1R@SNBu8ogJ%C|hAQy4e<6Wa{IkTsL$Ezz-;x05 zb*xRAI=%%FaW3UN3Ns^y(^_vLOxAn*9Z9%j@v>wS_z9d2tWYx8Oo z#QO4mh=Q&DoAUL0^Fa2@fC8NpT4XfqNCsEHD$in7q2dr_q%ut&$#nJ?$mYeb<`?qE zYx(hywd1fhq)HJ%XYtm0*JXJkgspldeiuYp-(Kw8LxRu=tnvazTTzaXcK`|ot1t^Y z<7F(&$jom$4kc_$+ysbVb13@aeP}eTS(Ms3x!n1i4l_;Y?nUz`!aUxt^2GOdR_#}{ zCmE>>-(CtNF?q5DaaCNvAEP_ke<((SD3==eT&Lc<|6S0shD3D!v~VEF^MfP9w-C_} zjhC>Ed$4Z-vz)tq-xr>Sys;qGGVokUMTt=v|64!qvqGU$FRC(^K1$3vLVaaI0gb}C z8?nd7K{7$H%R&<+F$`LgBjPHnqICtrLKOV;8UqwG9?OZ(1A7qX7|WgN14%vGsJ4L} zUVHdHrTYf6@sfOZm~)O^2#43g=XcWi)xdt69W{FXVUf;xvx0S1WhT#?vA=N(Vs;`& zpPoM9$A{=obL#}5HL+NldnWHd#7;Ju>wnY+=ASpa&8ZTvgUuZur&w}E-!G=#fZ&yg zjVoB7=oy<4C~~UA^>X<4q^KmMtUX!v;3(?!vnZpo%?1y6fdalB41Y2xC_x?HYiRqc zsj@5IbO!7l3MBF{@5pL<7l6qBt|OZ7XL<=$3ks`gK`8QgK#v<#o8_YFT=?OmvXF!5 z2sxroj*T`GTbQhd?AQ@-8|1puZ@C%!YIMPqa;Omr+mT;Tfv7Y z)5$udOO&3r_#DYYRmd3CA}9biVT7!;5SRZHaC7o>tPfJ-m;V-kbTSN$KNjjqHOh{d z*lecE8m&k0TDSVW>w+d#gzk- zRD5T#@|>+|Uli+MtaZm$_|e1AkjR>Cq1_jkg&u=vrsRJPM%mO+!#dwfuuJ{rMo>2d za4}*DcsG4QiOo{^d^pPX?jI(JNN~<2xL4zm|LQ>1R1b-90>`n6uq18t z9-mL&)H$B!X7U!CtO>$U97YXsHbSQ5$EsoNJcin}P|`mu&q_qDHYp1-9p`@aAKoM- z$Jv-(c@U5ARd)85bILOpY!m9GG~q%$Y)PS`#M=Y6{_OOqbNMa|lK;`QOu%&=g<=Py zniA2&LdoLaB)3Vst$>(ibxUPZ+2qt>CxPaO16QE z*k9?Yqp{)E;TH#^ZIjhg6-$5nZ3%LJ?vPprr8n3e0Fo^7-v3FNRY8v|EHkK*m7wLb zdIPfqVPxPW#m>sASfF(e3yVDB>>C39SsIo29+ITp9t+!|i)JBetwLh^RI@U$s};Lk zZt{I+q9T6KE)kOrCV{9J$GR?GjTo$#_+G6%1~sCbGw+@k1V2Wa-jD!Yn^K4tZ)lsm{rES@gImv5;1Zwu=X{xxTs6)v0n|-j zuMQkXB0kZ!LQn4bsnbTtS_2_3l83tKIHDt8kKrQpS4o^ojko!P-Ttd?Cg}o5A7aTv zI7n=y9sy+Ul$EjmvqQZ3?8aI03vxz?KV1(^3V0Y!uxV1BNgl-`EC+rkOEZAfr#mn* zfhk?muO6nZ|Ii{e3>E@HoL0A?;JsV&;_>@j_es8z zdawQ)LGU0WU|BJW8wMTK_|yk`O|T>rg5v<7(_`r$ljH9S7(5@T?a8&jdeg!ngn zUBAe#bQZ`I?p6-2xxk6!#evfkD$>7Y;NPBWbF(=m(lS@8O&)9s*xJ) zs!wqgpDR~J>z736&iful(fWq7A8|a>0}e20OM>Q|yNl~4fks7vm6i^MphdA4-JA{e zD%pJosyUv+M+cS@r*B`jfV#=UNb;))HBlzhE@$DzI!RNb?`fSoAc43TgczMGzh%1$8J@())qwR zmaHVIZrW3O`tj%>kn{=2npE&dlSbRAq0$1lZ8#ppddAfD|5EL63#Iqv^dTWX!-yY$ za$9KQP+lA;F%mV-=OrSTZGJ9jQ{|>3)*AJL&;QnW*ka23+KIR{zbKM z_glh8g^^on{hs@V@7gvzmk|Ef2R+w2!~Md`mujFpX17A%A8!Ge3r)CzlZ4y2Lv-;& z9dRBiV|~17l8RF5dtnE~Epa|Fmu3!*>rSy9S4m-=D$OsK(QZ3x4o$%HlgPjzvE}>h zKmG&!p4EtsznrDLr@;(V#`Sp9S{jPbW95B+e3z({ofQ!8!6~ryOKn@WZGrp0;j=ps|jt4$w-xO4ybHngt98KakqQ*}sp0vG66e z<8uqI6VNmSB7&^j`>d;~IZc#A4f7FTJ{GQXGz&@G1AoI%kJHu>$emc*4dn7H7bfNrzC0ML>78cL{b3~(o|gk5I^rFm`h?& zJKwfiZ^FaFLozJmHE$^pLhmz&6HD&94uS-Uv88XJI&~oDa2!}Dv?(sPH#Sb)Jid*L zXtt2wodg7xwsX6ttDyV)YOb1+?0dmjl0VyGcRjEQc)5Bm*HX>ru;vV-jx=Io|M5tC zu$C}%fRdfyD|scK=CFJV3QYGTdfTK1nLX1szWWf6bsAptcP24Fv;QiMNm+IC_I|qW zcF#Szj2XN+TqqE1Yyy_2W4XSeL32{;q59i1exOvKO4$3bV|m{{U& zHp3+a3xZ{oXa6I}FbJV;LwKG!OtbLOukU@08pT7oQJA&8RydwksGsai7lLzHwALe_ zuKb?*pwlyS2WwgjST>QUs9u>2xpu*5&&T`$99NXW+ zTxC(k5!wcyO;&=s&6&15zB{!52*~KIAhTpXF$TX4<;gwnTDN*dhDHw6dL#bIXBsqA z#u`6_`oyXn&1$8;ffzbQM#d;=<^oLIAHl_WC=kV4L6U?eem~i<;Cp=`+)sLo+)4O% z76Fy?Z~Ycyrr5fCKoRfMZx*VW!s3_%wNFcd_E}gDl$<1%Q3jSr(ZVd=v;zK1&}rr~ zBQC_v6kUp`WqJhyaqCZ9PjFFy+b+m^>yDj;U|Ck~`ZQ>QjcaLWG9CVh=SkibkAY17o7H1Ry$rrJ4Wk2t|DR?+12 zzDpqlAK0hB1Q46SlesAAcMA1^OAkx~{32Sn6#Vk9@5{GN)4QSTdq&JMsI1fGys(yu zss@c^iwE)J;Qk_IhW8fxKq1j34(kE2|MD7o-+hmHz?5k&G6rnb7KC(CTwjGC2QS=kIfGSclO5cziWKgE1d^*ko~mtq7nT|L4_X7?EDy zo-BQ4X(CvYe%ZF07f1}{JkB}YTi~qkJZ;2*fFM9vJtBdEIGc0W z=Up?_f{A~$Mt!S{cz{Qt^P+iSxnAW&D#!RD$KJR#mpl26Mt!5q^!vpE><011)PS`r zYo^c+ab{6VbREq(3Q=�~_|^@jE^RxFgl2zk#qRkQOBeu%b^uwR4vdW(T-^KmqZK zy<9>8R_+jxhNFC!5f_FuZT9*I61bv&kEN5>JlvRSfpn8W^YYyY2wdiKo9A4Tw9IkP z0zC3h%p1p>9%kA9ey>scYk;$MTMf(dRm+|l`Rt!bA^f?&p;Qk}y$Z!MTp**pDhBOW zYsmcLusn@EoM_dLZLe#;=I%X{9QSL31%*UMM{mwN&6AIW{`&Pxabq|uAAE2d1C4hX zG(Nw9S8EJl@b1SzSQe)Fs^(u@CIkwTKD_5BYWaolY=6;Qu5(LNU~j@ND@M-Tc2D}HNxPZjnG0!&1c7=9_|+O#N8JZnfO#WZ#QvU zF|pGBtM(EX%jhaaC%wKhoActs0$I;pY?_M3%#=rzY$XN7R?H(_qc0>zpfjJZ{umOExyqSvJ=MqNEU(Hr{u`c{4-r^+rMIo&;#%{$+oHMOni&0B9rc@8^O5OvaU^^>u~26wS0VMg7(9u?h}_mwXI(O~`WN z_W^$|Y+VUN$RC6Ni5Vv&AvgvQ1ri%t0(I7%e*++=;^N}O3gE6q7ZnxNQdd_mK_Mc0 zph&*JGfo!GUEA?8?A&qfxje%%L$OQzs))F_4!DsNBtwB=p51<3AOj+O3nH)?VXM8J&iuM1Ud`_MnAoKUvi5G3cd4aEE`y>&l*_ z*q`pR3p24(uXpIB#mUcJ_Hba6wpi=7z6U(q6!TeR`qA zM`txH?O8Q&X7#sY|1|$mZNtvR6$7l*@{h0ogi<6VPShyI(*jc(Ngdh*9j||2vdf80?4VgDp z5T+MjK>gs=a>MO1UU5lKd#y%gbQs1`o*<2ykYMzTzH#C6*gXt`G;cBOj{_62^ZJ02E|#-q&Nzzs2) z6Zp4yx7lutk$6b=>HpF_k3sO=9i3u;`C0l2Y32o3`=gY%y%+u2=)Yw=wz9l_#UQSC{2eaD+h!@NagzzoL<(VVxDt%xH1%+zVh>n{*6kj zOk&g)(8{kJuME=;{nHHWr3GR#KoEC_2S@f$3@Jrvxh;PII=8Qi>BM=YL8OKv8i&?s zucaVD>(803x z?c68V=daTE?KmsWCD7-HqCtRThPVz}dG%Y-yC$8sDG#CFHH#Sz9!sA)8A=)uWRuxX zb*>j|8`vg)$BEJArhFfOiLn|PzMcMtPs-%*Wej{jJg~0$uX4@lGovdHxq1=Rk;=ld zx(ou3R*#qp%=-+)-ZtK&BCFjEd~av!XK z!UK5wRp(XL)er}4*HAFRjh}{%N?`D33N;J52dux;(do|GuRvUrI7|zU|4M^PnGW6s zvM7+vl2kJW0qV7b)gDJAN3ZM~lsIpr5T-av6dw;dbc!O=glm>Ww>QeNANXy$ids!5 zVtdhN<>V-ir5)|CH(r6~4O(ewXQvE8lQX_ogOAxv#U_Nv9%HSD4w&Qhk$mS@S8YcE zAZQK&7Ur)t3F#o1i9ld)9D|I*)WVinNN)N*{0yY}hV`v%VBB5+opzVCuyBK&bm(y) zzFO3MkP-#8sgvYra$I7KG>o%RlHwOjQrsI$MOo798+)AjoI}gPj{e6&9m6frtzd)b zhOa)g?fG7AUcHQ292FIcP5(P~kPwIssiO7nef17~OD*X0=jy6Wv)W_a0rffL2;q2$ z>f3_bFq{XkElVut(#1xz1Z1Fl<*F)&BIN1=ZEXcrL!!=pQN#DRpxp4$CvK@8R>!fP zJkjp?PbvB;f$`b^r+;JSJc0 zY4ZtC>+szUs$Z*P4?lh_EP8{}_JP7gCKfI4KEFKu6C8xw@un7FwCJ77W#ReoT-mU~ z`^0SY({XwpZ>W2Kex1Rv+FZM!h^%=UP}mq4F|`bVcAXKbw1AXDB+AkcBR2fl8A=wA}-v20(gHNM$#^(P0)lcaam!0+l$pY$od0hP{uc z&iGY_K}cA1aeAlkLzbo`PnIOIKlzAu7$DiV zb#HHv(FQyJcAHyEOCqMWAEcT_xhSAx;t^pCRVS<*f$#;+kugJ@6N2q>eN+w@B}kKQ zr1&Bi#i|{Ya6gO^b#N7>a}_yTmG|Tr{H$PVZYr7?IuP?n62fSyut= z?3a6+D}o>j^`il0Ru()aHcknUjLm8LtW4!kfy#{@175l`1(r>oOPBH6Ur@Jwi?Td+ z6brD6trXn)U@L+8>}m+4x7ic~@loKDEJRvaEAL-RID9Eeweqj`7$JilFV4!XzH%QK zd}p@dOnKj>1^dhvbQ>`wz82ut06B=n8ZyHKP$&DO;69|w#ILqNAn(vT;>=2xUbaft z06kC7wWpcdGWa}JU!i1;x61gMQ>ylSMa-;l+~;z7{Rt|b@$eO*D!^S%Aj+dnZ&!w) z&ozA*3>w=jlwl!-H$iFsSEnq8>xRc+W3j;PXtGfR@K1ed)LiF5L`=ZX>Is+Mu91`v zi?cc;ZfKw5+|S1H`RLmcEsU4q3_?GWw<9>CU=_-gLpgz?4I zOGUB0{SutfW|0ygg}Dm=vAqP~KOqQ{d^-^v6`91SXy^Zj-TVd*@&O|ZOyH3wrYDWW zMioxVPf{mUERTkVd+)=z_%n014~)v}q;rX1G;^XF0dWo}i0?#vZYymJdh;V`sPr|D zaXn&~cy?wgWLU$4t+JF@)lWCaQLDBvJoH$skkt70j0NIXp(@k#;xdWswY!F4LunRH z_k3ekZiN!9xUfy>j#fZ}lB7?yCJwq>mOTiqAG0r@|L{*H7?oXH2eFF{Iexq~^4{j) zzM?g-fqAN4o@rVMXUH(*19_+tMYj^2%MZiHtG*%W+?5$6bp~2F!;RU4Q0BCGUg*_F z&%w^Pt9Q<0+k|!ZKWqho7|^fzu~52Jjzari8$I`6MdF8sRaK-7qt}%+(+|2WZ7$N=G{^@&d|(N;f6AdS1mZG)FIm5$6gaC-0mkrTX`tGG!>C&G z+!)Mf#PH9xwFQBHFO+Io^;k8Vt21WHi*p!uYQJiwClC?SX#Adj)cdE(Yt{vRsz3=H z&wUy202Sj{yocGf8y_l5x4?FV)4A33txS++7e1XKxPF8#cv0hjA4aY0wpU~8qMyCy z&zTt)?|#20)p?dYeDj0O7l*%ZqJsrjcRKr<(3nPy*3( z+Fp%It9(ObfawjM;YMt%o&b;d?_4(2ctPoJXCJ-a#-nF=yChXV{90M0!^_XV;sYJm zQv9X$>iMo}vecp)iPW4z^5ez#OkSOPRd(^0<45>3G=6&2=JhwTr{G?ew6gzO+4F9l zGd=TZ9)7rzsKf56=U5#@NXYO=F;vhGs3IXHRv;ZO!#igTr<2p;I1^pe%ukxH$`uc? ze_7#3I!GDz3pkHo>#+fpiW{t1b!pEqNb;BV?+((>E#+qww30HtzPmgMl~t5RJtAyp zc$yRGa~Qddbd?LmGkiZ32on1C_vGW^odC6+yV#0HhxKT0lgMUqY01LXOavqu>;{MQ zBytM=t;rIsSRp{g6}1$0(nAED7Fqt3KPsUku0)-vbPoxkZ6TBXoVO)vb8*aZMGEIN z^-?n=I1*VoAFfb3^LoL9G>z95A!H5h{}chE*jBu|w7lyOS^IXqwyfih3x_i(pZ7L7>jiftNM>!R^23R^wPJ0bog0XS`*L1cvg&4% z568%5uPE+hHyQE61was+_o^hVzlefv{9x7m=Y^G0Z^F2UvTG3nn)oH;h6 zmM!Ok-&!XE-uo;X=Zk@TXD6tF;LWH~ZiYFm4CH_{^S9P=1bXVt%?&A=|9n+2(sRK4 zL3Q?AMudOu*^S&&NoSpMJp=nk59N9&{R>_|;37VU%s_Q0vwZ2|M|t&wj8ez7<~)NW zl^R-q%%?Xs^!GQ4Pjm4v{Tb02S;N1Jw#MvhhAj|i{m*HUpC=1mcR+j@TFL)|YPF37 zdR!yr=acX?w<7#_#>BT}yd7TnFwZS)*{q^mPu>x_vbx&W-ybzNI0%VZe*Mx+6crLr zE17qfXlPpii*y89VSaQ703C=w-#Kr(RdU<|1U(mj!sMp>Y;~$e+OV2NCwq!RWes#; z`12FLKsBB3rMXQG0zrSU&~?EFdqxO#p=naj=X5F1A{CBk6Sdsy(}{PW)14Z+Iikmy zk0zD=+%m~-bMfXyJ$tbdE2oPcHQ`3@o#37$&0*Ft7Y&DZ!+6B*Mhf@f{LIU}Xsjq1 z>HCMH$!o{8B3O3&6N$Y=QM1N=rq@Nt>xa`593euGFIv-OhRLAH;0cgHbMn4Dx{JYQ z=i%WoCT|skLF*W&1p&uo#hzQA6n`#s3 zbfQL>(8>!9fRa^ae@{N(7moF$@}-Qj`qhqAX@B{!`Q1A1Hl42Ya=QpstUs;!m;Qg( z8}$FKoqeDx*>67qV5EQTG8iXjW_qRAQ?Oe5iML=HVZBTv7wq)0nQp{_NxVK!=m%1u zHSPE>ihx}gKm?&;ysiXg4y0@go4@$B>uOxzmMvyKx1!7HH0=|80F#$j8hw*|Bk;N` zxx(+Azp05ymp92q&k?L;^=y|0{L|u_rKoT6go&dJ8tC3J?<|P{%QRn8&u=p*tlEqF zkONrk_t*Bj(^T))jj_xD@9SEcPkGhi=5|Lu!IGjhl?$#$$u~4MZH} zB@5Fu1SGL-&=EmZK|UbjEmQpH{BHt}v&4rAJ>Rwdlwym$aDPvE+pHu{=1`ZT;-ztR zD3XU5!>0d2-zh7jo9YNnm<=74eo0Goc?%?O3gL+BNAl2@QX&sMIQumq+FBZts!<#O z5(dWXw8xg9j-wU;8r>>^)PI65cmImZJ+d%&uZrIrbGZ+ju@92n-7%PTw=sPif6{wf zQN4e-K2Qt-U{>ySVl2q#4}ng(ft*}yzYhmKwsBTFtNH%Ux32@Hl};8EVtrSZ-_-V> z+S`kL;;cTj{CpPc!2hUCe5^pnzOMRps)x(ISfGdG;Y?$(vZo|SC8HJF-&Ei(OoM0G ze-eCI#cg_m-8*$)wYp;e*G$-f@4_lOxFbhWU%Qhyyx4cn5DhXf(PBTzqZ8{<;KHQe zT7wX6V1%eX`v%|m^s`TjjCxE%+P`Ikf{rRTU% z6s!o@_6Jdskz>k|hX)4?fUVi~U1%z5MyCB5!Ez42Ao4T}MHV0d)ff~9X@Sup`MSw4qe)0W?_?5CSnQzPIB47Ao>&y_UQ zD8IDzi92sHfF(wfJs8OI5kzXnyZHPb)H_$-`vdMws#{?i8ldV%^d974R>eebW$M_{ z;bqbTY_`YZQ>F7Bl)3>7_{EQ zo9ZQ%$3=Is&VN|t20EO;qxb()xrPxYk@OS7i+=iI;!g>GoXeKUd%pZZlXr4UPze>| zH@h)Azu0M3Pk-@g(ZIv4)Cpna4<1xGD-NwNB1x*>nvn6cqLRCN3|4{&GCKf?Ohj>E zc#xOMymIaU;wo1Ez;6|RA+mR9YXGFtCGcFd8!#*(zqndgEr4{Q;=tR#NKhMtN|xh) z`XMb@W=KWTk}lw!0RY&McY>e;%9+641O{Y{t){~$A~=XhUgT%st-nnUK);B!dsP8e z2y`GLqg>;FgFqx0!h@F6vjuDky1##i*n)8&=~E7!awy@WC)2fr4bZvx$CFtm$-y0~ zLH~!e_l~FfkN^Ii<5(wT99zgd$foQ)4rM1IBV-dHn`5tRMOnulWtEW;A|ZQZWoM7b zjEw7b`h5Smez)82y8gNHUv7Ax_c^cE`}KT2ACLRPZ+C|I_R*uDm>1DH$0k)4!GE%! z9L~@o@`RV|1RNS(;=eK}dA~pPp(RI~Yp0SJRe2=a=(r+)qkwK3^`4eo3W1UP#>8DY zXBkC0Gl7hzj#gvP6xciAjCs|T2LlN=E|iR-V>i$v4+Hndtr*G0)SqJ5Bzy7)OfWiI0G9ve zwQJYN4bp)*+m5aW8jzQiKf@2oUX^|A=$_q* z!AHU(PK%lZh`U;M4sIudN&U@%pCCl)H5AW32r#cqw&iag4hOu?0ZtQ!KHuW}fZ+vc z5@bF4>}7`9MX&APt%Q#wRudLanD8d`)5wgckH|=nt@0gx^(79JIOJzLCywu=?woi; zuweCPxq?LTXK0n%WBwy55cr>11iP2E!Gks|(vw%>uXAyR?r8Mayokr+T854Ocikhb zyav;1T(3MKc>SDa1rPK!?S9|%qW>_bi;Dmu>BB;AyOzYg%U4Glk45^rXTC?~Ss4rj z7QkRT1rsKLhn)R$o|@b9PX;)i1sx{Oec>9C9gQ3dXyFh`IgVWXt@ZOSf+tud6Gkj> zZjNPpS_&w!u6xd8+za3bnQ~E#D4m5YjUQuTK#MSDdeKifK5U5eYeSYy@pfjFNCt^b=F7Ca@V%i#LDt?CgfzA&J z_%37;m(DH*pat6yDf?m75?WRFqrEReBw@XUQ>w0g>0H zW)CUZPK7Fe+P_;~_ey`FrD~X+vK4AE+({Td;5xIS>mz;!E@7+#b zf?Pjk#DlDl95`0VHLc|y+2UVQowY{lI6c066X}von@N8?1z?!!Jo9YDA%`*!Ny~_7 z>Z*C>3SAT)LXbgZBod^40Vf=GK!=T&Vf4p=IZ)%^qzRZ8f$r-y8~_Mn{0oL9(JSdV z07mt_JvuTJY^MR_acy4ZM2@S=4osn@Z z9mn57nT9M>OB9WFnkoFow*X9{Ko1p$_bBp@ERN0h8<#urXQE5qvG<*qqhEP!T)w`q z@cB45$tY*MB|~74#*=vexTvTIIwRD;8mc%D8j@akis2wR_vb(2k;?K-%ToB%`=tLB z@r+7r<8GmS-0hL5GIYX2Zl^0zcXAaRcIhT+4YnYoymt(LrXDrEAC>M%ME|QZS1Z)O zY+2*~CQ-eA@OfLXr84Bj4nKVt48~#!a=dX0c0BYQr222El@;O$|B(6s!d$ zy7EHq*472x9U%WZT?9%V3M`bdKLhuBxUf?=-?PI~*GpYF^h(rii!W53q+Y*f$cG_Q z4X1y1TRW{?)#4e+x4?`~(>&nlrR(KyNi=kfb3q)P0<8bBqO1t#JbAhZstMMCOI}5+nNet5%mT_?RrrvbwTjxLCUYv2L*29a+t#{c znKK@NX7_0Bd_*RN`8~fZFf}l@%22s+Tjxt0106nIwi?*_O3>|r2a)ZkOpSfnoKDa5 zoW_jRs{Qj0X)nKh>DRKHcPBM_Gw;*$|5dvl5*+{UYF7^P_5VM$YfT$gYnCLYpHba_ znVWE=!niNehkMC~`ug1;yN0Qv?ZPsNy9Wle#F_bwYjjlCThI6J8aI0jJv1?i^e`ZzUR(^z%@aQScQ#SP@hY5(j>ps5T!+G8{>1jqZb_VqhkSj4IaMeSMU;{>CN*n>H%ak@QWDyO;Q+^o-xKEegcpM_mX^J zUF-P?vJ|sXg0>Lf-VTtANyg}10D-^-HT;gZAG$FXP?Z)FG8W7&Ho}zO zN*yig=6am1KBxDq;ER(S)#&(|>8Rvq`l_hm*T=t{@L2e;I1@b#(?Oo+`Px468zvF- zZDwU0m8Rzhiz=RQ4#_?Fs!L-u^}^(@Fk6Y?3U`5tl@Q;#E!T~7XH};077Z`90!GuB zrF)^R8N85A_Ra`@kysa|`fp;Pb_^#3FCre^(!q0dPR=^LCX@3cZ9O zUG;I1D?<9Z8CfDk2Z#qV*C#sw(XCh7e^6x-l|7e=)qL8M4gz-Hi5*plzP{xC%k0T7V*Fl+?)IIn z$h`E2pSF^m1YFdHYN)qL9H)NMk8d5Qd;Gn>dh_2IYA>Yy0D(cj%6C8csO#7>HSaN? zRCBYobwjPukx_Z^eQ9j{BX%MEqYRWk~5bbV)^^4)|PL{?0V z;bc-ji5$R(tK6`8O@tA2)4QR413{6jxly&5B^x3I}?dhsB@3|?yf zAVs6>Mi9R5kSNG)uY5-?7o_Bl!HO9>+pu#uwzLvnou>&gy7~o_k10guLxJGQwQsQx z^Kt_K&^l2vjhqlcov;^-F47Tf_*{5+1H2F3VLVL8aHqH>#v>)=o~h;2OmsJQN3}l4aK$BS8%$G`-ke#|Ix?1%hg0pnh$l zdK*9ssmEs=A4OWcCLpt+(5BhA<)wM%r{sHyGR{6bE};Zv&P#Fr)q8D6IX6%XK8U>c z%l;iMOs&ctLD?!<>^kz2x{<85&u=@!zX*zuOGe zcC0>>)y5C^mz1-bl@Kq!>!tl+A_vdZkBq(Xde-}ZylTe(2hH@WX_V`b+bfAUBhT0I z#y&9;H&{IGDE2-$C>Z06gAmwfXj1eMKXl--D0~ZJ6DgQb;Wbd^agp&+x&Emm)raam z&m*-Z$+QZrKJa~6S={RhJ zK^DbFMUi#(qY1_JymN2}0MEZ!m|k}QD~Zp9;!U{{BmU$&(hT5DJT~Uj9Th1!-u+#LMX@UM+&kyP(8l391R)csUwtmP2pVB-5nYUhiudt=p#@J{;k_@bIeN>{1O zcW?B*(0H8H8<+cdT{PpA%r za8$>xM;_JZL=5$ca;o6!%pBrnBAjh+s6#}Vh z80zG5ZQn<{FYhNx`wWP|H$p>v<3glGL_mO_Ldi|}X}r46=6zl`Rq_tF4y1{su&x{7 z{gYn6q{wPOlz&y?EN>0@VTGXXYJVOfDHi~bpI)lMdZP6;K%-6Z4G%0zB*58Y)V z$5WQtYZ*4r#%%!B!fPuIANwO#7J+g9ehbawvm{jP=#{rAd`p^E#d>^s(_EWSQ_ z{>{k>MzY_x9;mks-6qQJ&*gL zRrzT4*>*Fy*Stq|)~1=GBe7PLQ~gh{7;0CU4b!nwAVa+Zqjl?V-FZyO5GMbY}CxD>bCgBLJMD+8QW^kWkDJU*!Xe0_M(=xqPqm4KhPO6Ka zQmof9&$C!_ln9gsbopge;V^~2Gnw_6jN^EKe9w@uHRA!&Viwqpl+}RS5(3kC_o8QV zO!c(04z(zs3bki&y%gGynNVc7-z>XH?|Lhf23}RIt!ittirq7sVc{Vb>Gd#j1?3IE z;ti8+)czkWW5ZHrFZJ@WM*X1i$jU6u`pD|2b@hhm)NZ4E{lFuNt!D?dK%ZdyT2Z@1aehX8 zG>)p`@Ha%SpwzQ+<61iqT>*tw$xW-}^>Z7iSu%*9**U|DaaDTkxT9N9a%blUgH)69 zFx(C8N%LPI9#y#uY%t*dPY$Q-n8|pv-1hvW#E>-?T494-AJS1NFI78C2EJ_^ngWSgR>lWr1 zC+9I%2S)-k{;(vDvNCRXR_MB#c+4IOU4Ui10%!h{bCA1h<6vX+Z*qg8Xmq6_(2>73 zvF)!FE^|bP!QuS|^!8p9KH0KBO<}%fUt-0cGryw7xqbRx_*PTo*Qb?Fm1adcPyOyM zK;g!Z@)Mzm#9yJhY6U#(+A>(y;gU57a!$xIAxSclr6zq;*R;?STG9@_0N zr+tYhqDN8KEzmlbjCtrGK$6;r{K?c2xzDKZ*}+;40>4x(j%8=Zi1ExZ&vAitMAV>- zll{hwOV8TJjsY}OFc?4fWyE<$bEjt>KGDR{3lF&`I!N(vN%Y}B1+3o@K@zT%IX{k3 zz;%tTVuXC?*9cO?g=n zNb87Efr;CxNZk-@+aC}{+E3MzL^kOY8(~W1BAJ;*ni(<2rO1M>&r5RUg~am6(s$^( zdhGn}V7%CKuU#Po>>)#XJG2i2S~)FIwrSltt;Neazi6 zpC3Z4*Bv3KBxFqA&aLJmyGqmjH035_E&QODA6YQYL}jmPrxc^5`i!1}6)!!PnpE02 zm-RjRb^7o)LJWo?$3}Z65wwLHZzkw9q21LaDHs`)$#vFnyc2CbRDX-+(Ez(@=%djg zfEE%Ogj!&yx!BIV0(FJRcET22qA>!zXK3#P@5)Xp#1dhB6mlD zhU@zLlh=USvle;~GMY(;lxNTrr$QYBk52&cjoDY<$g(Vpu=hXsNlYTy}gqYGz5xr#BU&s*ERA`ripSm~?*yzq+M_PAFeB}9X zU*&5$s{5qcxWzy+(@g;3MvS4TIta&XY zJ|D+$M~j9cF+21@!E2f4fJLKR5oD83@c8lLu_8@|qygMwCZ8XhV(=20q49BQw$mt9 z3m9|4;~wUGT6+24AdRP>!PMbzsa(Y4pv>!ewD!)C?n#3LNl@rP9MHa$hK^^ z@fuiaWK@?A6mjtS?9t6Z;=?7^02P~27e_uUA|hsK1yEq3oh@ij({ga%EO%X_zD2fG zb)_dk@q?jxlv%*w|0Z_IO7F^nAVclrf`z03MQ zc#`+gab6EeQtjb%((2K12|;_qPnqR{7z!l&#ky{DYo##HZncdY{O;R5y54K;$KpZF z3CLEOsY`LJUj;~W9BzjDQ>>D)f^Wu>_4v(HJ9Y@s`2C+a&5=d@jE=Df8#%SoeSW(nA>=b7R&KBZ@Ofo1J{xi!%O-GL`=0I>x-t$86YgjZCzYtDa9WzdZaD%COOzHcCKQYFX9gnJ zteBNOs$`gcRyvjPby+bobGA|wb3a;t6Q({zA?$rH23#2b{8q_=HyIjPIqr;!78q>l zB-VjpakbI8%(p_cq6-1lBU4kAUk81!MN}Gz8O_A!((m75>+CC`LZ^`0GP(x;Qp6f& zOvCo!h-FI~&s+=I{QdOLbZZ1$OuN^P$i)rE5Ex2w*6Tgtpsr>T;q}@aiv|KqPEJRq zv8A<~AnF}0-TN{8S|tr=_YhX+F?P%a@9MJ>Aa5@TmiH(bH zL=7}v01T+1-C&%LW(*SVTgMN3Q0VF}G!JFmdLbX;gpS2VT1J0ec$A+{&Pk`lJJO7j zff9q~4HRinWQZna^r#W)^tl;h0WzuJ&7-(@{=e4g!x{GgCXH~78Pq;f6s&wD{Wuo6 zDddfuH~R@)gQ1QE{1EoUSP~1xr``w=HY&E8l#AXi=Kw+a-$h|{iO*3tX~Ibr=;9cy z$3a9P0XWS)%tk9Zl&V1>5X<{apYz09GQ~s-;{@n<$;J}Bau=r8A zE;{8!(k>9X%FQ<53OlBg(~)|rUh{I#Q@sg<7cc&>O|z&;?a?lPL)b|0kPN4ojw_%8 z=UmHUMR6!z8xv?f*Au@o0=_h5p2Xy^lNc1<>VrSq9|mE{7+Hut%9}*lu1a9K+S2k4 z_6Y=-MgN(+f)bvwV=ym+;u7A!8-s_ri{!D?s~OOo4S*AVIYT4}jnCsk;k8@!%}G0q zA<6AgJCAfdh`ZaK3vP!7q%bR)MYe8kEq8f4`^*BbY^T!zT{zeO{s+LS^!-*3ENY=+ z3O9X}bCFR3L7;{AF6}0{N6#ho4M{6)+k2TC(S~T)uZK@dK{Cka!HXxfv#q--^-txJ zwuNN;R@ExayTJ8^c3A#CDba~Q7;S`vq@|_VDZH6_oqetG-Lbg7L&)xFa6(>!@qCOe*7JkmuCq; z(jac>kKg_7F@I3BZ9go)g{Ob%>*-PV;Nr0yhGAb5G8syIKIMXcG5#zDMx<}o``EF1 zX7>q##N7MMarS##oo>wD-?g<}fm=v%@$YYVAKnBna%VaKaI}d!QG)muN}DUA#evHU zuKLP!@AH7x$GHA6rStUrIDe3cT6+T2ELhT~9ucxlQBiTS32Bpz^Skgv+?oCMrx9>ucW_>MFf;(X5KHc5_OSl^9b`fa@^;}7!@lG@_; z;#9K==(DIt=4Gfs7Y~ZW+=g`amT1evAPeXa8;LwJa`LPV_m6(NvLwtBZ&a`D1ZSE8 z-0**IacUZf@G-yI0FzK+W5@R~EoQBOe4I~5^$N2LR-WR7hTIxkhDCNJ);0<7O|GfZ zRQl@s`ya3JL<9Yermal(&xgO%_~yTKjYfPbx?eoc=^%P0`ub5I3iA0eg6iOnbPnFo zx%2HqwX{ws`!uPM9!TxoI(1*1k@G){x}2Z$L94jAJe8KY^Jz9UBRgZp&eAewC!zX; z^mvY}>ST`W?sm0>!ixyYVs7N8GIUlRN==>&rVNq7tjX;Xi2Tw^{Z)~9;xiYSCEL{Z zD|6m|&ENd_bFI&7scCAZrKR8ezf(UM!?BRfeEG5*A3l5Jo070Q+`ePUEh`)BV*Mm~ zYc=>VDE>wBy{?2v5Vvr%{a0Y_@*+(hXqnQf+S^ZT1iJ8pk!DtMa&qVIy*vEBk|&?O zs4?&B?GG5ctLLz3u<}S>Pp|XTT=TB}fQXEYQeVeyaW0=gn^jM+x5swQ=kp|Tgs2{N z4VK-wZU#^kGN`j0?Zvw}3JQEB_nK7j9WP3!3fRW1S_sM|T!Y`c%vO%cj(+&1bI_yK zJ;K+hD*yPvMb5#p$`BHA>gcqweA=tQlf3=Xg!DUHhgRxwGU0wkt&`I8V*)DLbeX5Y z=?Na$vwp|X@(eli%cUYE>Z8<_uhZ%i=#lH9jw(A+o(6SWBcHf-{&eX<<8JA8`~P~B z3dM7wVDEE_X1AIkB%+0{LRg2&5))m+kAF-K50U5FEhE|Jg`L=I?dR3EPZFq|?NS$w z;L>h-bfGrE)zQz+eXdaxbx*$c%rK%kpb;?T$5~RGR2kWt)t*X-eJh21zJW6o)w*fV z`Web2=*tm&uxKx+v&{*pQ?B+nKyc_t%GIYix3On2BF=J*>RcV8+&ii(O&^+lFE-Ha z+NSrE>r1wte*}OgJTcUIZfiuczKA0p(n(0fFl4)R{OK(ec}#S!f|42%r^+R?^iKe4 zup2|Jx4=(B`cu7?2Pyh=>Xqs`L-Jz!?=gcA7)~ejXD5PzMtgCQNW&4z@;Deq9kin2;ONlenPrPh zWuV8>GWRgA-rKqxoz1@~i>2!#IkE4%LU5}Zl@4I5^MUbGFF{L73*$pMD`SwDm$e2T ziKFQ*X;&`*9L`(vg%0N&5q7y*$aYE z;0^vR4+)lbfB_Ad-NydQu@?P1k`|6&VN59Bg~+$*L!p#J#Q5GtBVld#-XI$))p+=x z$Fc0@<5i&>!#~&xBv$w6Rhu8QdX3cf-7{`-!L4-~Rp?W4>@5FLe-|&@q~0ZIs%~dY z!w+4eFr zGG*qivJrVQ7A`JkhG+9kzVX-6LA)xGZHqsv)gz1ZO*SU`s~LhiC@WdSrL;UH(=Ed? z`2+W=#_i7Hxq`nw*EI;om`6D5>BfWgD`xqr5Uzcbyb|qh+!CqoT=ldT7Ig8U?w_mO z9&r?IsD3^cC%rTqY~Wh;W0caCAsHW8F8teba*t8dq%NV6*hE3*&@eVTK5t16sX1ML z75=ss)b>T8I1ItJq4u!J0sab&z3bQMWRnN*@KVz1E4?KXeD1#DD+Y+{G^0MSzo=x? zrw>;p;p@o8+U9}(*tQ?+*pB)vRh zf(ZUS{t@Lq%Y%0*+$K$gSY};wqvVWzGN~1qgA)%xKEg=5^f$Mi&vb$GdHU{r4*AHu zM0l&ow()xV)m0SG%Xyve)X&Q0&NU)keq%IZP=@|~ z+#*^b_dZ`8Ja1gzw4~G8mb=7@x>Bw38b<15f8FdC?t2+}?TfTOI=!U>W0o-@o^MuE zAN&%6!mOWY1UJT+OM9lidVHfmki^_4^^q0_Anxd8YK0eHL)sg7_uU>fwVV1y)|h!o zsP)Q-Aoif@I4T!%H=t9NWa2FL@>I!E#6H9xQxov{v?hC1@k5_>iaDwbS=Qg|mXfSj z!L6mX9XpoQ72N(YI)!`NQoQpEJ9jM+ex#M1w#RLb`AIFqr|0V26Kf*|MAVnj z-Fd?!!akp(qG0d6#MzC>c;N8$^v}L0W}A}@P0!*{wu-&o;7m)05S7&0>v`#4f9+>- zDfia$Ds;^*ai@3actd^@=~)CVSxRQbpo;n8$;VXT1J%UAa!}W`l(f=WV#5)Wb(OAx z;ux;u1F!5te)pO0@;Cn;2aK35aL502mCl9=6siBcR$Mny*I~#+Sxzz3e8W~n*R$S- zsb=^xZ*smcl`*C{Q$@*;vG5gzg*YCkp1cwLj%#$@@yPL~7oU)l+)dMZ88x+jW1V-e z5DKDD2W^3;Z)CiJy^|9dg91W_m&D*%zuB2er2#pb1Sez%+|Dp{eQsf%7)z@ZDjeEv z+Pecp^~m4TiW^1R!yE< zHK`(s7Ez`JxEeu9@N*}F(9h3zre(G#Dw*TxL?Wnf8OZ~zxXpy#&wo5`r5|<9%+$dV z7hsfF`THcQ)3RC=hF}@v=$i_RI7{~)&GN(h)Iaml$NVrPY&`f!_yNZ6NR@j>z+s3ls_O>T2mO;l|6l3wN4p%x zP&xVzbBE0%2QEVjXc=8PIQz=J>zOj+$0ONliGNQ-K=TVb~f<{MG^P~q+` zwU~Iw*4M9`(c|cE1x$b<8;jsZnDwqrzI$RK$(rSEW+ofjK6;@EPsVM%sT45;q@?TH zQy-jwbM@J?JRlf(TPK{kx=SA0X=yKxROWaRoth7poBc>pN=(x2Fb@`a90#I`M@@Ws zQAHV9MSmMM6&k&CV(5`9>C8>C^3%Uul8!2(YB)duU5Mft$q}US>r+BRIWdvp)3W|n z-p|(tK7Zkfa+&LSqN4-4$a#c$NvokDtE=VHx_4&HYHa5NjSnV#tBD&faUjjAG^NjW zy%KQo3Qj-zdFyEnIKzp!?f6^|NjL)5?us5*OGL+W`Zk z!U?E13ryNSXDQdUPmq$x{tn?9PK)K$pO?XTCSx%nP-Ds=){v7hYP`3me#&Vj>ElT+ z+~{c$4rZXkby)=Z9IP+DjE$v+nm=#&1R{1M@HT?u;|FX(1x_7Xn2SM=fN5LQK1vb zWyQE2PP%Q*lwUgmXnb9oKjY?JM%W`Nj+` zW1OKTatDM?^R}zB?xB2GcC;jFtCUJ){u|gdWxgE$NKlT+vmf3{hOyawO7!DQR=C;J zolZ&~ea9}!gMa-up{v`uKhH&jRG8!dKk`jBuXChF$+^a{>md;06n=LRqfM7}k4MbR zQ{uiPp)0EFQ`>>!Tc;d>6QAx0`t$H!Yj1aV-ok=iVblEvZwVyQ7#hYfB6)p%^Sh{V zo&U@C0Y2b9yyU&ExCKK?N^ z)q`=3!?rxCMR5>ARAr?dDsNn#$NX9W+@m<1A(_o}&&x3b_?}dsNB(C$OiQ~IW4v4@Eo9QJE*EPNYfcpPV zjgJoHsgWmC9UdL7DK9RGtdU`{N%!c>;@1^bmF#-?S5f7p^m|fZK|jWogTnxJQT5?1 zLwI(p4vx!|gr%#n4_%}Br_z0PGo~!Mnn`~3}CB>+Vp54rm-ryav4;FriyFb&# zZ{t7dKtC->@uoIG%$%(cD6ufuJ3r*uEta+-xo`a_p8 z&sxX7+SBW`J*iu`>jsP^ODA=Jl;itvKQJItmn%5f3vIL?<+L=&**m44`&Fmsu2(d6dlW{pG2$e7;iK+X5`_fy%c+sVk6k(m`27Dm59XJ#@ct+K(p zpUxG4l#y?P0(M8A&EJJuFtI6G`89vNbYrX`d(`w?QvyFe@^lhE$c^!xJIM6Z(9(Jk zAMV~3C>VFp=4;g2EJmoUH?&CwMa=kZ0kT)g(C!eezZ{tbIIGqHHj=&q{muI11KUB4k&FkV=?`MwN49Ej(-uiFq~+tt)>DFD=?$NL;J@LD7? z|I}d&JOfu4CiIEeXMHzF63A zv+~WGH$8xahJ2Y>E--UxX-Rp32?WNCtMlHw_}qATc?o5CzB|V^!n$_`_(L85=B07( zUI8E>$4sCR4X#2U3J1ngU0v;Qv}xeRWW+>GtqOXb@OKuoSfT8WtJX7`3ImR-(iFIS zZkh||+`(&+eO)J3AY0miUa-QbIt1G&^}RTn*uc&qK$dh8c;Fk|c3-_mUU1ua`o41p z(Er4ozI{-h2Yd&kphviY&671W4|s|7B^1;~$$u>PxijBt?)0PTvCrsq3fq%$L> zpSGbPmUF-m&O;sc-9Nk%<=|h|GofB zw=Z7MUUDZZISP+q^PmeAkdj%55^1m5G(wb>ssX`XuA!Mv_?+(+--^s*Il=`wK>hfA z!GFe7O;Q(hGV6uy3Vk~VAr&#FSU|(5Fw!6V?~*`>m(MJ>eo>SUpno{mqM;S}?ULaV z|9w&$xO_sFIfEV?sk^|_&hJCjPg;CQ$hv)r*Y!8f8DL9+5zg2?;cJ z>|uWhtH_pF61!3Y`T(ylWPh32b#Y~d14qH5nBfMWJXHI#`bG$O4Ue*_Dx45U$07iv zJqckL#=D;3;AC6ptw02!NQEsJ&LX&>mh*Z1ijvpgg}Q$gTKW0lyOQP;|8~9K^nr11IwgY zh1gWdj)dXhr%!;P)$l$m!2(u8y=C<9Vf04O)!+F;U?z-pC&;v5`bvW=SB1ES*uO9h z-kqB;58@jDge;?Od!@1sHMAgI6$mB8gt@o-rA%C`fTT$2=Cn;5K%Fn?2q15z2#V1d9vc94$S%cD(5P9a$av_1|DreV2 zp2OCk8DEEb77#q93-M~Oy;+Dh^(AQo#Ox&DTg802p7IF2yFZr1jwA1L(3Ywh8Ok#0 zy#xzjI_2HF_TbSfJ{HK|cDLX3@_Gi1zQR?&J9Fm$TS5eBhmX7k0+opNS8!&>#~(-^ zrR9uy?MxfI`v7cmwGZ&6e|LERZ|IjpumE2=53vSkdum9zfbl`+Z4eekR&M1TMDgM_y1csL&@cO8?{*H$J`}>MvocrX`o06T{ZlC7PYiR?;Ocy`shvXK5k9K>(4- zj_+0VP0S1lJ*1(7CZ;4D76V-|cNe3q|3`3GFI1NmkbW6dAsC0EGK!)03j!i>%S%w* zQ|aKicK4FESuutD={oWa8`R*}`?|(nEb`K(IjGn8O)dW@&GocLH+G1ZXTQ%Tmreu7-(@c)12-ioTwx zFntTUu}xkyqaayPSL%+ug09XVpfY*6;*HX!){*BW8uzIX+$pP}CpPG^PSuof> z?Y+WiAjgl}*ih^Fww0yxyVG!ZiLC+|uNQ6%f}x>{X?dl0t3O>xsSkkC^8dun1p3fH zgQQPi6+;M6bb8L7$Q~r@Yl_d9^5Mp)8VMoUEo@US&$|^w@fM$rRhpYWB(Mm5MbVI! z3r_t5xZ#870uZGX{e*BeM^v&7w4tHO-f}8U@&MjQ52Bbx8-@r22}^AC?5H3 z;otZ*cLAEr{ZPCH6pi-2ZfKRoXDE3es~pq3rjN{+082UH0r@R9Q#G@QvxqggzJsd^ zmSLqm^H^d?pl3Y`oRwj2SDkk=IpPDhdh} z%<|VY(l5ap{3438>6Rl9Q#+goL3wKx?lp>HAKGeas>@_ZmPVuY&vyToyd} z&<8ln=T@y$cz6Z37RB@cQ^Zi*=tQfWk zP1>BOyix^?I41+>BRAX|63+^dLqD2*KF~f+FL&|h|Kq_O#kym}%qe-*vwBHczupO_zolErZ1H zLWWP&>hlH=B7pFbBACMZ`#~XT@IcINXu)J7^117xX6A*pKs(NJ3YPPEm;PY*xU+QtD_CF<;sIg69@XdF&gb1?b zYNMA_6>R^OG4==kbnmLZ;|^x z&A7gyp+m-Y5n%D_Zh?dS+^6!n<(8?)&ELh?KLKE(Q1GrPOzHb;!f3BT^ZEb{l+Vg~_Z0M;&cU%80?aPxtH@Z9QMuWv+z_Z2nt zl3(8uyDeOtcAD}8drfcmjkm46^X<@9OX8bS_~9d-cLd_v^$qprLNgF)zwfN9%rCG1 zyM*THO(j)5bb@I9`8UOo2y28 zROaihlY@f;^ZBoFVkB)R4T&qe_xihX4A~}?rdClG&o-OMIrq^>EyYQIoLq|D`$rqz zPKJ%%PlQfYYx5ZDLnZeA`Fr2?^=~{8F+c0+%aG323DuGKJLJ4U>wepJB<;M^Frgsh zyWxnYW1+`~n3PM3jDDLBj^p92t-Qbe9yw!NC%fOmbka-8F;(x@NKXFhkHf; zB~^c;3UTxG*dLL9*0RU9vTEx#){og^G+xla3EyH=e>E1fpxLAo_NY8@4@tEV+`wGu z{5x;syvHz0PhUSM)#ct__O*k!H{j2Swf~Wsi=AI{K*<UtcLQ_M5IDGzq z9^v%Lk4pQ_H_e-ARZn|v{?U}AJ*O^Q`{VkhAHxz9DVc@?uV&Q!R!-QpE@vYvN+bsR zPC`(KqtxPYu1`^LxN@bs0*2JJg9RD7wDYM`PPa|iZbZy)@Zg8faTIEzvO6$)D8u)p zNv1<@t(gxc3#}VmYx*&mvm0-W+E2PZjT5}&dKBRwp=aUmNGc&*3vAmtpKfdl!P*77-bM;{A(~Q?l#@$R}_n3Mf+EoEJVdI1q zpz*{4AETqA5!sC|oCZIk)+oA0J0edRoxv#DKd5^-yfcy{G`4t`?$+Dy3M-t~&pP@t zoZjZ$$uEn*>)9}Aw!aa1`6TV|laG2MO-3|*kDcB*EUu@;W2#(UUUv5X`Q*ctQ@O*#$p;1}XoL8(r|O?IHA<`Y zQe`}f_+L^Xo)5UbL$K3&i562548GlQ@1w>2_D%ZkkJYDz;qGx8z@WH7s#U36obuL( zWvb%vmHd~Kb7w{5u5A51J6>eetB)NK8SFaVI?zXJ>3`z?7?xk-yyG{D;Qpf}dXi7@ zhLnh>{91!ei-%=CO|11|H*fA_~^xl8kZ5y5oYl> z`}_Of7*oyS1`C30B!}|`eteH_%B$p<9cb*;ZK4hi>3N*r7@I}xq1zhzs&2$&@x|pk z15ZMePpHAZ$n*YyGAHS<;^9VD+YEv7J5n00Li8oqOm}~4reWWx5#G1^fmLHYn0`yH zd{Jlo@Z=ipkl+#dn{E7u)jyadJ)*`dvejO1*xG#$Q7QP_tMk65>ei?m{mV))03vU6Wg;l_7Fo-$&2V!sX}V1$tcI8xdsklgeOq#88GXVumRL^S9` zEobn7CGA+q_Vyf-`=jLKngccQQyE@NRZyu~DQ4lRi7=9#i)$3*E!q!k3wiuq#cTBb z{F1-(&(LI@drAM5??_*dJ2xw9-k4Re{) z?sVw8Ek4;;+^_q%b>6zn6`H8amrrZJHdg*gOI^LxgpUr7KXl$~$$CUbj7+{!MsoOcfi2bVPRRR80{w0Yu9)b3)>x7ZJF_ND(dyHjv4y50&{{FG z><_tc$mtqa1WjfT3m9-mFO5;i?s6Nq-OX1Uo_E5UUXe>5Vn>8Jz6wZfncC3KaXBaq z75ko&>@nj{fbl51@PS1BAu9ewXGBFUx7plzLk^VV9bq8|o>cqfA zx0i+YQt=z5pCJ@wCyA8y-b)k~eh(b{s%{PrMaaF1ER02Z{425H_UDs!M@wv~0gjq7 zA$B%3x#kn%qj7v@OZI-AMHh@OS#l$zpKb)mTfK%|ix}~_&mg!UQ{l<+#$IWW(u;XDLCfUlyem)%ZD%wMPH~Ol>KOTtPSr|wg*y(#sDEa)Baz9qF z(UU^6F_7ga9k1v-%IbIaV=}vYnPu4b4y#BGkCw=O?punmKAu5|@}t6_yE>1#oP+Ai z&=7Rh!;oA&QssyT%4e@U=G)%1lonzv+V4EXZpaQ9;4#jG01@%s9--AZxLu((shQp& zMz2c8RzpKvD{{MD&u))=U#>ABLNv3iE{A&Fv+&)!Th*2BF610cj&2jJ8~dGa>6uY$ ztE;-$(GWg4Ig!WDubPcs0){pGFg%smQ!cHr;n}8>x69r=Bc6rW$&U7TfSCx{!2B#xV<6EC9-I}6RAIiRO!Fvr3 zW8gUjVlAGBV8PpVd?q23=eqPn>`SatHuE39PxGh*jMeB@mZ!fU0EHoPh zu4t$h4!Z4L;vNPC)fA{+O}r=?%+#+C;sHlSBMQdll8}&X1GT8zey^Bmb#C3lJK;Bx zDS7ge%EWJ&%)V83g|AL^tDBxCuk^3VwGeuCLY=BS6h7YVCZ}I>pPIg!G&YOPy^(}h zly#V%**D)XzN+{Q@-F;!#Jz`tDSjsCd8cQrudM$n7fiB*S)eN)9n;9LKoGZ`MT@jN z2}*Ws?K(>xaVk**S}%S7-#j8g8Bg z&xuOENv-|>Nn7Hp>;VksGsd-^U59J~Me(T8jo(i)xyCH4R3O0Y#!sqrzY!^u<{lUy z)f0&{5+-F4QZhOtDgu}RAec=(A;8llZCg2z@;iR_)fhiK*04i#To|b{@G!0x2<>!f z#Kwu?(-1gtbmyj{1Y$m}Yfaq=;l4Gd0*zpS5TPUTW&PG?UWX$5$CHY*M~mY<&))9X zwmqe^1MbX07&23ehC`l3>hFW-UI>{{;G*KA@1ctHp&<{z-7bub8h>flx~Bu5qpUw2 zStc<%bo0#FeZXACHsz3E-qU8Wsa~T4%@k_Va8Ush7aa@iN%g-kc`og2cHZ7vD7A1! zHnlyf!K*_hE~LLDE-%q1?Z{YiwLZ;vv$puxQAFuZvDIwgQq#q)U`35@VvYV1aqaE= z(e0}k3^L}$y@K@gWgZA#_wa^b?e19IrQL7@HJ{nHQnhJP`1>o5``T)XUd3R8`zt!| zV=Q)BeU1Eqks#lIeJ6QdbyE&80k-sT!X_sC_l01sx2s_Ls##S(b!!vhViP$MI)fAn zR2+ySGydRkd*{c8VBeEXRA^vMNnH*T-(T+2^FcULx`*Stplc;C{yS`-cni_~u{5)@ zn@S>l{u}1nTQi2Iqb4@8%XRdggn!{9FAn*z_07Mc2m9BF;ZGRU9`DY5s}wV@ob-)GQtsaAAq#eAYWy7FXn7M?vs4pp!q|J;z` zhx$$Vo%|@_V-~mm`2L+&Yp_GFR+emj-Hz6^w-gExypFOh%^b1FB}$61Mimmmk2>I0 zHxH(q3@=rosqxnjUw^Q+|721f8A(G&8>b&HV*OFJq0tY4`?^BLmuJgkb0kz)q;mA) z?@8(1J2L;PvG0zj^8MpJ#xV|}I@w!t%p@YC>{%RphOAH`MM&aUA$!ZFh|Eyg`r2e~ zg_4~Rk^Ov5eZSA|pXZOK`;}g=6V83^`?{~|`n*5yQMuWCWa~6pui!L3#P9~nmy>8c z-zGWTDgS6O+h=?{?6Bh15Uc`(#z81@fYDpH2eLV3=&x^0+%D+{3=%IN|Mw6iMpB-w zavVm9OjkWir9Qr{oA)eth2hrH+Uk=~g3)WV*Rw-T2kF%H`keOlT_rub5>2whrY`P0 z^;#68sH9Se{IyA!g6R?w5gAHoN{o%s^P(=-Hl1gqG2+C;eRF52#v0soR#m;oha!4Z zcOEPA{Os}?y&)y7aIw6OjwCW&;#F1ex$CBADNXCNc~RSmYn@%ahO${oE8Cr}xokJO zy3t*CR+)#Y(u5rf?CaV;etdDax-M?_`t!Fhqxv?X7^6hR&^dHI60XSAr$lMdq2(16 z;(Y}L1irr_saUJuFP4aezq2S7^f=hW=% z?9!XwD>=}0`7a}8$PqjCcBoDdOIAvuZ%PNk*Vo1hgL#ozftx&i%kgj8kH>sW-nt7> zu@3py|Nc$Em}7lSS&}0Ek-wbi!x8DSaFgYpSy_&%Eg>a9-xNNYROwSh*s|I&>8 z^p(4;O+CibH_Ek$Hzj(;Heyxtj5R9ntJZq&hJY*Ex}^J3vB2%Y`ZtRc!=L}raI%1o zpdyK3uUl&TejQ z))`%az#oZ>i?@2>s(Wmg+TIlOP}Dikcrc0IwfQ#zD1SJU<~xJZ%b-gYubzrWmc97a zUUBMe)9C~7-5rQ(^3QjAo&Z?)uf^vj4d>Dai@#___~!%TV%{c{2Rgvc~u>tvd%%h#t>Qtc-&ED!~_Rk0$wt7O>2_Xg}n$SH45MyAr`^ zH=6JD4GffNP*>i68XDor3E5lM3ItEv+X^#YG*2FJ7*Y2-@%O0^1V2))aQ1v)xkcWf zCisr`G8%BZvit2c3?h0ZC8ZEs3yrI-W5ED`l-EPFdQz|f4md3X&@RchXz*_I6dq3s%IBk9HTfmJ3S;!13ceZl|r%tGT76A7I9% zN#}+$?CTlF2f=$gYg$cBO;)>LpKmOn`nlXTY~l(C8N!O*c<;JSR5?BO03_9UV~A~y zpy@FPvRV%G3k`VplSCb2l5W}C|8CxiNlm@xT=y$sVk3R4;m;ZXch4h1PVRYbimN}u zbfgv;7V0OzR!_v+ARL}oW1eB9HO@wgBAc1BB@YS7zSJ~*Tx+sEJ#odamDomSFHO2L z(RcCg6p>`CPoz(2jXZ@J*YJqUqf0R&fb8mE8y{W7I_%nyl!u!%TP;7BGxNt16h1sNI_ob2pg-T}Ch=|XRFa{%7v z8@CNQv}C)URJG@qoU+f?|CT4-T>N@sMJr8GU+|r>Y=i@%BZ!Jg6_D*~I}jP8r;6}y z_uGbiqqvk{z|q6pQq$7ncP627!8_thhz}pmc(2!&_Tc^5M&vRv8EjK+&JBm>db)ah zBkT8nNL^stPuS_Nax$$P@oTH2OWpa}64oMmg_@bV^aI{$@z0UD8~QAi_WgmYaB55p z-~0+w1TP6Ht$I1MBJVaIfh4dYT$1Io?u*xbSdwz|Yk1YB?3mf;%%ooma- z+GZvy)owe)X$)#5$}gP@NDN2FJyeBN+0a^2weUwv3(*~ z*_kkQdk}4M3sIAk<6C%2zkhGca+Y3sawJ{1HK38rO|bHeMatm2brTM0H378!Yu1-t z*Hpq8xnBlTvk6rN^IS_}pHEIn33Zxy>s&%>Hd&b|M*;>riqG+J3HUf-27CM#G97v_naHp z+F6$sM@DKTPlbhthZ9!*q+KW0nqoY&Fo?0v9cE^(u-Ea23|pn8uaj0cUYSP->Q=6h?ta6nj z2nV&K*8KDrs~UGXqI;VAHFa*}^D$}!Lr@8rj5)KNs_O7&0dR2Vdn33dMNDezw> za&L=2o!T^2fFgg*~9^w?JNNoIa}*6q$e zw`y>uK=kljx>Pl^^Nf-54jl~*`%40C?z9ZE&CHY&whj))Rx6FOQ(uapvppRq?nM;C`y(ULmbX7^0Rauow9tGT^7JVdXN^Fne=WRH zmRKVr4id4sak+D0yxQ${rFFtw-B6+7T1XM||L$@M zZyr~Vql5CIonHF3l-IMKRGB0E70c{*B2h_nU;&&J6-8f3i>o@ZVdHVY z$UWVeQ+vSNvD0yJ_r&4%DEY8ZkYl+mS$QZ{(q5!v$@t=1#Da&h{c)H4aAsp+Xii_> zf_<>g8EMjWlU57X9+JNIRdGY_sIa77=Mi6It+(`h(z7$<@0afhn-fF~zBax{z~E{r zu!9zTa^!tM#-^R7GKDmiO(%m^&_of)0<3i#txPXQFzs$MKtVa_;%^@0l1`7MDxxhA zMErcj-vPZh$uW0eIH2k2jlLh)bh**~K5&V^L?t{Dj+r(!o(lVP8$Ba`<^eryr~e+J z7Gw!?gyzJXu9@NN46_uLE~3MP)9H`*_=!?DjLx6OQ}@p^*UYf)?qB7@Uir?X?!{@dj(U7bMP$D1Gxa=!9lhB5vTa-7*z|PpCU9DXHiy?_|)QmUAfdJ>IbjNYwi6mgg!nQkW)pVG{ok;?&qNssh8d679M(6Em|3wPteY;szTvc z+ksm4_$xzaN}g0l)HYy&f<99m}~B#jh*>A*G2NR39PolOW`?xrsMevZ%^ZT!Qr1=WgZ{W>+a8VOmx;e}BQ@LktInWR_R0l*HyouAvBp)<778xeLLrMPZ{VK(J@6fwe~*@e)c*$h z*f5kHcdwH$jFUBseg5w+{?wtD_4fcw$!@fQ0qqz9ZHyKVxuvBg^qDhCz(snnG9rkg zrq082vZ{z+!_TT}=c%^lJ*+ple9B39|1M2x-SzbJ4B2e(`o(8! zV}n@<6}tIi^TU{`1Y0VP7eTX!-2c7I`18bK^r88f9^8m;6jw5$`((rk9}sWA&W!UN ziGU@I78(Jp#ps%v8Y4q2fys1JfZgNxi6ZJg;9a-WYk;0Lv{vZsTgUblA|0R>6wKXEh0I)N zX(r?xGa>>5-5Mh{{@yLV|X%S!h?mYZsO;UXDZg{UywYqm-CF z`A5}UhhmQz7i8?{Dn&|j2X#u1eenYy+7VDWUY0qJbiYjYal}?a2zecLc;Rw?oOwLr<_`>iXE93F z5-1pA1V=W^-DW|+44BCf{GSPS|S!pXpe5j6zswMV+BpFLd! z)4+QeCRw#A3q{HBP%(%oo;igBTI;%`%Hf$lPN@lFmP{-e#qPi~nY9$7dHQ`uJ0&(% zx!U1;oMb@oFoHbSS#3vq4T=jqf)4Z!1JK`2+YjW16sgas09ElN2n0gwj{tiSP@b|K z)%;gK0acYA0Rf(Mu*s-$a3(H#ji3=5jGTO` zj~D^&&Jz8tyotWs07LzG{`*o=0*iHK9u}*zx7*RZAx^jj#=JuzT!#hr`YxGgvUjqV z1CbTNpJEThTd!igPFM@%$DL4)NOv8v8ip=Zh7b zhZ6@4u)rmbw(oo&%%eX1*>!#k3T3b|I6NDQ%BX-`%hh~{$g!&UxO}Azk}B{Nkb~4$4`dUCZt%H1huX+%HeB5CJ2M_TkjkTP=$l;9-eC>LTsn^m!51;BCk9L3#{*9?I{K?8GL zi4MRh9s*A31;D%-I!ko#h`TN8_48Brs2mCD4Z7jg)@AAG^OM*&f!h@?s{OK3IKCug zaTi_uq|os5NgQ02dl{GSD-&Ote!Rm1u0Nr#U%ytI3ADvy+IUmgQ84J(`cbnMItqqP zTicV)VWXtfthxAbQdigVBxUwWyN@YWZE_`N#z@VX=;@=NtL<_4HS9bv8DdWnL)4;K zElH9k&AD2*qhkK@f<%D>#T0jVNY{W+%mai^@U`Z!wzjstO7@9>R^Ky?P#wYOvAVFJ z0yb2S-OQoQDL}ijq=7?nSxc!G7h5eju8y~d64oSQB|hQ{(BdRe94cW0^2*znlr84* zp`=HL`(cP;FtgYK)g0E!D%%7R)QD<2ncmnbNUeH{ulg9)!_d59JX6h&IlbQMh`*#( zUQJEys~AaNKa|5w%=2AZ-b6%1u)vdJl9H3-y>86>0v4(g%SRwED>X)VzB|VQZf4b* z&2D@BDs1FW^E+42nU=S2^P3atxjb{M{WF3R?An`yt{BhA)}1wa_wsrscC5uQyB;aX zd{gfD>oFJ@)mXI->hAIu-a%hln|vDyY*TJRfo>v+8D3{?EZz#6Y>M?E<&caw&;~nW zO^DrG5!-+(@vU&MD`p07dhX68#v>>vFG3UaX#Tl#`|z;7lR22z+XLeL!kq5s7Hl}| zA>l9k4CUeL9NSFrzEamPf<*;jA=?ss)H}Bg7O|)|`*)y-YHT{?mz4=#RwX!c66Cj2 z=D5G!{v?00Ps}V2F11hz0a7&?E7*PjmJ99E(-|fe_Hxi{qT7T-Kwcat!ru|$4)K}M zL4KY|=I>lMz%%j{%Ri85yF5}r z#5h)MDSuwAaXq<=C2h38JQC$~rJDaxMsmw}FG$YMpT>PWJnszvM|t=VRg*xVOY6VV zkSz_|#XwKly-2k~w(%vSZ-)a52H^zLv3+2azs$IOpsbHX!o#J3KtS@?_O=GKlsN1i zGF@gG3GRJ|nCh@>gV(*sCAZq%1z{hq0~fvzxZd0(+A$OfY@|^hAHZ4#*+DiHT~Ex# zLOz(!ZvgHexijxy%4I#hc=jQDd{{~@{b8`_$Ig%UmFUboX&#GU zwLgi;4CFAK4)ucffbW1!?jHsk#T|R}G9B%NcKsz^c@6=5X43zD!5h2F1Ev%wbV#j9 zJBtM{^hP@0RVlzL9NW(3ptcFq9eydnPbNlUxq-op3rgD+wplWBainMzMMMd`QJ=i0 z#U8DwN=k-gfu*rNf^hr(jq-a=`wjnYp#Jde0$#$Z)as7rBT(?^$1R*fe5ubm^L}wH z_pSOwVnsw)g=Vo2(l5)UMw(n&lX^mZZMgNA)L(v8j3h~ZG{PhN=nHU+`OI@Bm51;0 z@H*(mb@1^kL-0Qi8&3`Pk z`o!Wv?nXg%{hxO%jERxG89+=fb+(4VsGoz^_pNY6rt;k9UR8}0Zl~wJ&sxgzVp3_W=MtY@mZ2g0QWLZ)xxG-yDLFZ4Q75ygTPf` zVSNZ+ZD!Y_6EdUO2Qf-=(g={ISGYV(>b)=5{p{qo>U#ywyqU!}cRidX3}u^P+xrUICstCmc&E&qRVz_5 zn6odqo}Z%bp;*90yOu?Q#ZK6+#Cd!;Mk6zD5E+`PKkd2AcQfqmt(3H^EDh#Sykiov zAro_&hyy@ZIXXJp@pvE92C#tn=L2UtyRx9-@y!4`Gtzevr9#TqLMy+*SID_8;A!Tm z6n}=fj8gc7+?ocv=k2=dVcO%O=pWmF{;(lU+uXrL&(88fb2NmWgrsif223}}z zy7+8<6pycHu^J8~+Gv;kU+r+zj zT%c~%Qls95jY-P|{psN4%bc=+PN#@iIjd#Pz|sWULfv`mT>I~jU_I{CodYZUfrH)6 zcy0HSLo6Usfi;wvxnsXgwGnVaA{6}weJQWPG^7m6FZ5;@?oV5@$Oe2$!A{gyKU@=1 zHfz282`vBnoXV7Sz9_kD*kMX^k^lb^_eJScF;vkqZ$YfCE zUSYzf%9iRFV52fRI{^@8;%JobB1o@?y8`vsy|2wynJ&NA zZ$_7I&6GdWz{PN~uN`ShNSbh$P{B|3Uq<1Uy1^C_pmtQOVR*qJX21E&* zNG^7E*>069;=Y*}411J9=}WI``i1E^e3(XjZ^k}6iXxH#1wy9IdzOu-GA$u>%8KQ( z(f8?wh8V8^Gxyw3ylt?W%m*I=1~};j&=d7R{U2}jg~w06|F~{h^2O@y?eF6cHohut zFtT$fG{L2es5Mg(&5-@@jZ6RR8rN!{Yw7MUoN$3%!Fy`P7t zEJ2glw%=DPV)^#DRv%_&X2t3gnZ%WZWa$V3vifK`R)7JmN>mz-_6o@c)VI@nd)H_1j{+9pty zTPCy6N=Y;b#<`;lW}gJ3v)cS{%g6PL@Hx6ZeM!+>TiZP43y_LG`Zf%Yun4q6Fy=6cZn-YuY%e2<@)u6!-{a88js~Ly>my>W8Z%= zG|YO7Tf-eRaI3&j{;edTMqk|c{0z?*9`4V^CjQH<%ETtF+2N_r1;qw|#P#D)x>gxT z`mI_0d9B9)sqy!dP>_A9c>J}74*w&LiqMtbzgE3_ zcH<9kQ;hLc%taBAD|0n}_{xsVw7E>cQGEsr_aBa`L%k_}bgsNw-21h%1|&Vx4XR`) zPsIwjn@|nC-ii3P9MLsYSMM|&_~`KB!Tr$L=b})nT|FbwxVEOQDTe=sgjV%x5FV06;kEsiNVc zWavid;AC%RX=6(0;^AOQXzFfh1^~FPR%co|>9je8yc?tGftrz~1~K*XTwJ~4p_Zr4 zADM@}eu^lvYQ+#V%OMJII_P=3ZhzmFKPKzY$ym^2gKr~m8N9P>rZw>`ePmf~lv{LRZF)@cje;8a`@(&7E9 zYyO*SKB|Cxa4lT)6u9^4qHj(=Z*K0hSHa!m!42J7?YFnJcbv)=xO+*a9Mr@EFPTdg z|02J>;!9sF-U${-eUjqjNBp__L5+BU>ZEr|m9vkEFn*Cz_X3N*((;O)JVJH@^f4OW z9v+8>MIKKtYvI~k1_U;^s%y7)YUAt)?#|~P-`vjG-OeAs+wF}dF4juEYT&*0!%;}* zY_3u3$M}V8tvw%kr<2HI5N-KBjxNFSed>1-`M?wH@XbR&T?3wJ7zIbbSO;7xPSdJ> zIHi+BOH=>HP^#zZX!s&=XQa*xQ|iUp+SaKWqg^LhZFE2sL~-C;i{J2)fZi{?VsB`z z?{AtkLue_%@FEFwZhE4E{jZaSSLhGV$M*t}*2IDPbd8Q1KMoF%8-r`tofy*5eht9E z2?#WyufDYdqzAg-f?y(`AF!2R*dEZ0;R0M)cUW5E2a|V6!Sj<_u}r^HsRkM=-v8vI z>s%T_7Wf#X30_c?ft`P7iAV#2^ElU#AW~SAC{5M$)u=d4QF)?iUP~M8AtqJJu6SWF zqiHjgY+S8Mi^X}-_GTGnTf_6TTKn7w-j2KVYI`FHBbsSfhGmNR*k;Zw*EoTnrnce8 zYJC03`lNLZlH&7*?b?}FmV-obl04V#SL4!LN6Ds4yYBtPwVDmz;kYu0dzj;`?zekI zxGlvf1|?6!XC$`G)zy2l!0jSRvrn`?1qU*T1%<^2ziW?hafiq;UGpiSkui@IY@g(X zBlUR;({j9oZ|EmHliAT9ysNM8xb0;L-=BwPDgSySa`KB?BPeJdWFM!vCoW>1FL-hh zjd{%2U`m@vS1+T<7DKvzYCcE!*6I$4=A8V> z`;;AFzIamk_$nskf2}#Wqj|u%Jo|Z^zogO5HfpI6e$DyN!{zV}-+WRv34YJ_tD@B+ zF1E9S;}T5HwJ)TLy|yw2V$C2Q`#HDmAC*UKj&co>G!2#<6f11dT#t@Z zZ)f|;oFto{2(;C!{p))g`LXt{N!XOH59uA%?JXFyI#!rp@?7q!(IR?{qwCj&xgO>y zsCYdR7V9owv&5=Zdq-K$;TjYP9!XR2e;I7RwSDKDYb&HAd_;o?1lu6=F!b89okibN zT&t`kc7_ZC<EVkCuZ<7ZA{hh^BHIqAibT-=qp?@2zP^J1LXGt!P-3} zL0!OXz4%gKr%H4+m@R2FLI>mN4Fks{`p&P}%}KJzD&jKf*=Fsbbs{>YBYe2bvIebo zc|Achi(+P)um*EV)7rLRg}mPG@H$xe_3>md>l;aUBko8TY<6DArtfof>Z6U&!or+; zIn}$;Vlk>idVL0nxU}}WUxm8QA(`j^ycpZr9KkuNKE<~he6?W9116S>ujQpzkSZw> zu$-Dy8opHVU#{RMTEErkWa+yj*3M{bWa1S_uV8^1^LGrxXC<+rz-EU^ky;MZ+j}@e zk+m_N^gl6&G;&yOL26pm*d<$8iTQ5_1xW^C;$%E2m5QWKs+t$!#x2!h75FSh%N)&o zLraI?w;SL(QWZM$7$8VW<_a^N)I5QQTdV){Xg8AbeS|Au2*IHiq)b5j(YwUB&;LW7 zQCwwkpb9077;j(bMakZeKz6USw&1CcE{2;FMY0!4@q5>Ddoee8PD>yHwE6-ay@g6f#k%Y}c>by3o4fmssT10BKhK)o z4x$8{QEw4oLhAuw5?xH>y>UB13ZAV|Nrk=mj61TOfSWI4M4ZJHs#V z^U~_zl&5Lj2POBc# zMDI$pu=qj(X8)A6R3%^gzY;s|lqb0pUM$Rjz$tL` zjTy$!bBseYL|I5|`|elO^okudRuOFxRfwvZZ2BY!z1o~*$n{B`!1--A0rYoP7F&7p zyaEfo!!32fNb}a^q{89H2EUMT#n8Bq3hJFNB}y;~tx};n22h-S*a1UyBQ*>NE)d)?6=Zze?A((;c<}Z=viQhz zSmzm#bWR`-PbbZL#7l(f3Eg8(F^==YI6;h#)2c3=s-kOYMJ=;IUuK82328oK4p!8RynL>z)9gEvskY{0iDb^aQZ zPUlBBEj}*VvfII6GVZI%&H6Z}LrOAc=*IbR1IysRKP_y@VIox`x3`1Xe!vE-0fvXT zhc!UJ2KuHhol_ywWth`%OX=4}7;RK#n2{BVC9a%sE$Dk|U?JkNO_Q+NmufU7PKOj| z?sCfr%vh)@eIafv7Y9(S5&8Oa4KMf)xtrJM{(Pa70`%DS? z-P(L-Ql&{D zh~ykxr*#ywmcV}(wN zIP1uXKpKc>vd*EV87c%kK8@FtijdHPCTo-ir6lh@!r$`jv7?0&AY-bq{~9$ zI}QT-_k%g|orXXpB-$K42N{9S7*lkDNbnkZ*f6Z3tMcS4WPJxsCt@FSD;suHgDA~y zmzx%_oLmF253scP(?{n?)48(%I!v9zO<%4wMidpl7}(5H6o-NH({+ zZQjNcCBzB{1tnE`J9OQkZsxgXbt4z0G9K-%C<>D`~qi+BOB=z;o%YV*}JEv96p*HUkNFaQPw7ssqE*0_5H#SH>br( z3l0bm=4cA7qPSr(8lFJxC|!i9LumTs&rJDF<~jz3T>PO=<8%P?-UbKai(^N&LkcX* z>8Dh|k?t>Ad{o=98n{+@?1$X6{-Wj9)WN|4-=-}>b<&w%utEd}gAf;>n$kz=R*7WP z<{>1=^y<)EzUBEZP|_7K&1Wd)2+exYJHvRsI69Y!cKnlr$!UrgLNJdex;j2l?Y zmtZ1ojv-ZA9VE2k;0J5AZp_(f9AAy8n`OM0G5Ta9Qc({{ny8{Jf{-d& zgSVI}Nwf7?xkkc`C8{B-Sj!+NbV4CW6MqX*#GS1ol2!9K9309mVY}@h{pu4=;3G6F zPo2F?KgoK*)8IO^z7X|9p09DgEo3mvg9Mh{*BnE(AAI1XM5&9yBaPrAN~1zh;#o}# z-LWjgLnh3L93P^@%c?g?xyK~B@>4Z~@3~=l2;q>MOj>z$pc^3R52zCHGsGIBjBZ5h~j5Ykn5}XEemxwo< z;W9A7qL@#bO7t{G;GtP;-8+yZOA(@jTvi}b3{7_~^`e7Q-SN;t9@rg<;`5MuzzMqh z#e1v7-V~)*n?)9gjjn`3SzsMBwWX4OLGmzT?9{7~l#7!=G>J>fROP4HC9DY*<$u|x z6ZZgv+=FvX53kE(!-bjBqx?0H;^;%l840#eurMSVjB_+V;;fO{?H_jvPnbF%PU0^G zzj_^skl$B^%3cSX<*(eU6KCxnUk=6f9+auJ$s*;%*UnfU-8kAsYiSWM+da!BDoFswaUcY{7suW7l_J8*(;;&xKI)@HnR zg7OD#sG(n@=4PdnPKO#=rs`OZIL5KEshlGrgqXjYd)>T%orVa5PsDwJPhZv9fKex! z7vMmP3#!hs@mFJHM|Y4Yt<%^;niFjEYv$J&nlA(YX>y$ukF(WmR}9*(5SMTqU)LQ< zSP|9vfn?&>SfeH;g@@$L>P#P+4N6lTCAo1;&M5DK!(=nV`vEhxa;}xDbewC*7zU@PPz(J3p%Kyvn*|fzx97* z&_t}F)q0qNd`c%W*kW=&1U$8JnZ0I^oOian3?85!Ey192e)4IChp_~!JyEh-wO(DGqEueIwgtU3Fl z1#|J}LbnuDv!Nrz6`HFITY5RD?gAxLVIrWLiFhC^9;^ru4#|lrJmWLx+9i7UA@O4p zp578eijlCs3?(8dTe|{k3{|~Sr5q%tWO*=TzzO5mX)ot&M{wBZ-NTTP5xCGW5eWFE zxzjDZd(ccnGHNR1bj2nR2SjuYZpLMXQl(+KeGL*LI8@BtJgg2uR2FhVaf7n*n3OPN z(Hcv>+{C6P=Y{Q01)O7K{mIbvEgi(wS&j}e(I6fIgBG-_>yjOs!OudS%?=W;D+E#^ z#tp~6*2=Iy1ZI^^)?W{lt>}zHabA9AP4GlXZyH`?U?b6J&3^&QasUsVPV|HlulJgl zNhc`9%=nBH5F5N2jW9abry0yq9ImV*J4!tOKnEp6!+VdrVr&(Q2jdvQR_d?{CsYWR z>bB^oI;3wekZ2C45QRkvIaorzeLUHNYkDjRym_6Yvg7723bht0@{il2gz-Z9n75^h zgXx4V&KBkaCfU?yv|5p2r6oA3+;J_eXNgum?8EoIWfgEbMQxijx%oB(HZtBo3t#Spo- ztazPs8^DfuC?Dc1dn3rNB7mLND}UM;Z`B(z6fDILB|4$8&|e!fhJ;#BZ_8&kWm2`R zia}D0%UDQ41}*6nnlYRDp4M{bK-lkc5b`w5j#_T^<53!BoY${q1SqJKGP;`$Pm=4RUfSjKmu{TYB%j0(!v-usGO4_K6-dVb&D1GSgUN zcoF^#hM96a=GP?0#Lq#OQJQoPQa7A6E%%d>UK2cSW8*u$VTr4`WMQ}*gUVK^kCAAt z0~9DLmjhvU9ot9yRynIwsUbCKupnAq`d9FR0%fyJl$AvmglL8g)CfKKr^p5_ zAu77;sWB1xCe!%Vy;3L+KKn!u0v+HCHC4z3zcAKCy6IxY^G252b3$EJcDn87U>X<# zkp`nEo&C{*UWlKw4wo+K!pbP-gjkUC`!+=19ifKm<( ztiNeocn$vYq&d+R>OgWiUkD`r1~V`Mc_!D8zquCM+Y6!OGm_ z=xj(U3fytvWWQv;&KnqqY=Z!xAKuinPi(z99wtqh~SwmCgCCArV`Oho!DVGoPt z0W}zsAV^mg!gfe&uPg&qrXw#g@jZ+W83gq|E#<-@iFh7A zy*fIb>_$>~tNlM~-;@Q9scevwdg#^ypXbo2#i(8DtLFL8%$gmH&LcrDJ4 zu5O`FveTJv3BJt(znoJGY?)5y0?M1{i%yB%>A!aP)nR-0YQY!5$U72dRTgVXjQf)u+4UrrR^uubE<%|3)Xh;x@~PBZ${JtV`(dq@ry z4l@#e$}3b92W6#rV#p^&BrYl`g9{&m2iz4DhQpLpc~dv#fD%=+J>$r!pj4H4(V5b>i#OG~dQF{pN+c%Baghue62}cku1^X`cIm&}Vg2{e$O`a(kiDP;Omb6L> zc@;RBo=(R|$q?^*AHn&4Sj%KGJKL&dYEv8qd%5E!u@!mCzTs(HN$@gVYa;Wl5xqAz z8^G&y9EGz^H7IGxH~nZK1S>bp&g0e~v9d6lL3g}fcwtQjRnc09fvzs^VzoJVQ=8nT z@L&Wd1P95)RGm-CN2yg?aG$AttJ7v*nCep?hxPZ&??gnWz#`$MlLm^yi2sR>I^q(wZRWi-Zyp zPDhK|UKb-^;;S`&mqf%=;uvcfgBqNw&tK+941q(f!w1Ak;oSb}`jBPgjs$_RFeIV| zQg)W8>~V++)7q<4Ahx~U^5Yd)OdBNTkGd1<9|*P0&YFGXwxv7BN;x`o;n+$L8fxx! zid1*FUTK?6_`#3QYb;-}DvUQsgl!}>+sqx%9Tu5@4Ab4ick~zwg1%EO;;G%`O6mtv z>=>a}R{FJ+w{Ady=E#2AwTF;_tTu)`!iS*A_($JMD2VzsbQ_XuUD;bb(k?#u`P~P4 zBg7`ly9!6C*%HiaeT`=@OFDW}0Gh|08{E+AY7odaVn^O+8UFRF96I@HN>7ELQ^GMZ ztAR0(gD9IuB3$FLY)8%~&kuT0HDKp5;zQF-+?#NfiVG~mNOvPgHObtsQ9a<)v-2iB zHEG_zUx2oAzw6&kutxBjiD9OE#X%TiU#p)9-&nW}N{#b65VN!WeDr9%!>(p}n3 z)nUUyLU4+?g~WsNd2@yu#tP0>=_n(x@$$`V9MP5>+_ z2yMv{Ph_)z<@|f4J-^yJz9O+5GiGO=J?}K3{s4-Z5h`rP3Yc0iOf?d{4F7WD+zNwF z7UY@{Okz;HGmc?%ZOKpbOdP*ZPR$z&ZmH}VUX?V9{N*quFUSFg+iYVs9Ep<$y=lb@ z^s1HFUHR9dtCVuw>*(Nh+?+358w5!8vXRN&M|f1GPxBj4evXB=*I(C;rm>H2GD;tk zthm3_4lS)M5{-}GzuZh?>C4ohH+tV?b~tH1r9k1j)D~_W`Mq9$ApPO{ix2ZmnA$L? zZDcIInW(Ri-`_UJx}0#AL37=NIPpV$r=Fkc4-2?b<2r|Zo&31mUbl%#JjUW=8vA&D z^!4$XQjC#4W6_NUwf!Aa#u;r7s*n%IEAznhBpYYU* zx4joM@v_BlZcht{X)jc*QzJa6o;pKp1qzSp~yW;ll(bYu#2;+;I+ceM1 zydYUo2`$syjA^P?X((d+@P#_m|U^slG{h4jWRDEhMv$5sCh`B0MMh#P~c!E4l@2@@mZ4bqy!}LehpF2_#Ck)y(XI=#L(}3x@gF z&$gbR-u6D?m!tKCjlSy=iU~fY60p5Na~ST?mp;n_tMiH(v$Ov8eNM1spMAFJrGp8w zZC!YvY+)%1pc#&B#0V=XKtEnKWGelyX2cAGck$eq6 zpIv*h>cdZ|WVuux)BwP5TWzZLrJ`7D`$Y-n1PMRGZsSyCw*oc9A(r38kgd67>E7gO z+A?c0HZu32&nkjv7su*&EY;P=33NNu60N&Smf&RifDjR$-1=E=+?BX?1Cs3^!xz;6 zIz~3f_4I=cQMQ2@{CTYX)4=z)G@uT zBPed^%^!AqC2XH+lEh3JKKMGa&>v*RM#pfvt|LnxT*^A)4v-{9MIFv-goD84$6~kF zNND)#A~POPF&cz_X^B;V_*ql}d&xoN&?^2ji1DjSzV6qz|RrW-W`naeUl)kbnc~Tf)g`@;vl=ueHTu zdNQ9}!K91cp541D-`;}|A2EqSzeP{ctC278B&f~ZS8WU;EGvZkaQuej4MQ`;7$s!_ z0Dy#8iijvkiirI4QUmZRLzYhhpTsvo+(CWiCSo+GsBlh`GCA~5qTm?S!bsG?TKTF_ zNzwwruIeizO$PQQ zxTDH~%NPbTeq~k*r*$!`^?FhdW7b?+TC1EhA`Gno67na?G6OKOps9fDm)oLj@O$^syPQ@tsh zH)+2C>9*Dy*|C;Q#DlD`k? zVB_li_c2|aO@BB2nYWFJ83S-qe@6a0kGQ0)!oPTai_zTD*5MDwZ|c8Oni&6!&cW5m z<`0dDF@vd%sV#6K&Ol_Q|3L3zY4-08`VZ^*-SfXq1UTHk@c#q#KjrmjE`Q|8{mI_g z_4lBXpZJJ>&zIZ8-q_NF`_H415f>wei4g}KBL^D`9V;grBb}iM6B8X5hao2uGY1E! zDLdESpd{^_T@3AvO@BiH!Ral5I7}?YjHZUhY;=Z9W@dD(9EL1(Ml5EAbgW#=Cd_P1 zCQPgxoPUFmcd`Upf}zddXZ0J(1PH~!$ZX1H#>Gfy%*AL#$7;;ZOvlB-VM52kWy)e| z%x-AH%whZo>i0fy3n@tQ5i`>>{<}rN#?Zyg-pQ7aSjN)M)&1WcDwejU$}Wb#g~r6r z#KOeE%*oEm!p_Xj#Qtw0HB%>NppyT_WMZUeX8zM-V$3ZDL^K2{o29LxxhaE#o%x@R z-`m0sTntdKhQDnCi2SD=xE5{^CsRWgdnXlpdmBFD-*YAW4f)5U2zmcuEZj2o#(x<9 z5SyC(wzq#+oUoxe!=G1PhX0EAe?wBXuy?cj|AzB#(tn`{Ik~vmJ6X#+$s1Xj8oT`0 zIR6>(zmSxGzRuaj$wTu0u&DnB9q(W2DgorRck=k#_{ye^f4%+XkZdgfh>DQ#j}zcF zH2zEc&W4{&P5x{FP>z3f8Cw|InVSN=?LSQIpY4|ai5jzUv9WNnaj?*tv9SZy*qDWt z&d8M0kj{|V%$U=Joy&}w>o48=7rL{(nTwmDlc|t7PzQkf3^c7j`%FmrNBgM$<6PV< zOo2K=!^p(V$VmLx_7d_k{C24STpsUlmm@37{dWQI{&q>+lD{=i+10_p#?sX3KMLlb zit_(L_c#83DCPf&{qJOdaf{eHcmR#o!bRTA?!O%VKOy`JLB`V9)Xv%dznc2rN&XVc z-{KB%&VRK5;~6kKGW;t({zEN(Th9N*uYai9|HTo2(El^Ye@njqBd-4u*MCa_|1IMG z(XRgy*MCa_|1IMG(XRjB#0C5B6Sk=xFwt`Zo}U%dUY3DpZx{y&O=kcA4(0bZ2p}U1 z6W9plA}K2hwGRr9L5zO!DRKgU&J`>9Nl3+g^<=}%dv0hAaB)Do5(~V>t{2QGf+@M| zmBz=tTsbW)oiDfo0V~k{OItWES~%b=RdrQKN*bf%M0Pni7!f)+0dK8-muTZT%xHHx z6~-{_;Mr1$KU=PJZUx5E+fBz#j-A(zJZaRb9y;)1**Y*s5B{42bGi;aMQ}J3uRWT3 zfKp^k&{zy&e;xd{y5-twkyCYOqF_YfzkcM4PZ>4w&tIA1hQ&nVM-6XX!+XBoe*YeY zkz~Ko8E_AlqOIZnNk(P@n~7~84ZZR4Ddu}J97aPU!Mi%{^c)Q%B_lUCd4&>Ln@;R2 zEMJjt$Ul)^4-n+nFKPAPTIRTIwyy3Q*Fo_*T)v^Z4{7&qewf-;-K`$}@UFr86Hqs5 z(w>vaFI8pxXIWmlt*4@Qk%Ub_0cdc#O-h=uxqro;_x)jB4X49DTc z)F6>uv;$Yp?Q(>RhX)4W)MlV25SFOcas_PfMeHUdBrvDrKBIYVze??&2H6JwQw&7G z({sOO_rC@P3IoC`QE*UEw}}pn;lT^clb!(=`?%!tQ>lfmf&}?ei28RgfrRVr9waq# zcm`OpDfP6mWg`0+xVW8uTY8~H$+IUXC%=wnmdSs;4Gzq&cAG{mSnYFS-O=3iKBKWi z{9{LnZroql?R&fMuXb(-a@)so8BLaTuU}d}quoITXPvCHF!TyAHp|gXtq z)a_^s8pLPL2Y?ywiXrmK#f~#hcW_kc=cZ+nsK(A%$Vf_ZIqi*{uC;&=l9CoV?hY|A zF;Sl_C9R>b4ebuN!027fP)5#T z>UQ82W@g7wy&J*sTb5TK4l|69lMhb_)RlN-!^OYLJyZE+7IshHKZ>%F7XW6I;-SYPE;Fi{r zrDDv;12u`{tV4zY&N(|(3Ec@ zsv(wKsFcNmgXeXCVzr!Ff`4MBDJiqAH{XqntVpwY$^Qknp1O zfx>=YG_XlZFCe0Hk$%mgoNAR!_lY8md{!WRpO1TZ4_aquT=R&0X4>w%^F z36Wn*2?vZ0dcJxV78Xp#5^di20P0~C1O(`b@hLCrr@ChVW3k<8Hf(3h(NMoM!*0bi{|*P7|XVQ9y%c;6{MdV}Zewewjz-MlfAi8_P%L(%g=F~%HgZ+ypj?VgPgkNaXZ6hw^^RZX-!gxOuqT@ValZUmMz* zV(7^O0GynhBcr0aIy=v9qtOAAcLa>loI7Q-#*~c>4Uv(N^H#3j-km-vs-cEP#>Vow z{I-mk4Gj%Npg=>%0?7Q_p?kNXOTSHr4HPUFq`I(OYic^UJXwE)V_Km09EsO2>#&mX zy4?rSgJrOdeLEqrBq9p1TY`l22elQl(t;gtfCmr-W4KqQKnb6LmqP@=s^ldfJciz4 zKR!S6qzHoea-r-sJA^8L_IAhw(1r#)54CCHwdD~CG!d4I4Qh$$xe@Iqa$I_7wby3? zcP+4&2l#P3dS`d-L1|m7aT8p?*YL(OPG7GTbe2kZ2R@x6lRKiG8e_jf=(^QmZ1nHg z2%dz5yO@{kW1Pg$f>emYn4ua~YI%TQ$)5ag5gNIarE=LhT*rRuEX(q19{hGC;TcKV@waSHhyI86b+n&Vs zFoqV`2Pg5x8n`EU{SO}3Yd9D26fO4-rDwODaV6UApPR!B7ppXB)N4-G+gOTky6!ih zpN?w>ZBLf}Wn)e*KRqw`_T!>%JgIA}d*cn|s03D=y-n2g~YowZ8= z1T}MvGi1nf4%o0`WXL;Qk5l^$0Du%JvZT?@t}X<~ARj{m^=3d_`Kz-nNVsiPi68{^ zkS0j44RcyOLZ&DMN44)H+v{}kYM8RM=>a-+Oo^0Y%Ik}axn)M$*!U^5LC!&~S}8Jh(SQTv!y)Y9U#-cd3~ZgP^q>*sxTT;MjuxhR}wX+YtGCgf{~ZCO--! zlgM4%&)S^U)1JBR&Z5Oi)EO+c@a1w#sL|l@WfGH!`0z}a<41d~Ovz<;C}jLUpY|S0 zK0?rQae3UGtaP}YH*3&3Iy#WCQ0YsE+Jwyri==W@G_y(!93#l*$+ zIQ;0}t*Dq!(}gA?;R&XFeGZLV=Pi{V>67;Sh_SEr*da!l&Ai+~pk$G>+v?;7)1vC> zpTg^QwtjOscYnGD1*q0)l9G@JkBMnIw_2*nKE8X+;^X1zu-j-qJUj%3VVT3ZQlMja zA-2Q7z)&w&+6OZB^*u~z{?p4q^ZB-Mt=ye9#NE(sDMD{hNF9a|OlmfHvH?1u#%SK3 zw`ec9>QtVBxEJk)-Zwj}$pqe?GUv=EKm1xVAD|K0{q05g-~b%<8{A%J-Wv~`&yCZa zFW#eoi=mkKoDWJ~qUq^~Xk;khki9xT7sn?ibbEY#93AU5pkjBErA!SCiEcT0CE?Ft zd3%hXNBoCji^AQe%t@g8{i!|drk3%p2_e7&#ixaS%^zZ-}FHFW3To6{%jeEVVd`g}U{ zT6RsiE9D#R zp|MOrnUWA3oV~Nt#r4N#4a?DOo5NTyCNk5R0y0Soc}NI|SPy5HxU&rq!O}T0(#fqx za|R-l>0S`~Sp0pi_uJ$2Yh)C8(rj>l$lGJtTy{F<22jAjlJ&Mby}kW;(DOZLZ$hDX z&*NRkT&WyQ%GhGHwrmz>pM2qEe6CWv`)Fy8%?ldf>GqW6t=iFuL^@lYx<^|n<#HPO zo`H<4Sam#gM>e57vH|zmzz_ImRThDSEG{rAs$j%%ns4v~o%Wl4{vV;YWyleVnJdwp zoVJf^M-G);R=+wW>z_qRO3HT4=Zl0lLH%VjeQjq7L>(NaQJz2i^QiDU zZyddOtx$bG+w5{4{s3@yeYhA)q4|jS)DU(9(2xGIPNBo_1+Tj345=7C(QyNRlL!q~y zgzpgm!Vh<<?$8=)yB@Ub0EB1u*z#2S%9lZ)I$-npZy460xwn~QySkmyjDu3dH1&Jex!+n zeXP}QfdrIv^3gFfH@MZN@n-#HE(un_P{R5uz?0EHWzrvO0Vu-e%_R^l2FXAU4jME$ z<@y;`Ya|$B#va7@`f??Q?jN9p8rGW6;&6m4i3g5*UjmO-wzEZ}G_{??-7jYy=dpM^ z%{D8{b)o?IEY6uq_1bdf((cbTLANu#NB+Ra9Tk>hC$z{p|xc(re7Y3Y10+2#A{xzX<0^Y(Q7AXk`m^gPfm-F#SdFC7BntcGI-$ZD znH=87>XuEXu6QWxqxtfPh-}LMS1Ia7WniR z@A-9odMIEt*MeFvrgV$2)7I<6jZIpq741~6IlOZM7m|>Wc=(xV|5fW0j-j*8WE9!n z-hOJM;Y5|rTARz^#D+$#%4H2l;Qi&A%lW5?nOVk!S^1OS!;i2+@wgmL#{!M{U>Fow zSlFN6)2}z&wz!(bM&r1{Y%fpjwknhk8gPKAy4#k|QmMQ?fYV_+j}RI-QE#Br0@;2( zSC7Hx!!9ir{8x@A{7bJ||9!VAorOj<64YOl#hhN}s{;I@R56&KfkGXpK^N}u=Eur~ z_V?aCpx3}c$M!tFvjuRvy@3KAo+<_bbwJw`s7sk0H_YUOr+i#!zBFH@>BqX}`k$t+Uz<(UDK8P5~2rmMS7z#l2pVaLD_^;ULy

7JQ1y zD#78BmGt#{mNV+loK$C1DT5S5ywn(FGp!^20mSN%LZMm_pu z0S`mfnRHrTC&$L5y4`2Cru2)IoNy`9MuEPA@B>J5TSfxX_PIVw$odC&f4r<4tHV~ z7*E%FqxqEAc~@>?1~wWRo9WnIx6e~JU8BX!4x9CoMN|9PM#qG-1fuvb1SAB5-d9S; zw-=z#{%K;)mE8~YG@aXw5Ud~!!Xq&@r_riz-OUa(AIbfa_^PAy3X4>>aj%tym???b zAilcOP!?myyck`r(CAf^MF#xb2^?3SkP0Cq{lcQj8R~%T2LWQBX`tz-YH&~DuU_@y z{ZLu!a=wTL{Cx85dYk}q<7uF1AH{av;yNq3}V?2JgYU?KOe%aCAg?IKaQ&c*y(q zcBxCxbLN{z@l^+zDpt7|BKVJE`|elQIeX8pZl8|NEG0eFD%2qU2ai)d4_EgSej0SC z9Ae#@J$?e^-*2&5LH*lraX@=VQHG0Zc8(UJi^o&(_&!G;gpkMJ^zeA4=H}+k)qlLB zfRdB~&4CI9i3MX|5VkZ>OC_R}Q78|W8y?>u@Xd73$>Nn$C}2ewoPOd#<@% z0S5e^6PZDQf#`HvtY+W8Y;?GR^$rvGWdUoA$;se=TAqtv~h#fc;*!nc2^D7IXX~-qU}( z66jZTG75^NT7CWX8ucDMrz_E^!;eSHSCVZmz#8Fv4H=~W_0=_qAbAIh9ZUN69I)Ph zlmIZ#oNzg~rZ0b7-yZk2V!`XEsN4X>vfk~pmP4F0>h0|fO~joo=S?g{)#dYiN8tCu zw%`{F$7u_`Qc^^9p#4y_1b==-F0n|&d|`XMzjqF1U_&V+CT~oKnPtN3K3<);=;4v zb3m16OCvqEw$gr$;mj%bdAFq5*W18fpipH*Rf_yriyos_IiPq)(sGn^%?^xFJQg=5 zHuh|}t#Z)DZlmP(Yq|2gRnuC-6q(qp+$VEWQ`Jg8(>Zp0uFkNuOdGTiqvucvxd4U*Lugc=JBnEh2pSn@Vk@`G7!WJt%K4R#5jAXgISiFYDB*hY-jiP^v<0 zN}kkv?Ln@bw*pTK7wo?vb>*ZRRyS_4{!yUHdZFSL7|Z>h4oiVrGiH+Y(3OHllS)BK z`a5%v!Dd5N?gpBLzVC`clNB03quHkXOY7&;RbXOWtw00{KxfcXsnzp&cJrh~Z#)jJ zZ)vUH<-}Kq^I@fhv0;bu(KnG&*^3Y;7mDA<@XujhG zG@lm!w+CY{%P4d@RO<$Z9~51lw?KE`_hDk+*LbC&*hmqW14+rqpw9h{@e`STapBNV z{_^~qhy?oghEv|-j3#5rqt^!%c0j+w#N>E1PX#Y>a(gq)45$NUVJS4~XX|adLMn;E zhvoRb%ei2JBHnGeA2BE~X?~!>H<_6na&+P`9AF9|j`2Z!T}yRyOD?^s?S8V_9nz;( zuK@>K|0Mfrv*Psj@@Z=0O0PmI^=G0?@=**N27Pom^u5k|Ru--ozM{LkhMZjNCu>go z4xdV??D5OFJYaq9c(_+Dqb! z?;ck!9rKm`FUH<7uBx^B0$m#f5s*+CBt$wzx&;9R1Vmb3(;(dqn+8Qd>5!7{?vxOb z2I=nZ?)!Mod(Qjb`}=>m`vc0}@T|3-m@&qf6W>PIF=;j%E2syhAZV3|9a)BrT(3I zT>Z;pl@A}e6JA>u1+ThL&qf?~=8<&gMIu3HNZ6GSI~ArlQGnqQzZRMw|NRX7J5{XJ6jO4RJpH72|g9NM5>vAf3cI)$cTt2$XcE=m_M>zMOz|kms--$%0=v{lV z4iLaH(b3WI^IrtB2@^h4EzoW-I%c%ty$q!A?9Z_ybc39CI&N3FFEDnbAPk?ypc#R6 zm9n;W48^*yFJHr0&;-@)p{0zfqrke2WV9P+Oz&f(FF|*rsfY7^5=nNx4Om49fI&!< zXo6M_JX0)9DU@7X4%-{Mu(=5T;0LRSgPARLsJ~R=u3zyzUTV_aV3v60Esp|v>87HNNuozn;mW?-;erD4@zpSAN$8(7Ow2x5!U z)|QZvSg8CBq6W7WB@i`?Rqv0Yd^i*n_W|dnx}+%7*#rCo?OpCBtoF&EVcbXYdjFQr ztrwJ+F}~7juN|HZCRX#;J0hjN#3s=bX}d_F!vXl6N?w#&zVv=s_-8UP%T9wEvbzv- zYb-;>#xYV~Foxz^2!m~J$4F-H^pt|rq#ro-)!yr|+1Xj)w3crY!FRFAA5c(O$#-^l z=c|=`8;ZmLcwn|ds!yz1iJnCDWXn1X22(B4E>O()xLF9oIDP_$#UJ{iP7^E-GlXFiIH~^O&6oh6|C+3fC&6f8)CT!fCoL#3Ggca3BJrjU( zD1zVmI!n5Fq-)RuL~g3urs?*kPAs+hR{G;LI&^2|+`Q&0%t_7S`?t6L z!rr`HyA zb#;Y$pJZueWy8L9w+UY1dYl`0P4GVlc}=8qa`Ii?Fkqq}(NvYq#l=Ow>*tT&30I2h zcPiji8q{wIMT!EzfB>R~P(H)hp^PLJR&C5@Mqc*)8hOLCbacV;xv&&4IUrnnn3lfK z^%0-Ra;%t2NazuiuVQ9vYin+vUsP12Ph}KA+%}$6XRoIos;?fs>;=KZycEQsW^-5p+7q*rJ=DSE|>c1h=D$USCIk!RNeq>?_vG?x)LFBN`?8 zVc66VZ64+MSN!R1lQ$WPd^Rlr#u0&HIo>aLeHU*tkD!x_z3u$gczySmK`HF|^8Eb# z!@A=6?Co9}Yofr1h?XMlhLvmV73NF(l56Hkr>%TEaw7eKdLk{i+LofB+MK02Kf&26({{Kn_fYbM-DjSU+9x&IzD%A0E<;iKq+ZnvhfHQ1Uc4mV&x{n51j22D@+;5UiVcm)wL&{3r5Mp!XhZBnG4I% zo-hkfO4>QG#wHDAYi$MX;A#}pB=47G2in}#5;0!3Jx{P|{KJ!jY+98yW>VNXCosCR zx0jsPx*xduv~S>hv5E?f9DK^ zkn)sfedTwk)oXv*$0CnblXdj-=TDF%e1KyydfeSD0H=0%(}A4BSq^yKP?z+L*+Q*4 z3Qsj2yA@fti&_V>$qKX8%45y{99eo+RyiEM;k;2!%c&s6iE5iP@Z^BN9~)Eq$OQe% z(XD;JCBnP<3HTb};e7RH3=FS6IV8&RtCtylTK$6so}azHf+*RVMBUeScke<3fi~e^ zyIjlVY+>~f9;6LndOz43GwllS5`hwGI#y> z@dNcvq()Hx=qQh{@C`Vb3!42PSOO-$7p4Pmy66<(;3Q7V?Iz@Q9H`GYiMY%;bzJbL+pg`<*sN_M~f z{WtRD)9WJxGmy38=q1#Db$)N6o^*_;gW^;+C&Z0J$B;*p>G5xdh(yL>i_6gVWY*WRXVr4s6LNK$hpGjN%TwovEb%;jyF&_ZZJrW{Ugt2b}_8T6>k@ix+Kwj&homeBLmJ;V(SM z`Fxq`ZKkYNWGe+IO#8H zYudgCalWA5oNSHMu>Q=E`ZSJCVdbMyw_hC-OU} zgljen*Vl{1?Dy%i+8?cRGs@dHVE=;zX|UCNPfmmpgTqv%gQr zD*h`{BL74&T4*ax%x<8@2Q0t<5qrw*t;dy(y*(#%HQPZEMkG9C#}C~>MF}nwjaeMK zRC<<)3VjtoJa;Faqkw=lV32!6=V8COr`7i*9I3JKb2t*0nV2Z#z6V?8C9*fxNg6lj zCc<2()MO0{3bH1-l|}<7(dVvZy>?7g-*&?XBYS&$ab?CqFpj6cq#3|*#f-V`zFGNJcG+}}k38=Z zOA}x657fJKZEcz74gX@7b#<+6YC`y<;}W%a z9xKnYJ=`3qSoEIEl*m-&fm748QVNY3giPb7;LV8lalTbsmyf%&_M|(`4xP<^-yYfG zWZy3E1ZDL0JaCrv$n~kljt#B}l&xB{Q)-wT@<@PIK)`qT?Bry{Jf;<1q?9?A86Ea6 z13$&G#vtRMUyNvsG)!Db)yAhg!O_f#yq;tbvu1rdz`gV;PlaQj9aPMdgsk+>Q|GA^ z+}L+MeyYWY2w7WGHXFer=fr_V3bj~bEzqRSjj9Zyl9>ayU;^O|U_4QfLD$|?# z8mK?b?Gz=MIiAZdAf{z=)2bv2-{C-unz>SrlD4)skL8T!$++$3AP#P`@r(YO zhNP<9o62-i6!aP4AB6A)Zp+9#B|pPf7!pGd?j5oB>|M4CtGHbn!=@mBS6aT$`p9{q z?Nyp&i0Sw@8hn$OUM5#uA>hg1 zX364~H3&IuY&p$Z3}v!FM;pUkNjn;$zq>$a0@!Yeyy27eX}4cXorQsJW7h8HC&1-r z$y*Jk=SZdz3z`1jnRXMbKczs+IS{Jq9sn>txe&kWk;&7t%Hn z+}UTU_Bs@#vN;||IE;IWD2?0;Tp2O8E8XgV+<+87G<0vV1Dk~Nr(KtP5@(KhV5q;p z|B2cDSK*Bi9wISRY;s!=WyW)v$t80aFi#Kms;1%c{5FMWp)zCa(+lkHm7W4412UQm z07TAuoK6FZ0TKl%3*z?r)KodIhNaD6a{Ha~hNc|q(e5oEb}CKB!_mtDv1(LS1D|a) zT$jVX6#7>SnJP8czAhr1!BtfhhhF)mv5)~xh@hzP;MXvd>ZHi&*XrwoE^)yuk!=00 z=cx+i?}rz*Y7VO`X9?aeEN(zvDykfBzG)WD@%CPS$3z}2!afolT)A+7yv`3F4ZR%B zwLdcHfQlEZ<)w4lr_mFP%EpDUqHq@YmCE6}H$KgiASl`{O9}2lm*C%$eV^X!r zqy~M;&)y&6CAYLCgjP`I(_->!RTdFutQbC!XaXvC4w>Qy9HcwW!FCWY!@7a2Yypr2 zzUL(QgB^nCjv(e~X5`1$8k(BSy{;@VUCXw79X4bg8JU^6O1TeTy(+3-xG`gu;)vYG zZJ)7S{hn8Y>bPr2)1i{I==7=IKL zJ-wGNe|~8V+@=r*7<`hDTcy4QNCjH_0UoAFPa6unrgnS-4jq^2Z?!Vl3Nv4NypL@z zhYwbJ?4+F-J6gL&;cnZ_7S-=O>J0fHi!kPX!fm@bJIF9d(%HY?s=R-?#? zwwWv5#!jRRmiZ-nEnrAY@6n~KR>#l(N%XLj4ULfyXre|ko z?>I@2YX6A8J$X9$KOq8+D=n_r4C1x{gcC)d*5~$){cXwIL@tg!Ulphzs$2_%GTyYJ z`cN)S8u^WkN&c=LsN+#8KzB+YBjOFcxD||kOjW+G2R#lcN%;g{bt&GjlrG^fnKI4m9uUP-;q`p%P zw0CnBX3*p!lG*4jkvdhmqLTlDUId}2e`W$f;Z%H#szQz}o`Tw8>qT}yC3gEruCiH| z2x1a`vO5c(0;%X98~&B!8Rj$FrA=z7M%H6i>)9~P2zrzbhD4YsG*&HO*Y)KcwVRTu z7SC^k)Ihe4#k}mR`f;3){I|YdOFimX5vkI`bJ1UsNW36?sYs@!HuL#o*M}WQ9lubX zr{Fomu9R#8ijDGgD$#r(W|=mk;K_##HxqlKaMB$GVH7V`Eq;gf!A^z&@tdDN(J@3` zF>CdOi>olh(OHc}imj>=e%xVq|B4Uu5%WJIO}=a@U!)bn{kJ1yR-za1Ij>0a>=~nm;6yvt3u($1ML_xI2D$A_mSq zQ=N0L|D|i$PZzBfq9O>+P|I7UruILbU9DFpr)9tGbM_iN>+M#5NGHdhAiLZBbv#Y# z)HwB+>~c79GXn@BBNf+_*m%2VyXKLVoFz3-|6992<(DLRkHSM|R<0rPq~|nGOI#~W zn>2N3b3tFf5B^fv<0L;;je#*&MON0+)0>wAA40kUWY^}Sk%Ys2Z@)XWh8WOiRxO<$ znBbwa7^6d(E-x+u0MG-|d5$BOEc^%$?{~G0{!>?J1|g7HD=I#)N{Ha& zB4y623e|=s?XR-5F`dNGFi0B*(9SW6ISS6_&Uy77zd2)j?0Xh=(OZsKjh3%ftWcb()`iXR5Ti{o1a#GgEMRYt&=QI4(lD=ZW6e*X1#I8O4$>kZ$4Efl9a+f&SlR z7ji6&5ERI$E`0bY4=K&~g|F)|Sru1fV{i-$p)~ezNTK%YskuigwI18UshF*rJwI{a z9GLg+MaRCLHqBsC4M*JivuaV&pb)V5MB*K^V1P^o9i{%9cD#;IQBh}Co8Ov}mBoIgI0=L*%%uMBnjs(TN&d>`&zBrmGUgwd1U)MW59UYhTEFci2%Jfa2 zNOKs@1Lcxm@*=mt?VOD}1ev>NX=nff*WUgkFOsoAJ2@f7tVF{lZ`izoaS1(2I^$qp z#f1SSDJ++$y*R(!95;pyRg5faIunXQ?p8fmD&#u9{$!Qe%l8FR@QSBeK_|)Eq^jrL zi{-(n7iCzskP(k(A!yKU@;JTO(wrX0Sapv&$m6jjB<<0bcIl{OVNu!C-yOD;g5Fla zbl#*E8pM1FY{;6%%8Aw-S93*Q3qQQL%>5#Bjd2P3@kkx!=T??E^Ok|dm; zbB6ss8>h1^FRutTGd<$k2zitCgs!W{?(Dr%Qr&6W4DP$8gN3!DUAF#k`NtX@Sk(rX zy=2G3KD<}y|JAd(a-a$_W~*|3pCx2O9tz5hPSqM78oiER zT3!Z(qn@FWG%zt7dx)sc~rz(s#xkWAa(8ZR@p5RZ5yAtlw(-dU|NuWx)4p)*RS9$8nsQd0&)! zJy0u4dw6nka&WM~+iT7Z z*|9>D6ckd1P47|NXmj1?tAE9WeG*FNXHqfY1K6{lU0qDv@q|yh3nr^`tSUaXOCIK= z1#WU%#>d2*KC#ya;8MYgZOlssrV1HTbdyWWT!q5JAmqnB_!dBv-we zzXXt48Qq+A?VT{#C+;Y?-YHI$EePPYC~oh+KFw367VmOJb7cQlqMI7HlGw=g%V{on z2+=lT=kpxy_X0SlJ7NSLwcT8(Tic7%DcTJw&COLmK9y<|5WaoeZXZAu^^H*)|7Dge z6_aX<7tBeBD@P+Ll>9z9ax+93(f-I4H5^_dTr7taqS@I|UiOC58F!im#0GK?b`qgO?d|R0HI(TLgbw!ev7-ONGBXK)w(^i-b4W#MX$Bp>YV7*mz!+G$4L#Ns6PpSr(EL7j```@{!USuc^ z1FfA_oui@VwJIJtxv<>{CSyYHh&`KZ-El$8NB)nOoyVm_raj*^z`4ez^P zVlOcUno<`RhNxd4HYVqDKhyiw{_U|Z<(_E;KQDbY2$`ibY!#XsMQ%#>drM+Cwk8P` zpIw~p9FGYUCqUM%v0gSFrcbh_9}sdj(vf8J=eQiZ34Jsq_C^q*GsKqaX?n z@$%-kzm@L$DJtBq9cU>R0>o0Y0RWs;%5Cn|(o*_0(u5O- zT>A&f#l;0+^DBU{2Syzr!;H+JXM2d`TR_0Ct*uE%F-Cc86=naGNyZ4mVw`cbPv#5y zDz+7Vd{xAqx}@txv&dNLD>HqHsrjt!N}9T0pk=Eee=16a(TGhFApxiz@S2~WH;U*q z;70Zm1Gj{SUPA^+hB`Ye1*u+QyBYrMfAgK{xk$mqj14JNX?1?Nf1-VA_oeAK6*+&K zh|kb7%!dTzsiT`wjQEm>0S`uQf*oRJuJUSnf2$AyXPDTUmJ-y=bYbi0ruZ(x3RE#nOSTnl+D}I| zYp-8u9_R}<$Pzq!d)VA4gjczPF` z%w(oi!awNc*J8pbY^o=RKaR!kVvSghiPA>sHi==U!F7Ep|1};|N0GVO74hw+Uu-xk zCOX6`UpHO(S@@HebdW*OUCUg0rr91IVH5(c2a>ci*h-f3xcK}|+vJZP6^w2Y2ZZD* zy}~)eSnb`ucH-g2Vypr>rHlKdet~`r$}^FQf7gzh-~aE`{E`%t78}2XYSo^fWtSB6 zQ=h~lH!p0(MCB=k7UH(D^FE|y6nUOP5d5lWH27MYHAXd0TZn^W(6nOVJzM9zQjG&PH`;+Dm7oczm}<9O0Xg-gdyxUn2r%ZT{jD=$Pv z!fA#KC=&=Lfa)vny|N&vUjTsvp^JJcOgg?IK!WaMnMwY$OZwk_QZ#j|eJ-t6CyJ&( z>4!uUi9|z#Ef#bgym!>SFAjOl!~ed^eri#3#Kf(>^ew{;p`8gf#A!N!1<^xvg{@|n zbXcDSG6nX`p__rfkjpXT~3d+Q6;RE_}o>V_`pGXjMHnFJQbjNG2N`IBHjPSYG02YVOaQ z=V|^Oxc}`dO;~I+^N|d!?OtD71wsZCSWH7L<*tmy`?^qz0h4SxI9T|$GFuW=ud)3ip;Ch6KFyK{f*J?>r8sRwE8@<12h6Jt zuYUni1sg%eM4^P3p$dO*K1v0~Z|@i%n2VdkgWD_q=f;j68jIVh;dZ@$&n$M2M(kDm z8K)mIJMSGYVhC$4`r2#oS@DNSGRXI>B=u3g9zbQZwX5em(bb>1Y+Mr_=mg^z$)K{E z?~A#;DRmP(@$7X|MWsl7%c3!ztvQ~q^eZ^{+OAaKs&pQA$}Fy9o6g(0EH_bT(tT6p zqzzfCR;%#ss%Pyua=m*=KxmsrR2@wOzdd`l2VCtqk(TbRNF1;^Ms)9J=$@vL?!xQGb#->un?z^L%xX*8hG zp;Xeu7~_^8fgo#$1DbLCe8wAKr%HsKV(mOd-9aF^7WX6|e@R}H3Y5%b>F?%b-*whz zkT5-trV@7vHM>5Ar;c*i!(hfFTtL6oN=+t~6?#mzpF(|#z0?Q~39+y~OQ|i!f$T|M zOD6K4j`yUqHj%Y|46LuE9B5_O`S5131G=MsL`bE?E!Q;v3<7`E^5>(+b)il3bt}fw zQizO$qL}Pvvj^wYFlY|d3)2h6j{E`!d0}}~gk0nIZSo?;LXoo8PYPj}8BGTo-=1JG z*HHYMovp3UpFMJ74Dh_i;KCs$vs)<-W4T*A5lTqW5fr8|QWGiszzarSX()~+bdsc5U`e#>6;sO1~;JieE$)i~< zztzNz#W705nl3#I3d>1W7H+wE#mhvGmmZ4BO7@K|UD3B!DA1}#xe{>*YQ=>1Do16w zK1~MeY>w4ev#B%dODsP{HeafZ!Hmp0M{A?9Rj2#aZkN@KDCw?6W~wo@{5j;o$@*wQ zW@Ly~W60Sn8G>|hynYdkI9%PIWoTO5gD*T4p?(9adErR_LEj(_7`aw#azC#PX4SRl9b!>aFN1D_3u# z$NTB{q1OqIwtmN@i4~+jfp`bjL>-jjcL_@?^9U zmBJ+c-W98`k;#^Co3H@rtoABkH#RwP9)9QKN)g$D&*|I{;)8UdIh+d`$Q6p)*8Iv+ zHn$hWfYe5?opHjlN*LMfm?*QZ z|0wBl4o$}|>9w3bF>wHu&z$32e)Y8bX%k}v!-d{KAt8Ja1*PVZ_}H})L5bnyBWCdPWW69w!)B~pvgA|&OsXWY|kl{^lmC{xYv z9e?(9oY`_z*lr@PI#!pcp{Z%H!NmFO^Yz~Ev)T|~Mb>qT4C}jc_8o`=-h&i1x4L>D z)fbH77kF4Eo-clt6OpA+DLDNNA4eg!$0kdTd}plFQxd!2NiB(%{-{g?kr%)R7`kXC z+0xs0rWYi)%ZyJ>)?6ASF;_v^DE9eAqWVeXfZc7MMMo4G4CnwBU; zWpJIKFM|%F$Hc^YM#M!T7W6|$2XYVoI2B^b?9)R#b7P9Mfktq} zm`1|*Z;vnMQA0Af#C3$G41Jw5BqT7sB#YP{m+>Vg^Knsv07~S=0G=a`GuXku$|kFkWx5lF>;3IY0PRFMSd7yLU8zt(kQCh@RoMultyPmXe?=01Ni z9mc9OYbr83-N=!dB3O8vK6-v0c4l8vB{TI~s%YrqR>bY}5xMffnvFa68#;+Kk<`8%9$)pXh4vu zk8&zLHE&FIqew0*vs?L^D5QHT)RY)UB1uR%`U$fk&kWbtY**=Ug;-m=aC{tmH3oWF zJVN8VsZ*ewq7XC~noE^;Ka3KjlR}%1j*DA=qqRE!Mu;XOwu41>+Ycivo~ucz$a9f8 z@KA6$Ix0$g5q@8#t2>f#eD%C4q_D7XeSL7pQeB;9x}n+AuIrai|yc7BIR8t#oK_48_qLqa6 z5QY@*+*c%y`j><$lBOFhR=a)yAwH~MMfP4AUm73&E=R28k8UO=mI1k#S zn>@BzomJ6kg_&)fIbxMnIyj@)=w17dot=SaweL=)D$Of@8K_=ghm~WHmaibd(d-E8 zuyGwr4#FGGsAzZ^y_CFQWIetP8+(=D50+hB({9y@!t zlon>?2H2wGO#>CPP2amt$6FOu#zo|$JU{bCkmtAS%x9F^Y-0LcWzhCFu4>Nfgxvdf z(p`^Foz^v2o|UO6>Vaz5z?K%b+k-NkZ=l`$o5Z>?p0TZ;^H)~S2PSP&b#?0;rR#Wv zJ@eD+2*<2mhdv5+O+Oq6oUE9vTYc$#iBwnaUi8Xe`*tA_#p5thHnpMLWv^e;|J%^W z&&*paso>*-W!pH}%+gqY#hRueYX62G3z4fuZ`+0wvTSvW3X7Sd5glH+KW<2GI?j_4 zzwVMY7Tk>bbDl|39UF=fq4U>%OS$+cfB^*y#Fc{tH;9tTb|?L3C8Rd>$_}3+u3JOt z>$^Q2II+GL?9ZZl=@+AKikRuBZ(9baN$iN+E53qvTEiYTHbh&k@F3}=Fm^=<9$$DY zh6;O7-xdC{x%9-G#~35`{cUmUj@BjlI@$gplUPva;YyItV9{d@PhMKuO8u<7imL*# zJKC}vF#c5Vg( zE0~P&Jk+-C?Zuit4*d3WkpTCLYkC&;?ZIKJRINGU=&5g+iXr=jcHN1S)e9-UP6N6G zE|G!S5I0xX7>jrB$OI|7Ms)@zr6z^l%ePxieN&fH#{$#RmT0EHd3EFE|24Peo-5HM zBHns%YTd3C@$GX2Lw*dibcSqDgOJSGuFF4vD}gShVwml7>D~n#-~I?`vupQBU7V97Re~SLsJD7MxKYZxZ)VkqZCL*- z6O?V6e;dEe+!sQcH_T`-c>Aj9t5aTI@+5TT@DXef4{2!+$4x71LufNj#Jp?F~ZQlebDYO zGbw>*nE|m{Q1k8c6RQ+0TLSz2g-92>!({i#>!%i{9b@Fe_6JMibn*nN)hLcW4J7O9 z9=E$ONJ&3??$6fIx$h=@BV{&!=PI7n?U83+N4U?55uD++6utB1ogWTrfn$4Q4(s?h z{{HwIwWjO5dglhE!5E6Kk!R*qs_)gYY)12Vtd_;JwRBaPy>c_t|ClX!&QGwPkrDWg zTr5txuPEA1VAe^X#lv5-l1paR7^sq0oWR_}&2S`gYW9SKs&J~n=JMV+q{KCZE{*Qu zeaglF6{a8td9a+nUGF4nB(i1>QFFxQ4|G0scZ8Z7R0pljqKX^0=?d;N|1~J&k~Y_r z|L5igF*N-YJt8d?!shUI$&LSSqAyAtCysK~z7efB?A1}r(jkdQVKDkTiUu3HO zOhL9Ro`mq7Kc7LOsT^w{dj>sd!Y>o=|7Scez0L>U_#6JbouXJeHBJfrZOiGsk40`? z(xp5oJ6RtJ)CM1Cn|{^OOx!Vl`1hrt$mZ~}RC^@G0v?J_nV`2Il*{{{G5-t(S>yaO zTQtSS4=`Y92N%~)7vO`GTpy>e!Seafl>GG_*&R@0@$ZWl?f)Ks znVOTi9zgS;|6XgWIBkUbA8|(c(b3Tr7Z=HE&>T(H9xpNAc4TwN2viC<5%y#;ficNY z|1-Ae`5Mrg0~w3RtUc0=phm z4zK^tc}vKq&FtrVJgl1aIsqt+lh4o2UalA6=mGYi!fZ52q^Y#K+HK)?4#P7eM@*~R z1B{2J7w0rIG|3;roE#hqs;PnI)N!j{J8fWz!D^)ZRkOt{qvyTry`jEZ^XWC**273C z_X=)y`V^V0(5omgQFDd=-bKiF9U>9W`t5m8TPbqB^sq*g)lUuF77!x?B~e9pcek`{ zrBSfqe7KVoCMow(CtZ5@UDFXvi_uCk>@wy-xy)T?e=N3#npSQq}K6F-;vGZFf0=OgY_)W=`%NJQ`5uDkSuwZ){e<{xs`mj zo2s*(PTLnDwAfsV3{j6Js@T@M$D+owaa&96)$2~S9*VsrE{?o$+`tiD`rv)_0jz2Y z@4u@WIAC&gdYa5EWOT9JCk%;^Ya*YtZv04`^WhE7)z%h9+;uYId@clgS0w zhS;b#MhoEVwkP%e&oUbas&!kR?IVVd4spfuuk4RgsikJL z%KL|h&+{r~$4?w=9QXH6R2ZX90)s`I8sD_yy!W#8ERs*y7k%Btrdm`R7tfCv2yfqQ z@rf$LtSN&EQHWa7%9ky;W*L1QQ+8 z-RX^CTm~7~t~3(=v3d$gz=GhDkqLqVHBh&@5oer)D@G>ZXb$xDK)D*h_@^|e*dt1M zxqOuFbv(aNzle^^(n!(m>A6UsdO=ro(a&Ea4Rt2oN_$O3O)joK=R)V_#n9dt7Y&$P z?XSW`u1zF-FC6@FiW-hu*qSUpGX_?gB_J$UWnx&}+*}BqX>B?}X`av)s$GO?6r3FI z$MHG*vU{lQeC&S@r~q-q%1vfuO}9I}k%hy~auK`QRQES9r~>X2a~_=A5c&4v7_2LZjX=Vo}XN5 zH`;QI>U}9yqw#!~pH^n&JGpsdiK-M9*{m<1 zxJaj$G;KDjx57be=GFSIPo)4fGBve6=u@VWr%W5s-qF!zQ2IvzN%VA~W;H1S^~Q3d z9P|M5q_2Gh+yW3Q&|U3YRCeG#PHggIP4?$^Ei@|a?d&3cnSo{m0(L9uJXzeHYpGKF<%D9tbB~)l z-)2pgTN+OCq>LbQ#4+!zm5da8?m1Ml)|uOAy7|@J9Vs`b zcR-UUM@TdW|AqxP{z{8vL62HFYinXRUV8R9Yfa6k@M(`<(Ki#}o*X*hF(T3ab?d`*4*sX*x&}Lb1v6)a_Pg zt6l8+n>&1ceOR>`-B-HDVPQfS)(Inx!oqfh4MOY7ge(MIK2@{CS8bxIgfR~se$HgC zRm^(K=1GO=)5%+YoVsYw4LelY%U-cLI3g}<|Ms~ncxVoIM8s;tvV+;E_IER{cT) zC|*RI2d(}9BE*xO0gvvVxHQ|J14+0h9^xO4-;UftL1k8FuaeuI6U29Q+^u!%n}LZZ zUCieNEpU!y8TTC>eF{@WM1Q%NX|BioY@ri7S1?g zi2Vt#CH_6g@=aFVz7tEEVeOGSs<;dJS$;EZ;nLKt> z<+ZzqlZ0h>CAIM7iwWTLWoESv@BT$XyQw* zRY&05-wfTJTlI9qcQzLr?Dt!)mf7UL>fG*i$=?u<<|*c2ZH>Qo1LwkQr+eMS(TZZk zQh%&gAaL(|VJONae%Q3)B!m;w#d`PTZX9_4$t{ykjnQ2by5?jJnzPc%c3 zkde+nnIB}${@>^+Z2*l5G;DJ?Sb9a(_D31cav_i(^6Ar5sbMhA!hjS-MbRh4uI}!7 z&uhuViRbnb>dad8UUFc5{$~_@5CDUgML1&JanI;jSb9KUjz$%QMn%AUCh-1GO!k>d z9JJIr7}-*{*Z2Um)wh=(Z?jIe6Ac!8qmu1SXJaq!r)?p*hNbhWYbd^YecafIr`P`TnyVAhNdY^74vVPZ<&LzLMcTbLr(v zBy3KU2;Ngb5xTuno8he@X!j3QTBKTevJmr;L`MQvPQS>Wr#l6+AnVmgFyPKPu};R z6aLlEz(|`H@u!5f(bE$g>))n{%8VIxZa`-xDOuYYnKrsvsNFz9NVvMW`7X;+%ZZ1F zzu;H6rRd}>;h(|RkyU?rWU$9#5@7}WGw9UX@dXeTPJ=34n?+g{jY`F3(z$m%4e{l; zL^vkDI%^z{O}D=Lf_pvQ7#=dMu-8%6uK=wL%;e;HkC|dVp=yP8z5pbjwH3WGW5tj0 zQyAjCBmsvG?*k+qFmYg-4{ZJv)6>a;Os496*-EZn_jbM_BQi4bwdqK`^^Lo|y*=nY zV){G#IgiSt$|D}Cn@D&;^M=Dl9v4Y13gqS1YQmmARUM9l$aVCUG-&>xT}sKounxp# zy7Tko!-CS~Y0^1Bc)OpsPWT948B~vh4jlYtjKw|Y?$^?#@B+~$4cO5=2s#bdNXx-j zlTvFxX6md!GJ8hINp|laucHnUCoSM6-&O4}M&;VGI4d23&K+*{_K`R~nAIOYbLeQP z7){?L9VCUIE4un?@@j{JY#g5>!cf0|rc|~N-sB0|o|L9HJ&2MXuH0?~ZJ2;t)n{E} zY%#4^Sy}nD{L9wr{O3&r%cMg}APhR+C)SnE7+H#yO>d%)?_^|EH*n3v5i>Dtfmoq7WZ)s`mioKEknwZ$y(wdg`t)-=F%(DE>Fz>7K!Ci`dh7{C^t zsdgy?>%2T^4vbKh)nxpaxb>YC6$k!jOiXS&E$w1KRYtOQ4h}YFqcTSr5Pjy^*%{c( z>FMcsZ#ufV%s^MH`ykV*djcHI12NfH_S6?{%85r+L!%^dvRfpUbBYY1-J0W7tAFmK z`##CAz~Airqd-J)p$dV z!VUqlv~EuOJ{;tF;7JrO?Fd;59}`>KJfWkz1+A|b7#M)lm6nqu5W92d&e`Rqn~TeE z5nP0lGKD!LD>JhY>?+XlPYex#xc%;X7od}atB}I@ix)4_GcyUa=xAsRK^Fi}%aeaq zL_#!=fu6uYRiijYnw1kLs2_hZ3RXU`lK^p09 zR7zU9L0TH6TTrCCq(Qp7>zkbS@w~t1_g&X_ef)QhvfcN(*P3h2F~=A)?|65SLf-6; zX5Cm7wj1r!zm*FyH#av#Cd1)u+n#|mIC!kAz>z!*JQ>I(A~-Nul44}wJpq;GTm%Yv z0DrO7-oh|XLf-6b)?*s!1m%OiuDeYFL#2`{X|uCzWDSw$XxFZyQ`}+Ec!(OAt6F9T zvLHu{OO4Y0s7GI0Ne2`9BxH_t!(~zAx zTJXXPWS~1cRpg`BU#+L@+Jgh3*V#G^xR}&`xb_nJcK$=Zq;m|4l+;vl0>q_-;>hoE zOG=bY{!bU9pPBA3J9C`=kQOYsI2x)_tg_sh4;DOoQ=;O-$69D}{aEK9v7q*-)HVnI zZWF%}FV}1IkWbNvCy~tr8VUV6yVgI*P42m~FT`5hK_13hUmuV&Zlk;6=DHk^QYUr& zI$C53>W%*ZJ7P0%Awc|oiG5Kb?M~3?m~$AI6E3DHShq4%0D_Rn#axv#W5>nKknPrY z7r$!^29~?LaPm}37stLnALYmcFLLPwfivgXLAlJX>MEDURU)~z-+}u}8}TuHUO3kH zj1N#FMV8DB4Zmb&E_h%IEN*PDc$R}B9MHz)7B6viercGtx)|ZL>jQoBr0iZ(fArC-2P#(d1m+?!w!G`Dd-QD#$l~!ikCwRs-qP z5vNV-{BLVDKpI^m+33ezm2z@R!7yr21Qb}W$I6qLfK^60!%IjhLarg zT0Eo#;fY$56lpqANhzw-RHe+c?>JRjV7!KNx#mDAJRN%{txlGpBZfNx^LHX{_phcV z0I}HF*^A*t^xg@kB7PB(#2(<#|3#*kXwn4}pikpU(;d;(hUEO32q+yHDavPJhY^;q2FciywIx2}qg zCn3e#`*AQCOw6y6T?+Sp^x|UEbxaF;`^h5b16cdxUVoO#$_l)iDAyB(QToj0`X+jt^jGfz>6Pqtpdb8yRSzgaY+Lu})ZMeWIwWAEi*L z01C%jw-OJbcR@!tp`pPb_&TyK78jdhx1*!BK(@2`Ch#| zvOx@rVzz0PE`^A`>r1_547&4n|6W?%D|`DM%iFX%#|)m`#wFnEh)biWLA1FM5;DxA zz7ok~vQ$t5P)=1$sMGRpjI6!Zdq7JY1_rz^xq`9oafp-^wOL|@+1L)RdyfiNOgvKUXsxPkWwre)@E(}l zEv>Gqoo4*`^XL3JSmz>~J+0i%!lEj&L&|hie)%YUga6;fdKAax z6=>MMw5uoK?u7#;EGDJl>tn4{s6m1JjGlz2FDBkc*sFiZ<$^`SX%IMz5Fy%Jw7lE= zj-lw@P(gum(fk|PP{kZ9Z0sn-S@n|+PJnIjk*lL+1;FWt^*INtN>7}f`A*pPNvuDH zhaEdr&9O+hU`o$1JnzKBM9s41191TlLq;8C6RGq}SPBaDg15GlAEA ztC2uj;3y5}&!~BwI+P=t?q^^nQv`kc-`nzg6DXMz_5Q+jkmL4sYOhHg3EPLwXIT=xuhiLOFzBG+-}Zd0)R+F;(t8b34g z@2=AtL5QH>V9g@^K%6)5<$GuEHqy~$z)=Ee5Bz`;pg1qsPqC<$N@Vt32FMpE-~oRx zEG*0mM*Uir#?K5(_d9?RB8@SR@tN3rSE2^ej5&$`lg+$Ym4 zxM5M`b{740EO=#RjT9H>Q+WJk7`%3#QF!P_hN6c5^{bC2;f2e4>ER5`_0gP#rX&}k z|KtTzQ*4hPkL4&ZY-Sl1O^Qi~-9Z9Kgmv%Cq-PDzvc~y(=;_@0K(?N~K5nT}`+EP0hfGxSbNKcMOPONy=TH`YE`$09s(xx(3n*{19XSiXE1iZ;b9kBU;# z#uMvV{c!DO=!T8kIUasf;5`ByoJZF4?Nz1L;FhdW<9x6&DJUS|Hsg&2ww_6_B|WgCtjcJiNVDhJt8`3@~{Ssk%&> z0Ih=Dbxr&xuEsnomw- znrnI?DLh50Tu1x*`rL>O$jOtSiI#FeU+9WBh;rt>!UYHrM%)k_4;Y;ACK6W;0u0Q2 zk&tN5R>*;K_t5iG?__s(cPO*b7+f9T5(lx3;`z2jgm#_T2l-4$;1qURMLAo8CM}#? zYN(~r7}M*T%(*JE=wX&iX9ACqOA*I@_cR;YcRbE3Ty!uPA+St(BXPz3d|+Q5Zrk)g zxPJ96uIavCKOSwJ`u<(k4q}q?x>Sf(G>iIVJ9Gm~4ry-yf5;nU>)(c>So%)J4K0Y3V z-=;3rVp+Jz-@Tfm2W0$d-NhHF!Ju+%B;$kOK*7*af`+3IHh-F84xIe7SYYvlX}XV> z&ZN)kMu_RPv2^I~KstIXc>HD80<7#IGgpNe0|5*?d4Ffg(ToN`z7KL8r}-EI4aYgW zEL})BH(*xDU1>fF&o7#FwesZ-TYp$}epR1tw;?}*d0jlevmI=cBTeV`C!OHn3(WzR z+QXD$b45kCEQ(A}Het!ruF*|8%mnJSMZ#^B3p)w<@zO;H%s`=z1Y~>ko&M-os9+8k zLMV|Rr>0;jpJqLJ%pjh3G(^ZuV6Xt5m_@^kdNtS96|_ze>nsOWR|`#r^hU2+T8jDM zFF#<{ zhLiK4A+cuV;{-{Oa_p6nfyQ*(oXB)86uQrnA`*<9_oqTbWoMuL5c(}>}YhFE6kA(OeYtUX8#)9;%R4dlD{-&rwlByc^Y&{D7Jr z&$UJU*pOf_wT9aW@_>;fjdN>SlSzo<6wkeXlYx!%0Zam`bvd#EOO(|d2r^HMdVk`_ zfFcPp3w_;F{xLyT3W~1i8Ja|gH(>b$_9EqgW=B$tYaF~NDR}ZjSDP#E#t-QKg-L#FbU_m@cCGcz2@Wue_OBowU>2p z=z2LPs5WW}I2U^PW%R(;`+eQLSFscIA z>2WWdGV@9NYgk!5D|_&6UM5*+pAZKMowx$#ii1q;!R=T5c7tw33HgR|E&mXJB<|O3Du*}ZcEQ`l; z^BbxUMvIMX$!o^{B9Q6Ys!1hJ^YfYY+TT5X{8+rK;cZ1)9r9x>zq8p036b+*GkMj) ztY*>LK}QG-++aR1ao7*Y+QF~w7@!JKWDW=pzSwFahqTp5HOd|?A&7XTwpa`l{*AIW zzGstCkg?8COQxB|NZ{YO{ILS84_hf$q{6YU$*e?$u5PujtRU|p?DmHbf7UhtvqIBp zDIF3V7WK+qczMPAU}AR&9W*Q=wpqAq0c5#mn`8uuH*t@pzli{Z}z zp7kWa34p6CB-K`-LwYPrAMuj0o59*jHfsR+@%nS58;m}H4v0vRg=*fQj&LxC>0s_+ z&H9MIyVecJ!Sc}|*Oo=AHW~f~w&S8ig-pkINJtIDA0zF7PVwTx(~p;&xp#=hXao~< z_eLDwY?kfn3z`L!!g z<;*eBAc^F#9OuD)cSvv)OOAQ9SIRp-1?0s8O@O)MS^^*qGhKDR$OImE(jHVfq}4fMlJOnFMdKe7G`M5~ zOD--YH38NU5cL#uO6t_XdayudrhTao*ouJF<_swAY(nD#d|OOLOY>y2!sltv>onZ~ z$8~dagAHBjdSVC3h9?gA4%EVgidU~b$!76c9~UE&Ev)UkI$L2xhOOc2*Kq$p@|*jL z*5pVJLO3|bI3FzO@a}?JEx=}Qiico+({Iqc9yKATV%mYs;u7r4jOTz;f<^fLOQr6O>;tbE$Wqa{@{Y*bPuuX1j^MkbEK zob<_?*S>Z(gT}T_XX*r0q9PKwNC#)fh(BXc@B%)Q_}F>`KpRfeAU@mU0Gt$=AD=o& zc^#acJJb*Nn+?1pEKz0}ss(I?WJ87wpp{zXPY_6JKQV>pC}A*p1%U=5=S0iHZ3G#;8}W`~okdnHfs{ z(JFiMJVnT+Ibdr5yW{fl!c}iO&l!<_KcnL2t|)Xr+NiRz2ABpS$~{iAfS{nrP!(r5 ziz}0L?xLgN-lrH8VCQDWP;9Ol%M*7~6n#4Rc2yGV*o=qW@^9^fi7#-eiV-6Ymd35m zy6U82Sb3$7K5J8A@Q9uCCM52r+jo9wG#xD_KK+RpEg<83X~s|J>@fTI$F{VOb=Rz> zZOXrV9%z_qDX6P@)zmI!bbsOj)HxBb1IAmU^>vMiukif&&7e=ns@a z$3VZlf}u&;CV+_~?v?pTTGNX)WAO-J_vrsAbO4u4_kqiorHyG7vhS4C4}V^?r6#!! zo?kZpK+rv8&=m01{c@5-@05I8Mn^3F{^5+{NUnO-ezf}rt*3>pwX;qut`RQ<>(^&z z$EBIuv-PHA<(@Q)!9H+BdznG+&`LEK;bwx|2(NN*&X{ zyv~S$(PR<@SOA2N?z`K=2dw2|TU%SRP*cH9Xj5DVXfx1{;gbaQ3iK@&Iumxn2}+gD z_ff`J(iCX$8Oz&nzMn9RufiL7{W`kXxWKe>9Didomx(@y%zPH;~qH%E|hDnO~b5 z$kK7nvRe9GyX$t^Vz962B&boF`{CEQSY&NY;e*(J^P}|2y=5po7L|(hZ+pD+!hsu^ zoY6J&up`#WN-CafBExi4HePn|hiTiHUS(w^rsEqeWwS4M^LwHNxyQRZ4Q30D&W@6V z2P9E3I1PP$m-}vRAl8&=`a}w9#j&w56YRJr<`XG;;=)d;AT8NYAJKG^_ufa5{{;Oa zp%*WHUynbE*q~{wnO<5__6w=?3W-$5Mn@;)b0}n5gp^AjlCPmW)u{M*wV%?)_dRI` zX#47hAGDv|yQavHg>n2KRT&IYDIsRa4%d+fd zC5b|qP@tk)VZhBBjo}8fkyTYylr=nH7@x%3r#uR$zr-qG9F$`T1eiCeD^oWUnt>I_~hED70plgrCYV^As~2Ok<;G!t?gFHqr&PMCN@V4e z|2C(6!PUE7>tj$5#?6~7;%K>jOSj1QUO^KPGQaMeppMA%R^Xq6g*Ap!MlrM<;9Pd@ zl28!W{yc6-Y%zRAuTZ)eg-ICn{x4XZ3*Nw+uGVd|WYi-g1G_dX7O8N* z@jG+A*$^|;5JvWMA84L#j91&e%p1T+(d5Ga`}9^gxVULOhVT?n)Lyo8BfgcR@E1U}-EkgMYPfTykiGnj< zqtfyJ1D-fUL`&3iQu_KrVq&cjqFh~EMv6^W*5`$W6rRW)GmO7gq>Xrj`XNo> zefkB6&@rf7uePnCLpvGg-({I!pC5#T18V$Bc(%??vS28#Bl2%&9Z4}{T;f(+3zib; z1=(yTRqe85|B!0SX;$xQo?sGMVE)aG@sJQU|M}^~qYYTAEn+AB%|Q)}Zuw$9qDQ13 zthT_3Ct{lY@0Nde5#YMca2E9pdaUwa_$*nLSV*w{G6FU=ztwHD-`4_44vK*3^zXmF zBsSIG^W%~mfOse7|95j-z4b6_@gGw6fkY-wBPvRLV}bO477_j?C~^KjXw>p{iaAf1 z`1!@7m~tBi8XHqpp2SE*))D{xCYQf2Z)dc$WJE;dZf>CaS}#TDN$}~w-*0sJ=byi| z_3DiZws&^^MPM%f@4J)GVH3JP$yopANBu8rTb^m2Id47Cz2w z4WOUAN6BYq-o@N*Ztaw+jCNT^HmrYHR3Ps(97%gw6%?G^KTzHajCV~U!Nw`X-$!^w zr6wAnx-~sIlSq0rK-2bw7>o47gYwF9zWztE$=(#fduw?^(n%Z!=VQuuscSe!i}cZz zh!LMd8QL-lNl^bj9?9ge4zHWq#ah9n>v+X;XD3vulmX)?7UljN)uG!n)G#oKwNQgM zpB?f2EagSg8wZNO*m`AjvOkJ*qF?iL-|_2+;0k55E` z<&MZ$2>DQM2E!{24fmx+@4Qhjd$$KlUoO}3AnFRNrNiH~oGN7gNlwN$#hRxmuJpMY z5>>mUe%7OguPU}G*6An!A6;|vtKa&|ocXRz%1>NnvCn>tGPm-zw#I#=u;qM^8&-G9 zE#yKDGsx#Zn;da#;`MNrVB>+_$87&RN9rl8E#Kd@z1+b6Kj}UQ zF5J}N`=-$y`d-NCht{&K3I~VXNc0jUWrPUOI>zq(?`JlJm^OclW}*%g6>|rqUo5Y+ zWPZW}SCOZ<@y%@{fY3z^P!6^07sc{!0afK=FzMy@fFBEXp`vMxTh4iy->{UaQ^B#t zz`!7mNk8iq#l;C(IWieqSH>kO>53JGY7Aex`ucj;g3VH8-U4nZmM%++t72e!?UH%) zmqvs5+{Xn&mF*N270(TTXKEvcQSpy+kOT%6;>**&>+&?c$f!+mbU#SYZftjwip8YRH93y3{OlBL)<7uHeam5766bw z6As{HWIZwVA=i)9VO_F49yKb%a`HfCeM$i`ZR?zSrAUsgwY6N9JhYybhn2I+WYdSE z+rGLp>Wk~^XW;JQOTs~+xq*0kZCdAljws@bS`Zn(-Q2PQg{K-b%y342Y|b0qzWQA- zS5?qpqJfXMvb>z#=(M|-Q`5Zrb8X(ECwqh0(u(AQmfHo^3u^J|Dy1f@+NY36aePWl z*c+_g6FmDfw^U(&U^mJPof_c)H!1Y3;Y{)}Z0r-wpGq5yuA1n#i_911+LRJW*d(Ai zb|UUchxG?=i87mpu->2zipfhx)VC*N%(R)i1Y`T(<-%e!^awk2av&;4pr~%j174*p3;9z4Y6L(?1`*|QpUes&snCR(81Q0<% zLAQ}MOQ-11@3n>Wm~`u{fCp=jAv=73FL*drMtmcf5(DjWK<>aD%ULlQ^zidzV`@e{ z%03(MuyKkS8P#p|ism=!`e1E!yB(Hcc97jbY8xV{@rEqHQe?C_^LuU{=|#Z0~VSuKW9a zjewrg49ucOqMwMoM&IfSo^%}iqOJL7e*KrK8i`QRGvX207j!Qp2F7wKDl1#@to(-` zc!FO(1gSj5OoOz0fkOVne^M+Jl=?(?V*{xD8&hlt>2Wbqho?T>eHM4=uFIZfjcetF ziwZ_#oSd8n1O}>4Xkx;OalZB6U?x_o5n~yMa{Bfn4Sg8qnHaJ!?>Tw&+`qPVO{i{P z(7Q1BJ+M)j5;Q}xbJT9}p0^^V$=R0DL4;^6c;NGEc81f@i z$S4NpyPBFBS6A1xwXK=NlewWuPn?#PC@-A1b!X=zB`e5}a~m}~&6K3+Jdp0LkE8~J zw8C^|0~Ac@xCXy#RHF*&j`mvza&Fx41zEsNiWHswn-uYvLJxPLAW zeJ@n0tEQ}~-@X;4aVOzncn!Z9`~umo>g%Zl9ag$I`jh(lbgq2=Ukb~Y;oCXR-8Tkphff$haR3I1 zf9x#ObC*#yPthpV$rhX9h5W7?#S4HY{%P{}75(b9#|JhVsQO1Sm?|ntjZ(aDAYXh* z0wb#N2Xd6^z=OB;%i>6hhw1g@QxV|^zpFX90s226J^;9a(=ghm>eK|cA=7<%26lae zBB@LmP5y*9khzn2xYDFXqd?YRSXRR*OC>>y#`9H{d=Tg6h#|+K4Ucuu@Ia%23jJu~ za3ic(x*{IynDX*d|He0^(Rkb6ChjT0=Xoio%hKUu5Eu|(V`Ce+lmf=C*M4#8tIP<~ ztT+-!2O0-D);2g_0`=vIajz!gDfeH!34;Enf8#gXQ9Gk5)iP#ijeY)pytjOAyY8am zbo}1Kr{RMCry_cY(@G@!r=HK8F6S>jFL@yf#0>E^TPZjxTh9ZxS9|l`F7Q!709)_Q zQe~CyZE4AR8znq=vD;SrCECDS&=f9hFv)&n$|4;HsM_>z!-=^D5lS)Gy~W>h;qJ~E zK%#?8PN{hf6&WEr2Qwks?2BxNdl|b+?HKj_TXaJcZQ+Wo_KHcj4Kl@srUQscvJ~t| z7vptUMLlfVa-=1w!;tx~aO?R4CO*wc^YgDI=u5e{C~uz(nz*04Ta2@hY5^9BaP9idLqpz-TnbWhd|j{476Ra9V508bVA zlpjT-t8CZ4oo8y^`bEYTBeBq_S?+oQF3~bPyZ*UDB77^86VMqAIZhdElT;uU$AVG;jz*z3ug8b-;&n?y{f%(J3ee($uvlm ztCq=Tc=`gqOw{$_KM<&Q)n^%rM_-9GASYTt^Au*r{hW?TA@A8)Pwh%Xu88*n=Y z@d)t~6Kv3pnpRSS+1*4sAfVd zs~EE|=ht{iY>x>Ja#qEfw4iFW&kP`syrR-*?d)Nb$bF`QrB=wOgz`ep>8%+vQW$t! z;?w9-y>LozkAm!l_up$#7H(4jx@c37Dk>_g$v@V}%-(92zZFg^CAG7E@N#=dAb%RRpywJr~hY-qg$)I3IjXT98S zMDZec{aX9|wV4_9+cUwW(xns(OiYqu?hut=V+xgs6 zCc`)Cjqlnw)z{Yr_AFx)+p2Q*q(*t+ zIaW_98kl|H-h1%3ctAuT+s{#Z4Z(JOV_!RYUm7?(=YPXEBupIj_0Ra7Z3JECO}5j; z@%>*iN5N#2j?4RzjF*hSzSwa`U$z98WH|z7?S|~Nr+BP$!1*QQ8|3sI@Jw+>i3c``Y8#E|&U)xvEw8ZA?TY{s)HQGxljaR~`b zfwU08hP@e8yK{g*kdOeGkQ%dn^^Tidpi;ftAtLYB#Hrf6$k-iq7vQ#aAQG z4^A2zu@PVH{~MCi3mtdhS{FR}Ipf$nTwb0kjYUr7`McD$X*H%VJ|5#%zPxb+4$#2G z#D9Qn%mjvfXQpKY#U1v>nM;@r=C+jN3`H?%!pJ9hbqDL}ZC0hEyq*AQ{Y>-!XQ!qs z`0SKNI59~3!tnX|^-gC~9rk+?LVat+qsWiOz{_!zFTy(N_!=Fc?*S^Zxmqi)vC_2^ zOS}hdhU~FS`gD^|pj;?wG~^Jeg7ru~8e$H5(OM^7sT9MEq|%*UScNzgX9DSo{Q_v-_UD<8y6zGOu{{3W&;t1lYB z^z|3M&JCeP&MnqP=F*Sq=%pWJOla?ad4X~*;+Cp`z5c^jRZBS!Ix?JiVO6#mmF&%3=v{qU$=7&EDr9X)hOo7IY=>w z2}bNjrI0Hs4Lw5T*gVdR;JF-qW~YS+`0GkZ;n}?t6}lZKn{^ez!cy@4yCS~o%Lg)1 zoiaC0ZXv#h{7hTEqUG)`xcz`)`g?Q_CE~M=Pjij4UGABkx{%QP+L)R-%LcToYAzG4L_mszm|C5Eb3tjGkiGaUL@duLlowusKpsQL zqdPm-Tm$XIodc0ItX>4qkaGD=?Ra>?+%^s&en1h10O1X0!HQP zrw+UpPcPo19;>eQQLr@}-?v?MaA&nwwDnQnY>dCA+5VN#gy4>eTYLzmcOVIC`*D%^ z{>qMioxtGCj|oz?)p3eLiMK%+hJGoG^frOiGf59Lf>66HVXCH;?_Hua2R}wyaXI!T zYy7s>Q0DI0qKk}eP2?&q(EA=RC5VfQL+&C^jTiZ}^eMiIVwM8CB;=_(JWDiA7VJzB zVsM{n6wus!hh|jcQ?H^gsUZPX%2K?8HgQvx!>%u$cQ+?F+PMK7k zUef4T`wpYY9poE-JolHk9@IR;*1z`if;cGrcaJD00uK+*I8dc&xtgzLN+#9B`r#QB z-o9DBnQY9ik)&7ivxi|V;bQ43d2qiXD@rBNG`g%^^c1KNfbPmp2VSn`O~U^jod>Jj zz4I`wVxCZ?p(no3>b$1OzX#N_r6T|%*A;#^U zlmB!-$=}9p-mw;3tIN}VcMM=5X7A8M_W6>$2nv6lC#Rq&uc)YCMY8Z`HN`@auTk_q z1-t0ywzf7pzi)k4U`8e!Lkp6H>2-<-(XXcj@I8t=P#*nj$aeWfIoTyui_P#qk~TVd zB=$$JVWI}NdbNCf&4`A8%Gqw7D`WCj7n70Wo1)_M%OP~>J}5>5x?@> zptQ8IYS_LsitWPvuYE|d>+*`73g4e0hu$%WCZcM7uSzH^B*RFyrInSWYm2YzCQ+f| zc;RN`&+qN2lP7+pjY15y=O-W~EHfGI)p~?@3T+kWWBFc?-9|2IqN4t< z(-wFsISIh$(fVZ=CR-_eL{pY(T7FHzh|BA@_xU;^ae+IClJ!xOC6A)8TyP|c{xg8N zSx`^Ommarw-|kmQhncq|(48N*nu4PDfHET!Q+p ze`A`#p1&3_(;l8(dk2X5w4jhD&M{{_g79Cv{EWR+O9f)- zDTWwNh4*dJekx>(Md~#Myrzyqc_)-N%_Y?!Lg-E5ng(y@CTf_+C**H}>V2g=Ih5~r zHE6Qpsh<^S6ezvzhy87~ZstB((?%s_GfNU6$!tz>B-T(;}+;#cIdL9yt|ZD z56po(KOPQ|Fo#}4GiRP@dyb)!*>e5 z6YKtng~fcj!3&5im6kI?Kx{=Kk-!ieEHzdAR#IHt-`5vbod_LS;K_QnIV>dDH?REg z!LHkGWdI5Va9x1~0Xi58BKOUyXC@{l@Y@<1iNH((Hic5|YngFZ{!_M`0U)AsJ8tU= z33-Qw$-R2j4NNN--$%3B4P*`A!@hR605U6dPfG|vA}TH+5peX;!{fOJ8Ws%SIfF5$ z7#`GNm!kIHC2y5rvYlcM%o*!|F+Z%@4OhPjaUnpWr48iB*^+uKoaKIx4#V$B{Ya7Nwq(|JBNA$4+8Y5b?NN~4pshBuVC6(GSFV6quE?M{Y6~~~VuRI9Q z6)SWw#JeFy~}v^VqEtB7ix@3+D5c!Q~YdDDONxP#t0ICQ?!!?1aF# z2UcNUeZ4kJY+UF{Dp=U67{W%|;@cse)^jQoLwfJt%GA`;2b(}p2@MSe ztZF-U)dJ|FAR~*4iV7=(uLG26vo~-40RIMfGDbUtz|Hc$MGEs3geM}Sq9&n1-ktm$ zx`ua{4?z}em(loPj}eT>;7K}TpD;Xn^l7#g=Cy%JOTczHys!)U#?YA#iI1-a^3JyT zbLCLQWPvLWggwSFHw@C( zot509euaZQbaeFZy9CLZ|NSl#>ne8eSAUmWM^xGbfg!%J_UZU^DvMh6RRpDXqeRkv z)+4gOTpT!(9dLA@F%EOOfbG9gcOifXfH7-7 zumyAFGCRR|0(jf<%F5hsrw+2CVp9FkYXvF_VEa~BuoDHX=P`*u5x29u%ja_VX!u1+ zH++6AS4(xLY8JV7VZfg^??{ydF&aju@%7<^lZaz^Bq#Aua zJ;``3R*-9etd&wI0JzQP;FYvKS%-}PDvt~BW%Du{uT&huVA1mp_X|`+f>cy!XfJU1 z5~S>xdeeb4`<3xzKF&NNBLkSrz>02^k&)5U(}RVA9{D63IrsCU1yGOO!}JCMe6;kH z8}HzoErB$IEvB`#wHN;){7?3+>`YOUrlZg`_;^<_vtM9gzBGcn~U$_cN( z1!BZ3FC|W`IC^sCmH!GGiFHAwl%k0Em>4Qdz<%E<56{{<31vLeP*!*eFw!Cp(H3@P zho7IHXp)2^|AjD7e2#xxQ`j$TlI{z^^J|~P<9`Od`TF`4Sc;*ccf7T6F|IX>wrtE$ zN_cCFP#WH#q|gq1KNJ-ev9fpUQZ+3ussv% z%)8#0?iAMW<~m)TrCliCU7wfGu$GSoP~pS4_cW^-oYUu&`tmaj^p)c~B|D#(kNnKE zwP?bRWH=#qT)%da0lEXL>Q*;KFbL`8)oa z$!G%u!Q7mk?d|P@gOkj$RG7v2=x`j)R4g{6;GJ=GkojW~A9lJgSVk#kEwG$T%xAn4 z^0S|Cfq|Zp;o*1r7c||m7XiR{5s+8+Rq)nrBgK-nXlXK9QZ^DTP;<4 zd}HU{syV$&1}vw8PHL;4ih@laj`(C;G$%uRa==4CywO|mm}mNYaZq;wmkxNgfZ91E1QZU1 zjH7UKH8+b;Ok&--RqFT!m>qt87(1jO7b~-x6GIS!KJuju$bo3gA*!*cks&<2y+bin zK#~Z%Mm}BEcCq`Jh`Vo;hLdk~x%)+JK>>?V1Xqb;ZZUT?Ka7;pQ~tSs#Rl zX?!_aR$xD+r=`8Z#UmgPejxD%Vk{(91je5`NVzQTQ&K)>jsj9xy^9Zr=?E7uuabg7 zNE`l@eo%w)?ThN^>V6_WzkM6~;%8=Yu?+-s1qB7rOu%QtY`^nqA992iP^F>7dw53_ z=Dq{Vv0WO*pwB>41{D$G3DeMdxVV6X21i&l`4z<2coz=Py3*0zK+J=z4TieINr`c1 zXif&PvcJDS2y8)9z-ck{lx-1)2v1MTgk@DZ?a^oL6|Aqk$8l15g!tF@9|yU3WNm48 z3)3VbB;*DnCPrDk3NF*3Z{HA4=_3qFc=8nOR|eNIBvBDhX>YFgv))0F@zE|5pRvI! ze%x0bZg<%H74}=P>D^-26`>t#$v9T)i}%kFn=MUue+3dempOOee=McT#~i{+u#+ z^oO#5{@A;{6}#8wtre*fHJ>KfKT{Y5FfuNR%iv1(&2NQj6c{K+KDOXdgz=`5eNtAL zro5(Ub*@gH2Bn`w55p8lTQ`le?HZcLI3N`0rgo zNcPP8hTP}BIA3Q{Z5wbuJNOM*{u?2+ohyb|29UHl>r07Z9Y_m=CAd&Kx0j=|+@aZ=oKy*&5Lj*0?_l5s%uvKe0^J!Caf^ftW`y$b^I!6?Yf)dyJmk?+ zjttLt+pNEiKSY;%eRY1`4zfasFZHQ-cB1^c%AJ=Vw7BM20}SMIy4Cc1n3D5+svdPmqv_eRXKD9GKRgl# z`s5RGa>zs=-FW$+2lQ;1XwQMJ<+Qh~XMLw#nwX4C%FPDmbwN;qkPQM&=yVbyz&EG` zP&RhgV;cnYgx&(p^4=3;8xT~kU`#;{2)u6aZh%Y$n}n;dRE}osl3{%$0BOP@NCz$` z1ut$NJO3AW(tR^ou1Vw$LbJ_@5D{kA4K&`d+6YyL4GkwD>KpHh$gX{NPrfM9C=j%Z z?-v3sH_JoBxpP|lQDAj6r@dlMBojhwbuk3^;iCNR&ocYe+gkk$$(vvZO51>8Du)`@%=L-m#@p3ghn^r^V5`A+8xA{Lr}(&YT3sLn&qp4 zaRkGPSl<)+?Qp>YmspwJr@M~34IlS^xL+|Ix zQ=mnYkdm6N$0R0dC@P{M2L18F9u0JKFx|he1@+VAa54xTl4S3NQk8)m2RF1xDAOHZ zcxyC_9pd?);`u>nK7ZHw&(9li1YrPjpWpusVGF5Ud@cF=5Yo195i~E;(-iUjl|hjU zj#f9pI_!E;zhb&5_@R=!`CrgX4Gs?|jK(WBP^Lyoe3G^1OBfO8CIe#3 zVIhdaJkFC3$~PCAKkk?Cw=IP~Muw=(mjJD@0rDiD(wp2NF5#H@K__+N&ii5yLn*J{ zZT_gnoHIbD=vKpi*ro86nYj~c75os9{!+9-}*h3d&O~I3I&;JK< zx`E*9y7aRGW7Xl|VZbtoVP-D~I}z^~o8B_Bvi9h*d3kzEV{H98`^v?ix8^B0#7ll*-D>J9@kds0nan5IC?Q&tG0c zMC!Fj_b)R8egSQqdQS6+hk*qU5;npAPjFv5gdv{YsMimV0r9k8$o*_@2ym2RxGDi? zVF0BK+l@gQev7H^z&Y1r8wRBvG}lFG?~#$YE%(zQzGP?nffXpg6gD=ypPzY5$!xcN zTLpLlFd|8u`;0z zHhA)2m-GAoiGC#$AT2EJ^{#R6j66X+ijhbgu-3|nl#<&1nKru{Ac4?Q-XC03L!cY} z*;rds7%d_Z2t`M%jru^sn>DcfGfh({h>#lJf2Dtmnim*h2pn!Mbjp&s^?9?MqU-x> z6fB-jay1%&`TWQ(hoF0Uo%|RK6HM}>Zz7<~PuQFgL1-EJHa{~@3k>i?K`1tX7_E0d zX2G%Ir|+(v#?BhgiieG_F;$2dSK?hE&mnfnIALY{uZpImk^+t#OkGaZ(!rmCm|WV0 zUrS}mynP)>HCGq^9)#*_nuymwh@zNPkA9bS*{aopeMEj44KOq5>8kA~=YsI(^I(IehL0`7>lk@g7;F|6ztJQV->6(=xDk=qfJ;Mig9ZQ5A zUfd4Oa+tRlg%I49h_d?-WruQHxOo% zwd(2!36-Z|tC6|Y;`l+5($d%8fqY&<#6tAm^fJ#q13kSECuMCP5Uqjy8XlK`APS70 z?;-%_1$6CFL*6kKo_k5st5@SL#A{( zd2u!gA(xbdL?ke`gpA+GWUSm009?rLpsv*;q^6+IhQNpBp$-3E_p7QEzPr0SOF`4c zfRu_#Y`xYy!7@1k=Y2-R;n7h@=Wl+e-QRFbKoErnQ`${O*ue+@U}AU#N(I-O4@1$gMliDSP{Rg9Um{z2H_mH{dX<$vL{Q&N3Jdr?H#~e zt=aSl3vi@{Wc6sT^8L)Wg2`s5{)>v#fh*q`-qb1IJ_$^ixo|oLrmCfd#YbrNG%8ze zc83%*D3SBg9=A2ta$w!#{&i}4Q8uZz*+}B=+Hbtq+_Mo9I}i2DIg1%y3(Yw%X7z+2 z+m&~9WpcLuC>tkp-zX&=9jjE#|6r0JzVy?R<}k>8=m@SGd7NEYWKAM0hwaWS@xgJ& zvs|%vXQRnns*uclmWgbvu3(R=YYUooAJeI1edX!#mV<+-lZuChV;%BTN25}!USoda zQB3VYyz>l!THT$M2J2=n7>~zQjRrPgWc`%akO9yeTFd!2cVnyxvU#(*KaQ&0HD91U zJK0}OpQxdsc%1q3oKZAg7IJv_{7#Iosjo!}F33RiG7ig$fcsJx6z2GyIZ6@m&i>u^~)q^1ptcga;PUFO~bl#DRo}TOo}DfZVjgc;p|-u?JAq2 zKI=52V}S52tgNoQgWCH7yk{U#`Gd7ZwZqrKE&zsGR6|5|0XVwsE)WOmgGtH!bqKlU z-k3yJ5FnFIn|#v32sy2CWX6)^%r8hv)$806Ozv3yDJ=AHfA zTF?Xp2P1C_hU4SG$pBpS!1to-&j+xd0`HsVw^lO)*OKs?JFO}}Vn5$--zaS?<>k$7 zyPqF#Lk4>W8S|x__|Ey^bwUyn@O!!4yEnpDLUqyZmqzo)NJ1@3THo@!}{BY*|s;!3K}c4 zPQ+PW`Zm6SaoM}#R_)#O?mG!?C97{k&-dMCN?7JQBgLpTH5;s;irwbx+NstkIM~Ts zv7`E-KfJO|Ng!0M6ElNx^S}xXijf*;ceFwiVZK89CaA}t!>NTJo2zON`~FWOTK0|9 zEs;BOBlLN)ql}u7y|LJWB<4H6p#MhIJR1rOVqGhutPUpl)7*#DzXI;z^q1%FmH*R( zL)?!LgKn8cCZapHHb*EA1tI&`G|c<)uMI&R>%MrSRQ~w6eS_~%lAHbf^my2jL(by8 z1T{E4@&M~|Px`m%2}?Aq4%*W1YKv*4te|mc(}H&J`m*AhmoVOUgq8+B;~igz#3T;W zSPNn3XM9;lfB3fe_p^t01_1nLWHbTD95j76oqOQX!=zTe2~Z4F2@o~kzyE*edJC|s z)~@e&f`JH%gbGs9NJ}@0Gy>8opnx<864DqTp&%_S-Cfcs(j{HeuqX-X=8UzU?|sj= zpL3mc?Q6TYpv<-AJ@0#r|M-pncmoxNKZ7|@o8KYT%t%Y?iso8`jRlGjz`jB|Jb3e5 zzj~Fkp1|38AC&Hfl!NWOipgvcpJ53DpOcbeG!8TR?Co3oYQ(KAVNw8e6+wszdgs>m zHas=pdJ8%p8*RZ*O>HeWf`hu^2J!5a*ZIWgsDQBW2?QLg6V-g9Zx&sSeR^-THeq35 z#hz>9-rHwqWV~w&oAPx^(HhV{!G9z-mn8t*P<9_mfBREj2Csk4^P?~dH!u1i-@bk| z9L!cn3Sa+yP6cIFZ*PQP6Y{a@+}w{WmsvUq5ODANjC@0>nx3zQ!~&8r1wJ#wS*nX- zy9O8ECtUjX;jjGJ#3L{ufUCd+geQy#hB+F>s)mM!Hu|3bp*|33-{jE_?EPIMz=d^v ziM@uL2X#8toj^EQ%mVLE7FoidAV-W<%)xf0B`8tmv1>cVW_v-@!sBcY8vX4xgEtCvg{+J3}1VV{la4rJ%~71X5rupCWj5r_)I$ z{#+Lse31!h(b!`zD0AD9Wzm8)8PRD5?;L12=4}6zZ6oC4a)USJXW0ki{}wG5d^Hhi z@^eluUl+7GWw|2tLncinXig67^|^MV>-TSOLq=0v!o!Px4V~fB5@2i349=SCeEdi* zG*tCtL=Re|pAcC}gAlh?poNR%>6F1KtLdl<;tM1~lww0NQ|8IA)%>XCwjLWessj&A z$XYdWNSvIV4WJz9sCzGfv);R9462cEKC)c)+0w>P=!Z24edqR$EmS_;c;~XPBSXDr zW(^FSe1=oKC*P_u(Rpz{(CSfv>$4DYL_5ZS?`}LPaLuqw6Gd`MT@k_l_w9b;@aIM) z-!rclD4sMqY~)RzPUzpSLvOI~$m>EAJi(U=St2IU9;Zn>;*mrjm7!@JQ7li{J{o*` zos|kj;>J1iiMQ3U)u#!47N6+ve#J(1R{l~xU4WuP(%s;6b3RSJm~^b>oic67qpz5K z`T84U0&k5=QQy}lk__h_4x!Th38mF;$8V7p zKsHu(Kg$TF5)die=MLA%%CSr(Bc2{D@(J!z$PEIB6|{#o*&}%s=7400>(tV6R@@|X zA0=8=fR*a1E);n4sitW#zPFj@rC_89ol4s`{EggW^NcRsFG+L&ofZshYN%WA=)|P2 zvB-S<7bL`4!gq?|e-rBZz#D{tr7N3#~2OLX)%Ep}Y?wIuHtHu7${+ zn_AL`-4i(c=CZt5LLb%PrFTw__(@zp@5%sl;`4b!+AYP=ZWUAy*y4cHQG6Lp9Qhyt5F5`tcG`V4C2kSXeb z%=inJjB1DW-!ayuKB}!?19EO~rBE<_9T-bw^ZT(8 zR^7IA9IthA=fL)Dg0Rr@Zsg$LFJYKy^i@RRLd>7>>ec$guOvF+{iQl7>4##TvZNEc zX_mvU?AICd_6_Q7THb1J#4=R7?NOAm@s_Ew922bxg`1V=R44`CI5u5$NhmF(2W^8h z6N=r$*hVD;QDh}m!s89AvRf;(&Y^N?02wt}<{lFOuM%k@5M(3}FFCQ+6jp9|&AL1` zKj_$S-b% zvAbduIHIrC-*y%9a*i-mt;#!zGUg6jiZX`CF$OT@3~20UZOV){twSMTp`P~CNBXqL zJcic*SF6+SUO-N-AjTSt^xnP_f62-|KS71%Nz~VT%ImgD8kQKJan3fM=5&|v9&D#MLH%} zTGCOcN;q=y(5OYRX7`0b+(|tNwuHRA-1l6Ot?`2QYohkwT^F%#zT9(n)sm4%3M(7o zce8Tj27)L1xIsSbbpC2SM(uS|gXUJ`t#WpebI+4AuAw>6UE_DhVrR#X_G+V^FB?_yxStz&NhaN23KiE8j6u;TO%3d=Kp5sqb!A1zA zs3T-8xA1}QVp5-tf=S1}xP1N@sIW5Rv?W0tJI&(E9m5!_YpF6}ndr;KcI?XI{V6b- z-|qc~k{aI@s=+F<7KoKqu0Adv$GTa*UlHAu?TBtoFmfcwl1O?YlZGd6yPKQvI}6_6 z%d5?QqNcbNU}i@<8fe?i)n~&%GT9vSsUrKAcU`+1AkDdttJ=APJn>1BusD=; zvCoCx!8-h3TCN8J8}nKX1p*3@e!(JtHxP;3+>yP>vV@bm1l7w$E&jNB*cN)j>;4Hl zDq#6!$`wGtW%B?szZlAv5Ne#G6&V%X?cW1Hs;TD;BGaf9`mhcPazb$MZg~ZWucL4a z>Fe4;|0KG&kK0>2oOeEn7dg755j5D(=-SNN?#2B zhGeWxo?`L7Q$b`z!zS)!t9BiW5nk3;s?wJy_CH0m{+P`T53^(#5&Nc__c7`ct7+VG z%g^Ft6T?L*sBdv@^ApG?_*Jvp^EB&b80 zTFajX-#gD!$3oSA)t?Z2!x}>&=-GrCqU+G;P7oN>RobS#I@n=M7qbT5a&n0AD?2Dq2Y8dCE_jUNm(nbY>SXbtW67 z>zR&wxe)@-IY1HY?P19Peujm>(G?4$$2jx>mMDDoD9{KD z8UPVnwH(T|b2^*L`SSU5Aym*IUC&m_27x_@ly4nUb?28aGuyP0yIfqa&=euNL3c;T z_U0zIAx?mMDQH=(Ltnps{rC|V@e2rm@~c6c;j?E+{}^2$-Y`^)UAuU`s01*+_n_=v z;d<0x+Vq!(nz}ndg!xZmZ0tBtfwlTdb%xvu(7OykYjM>aWNFr*Mu9^o$PN`Y69mns zT`^^5y)X?o5zc%ak-C)^e}Is&t@(QyK^t0vfMHzt56Vc0fRzs!c}oQARz4kd`C z0F04B!y4GVX+FKM4L}o|;G#fw0H4;gl-+6w{&pZ{0dOWKFAoz-fLv?=Sm_EOv?`8P zIa(rMFXaG5uJ`QV8FY$#g~m*>U#JV5_1&PDs^@5&o^1EPGY$QqAPk^=<)9!%PEOu- zoklw71XPk-+d>E^mY0{$ea?|2FOq-7<>E^Mb1n(#=7B$FA3IIL;V+cf7fUqmM2EXR zwI8iN-qHKCy`9-g-+waoK+vgcUa6U@G-T%yN+1CWXVO2IDpL(LnZiPI!~Yy=F_o2;)>ed^8d|x~{A`jL{PJFPSfh(julRk*!uyl7urm>G&`?tw0N=^?AuwDGm_2>S zMPL{CVF+fQF#ha;er!u5@)EF?)kYXZ3kX5m#DoX0vTtTk>^CBQ51bZyM zxCR`Vk2nSbgMvs%NUmSM4n^Que$WzWd!pvPK_LwUM}WZctKM}iYysRBrg}v-gM$iP z|I^56(F|KGhHf1y3%aa432JOy+)_`ch=>TN7EpTZC~Iqv0;~3?Gx&7X{YMTbF)qxh z8HJ+AW){F7@B*zUQP_o(o0|wxQB`g0`3%g`Gd|935Jkn0EVnVRV?CjS1Yz3kn>V8= zXFyW`&zq@o>)7}LJ_LqgoN=A!yggg}?@dUSF^q@3i5X-PgVQMf*vQ3x!2%uhxjt$sErM;xn_W)Tts1J2*?~&o~KoxnbFBA(0I6wELw$MK^Vks z%+)G-4rD4=^2t7ajIMU9CDO68qisj$T+YB->1aMo$t*@uQSog09iCR?De$E*L;$3@ zpW8Juw4jU781Qc89YZk}?2YBva_KP&zZ-r7nhxQ%9Qp&Ygg8QsVZN9ehjH_)6bvaypy#9UEg;;iGhiA^+uii9_Y1q`=4_m`OoB7U;lZ9;SHoK z4`Q1=PNr{rzN(M>0K(q!J^%pPsj-;quG-+ojbnjUT$tx}?pbbF3`+a6576WZwu;zrj`fJSzV!1UHH zD9FubDPY7xq902U&;%qi9?hJ>>1$uMz@C$%>o#J~r%|AhV=k=&0WJJow4lgViy0FYm6m&~Unr4SE~kRF}PB3A)2GLVH3e*8|x!XsM9; zXzB~t&--=Buyb;Tx+~uc0A))ZuyfdT6|=d}n9=&g>e3Q0RA)dDhbnnMAq4PD%`CMa zy?^2sU|+W=s{)(_CUa1K9|t2k_=BDxu|k@GJ^Txfi%LCxm90&70>EPcVm$)+7Y55T zj*nM^VjLX*X=leFUJ(lcR*Duh?0++NiyxhU|DzAff+qyX4p18AV?cjvRRcDB5IWbC zt|NNYP6}`-i5I{CHuUXV%uEv)DPQ@ycNR6wWPyK9b{*Ptdou9IIj=0vPkmT?9T);^38k9W zI(-^X!g@Y0&4{grSB2r8aj1l-5Tz%-&2n+XkSr@Aoax)TZh>c78881_0OSa=9v2r^f0Fyr7(p{; z0VtPA*XNY-9fLLthR?b`(Wkgb&)$ZBoa)qeZg%$Pb31skXh+T>SX1D{70o*s40Xd3WSyObHv*4CQ@#*+L*oxG!L?gjn zVrlSXpg=B5P4No{1_IF;Lu$PQ+LZgKZocyKu5(w( z$oAS85+x)>SSA44PV9*jxPU-~{C+gB5}eUMkI7_$Q<|#2{&fWKG9ZXUU(SQGIPmLW zE_#HnCC&Z)=}*Yoy}qzOS5xj43G2xnwi>7@75(#~4q@cr*o4;D1VKlpWrXEo0~#kG zO!)HUHS9JcBO?$WJYv0orq5JN0kr~H9p+q&KqtfO>~nhqu%R@L5%my69N@bFc?ZW` zxaP>NF|!#O)H~!s6=kgDSZP*Hj^(w)_)`)ZQ;0-KAi4zl9_mU^64L_Tw;w;m4_;j= zl;m1GfnqtjYzauT<2DR6d0xbE*k6?mTM9J8@$>VeEluaWVcWW?f1v>mP;@OA7={o^ za@5U+)N?L{ep(4QoWQ32pPmvz3Wb+1IhN0^ArQ@^3h-8f`>3?5Dh|4C2ORvISH>?f z{C{P1wOYa=!nfFu#9w#V>2($=Yv!ku@~`WyxDX&M8zVfnXVeIPh4ahp5_j z-#t6ULJF-re5cE;S)3SwN?rF7gXv+g52we*>OSy3ufG3C$noRPj7?`wJh>bP*g>7N zHn<9%rTgYx0EOgrZtc7$0OHo^x1BZt`JY^(F3z%l=wo$X*+d-=R8Mh#O=`kyxCm#N zf;=%c@`Q*ktnGaq&t1lgK?X&lhEhY0UHa= z1U{+H5t#jBy)DyoM^YK?EhbWIoU6qGrJ~|(^$M>@IO)L*mqt|d>_5YkJHcuK5F;g} zdZ?^HrOBtv3JgdfBa=nQNJ*K)+9u(KLA_sm?Sf&1+@)X*{2?>$xt3sX@UA?xLt}33 zPOuH)AoDM*FE`xE$hT?!%6pnlbS^o)7C2XNloA9*UjOnIC=qRpJ{PhhlWt=~w9ZeZR`cFqB#2+XGw^NQ za$=04_+}Io1yx%Lv_Y#dbqGo2E>HLn8;{F>__#d7Yddn6f^Dj!7>1fcD}phJTqslgq&9W_x~t5^%qLp;w^+j3v?5KkhZF^DpV}(LnzU37 z=X3w{%+la$v=@Zr@<^w?6}pvVW4NGe0+O^(BwW68-{46DHVvRwQ6V8xiZnBz#2w(7 ziGD23{516QB`mBkwmP8D=;&Zfn++@w2r0pJ^&CyNeT9n5E%{79hw5^3J6l>ZU}{aU z2#&xH*l=V??4ThL=6kf=dvE#D!2tr(bjEf=j?|0{26}o(s`CpAKbKDDvz2fIo+qmZ zFy{Xse%A88_*uYw6s-Yw{d93L=hl!g3pX)tYUd7so?ieU;aH!W3rkEi2n(dOIM8d& zk{zhB9_Q`*5UoZ#RqY%+FyZU#d-Vf=Q;-8A-l85yT8X8_#anRRIMHvn6$G3(%DA{x zwi(;Me2I9&8-e;M2NzcfM6&jkzp1Nu+4JZzIF`??&M`68p+H6EHUB ze>n|ny)EvF(v4M*-g@kR?!P`)SSwGoJN^&Hd^MfoctRk$SfbjM-slT+8&z7=Qb0E zo7WJgvVcXGm~;{y%C4A)3LPb)W48C|Ysn^>T;moTfWU28ffide`mzzZTU03i zZZl4eD2(GWn+xSS)&_MkBv7ar>rT)wz(Q6dVht|Bs(?fj9|5`H*Z6pBXAdO5kRyT* z8Zg?B^41^BJ{x|sv}Cs3b2TkrJjy6^1HeJDlg*Y8SPjT$(FR(-o9%+oJyq?n46cB| zWCDGe$~4EOpg(j1!G8q9$AI9Nx*Z5$RH zj92;a_&@0v5I_(U%E?_tU}J z!yI{Y?a@D#+ijMSCI$LktsOmB-WaD-0cHk)PT|l@+S*HtEKTOE7R@nSy^6!dRdDHY zIkj$-*C|xP!sO_LDr~cW5hD51cbMkTT{ zm_WS*dXqN)R^5x#wr%Jj1a1e4b_t1zV&;9|i$HYa#xLl|juHOqJn3Qz?;D^cGH{6o z0m&=|-Si5dp3Iy_aR5i9L7-GWisCr+hAYOif7xsVO6F;7jGdM=8Oq3v3zUcz4BGYe z<%_<4auHFbSCZ>#Wnp7ed@KiA2v~#B9TFouUdOCJav&ixrJPRMz3-?4ny1Ll6l55T z<25Sg7W;>Ek9V#VjZ%ziQaEnpwq_!0(jYV_9n__J{Kz)&w+ zK*wQz()pYl0g(et(1J9(CBXy;Sb!#Sb914K)%$R_9<(D+uHT7aHO%+WzfPbO^Q>t~ zp8{wS{xCAVxM=!H+={{!mL7ySsMtD~eFJA>rCvfv2-W*)5L-dB#6UX{L}NAZ-bQzZ zm6dE$o_l&7ukj&fgV{H;J}b(}!NQ=f);2H(jo8TaV_Z{5M-F5m#;c$~p!*K{6t=g9 z(EZn#+Q`yy!4&w%gPJIpR=k9&1rQh_MX`vSt(_hC;p}3E^B`@6Lf7Bb78j62KvQER zV)lZr8#p8YHcFNIvbnb>`f?hPROWGc0Hm;zj7)1=+bCKxvL0_01*x0B|ED3xx2meE zxAoN3O(xCmAfRN!HO9rq`!JZ8dRV^K=RWY7`@iZ$M_Aw758FS?i3RDB%MbI%h`4j( zBT$nB$$M=yWqin5D2V=S3!18suZ5cw=1ODbpB4&AYK2AMAG;stFEV<@wE8PTDn=B8 zNC&>zBvMfE2Kw#;s!*Xm9>aba@CsR8Rb6tLAK^@8U6=eZ4A1&DZg;v)X;a_gdJd*6 z+8RA83xmVo_dHA+vem`3gH2K4aRSZ{wJwo#4*k9v*hHi-DtremMuly-I8vv$p{xOY zgrpP7Fkw(#qYryoP&|^kkSp;M0fZVmenco;ww z22EN%3dWzbGVA&|E6KO#kOsgUue>m~dHC>qwt5a?2%8fstri0V!?;#ANud0&mqoER z=@HiULlun2dypE?ML&nt46U6;9w9K8G;`+FeKALPj8alk2nh)%CMH1s@bS0;U>FRN zXlQ7F6fKxSWQ>}i{M&0wc>7AL*~m0>gzar_2Y&k0)!CWK$OIAvh!(KL0r3EU5cM$( zLV#G*6h1tV(slC6VOkh;kRO5I1m>rf2i`R`HHt8(4yZ>8QTGFg4A7z!SQorI#-K7s43X{OJz4NKJ4J@10MFht8-j0|&OHP_3?nnQop_XNISqAGx=_-Z!urExcoyY`Q=IG9NG2# zmNF{i-o9Je_4})M3hN2gZtHBR){}?AO11BQO4LQW42_pcUJ(nvhkq}kU4Bt%M!yDm zPUR-Rw59K!u$vu1bGG<;JU@PH%CE|(#CNxPgLiwz61#eapV9HFwM$=KwX&r*tm_^L$FStliIAfs2&5(OudOX&VGfb8 zw|_OjRA#>Z3@7QD#mS4snmYaRt*~HI(O0|+ukPE`pB8_RS^gHSnBi8L@&HO21$9U5 z)TPXxS?(=Z=C?Y>Ap#7ge1DiFzq32+em~P+f;t*RC)jusHy9-b{@H(p#)U5#7#Mgy z*FhsB3c=tFvs@eK$7?$&45d71HSp5A8n8+N=y<)FlkfILwC;rP3C4d7qnv+%^eZ)$+j{>fu1(EmI6 zdhVL&1fQvXs-gsp@Axy)+srZz6)@JBYg>DJ`gQIQhjg$C{yDg=^ZOp=LB+%Waf=2M zT^H<&Zy_jl=Qc&H+Fqwk7V%nReulV<%t~2U+`)$enUCLF-SU@?c5U5l0`Bu#4<3k6 zCMLfv2_I0?n~!3?N7I2~Y)@&yWs<$LvZUN-t$6vd#46v3u=VUx=nmSpX3>MG-~7wGRL2h< zBqgMSD2}&s=)R%YJF6&pwY?O_c}gG7t%%Z%{{C*iVJl#EsU-i-{D)YHnB%!18CKcU6Bkj0YS@%lAvQTLPZu4T7D*HPyw>--sJ%l{ee=B%<=zJXZN?=arNu|u1%M%#6*%6>FtL(gQ5mMuctY}bOP9Vur6PYiMpaG z4p`t6WYnMxvHJR7Mi_7ZkNqMTFEdrw;}NA*Vt~tRDmd#3I~-(osqe3gy*}V5*T{=` zD(Ecyda0GtYn>bt_tPT`iTSmsk_E$*0s;1=w@o*uKIElH^HrYh>KBB&GXybQ$XBV> z$1a&)H2g*CAQ&&h653`w*IZZae#jKNTcEt(SFthHUto(DA*cS8>B-GZ8O1$LLjycM zw~+GXRKNU^$NIH`W$xLp36$+Ez@Mh8wX-;S4nCYIEYj%{so+lb=JHasn4`n&ucWb&{$jIpABZ2l+Ln&f5)ZhLeS4J?$Z>OW- zdNrA`eb{pO9hK7|{mokRieQSukpVq59FtDZk}%&il=7xJ=4^&ReM6MfsgqI6V9G@P zc2~l&tiJwaGM&7FwfJ~>TYI}}+-E;h53`Fwt@N~sZXw^-KIHK`OqWy ziBge5^C3g>@T#OZ{yFPK(|bZjW5`gT1KVCQ%P#+g~Crc z$DL=>Ud$T#B_s?{0WyrPDB2d-^gqY9c_;dtz!1LpY5wO?a;fk*W(>9|qxZs_|LaJP zAP*LrI6eaPuP!zPg@_b`so}1EJ-3fib2Bt8ewk0TbOZOGW!WcD*h2`V=ze14b#4JG z{%CuD%2TWUKIhhp-zf+1*!YxLA5SiY2zi~;2p;jWdHSH=%Mi|mRaal$%)jnJ;r@+r5SDj>{M+Taeh zNH$2!ug>hXwQvPfh+32=R?UOcfNc8owQJZKM;fp6oUFR)ua2L8O6s;RntMSVA_GQA zgBE;X(uIM1{XzAAhW5ej%p`*MF*he}Z-xs{vy-4D66Lv4 z`Jv>uK9Pb%{i$QVSC1iByN1XlXkTY0#Ma-~mD8#&gcwTS&yQJs%Hp6s=JJs30KeaT zGoWKMay(Gw9t)er|s&*y0o( z%a!wMTr<#~&>7VADGd$y2ByHZTHlLv%`5upgUTz%bK@R+UY`!#!GO^mAOF`a6>d-s zH$jLRdtWtwbslOsF54y}NVWcW!8fM>|>@)_;~-0q_6a`Vj9ZSvK|0%>EL|QM#l$*<9ba`yW zLC|0A?XWP6D`ET}|5WrI!>--7s@?H4>7g_TQ!lfVim&kq3s_xhEp#bKB*Zde3f2WwH0&JhZgvt+6 z27FoVNY*DeH%+O&V{OAZA9Cg)X38JbXbme0cKF-D&xrLd!haoX;Nxhg3@j}yH%V8j z6}#$DFu(XjJ@<-;OU@gydoP~!gqFqS+($e~hPH2U_1b0h9ePs4 zq={IG?Ju-S&30&?B;Gj0ME{rvSt5sAvspwH2iPt5QLKR}lNn>w*l4T!*P`h=rSA#x z#3(D(sG=g3Y|C6f$)(M9cm;llU{k)#LWE66fQ@fnHioHiCLgy;f*@zxOv;EA^J!VP zM`gzOBVHpz_-o+aEIx^wjY;5;__-Mv_-bml{t3UEEC(li@wE+3onEQqv8@F6iB}`4 z^XQlRARJI%_LtqMEyhy+7L0p(-aoCxcX`#S+n6}|XJz3PXHJ_QhFs2U-_#ZzzHCId zT=ZiNVPZ#FW^aW@QsCFeVpEprZTyZq;44gWlN_t!`5 zD|$p1Z>yij{FqLr{ql@I@af$P==XeJYt+QzA4sqoswBgLFRLydA;SWM6Y-@x5I3o% zUGdKAHwauB))+02oMGSJd4zs@h&KUO$4iouOX+G+_wHP(dd+PX^vtg$;7tg|1*F02 zQ+4cktZj{r>m7WO!_8+b_<(JcXou0KFHk4l7`}RD;IjVQMB@j<$VpEaf7Zhf%9LRj zL&_7+VkGNtRodEJ=$`$nTK&E2(my{d^u9cNxT|jtpL}5sa7$Etn;7(;A0(fok^^>T zUb|zv)#txoX)vu`8t|yyw=CFm_wnNovYg7&m6Cd)r8U00sP1fS#d*>c^1qGW+Wp~zyso^HwcV6eU9DDEg{Q3Hg z5G`7Z(PV9H!LYDcA?u^uSBvalBK2w<4rkLkJ_M5;+Z^(Fde(h2K+Ypwf?zDxRKAMG z;kxXRZunmv`i405^$#HzTR_m$+{tQj}J z*KbM}4EMzG>?^wiqjl$aGPB(JQE|yD&r|C~a5Uaq6MG_d*Kj8jKgs$L`jSDn6%c4@ zX%XV%W2d4DnG$AViox@?ZTU@=3?lL0OW%9e#uu0mcVPauzK84nbM3vQBEovB35uH@ z$NfFGPrj|Y{pN%p>wP-~T(|f74c6O!WLS9RC4BxA`uzV~E_f_|JHX!`m`k1?R%7kF z|2s^@5Phvr@;xVucNbZ8$tz$gMf~~iY9)y&_u8e1^{0nE@j{MYxLwBlH^VH4&NiD# zYsbs4%|uC0)q&x-hY-E5-`M-ox|e@d)CR0QZyI3yrcZU$79@MMxE>T=PuN>n;p;B! ze5;-#)sfkNa-*PL+Y|Mta&uD^G?a#T^xA!mq5lH0x-}#y<0VjX5*5&|-|b48oRMNk zJpd01ydGe4q@P2D^P{==bTU>`qu6bwOL}COTx52*0^Q#CuX4jq8AsC+M5t_-;+wt$ z2N~w~`F#cm%Cl5*dJ^joToZ>O?Zzi1y-iNupY|$aX=z+y2YxeO`uDe+Hzg%xK^GJd zkN{7SXv}G&7NwVDAVU58Yt$K4FJiTn-lYrEiGnD^{xb(|x+zod(StC@Bg>F|dz3QA zR5!~R59N9EqZ1tT#Uee;oBgM^x{h>-776f0u;2L`D15xPZ}KHM_X}5#cVOdl+B*2a zH5@I5ZTk3I-P=+Q4swR`W7#X6H$?GyY;6SWY~LMWa56AN=y;r;U7)^dO-cY)?s&|L zFDcn_LphB8;k6a4-!(VWG%OF$Z5WU!YDHe(j?dCA@r5S#L;FaR3l~UXB$w~TKSxsy z5{$Stv=eO^IAI|7e=6j4&GA|^9u{+wJs4%`bBoZvy@`=$>r8#R^xT=3QlXu z3Fqc%^VCaTJTXim4dF9-zAiBpM3p?0rxPGyauoMDQD@|ZX-$qA6?GjK`iE~~)|4V6 z7R8gvuKLCCXSXgjxbGaJE)(rzqQBaJv)jVx>-VFord`a0m^vttaD?RoTlO7KrlTgt zU+^j7r>bND`T&!STwQ&4$4Yl_ske4_>5@MWKj)MT&HxE zm755W58*{(Api2&N{W>H&sCgUHB>#cRo=1;@UTv+PhZk3Xlv~HKM}+uTJ3bZsXl)9h%hCHd-w8&gWpzgn>VZmnkg) zmb-ROra!gD!tUE>re3Dt)#bLOS@60@X6R9qn`EBs_*m z&&XK0d%Ojn6X(A^GNfke_VTA>yOZ(&?xoLiUu8dBpv`1}peJ>W{G#HCc+gyAftI9% zqN0jwE~w(IaFJdol~I0gF-h^20kcU}S@sEx0#X|kQz%yIHg`L$49pz!z;QY;<|x*k zaA>@_k~i+DprAmLoc~mCCK7!`HN+9mt{ZZ8o$9Kc9jER@b!ME=QCsWZsguM*UoXO* zASl$^HW=*HY1cF-x=nbtCBPv@&z*R@bq)(MQ>Jn9PL0v<1}OS*N8dkU&$X0WlfppS z66<5z48=sMWILlNu-Kc`^)0t9ahf;^4_BkM7%0TR$M!+H2yG8GT8ryMd6d6xkh*rf zzgoSzFXnmVVrgTe55kUCq=@~_h?1BsU2@?sUf9`wvZ8PD>-+llNT;>}ssmpdmGS^Q zD}GlJVjcb+B9=0=AaS!e<=QtWX*Bz7guZ_7_LS24X3g?Fi2+N=u_@IWaiM+V047fo zUz+FqL9Nug|5=+!kl2Ju8Ymu4H@<)W^Cok>LD805e|CaMRWR{c`LcOQxfpzR> z7=r948DT^$j((%(l=|Hp`c0G(UqYX5V>LbGFs)Q9VC5)4=&2nw#CvIcpAlow+_-Tc zm*(!9hMhsTKn0kbvh;S9Kf6`w73*Z#L1S5)zI^%QuY(15Qa5?4;^B{C@8`-)glYQE zx|9ml$P!ZyXWAE}5zEf)VLiKhA8*^;dDn1HS8c6Gm6kDjr3FPzsfC9rT&=y(?w=CtS7zXA3@qjy13Sd9X=fQL1ddPd~*QQ9&KrYF*}~M>NNYdmr=chOam)zJKb~)jeU=DqXe14*dH{1kbj2C2*mVZSe+D z`HP}wW_vA^UFDV8|2gT4_1U62Odls6b&8x9Iz=>v^677!Hm}xp+qwf#bhP5z#8}_E@MMK z_{Fr)@hPsX`vo@!UHqs^$X9m`=$qwFfs1~cZ;o}DT0sPK#U^)T!5 zsLEr)5GF4DyNq&PhjczGWNxQ3{6RDQ6Upa)OOS0@jw#Gb4e+MXuT28ApkB?+#SfjPOyQVZ13r;YI9eQ6jD8=&LYT}Sc{l$QVI!j>R39=`-OY0HXx%=}M zPet!#f=dg3!bw$9^e)fi)cW(=cCp%aDPTus5HhOLK5Xl2KKbySDtan*V>kI&qW_Gp zxkjqetFXDIMUe_y@%yb0<->HVbf^y;p$}+w{34uN2@k(SZsW6fnR(7g?)&o&$81DW zZ4F2rn%T(V3iybd1eD4K(E530-1^*GKm9Rdof1F8#i>HRxSX3bMscPsGh?|(&a`R$UxU_sTILd^5e?5qkP6L4JMT#&7O{iFIJBJr0Dv~1vi`?JCE~%|CrlAR zZo9w1Ig^e+76L~(&uh?m1>G*7o9uL{cSJ*-e{tn5+up^_u=!H) zfd|#pAs!Z|6Pfz5-!99hD)nJp&AS}7e8saQol7mYRdpV1bEiWj%>GNEEyu>{q${sk z@!?n+WW3VzncL5fWIClzBW0Sl<%$a3Ly7sEs@arUb3p@21zM3+k8fnm-g!|OGO@yu zWixKcw_6Fj`W&{IH>N-8?F9QVe#kQ!v*y(ey!zuQ&Rkx>P5e>!cH7ky|6Ki-oSJ&4 zk*m5AAA^r9d{dL&J&NtPsYyq@_=6VXQGS)QfE6pX{ourH&QzAiv!ucv{j3I>d+UF= zgbZt$5pVlVha-6jcqRwU_*7V46`fkvr0fhkxnZ@G+w^c?IyxnXf~rODdv)+O}@Rbu$@6di$@H~<8Lo>(mL0mvuyY_+1vZSW$27B^RL zS%-CoZeD@D1ZV}20hf`kF6c=>do4lJQkEtjrRYb0e_46?S9W%Q+Gs=N_fPx*lmx+v z1nsWbtK0t&`sCDMv4f}6;qft{GW;E|?hBq)4*{ACWP^)~3qDX-USLlG#fa`iF)t{9 z0|)f}eX@YGu&^-rkmv!G3<^6KL4u1myk5L`0mb4?m}NpUutm z@CzN?V6OJ7t@$>Vj^^g(1b(|&$PK}R4Bj4KI#57g9WBWKxqz7x9?E2UHG~j9`qR0d z-j*dV8FxtDRl_r*uODW_wEkqTGgES4sv#F1G#Lhn_H{)LkK$eEi|( z=WUrus?pr&!=yFGw#m?zEsl2&V(9Xu4?o1=jwQ|IRMTPn&e)4wYlTDGZb zu%|4YE=NijlEK?N>rU=C{#Q2Qj}*Ut0xb^j?oZWMLdrw!s0inmQq(EFemmmP_c(sx zm`KoaXOll=)>Wz<9QJ2a?0v}KK%XofpcsT_tw^)=3nxxO%JHUk=@(VlDFuB04oJC} z+xYY6C4^W=QlQrIV1>ILcU~VE0oW?~Z+&x1f{tw+$9gBdTYa;TjMrKjL$XeMvrcKf z^XtkrF+yUD#w(>RSp*AVJ=B4H2C7`Ei9%#8c*lA*Z)un)F5TIO;nGNZ547S@)6f{W zt(8H0CV1fiEKUw<34CUuFA>^Z%G8)9pz;R9Djyhlf!%ei+plE@C{#|>y7A#Zt#yqs z83ha>mhTH-@h}@AT+Zadg9adeU`4_2)WDX=3&`HxyA1wE+tCh6p#WN=ouF_V|4dX5Cw~_^KLMB{0T$$B-P2KB=KJ$El>2iN6*}mAbCb6huCjDTB~)O3 zQy;VMpX<<9m9I-W+{!3$ud7Ax(>s_9MMV!f%^fi5>gB9h?oz*NX!~APd>GDyA`DSn zvZx#Sp2RxufBL(0|MV)GJ#A~mz`Wl_+8x!W)XDC4>d!Bt*lAaXBWfo_OD+smVz zeP?$z7*ET_6Rd`>j$8E*bsbwylEgE`s=ww4I?tW|pvG@Yz5EtU+_)SiP4R{$PQ@)FeeDyFncU^?<%ZpQAHuH^7;? z!&*BW)1U@Z`F>cRK({!p{~iVG2jjwJ@Zv53xDocjQ)p0xMccgp47Ok3$5`=U-?V58 zr5k$m0Q!vaLq2@?;D`ln@%a8tv(VAH1f6N$_yc1mV11(&7xBmix&N{MaRP4)Kv{9G zT*=fa%N9?Xeh2O;(SQ#=|LF(c>gwu>c1uHJk0Bwj^8q@I@`nZV!r1smFIeJhfVB$j z@39)_XAs;%BRUpy%3elVk@YRWWuXAXL0bassYhD&=o#>e! zu)Ocxy9cIymZQaV_+VpY3LqV9wU}=nWc0(p1@OUo%oG6zlQ5y-6*T$)XLOeuP)xK} zDm>xvphBM{TU3QvFS@l8T50T@oS^l^0$5*o@MsCzfXYL+7yv6bJ#854GX^(_Zm0Ny zVfV^CX-Ok7LOZ?Q5{7HUIe4Wc57+VuDaqV8m7dim^!wurN891tgc!aqU`pM7bmg+| zu7}&)8cRRo_E&H9407!Ez~k#{49?v zfLgS46T7aIooX%j1mk2ULUTk&2+K6QacFZuqIzkz4@};lKXtS_+3M3kRxe)lzpwdY zA?wmQoj|D%tYW@3kNX+zCa2dhBmK5UEZC~}soRZmL{l#8ZTu+_@}^8do=_3{;tzP3 zSR@HX;Te!fG2W10JHOLIyek+h6v|j@Rn9;iTlRx@zbB&}^-fInuX}@vsjcoY1E+^} zMB-}HTtcZ~g2nqQ|7^*A>`XigM;*mhzyd&o2|eOaigXm5@WHta&S7g^&q+y1tF1;k z0S7hfO`e{f2HMgZnp0qRb*}>p#BUIsQjfv(9Oy*w2fAgjt*s3f5hD>8Qu_NrC;p_% zVmz<~8aW!)0HmS&U%M`VH8Ot4JwlP&-553vY&kN3cgPF=ku-!sXW#DFg4xyB}sUG>r!o;HcO|-?#E}XRq1kf4gIqEJ+@A1rb1kf zj*YGO(1AuJlc(kk@x!3h$ZAwj$ooSAFKW)vC+SLE;k?rqCAZsCg)XUgh|Q%`MSi`q zt^AZOSuG=7sg_;4RvNZx;Z%w;`|AVU0S%b$PlSES7X%7Go zko^C!^%hW3u3_8gfFg(}AtfRRh;)ZYs|bp8OC!=P9ReyMjev9sNJ)1yh|(ntAt6Xh zcgLK2+~2qU|D1JZt-S?>iT8b;`?=!^CkqCd56qm_WH*LLj0-jXYL8X0Y{v}kC>$=P zhN-&H&5*ti6vxptp1{4X?63OS;Qap1PQ|EA;s~nQWMhf3p7>hK$=5=0jq+K~$Z1mZ zjZz_@jEj$R^45(i-j)fcJrmbaPkWZ5ZLh)gk&(GM#XX{+P{)3+e)imbx`b0KfO6{e zibL;jYU;6vG&;#X9~pALZ*a?~Bog}WJV%>3HJvBFcEQ~=CPlC!&{n4n-@7c))1cw-~Uhp-k6 zglpi5U&6(`-VZ=>5THH>XR{rwO(3~#fNUO+JVCE?b1hFTS0z(68lD>xkha!VATe1$ zh5)N{1(n?g>-AQ5WtUkD#NK_XCz%5nDX0GQ#}F?02z?=^^?-v$1N7M}Pz%5%XDBNl z*Y);32Wy8rr1-EObt0in56kh#i;}9U10Z=~lqi7c035(@aJzvW2i6d1P=E!$lPy3{ zx@=79v6G`gc3L>u7Lu6L`#|A(1!n}{n;`-Bfd9H(t*E+djN8JzEPJOI8h?)7;pfM2 z1;PKs*4B3THDtz%5S#I@Ty>)6pkszqeun}EVYFRiZ?x!W-wY29^yETeX>N=s|q-hXCq z+g2nS`5_>LmC*T9)pEi+TU;hC0WsU??a&rw*?_5!X1|~6lMU^$eqHg9j%2k;VYlny zuH*`S$Hz)qBkftQCxF&1n0QB@q0MFA88P@&&7T}U>4r!VzNeztaV{PY_~bU$*&6kQc7H0d^qp$hZ7b9=kKY;DL^1c~pq4XHP2S|2F@gIZr1MXF-x%G7gDL`@pupAUF(I7tp zn~PS=<5O~SkAtqgy?v_qYdQ7i1ycO?Wo3?_aR&(CY)AqinTG$%r-~;BfZpmhNVQgmU->}ZMimQZcw?r_||C-4ThH&ujn!lhr>$ccq)EVvqwI@g21y|(sPqFv)C z2&sB=_;dmERlg`42uOs4AdN8&p*`SlS)VvY@KXN>CL-iqJcxx=ak`l{U(T<1g7e59 z_T*$u8rOZ}V?^UKu4IA)YT@DLcF=|#eW#PnJpMc>H%Ahg6U#VT9 zvOgstC`!L^ES9daGrxkj!w1$WC?X}ghH7Pg*T{9 zp_X2}cmWa{fE^cc`rFiJZl!RWh?x|heg-uKZh<1}DGJ%oo<1eUyC}%!3tg!kAx4Ng zD^SM3o$bPHq6%FAcA{ERJyH^HrNm#ObtP>ue+OofB;In*}S4gj50ZNLm;IN3TiXL6nxUstx#3Mx@RH@gp3&G zGr0hC1mCR>0fqVv+Db~`9&zQ$l_ReNB=5oi3KiI%J`l@=Hwm++)Y9t_a(DS~nxIWV zAMqF7Fc=&{eDCV)q)&(K0js=E)DLD*ZsJ@u*uPpyn{@lj$xT;!*nCsHR?~ZBnLFqx zF|A~U!s8x6G1GGtE{t{jZZ^9pIH?!)tjWT70;c0W33{XV4f za)72kxYHBgqpw2OI&NuR@!03U` z@k9y$&=oZ{a&pixhs)zLAFav$RTECG*rX&msiOMrpdPwd0N@|tjzB2`W@T_Bfi?K5 zGbl2HX8?Hp0S;KZXlP|mO}7))OE{=QzzZ3IHnNlx99ke?Q3Vtc7)3~Zii%>0cmlX< zIuOa3odqjw=rN@zWY74M zKK;2SJC-kG$!ZU)sHd^cr=RcO_@(TB7#Fuum`Qk7u5>GgIo*{kp>v-;-ADUJC9&oN>J6=Ng?CI0DU)c zpoc)^gt4`Qve=6DTtGkotPikYd5+s8rKY9z_Yd@=X9C)P{}!XCe;WX3 z#MIO&P+d#_4=ZRrY-~t4FAri=xggQ?LUfz;kuT=-o5Rfpl>cJ{^cm%)Fe*GBXvg9X zf@qN*K!Aewa{~BaLFWcYQzF0&K)vjS6v9N=0^5*AW?21O)*=DV!iA!t4Ka#?e-qC? zQyHLW6?*1Kc_0f=*(DgxElt1zlS{!QN>-0;Lil)0(N#Aki>$g1h56|u6x^R zdspgRx3jYY@wFd6q{JiU7b_}S!~It0<{)#}fj)8}+$Gpq&{4Py8Yow0kGZ4RcY7sYwNs|0$IHot3!MAtw{P59Lu-oI|o!UK?o zk)kh&&3;7brV-F>A*rtP4d2kl!>Q2CwKfLeMkS zu+h+n0ZDkkCjjtpuMNtPo{o-q$S4<6eW0ag8~g-XKafl^f*{!Z{PS?^9rCT3=yZf-=%a5O)7@CK$`kP`<7i-6o7H2xvWG#%TC zWPAqa79TW+6K5qv?t(}^{(B5xqWuq7QOo=E8AKc{i!cXAXux5qg(EBsuV?29@jwfp z=gn*erX&~%0sQ<935*c7fEi6&;)6biQvkLZM$a6eGy6~=&bB}#>nn)7igm{B;miqY zp_oU#n^%8md&iAfNaI-*+ODk~^28(c8eh$}rfOGO_kVFvGBo@SyIHfW-$eeqP-63a zv&@0KVyihXiNYB1j->d&8;cmDOs5fL>WJ%oH_qJcjFv1*}1 zOS?h$4!8HjNt~GR&fVbxReq6tpfgvzp$MVXilgQEH3ywO(4d3B3^@V_uxDfZha#TL zt*zN`W5^Y{oP-1fAiOLn^9&TqAsm1-4CGwLpeuzjN~NM2gEShlLk!^-C{=K&J@;3q zuLSpW1vAOT6$76LXfqh*9`tN@rm`QVVT>mO18YD$2?88c%TDlHaPnaCFHrVoW`1&; zD9&XF+9uGqp%Jq84S-Sv1*f%ljT)=7tLwi!0upcD(9nYCizup!3MPRU*sR98i*(K zEnwnU;5vt%6Q)5A3j$&R42&>Xt%@-qb#7g*Vj*1=0Q(8Zr(i9^nOB7Q%!`X3MkF8$ zNcB-g>#)$B5)t=_n%Lo805I;tQ}HCc>5~9v_aJzo zM>?EpwB%8p+4|f$*&MDmS4oN1XJOv$ONJTe$?# zehd5yMa@%rd7FVRK)QoDa5JWk9!@9si8U%uUkX=N@V*QP4t}PlMw+U103vgcRKpF1$;E3(tPfkU-xxx781DL20)kU$XUmBwgPl;Q ze*oAN>CnHRY#kkao~AUnuz>08fypGiK@jxYggYdGK6MP61+64VRJ;$TKMWVFg<1A; zhkP^q(`8d2VEyZ305su`p1v(uq}kuyeM#vb?tRp0x`J=$U9k5`Tr`Ex>>64vSIxuS z{pj#8M~xL+PS3M8jhzyK%8G)9G^BhxV7U-)0N`+6m7`d7#Px`;w`r>&$ihQkG+y@` zcU%a3$NDk*Lt7XCE6rJrk(1!LvbEGQuKFjWrpL319`^@IL}MDa>FNJXhfsk>cMEd#0#J zh>uU74q*{&;8%F!;WYM`?<9NwkjHUB4y2DUekYJIz_7=AtzrbK=jOg_j3P&VK09Gq zEEX}el`w5~!4vR6pUcU~L88wSjp8t-ijbMZzd;LJX3k=jqdh z=`%!Wa8n2A1yE3gpPmP2Jo4b9Qd3~yr72O;&|sW=AhQjUN{2xc_+8)U=KeXEc^$|G zxoX*{+#$=vtNw(vkUb9OX>yflO?-KJeT7vYl;Ppw{dWP#MUK$E8aCoHXt7Ez4F^dC z4i5Qj6hvD1xcQ)D1NzJC-j!E0X# zy3ttPFy;E6hZ;G-cc=Bi636T?3>Sfj%=u*E{S^_H^@ThF2)v~R$VT2g;m3}b0|TY* zkO%AKldyPGg1#*X1wzhlVmZ}ld~e6JKnKUC!HsVHF{3i@CSe1Bf7KRjKcGN^FfqW; zS71`Nv+y{g{$Uy=h^j$*uAr(SE_Y-OOsc5`EJ-E4t%17h0kjdJrp;Be6#ugW)K^ek z(qsC-CFlsxfa!fhHUixWD6aSHJIUpuW)lLW(!(Xre{E@im7K)cZj^QbIo`zuoOMA! z?!iXQ%FK)p3g@`^??KcLin`WyRFu!Se!P8axFbz{o4cmYu2GmbK%Pmxc=b>$l z(R^Lq!`SG6FGEQU>zz90I+Y_g0Rp~tHI(o@6Ha7j)^g6uB~lK*^X*vs>RZc(+jk;cDSBT`r4JO zQohFR9u!rY>|ELbu0ycSelvVFaB+vn_E?%qEdh}oeu)xtUXGV*)uhoZ zk8B%&#mLIKWLyFa~mzz$tsz)~$dDClmw*@7JCSWeSQO;q=%ovB{vmX?wti9q@Y#LJm#YyF-= z|9sOR^^%{8!B#4aT44X%yALb(tj}k56yh*erU7zzk>pJ^svJ$A7;;KwD|L7B02h z5^Jz_KHCRR%aqG6$hi&%OPAig3Al9aFO&Ch`DX=%fg7mo-lQ|-xgMSGGK~l80n?4* zlOu&wT7atzn}xdLZV2s)p`%7KNrY@BuYvi`n*iHp*X{)Cg+Q5^_vkoKy8s=C4}N}b zo}ROo@D|hr|F2KY`u^$l)|S@RTS9JeFx|0}c|0X(FrN0h?m1s}>`MuN+}FCZS$1)a z1H@M@<@n`wh*ONgS|A)BcMY!*(zZgDL!zuMfus`niWGRM1Z$LWYG`7V zPuRsAy<#V_KG_fpR-ttYYoD8>uQP@0?QYuF8$n$iz|6U>EcGK43i6pOUwKIAvi>z# zO?Fc8eHVMsGwmhU7oOEREf;U@^!YdLtmhRu-4tKtpr^WTdYWjr>wZ?DPv$W}-jh(M zzg6&j}NpuMs(oPB6`UAOI_x)(2K5?QA5 zJo2~3kCmyhCL_Bx359a~^KmYTq0Iv>^)~%(iC+|_*vv)2`!CkFyTcc5giZ_;k;ld4 zYc(wVoX!xbLeq26EU=wBH2*<2INEQ}8Z*hW40(nf)y;Ih4!1;=bomQR;R;$F4xphk zig^$zL%yQTZ>JFn9=kL91uOf*{_iUo%#Awxa+=={8QcF9_u|; zDj+_+MUmPKtI}m=vY`Rjo3-C&TYS{VV^hIIi~F}zmvWu;-c5+;yjvObU3dNZL0k__5}OTRj*vI zK)c}F0SMdt4F$=f&UcZY{|scZC5u!p#_BeBH#|5y?vq+jZ`oYx>({m2GkW@fc!9x}5hi?d9buJ^x5oIq*bUCZEgw`9Bx#p{{ zebS5-uCPNMCfXG}p1`wE=fC)Ko=r1ZPnSy2eDj6EDRNi%NHd_u@g5l5b@|gCb`SjS zDe#tT=p25kYQ)TD^d8%Yv3@Xm6GzE{OZ&;nAI2$8B>K;ThFa%9W=?Va0%hcJC!1Mc z@;#g;%|bmpR4v&w=8dy9XbV_P2Gk2|y<3{{Il20sJ1VQ^5D;JqLwU290S@9*4CtHE z`y1J_z&EUEXbMNf_|2-a;$r)?@S9=pQwPl}ZjDzY@;bbgyUQ{4=q7&d!Pb z@~15Mw*i0QtXmnj^Pr?yT$-NDRL#C@EG<%fi=i!qmjCk<^l%Xs>ZM_ z_(Dsi^lan|_nN7x$vq2de&gkr2DG#**ZeM4QQtT9I&nz@n00V)c%FLMa5rI=K9aa* zu?VBE2nBhZh;c0_Vj3AuFVlL9IezgkzL<8dcNI8E>0dw8E;PLZN_;HKKSH&r03*!Qd4Rz9t9Gx&Wl z(x7U+1|=0d3ks|h=7stPv-4IXNd0O_x>$6%bKRal`lhf{fl92&+@!6ZaMAg6+YQxh zZUSR|D#c{6s+pA*M$yrIqqMF@otAq6)$XtmH+M(*ysAlvZ#?hmD_ZU7Y(d5a71he$FA1EUb-A@&xG9jY zS~pzXp?Ya=W2DTpidA1<(BKJ^LW=(OT2+?UdiSW~*`!y-9j?Iodap#+Y~5dVcTa(X zvx}4ZdU@`SUX}OkAq(wkqfKy&S1Z{8VI{pjV&3ids&n^)5AO5M_r}X@ojGP&|6rX3 z{GDhCE;{h2FbQ4&wS!|9IiL@HC@F!jnTw5{o*#i9ljlZ|pknsh$qaUVMBhQibkPM| zGcWFzk+zfAHKamUw>~+WyMYjvrta+ zZV>qIEcSsy&K4x2?Y+H~T5LpkP?3Tie67oxuwj!gG(g3tln?O@V@w>r!7o8L(MFt} zqW2;DY4#{RIu2|BFtmNC9a zYNDTsk5+@_0bGsWB~}nzYhBibyngANUg_2~PaLL_R~Cbdsl(X;KyC(jhi z8b#*YzX>djFAAK``0!gvBh$V^NcJi)3#Zs2tb7a0;$b#wbXBYFr{Fc=ZnmPj(Jb}6 zBLfcbqsvD9u6N$)Qe1qhRq1TMIl4muKD~UVII_RB)ot?6yLh}uNw!dPX zGdP=G5>%J=SH|x!e+$ghMbj3Y2=mPX&T{^RJFTR~)dwNuVL{>5~&caB!}W%f)dUL5~2y z51C?0+S*i@PN1$MoSCwJ;mjnw@yloVOCY1g5wrNDIe+i@oT@)1{lLl|tNMc@ntMDf z9fthFMVkDNt#IT6=wiDbY2$$GM5Xd~e$B(h7hNIqVuk@{q5Wp;LM4#M3{!JMhm=Vevr;SD?20%i_r4#!_L^os-p zz1YAGy1h?Y*Pp}E8uKIW>r$2%N=}adE{|o1GD@K2Anevnjbd!s*vZ1F_1@ESEzyk+ zzPQw_yr~jSt}dYBFJEIaS$~j{NclUX?dP{}*NuVsupYXo8aJ-#wKZokhN#7(&6wy~ z$M+BW!Kq=lJ48g|Hh=kLgqH1?2EgEcIH5|5!Ek&e<LwXE%#1H1d}OPFh<8TdAEraRZirS51mxba-vXO-#)$ zyn!*qx_i(wS$*%<3wt31JnMEIrVCwm-MWWoRVg$yQbHF240xM}1_4OOBftf~KoDl~ z`_Lu?<>@$$yn;w35Iuu2F!%;TTL(su7#V2@FAFg70+hF~7@L^bEyQU6AKAYrT7OCt zMA>NJW>o6o%nroi8!gppQyBM+D7zvFZ5*XKq6aAVjc{j9g(N?3S2j@|K1sl zNAdKFAu>KU`TmO2A9r2#cqxgTxOq?5*?eQnLxuDbA|Z>SJJs`ewWeU)wO(W;1E_jF zXDw!~Y4_I$wKV)b-p1Q+jg-B^JDSY#Fz0J_^yRxzCfnt)C;MT^+Y@Etjg5Bodtt#J zIJ=-e`XO~deb4B{Y2$^en^*@M*Q;KR7I7&gdu?t;c)#`#8D;!xb4zn*)II(QBZ-V= ztE*8{ZT$s)mzJd5;yi8DG$kkNsrB7a#~aU|i>1@I{LmLmZ;adN39YY3nf28l4_r~W zhE6bT(biwI?N#1ew;+)3GI@2I2=8LESl>-MB$K5Ng*Tc5A?ITw4fkTjuHmGuG&Rs3 z@86x6*Z>rf3Cu>o3lruLfPKqU$j%egfe|o_SR{;^FG90IFcD*L0h4>s{(1$FC9cN9 z^r*hhzCH=h{e0O>{L7c=BAMU?v8QR~rqvNACr3G?LEmLa{I7Y}N6-*cl3ql>+|zkw zpk_ZwwC~>B1D^hVgWmW$<35_)Ph`IbgwdsNJA97T4l>#lr4IgrWWJb(m)OSmyUQ|l zu4~Pup})kS2K$w%+LqlKb^|>z*PNbSD=2e;QN!4nkugvs5-+VwvoMU3w|WvsztJNz zzuxOOxGy-HbclJ+jIy;0rAi+?p>M7BaxUAz3%1~Fcg+quaZf+_*e7~;Yk&LIQyZ(; z%Z6S%K3-b`^ZH_*6Fpcf+t+^nB6DnP=CtT(4_MFcOL_KG{%pBS@dqhXd5wCBWJvT< z7D|{lpepNmNz6!1m*b}$u^w~&(Qq!^#_b8z@AI9>hj1VKL|zFnW|{<(?;y`r_>c5p zCln#~Y-KH3BM2~i0nhIw8T8Mf=p8lW#yFX5G@h*A+JPAc!WX=?z=9e?O|zg`1A>uY zshajE8Q;zc5Dy?O3KHjxF(#>05-!ty$it%(=aq?? z;+&i><>k(9Zf8OBLX)e14x&vdZFw^+F{F&rF<-PswctgRN4$%|1#%IJl+kfk?~%@Tz{o2ZP$K?qo8F?wZ+76Rqtk2Ng2iu5n63EbDcfDCmQ$>W|-1(8@zEhN$-FI|~3hWc*i0xSL zLEbL<{PX+ovv>!^VV%@+m+!3=HwDKO>ztOW|DGHnxOXZv8&4eiLtM?CYPoD?gkQu} zH)cBc+k|zwEi61$2->5)JB_F5-ei2eRiB0;ifWJAQ>zCSWmURw2u{bp>cH+z(=X@!cozlU*;g3N8|tQg+E(%qAcC`NZgx3;Uc- zzI93^2?J{nJ@+yx^o9~R67Fd-tGS^2=rOTHxBd=mx@U6GS2({OpS!w;ea+3jzb}ml z_&Yq`*77VUD0sZWs_yXQNIfa$-)_Qe%!?1dk5(GTp1IkbdWX%nr_%UYK8L<95Ii6} zp1_Q6q{t6YoNFLWh#9fNyfOt~L}PrkqHgv8Z%#=`Q4~MALoEJpmml0E{Dgg27A~GI z_`0Ppc&#nscU^(bUaXs(^57v;TZqpqx$mhus0>J->g;;m4tj0?y;$|`Z+%8M-Z#1P z&QA81rm7S!g z|7ZDGt&vYN`Sji0TiLj#O0dINRB{LVKi%O?Kgkk62ekEt+&t;7E*TQd!P+Cde66;@ zUx4i9*q6&)r6v7h$s6c5SXe`q3TJLEr`2X{;f`{-Pw%EbF>BnnjNX-|Dt67jP%UdN zpq`)QB$HNCEKpUbqsN%})ZU& z1lGUP8?$XB&8fLtK|!)Im5RXMFQd(~ZJ$1pPK{1P#Pi!*9QH0iW5=%$Jg`%S5#OE$%1O59) zOr%8GL-qmZJs99pJ|IFEE*Ab)Cv5_0cW=94nJ^ZB7L`A3=Ti))72HL?zYN2iqoqXy zaI^W85ON>&#Z!;R=%}XAc}s zKaf;b4vA*;yG_qzxPYv-!U#Q29br)GWC6P8fFlJoJ&;>Ib-a{1{C7|&oK8^xqRDPrn0zcpxKF;e*Wv9y;!9WQxwUENKK3bY@1QvmJ=_u@sV z$BzZ-;Q&P-pn`2Y8-VzVLHff)ScdjBW*iMXf&cwLUH^R`5^B7PxqJ2eB}6HUx2}VhInWZ$0GW;51RNunnP>Ey2h9Dq zV%jh(=6{#`e{X%7=EaFTy6?jA0S*Y!pS%_U`3SI!nL>*vv<$D}2*cG6ORmGZ&CC0c zK4Mc8X@`D*aC_B#J$+wODtkyFX>&E!u@NTEFZA^rQ&YJjj$X?uD-$ECJ83l4*2Y=5 zfCJ@q1j_rd@$pLl6ax+(P&$d@|4UB{BuSh8cTN27(r9>l8?Vkq^LTf83dx1=6TECe zJS@s6P>^4LdKmcQZ;E>I*)*F6o9tTOZH%qPsqS$I=eVnXGy}h$nLB4KbZ7n$} ziY*J~BI+H+2a`$adQFSQ=3<0H}CITU0n_78Dwr1fF_V?|8KJxO!(j% zmNq{6zjg?`1ve!KQZPrgTyaUx)BRn+be=&t1*t2~)_)rWThc|Lm#a%-Rl@%7(8$z8 zot2KHq;FhWPENJ#{rC4&PjBfyy1p&~s~K^7{IRxIe_FX%5@x_2==a}hP^9Dh{O_y( z^SXYX*eQ!JwAXp&5BkATf!XQw4Aj>f8XBa6^$iSYUGG&v3l(}lk3NJGQ2$Cbd7iS^ zmm)HPG@xzM0pKqejbD{D7J~oL1z+Ef#xxIzn!eF-Pt)9CW^V84S(|AIhEN88+^Z~| zmK6YAj5dk`R64!Zzw5p38h{=5f40-VyHL#}O4A6Lqg0uNo=@C-|o<46dz$eo>dX2Wg(dq-GkX} z#AN^my@h!DE>L)LvZb%D2!=@j3KjO;w+75GmC7KTB@o+SsJ-ex``Zi&C(jc*O{T-ejh{_vry-dpVT^bF&@ z?QMkNu;)fVe4X>!b|2EJv$Jc;+jZE_EG4pI{$!t4$m`C7da1Gbl=oRnz~6&`s5#7Q zuc{$Hb6%Io4_pB&wB;{8!@R-fvunzT|C7M{x46+_)NN~lQ%p1mp(}dx;8n2pdtw5t zL1krS!TnN3%BjqN>R`~1HJyn zD-)Fcj@HKsj!e(}_3;wN1Be)Fqkt)166eH06Zi%#;4 zfu0d_CQM`bGW-627a}?Z7{AMV9taSi2STfSbRNI_LD*V_1Bx7OzExEQ_OCEq&Vz#k z&(nUHy9!>zDMC)|vv7!NouUSw#TEe<{P^VLLzOj;`-~rJ_~CS&dt#NfPMOPD#mY#5 zhK{*;RP`iJR7&D!rS_+&iLP>>vjfxC2gvLI*fMaNet%3BnUVswTpq~^6vV_2q-6hH z%nOMBzl-VMP!b#2HyAmcH=6od;DqmFY18PDKjF<8xemH--weFBEY{qagQ$e(w$dKa zAdM|nMhfXeofUbYegnr8@9hpIKvRKa`X2K%c!6=Uu($&v8<3jPb5H+!)uz|^h)JXm z(v66M!nLiNtDwPrS}D0R_GwN_##kih!)n@Zl(EsVb#*mEk=gnAx_LuF(ggJUL{W{q zbG@m1kDs$9D~`zM|ExVBiHC?rI1=;v!SgNzqH7{i-WzFqz?mu^{|pPk2H$#2sjH8b zyYDo;dFPgbG**Z)aa|j`@6=B8KdT-7IG_W_1Nev?L-Q99I<$qrE-lOx12WvR7Kiqd8TCjh;xPJGVWy|vdQaEFbi4fd~=G%r%cti*eRr(-e?ge5)0+DNX zB-~yJd7ldPU2$HaXTN^qhWkCX_=6d@PRmBIWbDshcx6>aEh2`n-%56nP6neJN9O81 z4`>p5G_rL-VF}JIJ@q%++d&gay2%V1gQPz_{3Z zr!^!V!Hphw-+y<5Z|V!P<>Z9jq}Pf~P`bY5+c7D3tfm&@$DFiZD2>fZBgpF$?WtkL z@_}dn-~h0Ey;A{1V-046eOu12!9HLW#nc<0RClmCE!5lb;(5$1Aw%CQCsz71c9Q+x zdZ}1J^k;tm1Az^AeB=8dQ^RTFO%HkN_X~)S%O46xM~~Og!y7DhE*lHhuKH8? zsrtjMqbZbPwF*@L&l!8q%g(~`4RLgYbAIkUWXjCW+6?PAdgKw7u9})|-B;gqW-hKi ze`HICYT%;}1W_F(Gr1iv$7)S>8uAg9ltDvSJ^3xUuPVYh4z!IW3iEilkQow|B zQS3wX+7!b>1#~$7cy!Mk5r%M!e|$Qc>dkw#xmI5@^KHVe5$rs#Oj&**UarTE`|GVi@NVvD>JZyaNAs+YO-pzN5M}VOfiH|RH$VhQ(?&t=%lSA4| z*3!Ptc=EYiv&{(4`=Pb&-?h4mu5oq+T^{H{v`Ek7ldeR;@< zn4P~yDBi3rj5-Lo5KMA`QXw_c&2wkZhB2`ROawPYOvkGo9-Va-A^@aakZqRK*Qd2sFQt_LnZGW#xLsAf(Hd!Gn5JJVYI2OowoE5E~uE)jX0z^0q% zovO-F>l^XUCnxpACnpDeY>EMxv)Kj$WxpwJ{i(h5FnwwxzVW@5EU5cbzxtxgdNqOQ+52?^T_b|4`1%UBrHT;pv3Fj1>X3E z?2c2LG7sShFR4!m6?l6)pfK)+ztQN|^zZnt{rePb6MEwjx>i`CuH(3u#8a_lJ3Nqk zzbMdaZd`zilT~Q+T6zU%P>1z`P?*W{Xq6kJ)Ptpuy8sv^&{`Sp4^C@H2h>7b9A&aX z8+Qn7qzcczCakmM5v)hIkUXE)$tM+J`nW@G;{lNBy5c;(JF@Zh%9JKfAQFDzUuaL z^#Kouy=z$U_uH*ol``CNXD2%~VqN1OaLs?$otEu*wYBHWM5@$P)>MBfR}IH{JQB9Q zGLn|Q+gj7Wb}X@TBqqR8Cwf=6ej0tRPW zZ5aGI0(c}aS-JK8;TC#5c~=}!e>6Pqh;(?4F!ZEwPQ$LAh~cyOaWN>JyzpdCBFWKO za2#BsD>r^w@W#L7jaOqep_Imyhz2U!37)g9fCdMdDP7$SnM+qAyXFs?MOh+Y8G3(j z1?C9UWf0}cNS>;xsX00A!r!!o+*td<^|#jBSn`$x-;eHIuS>yE)9uO`KV~m!Ux+nJ z+Q!??V!4i}#;K0YPIa&vK3lI+h5`soD7f@$;b{mE0O_+CFAoY01W)y9S7DO>3f+es zqFX<%lRn0%RJtz3ak5GuPtJmW} zQ@v6yLNKxC(z^%QsORkDHM+Lklpraupb+-W&^&EOj6DB%){@5Uxb7$R;lRAw9YaJ8 z355o0vh zEB;tg4c8X#PjKUG-Wqvyb9-HZGbO0n3)fc*;~cH8ziv~}X~KH~fmB0V+q5e9761F9 zHU>#2nI*7h@?DW|VfQCtQMp-$(lKXMxNBSAZuBk9E2eqvox=mm`wXsCfA#DfMU?c`o_e*Kz+fiF)3v@>f@ z$e?!9YxH{jVSmlQ!$Lb6i!u61TiEM?m;9UtCG?{8ps@3rd<%s_%^s}P0Ytdpe0z7( zZ7xCvlzcwFlJJvM-UPHYJOiVU(BBRoB^r*L9+xb_If+o zz(@&wyypbHj*%5CXvHPKLhtS9*x%h`=VSpNQ^1xt z{|FO3gmKlOB2%6ZSBPz@7WXAT9+IDxBgRyvW><`fghDP7km6NdTJuOaTF`N+>I-{m zW@b?9^)yWhThdfRLq+A4l+=Otf;z&&H?m(ug1SEyYn;%vaR6duy|uBbyFB zbjQPQgKuyN^{THL>zTthLQXG+ci#?o22zW3Ygi+m{IKy7Oq4&RyWW;@s2et0Y5O}S zCPr|rg(6yZzJXg2gnIJz%PM8UX*BZofX$#N$`h2Hvv*UlwWXzlEC@<<5HVRCFE4!E z$V1xtLhyut=(7>?CK=00v&S`T6eD7FG+$?VdZ_kiuPX{KZt)1P-M|!aZvXg=!Jlx% zQUIZ(oTm8nDaa2`=~Us<3Olv?RCfgaml%F?2WU3{wRr%)4?Sr!z*hsYCNvPUUBI*c z>sUFWsWAcsW3$2f?U(k{iyoh%}9tHU0^nqu( z z;%RDa=G@C1TZxiHlDQA@zV)ygr7Sv}J$^&<^>qmeof@>!|K$jQQg4Y~P)c*gPPI4m zms{kV4TRQ^^)EM~n0-7$X0U;~k9kn|O{7jJBX)DX)WTRZkF>kyK}>d$ z)lf;1HbYy>3iE-CB(uEOcBmX#&aUO!!jv>?-Lp4t?hk%y{=ItXU5h30MJ&3PC0bHt z+W-v5Jv@QNol972L!Ym;ivvdUJE_#t&083o1S++1y4U8;zyI3L3fP}4b>nGav=$ENG!(|t-v z0IFfKCW2PfN$a#MDa%5pBB(C$WFS*QF-5dRU7U6I=plKdNzgLGl|DHvCPjH1?CNV< zp<3F8kAxpqB!8$iu@AwzcoEMS>)pplMAe#9u48Paksmi=(<^f-IFgU4Q<1jyMF~G> z|76RwF*8lgxXjERj9MqDu_AnRIj2gDWh(IhSVp&9O}wW|exdqT5|72-C<1u{Uh9jW zvqXh2)0JDJBoMbfR2v`yu1JQ)6md>&#GwKP{x7a@?!kXZ*ane zzUQ#9oheRuhnN=x46zXUr2gVaxl-W+HOy#(UWvzP!MZH*&q40jq7 zk)VmeN6+)Gg+e1r6GPdAM|VwK8$m%z3KWbQ-Cl>J+j#u)W$bKt4|f)#x1@AV%mrVP z)(qn~RrC+8lJiyklnf4HRfEk>EkFgP;F4_7bXJ<05#zr#5mzWb4*4^aSB3c%S1M_A zujzjvkp8jtN$$GT-?}wBd=|09v1n)R8UQJ2+H&ILl>BZPZk?}2Y>DgD*5C& zYXf1qr%y-gTaya8t>{DYg2_qv1hD zf55OZZ*F6N z(~nVhgf9F{QT%6IG_Ifrsz-Pka50Lf53NDBCt9Q4hmupdO-<}$Q9ZQtlIe+Y~Q&pD}hAY?} zD<=xteWTovC`JNz^PZmMqn9tGpgAEeZ3<*^R;B_H9yE5H|_LP1sw0^vnd|n?JmA`9w@u8hc`z!tA_i$5xS_ zG6dj%AG_v30_g2+bN+V@-)z zfAD<*C@wmDHQ4-qP$7G1ghktC?WKtct%Sqdbmj*{l>X3b4-W`%J1vnpyMV1Go7wTQ z7Fz9~yACjdTs78~5=Z`NbI9u-*PWt2hIGqe(S^;1-4YXqo{REHo$1L%#9#d{g z7%D6a>r>@^?Opv?wgdgByNry$6*2{umUAA7wBVzXA*Jq{&#X;yhu=Qx@!V}0?v~Z@ zvC7g!Y2?bpjLNFqu{Bbu$X1)DQ}-O^z0dy-#TQ9v!1K?_Xy>2}z3CYaL%1Ydg;I40P*~psUDyyGLhy=>rbu^OyTCprC zZ5*84iY3`;z-D)Ez5WE>@EX?dT88Sqj4vv5E5cPiHwCG9xNhHUYbT|g?i5Tn?;d(C z2v1@M19~kj(h0_k#=0k^Lao2PqxksPR-!fa&(7YIe#0YFD3ZPOY(Jj&(kD_`N{g$Ee1*UBlr`~73sXkR2zKsnsa-Q| z((2W^hCY$tdH*6h`9yL5vhDK?8A@4RKE?CDv$k7yBUcHSJ{snesyozQG``%z`so#+ zp1ENTE0f9M(7Qz)slHF`6`@6K^MpsO90*l)aU$t5`oJ1y0C9@WE1(A`?0<#0lD3$2^wYc?3tjUVljfJe> zkdW@qZg8}%)GlD}0(H9JqHc#IurmS!aUdZPik}9g=YS<{`5?a^3>e*K_eLNO0s~Ps z=dF-6n5o3avz*`J93v7@Xy4mB*S<~_ItFxh@2?so(`p&Yb;UR>Z@7#~bhR6Jm7AjP zA_*?xUoh-8{7iHS|9(;aSBu&Oni}W3$o4e=wwG7E*jaC5NXS9Y21cb+Nh~sap?$>t`8i+BbQ4es*j-T3hifwvb;Q z10I+Qm{z!isB|5ZJ`;6pJOwPApT9q-nhHr=>f%#aMpZh_$G@tOD~#zNBPpoU=>H<} ze(!c1mNDXD&RbLa;P&2yQhuG5=g;0K85L`XisoJE7xYmZ`O#AH28wZ26;;5WydeTM zD-tvf=+52FK+|>KI4J!RRNufOgFXOga^HiA>>*4PZQE^%~+!R=&Ikn4kKuv?bu-?D@7&Pw zc5M%RK%{F?oIXff=V4y-SHHASiIjQXGGTooGGU^>V5;FWf}9)2o9>B0FKr+NXA+iQ zv2R3^F&0YY#>0C8O$5P0VMVhEKlNMClMzKIXno`*5tfA%#yH8U#OM-cyc%SoS{IhCF?rT^ zD2%#<5{Ob2d75FeDU6^w=2sv~PvXuoIaW$-V%NJlb;VS0mR`szUx`k%&+v? zTVmADr99hDS(%}FccA>xao?T~a-8jIFIzA9 z_z=k08?DO{yDtWmgitOR!7mN|co^40n5{vr%c4<0aYR&9lQ|XneMwa^@@Q zw0daPhF}E3mKO+zj6y{Dww?Xd#`UMkojt2kI9I6o$$I z)n#-sw00z`yR4Wb%igUPRbXd$1;%wz^Y(m6+1bm03WewLIu+IW($WF=MGldnl~Isa}%*vp83V+EYlB(Gsdr}RNU{D13p7<zBiy=>^JPWV^`O9wFANgV$H}(SPr%-p#H4qvFri#a z8@G{RGoFEwQH3dPWa7=p+y)g(pwd$krPqq;t17|YQ>Eh{@kCzT%RhN3i^h6E5!I`m zwYO={+Q{@?F0VIj-`=LdH*02*`-Ye2xBQiC{{~+NNA0~^81MB2jl+s6V%x9~wD+Y7 zTWgC3&b*}pYZdSEM>`>Cl$q%dNF3d*Fw&z3?fHDXy|18S%-q~yM=G|y&%pv6u&CaD z-bx3$IH5$MAPj*EIHddDen6N+Ab)5rLrKKndbHZn-hTZx4k<;XR6QqK{~k&Bh$$Q{cVoT=bAqLvg^3LVF(mkASuTHf-m9^q zVt8_L^6Mxl7WxOwIze<~PNPgDIew^G^Bt88fyugZ(~$Scn_?6dly6+sEPgs0f+Z!vwp-5 zb{DUWb&=Wzym`sBFub#d{LH|1`!MJDE`YWj0hKA?O;Kf{Om!wyG_<_lrLC=E&0Kj) z?vD2+?|((#I8ypTcJFQq1&6Viy!xgz!fL55eoKA{nt&f8R%srij9ypEi8n1&Yp-1K%j_V1RDJL}9+iy1 z826Uo_S`cKJq6!$yl!^yupY|aAP>5J{raztM4<5i6#*8vRe(Ey&Yvq`9jfHbvC?_k z*Fq3;2LdC_!aM&-ZKi~M{rtS8B&Sn0mzRBBj|vrdl^<+OOsCA0N#YC^c*FoV81N*M zO8l@OSugLuQTneN-F~xO(uRI>;>oU`AC~;oCH+388z1Q@ zC%pMd=YAlwMo=aDsz&Xf)GyG&xr!a1)}q#w-YL75nB5s)dymoqO|J7+kgsufRR;Fji9PRc^_uTlM+)XZKaQrZnS$ zU+q#E&fv(0srQhPzXfR6x|I*nNR_0SCa^w#v*#LB_4M+3G1ltm>&wM87#<#`9on|J zpSXMs7%bR$m)Cr1vn<~cn&tYOIbi+`WE1`Ur?xxm_U&Fw(|+b#P~ekoF03&Sg#nkq z2V`oP_*6Ve@O&NQixyBS{l^r-;d?!AY;y~kP??8 zSLWbB{rS>m%X6EH#LpZ+*6#Gos6#~2lT4-*n0lKGqPpFkcM5GaX&M}YaK#dBd z-5a6iK$Lp>_Igz7rx|ZQW&?_m+)84frG$PpWWZpuhvCp{nGH?MUDEc#KQ2lsieA4k z(S@fy#bw=k^(G+6w{4$OUDTN#8-$~UDqnRnUQmQU808E-0XHsXRUzuW6Q`CHBMTILMQdxR{-w|s0 zo$V~%$zQ$!RM4Q6s0EQbOpcR3OU_+iCp>mP2`!eGdqrRv`M_lAy5$5IMf#gH~{-}S2dLqmGNdG0Qu zApfCM)3ev1oi`s;80{Z!MR_#*-7M(Ut3qj}ENgY0l1G_g6@D7dZuuZf=o$aeNU6(Wvwg_M5e;v?1aE=Zbjw|Zk50rERZQ@=tzk=vXMDG`|wX<{KRpB>n; zNM3WgcjZc%irH~5WzDDZ1Ml$o+pkQn-)Orcn@`A9?xoI;7n4(7@R0x1l^bdEhTtkzv1O|Ut#EOOz6A-fKz#MBRQp>2R-NL(9s!(HAuQ{pJh3GLg+`Q z{5CgKw@llq>3$?!Zo(E^y!`z|I<&KgK%UmpB9W|UrR6wU>1sZk(X7EBB(GpP(K~sX z1xCSrGT(*4x9FHRUREa$PVrBbO3yB`t#;++6US1fx;1nt5>Lg7#--ClI6tiTNF;gs z;+ncQkCHIosFGXj`TfCy5XX<#BZvC#; zm@FycuI8ONFT)RfZ*M)eP<^4VVyFTm9cxRgO5IFVn?1{3b*4=2tvGlDHwj`%k;|FO z@*5_A?S6Yd04Ih~jkR-q)svTaG)wavc!53LJ(uv8g~t+bMuWD4*yZ@UN$Vx>Wp$Vl zQ9iZ4!Ir8)I*^>QsUtTBmSu=~d4B6`XE_y03TT#{DXw3EX{g)UC=k*Tvx1(ZX80W7 z+RdDu)$V2b?nqV~j(?%On6A2?`*RqJZ1arLW_Yz!N#y>)*L&?lR|!)dVh!;7T$kw5 zm~dO*c+O$GtYq+D^HH2TA@6is(31?4vrnik0zFLiX{2EVkDGroXPkQeGN#X9?{BFf z>JjQ&SrmfLugl9$61Uj|r-KZ6I;Ov(jEV*eOVo)lM>lV~OdM`l}XbI+SXS#NOegH+U?Xpz&L?DVzUMlisNRuay;>Yp+>DxN|fy?JFlZ z^47`tk_z4DPdknx85kJA5GQS{{6_z-UhQh?_wV0U^1@-pqvPcn}m z3kNWuzM1NNJcQ(?iYrighB%Jn5@!sSM8Bx4+EJ!nD#sDq{y0Fz4szz@I7| zw}&Oi$ghNdQmRv|q+U>Gvw|WQg2m%6cGX}bx7qTrKUJxW<{tgMQPt`rKg_myK>DhK zMlH_*4tW@)-{g1Dhh%a{j+v->;sfqXU_mvV?e_f7cPE4^B*c~m4R!PTEFcTDazs>D z^LIL9-G+_M+s9YLOFGTl$=(o>G?&i=&>-vKA%%LCCq*H@{m7jD5;wo^}FA>ao7bC4{K%d6B|r@j@s(+0kMe!FG)$U_tWyOPk*%tGD<0FT~2UU$X@QYj4? z+2bKsGv>f2e3U&Ux`hWI)-#oLP>g~^1a+p$aeGy*8b{(M;eed2p$5q`=%p2g(jQnS zD{76B60ruN2ctNVX>Q2tk7l`9t2uJN;C&Z<&Fdsk-sb4<)J5GfKFyQ~uD~+R=%T^! zb^h6`25P?v`_kc0vvED<{MgL;ra1Zg4m0T&TBC#{aR&DZCO(myWnPayaq|ncr0tnIck#D;U=t*3k3Z~gin3m?mb~iU8wGz*+*E#LnLBQw^_;2u`&(@k{zplQ9 z937q935G(3&8YE%5AA4c>wG(@;Wmhn_JI=+$rzCGm&x0BNdNrk`+1OJa+kd^rWlqA zkHPo`XO@Av@rJViRObX&37mU{*<4kH8AKyLx{LF+Q6yLv(hIXct4vH49n{`I=C&;^JGisa{-ZAeCfSql3(}jzM=+$eEUVnb8 z>>P%ZUWxgtUWhto&ll=k!`T4?iGwHfY!{JT{ryHwCT8~b1)BN7fTc}MHF9-z_4W0A z?BoPQG=?zSk-Cwo4Vw3CB!fhe96!FE&3Z1x2ntI~1*sYu!pPM##iJ0FZ1skr_>`8` z>+F2rL^YKybE>~AJo@w|g@Jj_F+m(DPX(uuh>>7=hmV`t0r~l99{`0CO2dsfEq2Gj zd>ppTbs%rHu&{u=hV^varTPz=5AqO3X6EvM$$x!?(`yd%Z8Pp!&tA?KSr@aUx=v2t zX`0ybUEYD!ZhmDc(vH`*a==>1cj5Px*B+40&bCMjw5t}_hMPWv7M#0W<}nsRM{ktF zI5|fP`7$a(m!Y+aiVg|`Vpw+o8GFg(Qy2pL+y`!}D0QZrV8el4i_c-|@&B1c&V8+nRYjqm>S_tUPWLav00H@vu7xvgLC7JEL#gC53w04GC*U^2esf$O3J;h)e$Jr zuQ#}^y4D#sq^Ek@o&l>Y_01asa`M~(YZn(62rmUoKg7oQ>(uew`h$-z$rwh#>$33X zOVATO#X?P#<|F6%Ho2#bCtTHZKJ&-39e=3FH-|JcRm0G3*9+`fAFsX_e|C$L^j*BU zm0`fjTOB+vUT1SoelsSV=VIkW$LO;aHZk1UShR1*jVO2{vlt8sL{7c@C)2D+qw2eD zws&2mDwES0#kwl~zGpkQ6X4Cb`$SQW*V0ZzZU?z#T#$YAF6BH`JEoYVQ4f>!JC@#k z?*2WoXK`E;)53e2!IydvO&?riF}`pzG%_7l#kxTMxpo^le_a;pN&6~zj)2`IPQXI4 zw?1w(aZkqiSM*nNXw@i$Pp;ORuWq28EH=`hG;2LD;!IR~mM-*(b!J^_CErVSYc%_h z|1{^`1|y-VVIskv>c;Dme6sf1>4f)XV@1Xu2BL6!>DRj_GvvUi3y6yV7nv*vsCH~z zTzE=4RBLr^8{VV-v{2%Y7U|6bA1{BT&b>GBc}oj0R5!-U?}>_DgsRYP_%$~#H}LG< zFTHm0d9Jvw4+BtZ&{;uA2^AtY8SbxshYeQM?0($Rimd~G{V&r5e&<7RsXej3b!pJ7 zb(-FJ2Ox;siK*+OmFeMzp&rTHy|ahYNK#&5NXm1YdC|huv=8@K3cR2qgBQ-x0bL?& zX|eI}_IGx4$}JT@bd|4J2(v})_)Hr?fZ9TG%KuuYU%PSnH2!Bcacy(0A+8&PLzd?=wbw)Zv1x*aTidV|1<%~yXRO(~d#_x>=lP4o*+i!y>r`76fSMq-6 zflv?LCa7`T)sgT}jm_ysGg9QyBiDMTxoCj;fR3?k`7z7n#2A>Jz?hcmy_ySAO5YNB zaS#kViecdS3i}*<5b?X*B|due-{x>zhzB-@!JfD|Ttv(YL+-3;HR+N=)xMdgxR09^ zI}j35yd)l*!8*RvXbf$Hb}nkIuWv-W0JBQZ&50^|a}qNyZqZ?iY`FTGvU=Y~+U~cs z!$BAmc!tRyzn6V)ZeqQD*3bMin*H%0cPyP$YNuc~P5@nRNzTKzcYE}SPfDK}akx0KcI5y0BUJzRvit6KbOVLQ2~ zV|M(z_O8}lP5>7nLgV*i4<`)AnU=(U9>}>k{fkqI-1Yd#ccugM1XsxrGO2W&fb?4{ zK1z-+h6`(N-Ac67rzeRh1;TR@t582CI(myjcJZ%R2{m=t$bh)(y{gtzD-}$ZcRdIQ*ni>x|w&0JaI`3+Fkq|c?w(qT`*%kbXU+?Gz|Mti_VVRv70w;K3i8g=@ zZwejl*eapZt?M11@~VBtdnZ@YH`LQw355%7+s>_R{TJ=tONlJZuc!5uiN>dU8(uAi zp@>nfVwnYB@lhZkS^b4dk%W%Mj)fSbpmn6*GaY*5z6 z7$A585N*J^q#}ADDXB3-ia0DRCJXx%S@lz!rW<(ai++kN`k6?H95FJn5`heK{__w{ zt~v-_FA|H249e?%h&5HpEJlf>CvV;Ra{D&u8t*&r0-|KWOGL!q2nNtpqH}HIj3WLt zoz6Ex+pKvGR*7#?QTclK(_&*|YyRDHg!mX1k{+PD!gRjWWkeL_lz2EeYcTi#?czaJ zKXLFtp$M*<=9yUp92Ypq&d$y+Ed{fhK(^8)dGZ6gRt{VR?q4Fe!fw#!)6%gRG|Bp= zlTkMM$K2@cw#E%4P=652*?~tG8{@h%bzIz}1$_E)7D`gmOQ1eKKY!Hx2~5i2_wdsg zvH_JkjK|@ErTVW5sRlchQMtQcTwB!5i3d!927Ta{X-YV}3AM$D5z2??=)~w~U3yNA zTWMjaHD)glp#5L&yN5@9Mkc{<|2X~SOCMt~F))CQ*b;;B>U=C?#?Vl&dSk58hg}63 zeGbro&z_u!Je1am{N0!lTRePxY8aG%jkyPXw9Nl0MR5O<5ZtDI#NOiFKy7AUs(zA~ zVFRMW5EF+42~&a(PAE^L^?3^LA}AR#oNlf7YDZ@$$iDE+&OpQ8*?vhh-hxmG8X)0?kdTLOx5OFslbu-@@kdu^b|HZi|wkUC5QiW)w=!u?|@a7WIL6Hg;kbal`;za@K zpj+4Pbbl#M!PNR&+Z@DdiTgIo2xw&`%lP%k`$NMmYHK@IgPOy z^oy-K)A4KGLL2VsyZwfQRoA+50`5mJYw7C3k3*U1vCDF0)5voUU2o4SrSLnBN|{o2 zhN*w>I`wqX-SvHs9u{X2-#};L|1DSK6}j=pd-5kfp5qBqUxGo_x-$cbnffBp)t2gd z(W0LYus_NFW;tUnDMe1tDLzoQj($3NwvubVdtg>hDYDsC8sUku_xbAFnQF=dtAjUY z7Vl9|g$R%ij%8Vw`>e`D^f@{{3U5MATu+A~$y9DKYS@s_S+jIUQ}HJwLaEKE`HGte zr0yu|CCk{fDa8>e-*CoiZPu6RMaN%{I*u_kl1i#LIB58FfUoowVLOb0z5l$rA>BK? zY@|IA_`RGP!{3m;{hwoI;_D$473fZ#fI;>a7>oqv?PSUI!|N=eIrx zd6~8x?aa)~yjJqH-(Tg0D_O{Gm8h44rtrd}(J3yA;YGQC`30qi+ChM($TQBy`Dt|* zUWQ|mScnTiVb?X006JOi%LKO@nW6X@x3xm9q43u(ak}jBzMabQcgk zc-A~pg=iAB$9s(ApfqzCXFfvv8AMCE%bCs~`@>F-<$=apPWL>d%9TlmLumkFe#lC0 zAx^q4B%}|`$h4fwFz|{2Ca}1?hV!pj7`}IISoLemf>}1}n>XZs{j!$rUetVBjn(0I z`sZY>zSvPKt-AW%fHgFvTE+2vtr|p^`vj=NE;q%Yp#v+fy!O6;nK{9`wEf~CjPKYd zHx9rwDTr>BYwvT|oqjX-vnX!rtFl2bi|7&%(qd``#1~AQOE> z{QKHIh@8htOn`1|0G6Y0_Qu~6TX+6DQk!3CDETb;%|c)Ml{(elrA3K^*YdBm%e3pvz{1_Bt?(I@iWLYm7DUf`6C^%`@x1=NK#cH{Fi3Gzu#8NmS>FHi%}AV@c~&Y$JgaPuxq~v4i?*J3#uNs_uy%M zAuGT{w)a~bTnG+-jB5WbqL(kft0eGS4Dx!=bpPY%nwBO5t5#fEb941lpH9hk&%%N^ zqFrjb2%xCc_dJXcybB3GuSG9}oX>*Qhzd3B%*_{=!7}Yqr824Co4f|i^6(j!8QzA?rv~zPjqpr^cGC#ukGfesw;#pvSY{6~%0{z3_}bYTNPL|D zH7$@=rQj-3HgL>1KbvPFtq}^kVivtd)2*2XI3P6jx;P@%-b%$Uf=);-nkOxw>Ez(z z9~Iz`pP0F_62^`Y{9tKe^-k6ZG$E-0=T{M^wEjZc9upS*1Gny&a>IbdDB^_PEK7x? zyY$I%bSuNT+z7!($2=;Re9dQB};ZA~n30&*+bad)pOYi*iss#JI#k`AAlFqT{Qg76fI}aEqp8S%{Rd|TJvCwf6L^~J8K|pL` z+o8e~aPwMxgqSgK3CMJ#C)Xkh+hCy z(;F_JazjNVx>j7{%d850wch!JnY_Q;enN6M{JJb(?1~#8(c6yS{nq7pIm!%zcow#n zdz@J$Ud;<=@ca_sgZqW~fwV$#h$|_<_q1UlmCWm+qN1afvw|17-5x1@3wGronP^|) z_0}DvSSOo*hjE@g)xz09++>q}nX#9_;oPs8=-Jo=(ZOshaw|#H-ht)A8|Rc424&dBVxv$PtXGJ07j9iOSO% z3}GxiWgz9g4P{QdL(kv+Y%SeN+#$-ak=d4(mWYT5;4)cRSitbL5a`+7C;QNzYt|2% zY;<6~433d0E!5><2wv-Lx$iXiI9q#N;^cnsE0TU!yP2U#oSL<hdj{ZS_driudQv>n$t(G3sf$ePO7U(iuNZ|8__uM#rcE|KE%bqh35P#~*34!Ol zr;Lu73wf-qI(ip3u)8j>Bak?A4Ba&|6;t2rlKgRYhFYlE<2+UJu~k1RzyOzqkLC95 zXXy;#?PYFjRpi`RXn{=B^>52A{xJ9HB&6#*KB{$a50-r$-Xjq!(bd4*;d$I$ zlQ-UC!~Fq5B^diAIr;C`P8#;J-Tc^CB1sicY4<ZcJO6eR}TT zH`5MqWY~=sLgoT@D+dHh(D1qhOJ#^-)h{|Qt@O6<@3^C>MDk}2qc$9+9SM)hvg{(Z zSBwE9`Gbe)fGGK$7Cq_r_SIt9b9%P#Xt6xT^08UZT2(!T_bD)xiSqE{lcPCsx&5cc zYLe?AS`MOFVN#&cF9ySLUf%uTTs0`1;jero>^t|*{}Oz?^=15Seu31U+jXj`->+u_ z7!%S5wu#@_loFu?UPR6wvB{p}GB&U(8%$J$e)e2Z9UNZ(!A%a0+|_2qY`Af!5e_G@ z0Ob3ctFVvj>&aTXHNHE@yMA~gLDe}0#rt(yDX~x*#&iZqS%jJAfAQV%SpN}DrVfP| zI0G$sF(5-kS7fj{02bTWC}Jsc6X#JZm)!%-M-)%T;mpK}ZQZEPKw7nV!(;t^)g z+SEvNv;&$!&ZLua%Eo{JXR$iL!c}Y%al9PtcS9>Nq3b`Nt#tO0Jxl-Ii(%7}Bx9`? zhs~ex?ZpdpEE7l@ig0e*@Y^G)Z`j}0AVN1=n48nd^e^({PM)th27qgda6Q1CVciaC zQhD_!Ix0j!`3TSKvgQFz3bdKM#vJg?uB`=evawWHUzT%9+d`n9+iO)XAm(3tpc zt`pxd@+oea_xHg@akSFUsB8T~pO4|)O(=@3Sc}I#6Ph)^F|Pf2qGmE~Nox>jkK0f3 z;2FmD0=?+Wie2;hxo&(&#!B|IMg|j7&O+PMT$WZ>jET@a80ssKsQM!nw3O8FkUYeB z>u#msbHQXbPde?)WK zm7r0mdqkRM_rBLfkSc*O5#{#KX(hG(#tYq%a^heP2{N9rp9>)g6m}cskr{k9qlsPv>b4J=)?M=-cPtO#6jh z^x_&~t|Q`c?iFIZ9dcd?- z*L-ujy*Sd~X+2pp``P^tUN(BxN0X1F+0VAOy4#QOTqPz$83O-$}p(-$wRF_mMSKS z=~8+ab}JJ@?nGd-%>MXNrsged^@77d|%+d zji@)IcovTla`lvHxWwrzE2o{)fFM*QR}H!j0~jsZ+uK7nh?V9czdGZDRJBfn4Y?Qruv`nWT(~-UZc667?UJ-F8$5|7Agpb--&BR>5&E!mVQOt zNiZ4tUTh>9mj0vI=;C0~5mbR9T{k8F+2Z{AgTU;5yP#`((6Q6H&hxZvY!wsPj-01_ zpaq+%8F7aSTU8?6w^Rjv>XF4geRs$QMsV_V9L&0j?>bgL@$k?WGh-TMiyMARrRUBY zu%UCi`scQB85u^FA1XQa-FT`A6~smX2#oH+&TxZ0|0Jh^WVO)z$YW} zYjVRKs)|RFGSQzV3V)azYMi<0uk?B}NQ>2fWPc~m$nykLGev>Ei-vADl~fEfB*X6X z+%Wr7`uwBZ=+8G!c3(zVwn7>U6d!{BUti?yV42pZ#0zi#kovqVhA@lpLZ9pDBS-{t zi&nbz)ouHF>HQ@n#AH~=;qw9|@11Mco~~&YsuxD3+aPHU*3JAxFTJ06AKG|Pc4Ag- z2>czlq47Ua=z};a2nn40`BMt(BM^}{J1@>X*T;6i*PJTgY&tQVYwsrP#?7;5y?ihD zZ%gQ>kvS8T`%x7U%<`!rO89FWb$K^cSqys0?)0$H>s8u1{G7c-%iTKJ^MILoa<*TT zpMSJ}wyC7#4Jb}5?#C|*6nV>Tvx=lT660`oJQk+-QgP@nFtd%8-*xQn!rN;^iZecevc}p<35o5{gV3D_b z`_;TC?M$x8*Kk{+vQXDac_{F zhA(-u&w4Sg8YvQZh<>N2noYpp$W{kOCEy{U;EjOshCVy)ihBsO8|#zUMI{#S8<+J_k1g}hp}WD zlTySVJO;WlmNHUHgQn;>yZv|yp)WkP*6IWuV{b@nEv6ZDnLf$8EQ=Hx@YmyiW=wP$ zEmLEIg&bhYib*fN{&N!4$Q9_+8w$UQVA;rzuowrm^r0r{^j&NOpXR7;lt~I8@n6FqQ%DA zn^N^0nrIk3E*cLyp?bz%)B8a*w)jhRTC31j^eI*LM4Nh`Ve!SUaP~`*Bsf#*N>jb? zW?@qTIpy%N0B+}{bbdUmKon+R)xZ-~HY4}UYKM{NrkJ&C*}jo5`kC$?V~n6L#vHNo zJNx^SWnNFwjcUzA>u<8$r?SbmUv_`cw}t=Y6LX2#cZw_5@AG2Z`yPn$wd_YHZMInK zld6J>7IlN_0|)(H2H7|$`fAB-6A#hKQ|+`G;@R}~Ula|kbbB8+)(;j_bSG!o=)~J3 z&I!C&_L7kw**TAXpV8&@R;6J=`s`p=&dAftJI}dTCq8+1SWT#(Mlg1JOQ+nPPfr1| zeCMdQL<}bGQ7ajuzuK5F9(*4~XcJZ>bxn;(QjMsQGq%045ycSbe3V`}{4<^gylqxw zQoQ^5RVRu=6?9*5)uz;4^N|P;P&RS>yoo5k*&Q6b`uw+R*BuT;)?ISagFg?i2`|K7 zXDQQ#OG|$)86SC)cFh_wso>kg)RLpB{qwUqRG!w-sY#re{d8rtIEm#g`H$9U76f@g z{?H`b)A$SfZ5%?)w^Wz)+!Fzl#d^5iPjj;jefZNH`DK{T#X?{fLv^asVV_Kcr>aSJb$KY0& z=I4kZRYb&bb=%R?E=^_7^nx)Aa>;m~=$`dabvjc-W-Sm-f0BtYH8Ue+)qQm3Kepi} zgwmoMHI%AEn-&jh)o}GEkF1-s21LZXPotWFEIs%yOWdE>kDNSP z%==jK?Z{ddt1 z4NoKA0uS^H-i4YEwhF63U?R6c)gwB-XXGlBX@NIiFK?MgTn|s|yCSvqI~pqbUwAn& zM*6Fm4oUKxc!8G2_r(3|=<2)QYisjKZ=BlPsurZ7iQ=Hx9(0+(nr~^zSE%QEIy#mR z(IMR#QDkn3&Uk8O%JcJMRa?K-1OKVyYF0=hRyIx>;E;`f$(Si2ckKYI0+NU~6m^0ezWCvIzjeyMMZ z86kN{!stML{3ecv4l;^KC*%FMQj1(^7uvVsCn&p zixK`(b;4so&*(X?nc4ngx#hk_kwz`mVx&3eEo~x?&9ALxE%#(`tlG`H!Fk((d37h+ zV8Yi(THY`izYk_bOsM`q?bBe`1bI*{+45e(Y1glOW&63w!OB$u>#|)+7zv1yzeOr+MjZdrPsN}ckb~a94Ue-db)MuGopHI5OxwDnr z{HVCj-bP#DVYI>&OgTm~Su|ko>=?&l2=>qVvIv-qn92k;9d*8X_0Ra>zeJF0*QnJ8 z-@46;G~m-yoi8g(h?{&|eloM@cMCgn||^{Ol25i{_^X->UCE6xecknNp`!^^4cR6 zb*P{>HAVAL#CtZ=^L(H$lqldp2@iA1HXfS#!2&?#WJh$JVfFJfCAo{ao*o3Ue17_tl* zu&o5Ojcc85G=Zlkcj009Cew!0=jDmN{L`PkwD*=w;u0^&=nKZ(&$cc0%{-kZW&KO} zI!2{Qf7!~ssr907%JFV5ZU`}n%(iW!9Lep^St&;`J}zq-Q7g3zGtetGs@4?NF87Y} z-uC#Wiq!n+dAaIQ+L5eMv)X}L)2D2tm2Q*x(MDrd0}Yw=e2AKVA)_(mMauT{SkU^T zVKL0Cy{xTs7{ZWC>CB!5>4j~-3ETsgK#dyl>;T$>MzT;e-TvlCzHFsBBSVm&*aW5H zMy%f>6zsD|g(#ZFU#mHFg8UAyWqoGy8ZizFi=(ze={st#o$3GB%!2j@CE z5)ja|y{$)`0B)(Bm1P`a$zqLHcSYNqHbJY0Kk!+FsgmCcMVTbX~M9>9Y zjK32tk7N_~iQHf`wzZ(2B3|QzdcH&+7cfW#cGsS;_vtsO(6?fzx6Hb!Uvv;xm)w0? z)0e`j9S=&7+;T-V>8kZyk4|5Wi){LT14##~)!2L4ie9@>cn+%nmLlTCv z<15gL?r(id+UxuLK$Mu@W>8?|59es7mXX)ah?Ya6?CDy+Xk8Sk|ISLw?ypFmYj&Dt z!L(O*s+rH8nS!1*nl6%zvt?*+$tQC)yd82)z$AVH&_R39@?2)aK@5SZr>8*e%6}Ci z`)yQ?f8Wr*r}5vO1Q_i30#s4N%$i8^?}6&z(T_H|`@suN0{Wr7iM&ZdUb~PzNk~Y@ z?KmSe==0xG{Eh(S|4Sx?M@ZvfYc}8yz$qZQ7TEj4jJyn?y_U=g0ycx6Kt;9$@!EbT zE7_2U^BD8S<@e)sA^yKB>fd+w&rk~(XDyv3e_A6?(RT?vG19%4Wz z<7Qwb4ERizyLT-?7z9cYx|3v!ieT@r03ic7ipC*SGPmo? zfA9Gw+ABo9Y^&($va|Nq6{WQz(9UxP+5M8!+Zb#Ult5cU?B28+vx=Ns~ZzN{UTiY0|NtUS@Or=lm_=#3MhfL zwv2Y`3Gd2lH+b{*M6;Uy_a*te0zCfx?*D$)bDP|I3Co8YuZsoxhZ&WmDjbea3IMw` zx_0fN{B=6R{xJXS`S#z}q9|f(nygxEMyn^?Nl%vwLk%#IAWXa?+qq>8+rjewrW(7$ z8Eh^pnOCE0uCIm97eZsQWs|uQGkyB0OI9qpRm`NS3Oz%BQ1Avo{R6BB zr+-$;;RhTI6F-)VCd-(pi{Q+%sXNHSdi^TP zVf&UVW5UbB6QR#*w2wDsfmV3oe5yL0r{FV~|Gx)vaj?)%Yrol{+Nd^qqQ*JrWJlgK z-P>vN3>~(y1J=W@LuITSeM{vGs>*Y67*_0EU?>ZU-(vl$VRNp!{Drnp<;DHp-1LiO z%!_buF83RaRS6e8aZTE4`a9Uuv-Tz78g6TBQp$%9xCk5{Xo1i_T_!uj%gVfBoH1~O z{2}=F2wb~!ScnvCN>pu4ghx1Qh-2LjR-_hD_G$3=^V1NqzCM0%9+L>^XnFwjNCliQyzi=avkTCp(p-z1N-PCXgLUbgW z&Y&(fJjYpPs`? zW=3a}Qi7mbG~AWYMHm}5L%<+>`zSwQ!3+T)-CIp(ZF^^EBFR8)#z9n6RFLo4N;HL< z^?(e4NO~HYRLm0o1xmt@bOtD}WK>_%%eW+?A`zUe9B^*T3nXUsgsqX8Nvd=gN)Sl~ zze#7XowGd_>L23iy|kEtjS%ZL445=k^4U-RBW#Q6A%r7^6vhz-0XN<4Ht>1}f_#W2 zy$GmX;SC*Ko-?2kchS0m6@2n~a>S@o{^hjPN&LU_rvhIy^eD<_r)({u7b$}#>$7#Et(Y!tpPu3l_Ju_x_lgH7$dfolQ+T3m=1yR z=;EM_VrF3}AtHh40s-iXqFM5{YSf5c5V(wOJXV3JP1p^|uPa0dhonk61NQTw5!{Gp z%U&4+IRn<7DWjL1c+JX~4l+_=;`>zi;sgW|iwCvoUFi&0pQkx2aNuT)u91a|tnEWC z94+m`c#DjIU=*MCy~*{iIX zJcYw*oooLd>;kR-J=mf$f?gGT!$!o(GjCjX8Fb$L@6_ua%b3ZHmKgeHA@Y)D=RYmXQFUzRBleL%P0#t2|po;*}fg1~w{ppi0qyXD#7T2k_ zSR772vqTBAy4C7L)sKdtH>y$)v3KO6)=_2T(O9&~a&9QIbUvl(aS`fq!Md&E z@+#rD?04H^7QK!cztg58(`VK1mdBjujeIsLx3`_j$}SCdUm~ZLIRmebAfqX5>ZtX- zx?4Wa#g=Zb;QhZ2{b6ar3dhd9&kSKjM~zlDVvsb89+D>+ld(jB{V58X*H#6PlI|}7 z__>(yhc)yBV-x$7BSE=J!YZnNHOP0jf0D4ae2g$##e4%=NEM=tj0|BRq2X9qJK9xF z0I9rbukQi)!Q6%-j*gBPm4w~SThP;fr+wd+y50N78?AW2-;2x1ut zthh0>j|8f8Usq(`&}Xmu|8vff$6v0A$wC&rSb>>aA(%3nLoQ(WbS*Z6EZ!|snW(qS zKEVw8whob`PW+oYX2EnaEGAJA92k*OJtZu?C5wGliIxt{cY=u|HHjqOLO(_~z$l0= z?!-{Gu(BaN8PrhLT;A~63Q1BV{FiT4O}LLXGE-^y&igwA#&Nx= zL@T-$`Tq3B=X|XphOj~F3Y^9x{o>Kta1DaZeXqyfK~4elk7Y`38r@qqvTTspzkY44 z)#r^!E>l>#K(Zq8Qy^+yVDR?;u9sk4$&3Nl_3t9*&0k=YSy7SyR;*4}XoDzNoQ#*TZ*#>`Kp=@!_j=I@n2{pEtHaC|ra*LDmy2BMj(`E+D#$SR)VJjGLabCxX zD&oFA2E~J#nwp-J+vPPHS_xr5XQO^##dEGWLpyOR;UnIT8&nm@aAgS=$zy@^0W zO1AaHqDYZb1paOD;C6fL7S`==R??ZagOQ!GANxvh6q5R z1{niR9!bIG;w7I}8*ngocT7i<6O2pk^SU?Gf@S!g@N-0w>pDj7*8YC}WC7u&OX{w=@vPxvqXo&*UA<5LS^A>e;uOAs(^dj-;`j*gBW&k&ZL zT|LKM1qFpj`%%B`oUcN~*RRyKo~IpCtI7H+x6enXb4d=Q82SfE$#eO5ZcTk&-|H8p z-)R5`I#)ABZL#5cpdX)+io!%AQvPadbyqdp9h9-e6K{jVf z&;lY4i%Q+br8rYuELuq@sXpC8e)3X1+tpquIL8P8X##2FE3xFQ!8i zOBzFFT8FgGrOkf$@N(%9R!`TXZiB3?+J3r&0~diatK91KT&wM&E}!EBi;Sv@%G=ce zyVIykVBt)mM<~@XX^fT#g@|!ZuK4_df>El`-lIL~b2^Iub*e3YrNg(E08;Jcb!-K7 zIAIJTmOsMxWRMI20~Q=!3=GP>Q-ylRsM{}T{K;r&t|43CO@h5BEiJ91)^x$BQG(#& z*9TRrL$CiIp1v}w$}ZaaASqHRDJ9a~-6CBQhvv}T-Ho6~DBU0--Q6H1Al;30hjf3N z_ulXRa14c^!o#!oT5GNu!uYJ-`JUD_T5eqj$){8Nfp42{=GxY3?dWh^=m8T8*fxuy zY;0`}C$XD#hvDGh9d7JMk8`|7fiUSQlvIh-UJ`-Kaqv)p=mY)vbK0aOFp>ekjR)Wk z1=g~Dt6!)sYrrR-Lq>jzxm6`ZmE@N{J69(jsm!vV6vf}Gev=(FWLVJ`_I^AzOFxh1 zgve^diZ^odm}uAuDXnK)$7i(3J@bPD>KaSLYH=ADV3OViZYuuoVAil&nX51)pfIeb`tvyV!IIR$??^i(tw6 zw7poWw^;ki+-#2t6|JA%BHM}RXScZtPu;gxPb4Z)*a9n;y|w=y0{l&iJQerU`QhDl zL4gIOCz2IMa#`C=B~^vGxRUi~v&YT(*}Tb!C8ubBeDrWenZcTgCJfLvZ_o+h+Kt&p zIczF4l*h+hySf4S3zLY)9<QA9l2%_%V9fcvC3qib?#65dS-3JwxfAG^iAkoH9k2 zWRnN3x8PquLjrsW{e|Gt8 zoqqxbi5s+^&2vceN5?kbRNzK2m|QjO$0dv8KkBr&+FYjlNJ~re@-{#K+kNKIBB$%Yv+aTAObUAN+jl00=Q zkixNN_0J&w)f1|f_5Zb*j97Rh!Jeq^X#iIfFn0k*x22`CGlf*hy9+3HM}8m_O{$4n zi%Vnkz_b+$L5wO5(0_Pd?23a%fu)c*=Pe2#cb>*GS{Y6^3);cJx@kfAJHx=v^ccwH z9W<>94V5%C{kdp+$&zA~_3%u@7Iv6RuLH9^JYdVwYh(IsXbZDNpC`q`tFyiiYi}2c zkPsWMW*B%qU0I4+( zIWMfTtLv`C=JtXNQ&_-tKO4egvdd9}UN=xSl|R0Nd;gH4{S&!|hidbPQM>NpVZO{# zX0h%ELnT9RPpM#vw{6$wzuBZ7UDjN1{@u#X4|mtgc#O7_mEFI;lWWA^IX}^@-?wB- zUY3G#NcUtJK#l=SO=hNP zmUi_{r#I;;i)>czrA|$1=y%NsdHIva;%c`$Rbcq7);OSk&FpGEZrCNZh=X`A~ z&xxx^tgNYFU<*69rvolZkZonA;M6Qy1xwjSW^J_7vkvXWwS&^WKkR^9n+wW5PyB0g zPg7hC8KTn|O)^LG7M!AS>kq)G4pjs@7wKVXP2z%`z}brHpd~i>aO+^U#K_paYQ^Gp z=tDgX7k!;br&DI@NfaxDWj!h8sp+&0ypt?wLvwfE=6BjU+nrrI^gqq4kw zWO|yLntCfK&y34_L?3WR#FbKUdepj5?gh+Nt1?PTsiCSVM-R6ud-067=R4>S6;mNW z^LBsfDEa&#TV_qWmViXaGJ6Zz0NAS}SR~_$za;CbEbcQNGv|nS!wEbDU*P&)18bJX zZd#^+N>cA*U!8@a4SF?vG$diYWrFcMPS?=JaC(kPHJs0H)X2hCftv*w<2AqL?{V!e^XhyBO2@0D&a*Pf9F?l*jLePKCb;SH6|2UkCUKmga!kOg0L z8UrjqiKxRApqV9czACY44*a~4uMs+Wdz(xK;*l|*KoXCeKS}S3CXG3!W^0yJ{eqHT zG-y+FFg>qak40=^c;iz-tBu{)WA9>&5Dr*o4R>($9|kK=MO*T88mYw9U4O0Ys)?## zs^OT-R(n*@glX5>LJ{?A&?)Jm%c(R_=7UzRYdJ$hQ3Hcn-~0it*!S@p%f5Qp*w|-N z+D@ABE+rQvB%46;P-{cj0+i|C6s7ZR&`$mgd-{n5-vrSY+8T~&J`DyXzSbmD;ZM}( zVG1fZk-B*V0M-Jn@g&raQAyQ!v56Tbh=FMbl0+Y)uvGsu5q!NGij(FG9337C&$g2oqsm=oy`5HS;*mL^}N z6`>YtUjZqm`E0UNL4M=mm5j?gZ%A87i*kMAezr}dscNj(U{EK~DeviQpI6HWCt@FF zHmo=6v(j}kzSSZi&rTgBHT?V9=vpn(NLC2fFxVrWH3bc#U&Cu2w#hqnXwRhEvPdg~ z)N=9oGorzHHD}S_zx{hPo7W?}K-MUpfbkNXrEdJ9Hh64tI7rp39Myl#=E5)dH}LLV ziIOVgrSbBQt1(f?7f0&Xj@GVC6kz~+$sOBjxrOcDoP)2&8Q$-aWU;B`c%iBkkK~Bp zuyCx}aDy&#O|`QgOt}^u0>e&WS&4E#C#?+a@U$If0~4CRDokb29sX{1TQ<_zJm9U8 z%{^MI!(=IiC##(xay4oJD53EE%{%~E*sCf91O>9@KeSxkIRRYra!Q~W?RIqy4+IE5 zw)&($PP3!@z$sEIo395csFL=Sg1)Hyy{wFR__XkJ{X4k?h<$9xor!+vwN3aD0$m5DuO=qIY>Gb2 zutMWOa4!Pb6wX=K0v12;*H|{^;If>^KSaim{#9cq>2Winh3O-6cb$nhrOcq0`)XHO z>YUTc5b$AVtpWUjE#9ZtJ3t?Gx%&xdF2Tcmy>>Q*~qVTO#A zs#IH9%YO7P)r%}Gp@^H)^@^s^9au$??!S;bp?xHEFtnEQDDM)oBR0l_HWDloPx zjcv3OqXpVWkW$LxxGqIAd`%%go-GjpR8Es25h)Up_!$4eB@@(dIF9Y6stX1-Iafm< zfU5;qMGC0`xxUT1kd-<8?*7TpR~SXW_muPR@%M!V0m$*`>DTbj`5xB{1Ff7}gBI+M zlmm`WyJk|acQh>JO7@*jeOr?Wf54DgSye^4u4z!A0noc12OVIJ(Lex*6u4l%!Na?p zF^Za0CN$Q>6;~=6uON!DyNm3>R}uNdVU0C5vTV(^j-vqqm%c!+=0PBZbSLuV_C&3T z!S_K^C;YRy+V6weTAbRrgbDVm#dV=yo`r2`ApVGM|te{jmM^tD;9PVKF zZ{uA`i>|5@1dH-HO*{Uxd+(me?V`zJ!dl|rzlZjgSSx{OapH?u>%EDKr)gv%YG(wp zil!3Q`@$fmJc=*T2oT(_2Y21o+f#$lLwd7b$H8@Znq||DL|<9A!*4c<|KyD{AfO_rx4R5@O`N42%yG8Gi)-*_VUzRYe=wot(*eAS((_XijIds) z_UKz4c(`ksfzyRDy2N+g`RrePIcj^T+%EuOa(_GzaHM00^y-g0s54B>w!B+bPQ8jk zPZr0M+1S}ZXd!qS01RyN^?};`Ihd>EkNpO0QNVN8t-uk!A#d>GUmkiXgpH{EaK~^t z(WCI7aH*ygO$SwaZTO&}!>y}piP2O9HV+wII~)E;aHK8V%hSEo%)&>4A;JBrgApIg&ajuZ5u`mAsH(1X5v--E2kS@f~NCj8t#Zg}68yvL1Y+ z$hGD4OWfhpz_)T4tYX;WAqFf+vPw!~my>bMT+&ZT0AS1anwzWj8QfJQ0bLM&H*Sxzy|JjeH7+Yp$e3wHl&+P{&FoS}8oBcDO!oXTlG;K3ltV z;kyhT2ieA*dVY5obA*o#p672Mpfv|wG|#@Qb4vcK-B2=%1DilQFwxejxBp=?Ut7n1 z47OcGKm`rX`2K7aF#pw&9n7TpMk%edo&tlJ_tW;pzas<=L^f5tSihnv;6-eG4LU{I z0$TWHh<_>i6}Kd(moz$%aOOeRaCS$^50 zo28Y($ot)o`cZ#uZvv$?kYV^0#4BUDqeYM7b5KZM69NCUSzUgV?(4a~dMdW-?fgJ0^%-tu~r-z3x8_Y~wZ#yJ&Nyt%f$~{hTCqFSjNcfCDC-VRS{{6{G zSk~L%r@*p*1I%#kpNM$R%k3F991&9N9oPIqIb3b|=v^JHaF`F7^<2sZl-ky8qv_!r%8G0#k@eGoAo*s8pxBE%ejTrL;WuOvq@BC+nZ5$efFODVoSb9_J3i>x;!x^|07-1y{f%r59-n`T>@1ky5JmOz zB_hOh92pejpOgxz>+(fLK<5fY$O4x!W8f=IyyQ)ZvsdR=ZUOF zAR`kAg4PK>O#b)S;Qt@3Y_B@u2c2gSfL+q;_|yFhFyC4>H;u0^~KokvMtc+TlQNp|oHy`c#i!CNEfmy{`mYHvCfnrn=GHrQfHSLs| z^&tUICFI#RirG%)i*@035RQtv!p8y-LS_mqa`Pa1&fA*pxi`kd>ol$bZPRJu(H7Js`th zpKR%I+0KDRdZNTC;j#H48Hjfkg&!*oPUCT8A6I!W$j+`*R6NhO4cOka-T#$@d_J7W zbt_9>X1H2)HBrVs00E7MW(MI2cP-Z4g_B8|nk8DbiRZiYjK4Z3tx0WGORT;Z`@qA45ngdrJ%GTGjvxh+p!0G5QZpB}( zxK;iR9i3`M%^t<~Tk+4{fg%s((xSpkh{sa7US7rjs&!H}Da}DQ7d{9 zL2w_h)eCraDwj|H(&}zus}0$$+BR@k*-^qn_328vWe5mJ&DR-^^?PHWzH+dl!v5tp2+B zM=zERsIXNJ& zwl?TE}?mOW@9@>Zhxlo+=d;i1lcUR$g?FT znhAuxFI`M3yBP{_6ipQseDC`Dq7uCN%{f}H{Dxb=uQog-P!r({GR#mD4uyksV{wwMO;HZ1xr&tzK0`d5o2O%E-` z4A7;rR|kIU%Lnlz&F__>Yu=O^A7G1riDnp((T67u%d&Ru?I8c6?Ml)Z|NS6L5Dl{X zf+&k7dNS%ixaBYKJ=cMI(Ry=Z{jY(v?H)KI599fAUZ!0y`_$Oa#pcx>0)0+a_wb*@ zhu-L16a&uEJTa`uG@g@t^^JOeFx1|M0`MF6{(9PIt+!yOjZupTFanzF22cL|yRkVT zRWTE)vOSlXM7VAPmx{%})b;7ozw>ilVnVALt;sS00rwH@qoD*7O&SQM*WVj!-ALl zS=ECZ;uUG~O2{^j)2CwAiefkI{)yoQUITd)@LN5h~+ zkL+fLH=IRx_jfwW5x~<=-2E!tPw;Z)%0Z0OH(%*Xc^OW118h*N&i?Gmp)Q!GG1OCR zu?y33=GapLNq#&aAOJ9k>h0mkIF3phauNQ$S;Q_Vz;8FK07G!&Xv6yhO$ZU zhuKJ|#n1mzgJNY)dz=R=e&!ZeLeEa&2yeaa=}9_&9>?7Fk8Cn+dRR-*Huh9mGXqQP ztMA;1>tSP$_*cB5)|!{VoAv?lU_i<$$Kcywo=Dl2Xe~<`TC|Vs=c9k^iFn*UE;>Lm zff8JD+GLEQga&n>l3FpX5*w#s`l1D!qX-m#z%BHuteQTMgnt($6&RaF|67wlV)*xF z_CvncIUWSp_d(j^&@K4eq_Re5<1U+b@%*0Fzv&DYQuz9_78NBTLme;R_Og4VYaL|u zi6coangY&$)*5Ur9e|kzaOevQ3%j{EpqCyyTx?>*9jJF$3zx|5R^B@t{NMa>%fRs+ z0q-joi1V)M_sd2=wE*T-Hej0%sEMHN+u9+CD{&0+q+v+E;+!+g=)q?Z8)xW*hy-*e zC#5BPk1LzB2Z6#T|5z#*ifCkf4PH8lb+ufJDaTe;p2D@yj|XGDNAdDV+{X}&$AOsR zZ@++O&R$nCI9c;b4C6!K)!@%y&C!QgsS-gz5Q3e%DgWk~h^J|3=ig>cW{CVaz*Jqk zNx4(d#MPSKepaEzm^@BhiRE~M0f|hNS}MQyhvjW(NOU>@%21oXwQFb~cG#-y8KOOr z7u(5dRvY)8^P7;LhZW4Oxh3QZp%pA zmI#n4n2*Wv@k@+QF_4jbJGEdjEI^3!^5oR6?fzoi56T$-ltenPxEik8CgghWc@A7; znH4c1AF(&KmVF;RJMe6>v*GlY_PG^P1!@c@cg;-Y5==Z!05`TuU-Z`125u$y(M!lx z_hj13^(cf@$otHEdMJ%jdJd2Du`G#ww-ZY$n#bZ74}_+GYf{HdtJXT{NktAu!?X)r z?fG}J=9mO06ET?V0vQ|a>g*NyGz!m2rIAOO_$ZIr@bmnxeB=uukfu%pwj^ghU4@~V zq9GqPCc}>G08t@tC81<0Lraht)bdbgRcPH_D9kRcLqF}@J zaGOG!kYMJr{4HPPn(yPXVv(WIqfX`7?c>8ll~*0DqQW6?8*Z>E%{VRJOy%=29d5n1 zif3-ZJnZk!Mr{Yt5Izny<>kPrNIaf4xpsDeVDX|qPE|U(7`SG9$RQ-uBY>;-Wc9zl zzX#={{1FHQkZYB4Y#@H7ZcxU$`Z}JtuANUDWBflTzhQYE^}Xp=6#NU)T-;j0&cLp7f;u%U@w{DG00NHQ0!bH1vdD-D@nFN1TRrcgzD?dA*u0KcM zTldJBDOy2u@*Kp(Om!BC^s6=Q74wp@iA%H}=_-Xq7h$Q)M}>cMUdO#6FpW(`l({IZ z`x9i^GwfS)LRb$-Ucgi_MUDyz9q8}3Z8}hEft8)-U=!_5gmw9bW*sO#XtX$>S%$LQ z50WQ#kF3Z&6;L&`{>02eOJn04T*0x!j~_mK_+9yj*Num0Z@MId>)?)W`r_^dv%urs zi*(u2md#{L;k(QsOf^+iknd?XS6!gj=F9J9*v&;rZpt`pCAGYal<=drC)8!Hj5jX| z-4n*he`#YsV6S!%>SSBT9}eYi*2+PfLr&3Y{$1<_<}ur4!_VHPQ6BB&d=!nk^818g=W6jh&~s5uAAfgY|zTKB=--tQ0E{Va%=o;oegmWH2ni$LL<{s0 zhmEHgm)cyRH~)V9f@LFN_bJ=@ZUhh~Q8jV4E$}+d9S4EIqs^Ol=K4NpxQ&1yW@d$f zV_4u;2PpeOlEh=)uzG83{tydDp@$d^w!4A| zugVSjhnd=v{Q9erznwmNyYZfU^aFa@=Z0)a$|}m1y%&E>$7|GeJtch)3GMt6C0J%^?*3#g}DNE4JC`N}HgFrwWZ5_ljEDTzxI33}I zZ>=$md2D0Blk{wmXo)kxvI<#j-Lo)x6Dsh;a-oicF1-fq!9M zef^VM0FYqdkg#zbmyCFyPJeLqXRsom4`cJbvj5usif0385nF+^IuMsE zxUWTsGKb7sM@D>we>>n>zjgJo0mhs(D50I(Qv9nwQJ;$dk&1_?ax}AUj!s^}C%D`D zpEDCXTTuzyg5evXdOZKm-pXo-{Z^!O-*Z;-&~tQl0!j2ex3jLK)VnO$mUI6gGoL4$ zcHZf2F-g##j4%_G%!UrNv`P;~gYmAEY~qgJ9zZNEzl~}vnyELr#!|2@7*6fED9l=L z>=M8u)kJLrHMV4N`?e&`Vua$oqL+B#L%Fn%02Oc`Yn4QaIKjwi-SXqL}^*>Ga@v%Z=ZCDFq0%eXW z+s=nlpW7(<9HXzpDI-qmGc)(vm=ZXTtgW4mR<<5gCB2zF#-P*4jiQ5Bj7<~Djd32W zP|h_hQl-ZhEsJ8u)=lhLjb56$Ru26W`B;Co%s44??%8rtZm_bs+XvJMZsUyElId=@ zjCDB_)Pm;=FV1I5F#K$4Y9RsWqF7*s!s^)dx#_UQt}jaX{=NfwPjfTgCNyH*nUB=- ztOC5&+IFo4=-%|hrNK}^|E}O9;!0>poxlQ+xpDhfrm^$-@0Zfi z#+ny5sN539A3k`9Bl4iWcwyNa2SU9%k{AZQzkDf5hFeh) zXb`)_n_l3pUVYdW__nL7%a}wUpE&v5hc$B*$G`~m zd)wp)7S$)k6JjZV9q$bg=s?EEjT(pDYYfPRGi(U%l&Zfp6#lG2XDKMz8qI!?w#i`DkD+(@8sDg}pPs%1 z5>E9RTx{R;GkN{3q@+GaeMWg)-sPNDk4V^a1w^m9C9k8=P!jLGmdl=SlDO#9Vn#Q< zv~x`-u+cLxP|~t2q>xUjwI&drav`bp=^g5ep?W4IEB{h_^psH%l<<<`;)N!=$KB3yN(6q=eNxPhwE4r`{$gDnmn!FkHIzn>jpI1{NY!17~qmZVhr3L$4z-VV?!2LRC z%J1;+!$&qc1_lOt#?W`YhIh*%E+d0w%>%V49T zM9Ihw{$r&<~e z9)P`g+~<(Mpb7TVOkr8$JE@#brgC!O>VdLma(-)rb>Q1rwAH&9ue?F zo@KX}5w9iD;Gs8?a`wK=+OWci-Eghn+~o%^%N9|p_CeuF{zyoX%c6OH-Aw|S|6}v% z&ymdUj!;d@ z=|SkRj=LChw2}+`+=3jLn@1%_z#R;C{fQFPzrDrms*Ux> zgFMf7zJ4u=7@21aDQL-uKFG;D&3Vyn^@C`&7X2w|Sd)ta>$Xc?)v0o{A-bm^_BviX zkFlnbs<@J3THn0aN@C$ZR`Q$PUJ0u;VNxFF)%B$20H3B5c_byQXTsfmD_$ILK|7LT zV2-i!20^s`elunH@fcvi>!ak7@$vB_g09}b8-k!vpSvBi(nQX^LVDAq;XmHH4O;-+ zB<|60R9=nLZ34b2(TU%%aB(*q=t4UIZj6yRX1naS(tat-;Bodh6cnj_O?Ex+4LynM z3fV1%7kG?9ad9rQXFHH^iM3)`W}lNdKLYd+CS5*ey=x}}rSD!gSu_gCJbz0rmt;SG zE%KZ0>)}foqQvmRYQ*PD8=BVhg2tOLQfMkG1O9Cmjh1L+dckLf3EosogoLBVTXf_L zyQAqkzxUolhl~8bIy;$DeN5mhX_%PCBxoip_0e3L)`pwAF=A!1-l7K5poFs$3dg9k zsw+YBvbHrT>^{_`%mH^1TUh$-aQ<&8pAy>@y}{efRNKX|aek(Ii`gOFCO!9?0?1&E zD=rAo!q9x!KV@c0b$vJ#1kqlzo_(M2%yvn3-ZkVIgQw>=s0 zjDCCP>U(;dxYnT&KMHq+GdxWJm-VRSJVeZuM}`OjHbryAe@jlZJuVQ7S&Qoc`rYai z+M&Oa3Va2>bQFYwm<;eDg4UYL+8m2H;-_5F-9TB}o3k5vLT+kGO2u>m>09NQg9|<1 zYm?KTgPuW4hvm~|Lemh?4+z~{#Q^VJprmk?QJnsT2B5SF2^LqrwD{yUstDC#aA!0> zcq$Y;EM|3s%E$Q=ljA2Q!pd*{LTn;VwCxnX>UJJWRU@ur;L^zNyPw!+tp=Smty(;t zZUVU>g)MO|XX^!_ZCsMcA3v&PYZvrS3P<+8a}Gh`lG2R7Jeey5}xXDLCU2Y7>=O-*2& z9PvMrx*u3k6b!157)AS^8=~nXWY4bgL}CbfU{8F;HZkjKtm%7u;1(A4mDKMpLtYir zY%;{i$jIwryTbKg?qsd^Nhhsu??S}8mFfh{zFqB2!|y?oF=*NyDk`3)RFvmX$taS0 z(A9$?-soH~T~7JLf2lSf1t``OHk`gRHXIKfJ;A9j56sIs6)v!y2;*AL)mO_=XY+eZ zt;{WY)o=!%Z+<)jJ-=Va*yJr{Itn`>4s@~7MlY|r>vZVgey>ru?tm|!X7?m!RwC%Z zSgmxtVEde}?A9f)ovt{pR;H=Y5rnjF375@QIxYWA%tz7Ay`M;GMzzZAGyg_0dKwf> zfr}lN$`_NM{;^nB?n~B+Gu<+?9-b{L;JT;sq&1m#x~3^O^5KMb7J#!-7?#Br@FlC< zda@_NZ=W?KJoQwjiM*|xhmOs=tDyxoOon&snfK-EmDCr{*zqGE`;2_q1fZ_h28Z}x zxGr+46QYG&3g2x%rn}Se(OKSfv2AH=7?3Aiu&urp<}*pIGiCg}13 z!FbIcw~p8NVA?pp59cNOuvf9HpH}Tzo(TjTO#WOq@3X(id2-1pD*;|dtZ&f3GO)Sk z7oWYzBeT%`jJ0dT{>jMwrF8Vw75i|07@x_%98q{AcUwY1c%Ozj_8 z(YR%|2hCteRmfAv4SY*eSST5+xtn@)(HS*(}*@?c!xARDt zNgHV;Iw=8pDbFU(b<((Qp45BWphp92<|w3r_EyWhN^+P)v~L3>h+;G?npU0fEK+~| zM9O2o^85Q%iRP)cwcLJ`Y&?k4{%y_WfCCz%XbPoRa0yT=B(h{~b~L~NoxBlS67Z%Y zB_Mc7LQ+a&2{f@F?_z7gv?`5%ec`RGsvz~Y%}hU-3XW#0wo2-jRy}6_;Cq3sAxKrC zlm-ETLhjomyo*inABm@mAOFbwkt$$dVrDK5C-gK4svEMb0p?5Ud@ZoOhm`nuF4uhx zH|{eGYI^cU7gH)hH}|f1{1tn?QyF^lGxWp9qVb(2pDi0kzaXnpK@^|lq?$?bD z49KOU123?paFomr{Z2Q(31SP}&8*e-%S>?Q7LDp(UCIt~vX$w}lg_{M(B*Pc0}pp) z*3YVp6u|hf`jz<*n@@#>BIhxD2{0~|l+b$Dsfa#Ge=zZvULSDx%;2c&G;BA0VpK+A z22A(V$Ads12eS;KbQ}T`ZdMy4RbdM-28=b+c?<;pr)QV}auzyz`ln}%YzM%vlNte}MP|?kXlXn`{L#)agepq(Reg1q5rH^kYRE&ms z9?s4c`E2&}W_bK_$lwK8K(`N`mp*HT|srz~dvbS$Ju+<5#=n3!es^v-6 z*3d{C-$3gCemhJ|V$ww($v=?F>QFZXSJL6oqB^L$PNiEkF@d?)PZT4qOf-w6Z5i7ZdQv`lr2{Bqd5=}rBZ9~ zAzQ`VbH?$K`T!~5XsA!w4_Bx28_<^0m(_zb5pSYrmbC`Mm`LVDusyx2!D-m@F=Z9f z`lBV}JAty5sy{!*F$h;SwshgbN3$gkXDSOAedvedxt?2ro)W0D-=ctWq5y&^!2#9O z)C}F;mcU3y%Pelbn;Fdp?u!m|VG4OFs+7Q?m`m!u0zuS$9nc)C7wQYdR6+7rv+F&; zE`ekDi?3h7n|QSngo$8cY-gh-)1x6RO>4x!#un`aQ&t`W8?!I3sSvE(Cj0`I?7!y1 z?LFB`*3drbe7c^mp_hs5`b zB&STM7J2nX2nerSR_*})EaO$b+s*3@ z8H3!Kgbiy+%;m{E^^X^_%ZpxwcbYM?uVUF|isii&1E%d{)J4&Tc&D@-C#gXA2KKdHQ@|1?W`bFjN--^2WX^l z;lOPqy?YzP`bbFhfb``jp0QoX74Qhh9M6al(@?L-POv@RxHD%jYHhhaZlVwsrWgMX{qKu5ya~gKQ@+8d91XHlzFgtrNs(WQRg`kULCv0D(#> z8h@oVvK>Tg!I@va-$@Ziu^@47e;z+V)Sj^kvE}sDtSJOvxU!+4lkcr|rufYf6{k!2 zX5N?BrDRu*(TbIDoM4pcp1U+zI{pas4c1b$F|RvhM zfC>ukPVo8~f9O(C6f|K=dXv=sT2Vmh7IRjzZ{q3dQA3Kl9yt7B{v-UV8U=7>*b0yaBfC@yPp~w7nuyf z+kZ1!r{1r}v_{a=JSP+rnWtNK_43pvOCpBsvH*zin4|VjY@M|A5iAdwjpEn&RSNQD~Hz} z%>VtPvk7;=(4v$xE)L^p`k2*}{sQ~J*QJ3XMEg%c?IN#1=Pw`t7_D$n^1lbRgLJOwm>9xTkk~B#Njxr&t7#DiQ=^hr z*7VTy>^)n-C>_8j6mUOY=@2DM(n)!o(aZ(*yqJPl`kNg=fC@hd+%6btCwI;P2ml!K zyW>r6;J*TYP{@lZG=DwF#jsbEoLL9g;C(k5I#-S!&Z-pMjHId`&MJDfBK!#VHY|%m zdgCj}%YSv$XVSdQfA#-R4ojd}U9Aj1xnq0-^KW9}wkmdwr#`YeLHJh%4bMFPAbQS> zUgo-a#f0_T#5FeM9jkfgH>6V~ZJVhQ+}j>CzlqvaLmb<7ZcoT?eVnIZ~1egM-G`;SI~q z%s7euyKu>x=X{nz>ciE;QySY$ar^C`Q6lll2+vQSxptfUj94uiL$0jzi2Z%+KU ztj5uk1_6{8sUz8kOl=m6>(^?z_FcMDWlfG8DOWNH-`|i>ShLu8BVk@K)!o_Ev0mEJ z9+%gSbbN1>?}JHVT5Wx+U`HguC;Te1cqbkrN^skIf@U6A6!BTc9F!9)+f3}_;^~=> z6=A0-aGMR8iRvA=OfP4ipYdsfL=8P}p}HaCxtujE4%L{{R3cJRVZ$qXAUpl5tb|>C z^1PZu4r_tbdd8L0I&i7#6)vvYW7nsF#{-_~tkYxL*``R^xVVN>(!R7u6iDva)M-%2 zMBCKMX4fmdc{%Nd*BG-N9MiYD;)Bc;sOlIFia!;e);F$jYpu<6@{2_lWzeldIJCnX z>W`TEh$AFgKfn*z)+}`BR3ayWv*e9r5H2|8Q^i2BmCEa63XG-izm7J!*+GE&RT;Q$ z5AT_JW^C#fTX(0SR%+hru^HUP>+9Qz?koq?1$_Iv9({XnxMiWL;^Hnu`1)7~-=Vo` z&^S0cbsWv9pXLQ`4#VI;3WF<;@$6yw{C-@V!t4+)!Vfx%eN@yJsZQOr@cMx(7&z=m z-8<{hVGeqQywzA}96wIzsC9|N(!L3Y@kqPruCG4nw zcH@F|$Kt*zbn_1pfCQxOucK}~FYO(f&+eGFl?Dp6##UPokIOEFkMDZ3ky#cQtZcR) zs4U)r8y?r%B8vv(TPUOpTo?C$1DP+;(T*$a0ma3|)z#H2xE8=CE5r9<7TA_GpGMUn zU)mkbW&7#8uYCI%Fngc{G|V_3fc@_Cz~8)eYO$InIF&7xm19~KRSkiy;Q_4D*z!MF zs89lF3d7#<@5|}CHnn6G%Q^7rywnlJN^I{qh*N7S2`n1gT!NFsq6~Vg+M8HI(jWNt zbMz3lsex9TnJ5;bXnY!-IwDmp_J*3)00a%JFoD_>ALveri&4l1zYJLnH}(j?nhu#9 zr%5@LS*DM%0qlQ>iqt7dQ7_%u&VkHgfryZ8?#a@R5KQl|6UH{QJ5%4JKbRhqS7kip zAyfQ!_cTlL{K$+|Rne$@eVw^iWe)MV&@3UX4}?u7}AtWJl7{fHl8gY9;-n&JBhEJ%|^^l z*AfB{h1#I{S)J=b!t@=UcSyjzhoIW|-FYJX4E?kH3KV~39LP_?vl5K+d~*4&J@b)3 z#sgrD46@xcK78oXj3Z-X`sNI<>~enn8AeTj z<|!R(4E1tMoF6vP(<;rpabOM*G-}R9 zfFu6hq@g;e`oGsjRVl7tMqAS&slQ?09vF*?L+ksYP$kv4qEdn|RcMVCeLt!UBwxqn z5}<|7Vf{c;ETPNd0v1xh-lJTD!8zw$Fb6wdo(<%(WxQ~vFfNhwzbXpMnC=1NzW!P7F+7N-HHaa6qYpsxLlLfwseZ;De2pwzNSY19KU`kbQnng#>|cT@ZAy&%!Z`?>ndX`N`K8 z9x6;%I%7Av*WWKQ`}d<@2!c^KL4?GR2WT#IbaY~-gvo-hdUsN5$-v&Fz$E;naHOnA zm}Lv9@`v4xWrp~KZG`SXiITr|*(ogZ3-6@R0$(n^7hKBx)&~dWEe9PJ$0Za`c&EkWour@O`!<-vav{RP zo=e1J_0~=CA!MK6U_Bn7JcW9e0iwOQwmvohzmpXOSekw_C`PgU_<>W~HD zFTwLN`tX7FLL@&^sE>P%zI}vLxf#C3Eek%+WjGvi%WL4C0Vh{cC&9V=v-&hD;^p_z zLH1WKYQ!u0%kQrfiuo?%X#WM*c?G%rM71RedVcOp@J)$7J*b?ikDSp} zy*X`iU-vBy77HWW_2)8&|8S~tAdla`-$ub9*X7%AL5dfd?wr=NEF;aXBisfR$fU=H zgt@qsn7~#Q3*m=gaB@Cz?S(5os@J#HxZrOiW>snkf=Jd?Y9G5_z5nbtIjW}~KF$B^ zk5#u%QBVgoqu95MSUt2ybfpR(lWgYFl|hXm6Aq zqQj1$BY5l-L6%uF zK^RIxq&sI6lm?p)38g{lZV+h@kVcU19$=XH9(LXL?&tOU=eMY@-IaMb&pG$G`@Sv+ zoDI0`J;=GTV9LQv$>(LT^oB_eOhm3NU(p#unl(4QZR#0PD!oPzyMsdXd@DX;Y`k&s z!PdbqvDq~$g@Inv_2Wk zgo!}k1d%(Am6MmP@Vw2>XUBdU?=~qR-8i~Jls-_?M&J%PBmv*VB=8;V9u6FuQ z4Zye9(!>ah1BV53%UD;959X>uiaw6pK0YmUg8zSxTp=aEkIM2961paXMfIS5pIoDJmKR zI!=w2V^h;lIR4(1SBov$eE8dw5)lmZk;KngvmfC92!#m|^upRrl96H*C*1wCe@-qq zxO%+FfTZJ%=eMb|(Tm3(Aprr3h^db=LCQIcf4?zXrkMNIy6=V9tX}WUf-87lWi{e5K#fYFO6<)K@EWEE zX5K#hSs$_*_4kY2P3XkPS9%LV-#R|3rtYjyMBo{W!k@X3XD5ZtGWLs~x;ikMMbGvT z09VrU$-(NdgKG^=u(wQ#(5Mx8hRN25wk4PL*#q!JnVagVEdw^_3)$AS1kw+bgBGGs z++l^AC!~Ej2v|~gbBfxsyYAyZVl(Lfp{V_M{!x*bftU^QyI4@JpxkeesDh@zyUNjaky#I`4}3!HBb5gVs&(uST| zb{1jrFTW&_fJGrEURu1@ZWq-aRNdg0TX;0fn9Y1VCd}#nK)w;|@CMGo*;Vktae{=y zvVz@6%oBw6g*Zxhur$h;7$8g?29d~JY~Te3XB$u+;L5_(xA z@5DogF~9Uc9&|VDJK8P_oOHU&T3NX=gdGD5egB2<8%&j+mWGB|8H&6K)xi6D86o;oC;q{{G zp#6$;icrNNcmFlFpA%bkUVU)P;MW5had}^HE1#~B0+4K?GjWz%E={G(No@h-@sj>O z9VX-yhs^l-Yq#z<@8jC(&z&Oe8d26?xPO#Gv#W90XqbIMV(-J?_-CA}BSZ86{q2}^^M zVzZr^`(%RHV;9x<2@1<_IlD=}A2@_-_=Ug? z6S4k?vweP%N5Drd&HpT`s0V%z=Z9=@?ZI`|-R(Bx<;gG64mnGgaekO`OmLos(%cRA*SfyR;u|rwf#@=XVZNmljYxQpCl6IA(I$%vc6!sqmC_ z?T%lO>tWll7kB0ZA77v^{Owm;biwZ9E@_`mwRAYo&@2x#&D4hc4qjbgK}3n|xh#29 z&QYU}2qiHj(*F1XekbbKefytZ=wi_LbZU)XvA-6)UcU{YFl}$YI&3%M&@SJ{F2MXI zv_hus{gBI64?n|Br(}0>%=5eGJ?Vy(ijDS?qWQ0Om3!i~Sg{lzrt4wLvA;y%h!y)i z18RgYrGl6b)L-YummH6Tep(depV+_2Lyq&9&w#1s0|d zh-Qy#K&W{!H`tHOvwN$$sVOy0t5a95k5=1Q{Z z$$)sm&zzVvPl#ZMd`&s;EjXX_xw&O>CUA))Ud6|M_+XuvpSfk=04fp&TQ+Yd%+DAl z0&9&&3lAbOIypS;{78@zm0?zu6L(J{HVmg%*Aj%b^EY4F6m z_jrwp>d+`{NRI+mFyQF_qrS%FAPbyX?fH%Qs3f7bF&UD$shpY;cS`W|eVnscWAPJd zHKj)gzC$aE%`3}8G&edbRJS*@lRD)rByTkkmGC`lgv_>&h4oK6c2^HlJKG8<*d*ux zy`iza#(_bfzgWlI0&3AOsaNSPV__v;EL_)8y5SccuB?LStvKYV)7~bR?&$+bFBl`a zq(9xDj{Qw|ISEu)Pit=dDBwC~4__LN6iGQu#59_N{g=Mr`$!O;XV%FLq=Z%}K?u{NL#kOMgC*(n?yNN{&`(?*GVGWmw zYDohzWbm7m>eWUq6scNF!GNjYWLYJ;gS64Tw_j>}rPNp zZflr$b;l!}hdxz3PtImmhrwiRhElZJeYH&S90!E8b)Q@BM_<+ht}fSy4}C(&2Ox6B zZ|7J$Q%;~UOPLg+qoq|+2p*CP3l<%P%$Z3i>yT3=SYLODz;c=*#lAvjg!j;eCD<3D zxobqa!7p4aVj(d*OT}+Cl}9ny=TtHGiKo`B$fkZTcJ{c!d4RJ!0N1Udt!wKp zpZSR5@LJUq@y&Xwt=_iUw$O+ja-mUaT5J_5Wa>*863x~f8J4kKVQhYHm==JYX zvP>V|{YpIQzsl65|Etr$y#Lo1KmYuX(q$Xho$Yr0r((bFUiMjRNSMv_COB>NHIYoT6{ys z*{pB64m4zElI-kHRD0y+78=!w18zZt{Ya9Ce`SrP80-}#i;TmnE(8q6R0W`;s1L}| zkPLec5Ji+yyw0I1S7!oAbL__DgVVX&6x#$m$Yf+gjRWPHnqSOhWoA0}I^3~;^5n)5 zQEJwwPk}XN&jxHQB9o;9d>6aBEG#Xu2UYB~q%dv={#x0W$uC2kU)qC~#%Hb5mn~PD zGOpwh^0Q?QJF|Sc7TJovD*F0`@RflQ3DJ&(sO5JAHMl}ba)~|nBAljtg~b)-%ku=B z1nNz~uUH!tZ9J2pWYV)dtB`rFW3#;s2ZneCKU=eYubvRuFde+iJ?VN;8chO6#No9dEB*P#97@XsvyucvIV_((semrV~cAi|irFLbckXA`(td^ZV@{6h3W z+&HpwZ0_O>$0w>RNP~OmVOgZf_JS9*9pg73fDbWajq5z)Yjk0&+f5RW>~7UiYSxDf zCvLamKJ(0L7(b-0EJN9gNy{9x+=nX9F1ISoN86jgDNk0of`bK*^dd(^mHI$0Ytg>T z#d(b_As{nS$SBp?AupDNJi_8Rqu~!5^nz*Cl1BTZOwi!~Zk(GJml>6w4rCzJ+Le%> zaS)SU7!9Cq_rx1eb`3qX%a$ximrUA&>la*>w0+fP@$n=_U5i$W7PidU`OEpi znRkP*NABTV$K$T{7^b}8i^DNXN2*u)72ahwz8{ia<6>hoAKjdS=q)`C6)v2ee0j)2 z&LkmSXq}*hsb`T0OxN-CmFl9=Ub>R0_?wRQ=A+{6ukoOg-4eqhR+fhHlb%q?$^T5KB)BDR}iML&~53d%rPe8QfRiaOJ4%7ij3&7WTMo|{3PlA@L` z8r(XiFyFYgzy31f+VHY(sofRKF8%ic?_HSM6?k2(=SiGxQs;}@=ClxX0%RpU&{x1` zJo@bUx7aveql176w9;L=<<@Xm!7Fh%cMwy&#d`mHTC$Vx#>1kGU4w}-d`Di4QFNcC zT?rLen>_Vv#;uAvDgYiLHjx(x4FHD+HWTo|{`06W;_r~8}9N$(U6=CAL~HmxTy<_(jWf%@@}z~xg9{b(kcKvpp613>3R z+1@Sck-a{-r=}w6`up45RaLxprI^dZxoaKP1^t1cWr!NOk)xMrOEI6#8zSADoxCAqRjqb*X7A_FEcP+w$Gx-WxS^>a9yT$hlVttoQeIN-^R zS?0@K#Ko+8Z0)BQHxFN)3S=048BkbNrspzircSCRg}m1v+^epAw6XXg0v7U4^;UK0 zjgRGSgk<7g{j9l!2tnV&?&Yz!s~kro5p?L)AJBCc=bvhO#*&M z-50^Cs;cuAmN_{0xZTvzYb5)wF~$5x=q|TVp}wo>p#k=<1TJldV($OIjiVgA@6BA) z9@F>+o;GTUVgJk-TU-?6sKoJk43mXJ_nN z)a+v-91X{vTe8W=)2K#BWeI$tyy<#zWtVhq6NVm5 zEI#q_{{o4?!}u;ijrpWcJk6wnmZpQ{Von{Oah|BpG|=6_0CQxvh!0{x=)&@bQD4{) zaAGd3MqIbdGdLX>^*$ssY(76z3+E{IV>QI6hhZ6cYCw=OHoUJMW{K)Lc(!{GTVD=c z-FbNK!8jPqhau+2M7E0%cPY0=K70S#^4Jpe%0W9sq(jI~qKEAb*m+9>-}=Lcei+nK zUORaRWt;R&#-pvxdm+GIoZ@KaB}M)A#572HWL6Sd9log<0_KR*Cx&jr6YEe9!e7+e zqWrUc$P>6UuTzKKz|3|&bMqX12_#$6quA81n@uXoz3xvx=>{XLIUHA$Nb9XvnD@wt zw>VD*s+8=2Y{>H~xYsgMz~sK@66hULQC02g>zk=^v)P)i0|Q#8R7S}fu>cJyF0K+J z*8|T^+FDzaL|vY{X$-)rS1XqgK2ajxQAEYu-ZI{s$GSClwu(k6ZPFZNgI~Q`@`FV%)+!= z4WXmbt!peCVlaxSuv5nu8aT*S7@%J?ljXaKA_@?~$wFWifk$DArHsLnGO-J+ftb~) za9tWj9UhL&d)RAZN{IaG+Ff7bYkuh2u%b-SGST%Z}L*ENr0AXgez0_unWvL=*QL z;gm9_rdBV39>uwdtis0PhC`4!W@|gUkk|JtSvV!+tE~LOspgiD^?C+jv36a*)RvPe zY|a8*2+!z&U66B*f=tRvPfj$}&aSM>@*jZIVR)Z$H!bdYIypgZW4Y+1MPsI-uKswp zbxF%F(AX*qIweYT%0Lb1{oA*=fHy%vOl-`IKgq3E45)K3x%^(+(tt=? z^>H0l9Tk+zcG(JYV-Yg*A#)*EB~TzD_Ax5uL(oCp)s!WYi#LujI$N!8LPIti<-Jgb zG35jZ)y;aC*Qtz0fe;*ug$H->r{{HzxapF&+cQA_<0Nnv`Jj49*V8Gn0VQq`~z z6(&UIeM(iVmmV5L2=$c{+!o?%>?XZz*n%m4{Nq9XL&F*Blf1f@4rO;1iVGLNu}I7C zgn931)uOl|+Sv37mDY|yO&M?_K(;ON!!*3Ka%ZKCEscV?;QoX6U-KE?{Pw*=TJHzt zA!kW2`s%ok4)mkMkYb|Gh0sE>FtfoAc$HO?a{{vuB4k5!eX{v~JpKE(Lk9mdMCf$_ zwS*p!qXEP8Zxa$OU%cpXvcG~tdEa{jfu^In(oC!0-}az&96v-`i;LDET4=`fBr0&xsh43755uoYx;tR4ch<{&Rv!4 z8`H|h%ApkT%Ft|5p>Sa9*;(4mu^0Nx5qO|8EKuX)q2X{4UZwS+U=ZI~zT9jTSKhDbUI@BS7t? zch^s806&-I&sVDTrFU*Ic65&_*FUou`x|o;F?|ONKQ)>FaXV6=*9Y`UjU0_Sptj8c zD4~XihIM3E`Z6Yzdr;Op^S!f_ys72uQ>T}!Y~LW!Xsv+r@)rL15{15H`FP;|O?|yS zfeK!g2F z?F6-Jx-SCj=30Y;BcYgUx@D+@dr2f#@&8s6-gg?>zh3j1T1{yzb8&uY_VU@kbsLFl z_f7Oh#mu#$*oOUk3-=z&u3u2fuu7v(qODScVZ;xUUaa>0`HSpfJ5gr{) zPC>zU>y|!kmeWlAXU){eA}sZpfn!$?j3C|-ao6g1}pf`dg&G}h~WPI0S@;~1M6>gfedewTg?>nrAr@x zaeVvMvSbWT4r&w=iB|(;4R;a&?mJ9HLqpnk-xlB@J$l5b$7-iKI5d<){ZEBxj8SHK zFc|@R@K4EV@O%~)^geyc&+oSQ0&(;40T2%GFo3Y8McW<+L@2SKwDgB#g+0r4KEA%* z-ss54%yA9}wTBNG^l<)peUblcZFu@Oa-Z+N@5vNB67%`~uDG~(=(8qRTFq49i@>tm zNqayI^dkcJ{u%*SV(YDr%)gTXy@eLd#!&6wvHyF}!zInIcn|XT(yfCz=*jOfVT^Q9*8-8XuCA12$)yz-*sm1;z3V zAE0CSJaq33;HT7LqW*JQY?*ohivI77$lRb*9Izl3qTeUT7_brqwUbUT@Y0)^*$TkB z1==C!UO*HyH$U$oeh-XU0Y|6F>^433iRz!z34V3wKO&?AzQtYK@Me-5=t@z%cmKYw zUZLwnBxp=Fv$)86<4>6r{NTYm|DL9`Ks(^f<*eTRb27l+@{>C{r@i~@!oRxH>qh?c zpOrgY`QI*s1V11%4{7JD^vjwEnPl@Tz3NI+#3-dE)KYn6xIyRr_bKMdk3Y_|Gi6g+Uj2K zwNi)1KlDgt{%_?#QF@h1Z~)1R6adZ6dRgLj4>dlQtmr!m#z!hyYG{yi6a4+k32Hj< z$9U2O4r7z@WdD7Ej$h6I{mP}+ZhPraw&oZhC4&LPyD+oARy(MWaB_oV+s>hDk@*Qw zw}AtSpeYG#k6Dsid)#RAI5>pN;a^ES;dh@kQjXE}e24{2j*E9QW(5EGJhgj|=lfrK zrR9&^DCB4%M=!X{#`xeK$y@fOzqUwPELj6k>GAuejMx`3Si0j%;o0r&+*Y!(;?(1? zqu?g_NiNX7Ob-2Z5O(4{Zts6>{q-D)Y{zssw!s#2do?9f1kkfyvLgME1Ba_IE@<%r=PU+-s3*f%WG~- zy5`S*zN(!NfkkK0$s*zBto-ezpI1ux`E4KB{&RXDD=7$e;#Orw!;K}-zx^PIWcV+A zqhcBQ<|okU*}0d_n`GEHTYaQZs(mmW%fF`X*f=W_jwMST7rETUW`YX;#sbf0MT8!J z-~SG9sk4p#5{}E36XhGZ>9VvRbJMv8brX0U_dXQJ!I%2kmb5`H#vcJvcL4MHrmA2v zOMQ5d9_+;FWQL?0=yf-kfxi`teDd;KYBL3B70n}Ew0@*iWI)cO0%wKYh7dDh*TY{5^8?5#UlZMaoA`y3+vaLeRm z#CQu&L?@`p8KAzYrAUHCFo&PTzd$=)u~EUM7obNyZp5Y7-<&$_|0sVBqBT-bIE_`x z*va{va#_f_8vv8B_^p2duo_T0H)gwq0*p{Bet*wn=LJgd_ubupBzsMR&eJX6)S=PO zh3!XbPdELbZtFc@3GcZ6_5rQ5r-vJUYXx4>%u+^6pZ5Vt_Nb|l$Lf#D%Ab>ywLrlH z?6k$^=7PtrEv2jl4DJH%+yF3f4!C8LZrj}jDdPL8s$hx@JD|)0Y}2W#jMwH81jr*d zE9c820dYjW5CD}u-mFnH!a-EoZ=Ia#I=taLzNwcyOie3fW9r#<(IEImd@Qdq20R)6 zXS(<(<;9D7rzT#)BZpmlJP{EQHa!VUW((FO#{jcoF$unnT~GF@WmbHD)F(FFS2sq3 zYfiyN{0fhqJA;2>Nbr6V4-XNW)B8*_vW4|VGm&m#l8G2qu%x#C{xj{@z8(Ln+& z+N?bR>+ZN{I?=^A%R7~GsN^mG&tRMhemXvCWMou-+~b5fLST=se@>d4xy*0Ys4gY zlp|5UJx0&aaO}Z5e9}wqwIjginionHb6o6>kCD1_E`XBrkwZ}eG}k5p3oqYI_j6EpSMbqlcB43@KH&A?p_ z$QyG^2Y}qg1JRW!QhvUQC3OW}wfYc++sV9{}6eQtHnX%)v@Q8L)2Bme|B?b5MPvsHiEKCPcIA(}NL z8lwkI3(A_s=nxkFbu8asK1;T=jEj$iLA<#6-1nE}r9#Tcq&E-1<*J;ImRK)tnf6&? zf<(dG5CVHTL%|}Aes5q3L%!7zw*v&o=Y!ACIZzK^2#{FGe0!^UnH{2+^4$kSeFlX9 zv<8j^b7Vz$kYzW6O_IyOuz^>Cn0O+_ojZIt#%Mv~hsO95pnof9*o|fzdb9Qd=r0-v~@f6`4ZL>t8wwjmlQRk|*$L z0?rObc};6kgfgf;rQ{3%tx9L=ZQc-Qoa)jZf5kInI$?Xe1<~)A!JWtpsIesgrmHC; z!207nPVi?pK=gr!1mEA(;0?%iz%9w)P>MvYXcldl@lpYzbajw^I43st-m$P0guIUz zV%N(3&^xJ$t$tf|6wqQHoF5Tb+y@fLUQN&OYu3N2f)5P3pSd4{$yr~ZwgbT3s1uh! zV4ior#oqQ@k9*CbEVR;cvu zYw6EPuHRvVjQvG3BjBk4>t8wnyQ+MdkpmhJ@y(+LFbC9l)&T^nL%@>-a5APnMyDtw zw

kGY9PdDlad$j20Wgq7!E%`+*4oE6z9kvRhcQc|(6?q+mj%-sSMy>x{Um*06@t zW;$tX7kt{Sg-m2M>ofQF5OT|I6R)W%fU4D-blm=eE^y7D;bcK+YVwk{3DB9mIDFWz z#UzdA>Jq?kkXT#);_uTKOY%M_V<_rNx{Aj1l2UJ$ucb-7+?c*+tf(c;2-HqKn9Bzc z!6sj=h#^WXkkqRfv%Uh^Iyh_$eeRpAdi-btSctI<v9WQCnDsiCF=qD7u1EWT zK}Rp3C;%W>W{~#OE>KChP%Y+Utqlj5dU^@ZZZPUO(=;MsxF%(MeJYPU0Ux^6fIcN; z_HN9)hbSFkc4_@J;e=@G-XD$5L|Jr{IWwcT{5<|40hRb z!a)Xj2U;0QCeBUAK;LcxMylbR8}O4sI$);{z|19}XWxBJ+6(_`)d}WBh@sd=yHnu% zF&j=re1^rdsn}!H_xBa~#KECvCOJ0~*KAg=trhjvZZ|s>7=E#^9K{{E+<2d>N#-@} zK*-xa5<=~S<*m233wkPDEA2KS6Ywke=*o*5>__NT>5Itsyx|8dHPNDT+0_QjKEFR6 zowBX9Ojfy_Q}C+t)$Idd{;k2RE`$2riQ0t7rofE>Si z@9njK!;;iGEatQ$l40)~M+~FaqzmA#^83PwOyjEuw$Ng>DD zolh|c|E;>i@ikTW2|F|ibU%;&4=V~rpWm;6J*ots1qgq}6*8Ywd_njH6f#0w{|E03 zV9bRK%bs|ALDD@wdoVdYB4L_mIe4yhJg2L$Tr$UDpHl-D{bp)tp=!?!*Kceg>!m{) zV2(*_v(ge&$xh!F`Ii}yDY|)0c{mTf;8IU09W`ZP0+Qr}kk|o!Ab0V4iCeFl%1d`84T1qz*1$-$E=L^BIsnme*!ri z1b)4!KWaP53da;sZ2-BL7oI);DL`sQ#Ibn>h_hZNZuH9bNN~gak8G8E?!-ty+6It- zo%p1Isnstq8V1a@*i!^oG@ud#2#~|Mdh;ErUSMtOHCxhv&-JW{qEP&F9RcKB6^IO> z{X=`8cJjcrt*|dV9;o(kfMa%JHKY#S{c1Topcl&v3XE!}r<>b)Q9eoSapdEB=T0DSNvos|=?`DW_~TK5anAS5s>#Ej>a3kI zjS9qiIvL#GPunyNA6C1E zY4RDCSoeUg)}wLzbBhK%9B)8bZD2ob;s zNdo@{xE_1Y2$?H~G$eWxMOdIiuy0ddGaGGmpN|KM%zhSsj5YDJD>JG?0q1(PA*!q4 zVB{_Y1``Eo9)kf~sMxIOIWGCnhI98&pKxQyy=dJ21F&>ZBY?=8UxWEwy5(=bzZ?W1 zLkBe-oqkm_EzgEhu8i9wzJgEk6rr20ICWQJG0`_p%SYFlhO$)Ypl@z9m^}B5aWZIp zd>mr!x&ajf5{D@Uw%iE0(2Gw2$2^0gXGjt7qrse(c)s&bL5`3)u~FV%LCfz$|CP zj13V@zfZ7Iqt>p320ZKr{hFoBn>jHe}?7n#fRLLGAqmcp)AfA&jwFiM2 zgaonIcSK;y5{4#xc^;TT7_?bep;W*qXm!MbMJX$|0}<|v+Zo+2XkVba^#}!ycmp`I zK;NJ2bfo@#l2<@3wXeftQ0Tv!^BJ5j@~|8OJb;P{eZQ!oY16XNn{A zFub)2WCR%s#B8^S1=zTeMIgiq^Eak|&j(sQfye^)Q06?DYwa?7?iL^SAxsMv!Cw#Y z07?f6QV>)00YYhj(L8cqJWmi_1Lo-|%@%S50<&)C_Y53var!Tj@LjeAQaI{7=v)M@ zvema&q_--~nuCcI7x&KnWN>_`AizDpN#xR~Sq@;(;g|*Zsy?`y0=gAye0N>v zJbf|+R2oofj~CU`;x0YxZ;vBOK|c!dMO=Kmr>x*ucTlc+>v&TWaq^Zc)&I$IKU+aT z0dSZv0M6bizpbLhoa(F#jPANT7ITIG@%R4vnA_%L6(}r&=IEP{gQh~|9m>*!OCOA{0S{{M>537n`YXeEqrt=?AWxMCf)Lu*K<$%4n8S)uIEXXPRbg{*A_$!pmj^QT z!*ysE;3zs zO*TflH{QnttXtY7d+3Ak6x`K9@N^mUFN(GrklUA81G-oGbRFm#0KB^bLTV+GpPvL4 z_lGnameV89ML=S!S99|~KvE6b&4G%Td8!%mvlw;L7Wz3mJ)@2g2Xfcpv-~k6{x|}T zo?{DPM2{Fd0b?5j>~$ct48kk>qO*p&!;|G=b9vysdJL)4I94r;us3AZmFa_+ehZ5^ z0B{%{sR7b~z~#SbRJ#1Z*s%^|3(kx>7=_BSvUb6fN5%#9&JhdhEqsA2oE~j$!To_& zVFro0PhGf;AWH+V$x*;hKAvZp@#{^h0#R5Ch?@NR3cy{~8K20bgZqC8vOXS&39Pjp zNEfh-mR`w3#EUph1I=G&f&yt2Fu%N!4-zr6sQDNWUOU>`s}hoat{G^eQct|Iv6$#2 zhC%fK$y-g6)P(agacvox9|K zsh+O9$P(~*JJprV0^FGd2`>-`nw%S)J&K>ZiEkt z(F4bCt*9YzE-V!ej3P+VmdV{AxB>C}IrYIYZoJu!8RsL(hRuR3F|L?XtBsn|!vL?? zf^G?WtLoIp9PNMAdmOx9(j%( zB^J6aB{x*=^}>JDiTdpRrs7a4!0x8x=wJmsR^ij5AfC#5O@8jqxb#j1o`OXMDo?Ee zufJw4oM+VS7x0^2r+(T?QFaH>?ew`TTQnMQm$2vOH(?9$JDWfuHta;XT^Th3VGsy^yRiNsUmyiId&9dg0MDZ*72H0L@lrZ~;^#V`Nar-C zZck?RM_U4|dKF}zWBS}>{H|>cRP>G1@lal*soC8aBG?JIgP&yJGHIz=?d&uM}VGQ>--l@P_QQE`yF_8yBiaVT${ z)+I9k3OLRAV~f92fDrR5cJpBx0C}7HC)IJta zX=;(^{?9OFmHfh=+VGuUUpTu+$?XU6 zolM|))WY-2z&nnu@Psh?di#-LcVZCec@}JT)FV0{!e3ur@Q0)pLH_T$xCaW z9o6~FT`6$WfAx6ZsqCo~>Ls12k41Zn#9^m?VHe@kA-`@I?l9~h4+%W&{%1M-|H+m3 z6~*^6QYZRH%f^8bA%ld`zi%HZRgjdE2w0^abPr#_TgDNDfMj?)^G`=sRk zF8bSHdn$RS2hOk&P;h2eQD61(Kf4pvz%lrcBketJ)cvfl0K(yZR(kmCB^;rmM^#_7 zb8L0~IDA*a)VB?k2;ufJKMR~3|F0vs)E!>}9NmJYU69YXa@+P*dE(avWN176(qwnM zPz7)oKnw#M#fQ?_ZePC85GA>RW)hH39MCs*cpN!EYy0=zdu&J@Q6-1w?D%=@cR2wWf1f6v%r&C1H@6b z_Fl+P-8>NF1$b}-NK+lVO$`pF7Zm*23*9@@aE7(LvcsUM6YCfMWWvCyGk@TNPuCg8 zCSIE?x9%A~Dzm6?GznR+p8!4{h?oj`vY!%r&)Wg_v&M6y`ZZ&ATc&qel4qn776b&2 zl03yJq<>z8=D)8(_Mcag1n!65k8Dly*;-Je~z8Sg8V0<;d-CClo|Hy4vNbu zGe++p#}a&OEc@T5e-F7*1apdv87|ioCp(7|yYu{?r+ink0GW`P{6l~+{%3hw()-zl zdE87T2P4Md@ZkT*`f+gyF!7EhJ$J^*zgxGR$Fx-&Z~i@_KkNGYRg&@k-P!;165_=F zDzkqU@z+P(ssG)$e^&C>`>b&O`zHT)pYHwt*{A=0#PevOCJu!3kO6#fdVFw3t7!U6o23bLdGOKv1calz5*T>2dL-PtB za@-Q(HY;!`#Q#=aP{Q+}JU_6aS&xczjtHL$Qa~!;;c4NuF___*bILhG-OU$z!yj8; zqLP!vlT~2<{)#d!>#Dqh0_R-?Sz6e$eHI*62>O}^;jl3f6{REL%8)D)zuBFV7DfeK zGKY5TPoxf=o(F5nwx+M3`$FmILgq{qXw9IoAYz;}*36)AcpSb0vcN5x*G;&>VYoJ7 zNza~_G$NFU{c=!yTz6b#@pChxFro)&a`Q<(k_KGVlyKlB(ql^+C=B-s2@;YM=y^fK z$w0?zWwyAyRZv(i*L(wFox@9>_ZV5Ma=SSq4q#Xbi@JP79$=vyfie)SVU zZwX>}h))*6EfwbxWW3jikmPuftNn|yhaDpe4nD@lracacT?|MnLBaR;vsAOL3VqV< zjAWa!Ig3AFSv$K}y(m%4hz5kfD*JB^G5 zGWOV&ZBF?L+K zD~phE#Q}boagC=#S%N`k1l+`t zTwI~yTN;l=sFfmluXiqgyQ$v$b&I!*<<_qVMYJqLq9tYxv3VVt03}n)ic-37+qM|4j^&MIrUyDJ8j?lH!q5sEwAEnd_V53BJrQdZvH@ z&0>_qCMio*a@o3qJQ_*(RGdL7?-+D)%=#&)VCc8v3V6HJ+$5n0>-E&dFLaji$uvvB zip?BrD3#Ztl>FRMhG=MK#b3_5Py@oD_Da(=OnbmlYevIT8ji>eqrR%Aq|i}i;E>uO5pL;nH@Jav1P8Hx-U#wj^XP?7xwP%5ixs*6bULhd8}nA*uo1LmQ)6HE6RPd|}Srp9))o$*FBF zwa(uRERZQIUfQ|si%&uMn(~5d|2!qtE2jh8MjSlRD0{)Ap@uMB9??2x?gjI1oy zx)aHOTcXmwoMZY%MR8yFQA1R=g3JrEzjeaiu2uJGp*;6Ay&$_%!99Ad>rs!n;$BUyqNVR zl_s5rs>4*zipu4KVr{}QQjuSt*p>XQey5uMD?m45%ft~xZy_tIlT%8D*RNq|NXEyN$x_i{Omo2UtB(<;W6aV4{>#g zV^z3)k}xjlsW%=RP8C=PE5YorQ#* z&?QV6CYpu^PTJ;PZ>@Ne#d@2Swb?2(I25geO-p4+zbVxIsxy@6Ri=je{s!Lw4t*gd z4lPb@Y#{#X!mSI@GtNy)6kcCsHx#H@q4}j;)S618#5JiTa@tpDx{vF1Z@P)D7t-Ip z#z{()PUC)oA;Rra=92<`o2R+aLW1!J)K0f$Iq0{Ru70~f&&i=C8%%pzNPEU6Rdef$ zJPnm|>HNh-j~z?e(SzHvv&*~%QL@PD@)tjRjJVSRow=>JXyqSW<43b!XR-1DuZ>?9%Sh$$8#F*IPtG7+utQP67E9J%}B$Wv?l4E*`Y$%H|^1GpI9@?TN4c_L&mTwcrTH~CL&eo+#dgi z9rtbInHs|fRjzjZ6krp?5h}4{b!XT3DPT;?!;0)Kd?6@j=4qR)os(widrK$cj67TClazSgxHj`HniA zY^7gVBkTWhb(T?a23wnL+}#NQx^Z`R_h7-@-QC?KxCWQt8r(Gy++Bhb+#RNKXXcx` z=3hfE`VU=iRh{$fefrGTC0WYWPEGdA@d_b__Pn9-?@!EPdI58Y(!p))?!!%TqJe_Bi72#1i2YL zR+AU;L}HQO8NauG>^|P|UID|JuQ75YyxnPADP{JhVf~4+OV!DC-lEaWZg2V|2Uu5c}tRCUe!mIvG#s4PG}<3?FlQ#u-+@7Ok!rw zHcN&6<^%kNu7ysb2ngMV>haSo56wgqi6~11Zw(8xidu~`=6E$ieZYH8eNhp0B$?_R zhTK17y?}(k0b@fX?XY6pfDapt!t9a9yX&@q9CVmO^cA1)5HQoMhl|yX@i`PHw3K7W zpNz#gUELr-<4UmwvGTSMh{XHonSknyEL{DiqnC2uu0y&J3h}TI<8$FD$w^&_y5GoCe&H{xAK?#d)1lO;` zMg^^ek1#q_K#JwpdvOI*>!d9vwkY;WBvVS@^@(cuMVFO#5xLOpo1K!F-xtZto^(Af z@vY|!c=H2pA6QLj8*sDmQz||;@+fDgCqbzx1)jX~oFy)FLRGK?x$p7Q-51{!a=xBF zvrPA)1(~0*OVptmhcweb^qTo)ZQHx~pI_Ed8^|+hTxxBy1@uFlkQh0&oFXb`j0fzH zVxqo+_QmNis7R?bg}i0X&hi--JKRlS_cZk&lYEpWT+3O17M(`ZGgALnJGths)y~#Q z=Q{~eBafw3f=<9oC4wKI3@O#0oa^25R+vNj%~_7ZDXpl(&zrU?z?d%M5WMdbdiMaN zNAw=7fVg7b>B^9Jl~(d?!i0nDg_n*@9S6usRsaGnZ%>xc0Jz}rkwQIB(f_N36;fzq>7JLz5P+ukufIoyY@-qD|cUQb1oa`UZb@M1sUk0n1wK&|fr#@!>IO z8L9=I_drjp3zKRX7&9y#x8Ag>p+zsrTEQz68Jr<>vDAwVx7Obcnto0TJFccqjTA_B zLPX8X}p`XyAQ?zThN}WndYI0Alth(a(L?~yDIxE(d2AXDm zTNv*!vZYf9CF`m(+2G_Bn!lf1x;!zJcbqEp4ky54s7E)GL5t}F_VWW(GPU*KN#A+8 z0+JIt{pABUML)yTw6oz8Vv6cJ0=EG3(yL|VvWY3T)CRjl4EKOzb1tLjkknQ+W3;2NKwjB>oZxFlwHs~@mSaf_E1N0n@VZDgj`$L!3I>TGy6P`r zHP>G?UvfzkW+>s^Z+JxnJzj8D%u$6Tw}`4f{4X=UpY!v3L@_TIh8!d;E>q2Un!jYB z#f>r)Nh4E17~&c+)@C~fImd$XjZu}HNdVI0dYk?L*lQ6=YCLyUxmSbp)ZZfcvT zZlq5z10;yFhN;-f4PVb9Q?Q6~Mj4)EtQ6-DzkH}@=_Bob7s~5aK1o2WMlxHKoY?D{ zCfIqXx4dKUR>!!-u&;|0hGlb<*6G)HIH`Hr()0Ly8gT?}0lk1z65yom&A&`>(5bwQ zjZK;v*xY`n*8)z}g3HNBY~bk3Avna)96EOel=$zG79m76wOf@=%NKFv!l=i;Pk*-z}_D;&YF0CfF zC>91h^Qeuh%n-N^g${9PMh(^17I7uQh-B!Sgs&zFi7rZlh727{&Gm-(&6n`I!Nb>}Sd7Fn^b^49k&B zx*0>xj)P9#`Xywdelv$g254Qy2IKMgM?%(J8SN7^fi$UUoun8g$digE2+jANW(L#5 zItU{h{tQ33PnD@5PpTI^Ml5~wEVwtANRkB8U}q6c%g7!oAA-4{nYn;#@RQhZJ_`#s zM353Z52AbtZKiZ@$;H-%cF0#uP{C(MDTjNKCxkAXx=uA+rWL-Z^%FT|2*M{Wfvtj*7{*Yjg$FzQ*;{ZD>a z6qGrJjh%h9i93-u!y>U9>$qcr->1LWoe`Wm2B>YFK_zZp1qZ7S55Ec5{E~f)CxjE@ zVFNiZCX~X-Bg~5|c_l@Ru)~=}`lDJ&BXtZ2`p_ZsSpvU)VV3qbXW>_Ah=HdUy=(Az zWK@zLh@5nG*u*&~tHfi$GEO27-`PE}E|hEB4iybFFQ>^N{!z17tcYjUSlzS;-l^8E zbpg<{i}>zgf_m$R6koV6Qv*NU*LCU{X^(1I^C43@a42{LDh2TQd*r+N<4_npMboe| z+UJ)sGirW8rsE?GC-@{$5@iaRoSyLJDPQ-Vioy#q#eZV~z~^;60z)WGhq*rA{hu?v zavh#G{)PDk@5;p{xp%=`psmXQ_3+9OXrl|0+|5{yPD?c`B0YSmfZCi~n4F zR_X3$E-(Qm(6>?z@uc&OHdM{303j?~K0G&gB+*S+g?~bRZ&FDoZnf9zc1L0R3LTc{ z3+yUHCr|QN@VsDRdw~l?)>U1{ma`}~(Mi#uw|>FImyTIqNF%$|aJf>YAIy{#Y=}gc z@r=#Zq=E?zdt)=ikW9E;ajUQs7Hh2mkQ!+nF&=QsUfJpdzoln>j&Tv3n60msiWG;} zN^5F1O|3G9XYG%LkBurXgx>+oc!qud>`B4&Y!)qBN~EjZ=d3}UU(d>zpVC1nZ=!;j zjRIw&ebl1lHBjVEOUI=8$Xcc~_>CB+KU(7iA6wl`<~_pFz`tvjh)Lai4r%=nM%R1nc4(E`E5w} z6c!U}>1;ay>60W9GW{gJk@;m3AgljQ4!uc=95S9^j{2EX98qqi=maSsjU)Hu=bmvG zYfby&L3Xoh&PMgjk`8s#nVFJUb?`|>&K;{1!A4MI;4ohFeW?cqBl5;Rgly8=r&?DT z@^AB`2SPk{0^$XR;&75wAbJ@J!z(}OPy&e9@@lu7pI@<2kusr8tZgTrXypv?_((-0 zf}Ce%6SOhnSOAuh)ME{?@)Skmk8)6KP~q|ia_=Bh*j*iQk( z5pGI9wm_3ZThA4woa*Y-SmYEQWF@>zB_CQX=uA~*RmA;;FfSQ;dh~uO*#*w~3r7Y% z*El$Mjz&bn^)4%Teh}%<->wXLbRmTVljE&*DdEF~X6vS`L;p{U_%_upleOx@%5^bK zNWZ^Hq|CF$4{@a$Q`gwlJGWRnkf5YpF?Uo^Yiz6T0;3wz*sTc(0Kjo*n%^xiHq9Ab z7M&5?zU4ICZgprnq@>VJvD5kr@n1&OG~Sk?ap>ATF5VmS^wxR;KEN=-KfgZI7M=Nf zOTf!>M7t4{g7+Sn*J;~Jx?s?0CIW!-+-{>3;2A|1-#)u9W8{>7{MRj)N*uglmk(q| zumT|J(uTCLF-++a$lwW}5~9kvK@hO+uo=?mp@8o&%{%lBW9SgnmaWpzT1z!u+SOxA z)lQYGn$97}Baoz_I}G~4_NF>riEJkDt z`e1(v13E@nBUleTnqSUrq0lEH@IAb~k7YVnM937>vhy zBQuJU+j$#gh)`^iSng>nPo6Tk5s_MwdkU5RYNFt-(MTv_qmxclv~;+!F+HxLGD7eQ z7onnD3$A1)*DD$VQl1oh68s0k@qVMa4yOsWcqRYU=@rNvW~{u_bH;BK&{$x=8a2Psl& z6=lML6b6z?5-NkR1f7fmj>6#To(qCn@~-mBYDKpw8Nqd~Bx?#x&Ss34ylKK??l4weT?sg7e^j8G%BcKDN&vq zv5_hD5LWK}nGmKL!s>iG3JesNBF>zx(~1n*E2Q8a9}N^YXZ#&Q$y%d0g_4wybOu2L z-Oq}b8*+j%1mrV>C`D|_PrxuI7fT)g+EB$YMvEU^^a;{{V%=bKb156f4Id-1T$&zz zko;@~&0EIaE3&R8CNGR|6!pYLIlb)`^Er&EOt)M0kbwe|R8$POwURFM;MNgFH_U7% z8Z0huOFNA5ljj%YBq9>uxE{`DfH}2z{}Db42!>%4p|NR_=fsBdg)NQ1`bP4&*gr5z z2L3DAs+=-QHxcfrh1v@Og$lPV4FfST98UPOR9lr5QhjlQBR-O!$@A*$DTN`x=-yj^ zxslsxQEN=i#^o1JBRqN(5L7!Aq9_h0j!EKABI+i#Vunx>^+%v->+4jJX8pzku25+x z>)n;o^5H{KA}c(^9N~CW@9`@%sW@aGuS_~R540L7ykixLFzk@=NC&zIdPow%Ui9d) zx{D~bx%tU*bREX%XROArwiK0*<gm3#k=re+|4i}{JC9yo9M z#Ct$gOiND+J-pS}1t4l<$sZ2Z^?g9XN-u7PW|{Z&?Se%HYy-&8Rag!Km*EF@T*t|Ws$f%7V*ZTZNW16o2fLiX zo$@0v;lpp(I|*QR+Hn9+5si|F!TszqzWguP@o9@YJ+k|@go)Vy(FlxUW`j{TaQyN9 zv{Ci79gFJSeP?hB{3$2Nd9Q=uM^?aHr2%-H8{daI80z?!x(B0-{{SWM`n@Z$(a;txU~7F?y#evp6fZ{)`v%@K3&Bi|(oHq}Cc=Qe_M3{Emjt=VXI zy=bdxPg|=%w{8}xTi}J3G`gBPV(7T!CqUAh`d|z1+#ZrBkd>z;T*P@mLa2%T(*y2l|*PiBu1hmDp#&@3xengSCTGEJAz>RV_2hxZSso76&S?qVq0;`}oG zTyApORmHbrh%yl}5&GO!5M&e}1c?C^vr`ivlpWQJZWhieDh8i|vugYI&NeNAo|?0q z8~<7J&C=j70qFx}>h=>w@}8By-jUUS9+^|E2Wrul4%Wb=TxSt(+}n&AyYSYTSvW_i zQj_iZHAqBM!1kA#`zcY_R|8}$p4V2RPBmh2YumSJOO87xS-p!Y1}-f!A?zk8F|>QA zXc7{e`%k2+=euJw7#g}tR>ZbWb^a#UvVrL)G2{zcU8rOJp#WU$-F;mk21__?s;pdz z3NRT00|A481kR4UiyHnnU8b?zkh~gn;L%&yAUv@t8@gp|Wtg}kVqQ4PzF1n8BbL0EMvMD90eq`EkbXNCqb#i$O3?qz_LEdt0I(X!6-5`_Z z_?$6@h|kI*!R$8v!N6mOMAc248N~+ZEDxPK(-fUomjyY6sqyhx@YoQt zcN993R2Rc2IS3D8FdZ8G5avtGLGuLfiS7aq1Xv*OwKrYnmuaDlQw%nBZJeizufv6d z9*-t;4UKUgY{Rb$^m@H8IHve9vLNA$6xU&jcV`f=1O!TH?K0XaZm z5-{%@Ad-HZ6OBP(WQTULiF=%NcW(70oQ00j%8iz-aO{&8ftw+EW?9A>W<(67**QV7 zmULvSeuG_>EIkX5X!r3<5d(ME;tEAVI3ou|t+&m3NV@}kkjpVK0wtSCLc=3t%7EH` zP<{Q4Ap4H=4cqO<97fT1MJTi5b9P%H0>)na-JZtKOmhF$TLZh^C)cQq!7~SeP%~L? zt-K7IF^fSjnxSK=)1cX584KLs6dZRuU{YDgBTG|z2K<*rl$!m z;Je@b(l@^IWiIeff9L-psjWNFAKc(Uli&%@I6asDV49Uii=NAVB=CFOV8-a5QD9zG z5vtdt$LH$(<$}xWI1VO=p0f`R^5SW0|24ijDRBK10 zTQ&odHpf?2*5C>oY9K-(pJuFR*|=Ch1j>htzZVb>`EJpB`v9$R zlyvSI6Et5D$Hy_pYcWGB$_|4=599nLKp1$rF(5b@rg?b!-?{Ce5;jyMi7I20MSIps z!?=o+lqy!uWv_o(qFdBzFPS6TGE%Ttg;X)Eya%J9z^D~*%`HyP9O~eXu37RTqp+o!q z*}{yU4TNwYkpviT{rD_qlo}m3#ZuAY$`Mm%g2!qpCs*s?Sd_r^3#V;!lupI(1r&#ld&I;XPf? z4Gqi(8+Pv0Q3ENE;FrFqM0V-WD8D?U86>f8KVW`RXh4Q+YQ39{qF-Etnd~u3DWx#4 zVBo`QG<=e$SQR=T!~q(%oOdlv2V#`_rbRCwF>AW+tH&oszHoTquI`gz`YAwy5ON%VaqEEI-DS)(vkwjztc9e9>o zQ0SOTm9ef1)T(Ir02T@{zvbyNi&w54o_~k}^xIvJGc9t>ss;8E#K3e(;gs(|E12c;zT6i1M-_wB6Q=>M zzi_+_GrxH&jQ9ib-?1TzIa2T`}2^Z7Q+&vy9 z44E_-cy+D|FyLqX>IQ`jY!YmmhZDx#|Jnr|Gf1F0x<+KiK;U+fskS82G{I}r8V3y^ zVumMWV~sIMZ)`dR1VYEMkV9{4_J&$`^*xR0sI04O@JGkRZx{n0%Ay1r^&M1rI3lex1jnnc&_l2wZ1n7J)(_g;^xLqMefY4o4D6M7|YpKT5h0vH8|Z0Ms*ivKtne9^wE^GHaBLOpPlqka<$Pzcnxu+@E4D_o?Dji`* zo&6Ly$*&P+=7h*i58h;SzrnBqn~vPsV;q4QUKd^{tS=)_iyIe~Qq&~2F%}?gh-?;4 zYf77<7JJ3AsSjY}WqndoBi(MO;6S3Xqd2SF_Lqg@(kF{McxtGyv?CHr2qvEhN;kd@ z3$Iw{4nTyDF{_V_4K?i4J$dU)%S;&I!N@z0PXPW*0$vZf%%EY1qX!CWW-Mp8;>IvB zC}sSG5HS{HCO0nCfcOkSPEqoPh;24{SzBeR|NYfD{}M-DOyn@3?Hf94OlCF?4t2Py zXflu+)AbaEFDHa~7^_`T@5N>=29T~`x6Nu%2yU$J&c=utxR_x3Sl06eoWqyc^ z@p0A?!z)^i4uotzC4rA>YKe@b4o@TfC3^tzS zQnAqcuvdVV4Y#t4xL1vTe!svys!TA_l*Il6X<6_O*|9%wit14dJTbdVzn8){G7hF= zQZFcdF&`V8)bv$o3=IsQuCF~(fTiOctFB+vK78G4lPxj!6$@SP#etAMSe8!CCZGQv zdB8R69*z(Yt5WJK?fRMyvxGnp8BIv|J|0nsE!flPUuEB(KFU0{?*S){yty;&WEwLY z0G7h&e}DyL0q=*0;1K;oPmNY%sgea83Zb+(*ahFT2-yo}r8)gy+n`{PsRfIxt0#Ky zz&KWvG#Gn=Fg(ohfDKgi-RYG{CZBTy13e@ZFeK2QMq8vapC(W_1}FIFpH4FyIjxQ=r+lFvJ7M;KuSPjhKIr* z9M8Z_Hro~`H${(MuxAgC+rIq75>Q)29lUt#{K-fj+N99AnP4>~6?c( zCbNfF^NAYMBsui3Gwd@SAqSR``Qi7bX6*@=L+4*@jpOq8wCm5$Iic@C%?>uMvtR44 z-dAR)QuzHiPXq>m=#)>*m~`;Qh1zn2pd3OSF*AM3_x#pNoCV5=XWB;WRrx>|tw;zS zctjvEhcEwd`_HBpgJ3fxT|0KoKPd5Z)u;^U@7=`$a0P~k{Z0(4P< z1OOHIvs_S%e~QUin<9~cf_fZ#M_dBGPXjhitM>i3#5KmC;0tdwGJLN@4<-rJ6xamx zy~#GLYTu1>s=Ast2GTGv(O2x5hf=v5fwBF$k#wS+Hxu=C3-%SIuT zjrbKK0YOsU*v^Oq8>Q3bW=>>*b=8v5@)YdltRO~GB>v@f3CmZOQVO=rKKdKC??Jw2 z>maFiW);j~@=#Wzo~{#^>>s8c$ei$u@4~*3ZrV0{@P(synD27fUm)1cJG*mTRx^X*KSvvOErv4_@}0ZGM0VOFSI*lR(APP$hBMl;E8H`sNA{F1kk4hs8nFTs)hvOQCz@W@Z%eIPrQDJ#624oVjND{?qez{CHiR zF8jo4G)BxFOt}ylnk1xM7)qnzY>Uj+5=Zr?AR-}zP-D~#jrKE(8WAR+!hOx1$Gt%9 znL=#ZhmN`|oJ3Y*6a2X0g)Vw;>gJ2FT)IwYCikou^cv=_G<~`(SNv%Tbh_9?Ab@Q(M}x3#=yRiVpc#g89(PvaK;9~U1}?>h#sNZ`lZLcsmh z`-($S_}e2`-?B3GzOZ%0=PyN@+jGO$bJLjjRw?ut5^xXJIrwA`Pe}j_z}KCAFfhre z3x2^c_@7^ht`GxLx=wWvfa@@8U)@0!iUkba{PZ@@<_$SPoH{c{kma$q(89A5`^}lP z-Sij!rxGh#&FL?6r$ax*8vb64q_mczk%}E_5$5AZD^XK7y61DV)V`fIZ3}m&!Arnf z%pN4vdYYnen7O)RjZp8KhQDU172b5Sy?}NVw&~~Ae-auvfNgj_Gd0v+`CG_X8?E?V z-W^E{TpDvolrijb*m?I3(D5{FE#GbkQBDwkwA7`M`5gZCj(6B_du%22$ibJDL2Zp{ zUJDFX)6+;UXhaNP-oZbd`@59XU@=+wa6#1XT`9(U5^(5yxYXT8qwe+o{DqI}*b{M5 zmS(LP3Rz;TD22aJT&A9crO-NC!y#PHqo7l?fZEKPG1{~onTj+OfWwnV=MX;mwwPH^ zxGQkrKx?#eT7pycD)kv(%~oqSpn9T@2ZK`-X5?_=!EehL>DB;0a0bRt|9{H2ABg%)P zjrJcNoHk`C((&TJPq-0~ur5_de)YyN7ku{>A4A67^!KkuUiY?sny-J1^p=J;a6^1h zqH!1^Db2q`%Pexc5x(p;!Ike-y4g1fX+9){Cj}7~tUnyyq3b^w$3=B!c`{C)lJnNu zbxwzbE9FCfcMB62U-`o`L=6PVlFpKJsl=AOIiGiMIelsUe8^?6HX&~LZH${dnT|O% zcU@_ujhUY%WF^CE-qPG83tMUQIE&%@q+wWWx{6wu{(K5Ip!soN$DUw~-ee)_Td0S; z{cux{xaVDN?xW$@6lL7c=C&;!stB=u$Yi%0yGSL|c5&Win`il?edvfdE{DP&Jh80F z$PfvTnTUOw##_G|mIt6H(lC9Zx>DGK(MUrJ;qfJ{dZj!bY%oFRr99gieKV3iw1Js8 z`bx!g5;vk&C`@L5mUB2P2(kKk6bm*A#I%+N)oc5#w%);fs?dv&uc@m&<^UMQ`~kj8 zd@MHGZM|)5DLCI-`-25d|MC@gV6V=@Ywkzr9@ED)6Vzj>!BcAF<3`Vm(ED$&v?tLa z5pt&nE%$2v#FXlNeCqXd>UDhT{cr92-@Ny^fWP2c>o@-!^j@LYfe*a~u;M8s0Jrzs z`;oz_~FSQChKeQEodLIECr@8@&|4C|)&v?8J4@Bd=6cYGE& zen};Q=>;Nyl{jso@-0ck1xjEm=!Y*j|HPo(jlC9LJ`%rDyD}lS3e+OFnU`e^?Ge7i z<2Y#>z=Bb;Dp2{|Z1>WgPF+EqM}Dk+tY5hqCCl`L#l)C??YKKG|Qu{zldnBvk><*@G`n8&0 z4Rpd{l)*w(Cyfzidap)zW-M&&qm*lq1QgneT6Xh-mD%90l^^p@QrkRP0Zp@PJv^Ur z**x!ieE{>};H|B*aAQ}0gJ(@B`M7p1Ap^?lhA8mctmVGnmdk?P5p1Tj_1Z?&U!#CG z47#~LiU&hyx4Lue1nWIY2hK6s3i)`^^Q_@%OnP>c7BS(R@_*T7VjkZmO;O}LR{zRr zi6N4SLF^dm5idr-Jq+2(sPRh_EtogeP<<&(him&7Im^*TvXY!3SwBB-acfmpt(6P* ziT0S%vEFs};XAA=3%O(N5#~9OwP9@&?LDUuQVy*OO)K=AQci`Fb zbN}l!;ErhPc+;LAYT37QfsFs{YOYQMz$QZr!5b@?fQO6sTEM@K$=kdlShBIB_D;Q(ZW z0Y3_;TA#Y{LeasUc78-P@J8#RD!u~KTAh0waJ-7I3|+!gMW9n=TylvBjq{66RI*WG zYHOdbCyZ9f>1?*9L9Q@ZV)dRj2*xnD*i43RT_sFI1ca^-u-;FhHV2bPm8-B1Z+P&2 zZZ;P$HvQ*jY!r~r_C_#AIQu>!gyAznMawaS@6=j#-Aq`WMNn%@96YCrsS7O;X^tUM zY2U6;OrZSt%F4`l_!Fe~*F`V!pPXGrmed8w+n@HF9AYTPfZt^E>yh0@zf=e=ynXZ9 z9%_{FS+-bEj|(~V9yF+SII)X{z$usZnTw|svkXo|-Q(%jIL1jhobKFeOwB!B_nF%? zTF0GcC0^0+8RGJ|v)#?Z$bRRJAWJRbQ~NBHTYgkc;3{3AVq%dZ z$=XCa$20CPd;zO3$4(QR`{Ls01!Psj^suA^1vIs&Bri&VKrjY%0VZOoY#lb!c@Xk@ zHBImQjCtm%O9#>h%h&e@vyPQ7$!UaCIi?K?y>&UT*`nGi4BE$CynhK%$8SfdFG5mQ zG;y(=qN&xNp$9Yt3dpb}fPGesazaP!E0gERtGAi1c>-Tgnb$Y*O3e40L#-6rez{5V#OjXY4;ursVj-{-&W*w#2->D`A1ubM zeYL<|Fu$w65(a8JIi2au-#w@THoQgTWAyR-o6lzxRuADb8VqeB?c_e}7{)My*55pM zR=yT9692j`=PAfv%SMVzfj#o{bX1x&E8r{wiE~>W^yRXTe`&0LVVuuyuDMBzZ#dcN62E^^tL@JisyDrjy3PG?WT^Z~GN9O+3H&6M-SL-7kXKyhla;!*vg4@2Y? z>9jv{E6CDWd_-L6op1DiWXwO$P{}cUuPAYTGg0&SnWrmg{&4V~c#KZ8sX}Fa=|UBF z5`nl7xre*qsHrW9Eg%tc0}7malnXeH@CWbDw-3Hk9syGiz7L0j4{anLS3P%3ANxJ0 zJ$_&h`^R0+`+puaZyFzeV**|rKF+=jzEAW#3B5npemwu@nUNfD-SfDE*YkKI^l{@W zTK)0xzWH$vmS{p^W~0d)V@Eueo5Rt9XD2G=`RxNfO5I`lj{ zL^6zPeJ#qQJ6I8xbv4IzFMEy8Gl966Uqz`4zuvz&ZGC4qSdX)WO)rd&j_QS_A8Y9J ze0cgLsQ+R3pz+x(Z|w3Z=inN?j-&L#42N2+%T`J)Bh%m$|2`5|Domj6^jpldU^&1Lu=4 zm;NNs(|&tiLEr)?IBzfn28r-t80OzfsiyK)K5?9M{yv^gDy!NQ*~l(&ouHsJ z9`(L2lH}5|F#UzVGz(-m3FP>h5FGOK5tFGw;rO?0AxUMedh_Dw_heaa?d~J#sZ(|` zQ77@~4OuC&Hz5Tjr7wK$frp9Efw_YjAUXrKw!~h42ItCbYpgk4AeuBm-`2w*n!&zc zsEczHvNo|yZC1L`JCfwi-s-DKA2h+JW$r3jSckgu^7ziJ(=5+V!Z8K3dwy#c<3c&` zXyuZ$CYV!hEelCl^Avf+GJbv?7#I_iRaGbz<&~mP{)&`&B3SD4`WGykA(PsT8i+%t zFWwiDBPiugMHQ=ocSZ<~u?RxP-d_0<*`FJt&B?SgE2qI)`4bWbg{0>*4@w7(?$$V{$b{pRtyBs?5>!Jr)DQBiN?fN6JboDGaioN$K8QCE+z$Wa!-X~U?m zP+BvLMGlbAd*3#al9cd3UGV?)s^r>N$rrWxcUeH6S*O&vwERFEGv?}B12|b3;?M~dIp~=Efohy zb4C1C;WinRc*cSZ>HLW;i9J1hNK)rwo_(F|N>r(1B3p6)O)?q{VzqKC$N^t|5oZ_Rdp!<+;IqapZefx5n?KN z-BWze$$K5`xk;?;v0MB0Iuh_P&*5Qki0A(Y?_)jhrM8Er{Vx~G|G)X;-1|jbstVny zZcQ5q_;@Zq_-WOAM7jQ{9%{BL!Jdh(2f!f0j4P{(9yeD>dMGxkQyVkIf(VNn?AE$h z8j{#=`2R9U&w>B%&=Zz)Pp?lcuW)Pk)&Wm_-4{rPl$PIAO8g}z8qqHeO$nJrsMg^x zew8oY^0!AVH;oqD?pbRF_{$+L_3|LY$SJaY#jBLB+J~=#4vgfPQK9F!UhXp)~YDM=SK;#g#vU20*oA&X=QtEA~9j#l8T*%_B^BAwesNa zvM~(tq30sy)J8TyaF*}xKA2A?Q*3cj1*sPbyz3bKC?V83 zCQZi~cZAZyu#Wl$yLQ+h>2pMWlb&r(wM~V6l-iv^*jkc2IRW<9ren+Xq0xK(vobfS z)Dj{|7HSNf?M$Y7VJ!9MT>INhGGu6Ml^{sk5#CTLvb+nkl}%BPE;|Qaw@VM@oIeqY zoKyj}6Evw<2;Zr#bT+r!X3QZy3+RU`{V}924$V`{4EjHXEmw2 z5%164U0pvxQQJz#DK1OrNbQY*yN2TH(s%P`{gyFp^!r0bncvQ080^jE$@U7aNUR-~ zXF4^L#eG(lCM$p21$Rtcm++LZ6&Zz6TR%frLmYvCvKY&{lH5%kSTwjqA87NC*ww6=@g^oB@tS)1Zt^(U>QGD94ljD&W za6(1o`xKz_bXmD7OUpBNt{EwSEmJnDfI$m^lrdw;YC=Xej11#FTPrO&r;MVukqZG=Z z5%5K zJL239AGIr7d+L7kv!pS=>y>>Li{o82S)OYK_UY3n7x7i2!e{pNN8?CPLS@W-@4kg8 zRGn$!EQwNGGZsuqzp2PCfD+ssf4eKjQI2KdY&x{OEX^XST`1e(dZEvHL4}O{3Mxvw zZ_OS{7LAJx42G8&DSSS}?udjBv&@HPjWeLgd(!O9y zB#m{NJ06?3>Db!cL;K@QR~RA(8s)$>b6r9fnYC%EV)Hy!J1M2X1RogIr{CzhF1eN~ z_uKVc7}(bFQL}x%1mEfS2RF&R zOx&yFx&YD~Xxd*mhwBJ|VmN|lkRB$C(X6m~PfYXPCOCmKkrgY#mM2JDu0zO5=uD&y+}qRej(Gf>_)xk_kj zP+TGM$!Rrg5baL*f^ow-O+@X5=bpc7i>~QnfbJ5x9zx5IN%kl0H7D)#-Sp>UqRviZ z@S0pM8FTR5yf19jx(eqbJkEtM7ILS!Svdw5w2Z{Fu0!($2)rDsm^tpCEQ@eE)RMEF z&wn~pP~6=~#gY2^g$d5seu3mhh5LtrdY%$|Fx$K=LcrcECPPWXQo6vtV0%9)g#VNGwj@tOP$vnooM zg~)g91UbiyVS~q2HFFEQkDoLdRt67vbXEe5~Mkh3+B^svI%wE3t z-xPWeyl?KuGTlG)hjIM^w^}^;uELmn|E%@At@WI(b)SJ3&;MRiT=-xm^7AV=&!)F^ zr>CL%uQ}82K$}5OcsgBVELB{HD5-87C6{Udl=Y%FD}Zp+mhlVMqRC#wku-;P9PGZB zvaP4ZR8{pOu*AUhHQ4HV=6}3X0o^Ofyjbu+%;E)Trdyn}KR0B2%KX!BNG#TZ+?J9wTn0sI+|lk|e=lx`6g_vUYuGv>M6@6uvQKeS6!B@z~A@)Veg4 zzV0E$*I*-;jODhJrS3u<(92fpp}9{`h_1lh~pD_ zfh!X{7lyTbweGW^ocN_5A!pXoZQ zgZ)z8;@fw(hX+Wf#6A1=b#nPu&Dx2$*;=TGOgp_abpoU)+dXwb8&SxbK+HJ z=A>)liJ^7RzKJE^XQITapzE78bcOhw`-ICKZ9@OqfY7QWYJfc07G`B?tRTS-KWPnD zl_nbXZ(a?|;ugX>v|PYssMA)NDpO+nHu*O+_AmSaqCNZJUwV;LcA%nElt6!#e{|Av zET4DE;HAoO)_c9|0(dGXVns+OB^?Bn&*x;2N7|~eB&!~=Io^eSuBms$(uG6!4d$Dx z!c>?8pe3jquiMKJ1H6;{XDR(pt7HvL1_Gu|6{ZlV^<(I@FP$T*1REDee8oe;xz~&d zv5hbDgEeaNmQF7)P#9Y}`YU2Y-M~_W$D&7%1XIub;~f(o4h^#AI!a26`B*!D)yd9S z(kZTl9P#RStdxG8kaQ~6Lb3iN^yTR~-6k)~j;YLQ4afHP-BD>PP3aU2Syk0wRF}qu zCAX`?u?AYQUVY6m`s|2-rw+cN2Z;5zRAGi({%{E(Mg`U9NGn1!SGoUN#S4 zGOe)R&6Sh#W^XQENHVri!{ZL#MYz%NbWp)vLy6B+xq>GKj&V^hD>JI3mPyenm>_MO z2gsfzL9v*ukOU)vbF8CU&3G&YoH|&*-sq^@Q>;q0H2oFOuvs+-FL zSDfW+eud*ao)Lod#WK&-=lu|3bd{I2OX}ks@&m4P_tunD@I8MwT zSNY)x;Fx&Eu?*#0Fm6vy;y{pw^4xl5m|a}#YaQG5Oy9AQzjJb2tKtn8&$Ac9YW|&1uwtHKzMVeg+75tl0`?uz}JbzqpR_+paqJh zw0;(SC6CeSlAL^7{$GY}ROT>-bH@`j)0ITb#(}qnb`wf;=(i*33bYh&Q za9MG5Je*V@)qwgr`(nr&Ytr4ekr{hLZaoQUcQ_X|AnDRuNyJiao^pSBIK`MM$!n#- zg&wNzKqg{oFj4SKqx4=EieHD3!8ny(k0vKe;&jcII)*yDn2F zs;4-tjmI-{DY5@nj~=B7ie*nDUA~En{hN^ynT1uEYnJp6RrURF?g@)Pg{GlLQ{vH8 z9|&C4_v;N&N&&aaRAEnhRnl93vM){|yR7~${|=eOuTz;jG~JB#(cu5>^2FlEI!X{* zL4+l?V$%e%8I@W)m*Qx&s4t(hgtomo`5ozd1>IPKXUu?2NSty%yRxT7GJvs-(BBrW zb^-@5&gcVDLw0x#yB43f@Op#~BS-cV;}MIA@fR`(Cn51tXB{(OD> zcX3TQ5Bn(&fvF46+-xP+Q)h^}09-;y=t!8ACAd~OgK~{L*ja8>$(iEb*1{$?Do1Z47ZBTCBcMO^Yw7UT%}c`o$#k^N59X2Mkh}zpMz_s(+_dAh<*I+W~H@vqvxqBY6KM+F0jM)LN^2C{9tX$`r?8i zW?NRN0bRimE^o%sOYp0QVOA$BU+Zy8z!_(0_Z7gb0^`Y>6v8TXg$tDObXvcBq<_ye z`$GbG+T18wKQq&+7$pFfOEf1%E6fm+T%{%$*P5iLV(4K8G@~+Yn7!n2kH!XHDH@E} zeOm(a==gA}Cxw*qTrAo0w`E|!pajU(^7?EccNoQzL7P6JSI7C87DV`MnsH1oNuO z?P*PS5hPvb60$=wUtrK7#tdTyH)D(M0z zB!4Z52DhEc9gGhs9d6x~cdFGIkRZTFp3_?3L}nfLwQ&tYd}^PG&dkAxr$||UL2pTg zpc2Yz%@UVU=kdyJcXRMV>zZkg7kKsRZS(9Nv92=7J-bO?#v+x}~C|HQoK&>3S>1aKRET z^`qSg#bNH`h~mbyl|U`lJNb6xZq*6VyU)rFXtgXu8}vOxtzVR+uf%*JYex?CiG##X ziA5uu#u3^}uaDKkTP8NVW`w=48eM{9Rcswk|CZZ1>0>xE6i)SJR$`hx^O^Mc#{-?} zW~omz#LPV4N+O>5F5X-udcmMcrd1ffSti1|>a?U42_jJni`vF-9!wuZQ>@h{rP}bp zYjP!NiX4T%>sTY;3;kH?Ihu14tw^^uuaIKku)4_!l2ikWI++Vzdd>EwT~8CZGcIT? zv*|Vk3o@C4smoNa+d80!k8~VvsD4n(!S#Re??2mII#TmwLb*8I^2(Sv!P_A-^QJvJ%)6>)83(U-^cuFVxd>jq?1QxMm+hV(&gW z<;E-X==Fm(Z~wuSjzx7xrblZSYH;Ez>-MNA?rrdiiKk6{%z%lAPO(j#aE0JQ$@kETBd(_OTAY{+uq?mXTK?F;?0%5b>ETgiO% z;cw4*|L(3~L1J&~uBysDPPPR|EqeDFwZ_3O=ub#Gw2IW6aCt(7^MZ31l9jz2rrO^F zr!+@x!D83f(qGeq4!Ipqf$v*_S%Fx1xKehsXWJGwDX*?D5Twou(`jUu9X@gddGXo= zrcB>v>&d66ho?!vhID+N3= zZ_kaQGqp_mXJk-|_GWJuuyyFf5Kl(%3Li8qgN9h0H(y*;X=mO0Ib!P>)ME~4t6a_w z=0$Ae$Iq^5qu|dEclEg~M)&v0zp+y2u}{kLjdxhZZmU$pUIjs;D)Qn!9ZK3?#PLYg z->_sU9b+}M6_I;YWYpfz<-}!B7@Sa_E@0I%7G?07v^?ZD(59MWbg)Wq)sL?9JY#$b z;qm_-fA9a{EP62hZ}Z_Fl9vdSph+b)8VEw^Jd$i30y$-6v_LA1`%w}o6D;N|HKy5P zt1#YDHCwR{f`pOK!PDp;9q-ExPk-!YI79nass0dBbSKN!Tf?6&TJd@2`(-QApQ{A9 z5HEo@lz~Z;7ssZWkD5Cw>zfzeu73$4lWOsQmRy+7TQW_wzc{RF{{9wR%%hGV2*oWW zJ;qeb$RtvMO$O4(IPL1dP6lXcTXaBSOrE6aK&&>vBn!>W`qkSYB zIN$^PHW9i!y_aRi5ukic-mCUhPB8tooat+!aqP@O{)W2p@^47@DXqclE4pI(tE>xNR!(m20Lo_n%7Yq(ndE)B zzus?r6LzH1TC_@x26-y=?8YD$D@*6#FTL6)d2Cj-d89L5pc|cBEn|79G-ns5BRz-` zYyqF^Xze?n$`85Yp8k6z3-oI~Gw@Q|J1W0;mtzn!Avr%X!12Ieaiu zgvum<*Zd^$u*AHpag3gZSrLfxyr4b_Hx_x6Hfj<#)}BuQS7eAEFzHnvzaoHs_ZC@n z-s1xv#aUsHxzAcrrT5Rt_Pn*#(whb5ksZckK0hTe33>nEkY2N9KzX_fz}a~=m!B54 z84iU_rd&b{gdqf6uTE`?YNc6e5@lPFb*s%;aN;NkWBNF%*sg=gHcBn4(?Sj!x%pL& zxeAy(`;URc-6IbCaeDplT8Ys1U)_oiM{;!eO2khMw6I1&OL=tBrFf*R{iRT@23AGL zee;;=y;5*Q4P*wWq{4~|V}b1J?}mL3>+d>g4u28*{Q{n!(+$G({RIyO(?>hFw`;f2 zK$Wd zP&DM}XXKZ>PUqJXt(v_f+QjA7U@qDT2p1h$y=A>_kDPRZq9vpE2lC9KEOpb1;Ageb z!B0*gFmH=hLL*j7BH0(pdwtpWUDQ!3@NETs$B#afeCa(C&wz{%)V za;~gpBJZpxw|)D5%7xCKkovzZtP_G!yx)JM6R(Q0^YZ({8>*Mz4QzZ}ICnehxUR3W zSBxhc`z?XWizhWk10p-@6!2^Le=23l31VJ6C!NT1Zw5OYCHnFKc9&cUVmYirDJ1^7S7xG(C+cG&Hh+w? zA?ThY4@Z&&eIYUXS+^<^OQ%d)90&$lA*|x7F7I=B`uM0s0^rwwaf*7YsGMBWir~Rs zn%?fjAox%<|u+tkiK7H@M&Pb?L9)1n(Mq>!oz8f3!(+XZx9 z$CJ5d06IO#zKpeO^=#cd+R-ja$4zpt_av)YNV=7VDat_)<*{aM6V(2yACFYY%N#KY ztAaQl+GslpK&Hmb?mL&5$f>EXfQ;z`y+ldp+5bjtD< zS?O;|4dym~8%Q3LBJT{o|brvs*~nN)x5 zdO9x0#=CloAW9TY*A(2hDNMj6TF2q4zvrtd4n~felL-d#QnZ9FqeKX)==d?l zSAb9V8vv0L7xPDQ+DyzF2nd;7#MGo;1lhaE8y?Pv%IF~rjE}7mZ{kmM*j|miImn$F z)auR=U7&TY&7EB1T0NLCUGiud((~ZfI;H`Il}>yHiA3v>Z#nGsvGO0GpmxXkwOH$A z+a{#`Vkl|9bZ)dfc2>ss40iun;_#2}y>o8T{@8D$^F0+=>18T6Yp~W{7DYYZ?sI`h zZXi>m&T3k1I_3lcKcX-2NP1RQ?}iSO6M;pJhCo52PdVf|9gw0I{|@Y3cR5uK>q`(HnGdkZt8y&vPK=p9Jp9HAeF_hM=t)s-sq?)f1N|-H4kaLH z=6fj^8G%xoLP_@6g2}PD1brN)$#!$PmbXJd z#zLJ)It7KWqbmkn84VW6kz<0Sp*rsbgLpAIDR99z)fh2jlR$fB_it@~YtN^*m+z!T zeDpLGV~|qC5RhOaLEmCo@#ctxg-#w;Q|8D8PM-_u1!)tPh??wXd`D?PR09hkBXNYG zmZ44*^b&oR;Cj)|npBNQVBq(5u>u(%|I7YkT9K)II;X9R?uP20n{j200Sdm9z9!0m zI-kuZpPGFKjC1%&Csn?DQrQkh@FcH~YE@*MYtlelhrtYWqtryDeMgOHRH)=X2eMXi z7cW{L=w^_^zFRTU{S;jMCwpI8D%?@Dfpuq#{CP|G$E{#)xv%Uobwo6p#$Az_PD8K)KV~&Be~ZO?<$qf5gY584CKz zQr>3@qEkNym__MHoUVpP^)>1Y0BEd$9^r43M6W;2WcXrt%dbn0w_Y$*l97ML-D2(Gl^B|F+fv5H6*d$pnis!7=T(h5% zua;!Q+*@s3d|(pAaKMZRwr?{*1&0E^*1>c00UFX_w*|}j(hL{Ii?(EKd@x8%MM2v! zcxl^yrFl8dusRsFo2-A{=44UJ2s6tv*1GUJeQvt}si83w&Z9W5} zRks*hzQs7A4+5dJD;Av0n@USTxSu7W++Q92-D1PuPt51R1i)q9y(+@`{x88u3AGSe zG^9^`!STuq7S&2{n;(f~;=QxI`LwV%bs|XWMNq|f z6CZEQWB?znx}3&Z`0=PqfM*$^02a2s3CCGl*n9Kv^EqjW|tyb&}%6 z1Mi|ey{FuTo+xNR%#C=!k0JiQUp>JugFf%){lmlQ zUS8raXJ8hW$8a|-40_Y1bMwkpYlQ_ZZG`a?e@*^rp2vZ|SeaT3{67oYKRoy}CjEEG zZy2_|#w>l0E+}Dw9R=A!WJ4BL`}-~wG-lKe3GWbbZ_X$-Zfx^Z;LsmSCTFDw52%yN z(I#awDmF_7OWYq*Bl&%`c8t{;wHZ>ehR$O3U7Lryrf}fZth(6#$s;Z`btS5(Lg=x{ zPEKsLVp5q zp`Ar%U+rm;=EfEmYxb)NyT)&2NDL<;(&swjAdUu0+CO<1FqIit*=KWZl`xiM5(>9U zP`jll_#N?=!^u2bbe8wqy>uI= zpKevD{2rpT=R{KmB4tK>Z!nf+QKn;Wrw)Ra0gb3M7Q}f!xH89|v6LzcV7B6GY591q zRw*oD(#fu6CZc*diC9Rhv|J(m=)3i~GA2sNBVeqHUNThH%#E9I6_VsDf3|DErgJ^X zzD}(C(~a)n(4buOaPy3zrN@(`S*mC;X1XgNSJLB4OY$|2GFY6X?Gs4{Yerl|xY*0B zDb34o|MO;G%OER7g@n32XK*fD@XqC_D2iBobgZloHRs7-~vy( z-=&xg`nq<```M`8nr)O2K5hIQ&gl7rNKMLUn_c`hbNQ)$@qGIB@nMvzOk)>)bx)y= z93GQ+5uRJWWY%Hc_RBC4=kl{V?~st57mWk%w)elKJ#Qlh zT*ET#{(C+>b}}>i9SX^37@{T6pm&v00Ylj8bQtN%XbZ@niRYzSVPzpYg&NBiI63;e zUh63$2o_5Y-CZOKod(}PjFr?VOm%$RXSeyX-{*IC5v&paOPoqy@~^O>S>fsmhK{;| zg#ElGcA2*ia0sx!qg@UG-cl?G2+WHVjmlh{-s-Up9``&aV{g^N-jUP?bPZ`Z*0|`A zYOI)vtWMUi6tvU@+7;2t!%4@PbzP3mvOpLs!-OCzH0m4nZiaTWv*2DkRL}byDd^>x z18XuH9E|Q2{ifp`ap^x*^Xv+}*>O@4c_NWhC(1R$_6PfysHMtu*{hZ?TFeBKdZK)k zyT5)^eq=YI-*%(O5TbzOr=be||;1-+fQz+ewptAK&rvn6~JrU^QBioHEQ zzn`*RI{;&+%Noii=VgtddB3y1YgM9L1S)fh|rKC|J9H z*dV-UWVW6&g3$q_DT_)b<^UKjbB)L?#2nlUqvxjStnq5U*#y)U`5DZ66@1oK(#QfS zBZ4KDw0m9$**PixHU#m>PAz;tLzKgW6*kF5eptz&61oVH6@?7>1-Au(AYN}Y?+u{0 zK~9ky#Fx_52J|p&EL3nlZV0lWb8{r}hp!aJRkyUFc3$s$*>+v@&QH69?Q?a#xax<9 z_`vGS9Iurd+8{GiRyR!z_W#kA1Cklhzw3B3TbPz(@c21qfm-U#r~*e&JlkqQ8@(6J z<;|b!h2h8y*1r6!`Ftj0%|nu05EH~3>U3u`^FzSP9D_>on$zVnr*w)O^cQLnX|YA3 z8-?@nITx>iS`k8M#p>I>oHk!0kU$p+sN#2j?4Sg#m<3=&F6EPGG4llbmi{OW1WFDR zk1?|iaXNusrKnmV6#yr9zbRccG`v}0J3e@cXo=hVAAvAAl%SL3FA0WURLWFj(LR>8 zVSs~3YWj!)eVx{SIWUqmf+;goeL#rIG}jS+i2gwQH{O3IFfW@==X~|tU&k@P3KU6G z<-x%yFxy9Gq}sRekNcW5it%U?v|$_6z)Anf0fnWKYe%Enqe?esBMWP9H{&)9FpZYl z{28L4tFebr9H#c>8z%$#F^1p{{vTIUwWADQi>LihKUNhA{(ESakHz%9Cl`TNm)#$y zvj^LBsDnJGq{5VyQ#F2EEjq zB*cVR0K@5v=_dN=gBx@6S!8qy3;D@%L~39%d@9cW(860fsw1l*Dkcfyu`9k3aiEKzFy!;z z3qD%vcvd}2T@&G<%~H_jT@OTkM2?Bx3CL2kseuy~6sry`9AGHXd@6DF{1|?8Umxnk z=P5X!x{yKLrvm1$AdXHRp821`r+B;ZI7$|_^Xaq0g-5ibXg{ z!dt48Si?zKgk4OZiGf(4_2cUVHMQ}exjh^nIG3xjhBT=b8u>laOTVkWZy)Xk2jqA$^0YXePWbUB{m9TU8 z>E=Te#cz=v%LT`{UhZu}V`yUA61IMr%~RwExEJhBxM~Xc-7XkQh=)gMHvDwk8Sh2z zhD$E}l}UFk)Oo}Zi{^g|Li?01Y^sQ`L@-R|^VmsXq9~PKTHM0nsr}x;c*-u*PSqs zIm6e50=e7F7MgxfOmK%OiYft1FQ`uuG^YMx2IKx$kfP^P09LKNT>Uk`I2XPEuxvi$ zWB!-svFL6CtH$<_F|h=}@r^%usp2p@hSJpzQKlx$ZLa9&EUS+}N3X}{_g%TbiS50X zN1J3Cg@SVa<4)&)9I~VNcj*l@1FI-SR+!Uip(yygZ>`-1Or$UTdWM1h4e+}!{7=beU=imHa+u_?Q-0e>= z!&=`M|DQGfFY{V{0V{fGsR%oy~0-r5{K+NwM0KmSGLf1l^?v|az# z8=WWj`Lz2FGGGt!^Y`V%-Vg_cB=$Kght5`S6u>ftjX?vtF`cwMiqr&1EHOM_vyWkV zYK0G+u@Uq7vZ-SUs#!J^Ug|?%l1&vM-Q=^J_>@ zKcsuYIk>aGxY)|5{awk$qn@BDy)Gk#xKtETfx=pJ-#a}J*McroajZC!Qq*DL zFTM?47)CfH$&5JjneQ_g@qE_g-WCIGrL$f1$_Ltx=S4Y!G;CV^#ZC`4pU(VJn893i zDqZclRjX31cNH57wf5$(os6YXZ}=Y2>>-|tsE}UTm`Rx+ULiGV`g7p`k2`K~mqJ=X z36c@3hZG$mXOZYR@C7mvWoAFPUWNV)g`w61YwNMl=r#>=lP0Br(uitxqCQ@-m86DX zG#{>3aEa}YIH~R%jd($w)`V?l)oyTt$st?CPGmPd9LI-o0>+8~3hH;#s7y#^cCEPW zM_+1_gpv@IZu*@f0w+txf{jxoowB_N7D6e9KfLa2JxS4@S9KM$Mn(m152L1L!Q28o&IO*y8jXD z68s0r-2O+8J}IVEyOhIF*nhhR|Jk?&1YSEW=JNgvTlwXC_w4ZR<@W8r*oVJ!{|x>! zebM_9t)gD}+G#zY z32tzcGhsw28#lX;(EzjRq&??)dNzKz+@T|d5yB+aRJ#dbFTR+5HFD_v3Z6k{1PVVyM`1+IlgXXDo3 z6LREFzO$dv%rf;ruh*_Exdd(Ue*0;YmwA9gwL zq>L(3gqdm4*!+B|xsnv^Pcn7wPAWkW z#Jd|QnM&Q%9Tu_t;;pVg1EpCnOcVuY^i{30unU{gdouN?$zD*zidIPVl*43&%3?p) zY`c6Lf;uq{{2BIk5;z^(d7)?RzfDj4ZuPgeg69^!c2o*?QqksK)3gVbt*AsPM`L-U znUYsh&Oo$PyY!hBe{JuJH&^Mfy~wUI#cJETp=Lt2r(#$wZ+EPpsLzyH=avR6xy;a| z1!KpSW;3)>*O6$3I&qmci4#djCX9^#Ae~^k@A}6(cGUHdx=rSVGO7&4KX&k2@VN4W zM#zmK?fciu4%|+!dZfUtK&$Qnw3m(lrWwUERz?dDaw|SXfehzrH z3%mB;{X1t3+ZHtxRG4ly45JuuMn)%Sgm*ciyjsdWB0q`kHChC8G_hLSa+xy|dtha~ zy}3q&@?aj!WkWfv#E_^JOUrja(u0Oc=i*XPnc<$>meC$Nh~^^mrB%JKF4?g1cVoCW zNmUN1l%N)4>$am$-zS8Go{&nmf}cVa++I2JzJM)iVZZ zhnTD$xZ{Civm*tQ7+EOxNlC%XaWX<{1z+GW>Wp{Kvc0MhSgylP&CalzkmOBO4rT9KZqEB%b*r9GWM~`lVS#!^=xAqo9|0_Lye`<`WNDhlkz{Fa zP4GY#`F=0V2r|B0Bb&S5nBCpo#Lh<($i!1z@rQ3?9DPo}f$4AU*gV66MtD`$08#?q zI?WFj7HaC6o15bGJZlJ{jPRqt?r^t~%290(TDB~66Z>U)3eXHOLE(`xMnY6JNWL)6 z@*Mf5{eoJLLh2Hs-bUj^%pB7Ld;I0!V!#K2LoS+E>gAJMrm~vkbRZrnlv>vSV;MG zx=t=HXJqw!tlU&l$sN=ZAn{_#R)?Cv9CU3f&_GaKdpl@TjLF#>m><^9onxt{tPJ&V z3A$oq>qu<1Q|p$SjY;8F%|CLvB?~-wkZ9ie#=K7a1Zo0Td*Ugd-3C&Az(2Ed%o95`pL^uSM(u%5Hv$+~Gvk@3eUV-Qe zNRuuYgyx?~5OD{vfisATsr|)fH`o@59zMe!blHFA=)n_G_)ts58sxI`(v!q0&%xbd-->KHwXmfd8D)&G6&$4o+ zM!Q^FYa+Yeo7Lhsvb|m+d4=mG1pNVK-)?RfTAfoUgjBeO>(-l4342q#Qm@HszyE>& zX;>z3Keaof4!RM~lVkO85sWr^^>?bO`Ptl8PWAQ)jCMpVR%^9wI2uaY4he%8nP-*Z zJ_jA`TgXSahyM{=aem2JnTbiAAp1+m9EB(aHH+t~=@>dPO=oG3OyCYr#ui=auBuMI zRu36iX|XyxMkcLZ@(s}t4h;~oQ@mL2FSk+AZCu}vQv^2jG=>|2WVB4GDWh6nHWmRh zHzE!}=ufvVDuUOwGXV}t@+P@d9vq2RqoT3s^l5+!cr~}zg_WX%Bl9_k@pQj$FDHmA z?%i#-YyrE08a$HM{XEN@D2=G=z)foK*^sJ>qCEmrS8?N*IhjQ5W->)0NP;s=%rK@0 zC^z_E8YPB61JP3~x&i%BZ{77ja1?)dw^b(!P@rAjHj8unh*(;UMUF0?GdaBcf#S%$ z$q%Cb7yAC^fyxNDl5_B0VubraUwOX&yWWlSj?eB#-;zAf_1CYrf&F2QT<59D@%O!s z9ej1jG+^C>k!Vt4VyJlzPYiqO*+%vH-|g6Yq>8Us<^u^yH7JrWZ;Bd>*tEox!#-(| zoT5B4l-->a#+;f`CBwl$Ah45B3fyLHQ?=tg65U*y26%l=ND?qq=UqS>qM#fTHK=P< zzeia+pX`eI%|iVa@4u34A{tA9h=~V)phP1w2Gmec&8^wHuDvpbFhs|4VEU(H1q~_8 zji84$qDFm#6g=fd@w{7QkrYZw-8GjMogW{o4XK|0WIx6LS)iZ1!2ca-8_u2vsw1SB zaaUTb(hHU9Y@sANRiuHhK@V)GXza?QU=pH-a- zN71}kVGvFME?q~f!+0nHN691Q%gxyu%I&%e{6nD$jowx6+_&M40ulw&0sy3J#nj02 zD_S~4HI!I?;c8NFx0`H87`%2+`E13umwL3WQ9pO7FS7)MPa*zEPPGx6YGzO6yT`R=R0x@+@rYI@kYGe`;qpKM- zf*|bdJ~_LC9@uRbIi%qdbi!97%8}G2QL`ASU3UE5sGqknbj^9s9Fe$;uM&yiY$m)# ztpPf0cFn8wN>{1rLXnN||1GEYudi#7T&RtECRH>QEhyn( z!xShii31eHU3}ssQHZ-JGGr8FR9F_C;Tb7(B;ktZ6URceaBMF^b-9t`L1K8%v#T#|D;uzp z#Sf1(1%HL2QWVW*(*@W*~Ww-^mAa)<>z(7s!HuyEj5?f zLvK760=8@|auA^cY81)5j7Tt_`kUqlhuo-M67Z2V&1|*VZUPMQ&+eLO1?OFO(Y)2y z-?O@nL)wHMo|dg)c1+ze3jt~L`G6h*d7&T0&k)w12|!ScdP&K4Ep4HOGNp`E%?0EP zpdxFmFL!BN(q|)Iylu{Wyt5;>kaos3roGS1qzO-k!P^Is@41a)dW_@b;*QE_e^U25 zu)?zxqD?KlzN(%*c`mB6h-Llh-A3YXZa%)^3H?cd6%BGIqMRsLu^(hkc9W}$6uc}Z zs_`b$*3hLbE>>p*XH4wSWLFg)Dr%*0^Ex9sZ1n_WIya*N>ZRlPj15z(zpeUo(J=pJ zOBc1tY|1fA#D^?!#{2u0U@^ApmfE(RD!SR}NGXR1Ta>tJJOn>x_*z&^H>TEi5}JCo z^4wmm$npAiVS%@JOK1zeN!>Niw6Vs{${oKQJ4CRS0vnU z!{HwlV|EsBNieF&5=vqqo;^a?FKBA;*e$)NjplG}u^j$lbv@y)TGzT|q@s&69eZj< zX9|;Yed>ao(9q;AaM*lotE#1f&NV@?VHtEbPH4g$DA63iOwGG`0xt1*vlhE)sZw*M zIJ}aI8hd*n787u&_*Gx!UtW#QiuR_Rr7pKnG$%APwZ8?x+1O5okK?NT^r6Eh8*M#Q z;p}oN>v*t2iQiBQGwXF8@IZ~&Ti8Rg2uyDJ@Kn{=)v(v3Z&O(8B`quyvy6CHVJW1I zaKwNdq@lHla2!>OXHQ3_cpo=ZzRIQzQ@0?yl%;QMa->J3OF^RS?vJhJp67AHZy<^z z^_Jso3Z50|LrM>ya&Rzx*KT@i3AX22;^6fs$Fwd0lpQcbD`8a650P z{A#UHVJS_$VjOH*lqWU{w@^cqVFx?5Tyq250340kh+cuoz0i;(p-gW8B-lA9s1W-2 zoQyfnII%u|E0TSJe#c0q=0IaCA9cAKRGNjpU{5yyt2s7yXXjtX>`%FY1@%~^c42>9 zE%W*;Vg(P(IwG4P4}iKGVvrI)Tvfp^b9P3L3RhV)CDz2m2W~@~f{;=I@FoeDm3U#< z$`a!ZDSI+CgHIraJ+b6*dXN=1xw?X48qU3S6dK1Z%M{q}6|QcJWsg!9w`zj31*rF! z8U`&6jFWWRSelX4XSr-l4`c^!c-+K?H>6cM3Z8v_1VYxpoUqSF>1>rrFK|BhOz{JKT9bU z0HPNy6;;r-j;$x8Y2>DWEyt#g5F99Z7TUC$R4(@ACOl9oHau= z*rL~2i>%(kYV7GSBM8BO+mSP#)__sm>EB_V#Q~c?xAIeew0R;jZv!Jb&UhhTa1nt| zW`zpPIB=WIAK7>YtV^ygnJ*bB;Q_*qOB;8hS1L1*r&uThxBP zfTGv1kv}csF2~4dynQ*!x@kJm1zV2ric@yI@jFWEQQpVcNLV=1ENgAhoK6%cAekbA zoz-1Htt2fdoLM%o!&VZMi$;2IG((aVrLiE4PMp^uirpzjp6AMxIAdbAgt3W)u-J&YXa^4@8`PafoQZ% zUFXS9T&bz_`TJ#k|5?#T_}=4M!1h}I2j4B%^Rh~P_f1#4-__wymioy3DTJm z;MH5Mm1}817E(kY1-KZSg+7u3!sYJyw}iRFJ!-} zE`n^q-;9`NYa6`5tdv}~L>=AKOKLX$kh`irOyMR_x)dv>M(?Rq?$^m?`PfK9dnHaQ z8lYE(xosY_oI12I#^tL(XHgHcD8(5`dIDzboG2bV(m8$*rqrs z(wbdgVLe@J*pnXQMhEdB+D+7Gp1sb{ZJ_AXeKls;$W z@vdz!_e)D@ogBcOkFi%guzuC3G7=`65#Hrb&|20HL~`OFnKs#3;#JpjBWFjEpnhy8 zjNd`ooL;Uw4!)@1IC18Zq=$Gss}gEPuQ#;^T69{it+aO`DR>=1`Az%c2j#T7mBR2x zO)8aY1Zbdz0ZzStwzAqJsj5m0O1UNipl6ANf=E0Z2uf8-8eEdXSxUN6Qs9aKj`}CV z+|-Qba1?O#I2Lz9uc+X1L1pFk)0Uwfw`4l3EACsI7a}}T!!JQ}6;i?nV>6SC&5@41 z9?Pm@`J&=<+UlGR9O1Xt`0&DHCbQrW;N2F$KHOAaZ*SoB+jO|MWmdl0}1DvUEOF76YNC`whSQ8PG-jY2v@y*CYp5V;!|2 zldu%oTFjqBB;fTN1mAW1_+h8^27@Ky@H*cw=6*(TGanzHc+ZhxfrrF?KG(AV1)c}L zn@72L|EJ>r+S>Xr)B|5*KXa-7+NERPLqHN?Z!Zqc;BnR8i$)ej_*A~R8KEiq=q zg*)(GXn7#~^fGbB``A;FVVEbDeWy2PZ6L5fn!$_#xFQ(AiOI+%IS;G26RXTm&|ysz zfWSp#C{;iZd$f&OnWd^IOV~KI+y&#R1ES$qC!N0b+We&2)wo|#x$F9hW^YCXR=1QY z#7qfjRa}@|T$sralhQkJDZ|sMNtmDu??Ty$uHA)oC^)fEW)Tol^_EmVtJK-!82*0D zdD@uZdeqCe;=V`A_U<^u=qeS^GvYxu3FAHOt~C67)`{SQ8G(Q?gU~eWv3ve<21UD> zArVqos0l}au?${7aSrp5b}YnO2yG~V$*l`pfBfe?O3Feq6$St~U5ekP1#j!gp>#hoYuJ6JQ zouGqAR6BTMfhr#%c7*m(b}+uE=$cF2;=NbjgkqfG7Vha=fOqx``p_Ng(EK!(vDjYV z^b+#RPg%*nXykBmVtpr8%g=lqXTdS-bG# zJF;M3*M0E2jlI%D@9XP9R=r?>?YFyS79<*WLh~tH8Rt!S3(CygEUMmcM*;csog`(J zm6YAA(`HxRm~HFTyX;JJS*UO}LU|cCtp+TSk$Q)D$1A<7iEt_Cf6N)0;%`2#VK}hK(-t$&P*c9mn$}B@6R5 z3(j6ve!jj_JD$PtovasZQnU5!&*HznC<2y`BHFPVYDp|G4DHz1H2jVZwPEbbNjOL-K(MK5Yoh6}iv#a3+Vno-3+*|fyV~3fR|o}0^*d1b_Y|hzdmL*5$cp>j;B*JH@%*&%1W{^stxa# zF1E&b^jV7)_h|;qk<~QnxKwk&7jXAI-Fga5YYiwW^mIZCCu%h<3)e z$()l4m5#zNEH8E`rAx2CMTe724Cz&W44asIMr8IxMnZo*0bvn7DxG{+I>&T6jqCBhO6AI^nwterU$en$zw6 z*ivXU4+>BE$$4qw+dJ}QL{=@z2pS6#>X(rx)Cggl#Df1 zUw3;UXH6w3{AaXn6jv2>-ZtAwu>W|wL44b(pfTL=pqv68gb5@K9pVk4UCX2*XYgUg zVXWFgmYBi&h43_50d#|^wN{G4vHbWlH^wF)@X>wvVnU`&b8#atjKq=byVu0{{Gju? z?%{p9YoisNlw72@RGo|p&}fI!TB>I&rcOA=z!jZk>vtP;W5k5j;0pAR)pn_JSpPGI zu`VV=j=Klm62!nbl4l1uKNJ~XAh9G5`V4n8)_2mTx{%=EQVRv&N`uO>jBXSU6H8|a zDJCeS!=H>e&h}nhFoSlz&y5RKj^k&ah+xDgTj6(2O_+<0NVc`YObC)Pl&&-Ldg!TV zr=O_kJ<3-&eHZOg7wW7hPn92CCbjF!v&fo%W69%l!b5RZw%y1xd@R}K$vYNDsa0i9 zpww+h@S`ZF? z&hC_DBd)0DI65+~FTlxjax#Y;EF7U)_=A2NKWf*)qByz89ZQ`qV&@uutR5&n+y=i9R+wNo=L zf(?m!_eS?d<&8=`6PjQ+O?l`lMFKUWZ9irc0XLK$|>`0+;LHcMBB#P8>V$e>wWzW^G}t zwI6U*cMJ($IA8j1RSfA}dQUlieq0ym+Gld?*e4!GG`Q;3b(?&x?uP(?JDvYidC;i6 zF0^g=_2G2kA_iGzJ4>|V+G6~hDfo1FJobg7cKxXvBfiUrMW6Zd`Zn~QXXw9&y6*n? zi)1RV-N4baMBsm5q(TIPH)vpeNRAwd+C+uJ6P;{Fd1z*Q8!eTRj*1ca|qo|hck#Po-)(I=Q!`|y8u%L zlpi_hcUc##O+lI$N4$dU9ehapm*sxCgJV3_E%jj=`~Zc4A(qB`mY{c!n9b)~wj&<% z$j^5qL}sK^svH!Mw2`c=35a7hxKLyd4CLAAVHI^0_)|3VUjzbwICqy9F}b30@Ot*H zUW7@+6_T#!sA>^pHDTYS>dTuqO=bH?LjZ_tbl9pBG{zyvP{y_gMzJzuBPU!^*-i~$ zge8hEPCEO}4gkq;lpq}n8v3%?iIP8*uB+S2*wsrb(N38o;W%F={jWFtWR6?0O(fT1 zHVxYDc~8&QpsHhu!{Cu@-S}xZG~FjUCmVSV?s+X5rrqR&gUnO@d(af}13`xu6DNFf zVtGm4WwQuPm~p+9#beWPwQ<{TTdvw*eN!zhUL1sog^uHzX+`E_C>_#o80wiXZP zR3k!4r6e#^U4LQ0C%d*T%07AMsNQa+f5*z@rt!wG%rVaTGva;R%yccOpF=6s3(StA zYkw4EWy4=9E-I#H#&vb|iTcx0?fT4eiv_l7$%%5?G5jHF4Di!Ecx`mn$fi&lyS?P; zlanvCvtfgWWiPxwIkw(rMdZDZ!BUuzu6CdN`>OB8@k*c?9sEHrpQAqD9`fgWL#=fl zm#ez2rM@K*c-~0?L4lqwm5$+xA>B(C8Or{ySFq6s)#NVF;DM%e*=V3Z+)kqY;8p7^ zd4XoQ)vjy5Io~Q z)|`>sr8$1MAYRv(e{BBM<}c9DNjm5P4cQ>jsTKFtAC$ZAeWozdLg+ zVNU^>m7Hl_&-TK<#{Y7$`cTK0$coxK=yV|EM$MWY;ibarbb_=!BTrnOgZNW#o;#xR z211Ve589lbQfpTRM580Z`E9mGwre8l{me1R+wta8p}TQHw!R z`E@`uJK$Y^^S-L9klfy{2gdmEV=BaZ(lz%D+}K>dKXz?t`YmYsov7ydEY`nQ$A8_U zn5W|d_g5c7|J_;noyC`(NYmup_2Rt0lf3qPyge^{tgs@*`^=+me7ryE{_vi#L;u=L4BJ>-8@z}{JMj<)NyX_==**f@bM|p@jrN6@Uscb;|j*n{mgP` zwbrY41Y60!c*YY7`ka)NWUickoFU^Fe!UL=;&qfV^&Up@bV9K8R`%Md7~drL(is1| zAe+jjw;LK06uo7`ZsMszQLHXg#eE>>Bwc8B0CRA)gTy&Jp1$3G-~bS{W;;_%wo>BG zS)a(x#@iO@7dhz9uifQwq==Ulb@M>86)fgs=>n4xbgwJ2WUjQ_)HL+n0YEOCG#ls_)5rPZvf?@%J< zYQ5jWQ=^z}`{+4fMlD2s|0CaYuKolyx%I%AHj5J$)i?7y4~?>2>(H#(5>6E2LX%=b zcfXvl3EnqO)@Uq@O4d*yB_IwW2UMh2q|htB}o#pbBk8Klqo$8M)G(l^98 zWCDpkiAswiZw<|RHr>e+xpAp+I&7G$1T!@0aWvNCM1jAdB^QwF_Qc`>_wXUbc+2yH z^?)5vvI%SP-jU+?ScD1wjbGrD%P5EH;RS47Tsaa0O?P(oI91t??0#Bn7j@OCqPR+m zvT0gUl5Qjml+V!}`%|HW69ZMcEfnSK^A^c3F3_pefaYn!3}gFTTxI1N^Q!R?l#;y+ zbSFGg2Ag(gVZEFlDz@d+X z;`rQuiz}Oxo710gS!6q`%$%qz^G1(0B4wl55e|Tr9^b_0E!T23ml@*4Q!dGwR*1Du zUejydPFGL&rc0-@bR&7>-!JA4YZ>y`KvfiYjFV?*h_)^=w=_8a{52NZ$e7z>ijP2B zAxY9A5CbQ(sx9l`wxE#%dR}4m>?Hc!;dJ>#eEv_*P(?UTPmt9T9W9-F(m{jz&)*99 zrK+mt9ciEFP8d6)dt7N*>!FNWI9{n4y6`6Wlb5p>i}ouem%Mq_s-9=;+KMt?NbRI5 zK=`7&x>Lk}a!RNPLbj;x9yyjaA#S&L=3g{pmOP2)Sp#Oeom+1vFB0`kbm)KZkU4op zt_+{U1D?W9tJ*I9fegv(HtffP;}@Sfc^-Sm+aT1hSCAx6Mz616chH=0R1zVVJzDgQ zL!m9VtL>3$uK@-?=Mk7o_nz|omu#~?@ppE?#(mYg#P5J3&%XNgZR_K0geH%Wy8kWJ zvu$l-^Cq?Fw;?z-H}47@o_kVJ)q0}!i>#?_;~Z=@@BfZB_4Mnp{ZJ5GNL9n~K3BW5 zg1~i-;F0#!bIw23cLz0Kc`o;1{_^9Ug!k){lkejI%X`tw)`vf;_pq43LtPpesRVB> z-!Cx1X;^vaGvI`sKa;$FV!&}aLq9pefmffeXX4*?kk|hue7}K%D=w$JCoem}C7B>t zRs{~wWTM*ok5RJoF1SlRQ5@qO!K*L4U<*WOwEq^^Nf$~|wn)C@7VAYMm|ELL zJH9LnPq-2??ATQZ?36G;S4(nNlG|YvVyIq9xlc*M@=(~UuC#m-ywyCQ;6Wia2P0%)V#$`1MJbv7*wA!xK4; zAOZl*T`Ge4jR4#PaQx*gP-+4)zq#{EO5RFm^ zWw_H#kZXq3U7=CX65D7mSgub5Q4lHR2D+A;j6V||)MlyZU?I21 zqjz49xLlq*hbhvfoNLFI;{}l&-Sa68>@bw?WVJEvj?KSpbL&4?m!z{7_Vv&^EsL;@ zJE;bCBXRG3`_hvm$CPX_y5j0VymQcVkCbA{d3af_vta|*Gp1(Kt+AX(feAAT|pqwmm>nYZ~KSuOOM{H4xE9*S0vlbsO)|=3k`_XO? zNtE0oqJ}bJe)AiQtB=zFH1_IXAC z;rv^d{YcR9CTNHYt_gtRw@AUcwCL~vV-Dk4{el#bJBH%Vf#iYY;{Tw{fbnnj|_YS?{B4q1qGSPsR7W!YV2Gv7Ff12AS+ls0dB#W}S zvVzz$Evpw7byM1Ts&Wmki_;X<8KLHZ-2*?o3hOUVnf%)|;~IKuFF?QDmw7Ck3=ay* z!8YL)od>p^2gHxfFVHx8SDpcno|<~jM_P+rhj{_-$0d2!hXL;r2McOQ-NPL!aZ*-6hAjMc7>DK|B_} zV=6a0`#@B`BeAZhXhokxb`Ch%D__ zU}*g3S6z&aHQ^p2~r zfU7;4FV>I%AuuS3@9AGYR}eV1Uk`#0(EDru(Jm_J`5gZQWAmp(FeMFEeme?)hhS@? zj+L5vU$2{lz>VjZ^WSqQBtox?O&$B_s2`myVoH4>>IVBW4PbcteqF$g|z}ixZff^<;1AfNI2%3f+5}bolkx9Xj92)g2 zFe5v1J9k7nbl6qD%srS5X!e5?hg*Hkl}bT?W+TdxYt@G^{wRv}See({l4cX@w;N5f z`&fVi%Ecmcysb=BW2ZI~5K^AK={!uiI-6NodV(&zC7(c>G%E;~FR?Aon{X(*K9j3q zBoGnrdtkpYU}Ss}$)X(Qt1G*SJ|Z_(do<0|oXse_q%vexdK4^4+n1F>mJ@m2M1B}n z^^nb0Z*dv^(AbEGN@lJXN)nyn^w?lsX=RNt596>-i4!MQS^B%S;BVyc-@u#{hU;9O z-TSa|bT!NzC>&#rJ&B!N7vv#!@C5g4d6J2VBm( z1+n#YWb9~o?PUv!Qzurgk{u5O3-t$HN*Bnh@*n1Cg?lgnvsi~Xgh6K~yyzh|bx(84 zJc%-$BOQiM*j5#qG8+?2ZRSlgTv^Z~3w0UZ#J9N?92|j>J5~Mt@JZc~&`2iatmE41 zk!W%UI!Tol4)Z_W>#*p(IgE4FTJ^=$))3*Bd|@u-G~1`o7|?L$bsTA;Y(KIQ3wWv9{Pp>dDNs7vB66Vac~nfHW(r~7?N5!k$W?%cFpauk+21MkNp zdyyJH7f6BAjP6nY7uidCpwH3Wgw#(%sJ`0w?(g`Zuf{Zu3`@8l}x zPQ=K(q$mBHKxqN`)T8Lkg{m!1|B=sU;Sioofblz>U8*s)GG0IMap)L3~0~eS~TA}nar=n zb}s$P49N3Z5sH~&1IgR;3Dg)t5)Lc4S3Vs=Zb#GLg6Q3KlJC&A>)~SSR&eVLJW4Ym zfE4n&`r*5A+6xA-uJyGwibCD3XU;&D&L>@2YL2b1#3x`bOPrh^j1}Nwu+?jSFIkbg z5IkY;w09lEvwWRb6x>;v@>dY92Xkij#JA~^AK);;C1mY`^QR-pFApnI27VVUp6`8M zzB*6-HGDKG-eY^24i|C@2TL>m+@pTo4srAz(+$|y^#5C?_%?xiE3m%vF#ftn^Pxg% zEOQJ7LV~>3lky4_qShN|7O(fV&3nx>1E1slG(%@u=|*S(SUmK9v;YbTxI@=b3{`L^ zBifcZ?rrtpZ082U;mnW#zyalP#nhLN-*XNruAOt58`ln=Z7-9PK~sJguHee)(yhlc zH=qadU$Y5?LIsP*7rUaGL@9S+WDtMau$p^vk^bmHjlv*9ce)=-V`>n?8sg4LsULrE zFp6YZ7gz(eM@puGmXX;*iz%ICMr^k$>;XZFf#GbC?Z!aZ9C=d}N522Z>X%E$C z?dLI=Dfo$wa?@tf+aT44A*!}kWyMNn!!l&*1cl|Qx}|8=TaGIxpznJ%x$-9^FCSc8uGK-^evu6S?PAcDWC>>h-OzS>Mvd%HsAe6$1DK@3t6 z5!nnQa_|T$2}!m!Lj(qREj^h2igR!iW>YjOHhfre3PtsI%#5P9ab!f>!yrr=1f!Y+ zu|u(CRW6zgtwJY%ru4p0l0WHUQcg}SM$q|W93?d> zPEaLJhs>F|D7&(LYbh0H#T01C%It%~+8`x_%cH65ZknXhQUMv z`9OTm$XWq!a!3B_{Qh-wIhU`OO~7riQhswu?-rHh<7w#6(!XKezuuC^Ey+=VkPp1e zl1TA!v9)mlPC5m(yF9Ekb?kg2fY6~XG{*J+o0j(q?z)JRhCz4Wz|!G4#V>DQ^zd(S zX2qNlBfi<*dOx@9cxXs#6wGs*mF{{!?ee)_(EQlE6ubnd7~%}E1xUjm1+;{$5btbk zbeu1Jxy_hjz1`g8_eYLB0`vFRf)E`Y72u1u?7TR=aK0YE`FQ+z-(#raz57A)Hp@gl z@gE(dhzagDaBwT0WIXW%-;hacIdyVbU(Vkj$qE4n9J$UL?uK4l*l7V9f}QUt;9=u- zxRBEc9ZkStA4x6JHU^CcE4lzo(BbE}#$ELzmCUw`vV;3(V)ePnILd;$2S-A<;;gug z@f`dowCGET7#qh!5d|}g^osJ2Ct2t9Yr1BU4n59T_Cz$7MtLQdZ&GE1-~f&eX>c~$^zN-#{VcCQI~^P zQn)gUVK{w(7qT}y^TCBnYeHMHf$fz4(4BTyr$r7em@gPd7Nqxgo4aWx+zJ<*WrSOoL^Mu(iSdu7J@al;{g|tjiD0j>*?x&n3C@@N=k#v!(K`xscFv~fOnX)?2 zw4Mp%!P8&eOF)$!0&HQ3oRy${(Y>0#0-z_`t!_MNGmw-lXaAsbm@|HNd zwULDxS=6~r@rpg+(rI?RjZ7imFFPwC3S zVfKjyK(_OnO1F^{-3k*zF6mZ$VNSFb9w( zw#8-+-jqCOY-|~;rB!6K)0uVUEj$q|IfmJeZqKal@0i$+4paE`FBpmLq8J@E{1a>F zR((O~jrqF@F{=U#Z#vD5X!~VjhoNvB0xo+}pHc6eC;2=-A7;B6+$4Rmu3q>0vvcp` zHzcrm?f8D+_>O0I2j=r{bvyS9yI#k}z>VVj!OQ!AA=Y0j^uIq1eP(Bh+NQh)IaVJO zeOKr59)6cJ8RlJu=IK>0{Ue+l&K{~fJ5CS3{7XuGb}T&sr!FTGKh%W#Nduk?FN`8e zX)bfYJio!~?w8f&Z4}SuKCs^fMefV`$KT{Hf1entns={u`u-v2KQYx($A$ax&ottX z8dPxUG+n@8_&h6{`|-LZ0PY{FJ04b9KA?2}zmBp$5?uZ*Hi74rkSUSNp(N=OZ^({5 zeQy`OGh9o0t^);+8xM_^`mf!vOkz#_@FXMB+prn}C^5cmE27BLziM2lhBL{32M(kW1)U%Zjk2MA%l8gj zFFIXy8~2`aw?`>FbLg2stfEnb{qjbDIGU39>GWBSygQInYE}BWo|TNN%+588Pfj1( zdt9hB{(zz-(RPS}(Vms5^U@{uBX%~A8I6kZ|HiV(To~a`m6fU zpy^_O%Q?E3?`3jyFLPg5xD!ZD_Iqe#y~hFsp%P9HuO~cG1A`0qo+ADzHpySL#22qU zq&yK!u3*Nh!Vx4b1LZDTW>qaiW~sQ_hl!19#Hu{!F1}Oij(AIYrH9p)xGIvRlwlh3 zXH%k&#)i(BuVP~7^p#0K#sNJIIjYr1LpMHC{c#Zdca7)!Mj=TNh6YI7O_B=?tD}dN zAZpBzSoq;4#6^HO+4MD<=J8Ll7}$&u!G068?4X>C;Tw&9KsTsL5LW7-4h<)p;J)POsUxsB7xjN>{$_1Q`QYx zLyTh7W92=Lob@IVr*bm=NZr9V7sU1qx&xFyAWdMhmNNR1bzMC@X{U{*Q+3HAAJEgo zD7@P)2yajUEd&Yl)@*9)G&25Aq?fMyJXx?&aK7Ia)Kw==E4AGPSAE8{xd45fl~8l$ zg{EG|4svM+*X<;pB!WYkK1g_?pz`|S!r54MbW5I=++_Q&eSlNJHu(f(%kV04^~jI> z#389~Q1GKqoJx!9>4_>b(ri`gT!+dzQt(I~F_R3ewNA(W9D&L$mx;M^O}-o>_H-gM zS}Klin`Q(uiW&`YSH#Pg6K(=@ffBDw20f*n2o3e&Qh4JEfsHHua==lHaC1&oA{ZCN z@qR7n5`%u2f*_;ZdURzIg`JM7;!Jpzr@EsxKf6CJ-{)#A_?4h~Ea(5y`N|-osEcwm zNFrq>K1MzOZF#P?-}%mYr)uA3HVc8<^^^Rk>#kEB;4aFcc?SmYPXcZ4;F<*%Ft9w^ zYg8=wfyD@(T`wCV3bCy94At#7V7b#ESW^)2P@gC0b+s)`L-h1|=*SG?JwlcC`Bb~> zEkg41D|oZ&@7oLx$?FA1RuhABNXP5l4yfuPmB|Z!4$)PkpHVS0P|Y=(5v(Djzt9Uh(UQ?EBtN zmX19zg*OBiZKaoddCTBCOl#j$^nVH`xo-itZPNu}U?s%haY?{{q|i+h$gL0A@bk;r z8U!zx>$(L0s*cBw%Qi4Y24>hUJKNd_L>CR;|3jA*`N=q{@ltmw;MvtNppRhc;{;rC z3ccn&zAbEAdORX_UH6*zr#>~IL2|TQA~8t!$$QUdhiPxj+jHty@G0ZZ+BC?}VfR>C z7#pbbk^*gVxh&_DLexA*GqhB!0I-iUk;$RntQpXvgv-!UxS!nUsixGng@IK33t$R? zU)$4@qvcdf<2iZT2)td(4349d zFk_XZ(wVGeBQiF!yU+%cHyrBf3pK&E5iGTe5n`Us@!>$v=2aot!Fkn|mXoq?N7WvL zln>HTDfBq_$y1hx586&FTjWcv7%dr)Fy_HMDG@n~a8-C%fn^oifbQ~@_8&4D6DJ~R z<1y+8sSNOu=J8~s=Hi`_iblmV>Vdsk)SfI4sq?Zk7%kU}%Zm)R5m4`r)QEQH1MA4V|BAIx72 zv?MnMb@=5k!ne~Mn=y%{x14{?L@>y46le_ytF|y7YAW<23ZV`=B37y%YEe%WCWuiN zvt}&|&s14m5n&Hem0^dYNj##E-iDI0mLYXgt%L17NVZDFz`i?I3_pm)iS^suwi8B3 z%pTt;=V8cFY~F30J{`;`bgRPU>*=7yRvi9Ju)Oh`uz+88dQjdTch0JHvT?D}#+W)m zUUJO$l++{&u1zdw0BSnPMZO`|+eY5Jdw+%=Sj_3Rw`(ckmVjPl z)face8F1E8%Y2KW4^o)$Yt;>cuvc?eRiRR!S{bb5vqcNc$bgJ9#X{9RVKW2hPH=Jz zvP@x2MH|oDmHAINr}cOl;?8NOeubkAn@~-{5ih z5D=L=aeAwoN{WV0oF1$s0Bby^EGK_{E&LdTAk13mkY5&Dgwfx*w;}A=bVuqRYT*~? zuj2O6c5tq3Ym)^%woLKle7zarI|K_sZ^7fl>i405*CGF`+ev}P@2UzdU@-VpT=DoD!1?D1^;>NonXa^||)~EM7ggTX)4ghRy>8UtargF3-;e->>6eMyp>( zPpdzMzP$hWf&zF-k~Me_rFre=JIuaaKNJEF5<4zYKdw;oz)Ry`1DBG#*FD3{<=ZrS z#{Z{MzjmY&dTV9ae3||7z8AjP_Q>_v@xEzk=(Q6Do`?vh8f))vNmZsVU=@=~tKdIA z(C+c4ES}yc-b*o7gur@fiS$dYNF(S*XBhE+`nwJAS%?{4=d=uwCf|V~)d<5xg`h5B zi^t3TMwAc|d_Ts@70ec6-T!-)*?PZjRrSVMZn)IRTsL7JW#p(PeT3CrEOBOhg7Xu? z82|Y%@k1P&uAR7WW^EM^EYRuK9IvxbSw|o#tU%QQnEPon~mVtMEFVzucM7JO~wXgQspcT`RT!r!FgM zA$}VkUl0Anm|)EnTb4vgShsw(R8Bv{@ei$O$$G6AB8UTV6CQlTX|zB*G-9QE>#hFj z(m~P37rAI9FPGs%^>u|-zHbtNAJi*KtU$y!K zWBjMhMh6LT3jPp`US2J@;3u1^-FDsI0}i_$SCITh*i~fWTia0<%Poev_uncLkruzF zqgs(NB)0pg&1rV6MM4%82iSpq1c<%e;1y8>k?J(KS9E@1!`-tJ z>pg-*3SVHV$W!n_4cxE{7s${Z!@I4K2yDG*Py{DALiG`-t!0 ziEpeZy%~B`I_ykClaNNMfrhfPx6W72=VIp!uETeVbdv>$L)QYuU&$J2myxIuqHuM9 zGZG0R!9ct1iilZGAO@Uq1Zl5{5*i$3X((NvfV%I;`?9+G$@&WhvDljYXJ2!w!%g1{ zK6Q7S=CY~xuR`irDRZ-pv8v*~e@5_;@s>ZA_;tmtt)91RS6x+F63-v?4<>e(tQ^(61ut<`7OHa)y z{Jr&M;Xs^f_n-l`M?zFSp1pFiU1AgScT74}xaj_rAZd)%KPd={b=L`WS%#KtcJ}b| zJRC_Kd3p?hX&|7G)8ucXQ)U?#IRphc(3mixJRhHSiWb+{l=L8bY+e-sitMur%OzJ^1No*nZx)CiJ=kdH%F)8t=>W(1ZfGD2!%q1#3$F=kQLx z8|Itqe-vKt-P?TKS8eF>n7l?@yEN#y{6e~0zBUnv+fdJpcB9^*VZoKg}ni>^>Hi8~MIOB7Y*dd)m5hi+MW_V>O?;-v7 zRunR*J;1jirQhq=>Zm|yC{|hzhuQe)9M|D zl?WcR^$@qqO)a~nC9zE+afI@%Ct@<2E^OABFJ){>SBGU3=4uPIAe9Du4>I+Yw4>!D zbmIsvmRLf;5G_5eX-8Sqg$VLOAZs4QgI(wQvnKgffNdQpN6%ZfE?THM)X3ze z`P0o}ok5Y4tvj{5%%Vhc_{qu*doro>xTle`cB0@@gm4`N6?K9zyb_s7KUu`S^gLON zSJziFu+l+j)F|tMkAhF)2Q6B{-{X_a&C-1`u0h2t)dYfVhhfwxjU*$=yMIjbN%n){ zM$ofDeRd|+=Pit^VtNy}AH4lD0vRJa+7oZ$W}m<*&Qj_@6G$y;^NQF%I$>Y|^Pxa< z3}%UCxCKT>d2RquSQ{QnSP8mc_Z?UZCyf@07MzxUP|sX-(}@z4LGg=YQ%`xoD;35D zmU1A0YPyKSQvtdT3Mh&p(Tx@?t%c>9NL|x~rJEYDMrCiCd^KSWf$$v@xlW7q6DqC8 zMPU;zhbmTZ`gGSkgoyI27l7K;4>}NlKkHYJahs18;NZTaT%u<0i*7rHq7@C#-}|b4 zNj9e|K6*0*jRXIpVwuT~yc-6Y!-0cSpXh!=tQpJ4n*?J%J{uJaAF=F8DGE{p1I@b9 z{DSM3=@}J{37MW}oAOj=2>=aqkW9ktx#GgJd=ON~GGJ49= ze~dU1(PUaIm4|W*6N4zjZfEOp(F3JwO)$vFKoZ5IqH=*Jge4WNogdDC( zwFhUhIS%+7oU9%l67>AP3Nl&^6n<&1;u9QN&wChR3>V)+a(C~KC1HMvc-PS!w;^X3 zXZ?4d!xTaWf^XkD-h*^g1-^YOK=adXbctNX?7|((`EIoXq362uT(LZ4AR=?~Hn`Su z;_3WfeAt~L+xzvI&r2RM z0{0zD6t2U7E7!;1WFH>{Mayc!`ZUAs3LQ*`2LZ^3C^)^>&wI2DRMjVjHsU)^+M&*~r78 zz&iF0L=4A(Zw-ue+)6YwIwwxl$w1!kq)r&;DKSeDaPU}xa#YL0d*Aebk%_@1bfZUF zrUGgN%|nGe^e#X!wK&`b>37Z)U5W*qZL6xO3KR6-Me2j>| zV3_GBX_3TosPD$26kNb5DBPJqq(qA+W_4W8UNr6aPvOuTGD>AbS{WlDDt z!_9mOd%0HK83n^MJ{y_t@x}4P_nHJYaw98b${Kd8o#`J)Onyk1|(BT7fVys!qAJtBm&gI zdfaUpY7m|irna+817#U-UBjY7o~E!HrX!TwJ*Q3teE0W&qos!{#3+D(tg&IWy#Gd$ z(^ddMMi=1yvP<&QyWJpcqIlDMg@XOt%+;>R`a_x z;z*r!H`S~~GVExw;C3x)%QnA}a-kLBqfTaExH7hRp;fCy`vm51t9JzBU_oQ61*hV; zQ0`z~RXg*ukv9Xelm+R_G4caTRU%N*;0ANzh=(vh!7V|ew@txN6VbI88l9*Qor*K)E--K21>*@DCR68 zav2>x{h5Z!B}1PGJ;+ph_-+{;En!V!cv+bGd*rHwf2frb5><>yXgS6Z187@RjV~)b zn7veIHbl^-JKZ{P0!EPXgf=+oTPOx?2x~BfTPU!=1f`**bRrtg#4iL6HxizR4LB5v zAZoSk0l(ms7;j45oZB8Z1rlrQfD*?(7BwEfdDoDnlfvl za|L92AUkL7kHII7ju0ryB!u5ipkys^YNip-<;bGzS$ju9lG{Rx~ zRao(}EO^2^lGQc;5LRHQKqGAj^Q(l*pb3k?^;FP8)Ya#XqM?Df0;9MZ@IG-iLR%F> zVsVf}EyjZrr-NPO*rV|H{5l(cX%0NfVjEF#2h*DdeaF{Te(}q9RW*XiNU_T?fuN+8 zcpxLy5bZq)c}4>*jMsB<8wyh;7fP{K&^FHEk<;-ZijbX%#`AVPgO?@T!oj%Nz0jwcq^TQVlAnA;EB(nD?Vt+x7Q~1?^qM08 z`>GjO=OWVV$?Z+Q57c}KGhpE83lWrOZ3|!FAJ;yfq$6-Ck;BmwWJ}j$a zlj!d=EdRqGFc4MPOtYc}cuW{;xr%D>gc>E)6pvXY$d`Pq4;YHF)<>1nI)Q#;)mEKS zjite>n0O^bo&oux?=h5mYFnaZrUU6E@-$MFdNU3xHNi z4iqUihYzAfuO}ep`MnC|b)X$nLt>sPSHG3EZvzCNgDPc^UjwB;)ZQ}a)a2x7RQB9v zMR8^+0HeMU+7_#WVvd@nN_=!SD0OiQqqxgR_*;llI8qrUc#Q7=C|(!HBFw7uH<$Gg zRC>}}hy)A@lTzi7as(JoBYE|OkWe&<;FwY`c=zW&v8I-c`9d9v3#q(~=j*m0MQGZ5 z)&y8%2oW{(KmLRIdNTm>{01oWNQfy9Bl<4<5AGgAWby`7ch>VQQu1-T7=BSRN((cK z+vwPnoG`^bg!;S&VQWn%iE;;7gSy|ij1A;-Rc_JE+~v&sNB9Mh53N7nTwXY7DF>l} zxCP`Ypm05PE%o_-in@r5Wj@YUog%*SOtLIJVpWs)uX0StR<-Bz>)(7<7Z`Quu(5>$ zBRDI>Y`^nzDVR`LX4?LeULfKkzak9;$N_?byG!M!DSqRHirA8XIK7mWV5lH}k|Q?m zaEFMR2E!*RN{9Z0HQO>hhr}i|ZVHy4lln1QMBQE~l8K?0?Hz>xjg$v1m(t^Pi>%(} z+$mRgTaK0xT#H#`zytDPo-o2n355=RY&eRjw!H_A%PsYH7dh~wtGxTEY)A5T56E^P z1F^WQ%uXd6yp)mA4Wc4(-(p@ENV_>QhHf%7HRbK?+k4Z}8Fd19F(+85;oDfet zsoS$tPPlo>>opg(yJB;S`k^B5#rcLr&NjQjW|P=A>xUoYni~tO2EQSi4YH6wjl!LSfOEK<3KF! ziQ^U2Y%vX)78nR4AKbh(!#U|@DpPpv9;A8wu#*W|m~+0L&F6Z9^O3#( z`T3{_m3JE;V9@S$t*)v6ZAT z=?#1Smo#~jga-^+YBwb-~shUvykoaUoJ)rzMzdu46vc{<1+!_v0Umt5cic6rZ!NQaXKu4wp z%|OkN-a~m?!2zK}zRSt2)Ebw~z-qEZAY?{Xx8P#X0^!OqLjH@Yw}6U*jk-pMZWvlh zx2N=wDBVd)@h(`nSQPZ2Tp^+*<+(8)-nq7sA)@79b};_bvAKrB3oQd75Ns7g?L+kAkiksL<5^w3uqqQgh;|(^^!q zFRt&ZlXh(Ha=%hB3B~rt)oH|!IiYD=DthmC<--#hUQRUI)O({Wt^9fc7hXIr+hyLo zlEv)>o=6S}y zRQpCoYHbiUcoQc=sw$o0B#`7&)J9F_a1pN3ZA)>FeJE_JWTtT&_Ea$B)e5MB10Y(= z+>KdoS_$eW1oheAkeros7Mlkgib!RYcSzvqvUPBl zk~@?TZBh#@0h&Q`(Gt*FphfV45uc5^yYz-2QKQki^hj@*E=xc9-ve8Iu292Pxrr1y z`$I~RZ9_Soo@D~Wbgv#aaE)C1)n9ExK{LexZ~-Rhw4|uc_M_I(IJ^RuxcVbC&JjG^ zU$V<0O8z4Ry~nme727<@~PZkir1vk%;mVTq1Zc(%hY{o|1 zIz7tr{`#C$NyrjfA?b-_Xw$M?#O;nAKcXz0O77D;w7q&6%c`>P-J`EwaD8+A2Kmlp}H#>QGymqN@UE?6z8zlH+K*09w z9z&M>Bq`n4Z|7llVCPBO9?j|>0k-Uee|uA_C!zfFWw6*1-|L^0@Ld2wt|sDqdHfFY zgRq6btOK`pe?I;+ASYU%=nQ-Sp>*mxHI_>jk{&y^*_eQ&a4s!X+WGf^pe z_CB@c`_@_zj_AK%QVoiKOv5NHe;@l2L;kkzA(P(aglbp|We;T}_&y|%hwQKc$o8Nf9_l?mOakUA_)vDhUXFs{iZ`V1Gfoj}febx_qXYvB0mZv9Uf<$Hza4OXL`C*3HW z=Q+pApH_XOq@>!8JMJpVa=!t0>!OVp`0!QzZZ#oa!8h()mux2Gro`>;|KrBzbi#48 zwQ(n^Mtm z(LmvEp^|<6_9#g&kM_7R(3t|txBRK#sc|(aA6PMdV8qt9hZi$hFmWf~Ui8Sl)Y9T5 zuq}j0O45;Y+GB-#91BZ}b?LT=69@>b3sqz=G?E2{`@7>NyrjXKj!XAsV~Ba3)b5a8 z+e#>%2(dI*u2{H?6Y-#_JT%Ho&rU$JZyf(N3zcpUhW4N=DK%#Ip`=C+}@xB?W zaB(AJa2rXf1FdFrpfkpoKEe}g8>FYSNxV~)kMBZ!^Z5-BiKV&1$sQkKlM&uY8|Z-h zAzP_e5Y)N);b@0g@#qu*SxFh>%IwdmtjIg_B&v&D0zvhMl-g9RZCqAr%*}GsW*j6A z<+404&|FjmWpQFche*YBANE8cKwW=e3{@nb;xXEcUi6zY#v>Z^G-&_Qg)Myf5t^1ZRujT2S! zD4J4>(C(OO^#i*h`95~yiXjo9vzf`aa1eioP%0f{QxqzHrb;IX)o^$5D$-QXZ}wGg zfAVujlbgif7mOe=2;S!{aeQ^|PHYYw=ZvI?wO`|cCPl0E#(KIk3W;y%yjPGG5Pr(4> zges&3hw!;YnmOywav)Q=5B?v3pVhZ(e>igN1j8ONo9@ZUPaN3NUOZ$Ch+OXhDDwaQ zs2Te2ed`vHK@9RYC@c&XRcjhv6J2pey}3vf>4~K8^G9 zzB_6e&l6ky&{k)7FZ21nkZ|O5wW`|eg?elYm#@_rpIDu1GGtus?B%sUCXU502;6S9(Vkj(^w1M$DQ8R z6z@bwM}G&VueQhAgX&U{irWa=8<;cpdjM{FYzPSZa%5D^y$AbCH0xGb4wv9BV;S7< z#3jvs5@W8r+0EG&4Tu}O z2TU714F2yrKow+M`8cHlqY6pws_H)c`9Z>MHIl`D{H7CRS7`A1k^JuXf7Q$NCPHdN zt7er+XrMV!O8&axmM5WbSolgf;~#ELzaPzR?z9EW#~oU-U%Z1N_a7(D?G&|M$5dI7zK?Q z5sy58RGhOr4O=VmC3C&$sQSt*swytLW$~fu!pksJGWIC~J+!2O0X;K@^_3!c_xSwh zTIvBQ;qpH0Wv1@ox6>~WV$qbBlLEuP`7O@muuED6cr9bQ} zl;3f#sJo4CbWVu6X?dEp>FKi*;q)NtGHc%9&rpho|B@b#F()UCR+8?*6X$WdV7fF5 za@J0154Rl+K#M59lpu&^d#}MLSIFeAMgT>t+(?rg>kw{t^ z_)+M~Qs3~*Ea3vPR#w}IbY!u34Y-qkuMlbQAd*PD>;^JQF*dbSh!9-PpNDI_h$N@3 zsQcP*O_IdY$#4~e(h5~4KF=*dR-;}j?McSL-E^m8%~Fa@$aQwS(r9T0B=5Pp$O+xg+m@=sI6Rs>+2Zn8{n-Y%o8lZh?ml z=KL$}fPp)WlReK7@i+s(32Oxn-nUv>SQO74RQEux0g#9SO+gfV5dfv%VdTyOz-I>Q zM2+v)i9z=!46%nnjD5o>#i!*{ST>L$QN6@W6b^#_$N)X>@{Hi%;8Kx7u^q@7G|M+xLksn zUMV30#9`-+Hd8er_!Te&v^_oE!C=|z zsA&$SkO1){2iQcOZfl-|`l33mQ;Zt}1z(GtN=x~zf^L2^ozonU6?ecjcU2T8`t7)J zZ>o$;=nj^owjRZ?;(b1P{O#b2&*j2SHwq=}q|ql(0l_~}Ag_h?=%oCB=GzajwW?`W zzbxB%D1tH9nph9*m1p#vAN{KxVDaPp_bKkx20l|tryksQ zxgHD5t1GO(PDK z=1fKoe1aTENyC%9M#X6TtCf-I{2a_oA8_XbCNyvV;$0ZHQDA2)13m?!H zCv+K4aM?{K>s?5uF?mZ9go2px3^gM}?|Lnju-k0hTm0rnZNhk>&Sg&J&XnZ3vNV6DN zHpXPhL@uPSbw`uPpA`>&kwL!WAx<3_Tvu_v!EF1xg}tkEKJUjO8(z@cC)ErX+=(K)-b8Oh~dx6=ahzl^=ObW&piml%;aVBn!!G|+VQc~XgEUfqf;=dNtXjR z9YiZ7e0~1eFVp_@xC+F6w0O>KV@M=ZVpCy*fd}Dn$N~}}>)ToxL!=59fskT^ga2`BH`(90~sD`#TU}{nrLZhLZQTU&L zTeu5Zd!e&6?>hGuv~D%$>D1=jol^D>wkL*X`WYHhvyZ%Wnp+s8dXb}*>s+9P*K zHv$gl-&+fS;QW>AL3sdvI>Gd*$W_amP!*m6Rx@)63$2DGqlza&sH#vJt4h+_agAp_wUT!iGIJEWz&83544XERw`hsqU4%Iescrq$g& z4_;1;Z~KB(md_TeF=yZ*V3I8%C%P{lS#)m1p3cRNOm6?}fr3B;@&4s*+YJNDV;B&a7nwxdtC#T2<~iuHeINpVg7K}!vTw3h@2$3apKV+i zD~#W)Ty?xd0Wp=|X8r}^zji+xWRyZBnR-a`yCKHcUGcp;f-?cdW5uQ{$7&=USMn=3 zRS65uOCyGnAMAU78uA{h;JQ}s9KAQl+Kn6=M)|w|`QrC@vxCqDPFyJ0DV74M7l_fykw&5}f*ph$Q>5#|qgl zHjPyJJ29mey?^+P5ImwfQVn{fwEg?G<~@0<_yaXoaUw^rxD_vyNRYmkEgxge6=LmK z897vFXgVV$P2)C3lKArwY_ol)3H=<7N6nJJ!i<|q!RV|d%qRMx@i!6@l1@0AthDk6 zHktJr21A;^yyjrFIG;cs^%))t{YnqtQBWmZFjcO9e0;K6gg^yvrqs&-y$;f(-b-(^ zb`}K_X*vQVmJ-((+T_bq{QXpcVXV@OttjnU_UVOr%+g!UGtnM-JndglJ!AOtZ468s zKjD>8`Ok%k0`7E^391-dcKRg6-ThmMdl@{-HYE-E4SBZNoWrr8RzrIz4^XLXWnbI#wYI@<{|W zA9^V>dmR<2%yol|U3MUsdttBluluP+#RDuG>yRGAM8R?vcsPGrH^RX|J)wLjwOAK} zseAo$<*Paw=8fD?OSql$GkR%FJjIU&GWh*3WHqfO$mpVgfi6sXVEI5>YD6m5t35J< zgue112+y>4WQ1g4X5d|amAxH2o^8D6YyboT!6_0~TEu%lD?9&fhBJ}hP0Bp@M-Jgq zVbf_s>QS0&M)gFD7Me|g1X7qiYl{CjQnY{o74Ph%DpAZ-5m6FJEP{tadV@*HRtsrT zkpSlxsg08glZ#XF1qM=I4v`-ctd@GHV%kL_F3a`=*h5HyMzd{tMNbGxg&owffc@&g z^G2S+j8DP>kNBjcxx6Ce-gPXKWo6>By(+Dlh-x%;fHSRP*ES~I&2D1wA_nhFem)Ur z{AZ*%Lg{q*tjyVHogTdAVx}3Qd%^Dwv&T^XO5_Qu!JRp-`T9&ht7b;gf9T2lw=&;Q z9=1@x)(H#TS^knFWlvTxp5p4>EMiy%{wE+vbNr74E(qXK1fU$fQffL@?Vgw;prEtt z>lGNbLFf?HvGu+e`kN8gKzm#$6Lpq#cij0jAxHTDZd`)!qFxvi zQb~&Vbt~1NV}s(@out>O-eM4t1gC(N*aK~#9%x7@{q9f8ay@NpUp6zqaK^`Y)v2H2 z{1o6OpDsX5fMIrjms>#~$UR^n?n3#$n*s#S13mt8ufx+@(1BZuMWyg;C{?eS-2W82 zml9n8n0mPOcy~;B*K1tOA_jKMWFL(HMX?I<>yqErA^H=)FuVo?&yo#{Ryn@|*TmWm z*8m3t@fW-QgX0EzUjv6>_Lh+{kf!pQ6~({b{o&1|3lVq}Fgn9^0bZqHuQY2hOIte! z=*n9*um%$}%CKYtWAK)SQ`r&x0Rh}ETAyaQd0IaqOSaGr#)t-}r|%T%tmS4HHpIZb zE`%a|_5A65%klrUOMkl-BiyuU`ZJR@JDg|GT&07_#0yVdup2KKmvc2qwto>Cs-`Xi zk4rl{oHkdl9LOjQ!J-oHTJzV9i2s%CZilqVlsiHNL0oAY!os}>|1Qs7fGkrc`NID) zK7azjpD6+bR|l~l!WQ`pL*RY3aUoR!`nvzKczBljeB^)V5+Qz z^(y9EHn#A2{MiWQe^`?_{SWui<1IeLIFZ@c7;2N~!Ug&V=ffLKpi~fw$Ya5yOYO4s z=bJ%t0~!wxjTNy|WqY{|g@x5*DdiB?AWVwnn4MAgBTLmGmVqKquCfy1(_`l3cBQ%&1wMCs#j#LB;04#I-Cn)H!n*KG zF+V5fqg7nmU<{V*ZOOY&Q;esc5pA8gFJ%5Kj(2l};6|vQ8tij@wwpCTU!QfkP2KQ# zo6JJJ^c?K|RUAp6V9}C_lvB|Z(7wxl-M>q&J#rY1iqBF~(q)tQnmsdQk*~U{S+Nx+n@uD0Gzl~%-h8~)(kvka%?;Cyf*%UKXsAs_M4-}m zI*8``f)<=S@$s!@Zo$~2-1B%0YN${)*Pr4}p_reGv5QM+>FH|QXhJ75@FVc>d7W~| zAPch3#jS=H$#l&q&{OkF8(Rlb*m;Ll{C`hcB{OB9@Z)3VYibjyieoC1zN3RspwYos z=?n5lOa1&swp}n}-zq_?gBDpD7w@C1gnXU<;&TQv8TipCg%^+5TsjFyOBgg^Od2i; zhgK?1r3t_bmY3cdpCM7VeC9!dXw#cW47?h#+p} zRF8~uMsaMHjgE>L8rq3wcp^nUq>EIh-pT(n=Ae$i4@YUOA@$8cZabtFq;k%vR@y+8 zg`_&Rcmckc`YLL-;CWR#)vLO)7K@1Ps9AI)3y-%PBzj*eM+^%PWV9?yf(3?_GQETL+`8*9t+;lQ}_W;;vlqzj=1 z2$3K!^8mDdM6y$U$o_!A=AeA1G;tO-2KZ4x6?DO1uHoId@4pGTJQxj{>kbbAF)pgn zCGoHn0nxjK@x{}DfdSyVbcV%$0t({+q!B-XKmLNqy{+?cF~__Y2F-_=c3<}HZmC4y zn9VQH>KH2~PJ`5`Ud!QBl|0c0poIDz*7XBehN-28Kt)^hdwLiLJVj-tQD1|u0(ZwW zI(8^Cn!z(dLdeK~TQsp>Q)RYe3qbgq-2zA#n9+|+fM&?P%D=koE!m;3*WK-i)d!S5 zMbFnAlJ8H{H$YPl#&a>_xeHx=NARJH(9U54VmroJpr%~jlH}}-^T7kh|JK=_3<98Z zpijK$j*~ABdRJP>gMw1lEK9c&F0Vz82*uie#Vp8I z(!q3&>K`0!zug)7l}=TPS9}1a0xy?XTA6l+iU5ufsxE_t4%e!omI7f(a4Un5s==32 z$uEC&bZ1Ze^8z7Bd0k-7$jVr0R46B6S<|y~TYj>HS&I-i+Z+=5)!=h!wH-;e`dBr|AJ*q!sUw`c-eL>=L+NRDh z`>YZXkW}Xcxv@ZgGu8q+++< zOXHHf@GcI08l~`dSyfkOo3z|i_3#>60f>xs#%Q*Q#S#s>yhM8t0rB65VH&mHy$k{x zysd&PDN2@O?)jm7rFAlHaJI782G$}aa@6!s%{H5E95cxpzuXb{)6tk27)G$yDg0SrBn~ zY)$mI?TL&eC4vfEdR6_c-t5wRDsfwgRbid27uux#%hfm2^}lZ!6qGNA*i#*n#PTnB zZh2CdZ~~E!;MjTmkflt3i?3oT!3=)M=741d`E4-;f51uQ#=F1Azb%qfV7in{6wxTqV7{M^8P{7V zi2liT>F_&hdU8GOat_>>9;G$0{sCyYlX!(zecut-S^q6?TwLy z%ixhPU#-i3C?;b115w!hcCT#siW_5r1|ikQVm1VWcroBl|3-ft<%Mk!!FiPd1hL32XvP3W9se!wQki5!T%MF-!>j02e-onAkivI#zt9j9pn(n< zocPpY z+GVv&SYu;VN+%I1A+r1)0AYc$q87&gS)uA#R|}jLb-&Cl*$E8Hyl@;B5qcY3TSbAH z!X3@;0*^tgEYD84M0&>*del)B^2&6X=zV;;JQis??zxGslf|@IJ{`@Pa!m7urN3fPivm&-E0N@1i4bs=SQqA5>4xPsrBAGqZf zyk@w`K2D_K-jJ7-rGVnXb91V1jo^qVO5jr`SjE??e~2ZXK76(CoD?mYkV!28c{mEE zz?v5hH73_?_>z!D?>WYGC*?y3A-yuOR=4cbd?~xSw7MkRhe~vwX(>dFgdwM`ul--l z-Z%yN;r4EqMRUq13vI~iDe)7Fcr8mNAIF|u=~43?^q@=fZNw&f40}&(rZ28Cu%383 z2nNY|ZHX||(lPU2`$T=s{$M686TvVXJ`h}`4E&RyJqfSKNg&G8&q~b;T#T?C9av0T zO0P|A85B@INpP@9`)9Fy=F@4?>-jn;%$$sHMk~&AOo3L8uJT2(!n1miM1QFR;h_P8 zl!TJ*GzbpPp~uAh%kwPJl2^JdoQ9g3Y4(g$n-&Gg5A1C&o#vlo;XH@u1p=^z7Ol8V z5~72!cO|HPbj9%8zOy@_mIqL_CWX4E=Fql&TG%UnlN!x-|w%E-u3 zUYdOIx-bEkTxbYXD+k_eNNtD+n<+eBVhMh_u8cSLP&c{I4>fv!I9E>E&lf_ZxYny* zLsIHk`ilrfAoZl_lJ>rS_(e+)d&{yj*fRNgyPvl-%;{`pRQ>gA=rdUAA0v7Ge8p|) zllQ(RxI&F%{Ba^~DDEtS+Je&V{wyudXDVyu-%rZiCt$nsI0m%ZL+8U1`)x7>aE_k? zOzN0@K5Q)g-;#^_A(&g;PQXFyRfbYPF?O#kfB|Uk`{joJxf_&Qx}TW?(iDew@mCZ0sd6P|oDB0WhX2db0^; zZw8f23rZkXX@VqkH$DR&LMd(FVyIoT{oD@1l0m@x3IYU>j^4utEA{TD>zJuEbZ6+C zeY$=R7sjSYun`~Z(@e(#d%KnJH7qEm&iI~Q+k>7k8~6xdQOTh3g6-h|_1&=wv(giw zaY|V=Xgy);IzMs5?m=$NZ!o>c6@K(i8WcgS_G~AIlNdR6eEWE_DM9GGq$Do$!C7q#YINjGY>xHV1XE$?Ixu?FHFy zF4(w1;gxtvfq_hTr9L)?+S<$S-tkS=MhXG(Ru-O0P3=@P+@Bb!0J0mSh8dd<;c@4{ z&Jg_j$O1`l7(>=>RPl71B!fSeDgKfcaIJ{QZ1&Qu5jdM{32@eV-IM)IdKgsxanL|D<|AOTyEw+Ew7=Hb1 zu_W4fv^y^gN!4Qr73~=tXyC|J2T>189G1P!Xx8I#p=5!Dre0_g1GV`MEwbEFYQn1V zJk25zm6eD;Q3E7VQ%Lu?c3SMGA= zQ3a_)bx1E4LaVq;-=93u>gulA1{E^aR^mYH^mh1!e=}7|^hO~n8H9fzWvI%5qSWHs zCr6`13AwkatNKee2>E1JOV`0oa~~~Q|8e-(AD@F*-g5uRv{&4{B07huxfF^K&SbNR zh|59kA6fB+Taa$&Yh>!gfUFPkdYsUTGHXDGBV@_R{o@j&*g$|yofWHL-zSK zIL9qNpeLvWM8Ao^oucP?ixgAXoG{43pr1{U7=@jIY$;VOi`dl6o`{LQ%;PDxBZ9eE z`j)m=$cv1Bav(D_JS7Su9|5vf1xlAKZbdi+`>_Yl6gA!f{{_AJ`X(br^=bSN^H%wk zFUL_w1j9sf0hXhb^s1aCzuaxhpC}EpbkvF9ujCz>@mGZiW?3j1)EiYV6EtWFX+_jW zw1<2Im2%~J!$K>_@5CwRI$Le>x;-dw4X|G+bx7EsbatqdysARMw3MTT()vg8ExW0# zOq7FdithUBw#sX@Ftt0OUU^iBV2Y%xF%-%`V!7lI+@Xx2#YhNBR6@Z0C@nW-eu9q^E07p^aaB z-l9xLYFN<9qQ|C4o=q-A2wY{q>$d2k7oU7 zJwDSq6feVdD5sP}RmfcQVzi2+sySmvds*xLyk}q_oFaHlo450xTkh=~tYre~`pJ2o zal@i5KDK~KCnjV`F35NRcy#y|ERv+KZ_=W*#ZG(hgH{5?uDe@nsu|DH@F^h6y)4gx zfKl?t4;bhPA>aSH)^IChqqCd^}sKL9T7HU}`3K>9}TS4d(2Aos)zA$MO308C?LIJw7W0{9D>SkE9zZ5eXgEIO>qc%ENFKl9R?QQA zh0s+)lk)(gm%oDj?Na58Gf={|SI&Sb_ZK!7-aS~zbOBacWAhl^*Pym^@Odx%|7=kN z(t#$sH8>Iy84KxFrEd)D@Cgw=^h6hn`Ug{?N~q1uxo#P5#H0m(;wDeK^lNyqT#O__ ztCZi&rsd5ul!?8jrxs%HG9H;thQ@1$)-giA*T8wl=oj^1&H5J>LZ#{bQ3p`vAt&W< z;`aTb8gY|W@4Mr0St}b+UqpClPRsC2Zc0zh$7P?Zc7sv8IEajRuwH9#78a;5m%>a!6&HeF?8YA9^ngs z6fNFcGA|nXj*>gJ_3T<(BAowWN}CDbh&A$;Y-yl}uY!jsMU?cX+7CiaUe8s(YNJ!f zLif3nKzcCjK5JB`GG%heuCR{LKqE^Uq~HFl#-m@nXB$;7D6|>-l2m;nyh9=9_je0z zTaKnHS5#`2LOf1^zQ|VR)E5xxo?_(*RiYvjSNI+D^wy_|G$d$@0_IWJayYjfyfG>5 zDW{!BiR}AtP-EU#{>q=DNk|1%3x2`B;NmuWijc38rO=|Wv@&CW)7TJXypR61T`kZ{ zqc{nGeQ~9f$BtooM9|@ba)fiEI<4?d6M+IevTIpD#Z_2_^sPKd}H-@KDPDYW6BT5@tY z1X(7S=?_j|GV%O%IInrwC}J7Zftb{qukCpc9uap<9~=E1t#_Pg8Xv<@Jf}Ik^><5` zOg{%QwtkB+J92$Rs&b3o80145GAZ`h)~a*H<(&3lk!$ancDZ z6r%-Eh%ea{6$qN(B9~vU8K{l?-7jB`eO>vDmWi{77&B#$Pjg^0`WI443G&P~+f$+ZZZ z{=i+0cBQ+BOp0J08FT2S%M#<=>MGY-H_6YU>5oazs;t+f>-Nq)hkP%bcW8Ng@U7$V zR__uV#d&`KfDCv^Ie_aX2U?8!?0RREh`Au1l+v0lfxR$o-05!_f!)m9?dXFnHyZ*;NA;ch~er~ZO z{RWJ$^B_%T_~hgyhJU3I=qNs?QO1U~YoJTP7TVnat(;~JKabZXxU6&gcSva^LF-NTNe0sL)$sM)bR5Hs*T38LhYEPlK2EZ95(I8Q;h zt4iVR=k6{b9QPckNU(_>IAPxbast?qs)5^w!K4k4p?*Ll_i{C`2R-Yn^>EtK*EybB zAleYr6_^!t|C=umyWvcLb|VI`_RYUuuyimaxYOPVeEcwi0$8X#ez|;-IXz=Z&-e;1 zf1q6c{+** z;lZwI1DfFJ4lJJC^m6#t0Y{jQw&jf-Y-;Fyyr@Cw0;&5i$jks`F(*srAT15LYjCyF zMeKGW4!#Q}y1~-azzgu+q6c-j9fbGbP=5R+AsFx;CU;S+fr##&xsJ=G-Y8<23J2`P zq@<+IV-!CBCV<_|*_Vc+Z3!k7{?8`;_s}1Rcv2_exF#YU-`|?bP-r|W4Z14?vO|tA zE1F;K|B{K5!?<2c@?{}oqzUSJIIeUsz8CMQin;_ELHaXj#M;xls zD~^;6E^EIKlc-S8dL>Sv(fLw8^49|zDKM-_2xxU|0u@u@D@bjmaRYQiNkcWI;`VHd z7~qNusU{=EFB;)(CAnEJgK5wfYj>g5-9 z<%4Zky)*jl@4=@nO!2i3Z`8F{0iS|NS{P{|Rltt`rBQqHQ@knqh}J6gOrOxoP6y?s ze0qT1XfPuFGLB|@iQd{qQ3>vtpP_lKY&6$46wRazvFukc?`(xYwIBfh0d?7Ew^+Lc(LM z+=8n;vy&zDQwU{UWX~_C^=wrdx!JNyy9=4+fgtwRVVNdLOd>ht+ z85tLJYwNih5<#=iDKN2@~oJ?PL~Pe37PrX&#)MY6t(oatrCZKs#yswxAqvy0lxD66Y5 zv?GJny7=NURs&0U;(dAb7ApPLU0lgQ%imN;;po~i)IGbu6}uZyW6i#(slBiu<`^Ps zTAVcDXToSdZ^jPwl~^O7J)lE6C|mi5mz}h4ASc;su5ssF+@`PMPRoBXapA$cr97oD z&}XmQ_d|~<+OK87i(5+y%F}JQI901TF)~6N9GP$Z`tnZK%dK?+)m8n&dbKcm zw;zKvTIJhlp{Sl6{hAxidFSfFr|s`Klb4=87G7TMMrFwm0U{Ci@@v`YZ*_i&I;*zY ze#2c&`v$W8*rxO~{IO0md&3{PdWcUkj23#EcEoEHhF2{g^6n2F>Sy`W!sDkl^eVfv zn&wJ(x2+b^ZAfCh>Xf%fa6N>JC0rpWgi$PbOav&1wOFGn9nQT8kaME!7^46NzyZgWj=#(uz#{YSE{~pI8ays+TPhb|jo;|}58!7#1vXVj zQrqadmcE#cbQf^TWKD|l_Sd-YWdqK?URc8RThO=y^X=Wu&eJlm^EboNZGrh{H3VvO zp84kKpK9KfLFYxO6M5&q5;EVdH%2a-1AkzFxj!(BZ}wFEwn1l(a>6ZkJ_!OKD{4Gv zI@o&>C9e{>qM!=GsM`@Y%{ z9B)0WPZVDfXf#^AYhU#O(cHIrl*JGc%%9-sZy;>{00Q&g)*N+iK@L|tpVYziO<+@f zhys^c;ygyo@1wA%+d&8t%pL_RJxePqzOYRMAX`0cark*)AuV#`s|}t>Yt@D@3-KRRwQ9-7mhbl^Heu z(2WFRSIAaQLIK@Ag@W_kdj%Xphq)x|><)H~@2y|oFsYu@#rYhDfw|^Q$61OWIFwFd zF0v8L?Rx}nB7>z1H@L6eAm0u)68xJ~;%MDWgdKPQMGLl|`1l)~69s2XJ5Q?Kz53j~ zxB+s0VTVbNW;)J=JI|YHe2(r`u0)Cb+r>=ggoft)UN(I?Ug^C3-069qwdxHs27_yY z)Hglg21CE^VZRZ0Z`UEOKCE@2h@J%e_kzy({anCLR1P@R1#W-!X1vS20hYQyAh&qR zv;BSPK8hZQ;lvnwb+x>DKe~E9@=ny{WUU*v(SK3n=R*bodgglG(@h>MH50Z=0xki9 zGx5=&dx&|uj(hsb8QIZn+BvPE#NGt^?E*_{X~T2GCTB98+aLPVwh4Y{wvw>Ji9s+p z{}9IF|qhb)LliC>Xj%mGD^h9&wpQaR)Gi)Q+uu6&`;NqacbJ=9m2$Fb$ITKCiViE+^)G8i zHA6>T{Q8}gnJpy=scpM|NA{IVNJURn#Q*JbN-12z)TWmn{S@-~94)3GVyrq zL5FX9#6C4j#oprh& zwTq^;wh|i51@TXseUsl<}jRM zGmil0eLI&|yEv$|(p0CSoAt8FaMxaWRPi9-2Rgi z1jYVEpHu@S+QUG1&oa@ZZL>IzUV1JqT|)-Rt7}8ZyG^h0kcSFVR#59)?(-fJGJu z;TnbvKC4&RH4?x;FLFDvdOs!Rv$B<@+MMk&=CLBUBU1Bl0dVFwKrqv|8Da0QhdGa% zs*gRY_dQV$KR=8QY_s~;~qMR&k6Y=O%R9+3a8U0sLyp>}on-1(lM zK&{OJ+cC$@%H$`^0>o&dieKiFf4#M%$uiX_UXz(_y8=z-1z#QG8sSFJr{(4opu*6 z!+}M^kgE#>RreqGkN;GkK5j&jU75`x%->LIfO7iT=%Vt?@43Uar=?F|;o2UNQEX2^ z)${Q@@5zJLF5NIWG2ed-k)%pQj#&47!4$zpE)&d(B`)9bj`8IO z=~y~CrqQBpJo}u)&F>l{%j;HFf>Y5WSEY@_T=oA)67fhm&CCPnr}zy_7kb|dBRGQ3ASQesQhVAgPVzPCH&AIR1*4KM{IxEYwBA9=7<@-cvb<~dIs1j(_WRCYUGP*b!>b$?S&~cD~xt^b-5-nOc@0vXw(NXwSWVH+Tg|8 zpbp(e)-Wjy4iX9NLEM4I5l1X_VbT1FIl8IG$wI4BE9H#Yl7{Z@2A?l!m5Xs@Ac)WU zy^sIU%E=De| z5C7;MKKV3xOS0b;YRl=7WhtRkJ%3`mce(W*Wp{nv39^$7yJ!PczN76dN70MvsSbcm ze}mbRz5_!oFpc~IJP6*z@mZu^1eF- zwhzYdyF$2|r0Tl~Txx_6z>IW0fs+_;{-7I7qu3JumfPN>9eWP+ONS>9-}}?BG10q2 z##eh0U=wdQ7(ezC<2bl)%|?^=aJaLtsA~jP(>fHijn6ZUPunQX?>!eH{~xx_Iwr1w z+xB=V#obDA7_7KcoZ>ozLvfel#ogVV;_mJ)#oZl>TZ>D9clh3YH#d1VBxL?q8>EiwhEHms-1wG;fBMcz+1jSVC}ld>$r&I;n!EDWaE-5nGOH~0pRAtZGgo1 z&*$Zz9l&Q1#5cr8W&5Qx)LX0UB+z5Mhxva8(1y86C!p+bsmc2_5{Q-G>9~C2bzI94 z4MzRQ3p8{07?$XJloXJd?PV;U*trw4l}w9jIyGp5D2pYO*i@9_KvaJPT8tz&;0#PHKa^Y zJ!NJ9LH#1BzKtL2AWUvVG`V4RzW_6Eb?*jt>YR}CA}xl5-@4Rhi#pO|nN>0h6g{kL zz)4NmO^Qqi1)vSPv9NKd&TFZ@wBCz_-Ar^{+D?2m;cA@j38wkre#4i$dyT7589+^` zg)?24GjqFFM9<^C8pN5{;$KZT8D_7YV4p^yT${mYyr02V@sqZ+RM`HHw#M(^>aBLAGW7T-wCdBHb~ zx@4_Ku1J!v|G*6a;83*BpVRX!lGx-#IStOUt{8iyzFn1LHFq;|nrfdl*(h87cPC=9$V9xQ5z+>Vy<@ z*&<|`y@dG`BDU033X_BKI#MU zt{0A^-qyv8Z?vXXch%lFiKK;4hA|b;?g&J)&eEZZ(78d72=^TeM6wW(wTchY(B`tP zb2|PBRZ#iY@3&PZ9-^QE*X_@tB@x-S9A05FSkvc!>D9~I-VS3>T8)JpO2Gp78Nt_& zKzH-o!uaW?cy{f!b@V_&Q+hc5;suymi?@+KnE|yl-j|&rLsv1(?BDJpn zu@1N#pn$ON!5i_xa37e(O2nabElS>LDY(tV^FQKsgNiaPiMsw0jdExlpFrLUPk}qZ z;@ce<;7R-iZpgL3ZcSv<3@sG#_srJYJ&*YFe^y%H7m?G@$8TPjDxEit93*yn98tR+ zz~%QX;&!a^Gt7?rC15vN(DAU_*Z&>r={Kf1iD!tJZ+6CPm>1fJm9LIG+phVQ!#9bg3epIA6 zc%qL;BVmmRLF&l z>Y>TRGIE}VbmIh1I+Y-2LHGFgUkFovI9lHvSV}{xi(MBs3DufPxjYRMZq55MZ8Yt< zbcE??W;egp;VKT3lP-CnCoGM}VTZ961RBgBtgxf5-VA?~%tRP!D(rU}0cq4~M}!iB zDMJESonXMlkt-YUg$w>nB<$y`7+|+;oOy*%i_t#q{-e*I5CuPSZdgLe_HU;$jIluCxC2N3kdV%gdJ;XPmU)tb9&ntns1<} zFWU4l2lHX86+XBZMg(QZ22K}|yW2f(4hkwjXwuV$$xP`11^^%LRhtSO$9- zqNJLdh7u_Ivk5H&(cxD(Ag8iy8+&ACd$K2Wsq2ZD)rWl*kf8CG)lF(yCfge=SY9WO z#Uj@(FZHj77bJ(Cwo=~IH-H|({r2sGsxcUBcJ1%(>Vxlhx02M0%*q^-~ zZGG*mjsm`Fbltgkc>_m1??3*p%dl=;x;OVj-lKpP1LUqY8~)w^4?jjXa81kyPIRrW zkKK(U!N}olg?kfga6;i@&-Hs_y}+3v9|-|o1FFr)2bX+{#M1im!R@S zLg+dI&TK$`>)qRm2#v*ru?PJw&-9`Nci1ypOd z7DSy9GDaswt`Y8J2>>$Sau`eQF)evqO1MyZ-FpM#Y^1#42Ma|+N;s4PuC9Mf0jR3K zv45Jg`?k7=>h5zAdAHlAmPX0Cph+-BE${k9gD z^6;?WtmLQ{e|(o+6XOIm)LluyGp?1)ZU%qcGYM<+F4~?wWYj*|dHzz@Osb8&7L&UI zjum%=q82IJpfgbBjN9b#3+gBm-ViYTn>e@jW~8uK=3(_?Ho;XBqG8ZG&%v-Sue^LmbWjOBS)5h|Jx zlX7twaet{8UOnlFGD8kBW=lEjOg-3D{F!H+_ziwqtJ`n(m(Vh!iB?k!VYN@2AD(86y5E?YBy|c3x(yG&i0|S!}D8*8YT~FJcD| zjNSyOpy5N$Ig>L=IhD_d#42o>_z&`~Mto>cEwE_uEW*sN&8bLw zI{61i$HVg}dm?~Id4VO8&=FrNjI)v!`K4UVu}_>1WuA{n#`;h`UQH}}7C#OpG1G5Y zy@YQFlT;$*bJdGU1xomSy8+I7xtwy-k`#hVxOi!u=L_<%FaVEobgMxB$nN4E zFt$iFm;Fu6K_*)9_MCCiMU?0Q1vJyZHSbRjW)IRcnGyKb(MMI_VPtvo>-Ls66-pRV zKpDFus(CKd%lwPC<({m(7>NkT^E6^&~!=+X2z~E29?Dzxs zQPd*8ZeBeaj?)HWk$zvU70OzZX6P?7V!t3#B_|va2G{FM4t_J^kHy%p)-s^Ncp{TX zi}4SFE|0foE=1GQj4!E1-Y+-j*nK}-aSUa+4jtH!MHRm%FcNK&0>$ZoHVoXrFFOAY zrmyXu+yJA_86adIjB{;X0|z&A{2Yj&xg@3#ohu1jt_fk?bihd>j1IojV~ny;IM%Ana4ic>m&;Y_KUFvhEKBQ zaZeH(dXnbxw_=jNAz$ApfN#>YJ&4m{@ei=JXKsKl9mB?m3!WEKo$R-US4odJj@WKdC(htzO(;CfhXso#5-T2mVoLcEGN- znX`-f+>Pe(8b{nd$D(m!C(9#BHApsy&)y7IG;cdnY7onORblowg-;13gd7`%$^Fri zm1qFmkPkD17>hVM+%t8Ouz2ExN+*i!Gi^U1N(>&DZk;>+%9!RKBIz?_HVDqn3Trl4 zOLx+8K!DJ-JB69RE4I6}sU-Uvs9{bI)}7UhnMXAnSOyr?870~4M!R;9s7#=TSWKad zA`AObSRHWot@}i-yU-kEuYOIEQZE@Pyr~~~_`n{xSn-n)rIsKltVYQ_z^2J~GE8j4 zuEIzyv%RAX$2EFcs&O9X^lP>>wGcL)Gz(TDCN7;sEM~|_`hv1!K+sYJ@>Xv6ETdQD zmUFB8EJD9FmmicgL{@f95gQcN=BJYlUuT*eSJ=Cu#T8ntjH9IKT(Y>8I%guGpg(S6 zGLNRa7XK2@oZlY{6cdThu|p{(h?#IkqT|4oL^b8I;|wwyA?asIW@G`&MwTvYk_2rf zg$8e`Z;FWc329826BkrT9=BR$kyaYbZQHjjsL?5V{j@wUX_boHh%yWDlUOU+AZ=Lx z_evNLlw2kDFa#83_^pk2wSjj@opI*K2D?>lkt$#XP^Pt3m(@DoFKq0NWh13E$8|@c zrp7U3w?OqZUytyy<#h`AfF%SDr=vn-N-{sQIdqZ3`RZ{)k;tcj_YQ&EmJqu2$7Iib z_ZY8(BoD;K{+BDg)w(!x98bVuO|MjHRs3yUR$asW^MoeYRSs-y0 zO2A0;o<8FJPi)PqE_U&jWhR~nJ9je=8tEJ1sSL_nXI7O-(UUF=&P_|e8bu?y8{p7b znJga^WzTRJc)7tfJg8oIXvYl;%MqM2Gon#ceN}3RSf;OD5j2nP&rItl0^b8Marx26 zd}wn%hU;nl0PPUr^k9^oc&hWTEMAz^YU12-r(@#Vl<;7VFh1~iZ03g5dtGY#1`Sri zETAOieRxjG^*VlPXtuB@z5zFXVMg2n{8}=h-B*D+!H3XLEp0512BM(xc6yz~CC4KA zdEy(l_k15`K8vEHr9KqMEICqPUnAWiEV%~TX#cv%fP3^3Cm-gglA(uVwyjedmK+f_ zowcPL=i7w`P>vN}|8vpaywOqE?DF0O$V>l#!%(P8*7Nh`w?t(( zKyj?`etqc+j@I_PfwUoY1L4R8;Mxzny1EKLJstoZQ3=!ll=Za(3WM&`$-J8PB{1*+ zsl?Oys+Yu1k2#isd12o9aa&X0nfmKKbkqP?%^L!HYg z$W&a)l3rj%p6jOwX2!wbDDGj6jLV>55N>Ro+0IrhX{jLz2|*=UH9}a{d0(koC-*8R z7Y>(}$`T9G8c9-K(Jf-3!XyhI)koAvBrAoR-a=h`SB-b1)f)CdViM@P5NWF1Hh$kK zz&rVgL03LmhMG;GPj1x8p)mxFp{ftXWnw~5VMxtSWz@+bsN#T?x(kr z5YzMdZDm0w6{HHS&b#K~Z&%7ma*z*i(eRyf#X(^rBbw1Ju=rnt1$)LIh9qme-K%o zJL=dTG-K<1MX%r!3nGzKejE{#yc<5nArQ7P&=Jq z;ERegDS>kMWLe(O-u$%w4xCESK|5)Ki@4t^D4fLYJOQiACtjVQm-lk3Uoziv9-lv} zs3ZMTld2H*bMgRZaQ!zP>qrrmLMUNrXD2K~a?DM7udUD z%!*2lSw`8tDGeH>iBv{n?JOGz?d3t~sYqt~VO7!?K1KApOh*$3wF(~eyzYyf%yPRR zF*i2`PAB47p>E2mUWf`zy3C#0L&TKSP{XPLg1N2mYy+O`Gsb7a{Np>(E!BD!OKRBy zBRW87AjLLtByOs^4lg{*t0m7OBO*NnUA3sWWTiD)=`br(bTc{aLQzBBW0nqVpW zX(O8)aO(j*I7X&eCdR=NH#4(<& zZpL~NkhVEAWq_fHQPwmisw)6EAj@M^>F5R#`W(o@Th0;{!yRWM)uWZG#W1E$Y6R3+ z@_)3@1mPSyOwtuGMcim`Wz*nTF@xS}SnG}4DJdb?F92r;y)P-q zhq-xkbd!KeDj`W?e0YX;RZ^yUnq9v>4ri68=mdq$ae@*<3I1rf!}!-d|40(bFLpK} zm0BZ8hP_w`oG=L#7&tOYENO&-;?nAo>_nX{z15>ErF>koGc*Xk1`^W!4D+U06A2hGk`n5R+NT*T0plI03}H- z@N3)1CWd~~5{QM%r;Wa`N^ffTXqS!}-)&McUznbdKh65#o(CZi9;4hqU0etLBiI00 ziNh>ZXR)PY9cR-SiVwmicybtKK8>9o=$1x(lbXwCvb`Usw5utg*d)V!&c{qz_XRWc z-nRcOjNSpCZ+7*pC9d2S=$X3C}Kpsq4%+~ZN|=z5h3h4GB}j&UvAn(2^=V7tg{mSNJ7)y_{au8vmF+p zu^GOslBsrB@gXUpwx%ROLdI+gt5mVDtQdsCSkSS7m#jc5{*uI)T8e-*!PQa1#NL25zpqZiZj^OYGFKaKPOD^NbFcHcU%;zuE1pEdFN*o$1Om)xeIkU?0;O5!eL^EB*@hn5 zbouE3UoS)6VqAyv7(}lxNaK{bP^COHgOgpm4?lT zZ4I}0{jL9D2=6USL66e%D2)mgMFSd{Nm8szx=cdHZ&tJ+3jEdjc= zcfPHY*>-bEbs-!nG-biB;JwTDpyh*3unJ2zooHRFpvFvYS?|&^jSQCIC##qk_8aQEIs=BWQQHi;|d!y3UwKYofiy(o}E{me%kSRVu5l;&=! zPurF-PO5AP?#Hq58CQx$BQFr?KC627Y2$ zK7Of{BZd13hpjw^Upw8UEVQ??+ndg5L05P7 zWP{RY0W3rK9LP04yv0|iA5INE7Y!%4t;hcUK#UJL$;>#|TLv$tfB+?vDdwdzFSMk~lR zPb*1hX~8)y@lW}B?#brg?suzG9b6{HcU*x#Q^1%vVyVTS?ALm|%E_`nU8Q{ej1gY} zv~MN=sffMfGC^11Qqp-{Am|AY!9Oql?wKQp`fr`+KLf&${5nuO@h+Or%tVWRx#iX)*084;h^S%X))mg=!hM*qr1@kO5d&I%`qNhfu68BrHgeaws+d z-9MJBxRjO1mrNqYT(%lR2+@~Zm5Z951b2t8SLh+hwkI8w@$M8|M+K&rRJtbC6^Db@ zaz&4jz-Y-u==Qwt9w+Jq^FWg$Ez_i%$wTRpT{>Ghj)wiv=)SZoF+(@qdd!^C)3h#? z)&G@EyjHsIB4o62z0Jw{?`a2lsw_`DRbV4R_(J6E$dM77gBWtK}b${KuiyA}rzu;z?X(*xaJbRCytk^cFEtECKj= z2#iAd;Lp1AKk~2G)&913{?4$@_Uv>`7s6R;E{07 znxyMXg0x0NJHGVphx{LFv^9A^Rpc&Y*-KECPwiBd$JiP`)Yg=t%^t>{Tv45j6P>cT zHd&k`epx%$<7yp9zMNVx>xLcl3}_qF-uvTfIZ^0f_ch7kV}YiF8U3r!5=KCJ@McCs zjKc(|2<*3*L%8+t557SJOAvm?wuu{ZV*Y;NyY%AaJ8BWOh(@q;CaHl)C6xy&UWqW1-4tl^prq0BhJwAZ9)DYHYs+rKZlS6LS zX|oYCw=M7YY5NxOy+u@($)eGpEYDNs6!1+8CIdCUcdBk;4#U;yVPwv12=-N=LR*h& z^ZNBNn)w6##vr!XcpGK}LK^+5^1cUOnOig`YlKU4l5rXzdAh%h^V9d57Nm1O)iX(Q;9Vx&P$iJ>P$Ry?k{BqB-q=5N-c@cvR47 z@&66^r*i<3+V0Pm-8s}o(;c)G+FBdT@EZXX@ZgOaYageSS5z=!5CrMtBM?Fy@yS&d ziqk;YqqrQ%?zc#>DveghuH9t6GctuvoGHl|P2+_9t9h<8oEYbEv(kxsVzSo6D2nW`WJ#TGJ&o$`g&*b_N44t zbauefqBy@PP_`|E;lp8u=qH&*E9oC;VmS&jBvSN8H{i_Wy##{fA~g>-KSXpK%D;lg z91v1MO6U^;nydS$30C$87`A4SS|LjDl1?lVkTrf{OfZH}%~&?EhygPOPH11Xsk(JV zBhWeP^_X~lir_kZ{HH7@cz}AZ*a*)}Cl(^aVJ7FkE}L%hQ(x;sGt!eW616nUqNvQS znv#Mqv7Xw#Ha_ss3&P4qR5tDCmV89RVJ2J&vkYAsQmIQQftVXqOlF3tjFk&X=W58Q z&_StkZX-d_WNe8?vGXFxnASm)vw(4Su&ZtR?xaqypUAHZ88$GqVHzX9xhHJmBXM_# zlhx%&wGSR`DJ@O)4Phzm9mD(5h;7Cd=wb;@#?(~~35RRvsiRk4(n(!rg)%&2PgOrL zt`3>sW-G86K?rX!oah@v;@3^{*D(sp`+Tgx@;&)<$(;Xv_Vb9i`owwWZU3g7yFg{r z(2bjRG><71BAHNb0O>TrLKau0_@BmO?$fWKpR7%$AH>hqKygo++5&o=`rao7wDT7L zWb0s%qHw&~MjJb+Y6!k*uS~;+NTn(Gq&6uvF~z8<03j@dD;b$=aK?Aqh0pF-en<9r z1HZcAHIySnXWtSDsWg{S$EuZ~Om3D=LLaHCg4V9D+)0Y}(>c=$`@S4b+eRm7X-Vgn zEClWjmb>BJf8ME)u+iKL zod5+OKLH>);GNHUS?qYT4gZ%u@t?__*ZCNT$gHlcu+|CCpKdyM3zne7B0)8~!$;Sz zt*mJN=Nq{~l^%*kA|}b&QoX`p%-pDvrHUeO*#HkI#6Uox^gtzkQCa%wkq%Ntc`)E`xA2tv?f7)RA%uc%v; z;B(6(bk)31I`bhuw#!dvW%nGzaGWwbl&DXuE-a(GldG%7uT5EgUAt<_9F>og0lnpd z123B6$|lpO(-%<$+?pheRHNvjgno3sq#br#J_i1dK1a2#GsOCpH0WSvsEdpv2># zBRZKMVMXcDI8kz64}ueq$AV}~Y>Ml0RYZM5G$HS3*o>!%(sGN|Z=V^e=Ag4G?`%)I zT>642$C_tiWcoP*u>-7t-VZ9c0H~&ek|bD0-461X-@M*j%9X3Mvx=#*qGKau5MdA>eGW!;_GL1Vk`#Au!`ZSlGEj|M8N(?5;7Z< z+gxi}^kR+%G_xEn_BcpbP3CK~%GIyosuzT@wJikI)p2A#{rCmy!woTr#Bg6C(^7@Z z79>z;GDM4%N5?>B@i1~qIoN^ak~)xozvr&?L|9E_KoyI-ZXF#R0yb4ccEk=7WC3xy z+G{n(oL7Z4O}`x>I7;25%vim!>5*AlpEJP=tHfM*2T}rzeJj+_tWz0j)YT6yO+QnE za_>ap$ehJ8>=z=ThT4d<=gvB1$x_Dc0eP4mH_L58)qh=*b zvDUS|0z|5H%c3-mxNc7oxu(;a!EB7I@R^>&M|%qFki?^ohZO&CleP}K{6l>~bnTfU zvI^n2<`23bD7{#6kd}}GaFXLh^^1`@Bi7yPx3cLL3T+zP-yQx9)4Py5aqd{JD?&i(z$e>ZnryI4>zATj?sY4=tx-IQ|OOOVj zH=Y;$FV8km?E`_tJvIKG^3o_dMTz^>M=+f79_Lhv$6N*t6=th4w#hmj+VyALT9eD> z+htDGaxzPR9Me$N5R-!ZD#ZhjDRP+WP(>O^${bl#NU@N=Fu~WV5U5}@8&eEPH6}IF zg9K@x`%`2?-YaN0Ii#0LD&mMl2vdfM3E6WRa()=NR_C0kYe_Bog$#=BMk1?B-K~D7 z_2hbQ^P3?~T$TvKsVQ^FOVB%PvuyL)JN%KeB8IjI=0|1GYax=Kw4##mLy?VQqk8M@ zxtX8vtE$t}4DT{zUzOh8OIzo~=Ci{2TIAWO+?_ZigHqRyrJzpcHnvR2P#MODyxO&a z8ZXUGI^HqAsaVsj)~F_2xImJP4j+s#pJ)bFDlo&ukkoT(z)Y3gqLuW^H=t&a*Kugj zJ}H=!KBr7Ef1gSl+NAui4K7v+>1&OVw!c)$FtSNC{=0E&BZr$sh4t9CCb_m=X*b-;)Sg+%RfZEHhOsf(>^KyQfz_(q zC=^lxkr1)~^e|1etBM9qx*DRV`UoXOUIKja72L5}xs&X5ctUzBhT~=W+E(x72G{JX z8~K`keYKw68~)|(Ia7>A_p`ZD-Ge%Es!<-(JRmt8k)+HMi{8gh6^<-r$y*P8XK`_O z%Aq;KYM$RFE|UNWMZCgG_$h!&llKbWi86_}*^ z5TwZY!hDQuCZ5cHpDGq<_Le2$R4#rn{r&@VN#>HJMukv+uTH&}A0rcNbMaL+D2|{y zO;8JeIv~~%z#rSmp0HFb0uFU$dD2=F&D#%VCKk-!%F4%$U3#QV(@xuu{CHMdO0KAG z@zU$JnS9d=cEws75pA-e)4V$h!A;N>lsT;@jwGe@7mC*7Rt6GA^0_cv6&CJu%CqGUujWukh%aIMKqg!f6|Dy{@v< zjtZ2!U^fcOc@JT4qlO^VoGPNt!whkTISmiNb8P#Ke6Up z$6KOSy&P3~DD2Q}jbUADp=oZsTym52EQJ32QhS%hu;{TNdA{1@@^+sqqY_gz=7eTP zK&sVHWWhulMef@|KFH|K2#`~YCEXbgKe?f$>tiloJfSdox;ur9QHDV`KrZw3JInCX zz^tsJqVTJ87G@&@8zI^u=B7%+=_^7=i;);xRzVb^sw`H4P`{l<5X>SBMUX_-R!qwn z0gnS>z%W_%9gZp&p1<$DY??zHkz~(WuSb$Ab=y|WSHXE!HCr+)4{I8{g!iQ%3EJ`{9l|{8af{08{+V18G(t+TWhdI?IT+0& zIK|_W{>|Nr#9!m^{;@w;7OCsWsdJbgcX25-xa`fND~+$+HSsd4ONhT%v-DAdhC?aC z7nwrW#J=>P8+-RB$^w;(lj{$AW&tmbxLDiuN@>Hgydry9FY5B4L)XB_b>k+LDTAM_#Z z?PuAAp<0a|Mjb$m{OM2gm$xTepzw4;UO5Leh;66~&sHOA;^P&Jqu3f{eYVCnPP|VV z;IJ{iqWF&5+4)-#h@pG?)+C8-`ro3NyeU$~s!kgmU5ED!UU*`{hV!<4=>j#4;7&GH zUN0F`{H;9i{>m>FjR{xcp&RwRO)Du{+}b_+6q8{FKUKr-XWueb4pv!f#kzM2@5+OG za@2#0HuA__a|g~_50?z=XwJFQ7glw26@s`J!xQ;TLrK#3`7%(O1&BEKXmpiIR~^

>=*gxb|Jt7I69b;p6CMMo;++=~eu53nDMNg_p>w1yqqj)7~PoV-R zvHtDf>>gD$2?r)r;s_C2Om%!eS+O#1Qaeexp5M|^PSK|BSRL+#Y7|>}b3_RW38C;C zntbcBfF874{0uUv^Qc;cPQ; zVh(EUr56zfOD&enM1<|Sm<>fR1=AFzEGzLi(u*m)Q@%67M??I^@nvEq(y9e52jl8X z>Df1{9(SQU16^q^{x>auIA|)EXo_Gqr;tJ|3*i3ymzy_BKU;)|wRYj5ZY4bVzJ6%3 zKuCIH5rs-AeaKQ;AnxgJ6r=)J?Fae@Pz>XpXu128z08%LhXI3$eK z5b|{d3A}0KQx@XW>V(oZ_olunE_~K-(;UZz!Lstk*wP~T{EoIlkCV5djos0!X|YtU zbAiWdSDG$b_v|=Go<#5LNWY_Cw0TqrE<~5qR0@O=P`mW!i~4Z;F4CdcklR&-_lED| z0|QLT*3Y?l=11hScQJ|K9c(fh=?<;ITW#+lkFz7(b%2=2(cfJ=jc(!UWq>CurRz-k;C9VA+VN*+{L7<0B9Q9 zLifEWvUhhY`;z+-XZIONNlB~g?mpWnjqqYuNSEJ5f+;m#EJ83a;&1`CdKF=W&2R8X$i?j;5eUoB}##iRjmzlyLYM!tkiRWySXq-?ZkqDudA3Np!63^WfK0ILs# zyZi!qu%gK@mqM@Z3)4~lU?X?r7$ro^L=+XsAst{PCTVFI)O$Owy_5`G82&E4J(1~Y zA;_V~phziQWk-?_tAOARp<6x1nou@Xk-eUslu{_cwwQwKuo#hD`B&+#c+4|e2=m5u zT%Xbk36T?FSG*|!G^`6IjxCTPuOb3_T|S_|&B`oo7Qa_c%x5W6>@`5er;DWU(E+gF z6(}iT5$iHzCruBl(1!U=pv=HXM8hS9*|c5~CpW`5@y>L=L>L{iYdNkn`n2mJry9N? z|1{^|hD{#FvO56|S|6=yz+*}{mF8taE6>!j@T?C~Kh0a*ART7!f0OE_fz1eZ#}Kji z#>Jme;OrgF>k~Ns{G~rHM!t@n$XJR6U0kh1i_ENTvwYs{F z-nW^aN>yCIeO9SOT19u3)!Lqx>B`J_5hDbVDeuemV7I5g2Hw1pd{X;$=z%xXntkU~XXcd>RV2ll|>utpTj?EMYM zC*h;`#H)CLb2kBFfry(h0d?h9Zpg$)^e@xMk+26A4GM?m(+c|N8I_7A3Ln8uYEZ+@ z#Hx6LJ(!z|0R_NgbF(?g^~g3kjzdt$k3*+3Dw>#ga) zCR4@*yFW@~%g^R)v=4YSEm8+!&G0H&?GGLqN;{?%>ss(MfRI}N62E(x5Lf)A@fk4} zG1Y+JvgH$2TZx{o^MdmR%LI;mm384mn3yt5Kts#-x*U-^<>R|d2tuX@shY`Xi=Gg# z+&m^o$+}-x`C=*dQ?Y_@`P8C=DfO5MX&QT#DSNA6Tcm&bXI|GAOUE~LfF|toR0qd| zmJ$c!?u;rEYq{Jy`i5xwGNkNClw)>@a?l`E`qV)=_+R_4(QC1#F#NZhXg|Jcyl%vz zN^xA5Z(Joo@OvvSt2yZr1mKggl+Av%%vp_y%xeLmX#VDOd)&%wU#Ro&0&UqqE7Z6# zDt~UzOTCb=f}ta0#=J^JTqZcaoP{r$^BF@rss9^hQg6*g;m;CNR%t>Z)5B;bJc0|q z7k8JU-$t~XqY8Ow{WY_tQHe{X%f@AWkWyc9IPVI9| zQ_u+=xcduMgor%Z0zv%eR5XcO16Cc4jpO5`AbVE{jP?D^@j zzU$O%r+;s64=!Z7s{kyyX3owxfRDrbqG%08Q23Pn7uipl(!(#@#qywnn z(Ha^XFEW89IGi@j_3x4kaH#&fD3%B)b-N>n{WsUA%+>P;J}-a>bTNW}#&gQN@53=% zdK(5D;jrpD-X=I@ji%s9Kjc~;0dNd^AehWc0PPL&d(Qe++eE-TJidNyvVIL$?85)g zrzbMN_zsMYSs{$3^tTROHpECA1H!>Acpv_Q_naXxRK`5Y=DNJA-8tBbyLN+hbaceb zmtNh}L<#@+z5wqS==Ie5?~ASHc}jZy*60pS!CgMU6%z=q5FTJJbU2zwXd>fxPt?XH4-MrVl=u4?Y37 z$|s#Jj*gChE3`Y$p3=p|lKKw=)KX7w!T!nWp&8#BwTp5BiWqLcEw}{S22fAbn;!G4 zR=cNb`-E`x|1VFu8yVeFDB4@}`t0-jM_TQWZ_}95l6$sdu^U*|DLd+uj(1uii|({T zuBK99EvdGE=M1F|e{M%U(M&w7s-sivs5CQaaxBA9$C>4U!q1Qa16ozxZf$AaVc66lq zIk5lSOUQ*lGcY^mdjWZysurGK|IpYS@g^+AW$s)WJwa zx^RWC@=0HqnN-Go)@|LZUUxMSg%(&bIe_U^ky=!fn3a}aT2tr3^uWK|4!!l;2fcp; zJD=AEC}D=uvoxIimF!Ps|14OLWR`@cBCs-p5W|g4-I7iRMnwOl3`u#K`($Fo4T;}5!X%TTd04jr zJN1gHr~n^&Ollc7RU`$N#_0Q8G|wCMj~^~#yPt62gDL^KxJI^9{`_T$^p{y|cj>+) zcd-%Z$DcsvL>L~T^^BXG---==tt@*R^Y*Zp3y-?n{5fXB2j9(3s^l*NJ`~aHMgFs* zG70U)wzZQY?*ORyIB$^}gYSk_AuX#%EFqt=+p!zJTuSu4_1-pvvGH@_6EEKuNdCo4 zEjsG9F4Xd)3%Mq4X_%}C!kd!6O2Y(58aTAfo;P(zgq{}l(Gpj|K})VKiX5D3CKkTA zT?2F*!zB#sJgQ=OYL^eq%YDA@A9^J!PK=kE=4w^1nw3`>ycG=;CLP?~1TCUc^s9k+ zr{5%@YBE6?9ZrYZqaOLf^4+=xHp25T!FYQPHs$)EL<#t1fsU|EEKjB>R_E)4$s`W) zw-OZ$m@3pBHEJk)u$Dhh7LvAfzWdZaYzXb6KTFBVO%&#pr5$KISlA4IV!9Wu55rNK z!re|hJ8UicVXR?hsgf%q+)_JIItLPE1S?wDloR{b8)5P?=pqZ`RUL`;D<4b}<5}94 z6lxP>Q@x(;J_}Ip29%h?r7$Wgs=7C7{FCXP^WH)06`8S>nOcu)t2k5O=>xA{-g4Dd z_CJFg8(^&EoV#m)9zuSQR|-s*M-c1H`~tHJEo&M#Y2y`2ya`XDfxh1_%>ivdGnLq9 zpKPfBv69@=B}&@^DN3MOIlQ%^E?QJ;!Vnl!&p|FL395MveF;Unp~No zHbdn_RxO5NIU0yG!Hl?xcZ0kl+vq1ef4?Ht+ZSRp4E-6Pl8;uRl>Rf7z)aTa4Z&wqu*+A8?l6|Rh#WAs;v zkgug5{1h}|`#M`41$Bk-Kc`RylZ|gKaWnnkk5Ey*Knu-kuZ7C>A1VodZJ|PQzdkv^ zNLZI+@}C`QY1N@n?Po^s{$!(4B#6dLs4FVKg2_aoa3pdoU0sNNmwSz4KPb_pCq_pT zm?7fh!<*1Utw&>VfJXb7sBa=Ityg;{*9@uRMtUHlFVs1qx7isDK2l-T54X4DEi^`m&|c4%!yPMF@sX?Vw3O6^2=0ZsXC zt68jA00L1U;nFow529siy`~egubTtzJj&C*z;2%l#xCIf3+Tzi@}nR?C%*IxHPB-d zk@`6u*8lj*AHS#E^kMIrtwzwh09vAdH#9xZZ1?k`9-zwh5ddcnT415E%6s3(i_ij8 zC}4_oeU{RF-`=&~-c}_6sLr1mI3V0&ee&^O@;M;hZy!L^f`QA9vdrz&bAb!ixcCoI z28=-LyB{tuE-s!?aHsue8v2M2$^nP+ApdD(*r3%jRCau`+xa-jDJVb>i???2Iw3mpGjM zA9Sw$)Ku~kKKU2l!S85d^1ff@{&4>2@$A!`mIOeMNM3$n&2--mF5CBR<~B~HU>0l8 ze>+Q%Kcmw~hU8T#PxBH^z}`5gGgC1G+rr8{j`?h74{ye^qj?D=_FNq;Brv;~q-(H* zw_JXuRJRO-!9EpZ1}d(Ve;P9k>Pj@ihBBxJCK-*7d>Ck)W7zppXp?mn>9ynwe>XQn8`MSJX2g!7xTERS*q{bqk*wl}h_jW(f4# z=*AA;*5+mVYB3u0E#*)4Ph z!$Qb}zrAbrRL`){#@!gcHhZnA=Hvp#=G{<$AL-9fP({(?_KkCy88x`*Pr#j`aKnfb zm_o(l()l9^SRw9*%PnLkpUwAct}@Cd79tJYbgdbQl4-oN^pC9i@?3)0D9DLmlbPKss4bg|Yi@pw`sK)AiFiK%xaqf5ZBC^Tyomi??p*_! zqnO7niXFkjdt+XMWRk;j%~Y=?FfPzU=H@rvOy<@V3tN24og_;DVbT08jv0p?ORSYp z@uxv#-1eva%Rj2|Rm7vC>@VB~C=GS+#9|ax^o?5bv3y9lf5DZEmk>p1PWurLhqNt< zPjX+z9DC4@`->-PhhYeD-!`36 zS=pMQ#hQRwlvwCh5xUycS~ja=%YBq!FOcRcZbb-r;jF7GEcjL}9$umEqD!D4rgqeb zWM-c~z8okU9*#T0Y9qZ~1&Z6~4Sib~^e5>sl#GYyXm=2`v0kqM*sXX3l5pV-o9dCc2t(WxTvNkCY2} zgS|1{NDKYNsDhdgVoG}W8i}5R^KJYSQrX?O%Je+7i7wF@g9XE*t_0?EyN_fR_R8!g z!3cC4GS(i#U$h1P;#yg|=*V_xEKIYLtE)}AB4Y^s?e__`AD%#4J@24>6->9UptnukL-%UlvEJnwUZha1w%D~U{y1!Fi+TM{Ik)-M>d4=S?? z9Qe@Fabm^I_Ry@q4EXlYPQZ*bz_|7=>L+v6Th%190HSeJ$U1H#l2A@;d1_b(vp&xZ z+GkJk-H09So5&BP+#gbbcM+kzZ^UZyiH{sZbe-y3Obz|Eg2T?^n;!xrpKo%{M>jyD z$N2sx&bbB@U{W>`9wyCQUH+1UzoR9(WED!X+!vpxhbyKo?iMBgTl9fku;*|vEQE}V zmfu)3l2ByylahdlMqz~iL}>|=K6F(rNC3&~K`(YPn&A*Vk0|-k?vR$68mNptLC7uJ z>7Eb3__BLaU#V?a!r1 z3uK;d8s)2fW?tVHz_Ta-ZOOfDl_4mg-;K_7y+Y~s1XYc8+bQM&_g z<$0KDy!!X3{nR=jl)NK%e1h}+)O(qo%$6yu6chIatCVlY0cX9z^wN$9PdiV`F8v~+ z)j+xLx*Z{uyx(X!>6^vt+Twjgs`jCMyvcDI7hV#1{G{b$R63$mF`=39HNpRh-^mvZ zm?S@ghdJU9Dm*&L zv^^U8`z@PzzE>W@`_KIjF!hzz9Js@$=^^hTI5s_e6rO+guLGDz(+N_ddh$#eY+ z_WM)xfSQ+0E2M8fXUvwL4gg~dK$-C7-4-nXyO?US{8}DZG-`KvcOUbJfsVJ1$_p$+ zZAt){jLbHF%%_Td&xgA2bS~>XZu9Sg<03j+y%wJCbAJ8m8I}%BtZ`U7Rr7Ik=-u9a zexf^jpaB5J$IXXR|LN3#dAqV*(_52S_lXR9qpk_xBjNc56oUnt=ryKEzq_TFH5}f~ z>)(@77iD6e1b#8iU8D{HJ{|sd-S^nQ=biHI3o`m@z{AC+Ta!k-wd5uxFg3RxZtp%G zqIOzGcz>%?QQ3J3NFxqyO{uG8{;u~@H!bBa^-&T%0!beB`-8w2Yq@}Y2G~8dRoT%# ze@`M(Qa5s*D673^ojV=uy8kkGf4n&mWre*wJon-T$Hb2RA1IuE&6OWO}3DgXZx`+GB?{ z=f;=aBm1VN(?jdKxZ4ECr=%{0rDVrGpqXtC2UKUY^RG1!ftWRQClTcUHgI6X`3C+< zxUucR&3`_xpW4{CzOm8o?sB~N=coDc;sp3XalwMQf#h}-aa>no*Kv4RV*Yy@FhPic zY-T)+3X1rm$!I(g9#_j|rR^=8;bt-+KEY^P897ZXh~1tMGFsDbXDNk6s6MMlEU5P7 z=Q<_kHj0e`4QBq|9!W-z7tSEo$OI2a*@=ykygcPmK1&o{c93JcTeD3g0z_Z0oT_*B z$JIl}dFyv}4?dUQMa66g#fob?RsUFA!ULIU-h;ujX-b8HY?U0b~8;7M}rWV%3lVcpxXANwN%Hp2_i+rlagd5~4CuNfG{S$r%e+lIrDU6-$^ z|M~MDH`?r$rvV{{-_-{&;e0x?Sj}*+vDOTgi88g!SG~)L3ecW#ai_6(;*uHJiA^$B zGfrermv>PgPkS1T)48hT*_(cIz2xX}w#XD+JRUJb=?xwQNC_kuj4M+IgpJd?GHq$@ zGY7f5DrMJb>mnm2+?LINkE${;t8&Q;jMj-{z#%Ky7rWVwyPp@`OvVfqDEiDmgh)gQ zWj0RA2}th+#KtN4@P$IYj7JBZ9vr=t#rXWv`Q>;zjtC)Cyr?i7spQ=`wzC$OV~KW7 z1ERKOZq+^o3EWvM(@s8XwGoR%7HF0MO6RlY1H1>UEydrXKjVa!b5q^mAVy%t(*i*hSbAoHJPfRW|rt1rkV8ue=HH zsT7XQ-*v?@1t9$v&os|zw?-~cgM&>Q?xLZ`AMS%iZ32Vd4vK0pKW@nuj9DXP`*XG` zY6`F5An-UBmV(mUojXgrtfzc}nmJ)vW1`UyUKa5k)sjXStZ)Jy?L<5GV1$m23FGrG zWHrE?x{}PNHO4T6?bRo)4+P85khdxK+9Q7>eo4fkd&KuBX}s|2;L$Fn31e@lra}i| zSz@+jeRPp}WCxg#Dh`PY-U~3$`9z}6ESC1GwJ*Nmy4==St&(&vBh9;>y5B5t7qLdG zHD1b48A)P*|K8fu*BDGyq4~Rr)i*8I(m2L0d%B*Nzq{YgiPmTIH^BenZN1_)WR59hbB(Djo)l*Sl!rlb$)ul3}{zAUR{>N8h%^HJAH*>pW zk@c2s4JBWN-iTeAubF?w2J8Xkmvg~?@_2v}cr^N|+xg3+W>ouRURGJ=-Tw&bV874Z zKp0MNZXiSuk3ygB5cPMp(D*sM*g7sv==3hiq6fJXEwjKgZ}ycW0c{{6*l*J3amy*j z=b3Z~iR5YfYx;Cy`gHvC@E4FxB>@Z~k^z_?imeE~^Y7xK@&C0OMHaH}rnSyOB`p2z zHQE3801OgN>ryrhC;I>yxxahx!Z3? zBmBfy7ZWGdrf91>lpPmy#sRx2{(ub5`{z9K=~0SP*YP*6`%TV&Wx{7I8OihAbbua! zo%h>Q1+%YjNmr{#f`g@P_o>HI=%LL2xgKgzKO7o2ffLT!ic~8N5(V3T?q%KH@UA%R zY_!{bX$%{uJLATe-d~#d-6?PtZ(y@lf5)UnJ49fuedRwzEEzdt!?4$Q3GS6XzN@B{ zZs1>w&zzKeh+1&vh*uyAvH>G8F}ra-Nb+m3{A4OiZ?z%XNQ{`9CKpY~M7mdjr%_m@ zr9o}kJCnPPCDfa42RlsFSymP;U#m0dHFoK{krSXMVT;h@flg$QkW}B4tnYk1&xeVa zW75dRBTC@;4d(VzDLHM}6hj7QFxXi?2wu-p8SLC5!Iw#8aRhiC6H=VJR5wNqToECs$h^=D$Afo#uk<5Z+l*Tz)AfI1>884|v&MDt7Mk=!(+aFFTKEDSBSaM>*jL&Dr%tx^$~2@ZdnRvlyi5qM(CtnY*x zCC;FW=0a0RESkHf6fm%%5}=^kM^)!khK8+!@FDYHCQ4i?H&g|OOVvv#mllq~$f{J2 z@Gam&&q~7!XFMn3{2p?Xk&52IG_S?c)y9eOl7vDuk3uFxrgd)f-+`|ToRfDy3+zt2 zPLCI_Sf;o0sO5(~G!~;4QeAnJ!@!k#x-PbGK6I`g5*HVT1GO*-^;v40-?jOD4>KU$ z%v31zAQcIy+DKb02m=k4$7#!=K;Z5opo)29512vMfIlp1=)C^Tz#WeSrKO?a3;h#lrC<1U_}mlKO5)Z@jA|7Wx<(c z+9<&{i@dkXR!FL3qHn8fV}rLPywQ|FQAwZz+cUOOz?(*I`eT9){oMCA*hH)6rvPVW z{b5!vkqE;cww>xSmN06G1uoSIC4$!Kwb>0y;$BdnO!P+l>P#oAwi!E6;33N1h0vij zy;!Ags%z+|;(b!D5*;}*vI>0R7A|d_lAq0-Nwwh; za--q?rUmsT97sSpf-YjQn47b<7?W5I9Em2P4C>ZbvbZ@ww_0whR3zGkU;2Z~XAv}& zKoGPKWT$x*tYm`t`ZId)VP0CqV7yUchL@p-(HlntL8VAa3KMgd80Is{XLxkBGFwvS z5F0Q8OyBm~Vk8&)j%3D`YCMk`o{!^)VowN8+X5#u+O*AfD6cXDIzQKpfD+<~%2giu zfjV6<-58a|XDKBfOYso4Z$s#^-`x0qtWw%B`pL@o{JncDpnv%LY_RdHn*!()V*i8T zY`=$#V?2(N)lQ%8v!v>ZE<**DgdIM`=&7|ojAtE zEsx$%;8J#CArlHniPqj%lcMAQ&cp9~st%Ypxia=B{%OY$Pnss(-({r?{e{GZ1 zTdy6_p;VVczllz8^B4~`4jZC*g3>2pBC{Et1oQ&5bkP~toifrFafu;`9-hAuG0%|X zLA-L1`Li%dQsokjopr=0Achng((oM3e2-%pE-Vk znpWjD9SN$v5Qvil=M+A}MLSY|ea%O~f{0 zY%F6cHB)mkktjfeSOAo^z^7f8A0H^F?9CjV{*jT%<(sgwxi%D7Bxnsmd3eM;qxj9E zl0z2bcH{O>KaQd`bmgjIt#st^TU6{{)YVg-sR&RS=H;`8$mwcP=5RzYY zZCD1s8j7n{S@*{qxBsf=WrnwaCn0!BHNQ{Kyg`An>pY4xbBuZ+X$Vrr!B64{85A{aL}@T|X3cODtW>o}`%th+;uT_zGBqZI z`fnhFl^E)zSm|WH$fmeJpc)?Ujy+YS1?}0zIzd6Ds<3{87)mKdiqFOECJvF|pOW#p zr;1VHXJglME!}NdV1EdALO=hZHM`u>hwGm0GC5(XYOD5=)EHckdo?Bl5qPH_uPzn z%3QLEtx1L!8c40l)RO=acFeM4Bk429TS_qO$o^O2Tryh!qS-6 z%JEuAC^hjIr#4zx$JoVL)@+d>NnU&yNAE}QNEA(fP_b2`J`9bR1Xa*EYGZiwO;TYQ z12QJ8IJYpxsCMS{X3jLmDAw^e3<8enY`1=0yQ%7}>@VZj5GP z>2E|w&UsJI4?-?W|7WE8)_;*;T7XR)W~tj05UtJ4kzZ)_fuz9_tJH zeuYX=1Va{cFu$5kJV6M0qME653Nu2aN^21+5$O+GBL)O8@#_}R`rPKd-Jri{ielra zVBw#&FDK&toFI|B^o}O||0rFLyv7SvbQ|TR;p?+|Obmj{-nzXM{d%=kl5}1M{4{C` z<1N#PCE$NsyHU7E+!?OMuOdbXriC)(gj6(MYX)#Y^?v9z-1$<<~Ee>=1iW=7`N5q1=}Zegnj5JDpRl9m6lBGd5xmg-NKZiitlF z19p(eYx-PkQStc@-5`aDP(xPk3~Qq|G1{0&gu08GOnqr-I{yaY5!F4Tg(>QETBnz0 zh{zFt-*vv`s&jU0Vl(rOuvvYHtRqV}g(Vki8NN{TQxi;i1@ig9jbJ)Le0<3NhZBf>N z6^;}WU}TW=ea(sI0(B3BV7fl)eb{O$lyZMMqm`1^@rgH>;g6)-|)|Fiic8cvAQ4C{M@)%9CjAE9&#R=DrHjI zW{P;+%BmNQ)HnS9oj5I{MV}pXqEEh;a`AQcxx1cKZhpEL_4M@h-Or)L&$$oKipKB0 z3Ai@CqLVbZoKO5SyUE#mexY*a*)s0>l44tY-T%bRWOJiGOte|_D!cV*`QPNRdpmHP zH}B602nd2vW=7OYm;_SeAagT?hFJ6bp+2>ia^5W*Lx)ohqjlf0zUk8L^E2ApJNVdM z<#-ieCFh3uw3rb|t9ll;8`l>rIY&8xpf7bXbcqG&ZCg@UEAEqHv37}rqM#=TUc=^G z=s1x{W6p^%70ZyYt zq9_ZKG|G)5dzj+M>RDhBJbi;OP2@r)Vf+c4R`4sZ>8R=t_85FCaopO{IUnRdt|?|H zC}<1QAX%~(;wu0*$9|7M%Gxetztd68)QHy<%ynu*hutb%}@V zd-5F{%GRmZInFxC90I+I@Y0X7@h@izc^_WqcKU!`VA_p)A6KTO@4 zc#|-^%UGciDOB(UQhx(Wxh0G*I1Wc)fa1+8S{~UBc^pU;-!Lp9B4$cGE^Py;ww_uw zD0HIK8Z0a^nS~nzrO*m3oq_#Kv1(rXzHQwIsr2C2B6IrD@>Nt-BILWt{5;9F1x>gn#qH&?)+FByhc+05E@HzX(DWC z5F_mwlVVN95L2^VwXZieezG%ak zN;Y4|j4i!(0~b0??|kWFy%qh>H~F}utT#6G;7>_ca;BkXP6Ye5uTCVC0VUN$wCIa| zGa@4w7kp3PJIkPbCAZ*UlTm;IE(g0Ai;Fz|`MFpw+>HhC%Wj|BWj3rRwwYmMDnEs3G(n{TzZ0_V#1>|JfA%XANlj_iP_;+)rIlRZ1 z-Pib!y^#)ydbgKZC&n^;Ym0=}vjXwmzU2dvyj|D7BbR7B`+F~0q|X6=0*Pn)1K+%0 z->+*ws@n#)vL1H-_mot7P`t3lf105};5yv1xmq{DU%ji^S*!o~p!Rg3^}f~X)B5c2 z<_q@@asTZuyQ0N|LEygR7lLNyi<2D^D!%8&OG_m0%DUCzyXCa{Pilm=m-g~wx#mX}M_&bdD_ zNd2SO1bC3s1Rw^;`?7b|z626QqN4QC7P3u=!pNA4gblgDU<3&&Dl%A@FxDGS#r*U1 zSw3{<&|&W&9`&qaAnkRg`kTu!&efw*X159*anyhr3Cz1fUJ?}(QcB-@lE@MBSy)Q? zpS^AlWgqo?IjvXvLmfTn!M;Rc#{K<90PEu~1z|?~TF_4hh)D(sm$L~zdyU3YAT+{A zcf43d%@7D}*A`Oi&9!Ekol&m{PjpK`ikKz=v9PG*l+|p++p7@M%^O!J)6sq3z#JkD zryg}PD(GP^;v+SR_YJ|nf~E%5A%KRRtSs4${hA9R=vVwKL;ng8)*X>TDj;(iX_jaa z!!TTyBRc72UBwyKKArE_8Kd8#u?cM}lNvtG84+{e^TjTI%>6pU%yIB07BlPbg2p)~ zBBPg*0k??(?(06mqH)RX8G#TiV!{o}eU3#zA#f~TJ;VmBu}-n9H0gW&1z;?bR$7W7 zP|9$z``}@JMl=zu*c^}B9xY zs`#yC-Ov$r5$z^SwYBK!!3|9H)vqr_*s>NKn&-h9rXr9Ll*Xet65i|w%um5c=o zoVQB%!QN~L?5hZr{qt@WT_TNLTtWqP%U^0$E63A$ozngPQ5bv=9mY|4!*N^eOK*IYX9z-?AP9j z<`p`+s@`Tzb)kB_)J4vQMWKL##>D4r`#AEZ7q+O7Q6>j(_>C+Q-2?BaV$PQyc!TgU zv9pP+Nmp0NORqJK*fqQPH8%^2s_^WL>RJpuymI{jO+_|oOx9BT0i4Gjq!KM~aCeX? zTm0Ge=o2D2sdg=7Zd<2djuf(}C$EN4!tg>-CMWZgeC7yAjKNA+iM3^fHJuVom~}{5 z*=yUybfW}r5C2FqY2LBWzGU-=Qhn36Qd0Y`_UUW#6I-QZIa0kfYXwMIOU$IZi@$&> z!e3#?k`gV$f4D`}PXu}B|Cf|{xAye-+$I9+X&4kxwHyab`mFxrefpz}a6kNXUHhMV zbsqh#X}~kQ_9sQ=ZoRjD?UZ({Ywh@PrTgwGrF;F|9`?K(31`Ws_C)rlG7#-%pD7Hi6hvS^pU1xt!H?6b1AkADV zMC^s(;hGyIOs^t73L=%q6nSXV?!O$WnX_5*jEW=tbK`ckV($@FCuxV~V3hLNcTj)| ztD#ZGc3uSwhd$=07Z;0!MQdImKW6AK(2}`6*?&L^bw2js%r=nv)~I$*t8xq zn4N$upBMsavq~|dH1nyqi6!6%$BoZYW$t!+LlVA^lT;elu}+-DIc-P51%ICGzk8RF z>vMatyVeu_U|3hI58)6MC+gYu(M?qpD~^tyD>l?HCMUJ46y|glM|`!;V@RxTaZA$i zF8z%vx-MF_vo0B_eyZ@E-WY|1R94CQC_9#BNedLJ58+eSm|^SNBUO1F42@u)*~23D zZxya)JK$n1U{Oc00bEaP5xyoh8<*w4^3siN3jZ|VMzC^!FpRw^{_Sa;6EzVl8P(qrV_AeZ=Vjq>tA{cXyk;B{h`8j>lVT_W3 zjB}B%4{(Lz2qc5~#@i(&07EO5D#R&UZ=NU4|`vGdPoZ-OWEmhDi(<*5?ecwhTarAYB!h@_OH zT&s)u;(oaEZS4Iie@5%$MMvggesYT-TAw(K;azeo<2yQ47Audmj6V#Kf z!61o(o3SK}ero$8SzOjMm#)s)nd~3c+CdgXBVf{n`C`F{xN-nB*C--2KIp{TRc}>6 zfYVcMCYLZ!IT~Y4xo%g9e;4(nU z_nM%GViV9^JOLuc?tjmCZ!kJOowV=usFwd8V6e5OwDpHqEakS(jWCect?d7MK~EXBu#tc&XLR={EP zrOwXWDD+XQZxVB{r0I7UdhKj7|DHWykcf5|{*hyNvl21wFUM8#U`3|DAD(fjfpbEl~WS{W(`lcwQm zI#lSCv4=#sPC=6Qp(oI|T`a0!spDKAUz64pju$djkucy2 zV3OC&CJDJ#dHxo*h-TV$inuQeKw3KCX6ey~i7z=o5nLZx5N#MyR28U#l;lB3>ZyiP z{+xJTEL0h=Q8E+>85Ui5L)zFU3qKtp#-pZg>(7p@B_|{`H@ovQyv5SDN;1FMGyYxd zO&D?rs|gL#DyNj3fK_T$>X%(A)1VEj3Z%?$(i06nEQWl=nqV);454pLpef$<*fasI zwHd#q9BegJJH!g^?AJ)FXrxsG)d{EOys=bThWEM}@WA}D(`!BwG=GQPr06)k$omik z_fi+sarIPfVS?>mXu}XD<q&Mvq4^w$nk9_&2;!7@beesgHf+oOW098W>h*P_jx+(aerp zK?+*E8|9=Sv_g_beaNQiaYoCM{uHs(wt4d! zl~DMV*B+R}JAXJu$4#ESd`}Dy%gEuV9477JaJu;+>cs6UtYY|Ld+68%sOJe*p3^fE zg&JuF;o-uXy1N-+)GS7o7)>9dgH+A4cVuFmU^-Z$T2Gf50<&v}%>RrN@k|_%Gp9WS zSy7PlOYGzKB1hS56d?@6s+z7BS*G1o)_jV)tpg)-3NA-)AF+!h^xxOWg0InJxHHZ( zAKi)*t`JD*eQ~PMBjmh;e-FINDfY#ZG{43qip}n&c$wfasL;MR?NeVoD_N-X+cNXM zm!OnsUsTS_Fd4W#@>Zq=QpWYmDJw`B?QzUN1tf})C*fa+>@(QGu1!w}JqC<|QuS1Q zv3Stt;$lrT<_1KKnQaS4JU@m4rv3Q5d3gVnLyQwnOb^9`da-RWhGf45Qwn^1-S5n9 z4L5H-N^Dp`-ApZU#})tkN^qz;X#|rZB9?XJt4>WFghESHbY#O_xNK3*B>7o%w!hKc zn)t=!)6J7fx96Xvx6-$Oyt*qzaiIJ5?Gx4Yd`kD!yS?tR=j%2wGyK0!y5sxXW``Z=kCf@Z z;<)k+QSCFxk|JhN63VBmX7GDJp>9zH)p!vfENSK$^|~%sj=koC(c8y*z6M6&eCb!V z>=6Q>UmOmbpY$S0g7U#OfouwWj9@j*Kr>4w?B5YsFVawB{zQG>T0ok(6`mp|T&WG2h=weRqbARfdlI+R^ zHi<%LebaJlDSIv@LmOKno%UUiArA(w7`aEG zCl`cPioD;`W`05T7dE8txJX1D(Q5SK%b(FpM~L~qFV+e;=)3)LKp*lKx*_d&=BEVF z(W?~xB-nMeC8je~2%+_53YSGQOCn)oZGtteLa6d={_JZK8i*9KmN66uh#BI+e@*kT zy9q-RhUBz04dwOVM-@6qjc9Sp4Kc4PI@I`*#-}Y8)itbGP|3@5H3nwX8-AywX2iTT z_R*Nz=vYKx@pK8Evp39RfMFIO*^44HXxh7aeHY=rVIs{bd6F)AOjhdKvXqgrI*>@x z%yr?_FH5vDA_aLAtCyi6+l?3UE$*aXSl13Xm-v#FH_9G)WWGPyIzlspP!iHfB9CXY z6a3?`Gu0ov>w?sP`Wdwf$_ui1S+V0k=VAB~)uLOvMiZH?H@~BNWPCI2Rf}98M zN})ewscH{2DjSQ_5$Q*@$6v%zX8V34tp7YBKn@%$bq5g!j$$-(ZYJ|!b?i^?d#B=d zrLo9pEi&cDe2#@_3DVNS`d_5oJxqJIA6?-$+oCb|s_>&4Akn){G`D#mtKe(fO@mm9 z=bDJc@bf1MVX2=gA>DSxz1ui-+rs=k@wrm1eguK7_-GY=w90^Rr^dd?QX=_Y^t>>7&5t3DRoNj6 zV<&_~wbj@w+h}3?FoPbw)gnHnEp_?VBm+2Av1;|8L%Sv%>NfCl=w+YOsC~UpF?3E& zNkCA_9Jg8-24xa7$EYtCslOFOAz5r_);ATDwH$4Xf)=O0VD!CkB>K`h0s>XOYQV%O zQzA_T2?@p};wt(RdG2i0+qClsl|mPy(ikXv;qR1N$T8^H1;cVhSA>mcIDW~31-Z1j z1q6I%i0Jsggl#n2(#?xqhmf)5W)wBGoHs5ihrAYcAN@?;q85|FEu5KlD)g@7Jq<{| z>0)o}%?m*kz0t~1Xh{dI97s`*@DH-496YY4P-WpS=>=<-hyT%W5zhs4btHoC|9yS| zw_1sAI+@!FRsZ#era0|)yCfYV8J>the^$>#x;&XJ8n`$@VZcdhH9AQH?CIkp7VS25xg5OXZugn$30W!mWK^+PL!iF*?gpFNSVMW_cVOa8{)@w}& z3x#q_KL=rcQjmI#Sw(A=w@=S01EofxY6?76uFYdlO)gF~)MqHsdRt3S@Js=}s&Fau zi4$aWx8JhF+??iNAfwOykn4WJm>E*0&vT$h{d$1S=(B2};@j-J_Md-5tN>q~2pzpq z1p-Tjc)kn-%}RZwKjF~N5CH$mNT{|~L5fdk_GLlSq1(o21ftN-ca}wQp_j!L80SpEWzjP+pDT-cRNB|rVt#{l}_*1GZmj3Rg*;y=qy^wQjPXI zudF;8O)n*`1jM#k28?b-;}lp{R5i4f64y)gh+he+zHq?_GjHblUUyJ^Nl0AclQJI8 zeob5hK||&fV8oJkC~D#-916CNFtp(bT3xhnCjNc7&60MvqM2JB z^P78qTAT390>}DS+Rv0i{cBdQ+thz@93J1W|IFvuDs^`Hlca&L}IbUwt!ejjOJ;bH+g!+GV(@T6-X}QA_@r#Z@JeHQ166uE6hAFfIdc@=9%+GHKw7{5(caud zzk8%IzjOc0dXWCN_+$z-xWRDM1QM3xvj%l5p~&JrA)cXI_2gOz5SnQ--Y5_ zr)|L5mX`FLeJ;St_^xlhX^zynbM0zww>4U&hP$0LhJKCiEp&OAE@Q!d-hu|@ zaDZwY{Dcp#jBD>OpeEt68gvyANWRb&Jp^iWg6_phd2Bx z?NDz(&w_S0FF#Tkj9A0zCDB2Mg10ZHI7fky(#40ATgu)3u;FNMd3AY5n_78cFW_7# z%8(%vzcF?BeMHtIYRo{G7%UK|*Qovlkxyzc9g4RFRe|a^eEyB}+FGJC(_v-oI580~{!9l#K9vQj@`$9qVbUAK zq26xWn$__fwW(cn_tx3io%B^pDIoDMDIAZKDc=QD$hY&|g_}&`eVU2K_p-*TlHO zsr;X*O7{uE6Q|cO^VpKgtFzkoyXxnDn#d|C*g)dtwaE+R$Qxt%1y=C2@*C%T3PvzW zB97XN<$}x-oN=irYjOn!g>dykhz)e{MK>o+2dg%F>*w*a7mnRwtzW`bAT%+`M01N2 z2SD05r!MNN0md`Wjtk`&&IDH@|8b+Ab4CKA=M+|qlW-hzBk_tdSS9m1W@#MM@#=)X zrtsi}S_!*#vdfFcvf0i!IS8fHhXu0nShl(zW!ul7U>D0qPAj|od43xiIxS`>OTs+?lh3jkC<wWrdyBfYeW z$Vxa540`~yD;=M`o7NvPTMGiMELJT|yMAg~I=uXDzuTFnr-I0O-&K$lpRWmt?ExF- zE2AJ9CKn0sf1mayCXQ7>mOzs2i`^yU>4WIMa|K(Cp|xqnkq`zYN4)PvRcBeqhf?*b zLz#r~mbl9a5T)W+6hiO_%^G8eD`{5dC8N;a*gWE!B(W@ov#A`^X{6w~a zM)BKb;CQIiU9_tUWb<4|4r>4<0*<8lnHK5g9ro)Vo%wW+*^q&kU%DQoQ+;({U&HMQK zS&{$j0dkjpe3MOoS4)2+!m zuj={6@)NfrgTZiHRe5?Z!-~?->1eM}J!JCTn$Kk`y4|icTD)OZB2h%pgFk-Y=&CW! zq}`Qg#3#YT=uX2g7M3A`KWEY@N6%cyd_;THqc?yNyNx6bUXuDJ$RD@w@RhoRp<28^ zzOM`*#{4Y_NW_AZRH6$Z4k;3j$K;#1s^X>HvWd!*Pi~9Ol*FHH5CmLWEEvxx$jO;? zgklLkRen_#KplaeRZRsGlI-O}I8+H?ps)WARp%KEXZv;W(R&%am(fKZM2Toa^ge2o z=q*GSy+`lFAW@=@7QID_9;3HtAt5A62tg41?|DAGuTPd`F>bT2bDgvI**~25R&NIl zj!^S^!W|;L;vN;;2_Bkpzp}%t~)4fL&nl?CAOxj2?rzJFf z7|+cxlhK4_TenJnbJ+bvqh;11z2)trZCuQ$<9Ldqrz^1cz&`%?*5Dy!lXGM5q`Q*5 zCdLxfWOJQF_@#%>!;uAoPsT|J$+?q8equ9UQI0$fKvS2P_`ym;=B7x{wk0fTxu5|y zv;aU`$2)@G=p;I8UrXcL6Ml5GEyezz+M1iH*VvYIYcc29(H$Hlf;nD|jo|N0i4-%C zkA45eRf9H&P+thFUY_7^PHC?yvOX%aF2?~9bzAB(Bb(sm;8S?;igkGr;R5MVtTW5v z>vJYFO8hPBK*%A^JDSt*sQ2a7*DR;wW2?Ytm-SBm^wCs6HSK9Q2=c+#?UN&wZRyQJ z2)RzW>#LQW1)3HOk&G?fglz_N-!=(UkVGZZJsvYyP!3vN0*%laJ$H27{{?xG8s8yZ z|0M0Z>*nk7R$R3h9}8%EiT=9+!jk;-)z*+BdNaM)1h?E~9Hi0{hbajUj6G=8qWhF{ zg&We$5P|46@Y=FUU6USA>6}e)>ZQaQ~|MEae8men^HXrq}>3*uSMSa83*og() zW5(RM1cBBCIP5Z|gU<>%7Ft?&!9H&jj4a}+mt42N^yRBfHl3&0dKS<|W12)>`^*5i z9+A;O9sa=D`shLB+M}_9u%Rq1nfp+leC}dK2g|8q3?(^-Mv8U!zdW0dT7#bKLN#~A zWwH8;8t6X+cNaR??OhT2>=OiDTP*%ru9Oeok68QER&u_#Pc;2Bbe$#bKxQdEdEfM_ zI*YJ*>-jKhh{Fz6CZb)AIPVodSjsIw5A{rPd3exsygFy$Ci$ipmb>sN%L^_6rNlHQ z!aLx5<_P31K937{fRUjcHokyQ*)zCY!(UY?1evA8y(g^;C*)t^7Bs(A=U2hsph)ov zegO(hq^x($=L1hN)cLtZsETy3a1dE<7!e*lR$7-(nr;I5$}+#jy00nP+u0RTmDXYH zJBPSGJLC%>=so@8yb+cZDO>ZKIVp;fRPk>%;*KQl4t-~xHl)S)3n(MeJITVHX!uvq z-PIm&Ad=mqNn>PpTV!D`b$79VsFumeN$cO>)BL29IZa`JTUB&je|%lve(kf_Mi#_4 zb$0Ym$kTh~?)%8anl#6h{6UR_NQi_Gw{_(5MN+4+=WdVZY)>Fw^4x!CV9@CD=5@hl z=!e@n-Oy|K%JtMhF^|qv(@<)Va;!qv_`8DbqRV>jq(L&>)VsuhMklM#ix(ju9`y>R z9rxT|S#MsN9Deo-y|~&7K7OpE!j(aMM516{+a9K6y?h=R>|AGQX-O~y>y}VRM}T>p zkBHqkH*S9)rHE_Vi4@h24*q_BFmZbjJiXrMISH93ddaV=$lp+3pE}ARR;SPd`5IPV z0*)unl3W}pd|9Su;8f;npM5%*0`6i-vrArDbs5Y@L}gu%p5BqN9-M5OmJrU31})al z9ZJPT4Q>on|9Q;#CLXCpS=BBy?5Dz2oDLFc&SAgBqw|apdsz?gzOaxY`LM$3;kOC4Bv3 z&z6<(omSw5OLYL{8@U`^)y~&rD84ajt4uBE1U59r2rSE`nePJC`CftF$Oj?F{qn(K zeX7o>y1@~`ZHsg;TKq<;i&uUQoPg#xXZA`IrQ{mrkx|1Q7caQsIT18Zx?_^7N?x!$ zNaFoU$rY!Y(QTT`bJFV3eZ%u+7j{z^gnG2P!F{*;JM#zt>WcGCLyCR&3O_!yk=mw8 zNIWavJaUqVebFWwj+eKgvkTjLq{;NwE8`sS9J(cHjkA^gqRm*V!!UE!GpJycGIX|; zlKotE13@5AzL$m{oLt_kfZi_XFG2)fYxoF(ir(1zag$pN4*1_z(z%r3@qd?kG;(s@ zk@^m5z*g#5XXc1A5)@b=p2Mli&1*zioRBl~t~5rASfJ8Vmc3Nl+=48m>GTDiuzbkB z(|6|wUy_1}8uCTw#xi}o5Ug^lsf&wRsoa*WE}lKYOPzr6kz<`zzN_b@_tRX5@Ye3$ zUf1XP&k=m~*D_0Rj@I@}c%ox1(owE}bL2$o+LWW=;-#OTL!D?w#%CoP%}1;GI%OYS zF+?OF3b`VTEE$Tg@|9x5>|&l_mvuSm%qyzoJA07Yq;&Py?W|EaaM+sVQeK%!8vG^( zZwBG$Tzd@T>MD9o+{#TxQ6#(^ZF?KEbLh*yAs0;0(ODlIk>4}>(iVhR1-G}V9R}Y-(6W7D1ELyCi!}TI1NGM@hM7wVu`4!j(IIGce%W7pE-~= zKykJ9B2Ha{c8uWd1DjKnWJuIOluQQ3qpt_LZle{P6NkbW3x|Ksn&ID>*zU4pZWw;H zUn^R@yYuM4T-h1a7C~L5Os6TPkJ&oo`2;eJO4T34YrlifF40892zK`h)cHZ7;2g^U zkT!|tyu*s0MUaL0!A5OO+uYWKeFFq@jr=;HdBHY=)2Z0oW7oYn`Pj9~kG8z(%??V- zbl#<0PVkP`Fz_3nO3R%)c9g4zl95WzbAMN^^1^oTz@IL6KMtK}9jaW%GVP&INkgNS z`qe?6_5=J&#hi+#gT}9(6iE;6Jv7<*^Ikd_Wb@7#tC-h_&79z3ZL5y!g}>lrSi;d) z@1T$(xoRC+{i&vPr*^C<>n_Acv{-yQ{GV#fx3F0%d>(hsA%Dv8TJ{_`?+oS74L7gr zHm@b)nLO9S^iS`iDqVpxoe&8zD z%V~H#(VG|2>-n2nYPL7e?fmM?jpObZ?aOz4=DD^1orTvmPp3C-^7nrAow%%Rq`rF0 zQs*ULMm)1B==AMH_H@tnoY$jYp~ne>G9P=&S#H0wKVJ5%-~KvRw0PNb!|2f0-PQj2 z%MU6w6D$!3N<2N|epCKx_;U8|tozHTsf%F7o}=H~X?2v>eYvR-jQ z2U)y0wHwmruT90&^M5Y3RBVqVh0C?=tm9rmnfP7lf0@3jd-ZsU#p9=7&nzW)48Tu8 z!1|ZJsj3j)L8-7@b;-&==)>f4|5Zi4(cEgsK(p93y5Y$Tfp7Gk()VgLmOCGO_;OGg z<;BW-%tm0Haixcb?X!lQ!dMb`x^l5brEs@Z^i&{nl=bCEwA}FElES!@*_^)DR4K+2{=5h=>7O6ysr0DzR-W2rqb8NjSku9b z9@+E*u52gyb>ow~!VnRhPZZqgmHRrYQ-)KVJ`?P{S!)wTA#*qF5+WR<`v)=~?cylh z+(=r|8?WgQ$=~)e`N=gYNwizN6YQdTDg#-|qO|iZ1*hL1r7@*hhyLAvcmDm!tLczm zFT%tB#WjSUpn3z82Dg8FV;?{Hqg6Ga6?D+u`^VJW;@Y+@K!SeIj`(uz2{0a7x7uW> zKi*h7_OBD<_U#`PUDswSSE*k5sG5bV?wxG9Y??O8l)AIHn3HF|Lh|lKi`2N0pSq77 z=5!bpnEPgKV`C%7wdeIS(ey43?bEIrf&v5J_$otqx95IXsoQO+9})?ZwHeV`moL)dM-VT&QWohGk~rZB$@C^b5oap&XDG}wt4e>F z=aN*2X@--qEn#)*bLlJ?T(GN^xWoX{;nHrSCvlE^m*HLU&32x{PxEi@0nJJ-c47J8 z+ptSM%6-YesiTjmQW6}1-ncMXLvIW^5r>Jr>y$1+Wucf646~w(b`8$?vY-6b2u6!fAOa zDW{o+7B&KkdQ70pt9!pZ!!}KF*|WJ`qhj>(TL&m?Y@?#mv1pBA^l(YllH+5BU|L%~ zkrDJcQ(OX_L2+(91QRHu<)es->IhdtRii!IyOGR^?l|&LydbD0L&0^9!1*&9=XI12 z$Uea4tbiekYfwv%Ma0>SP+Sp2>hR1pe_gMToSg~-QQ>qA?de6Z$44Jo;TJoWB0N%7 zC^~3%8*a-j%{EA;Mbii}N)h%<45uJP8WC11r5%RK{583>+}LPaT=%9fe^C(Krxved zJEogdQP87Q>(akTeSedHSiS$a?LY`0kR=qfi*UOB?N;CU-#rxwrMXK6Qde$)d>w$K zCl2ZWI2b@kTSx<;d#gD*Rt^BfhaR;qzYX~ElJTL3d;1!ih>8xXMMo88Y6@L#%inFI zx%ZyoH)~Fgj%ZB1B>;p4Qq(Qp0#Pnl{b*i#&I6O)1Iy#pCWi@h#vq!~3q;LM;ypfz z9NkFDAi;`|etrYQv$y;HoC98gr>*U`O8MKLKs?@A#lxPTjgp7xkaWQB?g``y0!eho zpB^+ky8m~kEAx{RehWnXzSzll5(a?%9$)`>cZ))&6#_8&hul0o?H(J~!$3$K8sd7j zSJY>%x(kF7p>yR1H@X8FEW0m&n3t73DFMfh-Lyr~QKtD2dmZbx=W9#Em>|G+%KEv* zWgh&5={K4%4E)xojkd#IDBUwGd$&_%ceR$RJj9vE9{=6Kp?&%u2y%%AJ_ka8gU$*z zLoQaF(hkqj8@y-0BmKLbX0iyd1z&o5d(T&BGfKMCtsE$mO52BJsebwO^%X0N#~w%8 zBe8qK!B8OQ$m+DMz2|wD$6=^}YU~a(}{oV!QhOHS=lXFQp`{W?*r&>Rl>>&f#!vMr@pOiHmuadJ<|5 z{npy18x8k3To>)}wOt%|U?P9gY`M`vnf&IA02DuhPe?P5N_{e4Zz&tOWftdAXG zwd`-guGRkBsr%{h6PD)30xs%`x1V_kxTv2}#o6QxWtYZBaRoSG=l#&CHSMaMR2<5i zT^Ngq6d=fb8n;!e2Ub_lEVEyF{rM;$__p^Ce~QZ$G6BoDRsn7gQLVF9r@*9C0qZC5 zMHSQ_y>mxYR54rfIK8|dWu_}=bCy$0qA=vt$K#33FoxI=`3#uGx4rbfGR&{O#a9^! zCW?s|Z&=k{A2m_u*&%I_g##53eB&1&i4(0o_Ym@@9Mw>%E9f;`!o^@ucC}l zXH><3bn4Z`!_FzyD29NHRh)EXP%Cy-DLsw8A}4ND=1^J5h6k+!8-@C=IMc_tYi>UF zVv9sbaeSF+`R9l8Q6l7#u-dMt@RI$UYF8H}&3yhv4Nhe6Nn$>4RhPb~f%Zn7dZ9!o z)M9+e8A8F%UY-At1=LSW!Z4w@ptXhr0_(qK2!QWhzwz=1;ljct(s1Lq%!h=29&N?C zX+XhHF}o4(4Qqn|zBnyx8#;0VBZV0?qvALha#%JZ8KtE%3F=88F&Rg-zPH4EO+fJ8 zI6OE1i7eXz7>F?J*U?n{s2a7FW5>STegGlkUQM$N7wLeb}|k*0j~{ zZhY|Rc(UL#?H4syPbcp`3N)I5qE;m-z;*0`PMUM5b$<$B21H^tLODTaeL;)dMAH_T zi4A)cT-?hn%DCPC1ToX;rPi8oN&dp}a)QyoupWW&hCwHCtiN?=z$+Y_qHddvcuw4} z#eT-GofYx@C%LGIqKH3@)7R8_(xlFkMi9A@cgj+egx3lC1DOfZZqKy~ys)7AL9)ZV z!t_@G$EKk(O@qb_<}!@}UpZVH&C7Wpq7~UeaWSaWe{JR}-5VaQ<|ucCAr(aoKKSjI zUvf}Uv%+-a8n_skJyvNlv#K1%E`q1P0U?b&&aldzIlkzghvp7t`sQlAz#lWals<-v zgCZC?TtO$Fh*cgSCTm&WAxj_JlB&Ou9jdR#VasRZ-X&MkrxNA5pKfo>?g;=JW6n8^k`-aK2;v3laRL~3s#`6 zAreNR4+ddcKg2xgo#YeeU@;p>LzWwLQInCor!{(b0iAzY8_}DVZ{P)5~Rd=;Dw~v z6P2*B9lxD8D6u73|6`O*$rOJShIm~$%h<*+a{%f@1Q$X=l}Mi0A1Q)O7zR*tgsN;H zAZ$%X0!2j0i(i7V>2)t=#~e+vr8rY?&0IU#_pUp0G3NhapXJQW+-C?VuShKBq!&u8 zEllp%<`IuDUcLWbnP7LG(%~&68S$?trRfV6CiuFL&b}m8Mq=L^>h*~@IZg3JrmtDSWH3Im)7B8(kdE^KV7qOVJ`illDmBvXJlGk92HIVI)sjZPNc#TN|8vQIEu!cphHe4J;QvkKt=wm zE&vh!z%Cg`qIm$+jMttkO|b|xz7~kk{SF|YEHHq;H6f|(WN0rC0gp~rH+kwc+}?M4 zG$Gs<;_ZE!ZK!hv#M~a!uDpLX2xQ61hXUzw7!m(v+FJT8D&jH!`4!ODEii#j&3z3- zr27Fe41M>P_jf>Q`qk=k?*$q`qW^^X{BMwG(=(7r<#S{Zz`OnM%dY_)B?wf%-a#_? ze>+*aVYMW(cYn91ADy9qm|PN27#f_5_TZv#o{MhNQRg!vKMvv(aRU*Nf+onG>T`u!)VlQ50SeousH0sq{tjvFH zwB(JXosa7|Oi%NpHMh@CLCrN!KMt0ase z=h1*bEGnP>q5B*GNV)3yT_ZQVB-&zdw_t~1)p>Bnlf;r(7f%7pr7Cji5sY;Pm+ZMv zT?Ggk0n&1{$^IU~*ltgr!I{^h=+k(C;)ZZl&O4m2k|*$645nQHuzsk=`D%=~zXS#sPbrQc!5$+0Cbc)MPmZC6ABC@C z7Uh@QVA^HBQZhki>NDLFucn2hvz2Zjtl-0t7(G3GY)%7exXmKnJN6j8>|}N- zd~8r8!U&1@g7SShk`0r6qhlox`@vG=THSX1TuK6Aa2*5zZl^b)9NNQk0O2>|%(xOW4*`)DNuH;>d4) z{feRgd6~M|;)5(3trC98PTr};v(use*nO1^EWu~10wU3GEb0z~n zXNRtx-hB1ByvzmqUpR6q`XZE~5HoG3cImPGhy!_}xeVIBhjVy)%Z%3_|9r|+lp9yD zV<=XwWG3jR(zW_6#W98}*ik{%Q?SDQ^r>L!BDx|Fc>#GBYD zpW_jw5cexQeW5rk&PPWc*Ixo>V{0{c=oa`CmDFD-TN5)?$1QHC429`A3KVK;Ms~8< z#E!TuiDX&6$t-aD-f|}qB_p>{TkN#r62E%>zxXJUolZmf2|@ z$nU6(&L3g8wy*f(*pO_cd8JAuZ#ceJ3X(kjX*tNCh3h8b!Swg;W5leyxUux!bFF*k zQ7IPXWQ;AZe-y(2SN+?)X;08O5Hml&8)%jb(xVziH-;$D(SHEh-KTQ?3aC#v0PyOg zZs6^K_5H)}vxjJy`R`FyGSKwPDIcqoDB4H&SJUl1kGfw&%eipc8-u-}E|;r2Qxus6Tb>U-oG}x-Hks9ljsD1K23D;0m6( z_l~tfz)EwLj?7P>*^~YnL+O9`xe@p-0F!$Fv?J!p-ao%Fp1e5@*#j8uUx2pEj``Ja zp`C_up+Wgv{QL?a;XmtHXQ+JQ#-@f=rp!r&8Be=n&&RjxN6axh0 zxA*-9HuaoJtbj1v$+Ln5*Vf%lkEsax-c<3%nQ!^>ZA9NkzMc6CXFc||d1CeQE--Nn z{nr3I`b``V>=E$d0J89%Ll~y~Kx95Ehhe}@3d+4m`4X1c957+Plzn;4roLF$ZkGV}ESI z=LJU61^3Wnnzq^hT;-|rpshp51p}u{V{j0eq)u>*^AEzt68tUU>y4;~LNj)xf0*jTeG+gI zIdUXarkKLUk2-f|FToIDB(P^bHrMeJ$%`%-W2vc!)bCRc5aXN1M8&JPD(G`n*gHn@ zQJG>pavK`Y;;PQO2Rw(QW2=L}bYtaVU}825u{_QM$8iPh6keu~v633nkhwWH-t9qO z*s&9t=UQh$z+uqe66Ob~<^eMpcuc1G%aIe6C1Vg zYAWnNVoLEH$aDBdvMC~B`>jMuDr|PCi3uq_VIq)pcFEiye|_{IbdABfH^%b{Er0DW zjv7#E%CkLXxvKxh=-sn3>xfa9ZeYJlP8hK7N43Phqxz(0d}voD-7SDKW{a99`ptap z6&{qb5vI;Z&Gabc-!D;BAI=I?TU*lJiOxMyTuyF{9Wup%c%FPxdp|K;EH zXCPs^@#4UEQ-_1Ot}kc5>XO_!1|@sl z9JL=eKMQ+(bKJ)YLW4qXm`&=RN+0U{8DjJYhIyF%0BOVTBLU9`Ag($P=%B7@o#YOZ zp;H||`-NVzK5EEV>GE@f3a8mI(fF(uz6@CpHPea`T=)+3N5Mr|5@KQhwpp?Ifyvr0 z`8e{ozmuJw`bYF4Oie+PU`!O?~#32`ef#-Bv{{ooZOdh)o#|XW)pV0l`IE$yY?qDRW{A z#xMX4`^i)D}pO- zEMfQ#Ny&7AA{crNNbH$BO4D|v7E;pHA}7c)@2!VspU5-HCj4}xcZd$P`fW>~*FaR| z(}{w*V#Vn4@Z+74NULdAt74ovUe$Dk1U0=`Y_%CGIHm!ogtA1Etx-BV5S~Pl8(CcEa%O9ST|#k&jIKX{%{6oZTXFYGDymZRQj zk#s-GYPVb{C^p`Zlu+&$i{Roedhnve7ltE2iLGo1ifn>2U{qn^Q@mryfEdiq`Qs^9 zZ+N6B&=*_7ku-_6sy3zCC}L*?LT=YjRX_BQjfgy4YNE0-r8u>6Z~?AbB)++%-Loe( z#e`m}dUKp7bCvb-UM_pZtp84efg9n*VhY*uO6X|Y&%q_3@ck?@Y3Hj?{#&+=Y3IQ` zE_^k)7&Xrtme-*3b=SAqRlFDqNf2L|H%-H^A7W!q_1a}EbAbsSt_>6-ghXa~tCG(N%Ae$JZb=zI`K1 zEl{%IBu4U6VDPfhBiw|QZA5bT6Y>x^s^?KOiei|K%j`rd`exKzIY-6~%LnjVtw9xh zcHSs1c4Gcqt@wB*91al3M1vd*f@((;7b}dY#EZtx5JtibYAoXkMe`W=si*{8ob?lL z^~f`+xlG29bQ8v!a9Ib7$tqrbL3q@V4JJXIhNH0!260aqE1?^nv7tg-)hrB_NvKeQ zABg~Qxme~$Ii?Qnff3RhpYDfbqFUH zHg1JhVh+p^$ARa(;>I>{_iu}Ck#3YDSs*7&k_|@>it~)T!KKDQhhb)ghk3|wlBAAA zpc>3unjZlI`x5e}t0%N@_Lt$R;N{^&k#WL`3Fq??g2gO1X#TPuXB0bbLepMT_|-EHEKg6O`617&&?8m zZdZtgx8K%Qko)yr2H9sxdVYCy?|+YB_R!m%_EXC6-jP+8ytfT4Jq)28*vqhI*;dV{*w4lZl>xrHW>`G}vFK|Mm0 zZ9FoXxkA+G2rFU-3s`xgdkje$+?ll z`3!eW&#hVf=PwbHiLg5~0U9-oD7w5@a`Iv%|1y3Gzw>8)4IUYYLgd(x zdof=WpW=%)4R8k>m-H%ya0!x`SZt${!$B*cV$Z2$4{@Syv#9G|hbD<$1m7B)#p{XK zao793W%lK`l)({Eq9kABAEugzIeiqNj7R2?E4UU-(Y-^8KqAg-gxY06Tiz9S8U+X} za;(O_YMw&p_AGOw-w%grD9aPYy^w1B>G9l-;|5W5@JyHNJYsB^q7ht+vWi^4Dnrxc z5w56@>sz(xM~;r~zqkJq8M1^xnh({?wv%?Qr!zBef|NpIr9H!L%}F+^OBT&>3tmF_JrxRL995C)Z|xvwXo3dy-9PX&2M>6CaUnhbL-^Q$v4=)lM>Nr^u+Kfu2Nhfa$A}YyDgr;9oWd-7;dPAMdmh%Xg{GW|@W8c1V5oicm07mt z?Ri%Z;!TeeOY3!dPS$sdQsbIMS6y9Q6S!C`Ik)+dKeZhk&fVzTYUJw}RI!X@OB$IN zmDo>7`8+`;t7{3k8(4y*%Rg(5Yw^q^l6SyMl~^+wT4n2uAE;@Fj%3^F$7HVZafuku zH}Q73`#D|v)!XV*{pw3J8j=e|Vx~{bzH&hczJ=`ZfKkv!L9U`aJn~Xd# znr>*!a>ff<0d1)@J$v42(Z1H#m`9(()wLDLJ8aL_^%FaupO6!h7=zDlpWB^*D#!E^74KV=JZ}|2!+o}N%bh#PcR}>D&A4-!y@+l{2 z*Y6`bev~GyTX>0*_?UlQs@$ZKX&C6-vt>1I$d;A+caHDPr90tUiL6m3k+FBTZ)VqC=pWCJ6M_6FW3_fDG2uJcrFg{tbB=TT>hnJSe6iCd6I7|wClMueQ-v1{i7Dlb2_n+=&C{0CEf zQv4%>8wT4%zXYkxIy;|BA=WJfjM3a~{)QYsQHE&eZOY7IXDRjXsF;n zJ+*nvp48ff>eS4NmNrRiN)#q61*!CZD%PFhIf%B=`gFuacIQ4iSN`Db&4<^u(!RH8 zZ6V<|ZEH1F4viM)zhwWV145xolOeen4dqcOS7zD13F&xyVjD($UO@)3SPjX~)&kL6 ztm8(1$S|}P1;w-JlV^a-HVZO7d$h|QkqWvPR&`b6Q}w4~fK=dy3oLY?92_XEo|qRf zfUFkfo_6e^Xw9X0z1kKM7{@>?ffa~+=~RLGmBXp?rA|9saM&njhUy$Mf^%6MCj@opM2e6xK6=g)IQUuxZ1_p+4pI;PL8Q$&K>lR&ynLbw z_3J09L;!!Lh@rENFmq@69m2-*0U=)IvCgX@?G2N4D+jYFA1mu#srn8Pe}X4%H+A0vX86w z7w0eU_D4-6AA%lWR+I`*#E^>)XWLS{*1VFqKr|$c;bO6iNPoJvW z|LAl(iRslanF%GwjTjH`?ge~i7g7}NC8o|z`Hbb+Xc^lH0M4QNj}tsJ39auWR`>%@ zq3U}sR)N<|1*)j5ywq%XBI&Yolq+C1*Wx2=_VAJO|1T@F`#)_xo;f-ddX1o;$2ZzO zI?(FT1zPX{3}-t8Lert#gJTQKFW(IlqZ@~$pBrOLrodQ>o~V_7q$7{hObb&!12BWt zkE#Hh>wglo{%l(yIW9;36DsINg^g^2onqe~m2`A>R~7}mnHt(@Dwn;WQU?oQBp}Xf zep+^mv~_2;nD`~cW4+R&S}<$ei5OgBfg2n|K3`)A3B1|KoO*j#|K!)I-_2$C>B1h% zld+5!UCZSP@V-sHBrM~4e4Jy%3T0LcH@CRCXT`Fkkd%l)OP&FIIE>n`oI>TAqJ}CM z-pBYrt;u_QN3q6O&{E9o1qcfcj2%lmXB*~yPYd8GY!AO`^I;eYY9zpF8M>i8*)e(X zQskqY6%6sSKucjbEU@PWA~!s|42pCvT@;GXaLektq-Z*)4vj{uJh^h3~WDKr^GHhcR71K!r4Ocx}M~K%2S6VLyfqSMORTu$n}`%a}*JXFx`McToX4@J+pj>f=Hd0+DNY6 zQSX|KT2YDGFfva7&OOW7#o1KOE1J*CKrTvx3Y^@8M@J@(gykSjX=3}v{ZH^z@GjEz zYU0JB?1c)}Kol74MxqsTYjwsXqz<+ZDa3rfG2p905t9$=emW`lc1d765F!zmW?6d7 zgW`G|Vpxm$^cqIMu--{pnpx9m@v0*=9}*c2m7vSy(!@JSV30YQVG>|<1SykXp(2}@ zu({ki93-AI5P(S-+iDOT@36iJi=TElCaT4$ou^0iMNJn+azF?rdOBQ8@A|p|W?me+ z((ZoE@B{nlvv=PXb~qB zB6-47cVA@3xmEwMwY`#zP>Ibw2blMevWvH(u>y4Bi^T3@&)zeN_mM=(xj^5|rAtd) zFeR3%caldPk2si-{`19%mjH8!1HvN#XRYoX(8>Fx1~X2%`Kl!WS` z2sd#Jd{OUNu6o`?XBqf@Y7fQ7wiNX0jZX;Yf=n`Nx066eI*7RBJwm`;l@Q-1->7Z{ zFlK&v|I8Tc#|w3>4Pry zc6gJqRyke9^=$MojBqf( z#uNsASL6zk_XhTW^|WFemni$0M;rUuc9Ds1_XZ$Dc+i2YdPA;&@XXz@4@aASrviGR zcWw?$H*#oC*xlL)!0bLj6F)Pau>6Mt2awiVE%Q3Tzmu#(0EwI_^v|qQQK*0N?>fNP zB)fSvCI2^C9ssSnp^s?5*lcrqeO@5>{1iyD*k%o%FZl8YT~!1obSlvxQCtvO&R+BE z3w3nd1vaLC)L5PKgE{~wwH08*YOwCRQxOi*H_L6`47b4 z95zh|eK=79{XGOIu-mNne}NqYOTcx!XkvX-S!dDy3n+lwfU#R2Y5{x|&7+VT$Z%l* zj0M0n>kGRD9y=iF1H{$~CtB-}-%8sePG4xH)3i~?6NQSVZSE_8-QZeN zxaW_X_06jF?V|OYkkj$Ifmn*e>w^Yst=D_HOI>~kah@&yN2|giUy06|9nN+q|MQvy z^*-036Wz1`{&81VSNjHlrYrm{W1_`3IU80Z+%$cUHxRBG6v< zmHatia|kW@{RjY20zlh<55NOIzX*_dg9g;2|A+JMG6sVW>e@*wf1yW-UsDgE^r}LG zvAbR+4vSBZyaakeFFb(kR-diUc4==mV^!*lGwN0~h2t1MOk-QwGt#WGvmOYwjEOTM z%HQZX1r`Esv=Ycu z@fSf*(Wxp<6_OGyRpO&ksD2wa-73cGTGJrjwI=1|dV=R4j%SNT@Hh^|ZR-uR)LX4H zekkIximdRz@iC`T8EA33WU02z6L{(kRYw{ej+&}#RE%?0&>0?@z%{A|pDi|he~>G5 zkS!kd7Mq$rr@=>W^s&HdbCU`tE7op6o;#619!bptg7S$I^ zQcunysCKMPRJ)ZaxW0XyM`1u+(`0+pvS_5TsAo$Nt(R*=h0I-0(9RqRbFeuwF33}m z7%qb(Z+VPze?0VPFr~qv1l!^tg5JeTCHB|nYc9MtQr{%chH*xg(I~7D*U%sRYWgLl zB^UG9RSe4z2drkBDZphIo>Hq0gDFaoyi7&m$}tnLMaPNfGRsL6#Yo`mim?6~oB2qt{Bq_*bva1Q zxIm3OWrix0!gA4qN$|u6M6C~2bUW$M$9bK+(=QV81cvJ0asR>4oOdhaP|W?M#R(s) zK2l(L^Zeqy2`&iX*uO-ClUFUEY!=hcsa~jO2EEW?rca5BOzOA6I`VR6`-fUGgyN`h z@GwI#s<`IqOLf$_vg2UjPK)8}uQ#Rcbs_unZ_mmWb$f57)_(PF-&h=PUj5Jtm>ket zuD5F3jY!~P#;Sgwh!U+*ujS;Xozoe&9T_4}*Nz3|vq)yyo1VMV?^$mWbihyBpMoR7 z+O_*880iy$B1l@8ILCKm<-~!EU^D2{m$H3^F9Ci(uto*SGXpcLs`OhmRN6`&7Ur8k zWc)s(;H_s&VB2JZylOU>k&$C=_PQ^FNcht64_4MG8AjV`$-F|=Ggn5i=)7?aZz8Bl z&+yBJQ~`p73ggX`Y%M!kYj(}SXAUT6mx5LTg4s`JhaZ_>gfq}TwDGFO>Y;H)CpL$E zUFL-?m8cSrZgh8f*Pq_v3`AanDVGE$aYThg0;SX1j8Zh-^1XLc4GDFh%_M_rAxX#7 zSJZOB1JvE-znUxAxf22`J!wy0pYhh0uN)abV{RFgYP~s&gQj}jfQNv*UA@lb_(T^e(qpjaFB|@ z&yVHkU-+y72@T&EbkFthpH2Wq7X657Mn};B}9fsV0Dgz2CNKTj$ zwJP?GuKF={C1wPln_@6^t`j3dR`Q{QvRT$6q5`Z$WK|+PCKX0C%+aW|EZ-Q z4dAiNW;;oCZlA3S?44Q>~}|n<08KR=y3|uLhhGAQ31QFsaUFVp*4ciQTaXS8D7ZK(@7)Nq>zr*w1 zizDRUwutX7@cOztkIxMaPnwIaegmHIf2T>paVd;ni=%sgEEmxNi$R|O32_+;(2#y#HQll9mAl<2i)CfUxl*CABBnOBvLb|0(MEaS(-}|2P zKIh$EJKH%sJNLa^-|PBZpKu?sf)Z7CF4egIU5&Q57}6n25;ED!m%05tsS|t>Z?&%a z_Pk#cwWlKG8cB<&P&^PpKgsxjx$w|9tAAl&Np^XQNR1!+dFV1f1*75l>w7eVmVo|SJTWAwaNn;T2--7Q&JMo8oI#x!l=P3p5da`8EiHZDFsY;P@4K;PNnqye(^1Lg zuNlPHU6FL=zuf=2r`bwB`{||^$$Cp*XQwTD(D3gnNC(}LN_I_A=lDJXfi?ukQCz;11nINXKth)(b9tz3eH#{o6y=A?)xl znRPs{{Qa^5bYj%l^qP78x$9rs3L@7I2Ek@aVT=FVT+XvUQ=Qjs`klYIF}Ggf&L%Tc zYBNoL%j>>N3trv2i!feP*sIhpEz!P3*=O(FOgol#_a|bwkzG?$iTPKrVej_d2mRI& z@}D@nKVh|kA}%ngi)#xo1q|_?1g8t|A!GZyV%2im*tsWOWw9Z1c(KC|oE% zJM5x;d^|rpyY<)2+1a8{b64uK_n8*=srk4R80ni(+xMKri>7yG%)!qViQ#>Z zS{_NdGHb)1#rD2WAr=gYja}ViZSyAv5l$R4Xxv?(w{U3Tvr^Bo7qN&*7j39+Nm|@M&C0FFU3#h!916Nr&HU;58 z31AoFqL@sxi?famdHgfawJEM2qpuRM@ctf$LuTxhIvZ?Rk_~_Zg!jk23~M0XmiCS@ zgde1Y=}1xG6mj=WFmc=o@lwRrSYDKnXE`s=9rHKw;uO z1dlp4IZn2*SZ=w$K!4tAR45>YfbSDwbeFPv-|~+Nh9cZTftA{>eY&!MbyqPW45 z2h1$N(vO&hxOBf~i*coM7$ob_pk7eImx|k1BcTsps4$PdrUp?cKkrL9gM&v0EI^~u zA&R&mb46bam<`m+5qdPwX|Ndha8xZzG_pu`6CP3O4J6+BmoNy3NeUZ~D&x+6`2+wE zSax-&aMaC-eglZl%90qZC|c-&_nJ;I$yDN580I8BDKKZ-ya4gZj-w<_Es25cN#R-E zS=&ywJ=|ilSJ?0)xg96I_@@WG8ZAm?2%P%YZ8MaVbp;F|q`G3bx{53q8>*-1G!4Wy z-Ycx`^G2*L8YiF#iv34+SPpv=V+dpU3=z!B6hASadq^%iEz8983=f~poD?A2+0q|O zsDx23jN)-|{l4ugNP(QwMu*mJ0qg+u1>MAi1Plq#GSQ|4hIrkEd0S&zFijwZ2oQ>s z9UezO&j}#FB3F9U^Ne~;x=7W*S>rCh%_~f0l0h)eK={oe169EniInYE!OC4 z?o>@f7O$=Yg}aP{hl}Eq%k`yUt_qL*SNagPnzB?yx7EM>rR~8)M9cua1a)v~tS5n; zs)}O0d1sGYz~e7Oo&=%9K$=&|o4SmjWOqd$Kt)72twG7CK{cm$RRnJmqWah^wRU`5 zmZcvua*?R0r7y_(Nh$5lZCKGb@K`f`>LGnmiC2;>-60;>gD#35;rU|MIi?c1y@jyb zUildT)*`Pv^xArl(I;Y6v#dsH@F9om)PumBTte?+E)6sFFhsA%M87%cU%gQ7nXN&X z*MJ)mjY#|0%2mM2f3hO75>K&x<}4)F!C#7?nR2FtjDmp@Xcwuy#GIPZVV~a64?tA3 zP*uryC8fbJjm|{vE8!2)J(L9YjvDg-m;M%}uzE0sQ}PvL!!k2zVIdhx6I;-Mf{e{! zF#mqVxmzoFuBzB>sqhTeT0@QX|sMKC&iGRC9) z!1%}~k(8`5G?oBVw0n^pqx4$;kLUv(g*ZH2>Xv$Qye<8sZ+d=iHBWhOUaixf6&i3? z>4|>P!{$ius+P2}9Ad54EvLxL;&}xIYS6!iKv4 zMekYfp%m`DnVS2*1NWU)fWH_@haoRd`a6vAq-qf2=%vp}|-pjke49GVA{#Vi%`uzP(zEI26?t8>829a*C8!eDr z`uh!mNRmCArFokE{=SQ0V9ACA@P571aUlS+jKM*%VQ=RVk7V>JJ?y^R?q#s=qU$&& z_PY6cw!+DJ8R>9o4LL>G^AzT5YWnPlWS`59HC@`&VRn=M2I;t`)qjPuHgtq(^504Z z2l>hF{#6J*gG&Y;!VGn^E>Hg4Us=3l_E5Gl{jD6(U^6iNl67%>=u5ESvXCca>}coC zML-dO;QfiX-`(@S`~2pg09dO3B%V6dK)AqIVW+_gJEaIra9}W}N~+>OWt|W>;lNli zrKJ~20eo5O8hkae_?{oWK;c}7SqYwm;vKxr|_%wa3Zt>#Czl`Q&g)p;g^S~Cr z#t0o2B0_tht6mooG6?8$CRhyez4-mensVYv{}WX<>d7>{xCxM~t^H-4Emdw3e2kr4 zgx#tWA^Pe^W!%S#WA<>Un0mx7{#Ei9H8U{&?iORf<3bKbBE>>oYW0euus$+;8TGUn z#RtjF{48$`z6T)`o9QZg5G7Gv5z_h~lS0I%e+i@GyLi~f#gRNUNKyiIEfI0#<7ZQK>0b~{Kt55-6$awx zXT^+uP53s2MVHPc4eb4-G9)L0MwA$|7o`nL6{W3|6-(8|L`06!j*Vbsz+fZM`t&uV zF5k0#2g#qV+iigZ1s0S~P; z50nzwyI}Jpur8t}YxG&)Xn%2ox>q?PUkBht3nwmMkA*&KY8fKI^e~WN6KAw+p_z+hK~D=yNQ<_x~y`ta(-7krL8l8 z*G?S=G)>hrbg6H+pWsT`ay;c`E@I;#%&sVup-@&{l$dwPDB8=pLiGW%UX?>aHom5G zB)6`zQBuGXze#)id`0Dqo>?-x;+L~oaC zTQ0BO+GVk6t5`PklCR6uS^K+HzE}=he&3~M!^fke`7R9IK>8&<6Pel3Ec(L7X&J;} zXFc3<0zp~wdj$3^TBgBG=|yZ-d(krx5fWuR;&`&R`e@hz+j7`wyw_=7bmU4~^{H&I=H<=y->jZ!u@b=*3cioALw9NPK^bq0&p= zgu=>d&hS@OshM}-^>??OFZuo+EcbU_`_8(agg#Wn#TX?2&C2iYyvYzMn8^>iD*kcm zR>Zx05%}*_3@&@q^akng=Y%KJ2R6w`J@>!;=hE>D&th?;I8|Yw`tQQSv&g-s@!waG z7#>Pd+9XEiM4TbC{_y^|9s^Og-|y$Q-(xI7f|4ANkj_1`ahUzvpreiq&!(@JYWd64 z({UG_tiB5;IgoSD&KkF%H0E91Xql-3bB%MBny=Tj1CInsS}NHfV>yOAFZ1ec$1pN& z@7rQ4xQ`|+CQ+r%1~j?KSCu8NzP$`PLsQB$^*j6UIr9iw=L?V_lOhUQQQcQiz>YP!jy z)ysBqn?Fr0Qpx9$Iy1OV5Cl>RHvo0Hn{!q{c|fo=Ovx z$Kraon>$wVO&Il~(yoHq=CeMh>+Sv`C2}G8`7tyS=)s|_Z8O2O4<7Ke)3)>h<9X5| z^;9_vA@NzXkEyDz$c`c6UiweLFGSsaf$H1XqH|c2QD!_Jm@=~aLnTY!-S&-ZzgZxP zdm~vtp&>qgSfUDDWBaUj4`dlK%j8loOV=h?*8VG6g@F4pAW052Kx1T%2q&XDL`$nQ zVRVTqE`7K0AUYu-YegkKplavuAVa@!*CLfBH+G*XJwI1p53Y@sa4~;c-`wCrZmbwc zf1l{JV&($2;-YC01+zMUps;OzNPO^4O1OgVV1`?L9vj z>St2%`@Af1Mq4iQoeBH3O>n&t9)&8^pNqCI+US%?yq{9TYw@dskaEQ?cE5;~hROP^ zp~!ga)x3N-B(1k{^gDNFoQ6ux@}sSoeTy}Fq+MNsFdk11eM4&r>u_R`*zlYM^|UT! z5>CBOQT9nvR0{<~IEiYaagTre+&2QgRYs%Ka9;~d#s1zIcBu)PG?}i5_kDK<%bzm~ z^epQ|j%MVwIyG<09=1-g)=mqCR%RMpWItVCa4o6Sa2J(Ch7}@q6}9$3e6_$f2=RI3vP99LY13ZK(eR$ZJK3#k-ZnT}zO&$S{%0+k1qf_uUMk{IqGS z^mCUY&fU6U^RcTi2Ykk{!2)+H#1k8M8NtW)8p`{W>=)@{@R#NyUyIy=MeYWXFry(-Xbf8kV1(Vk2og>^@&y|mA*)AE7HuJ z_dPeg*teS>DWr1WrpHEz!i*Grf9@Fl;iw#cv}`oH=Av-jOV%)e`!SymLC<(7ZxA9( z0Tj`DBQoC0L=kJiE9~L&mCBk2e$!X0%f}J0y#b5H2SvoXaAa^ADC+VPI9fMd;(q?b zS3BnvAwyp4Zr{ifJu#{}##fpR%b?0ZIlbDj2D~27i!%m4j8d-jvZl~>=e3{YTYqGy z?aX&6^J&jHCYo3T7%w|p%n}s}P$$hB_mEB?p!j0efJ^ylq($ja+ICFncg^U!RM0;| z`@AE+d5lZK>c5>?Fy`2pIbD2eC`fgJu~=3}bjxblYlR07*1JjAQ0BF3Yin!pNpEAs zR}>Q%I8%CAH@ef6?A&{g4Zyk!Z@?T$Cqj1*Tsv8g-r^s&({TXU!tQ_Pn?q`roxffW zKrbrMCec1+Mcrn6V=ID}niEkCh28hv?n zgZ!iL_4dHx=6C7+#_6WvT}ANu*!B-Z#&zIrot^Z5&xDKu~A)n86~ zcq;nUPjgu&iMA0#!Q#GB-g!a$nQUdQDxb^K2@Q0UYWU742>!fz`(2+Db%8TYN&3rb zf6U|H&q40(W)Li}d0pJlRiUF<-}{`OC45iVUpzf0ljSkOd~wvNoVroi4k&<3)5|PB zx?b-XL2)@BZhhc_Xq<4QXoy>hNQ%=~S&>;*X3?NAhCZ$za{}zhVEPUZ5eUc>DiI~n z0K@{GePQA`<5X{c6%)be?~gvWZxaaNU$c93R;12FD6W$b%>lrljUmSdM(39#kWf;v zYw)rC_#E{_Qx|>UI?!h}gMXP75!w6}R4qysFv1uyy#`S(n#Kkw^KGW3K)FTJ_YZf+ zBHR~vtnsH_tSf$j6Y}ed(ikB)hb`@SH+NHmJmo%`Mb&-4hK#bjAb}at>n=_;Oo@_d z_xB_-ON~~TM9>4nbF{!0L-+$q>>Clh*JYYx7f^a z)OxiUc^XRUCl^+9gL;|AEUn{?-v9#MI9*TkHu4gHo-st*>+Zg@l$V`=@Nn9}5#cC+ z)GI1y64j&-=YVkerr1A?7DTpwdId_$Uyc_9%B!q$>g~5)2+e*;q;31#^IaI7S$tUX zQkuea6e|ToB#w+ZeA5{1i}Pj9PhR@aLA4R@!1T)nJq+6_c}|_`ShlR`a7)z+_}~@g z5FanbvL`D(K%m$nR&8Wdb?}~D1lz6}+Rr~qt9708I=X2cDJ{+*?BLNHKq;dIs#s{@ zzSzw}k#ZIL*Zw^B9Qi1_DSMUEivQ^Epgz0;ed~NND3w0bzC~l0#N`q8F$k%Vw2^06 zp6w!8OfpaK9n#vSb58LA<+Fz?Cd@7wF6rqi@T3!2n*TZ0u&Uq0D~UNm(vlKh*3C~ z$K}C>uehGt=Un*iMmavLT%n047!Md|kD~zas)AkW>|h;dBVOeAj=! zV3L>-PCq(NX@}?u`V{x@YAWwmO5$Y&4qGo}&*I}v_RfCf44c*$ooqR+_iNhS7M|44&&^~N1EWu5n@7KiPt=S;gy3;Rs` zjuRXkK_7x1o+nN}2gpxJIfCME9$$@=a$}4O{_#b88{O_kJN;gnc>Zz|+S9&c ze)y;5c9yPYSHg1yPIsZvwxdn-XkKUg*R#*8f!k+45N>tX7ys$2$<8S& z>YZ-lOgh%lzJW74b3+-Au6i(DexC2F&Q~%XHT#?@qpfWhK5EUJ^TB&5eRG-1Yc+?z zG7jrjxQzMCk9L8~w0mS)cix))9@ec{LNBU3?YR2YyZO_}u*rfMl)@!?3WYqODEEWY z7{HL$P@AePE|U7iIaMb)83-#2i~0;jJn)qUI$<$q2$dx~-6M_l7+HOlmx(Z_piw=P zclPD|lvXDz0$dmn_5Y3+tHB3_AX5T__z1b}x)e#%)c2M9$Rssen4+I3=hP>Jx0Y5{ z^h%M~Wc)xJWq>BWv^rFMHrC+7T{-vPbR8v^7)>ZmGw>24Q35ePY<*gsCN>R`geMBu z2r*NwAXEG_n2iHmOClSlGS}UjC-^MDz54ysBFK_yTvclT8h}$Dai2o4*01!O9{)#ip{T2-B1h7_--Lpj?p|Do!ZaC7;zXi~3K(t@T&Y)ZsB&{-a_o5Y3f`xNXX zQ0xHqeF%4VD08>y2?!@(mQew{Bko4|y~xXEd>tw`CU)c0hw9N>;?c_M9U`52=8T55J_Yb3eXz;f&|TUCyn$v~emwxz%gxxo{Z-j>{FQ+~iyB@q%1;2T zlpTnR-RYAEO>!(4_&c=)%h_c(+oO8!Pq;6afx9pzz{x}Z$KltIi-TP(l@3oG!{@{^ zbL9&r#h!z6se@G-IM%$_RCsV}~b>lLL(YVE`UIr=IfFRi}%Lkap7$_&61zZ|!BP>(lz~ z-JWm9p@8&A>CrWOpjs|)B=V-|BJi@@X=dp(x2Anliu(|qrnh^=S(P``7Vl)W?A(Za z0vm2&^=5AD6`v=Q1tT@-oELrj-0MANOL8=b{OcpcwUnPEXAuGi!J2$Lh?nb1{dgUi?fYWdu8m(wXVx4-gAWk z+NEVq5k?91lx_WOcf1|09JnmjXw^Mv_Q3X&Yrr?>wSAq~&aWu&#hEp@5*~-M0Lcu+m^6&fc@mGL_rm%^sh7e<&MgK$|h1TUC zya3l9?g?6A`6d9-UaCJfH)4VX-01-uzpw7Z98Aao24l#}$qxW??bx3Pc%qJm%g|IJK;QJ(+=xDvX9jkP5m`V>E43tmw;fj~ zf!^9%Db2l+jg(P+nmjsC5m!|PZ%~QpWmGgCc^XONQzyz==!PI=uc($2v-#{#=f;ag z-+PQ7=6LYkc<{Sk6JFlZb*ZI54BdOtcX^aGhy8NAWA1*rHR!gFrN$qfYjHW;8{O$d zc24@AB3eM^U8cnHUqs=*PvM=90&bG)N9SB>n%9Rn=grTFTHam$*nCQ7u#&dH~ar>%RUzJA;}c!*tB1d>d<_~^Nw55#Q1!?)yNehKl* z&E}5P-=p5#<>Sb=4AH3AfF~twRxdxvdlOMt*dY|fC7VQPSv2xbBR>-l>>)QcKq^&7 zZ|NILrhRj3ANINmYY|0e1r&M8EPxiD6{qPt0A&sv+3eD5ljavoELgX5Y{DKLLxw$? zcCR~#=RMxO$s5Qw z$sYb9@7%D5`M-%#>-*M#b#%r>HPh3K0GUr;6K|aqRL<0tZa>1H_z2f@s87!Co4egi&F+r6oF5{`)b^3SkA`xtRH`AYw8+x4 zNXqpb;mr>rwnX`PDoE;nL9cWW^$=G=G$!-}EUVZH%BLX|jjkrBOaISYlG~}`=a1N6 zFTy3qonK`(y|y`CN@bkS1P;Q};|Vz#>s*-e={RDt!>jmM*-OX;>P2JK`Z(8SQ%u-; zY#KX;qV<)Fd$7bMT>?0)?bHjHL`(M9j*p^>BGmCR&!-}XDz!GxiUP+hQ2sIa(|)IX z+R5#9uH6wXH|Rh5L#WUYkUuO`T*&K;K2=EU5!O^f4lfOzRp$~MnZYq9D(F?yo2wtp za_s;vw6)$?s@su|cdzeSIJM5=G)l?LVE*a%QXu6r2gs~X>)`c-!`eRU<4!vsD)e2V z*e}}GIWgSDf}4W2c4O+(Wi`CY&r_I_74W+2?NSC;Fvp+h)3uyuWv4 zJ_g*oD>Yp5-;lt=$3hB6%n34IC^s&WL2+%;QH1NCAn|jU>z!mc@bVVgermPgItFE# zdHIrS)>Wcbt-GyHxC#n>PELXS)uEdWL`meZk*$=zD=#3Zr@`kR)*8K5hJdE)L%e9B z(SD1nvY*}YwBjbrzYp{EiX^R*s#kdFyB^@SkB|mso!yc}H7$9sQ+ykm z+v`JZxYj?Fj5zyt5EmIKt~#P#PWmHo(0SE}RN_YOA-?cS)Q@K}+D*su51SV6C+pH3 z35TB7!&K0$NdO4aoPmp;gm3EAr45up2Y;j|f>IFMf}LVmLIERb6w9bX6t*?Kj#D~_f{6sRDOV;bWTcc7q##s)=ECn%K z8ca`BHB%9@FDED0_74g+|JuCh>QrUnR3EIExc;{b=OJc#zTeBgzs%3i&F#1xb(6pG z#(=^m_*j4c+Y_jS$TVySr_`}gbprPj zm+u4V1Q%bK*0^b(U8zyJY5TT`))lN5A#AFMLIziCnFIOT2a7+ikL-Px_l`B<>UN|b z7JhxGjMhYZROSp-wgzbPgAC$BsEB(Rrqp-!B!CrYtYJCe`(E8~ZNmz%yVoigA3pWZ zh2DDGV;+nQ>(?RT1%|1G3^N4}c#xQwWO!1BwzNe0#xg%Y;^I(OhYHv*L}QgO6B*F= zEMytS_mmkhMOi~%=*9Ik)j@!zdU%X0AtH_pi9b8CTEWXyRlgNfCt6X2xL?}Fm@v+l(t{`Tc5S`QOAsB481l5fF#TxWY|QYMEs}( zUz{ctr;Trb%$qaXSl1LQB+IA|OLB7105?^Uk!_yO5b zDmz?~aeHXE#G{e-eQqRCh2nQZc(9+_miNP|F=}nssZ$m@yXII~nToIVZZ$*HfGj0a zt=3w;rL2%mSNhYevpdJRh1$ zmn0utp}~^InEkzMq*TH4kW9B?=JQCGFV|;z`gr+#*iFZ6_5P%bSGz`mWbe_{ZvPGO z#n(f0P5b)k6Oq1FZ;lFkIB>+V-Q0T-O7GPsfNXUaZ9+6IW+Re%jrK%FHmfZX+sqg= zGoDglX#hTC`XM1RdWb2(C4vIAQ3PJ4R6h!W;F_~|&OsYH;c4E%#!(ydInBDHzO%7v zgdLy!X1zUZf1J%>RQL_tfOmmyeWDIWtg=lfw67pK8G5{HQX^5H156%p5RIQh<-i1s zyUf7bHX`*9r@wF;a&7g6QQ8AS!tbvOXdonoxLRzxMr#p8mMS{J4u!>Nx@2}a;}>+h zZnK}Os@yXHf8`lU9I?eE9TPvN;!||f+Kf8a-g>UuT)tF<(kx$k1@o*`eA=U7S# zdGyCTX~J;JFMbiUd2Y$&+_U*cL)(U;NZkh({9T!3qc~sK59S_l#W~<(i_lZs9BVnr zn>YVF@Ol62bP(8aj*&UnLiRA5riU!7tZq$h7}I60~MQ6+!Ya=*R1qaXJ?6S33GL~pjt!df%kVnQ*flL%s|-im5v z+BfL_Op4BdreR>68#zn%q#&?q$-v7g?mUQ z{JL7w8j*TbWf1ay{ew!Tu@*Wv(xy;B)A}vTKxTX;^2ID_SPFs^+|JPl6jzkDz)g^Y z>PU_pmiG_ON`iz;r# z5rP*Z{wN0GF#ia6a~UF{_p2I=eDS1`*1N%JP3J%>6Ek*W>fAP%kkc%(f13@X5r1 zQAgckx?AUZ`qMqluqQI6a`B0C_?xonQ@rx7`pChY=_nzEW62|a(Rdt27$7i=nrO5tp8Gk1b+kzA zEU9jMMk@AT4|>gx@F;M*`x_+Ei)|xs!ObJFMi?@mk|4XgW|R%o%Py5Jp7J)cyn%~b z81Y{9R8moSRJrt-@L+vTGN*E6KipzIjD5mv-AI0dZ4;E*tRc2n?otE+?0t?$woL-M z{P>O!Vb1MyPwbmIh2$j);_T~S{P7N5el8*nqZ-ffI~7u^TcaQAEOsQ)G|qk&N^-tx zVlfM_Nl%U)EP18Sfv>o+fhR5*E*)Bwc;;#cb^=qxetYa(0=i3hG`Fdq*IQ7!SXdR| zxGVyxz9K>Mx|r`Y{)i+v6mgdpf9exp+7j9A|I@qd9AL_OdMh6ol9{e?sr7qbWqc`L zdSN9bzY{}(g!Da-9V7+SdJ-Qp7I}fukOi%XHm;r@+Z{(&9Y-@29pf!~o|F_mCGMM^ zl5^vr?v&|#x4B!BBd7*35gRu*JiGHY;~x{W;#qhU*$?E~DGs5Y*8ZyUmuKMn z^Uk}=8UH&!gXiop&cfL13z!`BhwPbrTgyv-@@rD z!{GDfI}D|aDdh9#&rKcYRrdDw(VZS-=ltH}ArJpo)Ayel`D&|%f)}1T>Al3=%4RP* zWtf08JhPILla{?i1?K+v#i`?zUgU>p_=gBqlzdPI4Su&~@*1)-$=x@pqh~1q(l@2s1i&FmH z*eQdNL4gGp-Z`QkyyfG$ex6u_fVjuTU;&6>;6p`#DB8n|ZA2qt0OG`#?m0)whiOAU zLTJ+4s<*+Y3_e|;r@{I^cC*UlWBrDa5l=?aa-Q}RPHh}x$dyeth`U(}#ZWxG7 z>S+jYS5~7Iycd1iMvXJ)c*~V4pvaulPmwWg)v&N~#ufxwuj1jas~r8=;)tHED9rD6 zEE&NBTX4?d&Pq(IcZe!99c56(W%p*PEK7`CafRRs(!fXE51`WR{qoiCucqvUNs)Cj zp+hm~ue5KyPpy@zY!(lVNR+(&V+d^VIw zPgvPOfJ57F{zGvD>SImL=~?YEA?YCDFG%yXnK&a!N5+k{x25r_@-whLyxGi55~wc@ zl(2enX3z%D)-00;DNC2;0OK>mQobPb7QCE5SBDLgjji3Fo|ivO13j#o&7K2icCkMd z=#CQDx#9rrDXrDh2xFhQbm_7#G`vv59n8@vKA$*PK3`N=V8wtuN)Jgkca?PV4x(O; zjrGrTUNst;?s|r)9in4Y&nC=N9v64)QBjPIjWybX(TfKgUS6_jQPbA%RY@|wH7ZIT z8fKMJ4D0=3VAum`9PLMtSHrO>#tSr?F-$%_xr^&bpB{6SK&qBU;5ofiVjgc)wwC@7`ly^q>2RSrIC8fynUcao2t8@+)YRK_ zx$fL~yF&^13LV*x+r_#4p6$$o?Ty~X>~4=GLz$6UFF`&A$*=_xtTG$#p)@D?;JYnm z59rW-K>R_2636mgc6 zcU$?-=|>tp1#|;8A@draq}%2gqgV+P6-h?VzUZ8Vmk6jj;6!QJ$gG?8$OO9d?tMjB z$13H+=CbA%s*G2x^rf&LFoZ$e1NaL#o4;)2T!TB!YYZze6)#8chK!9l^nnJOjapHj z5Z7+js4zTa8%QA4M79Q-sy#BKM?M-{csAjV&wzSoE-g}p3$2QlHdn;@yQ$ZN2^%`! zo8jcX)s4P_{I^sE-tOez?YQ0laZ|u_cmGx>K-Xi8hIMZSqe=-r!r1t42j6X5KojpV z)vz8Twv@}i+2Ccx=xu|Kv4Td-=al3wmM|5MSK2GZzMM(5p!bv4e}TcPmwYVG6*UeU z7ZWT3uYMaDAd_7Eq*(I4{)yz(8Ov+koHnuW8+dy7ZZr3xoWB=jEHig7Ca}`vWqXi8 zmm%nZo%#F%tXiGx<1S4Zynrmd>fN0iCLJN3Zuw4MVd(aRfIh*9+xzpJQ5=+J)Ep}C zGq%!j?|g!S7t3SVEImmbB^L`QL#D}O%K|;bGk2uYtp;Dd>?ro_n?#zsrTND{{ ztz|4j0pxrE)La;P>C>gk3Lywz@vrhZ+W0nVv-|rBQv?Ud8QyB zC+#1mh*W}X*rO)ds?PzxUMCFpiBrLQ zTg>;gmod_zGgx2_E)HM%97{e5-9@5TIvXHM*K9X(t5r*DD+w5pM(Jc)zO+_0Je=a| zA;DebgET2oVUsK1CG`g zvazB#aBYX1A_Z4ndo3-d&;GPD^f9PngVfC_mCQwqN|STcL!&R}qqW%bIfycMN(kmQ z^vQijT{}uVfIUm6$N_cANbm*^dx7VvJMku-tVc7A0Er!0ld3maU@`Zxc5)xGyg+-E zcq{fn>-$<~ACsR!g^+9T}U5QH0!G`9h$W!I5~cYjP!nm8k9;j&I|cF3aL84_$u{_)y-XajxTJ z{^;%I0i8e7gY3G>a@GMo4R3lvRtrd0bIL)Z4WFHj_%gax-^`3-SKm`HzF(Xp3@AC= z9Nx07Yf4aJH_D~~(93Y-z@rkU^m`jACl+AWEUqolorU^j$36!CY5uE8f^4cV$B)R) zo0f-DKnA)q8K+;Um)-npG&opLT`cGGlCr9u=ZQ)X^vto8t9-0d@(7>3;LI%xddEmlr|j6 z(H=he>Y&vU7mrql=PRRWZA~WqRdSARW}{D_vMt0`wG*lK#glg344Dgk^{;2V+Kp76 z1EM$Iw)EiQ{u%0!j_n&Yo=PLzaTUUmVzjf}09%7V(`BMK_ zp!PN4fOlm|2YVO;NM41DmhoFmF8kKZ&y|06lmAJ7DW3bA|2H=O?(k04ST1QZoQfMsY5pNbecMJ;6(4#(W znhUanpV~aFc^^#gskx^o^!=z3^sOLXV99lnn6KZHa5dOZyK%ce?F`;F={y2sLV8N} zTR$J}|7Luy@e7NLx)^G%vD>=7zV3<+&r+7M<(Nj)JLzj_GQh^LoX#P8Qm$iT5ko5~ zA4eQqtMT6Q6>B|#Q+92@*}QWiv#Y$(U1>4Zw>6SJ-J-r8*m8cr^{X0!@A z6=Sp0l8cZKR5oDnL2SVvTuXEIwA8fh&st@F#5GJ!D}SMWv9~)>WZ9Z$Y4xe zzkW9;@ygYe2)~&8vWH6rPYwR6Y3q=Km%hFfb%?GEA^9@&7>(PrQlnQEUmZeKskSD#W@~67Ng2EP9ca_4zh`GiR$R; z^QbCivs`Pg(_)d7)K3(%wZmHjVpD#QqNJeW9~@16=t6Yvp>~IcXjJ2OG z%lc5dRI71B!&?~pdQnfZ^m#czU$}};t|1H}(hFw2)Jfm3=btw|rFar-^!>9Et_)2; zRw^GTTx_o7)e5M?Y8ZPbRf<@(k&>bpo8y60ZOi+%pEXHGLFao{QwqO}@wM~rh)|u! z$H>XiKZ!M+d*U_C?znrF{0+Npg1#zyy8ZQw#=ED*CPKyatNT|5FQ2M3;VR70oN4ZT zK7Td9VSt<^c)2S}?kJ+KnWI7g0KUX)%}SOIflMhSXLGc#d#S#c)aMQH%TIpFobI5W zB1XeBRAtOp{wi^mamllgZ#o;Ruz;j|?``X>@)sz%BY#9QNv0}I{zvYFxQiRT%BN{khozXnX|08UoC!xJh>o9R;f2z=jX@)V;D#SP=#}j5#sq(wi zeJwhP7GG-U3#d=tBq-1$Sn``B^Q;5hCU|Y#UOWsN`{kzqQ8BHC(7E&ZceiXD;-HfO zvB_|o&@uiEY>}u2UZP~+s}!~rO%487Y4PR=%Q0m)!6lfd6Bn0F!JQ!KkAS^{4afct z3cO}x#hcm{U~SHllwT41P3qfc_)n-Dek{2#dIgp|MBO*i zXq=J$QhYY^lUCx$nS(b~y1Y#$M=Hvayfmj3+zF|{gu9IyXRgw|Uw2&XULvS={W{~% z^unejsfia9Uy_I1J!3qs#2(-iJ^ynY>k)=ZFnRramLt)iqBj5H4>~)<9~r- zlJL>^FP||Da6aDgzoKgxv}w5Xr?Kf256@f*!MS~2ZW3C9%Dxm@)z zlpdJ7xGLABN$Pr6Nt&fNr`oh5uwHJ?wMn^r#27hMOVY;jRgDTK&V77mZBrA&-ABwE zO7wolOl61rJK+3AiD!SNhV1V!?9hYinfLRdf;`c50_hJNeLTvBqpSK!{SV0m@BsAaj<>P4B3VD3NrC{w5-N(arr6(5Uy%s~O0--jz#bky*d&?q|KtxM^>#4RiLgQYxh zG{C~*P;<*8dw8C9os>DH^>~6hTapCB*U3q3J9(qCcb%v50>_6}a#xyV6XhM)jl6Bp(-B-gbE$G@L6-(jBtQi^CM(?I@{!AGL($4p)$|J!-T0)D<0&3e0)>N#Zh8~bDpU) zKuy^KLV1U^WVN9<1dlFjLyeQZ>HvvvlxdWepY1Go5 zA~_B62$)??JGQVfahnbtrg`*4BpQNjm z@k*HuETFJH^W97vDMB{8*m-Q?Tzr33_E!EhAs;E{>e%BuVrTDHFjH3U3)}$fJ z*a(D6aA|oOuJe3^#4g*y;pC&1j3*2&6~N9Ac@EQye@xBhYCo0B*(a$?ozD_nuOs{} z2f%SJzGkVStV{xIl_-?!ZB*Z2AC|Oo@T(P$^wyqn^<aGeTy}iOOa?=4 zJI;0W%!ku2671Al(^3*ur|?j}UL~h!ZYih1qT15w+lOMkUMLRmW#?Ofa`YGnUV)8& zP`kDs^~Kwp0kaQDyC?CURpn(R?~8m$;^f(HEz5>-V?S5sS_`r%b29`L86@Io#biRN z#C@-$GqMtGv^a2$z*O94+RaCXXq9e6*%pPu`MK`;ATYg;hNSlI2>27xj1~vGy`C2g#R3dymAbV=$Yybt&99NqX)zwFp$M=UKO%^qn({0V{lt@K-*o8j5*& z>>3h{1pVxeGQ@XPT94Yi?_X{q0$(_*dE5J$)?)4BZhL7TzpOX?-0e~3VPR$|(|11C za!QJIYY^e+xHP6=*8Sq-hM_~N0Uml@Cy&smn*m6{-tj@*pu~CS%EWSZyRa;DWvRm zUr&MwQG^hui_h&Dabj%pQ*#@qdzOr9yAou_CSGIj4fGB?-N?5Rcz$qfKhGog5L})~(#sb()?i@!9k{)wVLVz2O7+$ZZB=`1ZVXWeHMW~T`CWF4DrD9v zcPg7%Vtb!4qs7rGkFb9N5Zo6LaP%ymCF9ir_$clMhIk0KVjWx%V{sDaW_B}E03U(PIE8BM$dLx zxYq*l$bd+HbY^5UE&{diX4AyJMdL5K*pg)F+XK5gm6l*eO>USQvN58(ZDft#-|k}U z#=n%pqmxQ^uZJ3ZS_(g!7#(apBpfs%s6QO5*Y56PO+7`8N)bC)!Ki#l;U#@A)-_~m zl6w7N>`h{)Z+u+^dMtA5Y2`~zgrUgj)fXn}ol=5N_&R+e-|#03u)jNF$xn~TL=oc9 z_4PfJ?{KFbAWl_gqKmh4;1b0#QEoxW7m>xQlHRo?g$a6gaWo&I#qEy(>3b!y_3Uv; zdwF{~^yF`5*3Y89IWNzQ11noMtG*KfFFko&}Y(Yc|7pOKm zjoC6m#o1iUIvc#-;&?iknZ92-^9WR%g>R{(A29**)1%wXxLUuS-G@#x))NgdJj`9H zw4#-PP{=^Yrk{QoB|NGd>0AuF8#-leUT(aY;~U;Q#cG#@FlR1@5CqEZ>2hUC}QH_Fx|6WjsDcG3yCKruUaRP`z(1_z!yP=S~B)@(~s0Z z=rlSI!QW;k*J3{_AiVWlc}N+GVlFU(tiS8)=Ezn?R;hCkW%27g8_Yc~`%5m}bv3w` zr>^{K)wZ7C&NGolhpqn3p#Ijp;WF9qp^oJZ{nU3=^cr-THTS*b@tle^zGP-Hdl73E z+Cc=!hQ*$&(a6IqqI##p2$M51k`(HU*lm$8Y9rEPbuQR|Ymi?i33E#-T$I##mp(jG zqkh96vc>zg0RqWWcR4Zwh3KXD*d(J&G`zM;+a{PbgagKG+5cu z4w}Z9Xf)v5l40S@81(tdQ#(P(bqr2TG*Aj@Y}ou*S*2`HGQ52RLU;_XXTol@b;ezU z>0!V&VR7Wz=>Su9>V=vTSq2eb%T)+=T4h5Gb76WokI>L^e1DAi2g>Q1X_|fIYx*$% zgSjGW4=dNkpNwh6$qz$X?chy9!~T5)n)CbWIqjEkz6|PwLr3r}J`usNsAYY6Yqwwc z&*)FKe=_Gh~F>ySslUw!_j>WHsDts#QwYJra2?+eBrv@ANR?l&g`2 z>e)kqwRFqnwew22xEymnHk3}=R6w6nr~O~Ak;b6g8KV>)XUd%fwq}Pe?31EJ8D{)M z=-bM-LjHvTPHGRds?m|=nY#LLEO)Cn88(!y)V9^TfUiKq0!6Fh?PPH>@ZW0|zh`MS zzls-uRwRO$^qn@x=cu;&6v?@Z{rNVt_(?v?epKk;SpAnH@6|+nBY~Qb zI%gSt1tOM$K(Jlj%d>?+2Cuj-5H0j381r2q;1)o`e(r#v*+1jKk0F;JdDf`W>GjQ* zg}qY{AlL)^o>w4{K=hzt%Am?@;piL_Z+kffAi1%Ymun#JX%7V4Was3(0GUUL($^ON zXYO5ewER2dQQRMD5a)Lv-rqT>eCW9tA>_-7Sg+7G-D z-+*GW?jbzy|uaZGIJc##L-mKl8x-yEPi@fxY^2ZlG!l&bWZru zl@j^2b6Yr~+`!!Ld&Co-VNl5u?bB z-J*l!R<17wSln4wRtECpPv`;ZzQyl?>g+R>>PMvq00+X=uKxl=R6Pd(dSAs=5M|MR zu@<|vblX%TMGQ_0x&8xuWEhebKz7|69$g<|i17d%KMjJo_EUlA4zjd5c8;^D-eaB@ z$aD$@?+QpUegi_A{(&TXj6yV6;#`z_3Z8OM(ah3z2zYePm+M|*i&Ox~(wz6`!N8Pe z6L?L}i~L0oTh=#?Z>VjUK~GP$7HplNuCB3P=QsJKOmR`;PLpNx^&73qn;-l8f>uo- zi1DOXSsRl2{D?FPg7W#Ip^<65x5Lo~x>fmR=NEq$9zfup?+5C`-qLQQWjm^nsGl`2 zy6x2UFKQe#4gRv!kp8neez?-UtFb@(8PF7!1mCm52)Y$guY!2>*}pn&h!Y8fGZiDh z2*#HUke1||;Da5J0&yd05=iH@!dRJ&P2oFEu?IrMMhME*!&2kb5J+;%8Xv>$y|%+a zbkPtFQqLJro?T9e%%fdZh;oLT=Qw6Pqr6O<*lf-_j(=bq^~y3Cx%03w%lT*89h&G<;uGl;kp}&M5J{%@p4d#A+6c ztNs|PobY@S`_qf4qAk3POUWkIqv3WPavCNzVpoW?GAb~GbgwBm3Tw78mN_^jQ_mW# zr)8irP(z5k+IoIg_IGE&`_rKs2(kfa&+Tbho5%#+t-n1mBuaQ-cekoTJF0(tuTPX~ zn+(0zFZbjpCwrHo-m-FKzjy)Z!zbU`a0wr9m-oM$ z*wopKe3qfFX(S$z>7Gc-xw{YK(ze{=hpllEv>~O>-)ZTyx!9{r3pT^%aQpETLegKv zDY`AkG_)j6Eqq!-k34;wJHhLOG!_5=nGUY^+ViGg;7!PP>*?jooaG#}-mnAFbi><) zrDZ6;Y?PjWX^%)uri>hY2tWOk*$=0aupipawlY>YPU`A?w1W2i-D+YKeE1NjwFzq@~oFSzob)>`7G2xjC#r$TUQVG~O9xKL6nIg(NLq(}gw)R%%2 zAWGReWk!ud<4|%N0Y-t&$`t`0EK~&TZxMu$GW?apfy*)7P8r>)w^)-Su$n+GBu;vf zp&rUp39YSC8Y=vM@Xu z60u7-0wvp3^3pVJ5izJ@ZTIWqBFFiOyv=Q~FJ{k!JW*DtOyO;JY1xe9q_l>p;$acE zIB;`hI|wW4*gR#2FcB!3ECnHImxFmCT?z4Qs-BH}JDY6lZX%vbZ(ph7G*8SKXuU*- z*cISvbDcJ@RMRUbdp#oxfs*oxp@(r+msd(5PMaOB_>VfHiOQHNmZ)y=2|hyqbyMDV zF8Q{=kNiU9W^4JWF|1W)The8eLxe-@@1mfF>MK+wx$iI~5(dNZ)i;1ZZm*^t8%SIC z<+{GEz8Vm=aI1X(t1!MVt9G00UmYK$VOja$Vcge$QRgCmI(a470@QPR{;bTWOWtS{ zELm5W^Mobes{4+TBl+P}GqrOlCuBPugo6#U!DivEBQ@d7TcOE;afiq-C+Wl`6nHt- zK-l>>@}?NE7G-}O+$jol3*A-IQo_$=p-Cr1Y3nmVATml{m$r51N@JF;zZ4wIG-{}B zNa0*`8Da&1gU!?y3b8<~eDzyg{N@AF>i>*a`;R(bpIY9WqRXqWLQ=IJ{~-s3sQue% zl}7She4%3&NY;BC?*2W3I?sPIlX2{PK;*+QK)3s*g91=q*ed z{ji$FmzO&^_%7BXASojF0t6EO2D`?BkQdh{`R7nbch364Z@MkG3u5_K#>(|sGYA;8 zT=L(_l|C)g0;#OCz<2^~3vD3e_}k6(xh1Ft5AyuhFqQTS5LLWRz*5_XlY+3@e?NC! zs=+Zoug>q-1|kYDxsSn+;s8`OYV+r0@cUjP{Fti-gTum-e^Zdj=D%-{@R>Gd$#m!`Z*D3Eaf4<71nUCw#muG_CyNcB? zJjkln&8+uoZ$M69D8zkQ=gCVDy?ld7=x8YM7!&gk@RGQ#LC z5;2>-IPT|oe>~-8-Q`k6;S$gjuY3I2^4il7CqZ-#RbKreVCWHyIilI-Iz%>UWk3pt6%T?VyP(|w4!zN)w)KnQO%Mz6@?PiAeY}h ze^5-N@kcKRf2)rJ7OCQCK3C?L)yB-H@Bb_M0hN{pnURw&yn+n+;K4h`j0Hk5JUu5* zWklRlPU@23Uh?L02K5o8*ITT6nYK8w7#3L@2%GfU!i;$O5O!u5so9o8)- zZq_(DvSX3G-`z#c>Kq8kvWsbNXVb`6pg->K7u-|0UAqg{K_Hyc&5s1Pa!&Y&GSm$^ zgSzg{q`}M8O5|ciBo22HmxbOdD2Qzlu$K)(mMmDTxJa*}vAajTK^c{ELEX4sys-j2Bpt|yl>j3)D-N$V&#a*v=6 zozb9OXiNE&SW`h!2I4`LsTwsVNA#BBy>ZBF@)sz+C*MF$s4LP~W4cl~cAvcoFR98u z4rPY(G`DUuadndP9h(Hz_w6whIdO%bQ&V0><>4u+5*6W6{^4nZqA2lv0Ycst7d<*+ zJbzma>SI%1_5G_#Pm=*8(u4|K}g{{#s7RC7n0`H@1+b| z)C9bo0d#83;#+73<%jH9UQdp_|RI1sT_=}aP-G3_oAj$%})hCw!bJ38+BUALiHypPa8Xysdzo5 z;&jWNd|7{NJHKEM*m|r+yKFhs+BDIW(w*_z({Z2nbnW?I_mCZ<_~$u5n_d+wxn1CmBgfW1W8*8xi7Yy3F z_BrsW3ZYqFu+P5&ZQ=z;DVpr->(dZf{ykG2G;_!AynW^B|B~mKqZqItAd0o?Uksqk z0}fYf=CbGKN0>PKWjY_w4K4*9b>3ir>jzJ0zx>CPuWHBY2KmC9i7)qUdHp^TK~_Q9yV!9b`TZ9^KVk~o*dL1IqoDKl z{}?h5GJuVl0G(3s(O7HmZ3%TvO{{KATs;5;Sbg5Bn~BJVyLB87VAx|RYCQg%(Z~A( zR07sxjtjFt=64lcd4LJs_ez`xO15&6cb?+~#>Qsu9|39uxH_M89(q?3F)slay;dNd zNb`i&dO*HUoj3T;XjOoGeb91ax=fK0{f-?0m=WNvpN%$X7cf|pq4AZWH z5MxXZJtmqzJ@IJZ1k=ocZubmaLoELpG5~nxH_=}%u8WW62L9L`)qA%uc-D=Mjk$^6 zIjOiIswKsI9e2Sg@-yDomiqG);Y9!VB-tW?C+P@wi z(wc&&G9kY6j)6HD8JVN#%-4SzaP_CvxqqMN?cEQ6@ck;R5CtCV-jvLKI2^8q?pO0M z6R*fFxo6hgTX?H-q@_S~q{9I;T`PC`s_OSBwB#w0i>tueiMKf%epgdVYb%G$gOBE2 zTbYeIhmdz__Vf_nSwL+J0`Wd=Ic>7~P3B%PJB-i+iNw=?5Fq7asf3_pH2j4FQP?2W zZyb(B0m82oUc0Y60slbGU5My-OVu9fQoQcFi?~ADf!u4pLZS~gag#Uc)7%y6V4>b{Kpy}It}3nwa!p%_8a8%+ty7$B?#&S1FbH6tp{E;;qH zPjK|qgq%qng}02=g<_MQeu+z$QPl8s^K^oEfY&B6`GlSLVG0OodpaK4i>LoW|4P=C z3QFchV>APN;cjwnBu^(hAI5&M|BjpWDq7l?T~7G>Dp#{6BW%j{(h%QK0D>Y&_=uBB@^k3^w6`$XD5Wc9<--a(i8dSv4h;@7g+WPh^21$$fh z8%@pD<

  • -OF>`CS0d0>}5~_6??%;Pu0fnmgy{OD=SX;pyhQ4FYMiPTRzppfF%+d zGF$Le=^A12rmTB(IX~E%4Xj)PaCO!4S5p53wsP{-SC53te?QOC+f*}$K zGW|+NIyoMT9UDzw9=z_LsJ=7T;_ zp(arwK83fx&Ti$fDPi^Iz~TKyr!{Z9QnNvDW$hbX8+M2~2X58Ck3jRo=8Uv|%YzUy zIf61bifIXif>){&rM0C6?la-LWIALBZsBHj*tP*d?qdNO791a&4_S_!0zFkpd|zlF ze9sLYQZnRpdx#K*CJ#a0pXwr&NB?+RkdEN$`bNvp#&y8t! zzltwW3(g%6P|-Y!`<^bc|Ck_!HM;Si&aKes%+{FJ80G=aNKzD}bA!`ryYVpdXO znaD+<_mXiR)>$I`+Sk&UFOg;OMPG<2x7yK7>mEcD9GqAA7#z!%@<#0p_P{zYI_*dD-*cX;THXaEg9eTmkK2Y-1 z^o?yfbz|#(z~;&+kotT())_HWNZ!_s6wna*pYG1w|2IFF_g&D<`)%`SK)w<<@G%80 z0-#L*=@Qep#}ynM>y^SqqQ$v8Dd1IeVkN zRz+z*fEP|-vws>$F`pCa$l`7A#!|D4pZrN8UKkXMuV>`9x)WV<$0$ei#>f2vU0IVp z1q63bM6O~kkr4Uh?~&)v3Rm(om|%Kr5TU0wab#p>op5)iFZ){cir}CoSio|Br0RY_ zI(ZzouwaaMS~x9;{?zBgR^3*arWzuzxRozV-zq^|gfujTO|J^XiNfK~p2jUD~H93%93PMXtMxw~kfAeWrol=gluij>7mJqZz?G@61AO;)}u1QTqi zAVl%w*^aJF!4yUmAOjQvNF8Q5!HBcS2>xtYyw98}^`(A9ikes`Wx2kgR(a}MBv2fk znfb;0X4TXc=2v&uH;@W;tV)Akw5WcZ=uw%NYsEd$#XP10B^)F%1pz_Q;(=kqfoXcl z;)(d?6W1#PYC4BwGu#>2s=5N|z#P)acj3?Qhvy|}G0#wS*5~rdD?h8l{`tLOg=#|t zC7cD<4k|-Qu0u(wug&C6WFf!{tV(Ua-}~)wwqYsiWf!E*DseUwKhwr?Il!BES>7)2 zeda4$%M&EdGRfFWrzdND#a5NwwdeOQq)o%?DF``Jx~ap z9i_mvQBKpii)IQ8H{uecY!$>d!_fOnl(^Qv$d4z6^0n}F9^T9 zSNB%d$MAQ@WD)N8+f(7DS~p>u9aVZ`W>Rv2I46nc=TFQ+g2CCg$@o8oVd=Y5K4u-k zEC1gTrb0y0yUqX3Xsd!+IXQg_-nQvDbsS5?2w^KgaNE56R(X%_UP87Tp@VDF%B~}0 zlZO1)**~m>EI<>&NKzPi3^1vK!4%17>CmzI^9w3B$$=5uyv9D7JBAI}d3pDO`L{X{ zOWVeoXZD^t*`KRc=I4QyW>{f#j2W~%$Z_uhbFI^*t;gq?>g!EBzhBsxrn*W38f4JV zu={3!S&0EZ{p}5k@1K$iqn&qE^C7!iKfNI zCafZBgw-CByMGQEpOWe6EYGplD*UhoC^^>G8rtGE%`!L7T+e#HN&PNEe)wB#y;5`` zT_#@dcfF}82@TCYPMF-MvbjCSM{!0G-2@s`PpuX7_$GAP3nVDpSSvD;Yp~g;h z!Rep+$UB3i7;fYD_Q#fF4Y1m?K^5V98tM+KNF#~4Rzl(-O*Oh{5(w3|dT0zxPFM)0 zAy$qTo`c&bCnIbNCo5xnQmoYQ)EWwjMvF|R(0|b#vJ%=(Vk$%5+F(!&NRoGZ&X;R% z|8RyKXN zu11)ENvwQ}d2yz6fUrCkE0?;>%*HhTb4T;RyXHOAA=poK$aQoCWwBR3@smPP>dLGd z0@&C*cNU-oA!fOhGVckp>9PcvU`lu_4_R$-9Q+HklTIZEJolfok9v@?v%-{kCZt$i zub@UL)uBV`?`G0{D(BLmkR%E1)SRCR1PURg$|0-~WW?bP1bDDwZ5d)Vg?l%RW0Rr^ z^6s!k&MdiEtV&VSMj5QWA8GyWbd8Eh6eRjf;|rq>M6Dy#a-*aQ5SdA086Czy9;<`m zgmui!p`lsBG{0_JDFuBmU7noQEz2E@=w>f1Oi}zCJ2c_3Pl_UJ(2Br{$_qh96fFn6 zrz%a>$0Zvb%JJmFa)H9gLTfoPJygiq=-&>>K#Ehm?ouW&pivYGPTW76Ut#gnWoP=` zr96D@@rd0Aihw%(s7NMF{_Fz5VdYC=_jq1#TY+-=D)u#s1sR@HVUUf>q&S=oKO>gY zg%BX$5#p%gIA9@VrUiREc3b~-iEf?V`F2ykBlz;1W$Kn7_I~4(zQQeHsqUC^6%s8I z3u$<1(j$Z33K)+~g0USE8HvrW#Sham@F@J$I4xFBN0-4|7fxeirvTsm!R=@S*WItx z!mrPYrXel5rL4)`qrZWT8cLm2r@bYnO2rk=_yZtz!;}edOn4^YNVB8Gk34G`(^=EM z<#9vAi0I;mKE1ETGV^WwodwBynBkb7<`pLeR~8d7{?}=-`oWkb25I-nX7f?23fq7K z!Em1dDgJ|_Y?Cppq*lvlPHc~TT01Rv-I=@g1?h04K zTUZc2tk%ogOtl0q_mU?T1UpuOc%GeVBlt{HZV%w&9}i!Gwey6cx&(PaB!Pr!Fb!B3*QQefZ21kXI9~H<}M?toD9Z@{)lpYxZb!8SV$RO4G z_eTL;@#i5Ik7Q&USt;W#K55@Zgq zvki6<;Xi4cz-S@-UH{{m5W7qqFF9WT(#}&*O1y|2y}old{P_IlPLw5_4{n?b>;%s|bDn=u0pVHY*S|qjf-6AC!*d2)&9^O|)Wr|7Budr+#fkw;U%;$o zMCS?PX=C+E*T;SbRA(1WdG2FmV-HlCI&d(1AZM-PFAuTrUvvXT_q*hD<+dA>`f@6I9N-N?Gr;D&z}rNN0aMv7T#a>6%g?{$xZZ0Ar?ukxOVbyU{_r!Hs#3j88im zX#^q>RM94Lr+i9~(!K9iNU9NvP^?%EJ?)x(lTU?x%md1(Q!5#~)XpGY12G|3iq~05 z-H6#-Bl<^9eN2-U-<9LLSTVR40>Q7;)eld8$DM@;huoTc_j6vqFUf1H_j^*N*BJkR zxDZmDe{wuUQAiD$fVa6E+Lxni8-Z)Gq%|Y>V%Cfb;Sbn?lM zgnDDeR3s%f{B;_g;LY3F;>c-I8aN#M!qKt?b8>SQq#!7mf0uvTz%kSrRbUlSStKQ6 z+DM?#&r2xJ%pin`lG6~6>MNia(|x{}4-z9Ftgop2y|dNGJ@6OTaKAp56=s#`Ut>ed zp^Ul{6XFyhNs6pQgL1!mt7L0`Zs({Iqew$Cm%QGXzINRA`$q3r>%z1pQHNA0327(x z2_$ApXz*g__x>W#Fi<)XVE!gGDYi|(lYg2!z5BXl#YBLkd;T;*=?8CfUH`UU!lDD( zXM73 zZN+X}J4>EHrmq5rCE-sTmRg1TAh;>hR4s?xIvyJnk^{cy_g^fNg@~T- zr_z~&<;KgTftx;_GZu@zjh>F8eRJD`ip6xQ-G(yGlsY{^!6Vc(S**f4*f ztc;k!cF-4mkJHDjumue?e8N?qGebd=_o4M3DmG}SxapUtH?S@*qb56!Qc^NCVv=Jj8PXt3c-a_hz>K}(UzE+m;_S!hMI3Jv)CEXeE^@LMdV2l>9;u~Y_P$_X_2i!a23V(C z28=?tcGpAkATX9^^ynkQh%M07r@Vm+VBG#5kl>0SKQV_Zn8-_9tcHnP4PoqRo#)^F z^@0L`VfL1laom_s#TPWa=+3bX0)SeKBPD%r${*pZ~ifefbl#GG`5QPahMB+^hEM=fV^e3}&JoaE8%nI$}K2 zvHa288d@QG5X3fDcn*E3bFM40WR`qi=+|8J2TDW>Qc2+ z7F{PxPyZc+A!HCyACi<6$aFu^Vi(z;PKic?5jsooKbfa&WSR520ww0!bB2GwU&N8ObA!FY~PzsRfVbzebFlX8EGfwyB zWDPB4?@LT%>-LZ`D$BD9d9&76?a{~)%aVYkz^7zFWTa3^^4B>Uo`M7voa}<1
    o%y{Z9P3td?lc@_Pem!`mXL8m9o zYSqAHXd`!V;e;K7QGGe(s3tL+L34B<1FoGjg8;m=CJWUqtczh#ORzmQ)&EL+jL;F?Xj`bk7$-Z)VP$QHFc1tzx zI}4MfH;-HXy`#T+9dT&J2xx8y?R9mS^psnFi+ci` z9b_`Ks(1?cpj7N&om}eo@7Jz&N}3cdUMHk;=|fZvNy6Vdwcfonq<)k8mxXvI6rv?j zj>nK%x)KoEanwzGxiX9{J;ROj7C|G2C>JUqW47* zxy|s7fJ`iD`{BdoUT0Gia18k@;QP!P3%thb2Jjk3m9@UWbB6rD(EItpb~vV5=+6Sa z!9!o>`jf%jPBAs`CClcTWTL+2!oGm!_53Uk2n6y&9CjMgGiS%Sr(LP~cO5f-U)F(l z)SiK2Zq(eK%NKCpi6MH41Bv|rDV=4VoxhhmyrhDmpM9OGWvCXgk3!z=-?qPg?!V3@ z_wxc;BO7-SpP6wEfRBd?Nav5xZd?nuoN#pfm1=qQ1ny-HwKs|R#YyBI!P0d(2o#1+ zy5ghc5hed&`P$W5^I-JG_!3BK4NS?4W%&L95T?mYF z&GrU8oLF2&SqxlK%fvul$F^+M{eM}7>2-=&xU5bku?hN z_SQ4)hkzfhEpmgV-5M@t{plD^azKGAFI^ry_Q7lYa%W1=71i)TeASI#?bWopIcwPW zs1&$u6jl*+2fKAVM|Vnb@~nelqTVMFpS>sEo^!1uf_8>$gST`O4{rVvA zfvz2=)M`w1C*rnTA8a(Jr$#sYybW~gfU%g|q$U@WbNdZBq}hsltz7Pqug;^(0Gp3X zSZ*I;1;-6^fVBMfcgXECSr1SNn;NoXHHczcQ%BnSS)|AB$rF0UG&S#LeusRW7Wqm$ z-SoCVP|!XeI=tA+1TCyVxK^!kI={_+7r2;rEG~dlRryLfNC%dZ&^C(>StaAn>)Ldy z*_ll)=USIAL`KVmn?fANx0=7a21TJrhk&BK!#cusEEYNbusZ0_ZE#y9vZmRmQ;3#> zM-%dr6xAtJv|dKL&uWPC=dbkpH+Q%3ye66@;BvIQaeMmN`=k(^4%4TH}l7@rL4sxE-4$I=F2U9W;D4$$Z z^3Q#g785Z;{{rYrDn=_v7BWW%BxOJKvQs1pZ;nhK?HOG{A%l5py>9lQSeoOd6^d!4 zU&xvk3bXHv;oS)@z%=qsY#Q?93yt3Cn0ySYj1-Z5`@2bP%QiW`nW;0a!&?>%m?c)! zI%CK|`R6Bkl4gJI{QL!Ig(uWt8dNLypo@1>lQ_2Z=gAy7xEad2y40AMkO>zfB5j)5 z;t7KhlQ44{yBdF@`mdAblZ>I3Bt)DIG|K-apm3$KbV)m7h{vt!Tbu8D{5_Aj1Z)6a z>KbNqm)Di$;5F2-_`M&p2vsrfrJ@4u-oYqtDUj3*IM97u%ASZq8i$i*dhY&$2bM6m zB`WwQ8=M&Y+CaT&>=s0s_w-5R3i@k%xfOjm*6WvvL6pz>qc$|ukM=k6J5ZHJTFYIx zSaN-uT+PvD{)rAL!53joc`KappP;#ZB}Kck%F@u9ga-4}{=h^j&(JutuUJ2wATW?z zWhov|=#`K8o(v_S_je+prRp4Q#U5J#fGbdmKq%dC`5Ch*f}lX@!6XY??ej3nRZ}$WqbNaxvZ93)~3eB(c)w?F3mwb zP*eN~J$efF(o1ztdy4x>eg%*-Q$bGq$Ap@`?s9+`}(-a31UOP<+3~IEJJe#SJiuM2p06&Q8aqW8~&Xh2&-&+ z*cbI6=R2z}R;?$V??ag5tl|^DNXH(F`>FN4pGen(6p3&~Z5L6kmp;Gm(<$HE^OGHl zcXDj^Rq_KsDbaCHbqH@At`Q}}yC3p8C3Cr-(;pIcszq<8wcCECFZ#10>1e1h<<-=E z)(Hy?359#NC@b)2=MAM^cAGWk;CRsA?3feIQpV1jBwtG$BwR|0_`TMv~YD>JW zm^7~uKgRyO(eu1|I%j;MJp9)OkKb9S-ovhMGk%YYUF20$pIiU_&9~eCi`3>6GXEH~ zhe;(4gQ)Df7<6N86vnT$hH&dU?K_`bYCz1|zb!od<>d8*%(c1A8a>$@ir~%o)i+#18;iWBu-}fNc&&dpBS@K~9 zfjCtO^o1?G<83v%vzKIK+A?8B+)Pi$4HR&Q@&X z1dFj4d1wkM{^L(uJ^zQT_YQ{p4Ij1j-ic0>)qC%vccQIM z)Ya>%L85n}_Zoe5q7%JDcC`?_3!)1_NI4(h_ssddXXf~0XNMi^4EOWg?Yatzp-G1V z^jltA-+mu_R!zQ^D6Z}!ShBLM6P@+8EfbbXkE?|-9>HuvXqt3}L58qrSY;w~?FSBVlF*GX4GN2&Z#Sv_6&cfQu( zm9%&83(A&?M$IBb&k8pJ$X6IFIzL~P4b~)Lr3YC zmHp;Dd8XTc@dpTk?v5?2M$r{86ccORM-t18-AoVpr!20sJe$o3#%f@2ZGWl5q5i=& zr0sn?TUaHBp2&y#E7+GnMw|kkmSuf8UHjV+uN-&?Wz3lE9N%j{yK~W=U*X9ffGy=j zpQJ360Skdqy(@JQvuNY>HDOTX=Jl^{kw!$Nu(5xVqd#i#rMXba%jUw(ieuGLUMFze zQvFxE7yi5Uc7%VM$8)I8D*DVF@Fy#IAw=%eo(}=5s7-soYL57wg`3CuT?jF)M8wBe z^jpjKF6SNpCd{|%f`8wx4H#_#gV95uGVYdtPL%I%1~zS!pBMLh?ovHpZ2Wc1I{j9m zr$L+SZtSMd@$qC+^Rim@*^3{{_uH5k8=W6J+qSK=cQ~rLE=KJiq{hhZTNeYoa4Qf22l!#ehho}PHA*|CO+ z_|`sV%pNIOH36d>|vg%{uz{sf&f_dxUV$FS_y6y?k`Iy+!FP zgGW9U=lbVS@9$ybxarhhs$-Gne^uz9CK)v@;jNsv9oYr}?`c13J@4xNQ8QrDbpl*; zSeb_W?O12XC*|Z5;1-Bh{mM#m&&6R+JmlG9FD<)e2`}j;w+#nytk|flL<`xD!vT?y zsN)X}Uf%E9V1fY9rL2yaE|Vae<0W3Lh?Ye*C!IDJo8DeGDJjrc{0sU8sX#nRO5mz> zEjgbVm(fbw%J0#5A*r=QdH1q|1$Q@Eteys!lGy$8DxK5ysw(2w$^FNH$8f6<;W|?O zc&{9##o&N|bTKvGl>wW~WWPc=K9Gv?V;?c;olOxUPWbJVYrrED? zVBx3~-Qml+%%S6h4|9+0cFLF*%^T#zNJm+7lLqDGMf$!(Fo{(?tkg3rFqlgms)aY6 zucoJV`GP($_|Z zkQzH`BZ9$J&BKAfL7!cksvKIa?A zR-q^QDtGi1yB%Kd3+mH|6N5U=NZbM4SD9Q#nhgMcxQI{>tgM7 z3ct!oH8nzuKw);&u{$|pW!K--iO@N7T?{O9lzH%>L3lqEv1M&h!m7JU#^3(C08+w2 zAYY;bO4STg2&K#0&Wpo)%zx(>Peof&Hh>D#zZLxJ->(;s-P2%WOJIla?L(1jiu68^ zqW=*8JMecYv=jZ~!^A}4aMNaQ$R+06%VXCjnW2zH!auX$?k4}QFjUMv^RLjj>$$dg zu-5+xLh6@wZ|(wK0N=U)y61%c$E&}eWvj26=9E4f8w4hBJY9O422A!$nbeHyfM8>GjMFooi-b#(z^LO8)l|B&2iL!D{qo8(D z&?*v8GJbLWy(&N^T-77$v!?5>3RL5RGg!FMR(AD_`FH)>W6DJFH~o9VkWe|WiEQx` zT-UlPzr#u5qOoTSQ3+_JIv@s-Y@mpDKTC|Q)!M=&sTID=HjV$Gi!`y5-w0gIoHzNr z>ZYEb@InYXDQ!al39`@zf-w5-OXGEv-(0=zKf`6yIW*0o0HNd(UulU77v#6bK`~M- zahs;72ynA0-!~wU`-p38ELtpLTo3t9!m?u-FHTRzDV;x>*vHoJQTk60;q&Vh$^L8s zuy!}`85EYjbBgr$rJh}K+M(tzgWc<0ox*@0OGZ_UHVGG!$acCXeap$f!Cu`b-0>;&ol-XQZs)XZcUCWKq zwEa3II!gKSItGy{?yz^(Ais!^zUwb+iCvbMN34Lc_)Q$f@|?@OjmmZT3oR@SH1vXI zTR@P6YC$2yMtylSRClcWiv&9L!WD+eI+g^IT_ndKcVD}Z?IIy5OJ#o zBtDlHvQhtvTcM-_xl>^8*;jw~mF4^{6mhPWo{P>6s#iwPE3NxkPIoU^u?s-OG}olg z_dyI^u#9KKEW4mjbh;P%I8~locM_SS;Bu=n#6Q^6o$Q9mdDER_(n5Zi&LC%&CAPqe zeqlqbH;*chlR{S7r({FHQXGd$cq;pNo>ebm@W2g_TdoXo^Haw8uoD{V`NBTzEx;7t zcSOO)TSlJw>4_|s4n(L$ndI&v%Yn2SVdNxt`@DEYxg>HJK1{fg*ZO{>+(wS=quaWF zQ?iCO08hyQ^-D@B`BeSa`yPxwgB)ES8B^(pZ&wzyOwB|HcOA45ax2=FipG2(ngNrhbbp;Jv91Yf zd5Xi5Q@CUT-?7s2P`;PS-MqRPCHPt&Ss(=GQJ+Xh3dfCAlFG!Q#>dS~>Ba=#azik-FT6H<4bwP9o+Kv`C7kJbvR5~&4gv3& zgcoO6>KLaG830TI24=>L~WqGDc7 z2W+10y$n4zcySp{nE7w{vw6UsAMXIL;0G*Vzxjgl>d)RQnwi@LpeIGRzO;6^d6d>P z#ozTxOZ=71`>q$2XU4&;X3ocdwD<0=_ntyHpt15M@9twrObQ>o>Rv?m6l)SoA#1U) zUNj=O+{K`_DD@HKaW3c5&mQyfq~emUxN4aAG1j}{nf$l)QMlfP*E!4@X_G#aeGY$PF6-W9e z$Y!1?K%;vmw0l_9WjyTb=ZBVbj~@!XyNc3+J0BF;-X4U)=A!lR1(< zw7Th1 z;Z2k3D#vJp!6?Hy#D}#+7rJLmd1hx3WNi8YFZFflDKOB`gaoGyO+MIoent|f9))>0 zdjI{vFiFw2HdSE=PK}axXdiA+YK91#-WXdBODs1ym!>>hz`fQV?*6J0)A}uR+iI~X zTG^VQJ=M+~8@UT+MpTaa0@+P{_5A_)dX(14|`u z<=|HHRE1+&L}ZQ&X$lT%(}nr5#c^+~S%;ON<)`+GDW0fhxRQQO4+4=~NZ~?V zZVb}B^t-+v28nvUYblh{+EB(!y7e;bQXxU^W^`=LR%b9 z$ID=Qr2s;&mFUG7q^*NtCDfzPdf*t~>o$iaoul~{_LK@UAAO`BNy2uk$VMjOlx{dE zRwgm14L8$y1_2w=XI)ruro!P1U>?H!fSA4`OM$)f*>U-RsRIVzB2XG&3eSw=&z(w@ z3E$AIEO9VmqLAaDGHqiek=M4< z7P^z)m=GtZDaThgyDj-1+hjw7wSIfxvIn!~;{p!7t6&L!gnM;^d{!^=q)4(uy~41o z=LZOHZ}qza6G~BT7Q0SL=CC1SI{(P%h1Z`%GT6q*<+|ij2x%>G-h6wsutuiIvTXg^VH!3hhP;B)arEk zYe(@4z0cP-v!iZmf0#<9Mh;X~#hU>e(xLcV^YUMKL&@t|)ETM6+3*oy(fcg6h;H$8 z|JXjEFpE-&n^y8Gx;cuRg=qbCYP#V?Qpe(e)cvl zjx-(&W*!O~sxsSsC$l^iaCnA`DruUoO-V*ACt;AuFa&HWA-XkDNpDn2-GnmN*i#R+ zCf;4Z*b(HaOdw`UqyC^ndM!($iGuuab#3+dXcHnz9IRmr zB7Y&wg`&v6+FCpE<`qtM%jEn$WI=&PhQ?wZon+bWC9xHTgoeU0=6kZmE%*ES0=| z6jry*37pDc&GZxvT_0?q5q??)vI?`JeBrcUvdp-HAog67V zF1C#D+D)ij2@dol5FW0OeF?`j;Q~a&b^);dJ%RO-195o0;Mc7Ga`rA1O92iMGMps{ z1FWT(!(B-#;KZP|0_XF`qI%SkWMrQ<>#sgoi}|J+@f8N@D(T6~a>pJk#D<~fcq6tg zSPMMG)fz?D^_tho$%y3S#*_34P^C3mSqPz;LuD0+<5TIh5(bN0+*p6=9375WGjrf) z#(OOXZPr@Z4L3-hIB8wp0p8N|2T~5T*1SVJAy%DX_`)I4^Dr-tG(oli)g3cO^8^#3 za2X9UB2Q|JCPN1O#g9v4DYyOdfp#4dC8U~|>I|PH<5FXxEr4o?3r?luVTd-M*D|JG zUA%(@&XOuxQ3#c-5yZkA_apD+oLMF2Y^~g}ziIXfh zUN16%=~%Q?(0rm%G3tJqmOMwSWzQ~LB}U*xt+03Xp+5*G1pF-hll=gq93%tk-a9b@ zv6YgTn%(d``O0>j`Ph$Gxe_X=u)D+|EuO0oBhI{p7xL}VR&V%`@P8$P0$x3y@7Cj( zy{QxiSh5XB?~kpa0(iWijS4>YEv5yUxL)7ry#QwC6M)%yplAGaoB5xI$G7!m1H`nM zT{s8HgT*M;3vbC~_AeJ)Rma!-O&q^AN}Ti1;oOnhl~VMYz$mdst%^AmA(c(eE^td^ROdb-oIjK}5K2t{MlL z79?8Gurs>X>5BCV^>;JuSD(~)03lJIsHf1Gd2i%9Zsw73(T*f}t-`LE&%xs~>M1AGakAX=S~(k)X#EQX|ciRT$|W2US&h zjNB+y%K?Wdq)`B9byI#nGosRNt(I%|B1uObrr&iYbknCXoszB*=}IM! zUDR)kgrPd@R&x$MLVLTansBbsKc!`=P0FoU@9<4DM`FJ4V2;{;yV%`QP|ND~kSLLW zLdIznwj~Oah;Uu=UK`K!iHlWHP!cibe%Z$P?I8i!>b$f#IdhB1Gzsr+^1R8CuM2yJcef7`&QD?4=96>q}J;h zPUONm)Gp1xz*6eW*DG$FTr+IzJAt=)=QB}8@q{vT)5k~TWEMBxX3UPw#X&b z=kMglo}Ha#?1sK52ylj$3zZ;xM?n}U+$z)~*!Dl|_OMgL8EB&am$&@SgZIC8BEn?P3S9z0+4~Fk zGXj{xqU5;Pc4&{tsVW5H>5Y1`QH!eEA}OcEE#{&@K$CxI{d)2ZZ(_f-*+Ty$5{*hG z8N+fi1nklw%%MVgwvta*hq8ch4h%_L{)0zP8OFbW7qPlL9|)hqM`FJBzZwy!S&u4R zQ(pZ^0}TMr1XYS~TAU?goofofZ_O4-`A^yH?pBc$8o8`?he_wC(z4N9ue1(HJ2vdxUE~2HS?)m(Ea;gmjq76sCuD5~k!wzcg z+YPd*YA|eY0=`Uzy<2jAJ?E{7lWiX;DkN1(?J=umpPi?qufd`Ii$`P$nk3vQF$#7) zUtrX9BY?(DhRBLR+oNG5-WuO$hZIMw3&~fOxh`mqqzV5_r@+}u4QLQZ7O`lg?H}CQ z5{y?it)&ymz9HFt+2nN2#XI(hdmu4nvKOJ4HjT9r4?HTI^$idSu)~>xe#Z$Q(BYpf zxbZcRe>YDWfSbFHtps+;<$U>Cy1M@6w3UIi*}Q3W6}}rYUP_nj5W+V5%2D2InAn;?`ln_<@=^h>k0(A5XU<<_=sZc(aHE|g!AOFl&Bj!z_z4S12sZ= z;>;M#aF!_~_9*!U0x(ca2i$P}eN3=lc2d3)Bqi&P@{y$-*J0R6{Yo%rhZ2P~ycyS6 z_FHF^!5Beqwu4Mikd~8~YPQnO-HPh1e0btkHj4JHz9F&5MWSG8#6UY?PFjffGbi_j zOP4m>PZ`Hb)S#ZnQ1=H@VJU#lJ=K~{96K04P&s@P7OgbTt)43_H(!p)UwCaz@2}t%HGR-Rb39!-{XnwOP7$dtEE`MJ|Ku`6Oirek|Lc4Gq&! zGB-jmnH8~KcXIoGiQv`Uei6&aq{X9jBQ*61f~e?N~*%%%tU>nGgp^awKQ>M=A?7n^jRm% zxCcf3$yb z%WZo8jN7LP28bkR~frOVVH4U4?;_BI|)QBwiEo1jKAET&c z`h;EttOe=jf@7OsoW(^kC@B=?GT^B#Rqp<=l#0W(4B>EkMUG*}_tje4i09}^`nyTK zHeaPJox3%~c`0dFDVA7KWL3^Kfh~dY#;*|B0z@1?p5oTsPz3&2RHJ5#Y&5U;aZjdx znFjTbQZICCMSr1y&m*NlUSJ(2GL3e5SKc@4qulA@@gVZ=xuo$#k)W<_l=n5={P@O} z5L?37^=E{^UWqj%wT+i5d&;CpnD?%b10x*q+>JSGiNP{sxL52DLQX4Q-X6m*pc+I3 z(Xp1Fax)dMr?DQbCr7h>4&r-|Uxc3HO9V67GeVK6Mu@W)+zt-n9tgWKdTS?Gd6*@XZarZ>6&KUx#r>t z(=VkVMC-a|AuWX=aDn2)LTiC;@S(p5luanbCGxeYj~7+h&|5zgsi4&FR34Wacx<+m zwjSQLb;k=H&Ew{xLRB@t*nL-1MW3%6^Fo!PM)1TyXGNUXz0)7csXw+FQMEiX^Rn#E zA663LWvCeCU_tq*Skjgk`#db5&4YP{Hfpv@3^Pe1+5j5+E-!tUZDoDIVv+0NM2X9Y z!97(Bdj4%U8fZP5!3LNxdZStWeFuH~p7NA)>HlW|M8~eavwJ-nGg^X8ca)?~%bOX; zJj*i6nuZ*)$uj>vCCo;;RGw(0&!l&QgH{Ssnj$cX;naYf+ME35?)QvTwcoKem&57h`dYJ4QYSLoC+An0g52VyE;@=xcqST0h-~RX*RtDjl zJYQ%7Xp!+ge4TWa9XjV#2#BcXvzcZ+JK+y2U$ZnNf{ihds|-w{=xl_z?mU0!eJkxV zBxdp3@}5+aX));=6hW!0F*=U=mqMJ6SByWY z)+btS>+@n3(hN-YnJYM&2BWkd7Bz0eNJI}~?E3;K2(GGfHLb$@(GW*)2v;t{1ecz6>HYLjfr6bRIDh$Dr0kh>`OUpDtQ-UeiNHiB; zavCA1&j--|)sUhMD(PVPcSn8*T=Nkp#Dq~4j>`pP9#;+Ii2YFb#A4&qSt!z4dJ<&{ zQfKI(#fqh1G!ZAwQoyMi{?qU$dibysBa_*rUu)mmDSWF`vc}BF;H<|qe}?mr#^rqY z)YjfwokL{83CSaSaXo}m3t=d;X|@RV3wAtQpsT(v1$`Q7ZDo zBq>w_<+)~Hvn!)NL!xI7A$;^$-)PHZzMyZN=H2M3VG1I4dnsZe^1k<{zk_e*6!=L4UB5V^T4m&z1WOQNVs5Twf4o+SNBwx?MA&SR z(U0B8_{HEmF0gNr!`LLpUm#X1a20kEGFLNZR~1SVj!*_7xHZCclzQGGK_xf7FcfHt z=i0t~N>oBDCjeB}O?GGBx4q~8?i)HcCI4Rc`}P)ie*BN32+XFx3pt0Dtj#coo(V4i zUw;@E`*`)VI|?9g`CjZ%&E!h@0-=bjrNr6MC86m$7xMYP0!mYf$-D+E#Y)83b+`oi z16nsr->b-JQ!TWK-!^xpZGn_luMPHTN{o5QMg0xeFOBYyKY#nGr_v-`_zeBqx4fZQ z1)Hn(hD(uSe*d)MocY?ic?A9)=WrI>x~sduRw=e}w~7+h_LC7Y?B`d1mb6&?JhI-d zm{+CwBo}S{a+`Hey5qu<8Q%Wfr_wLwRiF0(b$zeO@8kf&ilDO=bJBL^Asu?p(uvB^ zuHizPbN3iRum91vEvm*_9@v7RneL zvAS`wl;Udwy6h%a_h4HbMqE(aJ(LxgE#2j44>zo5 z%3GH~N2cIc6?NPN*ou*P5^3l%GPm~a~Oh&qTsKk9r%&g;@oKxy?A)Dz$<=INS3R75>HE0>Rg4jxZdM42% zm-?y;YH`^r@5d?Mr)O&1%c9~$uvfj`AIw|neYAA_^Vh`l?&efR$dQ18bkfSm6ncC9 zIoJ|_{>#iT6L>Ql-z|F+oLiF&iqxUkEpKQmBVobet=<|O5=ge$`><@VxppC%f)-O4 z4HD~x*?Yaooh03T^!0@bE_|%dE==S$eEHK+4DBomX)|EI8SUx(w&OVI%7h3H^)&W` zAKhsaF_h?i_+8dNtCpFC#p?;He2NNVq62>DRzRdIszp$sXO?QvlaLDG!s;4CwP z)V45nC572#muL(vNqii zGd-tGRD16LFJLC$9FezeuMsEGmanj3AwDaDqG#I(?Ad*;`31m_yeqikV`)Q8%%#~xf3B0kxm?*2p3*h$7YRS#|XsCB7> zxEwda_SD;g%U1jQ)`gSvzxhi$3m2&8C)JC*f`w+1Q>dw66o1Ii$KXh-Q!LjQ*&s?( zsW%o*PjGK!>-#$y zvZoCikDl*UPXdhs+G_)+@uD~Yo!9rcanT4no^H~DqqmyR|69Nvc-#Q! z=pm_b!1-pUeAV2}~8?a`a%XTRK%WRGApZ#tNA0?q2wtwTE)vh87WOoZO>W$6XM785Dw#)JfRF za&IHrwTkL0^2j+kQE>RAQZ%GA37Et5_3g!QNS?#h7AGs$E-CU7y9qhDK?k1A)fWwhe_k?yk)Rp(w^L$tku7zo^!8edwPWkbvris@$HQVP5^gyko)aWw_2j z|Jx)SDDf8z$z-RCZeZj0lt2+FFRw3m9V2c^X=Ux)1D+1j^I`MvDliWh#*J}7pXW|l zF6s|B^6rIN?**iJQV3xS9P+2sE_C)4}?<*XZ!q^ z{{rVN5)QdHS>qT~jJE6ZaV+EM_wJm;6jRjHM5g{=(>;x2KiKlNlO@82iCdv^$;MGv ztsl>cO^OI~vS}%k-mjY@;bX*zVNp@TIVy|AlU$!y6ny29>i3g--T5aeWpUzgz}+<& z6ys9*pk*u0BO4$diW&2J#Cp7k9`8Xyu}IqU90_tJm9F`V`cpd{>LwQ?p*l2 z6v?+TX*+LSHnxsbt|z`q9|!;{C|#q<>m3d37XNB>ho! zH*exWIehoQ_|i0GxNiCzI-WI?<@TqjYjjcJ$B)VA;3HI$C zFf3gtW0j$;yLWMU=af7yS z=kV~Ug2zF(J862gl64u{;HN}60Rs=V&jCk`3FwrIeIL3^u-_pTX^ffCL=vT-`eH)1 z&8U`HNE&`93C@l~4Y%4~ThR^y~!8v4r`d!9Lu@H20&Hi^?KGP@G zg-WkWsy6tYES}>RW&Mk1XB+uRRPmjUk=mA8(b|ix!+Pow92upGuR-c2l|Fbe4hACN zPCTJ#2LyHDeS~P1D@Em2M9a@|lKgtFHYD!7y+Y{P)iz>bz%y-(a={2+c{ObpkHJr7K4B=7|+>}y9hKCYnry> z{U9DFL$GM6XZpLa4{uBp0N()zL;6OV-_q;%6P?P! z6pVee9}d_fh{*{aLaNg|yu>T63!lq!D~;0C9%nitOvJ$)eIAJRPOgVK>~TmI(lTI=5XV|tw(iBckoxR({tiL_yTI{pIcUNZ7DH#0;W zIJKTVG_C#H>sa&Wd)HQbz}lIQgNWpIn|}n?KF;ZD zFcWobnd!?5d{>@eJhv#452efP?&j*^)5YF$hepQf!uq%hk^ORg*gKm1CK#;t+UGp^ zF7ynbL>j9`xHn>TFb-l)Mv*RvySbQh+-78AjcnGdWX4b{HlONY#_HW)8`uK|P1Ck8 zJxZ2g1uY8~{Edj8jr66B`mUS#LfAqDuWMvRhPYkGMR>XGg;wcF38KOyEqyGXd1Nrk&pJ{)cDViR9(SGjfTmEnS|HP<| zWHRO*s(+iw(dZPiPRy1Gifnt^OzcCSul#MLX?MgKE|e!XHZ}TlHHP-VH6$qUBYFE- z_>5^QABIO-C~5>uYOT2tT8c}_&^nkox1CC2iNS9b+TmURC14-kD5%PNR({SWNakg= zSV~V+Rj#TyNregz^tXx$rJDXpHZCn4fd9}wwQ43LK0>1{zd-jVm~P7N-PcTvt~7>2 zZUE}N^<(4W&vrQBGV2(|0@^7*Yf8>y*f2tIjI<)5-u)}Zl*sbL-<-O4he5 zb$=bE;b#UuG<7f|6rh=$p6azb2HW&=s|SwcmRqUZ(-X`Y&{Qi zFpEiQ9g>sRXYL+4%0!Gb%}>Z2$A_qfY-$-Cl|7B&3ZGl+VWt4MQh%3If^4Ob2aib` ztdEWa_fXMduo+yzCUD?m&2i0sFw_3|Lsf3!i1Qiy?3P@uqC_S;i>Q!0G&fQ(jlZB5 zSAo_n9R%2+QhRt`!@B(tW%AU%ANXN-3c^@k7-^B*3^|udXDv5_MeEDB_fB%6JoMvA zE{!V@dy@>lt}jJ0jg@od8joG_hTv`<@@ft^8Wz<)FI6%h+=$486>W5KSXTG$EQss_ zm>aRQD%`SdgNf8Nkl-PL&UipARd()F?c7^5E_!37Uz|ude(6d zEQg$2H46l>RlY4vFDQUk&&pZ(w$gd=;~djYa*>)FVnq@7)EGz+tLJb=Q}%cAW*C;E zyR%ZaQ|+`C;-7be-GwL`7H7vHetRIj2|1<()8Fr}m(M9oU@)}`2zmDhxq(PuvS``< z6CcyTs|Nnzx750X9UPUg<4j2ROrs*LBn}-DwkkLrl}fmBmneP_OJYi6_*)0*i04|B z`*`+R>O6iJPqwYRL>~8tA?7x0DTB-N@^?6x!@^wxgg0Us(p6#cJw;N1K0iMMV)kZ4 zhB6fHST#FUeRn)*mUg=DJF%GDOObUY($!E|K(VDSUS|9guLe%+@(n8Wopi8JMnu+L zSmX5vS}HnA#-jTqfr&mgob+O@wEI+}gZ-yqr+xDs3?#l$K@qj0$%oOz{JUvtpu}0J z+a1#6^-tCi`p@HiSn8#ZGQ<-JMA#Ch+Z{?IDCnoiNTicV!yaosYd8iPw8MXYUfSSb z#41GH#pmW>jma?9hwSZqIwjx|=ZAmBNqBC(f2TCwNe)tBi!uai7lkRN-#U6lXq}*XiED-R;b_7lZs93~o{)YDED$ z8YC#0g0*9I_V=Ghi&)gt24i|*%J~jBWL-zoH!mF&3;epl*Mb9n8tu&i5b~D4RMX0o z!SvU;6UBA}NHcpMX{HSlAK>j?_P$H(^;aEPEjVWmp|bIKE)2RYlozJu4GWKM=q^y+FAHa^DXy*sI6(S5iM043=cRRTX$Vy`N6^H2@{w zX$3`yJOM_ZBw47r)RzH$dvqm#Z>oVUtylp2Ao8T>@;_a^Dh7<1k)N&hn^~( z1LR3*Mj)}Dip$q`c{xJ3bu?Og^%ij1`~WDcff=$Wl>XOG+`uQv_zEvv=Y+KQGD@cL zx(+aC9+kgK834A8{+=%wyzJkJq1gm{G=HDGVXgp(0U$p83jy-`t5G&t?~OD5UQSW! zgcax2hlJI>SHO*T8Ylx)KDjCbHvE9ntK*Z?awlTNiOTJRo9K$jNy=c)bB_;ZklwyI zht7}FOZ`B4agwsnitFc6?w;v?yW9-?%3jxty;<5lbKGt|zv;#HPB~Wtwn7~}1qyb= zfFHKfN1EtPX~6Xh3fM(^GP*u7xcQdbRCfr*1h>~z>8!8Wi~sLhKtQx9eRKP3DXZgG zr~WZ6Q9mL`4Aj`ZzV9&LUaJ-RTp%}KkhJy#!?(fMV@^Jbuvy<{hB{R)_c!vnSw#cp znJHn7)tEQxFG~7#RMe4}p9{-!alw+F|K4|xlo*u{nDqtHz1e(AQ>~SJmim(R@HPa| z^_g|s`!{j*47{sM=j)YLNoV$L+EAB~>=+C~o)Mz8Emt5g8xcXsY--Wjb?xsLuK^#n-Wbk6tB#uB%qAd-LO}^;HJsAcNcVSNy5^A0)t54Urbwe;Zd*X-H z{BN1IlomE*YE^0)dT0zxg2KDNc78oI?bY&e0{`Q#@B@(o&Jk`)HSTYgB>I}stlFuatvIlBzbxxEa1nA}Xs&Lg5 zvj6xhZK<~9J4%C}*eJHLATLy03^sk-UL8(U?j(|^yv)3v{5STKPWi`j zBBA8#6&EIs^b;9H%MB(L-L;3BMsk&(UHSGR&4%3Z9771`7f1xG9iANsiZ`9a{XnHm zw6Ake%!3K1>6NIX2)$aqicgeA5+aS2@<#eiTWHPXHK(c9>DCzY)q+lC8Y!a&_ooIS z3x)a}6kP@^E9d=%-r^!l5Je*ZB{$6^cV#kaeFz3~Nl|zfkQ!a=KVAD?DGRsV)P}0L zW&!)vYpZMMh*tlyr%<>&0b9VRiBfx-jH$pxD+xHWShxm%gCnVV8Os$ z*CI^>F{UcUtC_%jFYHVZcJ%*vo=TeDuTq{csZTV%7dK^u$Xx&e_2ZAMCM5CQIA$P7 zdm}`a+_M*G$KQa;3lRIpy?uK2ZxB-!VB!JXN$5<&$pb*0{tigN zf_{C=0W4Zg|Bh5&{3iu_I?e#dUX1Z$^45KFd5YvQaB7K#Jq2t4RcIIT=J(aaz&1Kx z+}mQGDUJ!iEDY>=iY%rlr$_+&x&P2iK(KzI&vklkc|e|C@MPP~(2@KO9ICSS+mY{N zACA~$zN`Q7TMxbc@5K57z+3@q*j@qvrrS@~L`lYy4!q4Y1}u?)@bA9l&q_)6V@B~! zMdr{s1hWZ)8q?0C?1X1TL@mQR&l6 zObGD`pe!o@&hDo|2p6I_dF7D+P-brZJ$sUh0k+HI6~~f|jfS#7yclA(RU31j^^(lDc)XD0OpB#;25+8ZsCt- zoh2|U{}qSF^WKY|HJc4^%bc!O``ad?1=c?g#{fF_N%#mH#Tp#_|NdNfuKBwRxqZMB zH4`m3&G#c6?s?uQ6?x+SOa0~RdGe-a^+?AiujAV4Myd1y?uA6KL-Kjv5$lCpW(E zBEHQ#uP5%JCvkc`DvV?ZM{4O8_FY@4N5Nt|+C=TbOcEfPI#>TRB2cK1QcdJw#dV3r z;7cL)!?TDGt~%n>iU!2#kob-eX!^X{$B+W8-X zp67O2B$Sh+25Bq~J2~6fFjl%q7u)M*WPLi(1B27AO+BJC$v#Tc*BO=T(G5B>`bf~O#EQQ}ik*gxqbmwR zd>n0cyYd7x;%d5`J}MnD>oP!#TWe)ryW|1U1DU@aERnmEsS_St8Dut#=d z8a0bXq0nf-M|c4}LLLyB8ljcf-Y-v2b|mx*-(pcXF3;hOv<8q9#jV4CK=ACAtM)qL-lwfgQ1);G28&VUFb;m!A|E%7i@U*?|&?Z11Y$lD(_bkep#u!hj)g$Z(dtxZNQiq1yJe zMg+``m~Oedz#TRA>qc@}Q>^N9W6o2*4BwZr{8!@CUL#6S6KF}#ura=-V+NP)rPId4 zlLFkdo=x+J;0^e}$)?r;oA4e6I4s3elvi_c3Z*`s!y?th@(MUH#S-Ql?d!)PrFOzp zGUXAfbM+t&PHybvBqaHem+F49(1W)}(wCtekx1w)?stJ2E}z-<#+S<1-!VgHUl6lR zXKLFJH`l#fX?3Q9d#7<&aY8=TW`7IyBpt6Znu!6m>aAnq-y3N+>D57y)RndnWc};U z=~|-077jI%pHlO(37!6{E)z+*+*0`u$oXc0)OQqFg$rr{8E)dbh^N zAiI6nKwPayhxF6aV=s1Q``{o-qa^+)nHFKychUYe10hU>BBL11OMQ&QoLelfDHjx$ zWU&d`kfTFmDXTgKV6UKL{zQC)hI7}f0_)YOfIwuLNyXSw^}KFNz=8re|3|DXBZLq1 z*^s}qECpN1dIzLfDyRE>6Yh%8@$zKb=E1T!fHo1Vm6?XWeaoY6trHyG(gZumj%024 z%>KKUMyUh;@1Q1vZ>gph+nmg(v}*cGex;zskB@49Wq53!z^sFzfm_MZnic^bDxB(y zm98F$`NvuA9KG*jea?+G$o%4d6IWB2(ycTeqv_0C+pt;@rrs8c$DI}tlFMJcE#saP zqe}TAU!+s$aH=I0pvnjpcVN8bsJ2HiJx|2nai=IPd05dCR;jdMS%{WpGbI%{AwBuh z&KfGigTnwa;-D7UqnZ}_oP$au5M391qohDG@wZOEOl$# zTmA7=z5lE>gTeD^(Y6za0>?Q64nD7&-Op5m&~M)nI?Z#wGg>U>U?zB<8Y2H#Wp|2s5Ww<27X!E&h&I5i$$+*1A0CbGO+ zynZ>j{y*wB_o#pD6jy*Iw^Cw|Qi9o&+Lb4g>%@hKF@5?~@0+LZ=1!=)zF9X3*=9*#%?&sFMk5p{oRF#v_?s+`%R(hp5Ub8Bvm~aT(E-y!weUjH&PC z2+OWkM{{%Yn?kzrruCYiW^E@!1FxbHD4%)8ru!SY`(6|3gRi495iubs3T`$q1vsB4 zAVLKn)cjI|vSA5ThG+7iFDZt>AUeX%t)>1a$MnJp7j|)a2-RKBJ4w=|!;c-iGW+G5`IiaUEW2`M zK2UkQ;4S>hh@$H!T!PW>)BbWN86|7T##tseHJEkR`xQ6R!K0|zyUP9mAf-jgxx=}W z-Im4Se8ey|evMpnV`+Sa`R`1YW)P-s+oQ;9UIIOgQ)pS}(`2jJy)Mg2M$pja?(Q!3 z9-LF#=S`JhXW*srW-&3{C~~Zgyf@87vGxPq@CR@_$PXeU)F9Mwyg`%kl1TV&R zl!zsQ68T#oK9dugUh|k>yiunjQ$O2nyeO@+NwKB}5JPf#4t^pjnL~~ZS4qR^=SB+y z1iS=^KJ?kmH4&J8#7X`%mBEy0`MbfGdvQ4rHVursv?PtiY(r~6DHvF^!W3=DFiP>H zaBR6cBWr2Rgz?!YTwXMh5S4`(`U-?IeoJ6}-Z)4qxthfREC8X3b|m4Mlf|X2#0}U~ zE=Z&^NNWBYe{xAx4&y9+UIg0}%!)plkg=gmII2AE#_28aqY0jGX@($9Wb@(=d; z1FHQgmgI5$bpC_e)6V;uS0VH+?QR!XCzgFx3q|%@InK-Q5Q(D|V8}S0bqmnyV7P90}aY5Kyf3els=^0oJ#joEEi&873lpCkI- z9-V{fAN1>i&rH8(c9;x%>BEe!f3=;TH|Y<%qP0Vr-E%p)R*CpI`p00bnLI&LJ7#yE zs^-dVf!6C)g`Q~Y+g|!H5y#?~_qQ(LcHc)2kM5lR&~clWe@QxdO{w3xg8eVcpPt0r zWa_NCn5p`=VdswIE2WL0?C8*qrBA1BuA07Ke=>FOPg+k8!~2X!+gF(XNRs>$EdGVG z574Sm?F2iH&MNH36Z|y2X$ngdf{c;Or#v___ell9+@?0p@{<^tam#twsEB|qHIL#a z$M6A(wZHxi+;bd9&o7N4BNSDpf(pQ*&!9QhSv)Zu1hEv4;*=!qU$wa~@0An1ioR4_ z-5CZV*DII31dElDhb1F*Bg?*#z{nGG&uZ}7`bBot>lXv#T&;JXWV5KCw6_$Q9_$3P z-f0&X8{VCb&s29w_Ttd~K>>N57S!Q&ZBJHojS^f_DT>pfDoHQ3p|~|qY(7URtT@`Z zQ)uyTu&a>u>)|NZ5aQxVA|Dl~tE6eC0xP)2U>8%CjjButh5&`-H*7W!qF*}ND85p@ zk0&OUx^g85SH-JbF6t};E-oP)aUv2nW*HgHXD0JQL^Cd5S}Qe&JWpT_Y^6gDU|Ca0 zasuutDPFlbQ|KT1h=+P!grn`B{*hb;1FCqB-KF*=Xe{<4$i}_*QF8`s6c@e{ z2Mbx*54tN?+MiJJn>&Sh=aZYJbYw4sGW>*?y1MVHJZnwZ&D)30eU#nrFr~r%tk>IUTX*1T=)B7bOy4q*K$U`V|Ox8h8UO<2s+AS9E z&K#FX2g%EOr(HlPd9%n+R`l87Q;zcLXWD10IE4Oi?UC1W-&2PxP1^JawpFH^={Q9H zzOHBn*GrZ8(!X_+m@Qwzd>oRZ{A&5ynOl$BZGu2oUz<}Q;fGjRHxi1N5>1|izLq`0 z4MCU8caaA)LW|2pAav5|QBDTbPB*Dg7zeLF*UF2X{ZN&jE@~ z<{yqdzl}gVQ@4I9^a!K3-DCB*Iu$xe+Amw552mKRKWDx_*8$MNXv%xe{qG!f;!F;p z{I6cdc1~6z=>ieqHlJyYn?}&J7v09n{-2U6D}Hoh*kLqb;?){&)ZVZB%&n=oug#xx z{nEs>N#^cERU{KAp}<`DZ#*%RyM$J5U%qJc&)t;KSd%DMo;j8{|7PEKsVlmgfBJ`t z)z5l#`p&9(yF^abI#VuZ`L91c1Y|qM1QPyAC~6M__9TU^SX7+Lj#PRLQNPH7Gi&eq)7Q273$!?R_U3b9=;y4Anr=rBC}b>XAFyR2aeHFzNT{3LaCTRCf5Qevl-r(Tlo zk-(!kF!<0xcOIH|Ixuy)B_@!hBv~|6o@!p?@C=(k-!woegc2*D+juokNzs+0ZX}3U zT8}X(ve#N9EfQDE!%LlmgRD+lp3FVFPlW>YWJhFDZK!*94Th&R1|l}MI1h0ewG=iN z$cpt^RD!SNbsoXemlxiEP<(|P_@wh7)1}O1uBO*QHY(Vf-eeP*3g)V%D6n!VlU7&n zLD8yb zYO-h%*JVl0Qibf1vdcJQc@S3VtpbjNrxTM=kb`$J+a7#RiOn6=?qWD_oeAm)!L7@M zz@CS9OB$~x8ciAZ8ieW|PT~tBYSCsIZ&)%aaDol(~tYHWEpkLOqWE za*^=e(GHx1Ij!F@$ArBtg)bq=``vr%&Te8MHXL6&s~4;|b)cPx3@*Q%BRz=d+jYV{ zz1(fVG@{vZ*x~uxf7nw%nO5cB40y1f3(M|t?TNqrA>~HlzROe2+c>xjhaVIn{d!7q zx_K*~m7+M7o9z=rIHAxnT|V#%`)?_{H)U{D++pnICTCcDmf|S3xJnWqZ6O~|nQ$ho z;A35DOL|-WLygjwk2sV>OHGdow6Y>NL2zh}n!Dd8z5*oybBjn!#*_nQ4_+U&(N#t# zkS>OVH4G!9L>1bv#K{4Su-Ry&kv`JMasiD2%2oftlP6F%U48pJ6si@o-F|7f zKnr52*HC0XFcuQgHN0B)Tq|10N*5XpbSoBrih~VHWmarKKM<>k`Pbwa*WO)O`@71;nZ742Xaq~V+?_YM6wtN4KWuvMc$J10 zG|&{CR+Huzwze*(zCc7`A4MxLExvB-Hfo<=ZRq+VdEQ6a`~6`T^WSb}V}NAi;@wNH zE_2=|`2IXvsUDCMwrgog(6t!eaXE(;FaS||0T8W;OwWQwfDZU^4-8NfZmI@L$=`Ur z5l;u?gm!)Xg)+5<)Wj7#w4C7Uw6NOntSP&#@eA$g$|GR@Ss`%O5rxqIx%y?SiN*`C z*2Mn5hE}M^Ip9U+a)S!lt>5o9=RQorx+_T8yoANrl{gk(^_rC??nr}at@e9Uw z@BKR_TKN_^Q)xf&(7-clSK5!Oa(P$Me9pyNQWb;mA(?*%2J^wAYwVRpH<~}$B+GKx z{o!NT=?|gK%Z(^h9>ryOmg|S}(m1aV)B^3yNY)N-luF&7Df*9pDxP-{xo!@e@D`GL zOrwN8o-Wu(>GYq0@Po~U144#MY@7}0_lAFZ%OGPs96__tj{16er6SlFm#qhr#FA)> zJ(LRO`oaYIIp_{B*-0uuby7h)nX4vGgiy;w4ls@tHx&YTy$2u_?K3&@)`!_VxxM?obhSJljRl$h-pE#vCAu9Sy83SYiN&E0)A zdruW~DfhbsfA&fH16Ey4OBG%f)f5gW6=q~;Q_<_`dgl=l9wKwTpq0&QBnLE5?cr5H zV}*Sumj&a|svv5LSa6n2?PwH)oTmF782AIx$*!$hX{hurTFNDW2d4LMM0#>n(ewC# zyxeaomFrh_jpOC%Fa{#nLz5+VPEG)CvRqj&PZ5W!w$ev<=4pwgfzeyV=LL(h$w^N# zDAV{!*_T0@$d{`XV=N&hVwB`=dDR6ZtHtB-{zPSY7ln^vQjIh2jZK z&r0z$ToGS@q23(E#tJ?l+t{e^JbEL-jXPWVvq0+yKbuO(OH47R46c`V9GNJkBwgnl zW(DC$f7DR}<>+cABZI*BR{GKRA@!zpWR~>YzN>7@vsp{&7mM2D^yXmo$$wopG40Aofp>o$l z>S{p3)r)cAMu%r4IPGp}vR@%uEtx#1^vegdYc~xP^&dCbY zBKp}Qu-`e!=wlj(jD|5fYj-wqKr>u4cxZ-5SIS=gC9j*RR;JecWsjZcmM(&1{`~AA zVZXOWxQz#bbn+;vp0h9|>6hF@Qd(jSvYSDO6w9)vXT=lq^P6$@8ImV?!SVsaZSFO1 zq!!D^T9BerO)xrN*0S9#BL(6T+A=)^@DUKDn?*o@Kotk)7R5Cl<|aobVoipjRt^Oa4U{7AbbM z@AV1r33opKg+(fJ_LaX%=6j0H=+O(nW|IXUfMlP?pnWcY6aercqsveLf?eP54zOsP z19IulermJ7z}_5A7Y?#xZda_5m64B2g|R&2o3u>=jbvdu!wq3JGwapT48K?0;{ z62mJ$<1l;c1U*-*LwCiphXx=p7>stqJiX~A&3kxas@G=#B1RM^wVRgn8=2Dr@Z+x!`o>Phj&}80&sO%H>Ol8h*$6^ZKu!b5TI&*;LkqiMm8r?K{C{`md)Z@?q-0oXaA|FfAG}+8LCmIdcsZsIa6Hpa4VjCdV^{|+u^Op zVeMCFr*4OV5Avm?iTb)<@{)UeFOt$BnPa8$Sxs=|-s($frg?`)qYa(4dnhuVl$3#E z(ujWZu6C&Ms)dhi5g!Gl>7bMWaIU}+`dytouq4jmpw-x!`c_NHaafAR%Qd83f>II% z`ty4ImaU2kc^Zr89iNjnSPoG19XwnJFb#2uu5n%b2p19|aogz{%?y7|5LiH)x$=NX zNA09iydnN)LEaOe`Js)LD|?JGhMV_}bs6cj>{v<$!`*O%Nw>lohqdCGUB1(z? z{%B2cFOSf00SHWVVV)z|l-0bXa@}Yu%++b1qF3pSl6!^+oCc98zOx_AL9TVVm9zBy zgNh;vmx$o3)a1in)ZNo)Vs1C*ICrK6bJ8iT+#w1oJRZqrGPj*Tk>@PaXZPZCGS$kT zwNxX!;FVGyscDkX)QAX<(q{W5bNldGt(OPln@25%JFjNY(@bYsZ#a&l{r zF`?RIvQE+x#QG*)M`+u0NH~)BH9>K_F?A+)E-h1y2VBqo9=t`i{mFP!yqPyrNbbnY z)0-*RO!6el!o3<2z^95~xlC6WH+Mo3%J0L&K4^R?YI%@*U^@8j&*JNUOQ(*4Y4~h# zB@PN466Ep`EV)i9QlFm1q88Yx?4}U&h>|mZ zCAmU@O|j2mZg-{8XGJu*h`<*yw*$v5LpjtK7?;1GDt=f9>QhVUYf-D|Rci?K;S}hB zJtT%nY;8QC#Hu#W9gM@JeS3Mjd}`JiH>oY zhP~a)RY@pW z*(#|~e6jdXQ9f?Ei5y}hyUD=f-}TS0-ubZV6*UpH1HQmad_`kC-=#;w4x1=c(DVau z%SzNk)W!w#6`)}1S^jVLBl_yDF8A*j8mEgekvp;=l?Kd&?*Z82KeYD(AP2(RjvMPH zp5CI#e`pXRu+lsTkP4ScWPg3TJJkWKlcSIczeT`jf@b^zq+XcGJfIigyv#a(;hNm zZJ-l!0oC}^r%!?{J4tB6AKTAGfML0ltnnUDl>ed4FA2{`qyXba&>wKkBnCaAPVO8a zt4m+6cwl4#&KE#gSpi6m?Xl`ocQ@PXKY`QfBI`7UlA4;js(CBQ_UQ$(7efx{DM$n2&Et)npe|C)3QMU#Nh&(qhhU*-Px z${lsy-+eNB{~LXmAnRpn@3ic4WUC~VcZi3pF$d*iJ3@QX?d+MRk?>4o793~*_5KBL+^kAcNo(Axdo zHDDWEM8AxnzZ-aRl7I;Z042|30drf*xm6PSM;VKGX%6?3FPJ+nsl;ZhEWDVms>8Fq zw;}-(Yh)X+M0Sj*@?CWm(vZEJ0sJ-m^pAoOpB@CndXBZS3*By3-5pc`o)voM{0cLR z&$v~~)vvF1Tk9ZV@WZ04X$?95i?DxaO1+-msh;?c*1GE9bKjL1oecPAAm={Z{~9=s ziDjfS02cFoV`{%AF#Y|{nxh+Rt1l9O;6C37CS9{8n`7LwCJ5T$}f#=}`Nn>$F8Eb2*H=0rxpQdK!Y* zeCi~xWd=3~jwaT!9_>o53xC}q%6ye4$N4MM*WCzIsJQwDv9GiKIZxM}buZFM^r=o! zr|e=A^KaItvVX;wrr9M96=ocjGHi=;d>^l0%!QTWu$X>ri!i4WO*l)QXI^RBD^dvX>5-XlE%ebN@-6 zYkyV|ghQ7wJV9~1ax2!XV{Y&X!qb|n}0 z49dN}{}ps?#bZ;x`gZW=G4j_g+~K*p?pzFw)|-f0e3j?&6!r4>0vYM06cA`BN;|_y zHz@4Miz$#DK9B(7rx%prAz3;H6+`Km2vfsrGa6n`i^d`W%z0r!2VX-AyRI`Y6bcob zndRY`&z^;@5`!OqnfxHu6gN&s*dMr8Lv?PO)>2xg^TyiKdNnB*Hvhry0E%@n{{CIFPq1=ZYqfsfo_0r#YB{N+DjR#D<EkSjcONWqr6E*Jb z=UFm(cctglzSt2WENp3`$U8PQI35nyAD2 z=CmefmrvYFd`pd?%>^kA6c!d>uw;n6y+wU}bG5U*#d41#6xw6Gn_L8)E+>=_%cuul z>Lfm;bG)HZZdOHSTug!k6pEi#1u9IGXUPP$*NsIPYKLDMd7tU={*6>1PIwvh+qv1k zgv#|f!zCq09+nIC3;4h;rMlWtz>|$}MU{f2zMaYzXL@($SZ!!xO&xtkZKD>Uf|3Ef z1gS5K56TE9fsRNGQoK$|qr`yeF`42^;OIA~OsjKk7iBfmdI(pVni|-1Q|dz?2%=~# z?jUmRC7?;WyIpkwR{-Rd=qTPfnQD1zpqKl`s-J1(n0Cd-pOr$i~)0JT-J=CSj% z(`XV3rHZhubflk+d|8VMUMe5q=YO5y(Fn?WZf$Q57`>c7x2mcrBP@3fSCqADILMn@ zVP2F8La$TX(ZyteV;6KLb28!vta_vQ@m)Vf-d{+Z*TioIV4VTWcO8y$Ir@zyCrHD;^IhWW+Y6{An6)|qfe4(Rn!!?menrPN@ihpp_kPd2HA3+es2oTcrajiB$M z>))Nlx}3G;UL<5;v9wrPvg`W8edkl(tF_5<^dVHf2P`z)w>MqqTwl-UoNgO+UK#;J z;(PDam=4+Ys|HZ^?aJO=H}hWw*}LV=2hdEZy2*A*+ljkwPl$R}>-o_leLPd==HkQ` zXD{lU-^2j8k{$Rn0P(pQKz+`QnGYZ#+#1<`0fUc!;!{6>6{;Tz2UaFJZ+6z!itl$_ z#Fv7ZeE%xy@ZJ6Q{i^qN#r@U#T_-S(h`zou{p;H);dj?qXX}Us zaIts8nd7$6E3UvsS*_a-YG8MR^^opU^S?Oh>Zb5d?b!0pp2ooKuYZln^qdgXaJ_W{ zSU5+nuFe3~C+FPtUHbe=ds8@oe?HDwU0(M6_hY)jr^^4)c&5FlC*PEZYk*EMT)fxp z9~B7+ydBu`2Zr23QPerIw_6>uK$Hu0=N#~#-A7(aY|ilhjs6g5)povLz2-K^xEw3v z^K)l7nS0QzdyVO&nf=R8lzztnRPck8dR7m>#qR0oh+p^FbB%QL^1QpfdwSAF`uWw0 zYwv?Y@|I0pnQdC?1Hz-D8Hc&U!WnisR_8D{&hLi(nQAnNuF z;1X)QJ|0O)PjHccdK2d%=#4R+-T&cVm88e+)v^oo7hk6(V>_6I?cM@T9uouI*}wJp z&)0~H&RZ`@1fkNxa@*!8Qtan^&fZc-$Nd+#&imc<70=t_XL9R)7h}{eXEhIuCdMT1 z;_oBwFFV;LuCK04ftF!@d%{QE*v{(5&0L-By|)V~^Pg|*5=R>wAAyY%qw$=<%lYl) zPJh2(i4QwKaI(>v{)bSAEt5qOCTQTZ&Wp_?x%-G@H>;`5qs6_GQ_gBiea5ZJn z`kw}~+rf$V;&(e5XIbk$=VBN9oj>^}vZN)5`;I^3So_`Dj%WIy6CEOuF&!Prw&Ug0 z3&B{Ka`DW+$&Ze+ZsqQ6?FNpSZ$Q9PP5O`Q=~*Dr<;6Q!43OLzmfTr{{|zVStn$wd z0A$nQ@^@e!s3zNAoYk|Qh?k+W1bK_RzxJEoJ;A-#Rt;8jBejZ2k@<(O>%$;7yAt0` zJy<*3OKu#1+4d+#=F9#*ar?iy=QrKU#dI%gtUxzgS-Y?=oHH^jilG7a7mD7FKUZ5BesX95cI`vRncD4#0b2m1RWR9I4+_W~jD5;EY zshS-%HVeUn;4a5?J_}DpTZfarOn22WwVyHCxOm+Ys`C{~dQcDbi{A`triA(#+GPT_ zDI5|ajy#+}x<`XVYRmYaw1aMW8MdgX#%=NnnF&!z% zZIHZP6&zf-1R5fGsT5+B8-o**(E333?At1?M~VHsDU*of8?vx;s#7;lww{-M(h1KY z)sR4>2?fF=QyD4jNCz^RfBqP6Su$7eII46v6Ei3#kDMIZ-!;1X^(PaUpWGtxr8b$G zf4g=+ldu!_tWT3ZWKPJA3t|}>Rd*RQ=q7jQ&e;_xpAJA^-cU;QsBox2a>VKk3QOq< zQ!qJBTH(oz(o;2O`7Cu`9tTKX;S2Q|boF)LSU*+lIN^W5W;0sO2d4}@E((T8wIlQxo|lN?M&I`1*I;>JJE)tsl$mmi>0peQoR^&;MU?9$D_M-MZ-yHLxIne zqa5_>Atsf2?{f<;8l^ed@~}0FJ)4ag>-jI!qO4InW0p+@M~}ftbVWYnuhrQ&SacD) z?_89fp!Zqb#MPw}+Ed0~jiHBlvipnZRO||$bM2K^ye9e;Av&rTMHXDsQ;3R;v1Mg< zTaXIH$Lu~A(87xj*_~<~-onEtAgM8JaZOtXXMI&(I9F*TqV(|VrhAKFMZM$Z^o8jYl5-tG?A1s?_o&x(Z&A;)N{3sJV@deJs5>m%kbmM*!NfZQiZQQl&&2_B zf)bjHtuZa>MKbXYtdtw|sgpt9B=o}#UgpzS;0OY4zqIk4yJF3kbH&yWCO>yJMn(y~KVDFy}2 z^kw2GcWP{oDCJV(Tf0vRQ@FiVT2@|NCwq&$2X;GvDbm^*8n^w4^PK6^`}aq&zxVFj zh2+kMh0x#^;eMM4VPFYL$vSRuKMy1N5vvVs3HN?rF8JTGHLJ7!2R}9x%4v*9nuA|G z=Cj6^-=5vScNERnpD5H^>;wOitj-*Kz0@39^ZsW|E(vD(@#L4Yf2-og)@&zZ{)02i zM3cEqS&`wJH0*ubL^xkW$Ubbx=S>fAecCQ#E*ou+{S?ppZl87n3yFAk>|+&yx9>>b zN}|Nq7cwYuc(ye@zO$3{bo=Y?3!u?Zf;vvi<7zkM&LH|f@|#q)_Ie_|d1hsZUi@|v z9(ipU=n3;Yf#lrPN#FlvW|AqW&)^}Vd`8SB(&pgxzW;;`;+A%bDqXVB=Mzgc&`$r( zwU?=FX{n=gxRR9_!7{po?WK=pu#dpRuBjd>-}#Z9xQE50(ebAE_hjkAGg>U3!n6vt zS%II`FV=kxDIwALUFzeJi^H$vP6n*Glw?MH<`zVJR1-;MBJ#Ow66QV0>UL6WV?~i3 zY!)DgUBmvINJ(22-qI?CwvC180-20r7*`UAX=JZ8Sf*TYY!z$Dh7CW^uUeIH;Ay}U z5u&ZrbpH6SgpAL21KC2?UE6agdVFbM0?6k)GsVFyuiA@Z0eK^GnGxn>>FM{!?sf@$&)3<#Skwox?`!b?}u-X&n)>Wcx;EFYLURjWicW)+=Y!B#FUbYCAfD|f!OAtXRei9?A%308*_%`q@;Sv;IXQ7prgL`hlZ^COBr zB;ie(d`KqGcWZ1mRpO>}fT`XmtwZ2QS~<}FI+@KRBXeeS)M}E7Km+@dPfh_r9#7B} zRINp`Qi5)cUZBYiTlRGKKjiWb0qWoOFM9^2EiC2${PE20Yky|b-(N?(|90c$pvKZB z;(dxf3?Iv#pU2C|)xXy}qyn3-U3!K8tYXj#X#U6XaXUfKg zh9)_oTt>$`JB@bA#Erj5pHqurwm>;(%TR6tV~f%^ywXqk$B7x2!;@B8Mp}!$^jIFm zvA(+C01L?>kRTsRn(QH9ZbkglmwecVd-(79Cawg3f2;a(rBS1a7LJ>`{nKc?%M^fH zW2*4?TQ8}cnmMaRWL2?^gqi$5P~lDelvD)7}T)Jk`bIkc&fDv2W$wRa=JbKXPVju7hh8^0N(*wf!emcCYl026CxlDf&O}bt?J$APk}G7V**Xy=ynIdN&`F0k z+%Bi;NN{eESJwKCBtlv^I2YBTa<+*Tp|VQPO?Hv zOC#}xg(H6*EvIN}Rq*?f>gkLLYibx;7k{mV#fe2LZOEhY8(6sGoEiujFC9M_wTmj5 z;3_DEaIU@PC9gpia}-vKN=?9uP+6@lDci^H>{`v-WP^SW*4GI!A%iywnk)JYFHA;* zpQ@q^5j)7xG>>VZty+}X8x_F8E?#4iNf2!6zLF4_h>YU@V&2%8<9oEZCGQt4+e zNYy|_1TaT9l&m$w4N5feo{26M4!8y-2S`SadhNZ2p1G1}T|$jMIy=rXEn=roo{pyb zP&#b(V6qsy$})KS``=?nu~B<|{EFi#?qO->8!e5&wEN@bN?LE;iG!uGg)Y;R+Zs$V z2m?${E&95QT3$&-=}o!a!cZ|8S+0YenQ?=C#LJ}S&u^isA(2a!kBXd^nHU59n!au>xUm3EjscTC+71+HnP%TX->bujWs=oE(-y}a};yYK<)7^Y1 zT~J*eGKJNU<&cnu+yHlGMew5V%4ZBoRTZ&kDV}3#iG$KwXcIGt$OF5T;L}xq0HSeU z8fb$zyXZX5Yh#Aj*!K~j8~ApHpBYhf`>y-?#JdRn%~l+{ak)RPdAlv~ep}+p_eU;1 z!}mAL^J|FtpG%I*z?7irZtvc2v-9t#|Iyc-dJk5;AM{%By?y}G;qX;yjL=+gG%GqZos$CQzlw{pYW+vwT%NSb&2 zD>=Ewfxid9yxaG*;}qEOt-QUyzbgWK{E=#5|C__}SmOq4_d*Fh>69K&Diuk5d$aQ< z%Ug2pzIzab5icmJ{5tL+s1=2qL6)&Iqp;<^0;5kDG<}f1+TG_$Oi?2HzVW^JD&*r< z>G!1<9-oZ{TE7M>h{U%iVEI)XEofd9crTQ(+uJd7yy@ku?TpgHwkh*aHWp=iX#$Em zIGbB&_wgR0@B1?4nTaV>4Wf@=a81l*VGR7J7Ca2(T-wFrz9ND%?N&wNypYWsbSAm5 zQnsNSz;V?j_Q_&bJ6rRDN~+lm(>1~ej@f=l{FO8FnVt2pr4i129!tDythS`Loa)Ih zyWje+(FhE8H+8Ku&ru;CSN@&%EaTL)t}R3E{u}jPoBrtTjPsIw8fk&!c|^q9NWSQzG|V2KUW%%^lU~}!V<1* zZXuzMbIGES`npiExR>DZ#R|uk_UH_;@glJBg zH5)~EhM~T(v^U0Rp6o}Qv;cf_@TM!AlLj9jGdsbW%kr_X+{}h~l8lfS2AE{Go}63> z@Ycb0kIWS*v{c|HVU>2tI^MOIxI|eNSoHWz@|;kn4-vX;dSp#po-~cB-%U|ST{u%| zaI))b9G;S2@=x953}(vdrrGvl1eBdP|0ZM&3k1$g3oK-WK2WlL{;EdQOmnO8p@a3f zw8?xb^bp3P%9g!g?uOdQOr+3V4daZ!+jf?RJ{aevRY)taS6wD|W3f)P8Bs98j?f<8 z4R|-X)uYSO7uiz2)Nd(1F+A4(@c5Ed7aB5_S@>r>DgrM!bEAi?oYlkG)ThEhz)47b z>tt6|@dz{jO+QOe3Mj#v@N}K&h;)|&f0riaBl-JA-j8NpmbNgx7A zRZts3)58kbX=0#TRZ~k{oCqtR`(2W{C4em!B>iw#jU&)AiBjj8Q=YZPPA(HKso8c& zNlvvZVjzqfQHs09(R28E&R&7Gh2TnxoQf~&3{H_HQJA7#ez+8#{_owUFJB}&x? z!+3Fw)2(LVYxk}Y)o$ocnU{LzLRPU_U1mskpQ)Q?+%c;bTjQIOmV0|}Ck70di|P|F}7JeX5K0^n?S8>>1fIz1P^DBi~P=M*Nq! zmlI^y9(+OP4m_Fjy&P#TF#h6A_t6uCUPtY`p6F@ZSj(d% zHKo_nM@IrZ^xl#Y+aW2Fw?E-8303WFh*PV~v;~mdjh&n%QKYrJWyI)F3J{_fro_d2 zgL*Ow-uGf*7XuDwjyJUe0xwwv3roOIE13J<(rb&lL*i<(y6UuAByAhQWY1ak0mLKO z_G3oRqeO!69zNQbfQP1~9fa`N?=hAbvyINLCR4PhMMp(6>m9?$RA%cqUp(^Gtdo}= znoF;~tn^j);hficN$T;?kxT`_1!i^AflMDOvFVapFo><`Nl*}srzv9b|9Fn0ywXOV z@@6r~jp7jDEn(w6Z^Im{q`=Eb-i>)s(PDD%NhVA*4=pN@&WzE;dLHIOlWzzTS6MLt zoM&Y?CB(&z&IX|YDcCH{b-huT0ki|J#2$#zjmpk@7=@Zf2$+gQx=x%w75S~C{bqAF z#keD-XOy=pF(p=;iP`5{zE=>VKvv|CtF8^JUT@;#^Th8FT|Li~K2pR>H5rE{@gF$C zWfw)QT{$0PvVs%4LLWx>N`x0MEQ2rSgL>;7mco&~FF#VY@Ch4zSdDVU;gg-Yh+iB0@)G2Why1BH^s8BTKUB2Ig-q7&$2yHCHBiIxP2 zlnykrS;oWhIHs!kWa%)+hjC#ea3i66Ml-5n>BM#Rq-rT#f8?LdGL z6k|&b_!+D#)5W>CVSm^WY3nShe|K`TwjGHO^l=JgBN8SE;b5D6ObS&rhLBEA>96?Wt%xz#thD$L979<0oWTp%xC~2JTx?t^o>aP9^*HTI{=v zPT3xmCgN%gY(*SXqM0IH=fq~vSM#Zr5UBg7sMnUp@5pi;Qy+7&aRu-v3@N27L`J7- zyXq$T`}*%QS`V*AgX1m;GVBp3m?hJwT}>>$=4>o%-ZaF^-(A!04%1X<7na`E+C7}L z5|JifqFgMiYXE&y_Jg-Hc;@!$FV#rfq;IhK|Hal>07cn=0eb1~mToEOZlndIy98Of zrBOh-k#6bkPH9kBy1PSS0g)ECZ~u$Axw#o;m|q@=POmdK;%U6qyeEZnTv#$83O0F3 zlu@molxuc37%=Q-yN^yML35G0&zDld3?mEQ*`x<|hHtcF2@e!IdDfwS*Rgc1R6g7; zJaa*G%^vCfz^~xZ2p?Y1W?#y7kl`K`g8dDnbwYc*Bh$FTDaRm)sDQ@H@ad!K7bck| zf&y519BjdTQhAg<^T8NH)SanjUctNryApI>6j$$((z#Q1V$tX!hlM?D;f;FK za3)?U2Pj3`=UNtc3#Q6`V*Y6mSGxCExe4Q=<4+&x*)hV*{xt6OkBukUBS!8#FnDND zszitJ*f0$#+SsjB8orQ8Mbd8I#)yCN@f8BVA&zCdJQ9eiurNVl%8p#);2Q}=!juyG zB{mj$-_=G*1r_^yaf*Q>ad+Xvb_^+RYv)b>pi>dVP=yCXg_oOIoVCY{$=i8kz9RB# zQEHhbi;$Y-ju zUXS+|a~Sg~lBcEVJDL{%***R*iz!e??R=LJYcSt%5LjJaewtD9O?LMEz1fdS8kZJ5 z)OFH919BXU==R;i1f`z@PxmEx2OfcV$S=0u(d}Ab5DjaXla5>jKZfUvJ9PC04R8~W zkxuZ+r^WXcTN1WQ{?e!MrC=$(TR;xJ7pho((B4HECE<~yqCG;e{Ua1`gzh`vV_(Q7 z9m#I0bN>!QY20AI>^f!9%wsovG?hO$QY5GU=i@+OZhN7y}cAH2aA%Yc_U z2(7tjvDY(cKaOIAw4DZjDX0X&ZR z{&&RtBaLQGv+@wQKoDB}+RynJ<4-O~RfU^OOBvMBVtJ75&N4K&V;PiO zX~%*Dx+T2=HO+l{C6q|$yLpP}hVAw#!P8GWqF|#)#xwY=!G$zR)7zRL2x+jJnJ+eN z>QaJWxxPji&DIqqf}^QjIP{p4M%FZnii+w@+B=<-PU1Bq%Uh8b#Jo0i*)d3(`ksz)*JB7|_ZmobKCd@`m(T$Edma@u{dfhmR?#0gb2u!g>QWW>X*9<(f znby}G+eY#9`|6}B)t`Hd$_=gJJ%kF3EcP!F6a?6cL!58T$?NM&{c4q{?muW(zGXEN zJ|#|9dW}XfHo<-d`7^-|?50k9>EtQqgr3{~j>>#1#F(0$8O9iNkrCj1;e7t+x09ga zx?NTo^_?-lWJ|Wp4dwc!aP!?sRJQ(alZS@*jZbZ6)LY;WXD0xj9x&RKd?Rzw{j-yV2U$XZ zIQrgh-szpZg0}Tk;o&K{7_M?yR)y4_6x|62Q@ohsdYB@&Z&is!}U0WSeY&c?Yp* z<2^ew6RV*}quQ#@JDeQJrS)#Q$^E*!hO^W$9le!-`9E71d5%V2)hg^>cpDj$?h|wt z;K~;I8B$SX5gq>b_;E8_w*~S+KhV$!qU#teq-$MO>~Z@?Ue$NA(EB+Xbcf+WI&0j& zs=xA;m=f~B2{moJ$gO(+D|n2|^P6o+vE#en#_Q3Bs|L#bEc}gKOWfYm0`hVZjDqZ% z>-CYy9Y$L{L)vbc<6su6S(i`MZ&8_K&KsgC930>PE(X|mdy4yFsc&e)jOp@S;*YNXcHoJF}Fgh1`*!%=sYo4 z@ja9tXZr5?6G4qWx)=^6^_xFBz1`9qYOP%ZUcI82L&*n2e{ZC$tuY5wcYpW`>8%(05rJEZi(HznPM$e-6y68F zP03K;hXDTCp6PSF=!vZo|MoDOK?I`GStBZDT%%h(uk-qt&)4KP=*i+ppOWw=D-O>h zM3#Z*XQ@p}MBRnD3g&6In#EsS0MLwX9>BM#-d zz5gnu)ktpF?^Tl!8tB$kUDo0@IJDStzt{cAU(xfH8`K*-b-TccSQhH>shV;tusg>e zlvFqj&#+BjXQSESW^H|FzFcFdBQHqN*zkg{%eHQ6TaepPGzuP7>Yk^?1w$*NW#I{Q9c}r6kOMVlhD<`$>1u9>7|)BU@iuap z_W&;xEn944r;mGq$Jt9uK3IFDvx*gSN_6#{j#kW1N;dTbv;idzRgJFWYO0G*2=6TW zSi!F=12uM&)e0V|e%x=_?)c?cWxeqcf037<2WrG2b$B$dScX0&AAa6T4P7pOP^cjq z+OCk&z)23x$bOys0|!{=t+=+8fW)jfy5#a(rF5T|D?^J(Tai=?lK)strz|uhh#BL% z&${f>$RJyIbSBx==^@nNxh(O5>x6!O<)YY|()`I@oF_Gq9o7jA>H*!C zyA871{8X_B`iS~2F`Zv(=+nP)|!-=(b%NbG%VwA^}X!spn zJP(>0LWZ9Ue)EQRM|zM@IIRF9U0Z&#Q#;|_sL^*mh3g&q*5^tGb;BzQEd5l4aBP}Du+ zp)zS2^1MZQiDp^@Rh7UHZ2qJHtP&^POR+(Qvf&qaEhhSrJ-R?DK(%KwAolt8pKUCA!f-f&Cne=}Qvv(tK4$EvpXb=L`sZm!S3{eVR zG5w0eEicnyP*tWA-UlzI>Nc~LpoCXY@na*#Bi;Rzen;5!B}8842+c)xk2T}RbB1Q? zm_A!}%NN&~6|)~y&<^}DH8VScP8_^%9g_af3C2N&_x-LvSPyX})x7%w$KMXVC9D|O zsUH@LzzT<^nv<2~*jet{lt07r#C0N2#>HudwiZK8y@=6<;-UP;?p`~S8X z$G?k_9yjG9B421Bp=~kUL)d-iAeBqfN=zl_aQ7(GyoAon{gy~vmbUOc(%46iypGR{ z!3#%n4Br;3YJUX8@xP($Y5qWkIX5ywE_Q$wBm9QjW!G;Nx*wUF8p+=ikDl_@&BTt~8L65tik@(RkZQxn#s(eT3z-ag>s*Ne^4 zq??dw%(fQhr$tejvt7(!`58fV_c*!vSpNRIB>N+q2N+jGu2dcHjWXv>g0Bql-So~J zh5|)2Czvdd@szIGBOsZC>2JMdhIv0Bq$>tZVOphf35FWssv@9Q2HOm(oIJ*Mxp8ah zp`XntlJE!H&L^Jzjt!DuL=UrD8wJNn$zqv*3rSAo7G(*}EB@49rKCBkn#&2nvZIqZ z1$ET$-Yz>3_ma#1JI&5Y=1sD38CRZvrcC}~>(Zga`*tdznvLt7Fn9fcF#8t-4Ms%o zxLkHaJUk2Bw;>3Mpn71feZ2MXkx8`&Wd{CK)!=osArJ2&z6*29X~1~)mWr`Gl`ll% zlO`n?DrPRKkSD6Aqb8H0L;j|ci7qIC0Hrl+jz(rsI+pN{skF$c)cQ|Wf@KOQGOyuk zx}VMiBW~k$QqO|VN3tMXq4;nc=rM`!cuTm8}hdlzC44Aa>3xET=NvPMH~fTk9IiF|xRm%Xbcy zPss^@pr4nKS_K}^@<0zNNM$7!B&vzyI`(h_A7>B+-TB+Tq4xQxn}BNskWPFI)878A zgLa@i6emVN*y70PM`bmeL&PhjF()9v9X(xht!gzUh4C?EKALP_v;4Z0Z~4{6LM9nB zhX_H!aPrU%_h{w#g2V(>hOTI&*6*FS|D%yTAY2W8S=JX?6Vf zq%U&j7V|vR^W{Fww)4Hf4nSkx<$Rjq6kiUz9sqhMu*-O(t(va)p@gn%_M%jOyp7s#w;?t_SZ`hBJJ)1@;7e}tsRiVWE z2a##{6uV_;PE&)xCwc*2>3V=#D2HP}Ib`7RZ?4;U=Anb`#4A{#RAG9PyMd>~1c#E} zxT!$*bG(j?F|r{o9I9;Bh=Z^A@OG8mLZ#_Ieg*PSnBL{lK3?qMvIrw5YDxn>3jE*C*lvAwj;iRYiFet#=rTAk;b4Wx9 zyrPPMf4xm66F?m##^BavJ6%cklyE-i1X|z@_36dQMd5DU%-Td+>805ujbTW_Zxbup z$wERSLh%U@4mRMN?C7w#E6GBAttTchIfg`e3Fz@$kr5oIgp(5M6WaUvtpw;fN(^Q3 z8v`k0y?-kjP0IrP>V?!D1|&XSr4Uapry@IH>Q4znjPJ;=o zMtD4nYjKdQY4>%*F^-{VIdnBoFl{Cg7cWuUw=@G!7*khUia}MuSown{fkoa2FCI(x z^Zxz}eW`pQ00C%E9x2Q$$m>Q@!aAR&jWMSv)?Uw*j*(5^P`twOwyP|G3#05$`aJ*M zSS02!NMRo>8sau^w33&Vl=Mot-bm#gvLFwF!6BO#|LhT!I=7cIN2&mcAYxeMudF-? zVm6hDekW{8cQbAfMk%^x4 zowBLH7SSS~jYSX}=EqzqOza;;6$G5)Zyavg%UX*Ed;KaJ>2U6f zy}ms7L0c|M*P2o~n?|S-7x5YJ2%d=hX}!=I;^aB>Py*K_tKeR>Jxq`ABm>u5s=uEO zaxd3Onu_{#S^*u)#+UV2=?M$sAMK-<;I_0O2PPK6M}AjibaRNBDMo(5B^=luDHmZ$ z_RcfQXfF6#ls8zj_GW_O;PP9gIWbFdasiYP-7lRb5;sCj*=J`@dZ`+D3VXHy)8f}# z{-wG!oRu?|;8z6owqNPF@kp6u_e4s%Mrv`G!pQqjiL);%7-+>_XQp==n3WuuB(s&X zqMV+&@N2I+h6Se}w3ue#%Y8_|^|MIyfzQ)3(-^I&GUQhkMzAYjGa}-QWQc;GI@N8g z`Mhq$WAZlZoH?-y|MX+Nfc$D(FSMgxwsx++p@yy4CS``%&9eg08>1*k0}^5I8gI^n z;SRR|D=rcqR$meRS6`g~xJYtrY~U@gT>}6Sk z98ln(7RFnLU1kyRXvQzjQ}0R{m$>@JcqzQ+QA$o?eh<@~oCC_0FMkyR{yVtUavha? z+Hr%FFduffW~|&>{rL7yX+nuQ)M!vDqwux1+F>EB(a6sWT-F8XxY8fkfpFRx(Wl$D6 z!9W+Oq6(+Uj~z6_DvGX4h@!|439Lr}71j`HzQg^+^L_BZTRL41wIahcaR`%^vhZPx zV`q(JI0NwqubG`rW>2+K_8Ku)3yJTC*^yHoRz!c5`!oH=S*$Yz0eQPN)|3<~56(jA zd_-dRpMt7ne9wv?tO%Dp)M@(pOpSgrzO5@(0dfdOMaV?Zx*C$53+Y_fuk0+QR>$9% zf$sD2HL`buJHOWROLUFLe})<)MsQUO+YUWuWNcLwvoSiD$ra6rZbKl02QJMsDKuzV z8PSM8QJ`pd-C}N2|0))2NR52cpLwPYe+yFBQEoACc~z;72r_9qGaS<(z;V(2{`KpF z?5M)2B^x@UrNBoQECuD?ePK8zC*Quj!3&ZdENC3pA?goKl@f|ce5J3*`rDwH#(TRz zG9(l|-`mPw#OZ!~E7NdL`i!*gcwo7wSTh8LuLl zl4mEwPOn@AQR^<7!bcKtXH%3^m=@QRA9gMp=!|%G-wc1s3lgSo49SMP)2YWHab}`} z{@N{Bp^E{FCp;g8eu=LC;8Qx)NA37cA^oy@^bQz7qx!}h?2?O~WWI)+stwA>u;7uL z&87ZXDM46ZhXbnYSn@N>2Z!fn z<^=0`oTKA?dcJhQe8Ja4xsoW$#&ZZ`uY1N%ztcK3_3FEot#=)R;&knI5Ldt(3qVKG2BDBHDE+*B`M z4#D-ZR&w}*Z;aRNo>F4zcyf>br7YIMe!A-W36EW#=BqIm`rWlQ|JBj7hic7HVEfJ& zxcjSpTB*$;PWo@_uG9uIWD%p=4^QlFX_v$T!Ax<$hX9c>{pX0>WYV|YS3WW09B%@p zB`h$w8+O-iKyNCp#6V>OeP_`(G~cmNp~K@}F^ zQD~)6&xXK7&(K>_5o?s}!b%=@9vvO~)tWP9jWeQ*P(~zH-rhiLT%|2T8n*-W&(~95 zRQu`Xsb{jqaE;;Gg(H@X7axux(3&Yz_xbu}!qB27oTaRR;M>jxwKS@JwDlD`{#RR& zZ*JkzJ(+fuP3c+XtSm`f3%)H-;=iBhElOFJa(NlcTf9KyIXl$22lXOdI)cjvf-TrZ;CW8r%F1ahE=u?n;gQJ0>-n^VlIYg`h*} zp^wI73uZw7bN`F5yj+WYyOJ{z+%_u)_36ghXZKw_*=A%e-e^O_4<*vsU9~Hh73&)> zg9XRB4)Yx!ej@2NKUVwO)f@>8naBx~gt{o&EE15n2frPVP>!ezYS0@y`w(WR^M`bT zTn~SH$l`F&sk5iYE_#>&pYA51r_^+6HGI1g-2HSNHd`HFQiT#sG0z4+pX|$Su%kMQ zDMxOf*KO_5X*B)D$zUzRz@`o%qJS;uV)Oqj|4v+b1>AZ`-dIX{KL5Kv6gw0KSRN$M zACFJ~Ed4YLoR9vVEe&`8KA67%5E4K-(DPf>Swu+au2J%_5l|pVzLbA|DDOP~@d&&| z^hUe%{r5QPhQ{SnN?;54deQ8q9;gMYojW=>^qn?4WOTh zU1dy)-B_Lnygb5Qk}cw4C-J=p(5L$V$QPJ1&gpj2`Dwv9N8W{Nk$SH7$Eatj1 zn89nUmMeA-GuuEic+H;X&7NQ!F5rce^Ll2Kst?ydGiH!nlVQ#&D`TM@M{U8&@ zV!XQp$YNPN_gOG6o9ShgUe}4qd57Yr=|}yM9MAkp1&7FU?#oV$Bx=g^>F8+J{XSXW#8<1zn*tr zsMnCqAhBsH*a$q2IjmeUCU7MC#PdkgRc9yKJmdJai=6?K5 zxmdDyY`TJRV1`LXsPACvI)D)qyV`yk5$tyQPh3Fo4Wn)AZNnMW(vM}>dpywkW+nsZ z0Em8m_zQ(X0i>D>z(#>FeZK(Pj^a;C={sY%lYY>b>u%2H#c-6z0T{5IUaJ+j^DB(T zYH}V(_Ieyxz1tVKw)XzxNBe$LL98v`QY_m)SVP3$lRR?mZb?pR+;X|Yl5+R*%)#G^ ze4=aW+a-s?RxN^#7sA3iNNcy;wpR~yoV2QpP{B}~`|SYwdZ^``yZ0y7=FS;ar~dn$ zh{UVVi1iJ>%!l+b)xwu!lH=KJ^X6ugQbXUD_r2X^DHAIbD{4k^LAdtH_*>4Y$@=*2 zbqSD2eTm!K08W-j_5(Gfg_g7J?U%`oPLx$mox`0?QcKU;?ptA-zjQyOq-mxj;uQ(` z`yzC-F)y@!O0)PUq#H*X(#bm)58@Y^vsyVZ+6`(mBpAoZb+Mw`rPyu}I*PXlal z#k*k{db%emeab1CCVIiXT(4qHJS=~13rny(}*QAsioIwR0USi*cjhmR&$0 zd4$FS=uGy4@j*?I5u#t?9KfncMu>5d8B#7~D=HiK1fkn(+ysrN4Ad(LNHqMnD8$+=>iGJ&1I)A3l7exrtK%)@dUZ>F{_%gF{%9^0ZV7 zcbN{Wz^Lb|7gc`?Qm|Y!s+(onEt#e7o;5#+Mk)SHTZ@p^#l0k!3&{#!b_{pI=Y@Z) z+X`vUIB=!TtXrj|vTixjyM3VxpU~pF)fX~3&NTR~*UO2|_el#W`B#xXzXG{X+0O;I z{*r|}vTnzl?U9ieO%G)CgQ0jKGG7dA;TpKOijLK5q+))iSZ#_EZH;LnB$DSu~>3YlD zZ=Lw#tKD;?%CAs=xd>`GT~l;uc#(25;=_3`fHPUl3N89M=yXi z5>{FJGB`!BnN`xlR00q%3S5ONcT?X}xg&ZjE8Q}t>-*g-SuCz^1*C_xN0W_O<%oJX0u0Rlf`7}hN z2l8H-&Gj5*Dg8GR@NcC5T@K)6Yo7oIn^3^)rT4$c_x^One*w7IEfzq`6$AY% z0J@}P0EQCwh>?pg5Ql#G^NYC$FyV;-Jl-EqXU^2VNBMwU8Z!`Z_0$sNi?eMD9uF`}Xgvc& zl)JXwI6v6J`GnVxE5I;k75Lhu3vlZ70Jb_9Dyth9=G2`0=hTBeRAIW(_~)be|1yIe zz=90`xx5GQ6dVLv{4y4v^Bg^I$A{e;P5;)mU#D_9%z$U-;yKioH~d;}bB8Yp-iuuV zkTr+Q0~i$y#{UI?D$=sV*mo+g+8)7dR+7WkC-o^U8O#5U)&~q8VcraY6~7LU&Kf60 z&$~)&)kFbF$9u^q*oHjJ2AiR@?4W<+{88XtN;P{F$Askzz1hP|8o0y#z3!~;gWuhD zIOm#YOZqBC>v$;Tri1OImrrAk%Xas}*{54r`ol||{aaDY3G8Nhp471XV3JO5q_mQ8 zX7dG+82dCD&>}&#vapx}Hv#)?zzksOI}CU}gaRg6$)`XBZ2d2@`olb_^)Zinkis6& z!S6<1>SYYq8|bi@x=8!(fmgg(%Z`nx7XM+aXEOX-yhRRF*Bw63J`!T^fk<_>N@QNeQ66;BRTYR_Mr=V1xhE8 zASSe#oJlLXh0Vp}5)l%v z<_%&;WukVyJ3yW_LLeHG?O)T}PS1F~;t1j{WpE%aX&RLYN&e>)XfkE_RNKa)FpV7$Taj>4;zEwvPptIvmSW5t4_df3A`gSRnd6hXN> zN;9$wD?=}mMNDu#YM@!vRr)i!gfhpUw|vvdaU5SGlDLRwtkYuExPV@BavvhC5HB}T z2+L9z4Pl8;^J-G37U>~fmtuy}`qzKhG&B6KQ&;xZ_{O~{FgPR}wGed?5IJ}#pZ`d= z$JKvG)TLdE%tn7U3n}Zv+{wGaA0Tq!MN^N}XIKO!Sl+4NPNCelk-l~8E@83cneItJ!`S!$0FFw~9b)(jxhv)}&Fo$D@B zhe)CnDl_5gsvt(S`{!Q}&p16%is&aq7?Jrq{ko*(bOtl^y9o6!FJ*%)JVJ+36}PpG zS=HP8swNF5wEVyffx|zxRJ!?b4Ioxy#T!XYsOPOYa+osA0@%GVnr^KW=Hh8SVE9nx zmgaq-`s8X#SFl=S#*zvLtA~ZWSV#d;QU?kyeGxne5p)V2TwClqH$o)=`-lSiCRuJ& zgB0+OVwKPNe;V>Lm%Z17Shgxsg&wFo#yRGf(CWDEI4-_~AHV-OLV>0+%Aw37hwix< z*E`tF6WVf7!{9sJaH0N^`xD_)_OZ7yJ4^4F{&1=V8i;cjj(ic2PXGl?!0+O;jjMMi zKrI4`EHG5#P%U5=Jpi(9GgIKJ@BLP0Tf9SI@Ias_Dct}#g+sLp02{IY_5db*+YN_t zegPl$E%^BXa5{6suY|Z=VrA13<}+mKNkKfJ`a43E&-18+QRRFKlKOj^Mow z8*drbIbsf}G*Fp{$BTDfWkVudFTZf<6PTvV-f;QdkNwVjq+k2DCEKB*8!VM3t z0J75W_yHLUR}JwT`OHH<5qFm`>NTK9bO`g~%yDGHI*I;z6UzX`J@JX?kiF1%zNZ804!iW)j~M`GM|>JFxRA! zT@8SlSdr2f7%5BB&%zdK41eI{U{%NJp-MQn`SnnU|LHPD8J>j(x1!=t2aRTCijq(> z`-}|u53#be{U1XiD~M*PNS2-MnC@cmdKNpV~1+38FbR7C`G`V9wGGL zWRNAMVFFJ4dWV9PIF#eIFl{476-z!3$`sb`2^1DO#s@X6jT0ZGOj#g%$TVQ@V3V?v zx>TaCzF&WKGY6wKGkCvO5@|8Q5Gl}Oz(dqHo}y{;{)oXE9$(d3F+F6I(#?p|x>7|! zZGo){=0cO!WF;v=+mG$v63)|9P$0w-$wM6=pgpQl*4;afu649%#5|b`TJ<2DQdXE} z#Qw=3LIt^9IBB#h_jH&(>JK?t3i^o@a&oT0K^KQhTYHiT38&YesGm>I=;TgH?6hYS zqCmC$wvY5R@_kNod!JHz`T#{{NJNJ0=)nQD4ylTCL4PD;f<6Yd(Tj=UY6cjI+(o4D-N z9Cy-nGYw%(fk#g;K;`s)$=}>wXdIZIWh~Lvp=ITcitq&WKtnWNZ-c!1{c@fC1MJ!y6QSoxo*qyAigPFGt}zO)}EjO&hrWMsrgySgZArg%`7U07v( zI8xs7*}7yHMA~sP5vR*@!>tf#&tnSvEl^~VIn@;TBu82aQMniS&2cxadM-DLqPel& zY&g~y=ojObueQHkjwo?`0DW%+3t}NSp^J!huyL6$jOJB#X5JHCdI1sClFTTI5!4lf z;;`nu8w-NbP5r);tH^H(Ejl{VE?&Z~;2~iR2lzp+!_pWJo*Z;-6^WF9#Q-_5=;}(s!EAcFkEH`{B zSFom)w(gC@me*L!4K!|2+}MWBZPl^Wkum99sS;cAp9=`47kUq%WuJ1BKev2n)LtGH za&WBz*Z9{SEcHJ-S*^AktscOlef24+iDgS0fsTXQ!kG0-rf5Kr7!TgE zEKWiRj#^Nfxa&`YALlY2N6;Kwg?~BB*AoGDoHSl9KQVU&2m^1QO^tb9Q}w{ehnB7rN@Gj(d~36y3~6wM6x% zP&oklu;&nXNCC0^IDdg&tyxh)XoJ`b@ln?cPSLS2HQQ|T^Qy@}4winUsH{sOP(*^* z@|l}TQJ#7ZlQ=B`6FGQCWv$N;$v>nsMesn5u&r9pg^O8eo+wG6A~h?ff@+SfoyvKS zeQ*%KdtSqLAqnXI3)BKsW}(rfoV?oZ6AK>&5o`IfLPd*EqZz>5S0%r8(UKa3IEiDY zxgtM8F`eE{r$k0Bi3+7ER|u=-`%o6woB43(D-xrd*;k^WBqZ7p(_**lfC17RXo(W> z4fP3gsozBfo;f@X9n>LpRpl(*+9u-@W92-=J26&`f|2O(5d@TCso@$vf^Sb5wrqsl!C~RYvEq zqsC5&ozHla=6n8K=fK0_Kz0E;cNUU{=rPtHdSMP@u{TEkndiA06dKElK$cLjh+#n- zj2KLzf|R}6G7Lw98XjLklHgXL1sS9*tTwPj>-158hb|H>uYZ19Pf^xwIn6Lk7awEt??Rn>vlSgTYe|G+e!K}y$M5Kfi4Eb&TteE@Or z6z-RHuImOC6Q0u83wvfC)P*a^G8CDG$mYqbQ+!QSa%Cz8g-OV@baToN`pMYySWn7xW1k5!?N3I>eW6UZ>gCZFa9}#byFr49~;;w?94OZW$kvB(?6l3CFdox?y!XxX{6fMBu77O04Zi7!~#kR#WNkT3(!kr5(KWh=FOBfmn`1X;2^be_qe)zB7Zr^1Is&LZW_S39h*S zWv3aSNrzb+tkohGp;yl6@`ZT+H5-85vCGRHAo~qvtL^&p1oWe8Umj}BJmz(>a&8)9 z{Ull*#dB{p9RyS#xvcSF5^6D8mKS)p z@;RSu4}q5pIDG!PeugZ} z;)UpRJ>n~c#X`H3-pFN#j+KagR80w6FpY~vM~v3UyYWcn7IVeWL{ zqqVoAOL~{&qVXr&Q&}E|{#HV^&gV^jGZp4(6dY}N5q^Xp&+VxMq{BKrd;su_vi+3$ zSk`c`#y6nhwj*1{iZ2g8|8hMb>bY5;Yh`uot*sNe9I2!!mkp`rR;_@DQDBWddJ!kq zVe^5(+O)pq6@Y0nL8Yzd z4H^vHK1JlHnyFgOmSTVmxz^WU6xY}g`DGz+%_jIWkrK4~Fhp?$p&Q^!OjMBXx|-BjasC z-$l52^(g?bbHBc7^{-T{11EDAWhwoii3r)U5d(dEVy=+}_~bFKjeVn0xJhXZ$x%_F zKo0Qr1P111$aHO7j28He>Fq2kIj<_yvv=8fl^e!asDJd2@i*d$UUGRp-iX4uU~lS&G!m>ehb$fAu`xFHbk^_wn1x^ zkc&chHanzJ_84mZt)fC$$wj1_usn|@*~Jpc9c0N7JLO%#BF^G&D>xr$mNQ3*`PINX zB@xAqxS&HiS|A~aPvEt?hr1>{HyF>Fv~P(q@~bTCA)*>X`OpBNL^7lqP_V3+qjtV-}tO_fL=yc0lLNL-5RFX-8lhJjYi_~)B%UW-@zAdvwW*eSRdqZJH z9#!tFH)2&iKCstGk@iTE;@%{O24(ylh1VRRJ~7J95{Vy?x1mExqv@6?&UiJ>p9Ss> zm9=T{bb%Fc;Qtv+V__ym5R6J(7$;(P@ct=a+nG_O`MPD*2_tGA*h7d)b!r|G`ty?> z?jKB^4vZ?D9XuysBS%1~V8NM&RkI3EFZc!)(CHRo_zUJQpI;s~1Ar3Q7wF$+yN$BI z8n z_Fe#4pky>1^ODy~4xU)dQkuloMjTLo=lcJ_z!BOC#Nhmw70P`2m|3l1Ox<&;*e%}V zT`&Kaq9cY(eoM@b9On`{+N3N&?5%I^$fs7)P>kk?t<}EP&#%V2%s5Mms~?^E{8-|% z*05c^mcvPzO?tv-ldM~#M56kNeE)nooROc4yIc}(<@r@+lxL57oG+`Q-C#n*35HA~ zR8ZuEm@UKrWv@^YYLFs6_u}=+19Y0wtJ*n+-@TCGBNLSC^;fE>w!b!Q6HpySb{V)8 z;aB`RSiQ2EfgEZsI`RdMtGaq9!Sl_{$wg$b3nTPjfgeq5FCVAk#85LK8A4(AM)m_) z&R3^HCsS`94*JesoY1Ke2%Q{7qdvg*S7?Q61AUBK9?Q>7&z;ig!NJk&ktsIy$=e6!cE4iAaQ7)cVkL^x+4S zYgvGIl7XTV6)$|${U>}dMYTRpgl`HuTpd~xfq}MV;EIP56`vxw96z!wvphbGp1Zsv zYFRpjkbs0A-@zrYLA7m41$tnRvKApjn9){abh+qIfg3geAB1M9qo&O$h_S)?Eh#CO zT`X+iYr3%aMmoV_>^7Pgp#Z^$^B@I9JG>D;2~4HWL2?* z`kIk=kkC?-!ETfp8TTLSXk8_T?f@5}3i2M3tmV-RLK%dZ0#p|~VEo1UM7HB6}l z?1b%;vRsp}n3QyNk?kvkrFBXL6f6b06wzg)TydVVmLRQ(#|r@uBsL3JP}|qAqf+8j zFp0(G0%p3!-0E4&Yeqj?VLZ`q1jgG`ja1{8o?cM9F;*})3PPWS-k6h;q=`(mzp(nw8Z3H}= zKQp4adjHrz0n>sMefZun@80415voU+f*W>EQ=DdMxOhE0EPq=HGmHVvzEVI{FWv@5BLv%x731EC|Pc%hB1790&zn7wML9KF3<$JFbVtVCw-B?zvYmJqu7c`vEy3 zmic6^I6y`_`F;g+&cMWrFh`_<_^}3%p$`0$%e~4zr0~D!JIwLg08}}0M!eqa-uUA$ild~P<@S=375Or|?X57pkq;FIrkCXX zUJ@+bg{>rjbai!q0FyNF9lZEn*bv8xefOE*ifiNFcjDZ5;mMU}*T!E~iwg^Y%Q6H3 zTPW}4UnU$piA)6s=Y~=WGF30+GhXzMAgF(qpdYVLaJ9usLzu=%L>< zO5p8I{*q|Kwo8}at;xyBYDlv!5Z}D{sQBStGLh7eC^pz;;KAI)MU=I*79<^Q1TEu*4*qc&c;8>G8iV5AWN z0coir1u2I{!eMCX?wp~dV`!0g8jcw^ z4f#5n-C1vHVluqdgoqJ!%V2^%hpwh~V}(2*$hq8y6wc-5=Rq==OlxX}(y(_SbMG&#$m6lOM?d;Gt5jLiqQ*dHLFd?3ZLve&_vPb|>8VtBbWq&Iq7&H*GClYvbf^o=A_uEtXpq%RUTlQKSdcKT z$=rM&DZ@S^tzxaiO-_~6R9ZaYM_zNrRUaf5$BsM_Gt*;fMkk|Iz7I!ap&u34icmi# z*fI7)TQ|1%;j0k|N?KJIWpBI14QKZHy<};7MBXJUEoGwiYV9HkDp&vW>}7l_S<%1P60mA0H%R`}>2bo*@G>al56bl}JqOG{wuAjpe%x zNIqW39}E^4gIKfPH(XK){|zZUyer>)&ob@V12+WR1GTh!e`}xS%5P2r8ytWL_I?nU zUv^9fdsr<<0~Cq-S_;s%w(qfAcNZ)7tLcT_zvtuupChhK?^pd-%L_dhfM7qQYTzDA zj^WYyv*Lb{jj;v{JqrW&s-Lm?JNz?+9l!JhF6MyUiRoS;HV+L3=A!w~d2@h}+rE?Q z+Ua8rNYxYorCH#(QQ@yLpx^<5DX*`O09~);8j$1p#=Q!;2e2vsi;SxRN_*oVS>S9b z>v;xHTJM!;(|{!5o-_t9uJ-@)a@vvyE^frI{RL29y8toFf6~?32iS0R-rS>TPRRf1 ztI`(w&Vfx=0anKT{(g>i0Kk2`{xUhd`}rw(_n)0SX(=g1fD&^*cmSda1ORKWZU8|R z1pEePj&Cm5h8PNOh0rbrmGOY_Qd?xQHYxjh;=Kwk*S>e~{(e6FK4G{Xdy|tlR zW9f_IE0lRscn{1Ru)ZC5c&h@NA(vhE1WaHhcbSelb8a-}y+0K#8Qw+pc-(m`cFOB3=u-$jJlnHqGXWaB?qZadO5m@4#H@v;Ok8uW`CUB%;Vi5Da z+GxDJ*Co#TguD|9c$ctw&^*0%t>7#EtpK6iZdvow92ixbTz84hIeOm!IIzEfW>B#= z=^k~9}8B*XMvI~IRfCqc>IY#mK#me!$=f3gBIhurCmYi?eF1{z!xbqXdcx3X0 zk2-wWVrz)O#&4JqUg4YoD$KQXBdO@mBlA-yKRfyd-IKigfCv5e59FSw{N8!oBMZx! zcca4j+M$PR_!R_ek~(46d8zIdZ>)^5mLqqq^AwZJx)5KL`P5PsLz4Q|MioN}cy5w@ zNJl5X-Odvf?aZ2V)*e=D@?$ZkE%@KaKj=*XQD{O1f0}r6*zDvi1{XYa4r)>TX>R=> zHQxEs6Ppt=gJ5RQ;=Bmo{blujrb9UpFOHRnKn6hd=fFs?&(}vVw5)HlV3WR`A%=?G zHW8SzCN^E4vPRg97-aN$CNsi)L>MDN#L0zqor@NUj;P6i6*hLb(lZay*|N%I;V*dFqkZVokB zT%VNNl~5+wpYKhqEF(ZEufyU(7LB<+;Ofiylvo?5I!zzr3EcdM>ea9q6^_mOqePpd zgN?X}0S+ltetMob^={D*2JvMbr@Ob7FRer#kmGPxvY+A(tjl$8+I`MnngmZYpz>S9 z1;C7APt9Qr7#bLn+T}(V_Cu;!jRxh&ib+2O2*h@06FXkX!4Uk3y$UkX;guRV+L|kf zN#dC6mh1Fj_2%ZeLqaQmkmJ_!%i|xI7A#*JkR8r@{qf}b2i_a1#tSV{vdLl@ZBv_i z#AYyAM?rgH(TVt3Ok0gB2|DC&<0##kY`P-&o*rtZo80LE=PUBIeMbF0h_h~T;7Z`_ zi#NwWfV{8oRbpr_Q*{lc0TpJ)Q%lL%P2%}LE7%iSMoqOC6TzOSSKXhvoxQHUKm02GlRAVk-=7fo6A7DO7RP+AF@R5u=*QUKH?x#K zYTvr&X38X!hfv7-u77_xvb;>lm*2Qlevi!r)L_VcX2B`CfRyeEBr1!De?#TePF>h3M3i^I2-&1DTC@q0X}>J+7uN@bOuG zFLxd7CBsfs+zC?~C&d^63wI zkyc%Li%r$>67Hd5+S0+M$BSWXf5m_o{`+V5oe$ZR z3^vdXJQ+H#+yZ2P_iy&KY#fWc=lPr!i0tu?q8byE@zdU$E}4)ontTPnKkjZMf==G& z+`q(BLB>qNJ}|P2Iau_XAeDZz&~eSh*3aO$uKRi*r{~Szse)bLWfVs!{$2h%lG&@0 z2J|zRBYW_Ff1WgS{S9FDT{NK`jRS=F6JOu;u>06K(6#^@RRN|c2q_+h8_-++&Ck%2 z0~oG)%fkEjIBNuRUdPU=mF}w~Y_pfW0ni8g`&VCb*d=}*Utfnc1c0ABp<8nWB<7Xx zLauLv0cLj}@M&{M7r|$Z{dQe9wmx+FOp!|7_jYHhAW!5_)y@btll#SWh@Y3I;ie|fIuRjA+ zo>lUHD}3kwT$Ar3v5XYTu|={K{ftO!Vd-cZlz+3n%=6CBTQ)?bWHG0#U7 zW;^M=yL{Vs9c6IcCi`}{pNqFjszfnyeXxQEnY7MgCD z*2d%I6BS%coUf)wYbv#o7=93AgYrX*p{*~J_7Z-pXJI_(MgM~Tn3=L4!!=wias1Kx z#+#2g$BTWJ1fLs$sOb_C7w3bJaaq9H^XN2E%~VlVX-v8U;Pif*R3DFAURr$&w<(zhWd zcx#1?^;@mxPWwcE=2a>sgDvOj;fWIUR&zlBC`ux5pH(RpOKG5=3?$Q)QDZb}O*id9 zX8u=S%kw)<SHL=C_J9Z_n+oUO}|UnV4T>M zDyXaW^9g%B$s$$FxWUS-SL!Kf7;qv1NT&hDHOhK5h zCTAOj@87DAgz3N+2AI96y#DDCtAe{G-`CLEM9Myb)fD}UOd2nKk5#5okh97j^m%M9 zj(O|!Dp~%xbAM{J)GGrIs{*^VPSI~=+5HIvQ5sEz%RWwSpfF@l>5s1=MrxkN?Rv#r zMDn`JE6;VxQnuBDY;6gnN`|e#KS#zN3wC=}KT#39SP{NB=E3@y_{vQn8{pIiJsH@ymWJN)JyA~Km3do@%hn;C{0<7> zZLb`^CEn3D-L$uy!FtIV#X#~;_J9AC)rx*M$ZRcRewO6FNewy+&MCRvJ^WoM&nvz9 z=4;1pVPHQl9r|I$tz#EI{0w-ZY|Ep(quVpUmUZt-$A+yjjF?(qc8&n1t}R)P)BD9S z&|ysbxDD^G5}^~Edw%NF0*j0{U*gF9N1p<)uw>v?*m>L=F-aP68N#L094WuB5?oSu z_xH#LCmv!u6};xowv+$oYOVhl15%XMt9F+q))G(ToMS`r>haUVg17E+5#kSrg9C{& zoZM4LjeaeNPkB5Jw#K5iPy29AGXfh&L7VoVZ|O5)OPzI^UA{hYD7LLZWtthsKC;dj zv~}^XT|$R16J>A6q?nwIYu$}LV}3Jo1m*OZb`V)G5^**88Y&2QXn5R~#%i>bXoUGF zHNjNbVt^s#mCJC4{R2tewdN+pk4Um(LCn@CVC?T65J{P2FaH9#6Y)++NvP zD|>j{tg;44s*iyi?*+S5@sE5y?IR>!m28Q2C?ebj$5cyohQ#RG;$qR{JTuk$x?m7Z6hS(bHqlNA(y{pf_(!bD%Po)R2hYnn=VpXq z%B>7FQR$deQ5gYBcG$*lius-y8}^FyZHG2w68^-%#kLwsZ10=4ij zivl{>VFI1VTw1sGzWk=~*ntqKR+d&&U7Sai1DyqjcuN`d1BPRpd@&s7`5_0{I|;H% z+^O&GR@&7f6lq>xNuHHv^#kd{xzj2wvJ3K_50pcicZl{D1M_gg%_Kdc68iHIT%h=CVxVInoRN_(J(bC;$i#y_uG-^9dA3u@q64a5;xrL29$OqZIG1R= z*!~dM?!x^EMGbUpW*6E=g~y5z@{dmXT`823*nDQHgVIGhuR0L@9+1SO%4BTJ3@z7)}kx=yVjx> zy2+TB+HbvYSHEralMn9+0=~%VEzZRb>fXDRj4dG{qlZ6sA4>j93*5ST9`Zhgbya$D zar_iP*_C1`|Mv2x2ouzN26}${?w!MxENUYvL-HHEG-depKPkXRs;D({bMAX>#F7Dw zIRL7>pS$|W`rq{JCo5_|TWx09HQm{KhXNg6AHiUNEobFnFEgh!U_O1&d&<-m^6xU| zo6P?%0v-ehd2qzGFX3Nq*2zcwz3Au-#B}X~z0F&7Ej*Kpke@n>qZ1@O`o1e8YXev8 zLpw@6Kii`%?LC{_W>EEQru^YCyBdr~cr=|e`BU94jY2v;<+yglx{_?UMIWq8k*0Uk zS@cZjfa6HRic3DhPWVgsQOb&roXGG&TrF-15N#jloN8lE`TDc&q^Q6+e+Crr z>FJt0D_w?H8duu~PhSsv@*k|2;8oY-2?;?T|IiN4Lkd;7b>bl#kX6UB?jTue_YN&|N(DXH|)*25Lu$I|1%1K}DR z5Gr*IC2g!C)|5myVq6jMS^z z@L6$6+dT~PRbDIFP>lXjDX*hz%vXI+p&b*pHjvJtF?GoR zm&pJCbFUVSNaR;#hn``9Vq}^S-+8eaiN5cNomV)kx7H^)hH^~~JndKsF^D8nAToPj z&5*H>9%;qQY20MYsoXWoI+!(v&aVcwpTp-hv5FkhRC%;4X+O_5=$Navof&$AXc;j$ z2{CQKAB-&wC5>L$VZC4u#T}rhah5a%`S4*0M_}0F`FK|X`+c!v>u>ib8@=Q{)4ps? zsZzi|J~yF{3_JFbSi4+2sT8$9lvJmDzWA%C&%gBR{ynaI=WsW-`uLb=q|M>I7$&PP zy5L1?oJL-f_2|z5hwPTqfu@RW8j?f9XqqVF;(VPSzOB{ID(RZN5KfWQEkiFMQ?jMs zdtyX24B|yIk2%>lX5;mIP|mlkKg2|Rb{>HZ2>Q<1hGG=fBeJ$ zw&wg~xbcOu{J63Eaq{e&87awCFN@;!skDOY>wWkt(MKWPGsCejFSA&HJ*=oWmsN=< z(3LDY3S+LnQc&6gINHE2bQvlFpp0?O`TJdYI+rGZLhW{pAK7OnDx7m`0u4f&$EkE!G*mL@RR>m*z zfA?m$%0A^T^Mj7hSfpV~1%SyuRa^Y5M&7X-j)l43ll%%Uc9{pW+FIdt8}8(yrT(cxJ!XOGM{)?cak zkALR8b-vkKpI_$)&u#%+533!Zsq-d#?yeEYoq*KH&yVam@MIj>l5&-G(}j1V^YeLlY$=-j(kzmG z61+9wk)|R$eNLoprtjyT9-$mp-hwAml`QmLh>3knBq0#Ipi?4e!Ir!?2iA%+QW@7* zj|L$qh$$0{<6<9KvVK>XTCU2CFh}MZ;ih};7NnbzUmC{9zF%%P*p2M;rkqSdv^8>) z5Y&r}xJWjjo9W8F6bQS8iTtRo&&AxF9gxCl)=_m2DRycesI<|B*cq~mQxi9FYpRAx z`EMvlq^4Kn`KQI1MRKb;D+?bK*J@*tJ=44tutfJAuD)pYE@}KF@^k=)SNb8pxj8P) z?HgG8ZYCA>6!Qn|O=BmYe$%t5WO`5hQhWDKd=@d@cbpvF9{OSR7@Bv+kZU zv*8x+Lr4fL^0rLeW%TJ_GELMV6e?d$khgN!SaMfmwqmTmMi0vPSqroSLH7xNs3BCJ z^_Vgk<2c|K(M*TK$Al<1xHAVnF!X(halwEn{}K(<-Mr^v8i5c zABU^XwraXz_x%;#a-~&@RoYxvca>RW*x561V4+#9c$ z*vNwzsgmDAT(rcbN#|Rr8I7WnrF^CLDiERBewMd+1x8>~@MD68BlS7s4G%X}G9L&s zeHIMCn53@77LgbC|=9?@~@7A74+RA^j&6xSUWlmx`Q zHG(@)M! zgfH9l)byk7w`&<2yLAi+dWvU&Sy$l7 z^xxiZe>V#DD;h~Ews-vVmq;jJ&G{{3o&?3>MuwU%WU2WH(@(UlQgUsjjJ~QfwdJeg zVOK9wyYZavv6E8G#ZgVD&wC!XxaE#`W^2J`=hE^A_cLcO`zZH9g-ABTX$!Dhu=8VnGTHSleVKW4aBgp{0H_qtN=JM9)OU(Kb6S!qxf|h-$wqJU=ZmdW(PN zjd@Mf45KO>vVHQ;q{t9%(U6I3A&7<@q?!4{_a9n|rh~PvmW#ohL2?Q7BJJ?#=ou%= zIZCogha>Ay7o~JF-_Sv~ua@{0=|eO@18y#?Cmhe;1j=W-2uz)<6SiG)%A^f;H1c70 zlwl;sr6L`|6qrVxl8d25Vw>ej*YU$OM@Pe&lbT%Y?}Z9r3&9$Bl=1-BirmC>q1By< zbfnZ^P&Ut1#)Ixh+d&YTvwvGDbz$qvfDR{Qh{i$7hnsj*F z9y${~IX$`@K8+{+)oV&e2g|VjW6Opv^TD}cR1t(ohSIWRz3-X&_geEa{z93pOdeC6 zD3BoM07VHmCu%4DLU2fJb17Cq$BZz_=0_?ftl&P-2;7Hn=X^p+`k%GQvWJwtrOq#hKcCvpoo+Jqj0>E<)u|W^2kpb-g z*aBa(xvqe-lAhQn$}TAGq64)zg40UCO*9X1#Mvb&2%r2K&SBSlviYn${uc+kftFz+ z5hVeei&#;RF-26F3FQ;U2%;v{a5kJ4tSlO)5S1_$%&?akLwa*bGN`syXS9%d z`=g@`67Lv;t~5#eKszKkmkzrxj-~?c)K8q$FbR!(Bvd-QLl@_lxt)%=H7b3kqqjeWQ1`**d9Iezm$wO%XhPemq9(j}$1O9qqxyz|?mwUysxz2p;5T9~+d9M{xFgqFjk%*(T&22i5@CTcMP=h?TI(W&0Qu7sS%vh#9(q8YonS)_W)2}u-)KVBHyi#6e zix_=*i$lCpO>w$zcGUm(CHl->trDh25Maf`@JtLZ89u!WL?FpOPrw8kqo10cfyU}h zY})iU6AE_S#6lx%kyCogU(XZt%+$c+zSFWZu_C4M5;Hw(eTy}>3P_=b)aV74s7l@M z)lv5HHlHZo2y%9_0TDi8CPgzB{WGRiJE^s1&S$^A1Y)ieiQse5VmX4~Mhvw$*RH2p z2=rL3MAid6RT3_K^Was~05Zb)?YqEt&|6z_#r=c8e_!zx589?NSw6xUyxvRX2X87` zrH5d`hz}?|+tUp6y_IcL_<|bjS1NsPGJ+q*t!5ya%z2lzoNKgYPlfrS$7}W)FiWiB}Iwr|>=*cmTSNq+72>N*(j_Lue+nT}aP`kcCpM}TqOu`lHxT$VC7!0mna~v@b#EaA! z>nEtCo-i&;6VcZ`3_4(lERykY`XWJ%!@08u5v5j=)XVY~^e88h-8FNyT42a3!4?Pm z3DP7AQ8I3X5ku;T3nOf0=c^OLalUqD7~~>&0}sYUA07HBy|m!?Tm8o8)h^yfIuCT! zEpT`7sQQx|Z07Rmk0)%NrX*oruJiSiFbgVDrY-#dKSy>WqFi;`gD3_h z4$A8=o`JS=iI-=hw0l2GWQKhH^zq%pYeTJ6ZxNC-%n0#V&2;^RS7}9+$o{dxj=Uh8 z=QUOV&EyS`zAWBO!-)k$qM!VnuCFD6M23{f%} za2bUt3{0sl=ut0b^cYuYv#>s(sSrvyzPos#0Tfr0q^-{e5f?O62A1^)cv$(R%l1ok zr>#sxw@}ZI8-qJIzHkBj$Xr!OM_##YSKjLWRovl{2`yiP#ILHAQ}5r)gXqX+rX?9g zf+n}OU;pG|-`&AotC3tzYPzQ=Y_Ed{0Vzg_>0dG`d1225!q!a|Zm%Og-&cVMJ8X>C z|8F7qznb7RodTBFx2{{y;;QUrwZl*trW9Y#k_jbaT3D_ucy@dckXK2vd|uNqYSaKA z@dktbjP*pchGYdZJt<){TKA7CO(Z1gC2Oc>mQ6~NYO`YsvZ<`PjKfl9pty{u&Om~uT z)M8cLe8^BmonAbh`zOTe+oeU5br}$lg-9qbSq7-V$@i&)>&pFWu3fs_8txyv{dBnjHR;0q_-n>(Ho;O9=jw|_w z;vk#bm+ZyNIGf+gq@QXv&^I9FevxtVRUxY7&U)e=yA)%yr)p&9mrbMtiq3^1PdQr} z6&`@%8NI4ruGHtx4g(Q?L#LS%sV0T>;|}0to#0BR65$t_NUj+1*{Gc1T?oF^Q5>Je zOGQ1%CKI;*%`EA&(<)Uk_b9!1Urze0Pr_C>Kh=0HE|P-3A)55eA&&^d42*5@LUMOF zw^zQ8Q;r5iOk<_`aif2(=@C$NG{Uc3i$n4a_ik828!2w6lHG@U$#^Ma>DMhj&DmeK zKTuMw8~iIl2*}lk-5plT75NLD0-BP-Sejp-5BC!eRqwa9w!wUT^$HXu-#z4<#B|R| zrd)q)<0BFw?qdk+HtNza1z2vL*IcwL|gm$ z5srWnMnr^8V0apzDcD}3$qQq!P1+()b}}+ZyO!u-YKDwW{L1r!7s5N`PE-EbK2rjk z-Y{Pu4jgXHDmS|{BEN+IC%9;RodYih%jSk`@t~TjqNWyJZW*;*Q}d6JHp&* zD7U5`H-Czvi=AG^)B4!)ZgNAP>qDRE2`A>WGr#eQQZBBDs2-G!llMV3LLB@ivuA1o zg(Hc+w3@FvkNm1NXdGOv$;JW)&7oHfXw>RR$}{b(kFikshUb%#JosjPp(>N{rjK{x z)qFVdyr8O|`RQyD+e{txlBT9mDl|7IU)a%;4?1VrXM)*KDq-K$1+sZ#+}!h0Ql7;N zYtHRn^hHjV(u_s-wA3-4i?}WR&lj+~t^2Ty=5$PKugrf6cDCsjq67hG(|&dPNo~XZmEs9ndpm z{{Qw2FY$KeR$V^T!tO>}szy+|UB^MY^6!3^@vZJEUUvK_NdT03Z7j2ir$UqDufL;C z_X3<6RBX^TL*nR{ikxMr*sAM z{NV@1;(fCNxvE|my>bj>>O=o|(xr?gJ}iURyXM>nCuxe1b*=o<#*n%W_mGa;wv8!7 zS%RKAuY)?R%%xCBcmQ7hreRBdxGywt)Cm+j6Bq`%B}matvCPVTrW^(_s6rc6eY&t3h{0UwS74Nc=J( z3Q0Cd(a0d*=gDjIupB328fBzcJCOOH}-EwKqEuIi2r4#VPQMU}$~&NX^Pl3n7B;!p40UJ2oOgeh#jQCG;|i zUu#w;fS710YoP{E%DuGD(+)Qh7zmOykd0s4LskjVZ@QILAUiHd9`BdoBW?;LgJLAm zGr}}5jEc4dPkRs{!zb1sgk}4u$6+Z#iU`EDl_s{U8z|e@mnzF@T7_J)6W{mNa&9uK z63muEZHlEPR?Nil!wQZ|pq!)G4S}aP1pU;EQ zTwddpPpn$6JH3Xf*Riq(v6O`glpE>{p+`3=D0r=qAp5I?Adt747FW?|aK#$myPasQ<~J?R0|Y zssLr_bD^f~iqs_JkzlJOu1$-RfSeQhsq9{i9D=kUyX4HD{BvjtJH!MmNrxE$=U*I5 z?0kTK&mN`pZ~=XZM3-9u&w?qmK{h5X(xw zn9r(427e>BK;I5Exu+Y`iTAU}e|w{-={R^){csKEYrs#F74dS37_mSF)elsU7}*3S z#b|t(xXa^2i3zp`cCNax$&p5;+&?S|Sp zx=QW0c75#b7STbrp7p{CPyW5|JhuOd{qN#m$Z7BMg0o&oO33zL`e(XPd0TIz61z+) zYI#CcZsI5wK5@;$f#LbLUU^Q}X+9N=@Pz!50k#QY(2q)FebWgE1CYy}VsWcCjE{miv(T zxU;UHg!sK(XlD+F{N{eLo$cc#sf29&=smZ@2i7;%T0hbUT_izVNj#c*={^umi#Q}1 zmUv7?T~v7mD1o9Gw~q|xkyC{&t9g$9)+gLS($H!qtQs3mIGrh%w_T_JynC?ZwO@YZ zgIcPl6GJ^YiiryAzBxZIdQx9YAmLLuqN{$QS+qsgiX>Q1w(`*t$&_N=BuYn{ZQ`L4 z5GL`hITc|(;CS^0LrfYH{3#&E)B3x^^PEF55)ZjN=mTt4tpzCJ)y$;}xLy`z&jYoz zlqdFqgnP;awt7cBw%jDD$wM#z2}E}aOVNTaQ~guY{&-swAB@**y{;vu4b>48V(_Gb zG@Xo*<*rw4uvIfqFHw<{A(3`FtY}>h?PSce59=1HfEA~Pnt=T6`zN3*#O+3mUOqR;c5*8(t_za`Ef3nrl za+|+n!m4c!IzXdX1Gsenc*yRGmLd0rBR=SrEeC(cdrSLF#x(h7V=8?mO}fUzyz6A7 z0Wc~Vta&hil&2Jf@fe-`v1`AZJ#ue5T=fnDj5j8yx6m>#ZyeBWb5z=L?lCO7-?=2HkP_BG1-?P0U) z|4l>w6*uY87cgS7PRWs~5Y8_`glf^NtE*4`WIU0*x@Pqop9$DE?+%&vzwWLr^E%&l}o=6mB5{ ze_=!{#jCk9grE-0c_ox478#o%Lr^VWm>h#})DY*RbR^_M_k-hjrqOU!be~SM9)#uf zYe!D_1CSKNNAi+8KNd+Wg8$l}+nk*|LPFMu&>7t)ZmeB|z@#91MIhmVf@nEQ+|YlO z^}^!ux>W1^aTA5`O8uaIW+gK_p!lfXqxh$$o05Tjw(`Ws6;nbET>`ohKX=P~9{h7aWVt0y3SR3~2>|}xe zZ`qyCrDRK2o{1ix2u-p|o^{`RAFD&sL~^+s3!YFtB%2CQ!RmJtBNaB8taWNKMBzzM zd*f#=Y7-h+W7t$jei6%8uak-W88_%MHE0gk2=`+&w&lD)x*zV9;YFkc;5CB?#fkeM z*2dZbE6oVPJi&2xS=>6RZPcRW-Pnk7RbD zX|Zm2kg%7|(`fN$yA&i^`X@)aQ|zPpL(^vaQnk3i^oQ3`12@GlNrIag=HAm@oLJ-W zOIhMm6US-nsXy6rF?iuT*|z$NLud3)VC2)rOj`11n-?-0n0uvTgF|(KXA!H)1$Nw)OlCx$@k67>vq3Q>UUT7mR`VL2fn=)>is2j53E@OQV~PW>#qPa)dnEK z?*NcEN894h;u@4;J$T($xt~~A>w|mS*Y3DjePLz<`=>y9?iCa;v#t7UCd))u9&SCB zm=C;bS)yJ03q&0PQT3e{%dT%Xf$;i!8sU9j80LMdVhUi3)&&+&bN3na_l~?>;M2PR z`@R;n1m(-SJYTIjR&@X05pPhE{oSi20)IQwV{}fp+$WC(+x4dhkjp~8`u5|O&oKLf ze>C1$2Xt5C6RI{ScT5ndy2vr^Ur%$fQ3Nj}Oab z91>XIm)+DH2@4-y_# zaBwjpKZ$bkmzxRT;Oy(cR~J!}S$tPcpJ}lRQvlK-M>z>CRoud<#hV{Dw*3A2mu3Oh z&Q?brE@I@r+B@L)xlg5WycZ9hsFoh9E5(^E{)q)*!{sS# zKPCW^eMPvmYe+;{wQuGS7%0zvwl^w-_0+)K*uJDMbOvvf_lAU89)yt2Z!WF z|BMYHypOT$yE&8@PQ{>>fnYxS!wj*Kp5WMgyrf+dD+?&6$9LE-Pi`Ky zcj&fV!>`A~U$F`W$Leov&KS;BewXOk&MaMCl9Dzwjlzdz8u2s93w`)dLTd^Zd4MrY zV9p>bV%t29^UkexhZXWgx$F%+dU8%DZ>0`V-I2@G|J0TttJlL5TM1nox6+qqDl`lK z>_Y)!OUx4o|*az$VFnstv3PnMdtoNBI-pUe#IZ7iRw>W_8tQyT`{Z&@oU5JZMf# ziiMPULGQzL8@0NXjhX%#(m;J+i_kf8Aj73xNUOBvS4$WK?Pl`$O`-;dRPD$ZO5=YwG-iSO{ZP-$mNH=c ztv0IM+`Z38xHs|wA>84C>aZgduS@0?fM@;ecGJ{e?x;^=4bk6=%^7$(>$c=Z95eEX z?j^~8q2TujhvS=`;{@{F{jQ$I_>YT1+UxOp+!4{*gzjyjz>W%{zfov zThj0-o5e_0<+cq5=_@a>y3`f2*Kx){9@B|MTGobUI)*1OXNQy7h)N0MqBb#^`Fhjc zOhXzf+GZ4202xP^vaP}?A)QE-t4jgrl`$x4Ri$m%LNL78Xbe4NtZ|R3cRWv-R25qj zY#uC__4F2}m+z-dh|0xFOqWL)u8liqgDO=~w)}#L!s#GKTgq%PJ)WGQBYkP8H|R3z zJVCS=PGqnrp}7YpHAbWGeeCTt1)!RSdT|nQ1m80W4j`8Koe22M(b(!I{rtz@N%X&w zW3;xmBG4aV2{gtBf{wPy29itmJLy{vmlDJBx#Oykw7LT2`C1G#Psau5MAQZ~n~wwO zDntWkJ{^U}b=G5JsFi#?>7RwW{)#*YpiYKFmpU*OJQlnOOWEnxXo;$h>a6&{v;nLd zdzmg}O|W)@ah8L4`@mxm9|Yc6<7`fH_mKqK33Ad;Rkkrx#wEoC3L+7`vdsz%}6-XXyl;a-NtRW6$P+WWbHcmg79(FR8X zUq=@VY35BL_KA=qruI=0d!B#*5m(8bNK}dv66W-@*{Ksnyom$hfATEjlpbcK&cG2e znk)SrxdFkc+ppKEkjH@XaN;rf2n-8vXRqt5W7PHIVK?RCMPnI3V;!XFgR;E^qEMeS zT1XV9KVR3yx~mfpoWJI4cW4jKFqMhLyP^)+EST7FCcyu+ReZ-4K)6_^y80Bi*cA^nod6 z=tdbtEvvn;Sv9*X)0>L7oeqZWOiyD*AVJ;ifW=+(LUSj5d*&Qr zFD4FRS~1+!bOqnS@2f+ok|fn(6OsRith0=Y@(=$sB_$2g-6`GO-HmjI(ka~_E!`zG zv`7x!jg)jF%^)Bxu+RMdyJyeYeWfovGtUh2jr;!G*VPwG`{V6;)=IuPmBA+jFK)u7 zisX-pyjZQUQFfvIlT(CJ)7IIP*{yW#hkLOu8`G~_z!XF}fT_|vhC7t$rIb3O#9VU^ zBWbjERS{H}nM!Oon#?`XvhX(|ey0U!o(=MZ{07rk1uNwUo3YmKS;zC?OX!i;zl z2qE}1gWFjHS+RyCO6cGH>b3^y6Y)r3d~vsqE&*nY)xQU*1Ob>uK?>$IXTWY(P82MK z1eoj=nFibp-=1H^$I28b0&gIra z{+8d}(v`>a zzB2kU4g4a~PxVZ<)sx}Cp_02rA=3xHA)|XN(#Mztk)x0*){}dP7~!P${H`2I{{olm zG>LJ{-W5k~SMu$Y|MJf}X&j4blT16o zPd*NI8FqpmYLrx1aGlm_Dt!X*{Oj4oE=UI7F?2H=z-uXl=-2Zaa8(02<#$CI9g~e0Ua5;;DF&;H|phBw^@Z-N0=vrLv&! zAvIaqM7R>92mPf5T$9R7e^7gWumT(|799;$?rQHwq(P}kS~b?bnYWM+W$WsLC9;EK z8KmCyREnK=QA6%@eAFf%ED%tKY;+2k;70|kjhJ||e`d_c_-0E@X3JCx!U}IY!t_%2 zH~)}gqx_w`T31&zSPrt4X37@*ou}n)!H?d++*TaQ<^~^XneRsStK($g-XOQh_}1v*qr=pC(=5eFFL z`pZFyU7L-_@3tKOOiY&Bek)JsGrbAR&b{$Qeh?Cf1tT+9U`4x2xqgHnME8v^@0j}} zB!}p#Exo0E#0?opUpaH$=ip)_wGOY&LaBj?+`y?({=qxpyspT$k3uWDaF>f1T*GE- z`DL{{-Jet;rWda&#{5*@U(eDOQ8_&IL$;=gWMWx)3RnoM?LbJFf5l|CjAD!c=OJr?JFFMOJ^Wl9}bh<6C6 zw8zA3QAzv*UtY;veF_$xWova)S&-D@D>;HsYEtg3_ln4sBO$cbIc%shjDPBd_Ri-= z5Mee4MFqt!W7S1~B;v-(%EP}yaVTZ~1t56zkHZ4U{pbJGATFJk0P$*)Wb1wym=${j z*i`;^;H^LaPLdA*o{{ozp*(x&C30^h35th?da|GjmO%Eu01fL3YU*$SX4j!Cdni4> zyF%zF3p(kZX%^%sf(1lTpn#COp4VsfHL!yZAT@b80)Q^TP;7o&&wU(V;R?QkYEu@f zv?=a;k#5iXp`sWl{N#1>;@K1isuBaN)c#OK%fC?o`}_;wYe9+mg;!}6otFtNBHwf? z&W|6L>-b+VU;kjLuSG%iDNtz4cG%m=vnUd0-)(q`djR$S0L8LMegXr`mx8DD!xz9l z^Y_=UU%L7xH~PUh`cS6-UH-H9%bs}mzpDv~%NY5r6@W6+2Yhm~z?((jUcCn!01TxE zKu?X4>;XHu-N(7k-46#WK(ZZ}WT)uyRk*7-6hCSRFF!82B~2@fR=LB*eFARdi_L)O z001Sv0)&=;**H_rG2l=J{qBNa06zDB_!Vg&$ITA_w*ec=R-giX4d#6;E(3;H_-VGQ zLiokxXTi^3NjDElX-}x6KToi=8V5c69!Vs7>L=)S-AmwyQf2-C%$76hxr-t{!Sg|~ zg6P(*peJCc5O~+;E&fg4J!n>5;U(|(pB-Mb3gk0ADGw`)sL*3PshEAm#z>-Xap_0a zc`Jy-6FY!!g#OqF%mOYa%wDblMoBS%Pg^tlTS6cTaZ3VUjk8?*;eZI!`xJfp-zQ~o za7}nK3)0!!(_M{T94FV~M+bez{->Nhi0C~UmKiC`IQbxzsmmHR>_I92UNSDkCB^^o z*yu%U@w=&Hoc>uTW_D@1U+mrNWnJ)0mB!Y$BsPPWVA5YfWHzJ~=f*CkkzRzfp`PzY z(~4vw*M&3k*;cZD=NoRGXl2T{>sMu~E_~mmTJOZH`l8ui`z2j!FRUMJ^!B5ZQ_JF1 zN05dWLTdKTzOyV6QVJ3bYrjJaUvU6JbTNBtp@{By za#m{xt5nn1Y-^uQ1~p1{BZ*NHAXniom2B3PGmF!R>_Y~>a2FTiZ^hxE#Kf@3g(mGf zKNTOY{Fck(V7vkFsAp%VI`+0&18eYF6PtyeuCw0MzH4(sdhMuPIwzk|4vU`a$U2-W zon^?QBy5HR!um#6){RXT=5x^y5mpQA(Bzcjpv2G#%V$1{Fa7HaVIU#;3f^lq3ulFa zQHpvFC&ua~tO^;{h9cZY`*THuUB`ol@itnxMpsl9D_ve1fpB?*$UJ0gyg>yH+&7Sz zS^Zo?gP zr2Y*m3^Khf&OJ_0Dma8AFALV?SaaxC_PU~p-G_}>+!5!l^OpK`@3o(pwi96mw!&|} z+~@?hy$)Lf;f4VRpBUVmn-+(aQYGQ& zO^;gR@1U7b4RnX`(RJrvcz&Pii0S_pm9#M0Fs@=s6DchL`^b#@G*iN&&0cuc0I^4_ zs5wv73r8yjL*VZfs{k1)&RqVElCg^fe61~hqYdm#EW6v#NDA&=h&ZD3ZGZz3vPcvrHxR6hGebKCw2W{ z@2z2qGIaI86K$xy65wtmLA{lHXam4=Jnl1yKLFAf4(#)_7K-OtiY{OktOr9npoXlG zBnmS>6t4Vds8iuC=;Cf#^llwMk88<5d0W8tMi<&E3g9Ef0KgSAdIH-9={S9PD13c@ z8qY@9$>*MrA25Z^iX4P0MUiZdspbO*2O&={fMraTsq5vYzGwFfi(KA?qWb5#rh=Oq z3qmMV3yP+PQHbwXj<~pn0DW9`zThI~xErWBNUh zK+_2dFdK};jjq^|ymnuWUE`mzN+f?il7}kHIHM>Ye@0`>6wVjC#_tx5ZSdn_5ND*5 zlLg9QQ2dyOSjl(()a1)J=JY9ghMGmU06JP8a7=&#EMbj(cOroa&z{SirOtzCw7qUC zccj&p|LL*cQxHU3RRgZYr6jUo#|w#1&y>`ldxQ*`p2bx5OIb0Yd_4c5KgkXXTg}ufYGi79f;Qra>ht`*QK+UwF(s``DzrK3s2BZC$&EO` z3HaHjiu6sDa}{r3Jt~N5B|>KuS2?pG-^MPZ6}&*FCPj@W)L2Xs9~506fWw!_- zF@YnRBT$ReO0I?vXU$snX=%l6Jkj_9S`FBI%XpY3HKoO?@C6|wO^Dj#Z-<6g2^?jt z=f))2^~M7S9yb}{Z`uz{pA^^SQe;Obb-L1UU^tKuKuWlAN55r~dcUZXmbVj$@UbmW zg8J6uas+#g7yQYrKY-Klet|(B+;TDF9yq?`p)=ab(NfY>`g5Z9GVj+`q5dQ$t_sFu z{Z#V%M691S9qS-nl~AoMJ2qO08)M%fA{8tgJ;L$B9d1A{Eiy8K%o=jAQ?EphQ_jiE zik7A8Ht$Gj%x;uK{LW_9`kV!qz_jsDF$vJb!)S2pqDTHg`v#*kIiayCs0hR@9Liyy zHcTSQKJNi}8PZBONy8tkg9ZbtO@`)NDdEzwt5X}SWu!sbn@16iL2%K|Z?~$W8*)kz zhTadR3M#gC@osI9jZ=!w*m7gvVwIAkWKK#-e;hDRahe=NYcQ{O@6OIX_0<0IHPThq zn=-wh8nQdszuvjs#k3C=CR*~x5QNVr62!?{fFt7~Amq*V8H-H~aisr2k^v@yhf72a zD>6=cD$Y*V%1Vt>zwkha;ZTG~Oi$ME;b9i)!oit%`s&ak$Q%sYn|Efb-Tq10BO&hy zb?V#Ell959@$Zc`o%*mbI9G=VOc;j`1^x0LE<=%6S z+`DMo&~s;|(XB)YNH$2rpW}SQW=>D3>*qJE7-pn(?06mOHr&)$S2dw~wG%%^-1Ga+#8}WU=jcYR`l=a$w8y4{Ig=-{g${M`OUs1yx`T zWL!aMgwVD(01WRjgAKWm0A?!9I&J_&A8$E)Fh^D3rh2T+Q0-LK_-9afJzWR z?Bxi7PLetRW-w@`?}JO1*Op$omfG5UsruB;C**HblgaMW|Ix^SLh)&RPeBX@Q6tpl z8+>L(@gEcT2fHOuN`3;w#(?Grx8M)Jlf>@@%o2Z~+{RX5RCO-|>X`{$&iBSi5?HcZ zEvPr`1PEU76cFH%fo6Uog*b)$lPvq^S*Q&x7|`mhY;KB)h>yU&_9BV7`eqbp5^rVS zxUUW*0!Me&426XoD&584`{-cb$N55xkQj0RkNC0%%;fLP2mb8L^WMEpfbMY6@8tBu z*5^aqJ*O5E3b%KpHgXup3$yx1L?%Z^Zy(~-lx3iHGBY4L&~@8fFABITp}_Ok!q@9y zEv2W;_(XyDXqCTYM_2zdP_gSw;u+;KfuZjpHXpOpq`dM|(dl;4V3R<0nE0)?S?FGGZ*~LPvt7xP;R;S>FLUUmh@goBEuCn{RmPTT)Hq)AIqKTRsFmp z-KXQkg>jcs^N4Rqk)BeUcxIV&NA#9RS`-aiX!S_yWH;S_>J5_-mo8=@#7u(ze z)0v7^tH_yGh4imL-MXki$vW&idIrmoTH;T?(za-l3uI&-AEdN)h1O9eruy#}Lmi$Y z`c;*;?m)x~rncT~8B!tN@Ps<5PP5u6wjImx__@lvzWuXlm(G(K7~@+AU^)3tN+geL zoeDZw=S*3_Nhk6vLx=tQ^97yEmW`R|xUB?P(2lLljP)_7PbDHTGTXppDxb+nW{5S; ze{T*ol_QHe(v2D0j7^zLo4}(t(xw_WW7xy%Z8;r(g0oJBU3x*}K>k>MnCvK8i;C;G z;c1l`|pHe3q=xmzw-dDC=iK&q=J10~~1Fz=nJAL)hUbP(uB#yE(BaKw0N2oYxkhtbwnIISCyjJYjzhDS4;?jCg@&*_B`NOPiad!y zg+13vv(YG38HfY}^6>J(a)pN;vc!V|toGWpfZ#vuUYnQ@M_bL@5@{mDsaUSJZ?WZ8t~F=~9oAj5gnv*E;0de#&{zzs5NTi0!kwvS z%TFH99rpYr&Z%vyr4fb{Wu{M6aWamM`PR0hIFdDkvU@EI020 zfezWwm@s#}mvl4EP`=biA#q%0F8Py^tkJVuvs9FP6I{GJk3f$pJ>L#Ya_PuBefqn{ zK~2FaE7;Y8z91lVqy$YJty}E@mUg@lpaenvlHdlMgZ+ohb`pnx6>jf9>wHjzu14a&g4Qge7^9S&IS)$r+WN+5`Sp0^;CW@mN z2`(mE0J)M2byoP8JKla880Q4&=8EC3ZJrmPR^*9CLm{?0djMU?qSgNrm0ji= zvIB){#!q6OOX@I>D;M#R&;}Z`)Ek1P=cgweFtdgM_A4jM)+O1N8v*_B(nqk^F0;V+ zug1+P;RdNB_hR9nku(Lj$AG36>Xe0Y*r8XDy6(plV8>Vz24!`MbI6>SyGuCgF|1aLVeiQR#?hYuoR>oR2F)K$@bp zEw?9(f_fv4Q@@=NBIM$J9@nTks84Y7G!CX?FIOxr7I=?MzP+5WBz7^Z7CQ26%Vr<( z_zSnrKt~@HH&Mq~ocd$YE1QXX)FA_0`~K5!!)ZkUY(@K7A>9oPo&7hZCp4Eb@N=4O zqPEnR+u}snmtk;5yPCb+BA@rRqHPhgm=Sw*vIP!l6=T+GlbH;u7FFCWo%k37A8t2f znLxiV!!t?{_$8@rIkj~m1ayb2)Cfjs(wyf=K62A@UW>|J`}?q1DRrlllZ#S}0)$p3 zOKkXY66;Uhc52jfUV{5l;Rqz!g<4!d?Oa0_hd7EVZa?inI@Hh0sSFjY_hXH05aK+f zsDv9v&rO2(dx5B|m=!gj zY4iI8B@L1{m72Wr`En69li&UvkuijYDH7pb=OM@BAj2WW5;D)%#@~j-n|8 z;uO9`;Csn)?$MG)l_(0G)C{`cx@E^FZm@jpe{PBU&9~cdEH>ZP(_*PYesnMjp*gs8 zIpDQeFv)VCCbwSJiXhB`U&OJkL(u;5j!Z;{_zmFj^D~;2k~tujTbl3=vuwml!J0?l z{pdg0=F$dVETobQqDM={)yBSJ9UPX+vohYH{wjC(d$g|0OK{JW;F|)M{82b~gh3DS}kbP&R{vFKVktTw$-cgEtpi2$jQb}I5{Mju-=8fxmw zBV|b$wH7z@Pd4`s?_g-NGF{YSAxxFFmP^KDC+(>WI*sobxZxKWV9`!eDV&vywO>2ZV<%voqUSZn)IYiZ~at(-jL0RKexj(1B%RuB zv#ne@L=B7H=A)y2gNA=6iCv{m!!{53n)wg-UFMhipM}t>(EtXZf^G#sG2HJ(&TnsT z#h>TJ0V3w>P44F3asUra5dgTy8!sY(0x@$Q#2HWE=OgEnUS@rOuifX?%}55IUS9G1 z3n&Iu5}1Wo#UlN>kG^z}KTDL&vnGt<&L0%^US47W&SxFaYd&!E9t8@^z0k#t;`NdO zGp8A-6jKELP#2!HOGELo?IL|{05c2Tk!jh!6jMAF_xzja2>=k|?oa2fJ%AhmWgUVs zGoeZE95}Y#9Lt%I#~lJ-Q34+=c4&AN=jzE#=^ri1ez0nw26u*^FC$^Z|UK4rnnL@D-B%shm&a!8|d4kPzVy+ToO zgC)f13z!quS-2^G^Jv0MP_Xb0Ll2YR%<^jRD-njr4X|rYY2h%H{e7mk8KYK=3i=fn z^9QF#zqKei3dfy^6aM2t|EQpkiGI}>C~ke>#h9U~FqizSs(12V6qNd<_8H4`PHK&0 z*Wr)e;OLUd$h6Hp)u26REz?Lv#!mVVv7$70=HC&9CcPnEQ1A~ee$RBRyvZgfYPbrX z>JW}R=+GV?n?h`&Q+1OmjtFFbeNU>gCSFDAU*EQ#6M!O>BplB(V(ntZ<19Rt)$%xs z-x?t!qf&L=-eOmeR_`iDbF2KEG#Ud+pvGPFU(3f;-#B^0}f*>McfF{|<_zoZ0uWk@CdX|FTvM6)C4YDpC>Q8s)^kOC)p1`);$N$#G@T z7~cA!AX_>DT(`ElD%28)_BE?44aO(4dZFu~7kTf`aID96*$}J^c~Sh(rCWF^r7e?G~*A8svtlS<*DLNM@sI9lV za`yfR+yOe|D;y#Gjj=RC|Mlhg!kYa6F0JTQN>b-r^(Sa63An+|&}ACC1AQTA9Sy+x z2V;lTu@ImJ?EspsA5w(*!;&KrB?ormPbaObwqy3*NM9&>yUar_*uYknY z({MPn*A}$N5|BN26N$O{#(9547kY#RD%awFn#7-)pdX9kH;34I?B+0EOJl;Pf2Rop zS;iXNOFzd^Rd~VIf+#++?2h{rW*3fZ&@Y!tt0C93az9U9lrF;RBM$G4bP%o<&c@k1Wb#P^;p zj-YcujAdf;iJiNAnCzoo@Ny74#Yq99ADDf%*S|U|!S!e`Y@8#ZOS26BikB=PF+Dc< zkx(Ljn-v!m5=!uO#sWrDt;w);dCg>+z=Y}f`_@!;mVvIelGN9)Su2|_-PqO{p6zGR zbnR?$yynY1<8O&)y%F{a={abmm6$o;+cPaE{k;F}BI%0v++ms--F~&(C_3}&x%0a$ z`6lBp4O?Nu^p^gsH6>O?8AIRP7l+0Yt_f6XFRx?|A`WHa&vf6_Y*BCqyR~2#+-+l$ zL-MRJ7GkTDT{L}=?DPy^`X#gQcLz>)DP_lgT)qGgv2v4Wt7zxgC~={cm%E;Rv!aeBN|R&) zqFY;cu#*Jt_)2+BUpVG%DAqWr{!XrFvz8GvcS%8dbmNJzfm zAE1R$P3|HfDlzTNjkjMl*+lwb6ROpHR3hzkq`vBqAJ|%=#*UT=2$6mV2kNdTK4#zq zqra(Rxi;onEWrmy%PI^K9;h+-G_3?Q9@%16rOzS|x`rr5^poaP5=KdScw@USSujeB zx6>q7W%d~)YgvxZ>P4Zzcu#y|R@)y+5whe&FNTB`e?4H0&FX@!qym#gqIZ9`m6YHh zl&kEf4!1?+kMfDt2`4o~ik&i)KtuWWb+oH3HQEYwnbu_5j!^y$n{3G+(KH@X2>=bay|kVFN5WD9U{jyf4gwQ3x^{4Gzie~+bJ>8VZSd!o3IHy`ywkUpT;RmfFq2;ZQi#@ ze^6A+yq*^siz35{?vpPc7$LUfW^)=6H}YCh3aJE5ZBi4-@A= zAMauVhx8QLARaF@WmT%i%CMXSlakC=+_!I5NL?+WGk;Qze(iLy6*gv0-`YW?OyNlV zKqbd8Nd_*rww>sr`#WcN;^#INi>uzbKeso6e;r91O8dQJ5T_oiX~D2|)v#+oaGRr7 zA8w6>iGWh+ody}H$QR#TScG0O)_3sqAje-;fmoXO%;#jRk^iDQzR6^)qmUy`en9-g z*WxDG_$H+FQkP`wT6F6=4d{SDy)gepEAB7%`lQ}U&zD--*&PD4PSOyqaqfc4_zLmo zW1n@mkyXLFO@Ht=!4$Zd-1)UYp5+k9LHs2+$+!1bSk?JV6iy3dslhT`+l~{E9Ce*9Cq!cGvhYSk>jk5L7N`WHH19#0E_0xvAUk}y;k)41 zJ8_^-_flr|SOy*4GFdu5KhO7nCiQxT_6k9dJD9<~=a2tQdOkT+DHWI%jCV# zVllKE2o(oScM(%mTLcekdxVlaxV?jZrO_}0UcmTpWosu@-YsuX(s{F_JX6`#_S#G>nN z1nb0QBP#~Jr=*-gOqQw~MY=0G>jwIl4hf@~PU7X(u1cQ--i-3!PIL;rbJiI%9q5T9 zOhC6q%IxcVAMt}b)&J{{EcQe);h+G{HABxP9xJ7^h!_c@6oh78`oF7iABc)t>bF!a zSJo}$66BQyE9xemi(J#VlEEhX*y6uVwogw_koVcL);efpN}7ug0o_ea1Czj@d0Cn% zqSMFrl>l!*1e(7gikm8oHZYn_D&ITRtBN^q9G6H3EQj+Zy3rO`Daixq-i%FvErt&t zhI^)p#@xrJ_2S6}VBKIj7J~TDq_^%YwyI&o-G=r(Z6%cQ}$_A6Y92jofYZ$yV70j&wQl`VF`j2$%) z3R(CxY1^dv8f0ySnAb_~&hh??_c7?6Qx!LC9<*FWM5;g6ne?yU5%bK|TV>@J#Mzpd z`55ACaYP$E_KE7Ns5d@xUo50oxC-$lUOKf9aEi@|L_C&2=L^~vB}9t_H! zUirH{f^DS(bVjB$@J?O&f{7+2{AhD>woZA&TNTPd6~URq>xTgH4mZbcPNHEABW04> zpr{}AD85NddFk!UXg@2%<5NJJtD=kMF?}dFJvn;8+Xog(wS*336YDv)i1bJ)9QrWp z3(U>g?d7)$Ki+*_8h^Y&X$CX##~YvM7SMjFvJV<`#?Xf2R+jMA-GRY*bq{gkc=xU7zV%}#nXxzW6CBhWTu(Q>cXwj@2qj4qZ6DsG0cbQZ~FUj z5ZCNMRtQQC2d@0Q?yW|0wvy?X4mNLR49yJRMr(m^1;n&9FuUw=&|0Gc34EDw(Ff9n!0GKjMZG+3MX%uf6&%D zcnO$0Yae4!Te{*A$Sg_ATl3NM6LHg(=MU`yOJ~yxYeia2#L=A9HM>|FiA#uapr2Ee zOMN6~tEN117~oic>wy=PFj2G`>hd}CQgKzB(d>f3yCX#o{a)(OzVFJlipb~1Zfg$C7L61MIWpoYdfpa-`zVG6tiG!(IUQ|HtE)Mzyl zbW#y?Qc3a*bz?!3TtF)B9|*|D0r|Fzp4S(EfNBPnlX06e9|kN4LTkj(YzB0t`>!kr zt@IMifqNdSdvd%Fp?Ni+u1Wyas6z{@9d+P~?k6C{(b{=t!!EoY2^2<7p-wb-OcB?+ z4IikS9U9-8$rHS;23`aDWI%Q~2)!4ovb?xYyjWfadHl6p-9BChwvgs%l2@n^Q)(4v z`@eM<2rojDCW3(5EcO zZ)V(9haElxMe5Hw{=ekh&!#o!1AYIDK$1vyegoomAokY@wFn0c16$~T_`iVx4yX{V zpJek-6m;Ad8vFqCE{V`NU+5ehFs?Gqxf+f1ud>!{Q?;Y9FUh<|<>?*-h|#3*$Nbg; zLUVrufxvZvZ{k-p;#VC&x| z{5Q5L)Cp+f>Va(%dePCGcTK#x2686WR`3Dy1YI%EW@+n&_ZnbyeuPTM=9Jn0>(I7# zoqyVT>e}+xVHOxsx1aG)GgB8BDeBrmcM)(Q2lrOJLSvfO z^cfBW&_a6j;)?_H-UK~d@Jn?j`4XC4e$oF(n)>$aN;7E!`hR_Gd3cZSm-%+{$m2?r z9k?!z-B~-th3p@^-gwZDoyX|Ckc&O+K}(Pvf^tRZ7F zD7gU!ztCbeixFtdGr(5D!Xrs!YuSf>ncqESb{C4MqV;Sv%N1+9EEaA)3G6O#r^^^D zh8dEzVXUufL=|My9nve4z-&8eA%|M}DaZ+@41j6P_Sy#nHf0GA{2rK#U@aN(pwCBv8qL zukdc5I|fLV;}Kx0aMF2G=tk;y><)SApgAYb+H@X_F2mbShOyw%z)=0*YB^gINY4z?3^%xtnQG=m=6A8TkZs@=)C!us|+pfHPon9 zc-!hy5ed?4BRF}V3jA$t(ZkR4nt@qm7-t3~7D1GnPatzRP?(0ouzA^M*`|1~7($w) zH3ZI94TAwEMaI}-mZO_DS+Eg_YAzOSa4=<*^qY)Y^J3pL4~!HoPE?D5|9ZTEO_Ni( zW$DM7B&8l_rH~pCPwbW+XVTX-@w3)qq475eWKEX)2j;PX78d=h-<3?vQ&S>HM9$0^ zZcvM98*yCBVTRbiM4?$KCR2pzE%8Pl_Efig5q>$g4p4X*|2xo-|HDf3@h5Ykg_n0_ z;`dzr819IOjr_J%lhhP=TkX6K%S_uwk9Zedt~~F%|J?7npYdjr2spN&H3b<2 zh@y2&GqLluIq2g-ieV);Lydf~w!nUCS*3vI9QyQe&xxu9<_}+Y z&K}e`2}nyCz;U_G{m1j>!&TZ)=`oO?fT2u${Sz%7pUQB_Egqhq4~?EdDF}P56>9m9 z&>OjeF-W`I0%W0OZBzNyC)FQBaq_P)Od z`kV{U^?&CUGOk_WxCC`{!U^6w0jxLxg=^xXOHJ=6yS+urMC(wW>}=g@$z;#OH2CrFsd~Yn%d=iy@YViU zA^7Ik=R5r_=Fgh)taY!OcT(>v)Vj9cKr<+&t~#l|^!hQM2gHF{#7mb~Hg9h+APe(r z4+xLosuczuj-}p?nkVo0HuB4aV*U0DZ95 zr?vTt*R4a5!xf*6$o%~0=jZ?0HftX?-Jdu<7CYnbHXiQIO7y6<+(OTd?5+9QueuwIVS*$MnA zqA*39j91nw&#TjLF#mpHKL5P;$zSnay}$cw=&@kKKgh5l~%x7s#QO~n`PMzN0 zq{vk+u2q2ocSiG$7=Q21RyH)}eN~4a8vG%I+Qxr4ptn@kgi zpzC>*iZyj;0+Snl>`tgfv@TqyHY`;4$7ZW~X zgw3b`u0~Xe;V!8y2B8yAZ4L1dQ|-S5lJ~qguGuzebVw5Bt-D`Lp9007wlm2|A0<`e za%i*svLZq4{a-+SD;JqVN+(>LnB}{a*EZsK(&9%i-?z-(AGXu@v_&Vm8`yyync&xv zX$KE%9m~?vWcn{t8RI`ZZ%2UyD7n}B_GM(7sUjB9S5*f7q)Ue17Jp%-U7Y38qvB>R zS4U^mfJBc|nonu`9+fvBvV;&fPGP#;v{O?*{4*m{&sp5+&xf)$rz?GY|p%2UU$*VOrDc^7u_W~9k zXyGgag?nXitS!sawA7d?@?@lF^mXAEL1Qp1cJqIH6N$XVIpkB+OWybKkG&-AZA{t_ z^=hDwC$CS|q7%|0&lm5jo9}-4+A`t#ZrJ2H+?HdqN}q<1yD!|>2`3hd6wN9z^wtP| z5TXJ(0J{6XaC4o$Nl;eKI3MiyE$|`=m;9A25gQQUc^I*y<|nyAjUR^5WznyxT!d(Z z6UFovBc0hM{^mGi&jbTU9pJ2UoZXa4z&50$i5|h_#Z3+8dlYRR@Rl<*8P{BOVs#^J zTWi9A6)hQM*g8d#GPK-aYcNCi%f*q|Gi=UiofIX>n(u=FBx z99b!xyundjuV+%eakcIV%6>>FtVcDwX`fq?E)s_>zo)i#>v9Vvjv@`xihk6hn38iF zI7K*xn^)8pOB1L2=>8JP)@~XC5&C)eyt2_Gc&)M-EZ z2wL>n%ln_Y9dY3U+Iv8fqcN29!uYbebLFR4`vq5aLE%&Tm?{1;uD|=q#h)zimUTj)pyE?{5(tK`>@FRn}39A zyGvK|=M%|?uRyTV`+CnEdaUPbxvUo?|9tdu_PfWKfm+q~<0Fdz8xrxXU93{iJuf&$ zvZ(K^t*yrI!$}B?ex@c}bf%1bxpw=oM4KtEa_72MeyEOFFmU9vT3@=oGoYV~<2cd- zPehEp&J^zPF$7GJ@ns{XKk+r~q@tZ@*sPSvMJNG7nUy?hrh2oABtd5*!GJdbh9#`Y zYj=72(n|O`(ZjMzs)xmGl^*khrjR8)MWkZ&=MzS3QmuyRh%Z8Zy!{BIo4=ho3&qoJ z;RARnb)(FmU#3aT6;gS4k*FkOs0qy-%f;+9y%67ue0EA1;}+xls$f4$PCJRE!LGDLR#ai@ zcbQPpE7dV^^rzvxg?BFJ?EGqNt&gOg!Efk%mVu z1um&-Ly|(>4{t$gi;|Z*5(P2oEJ^XIbT0+OJxu&nIbL!I-jB zQ`dX=BO~wN2#fq@A2rNzeMwDy09a zK_oAt5Etqgty_bY8N2Z`ewi-^KWF4f^PRd$t>~{J6AqGkz>SQ3t|Qqhzcv|S7Ph1m zMmMK$Eoe%3ds559dW4QNe5v8WU>?-HbT{zxa4_ycL>ZN30ShLkpO_vr_R~U-=_|x* z5jM?ZWHQXL*%+I@EgbD520uaF@hUTh+0Z>nFi*Va*hW=Ju|4&ymqP*wa**!&p(;1j z{wqVupp_9tQVVV%ExE>$|>_0f-8iWs||=mPnX{DW!AmY0~R(#Yek(RA5-x zc_$cjwk$i6bitmf+4H@pb&K8hS6R_~@ciqwS7t$0@WHE?@4;D+*?8M6nFz!cm_m!z z&$T1AY1t_PsbYhuc;2DZzoGqwa7p9gEttQYZSoMYmuV8f3Uj@ftG-53?2CPB|J2c) z@X6TxBkcC4fb`*0(`bv{+|7s&E<>B-n|ER{+Y3zpo`RErAs3O6!|S0>&>DlwnxM*N zpl4>_q(qGTd_4Qz<-kV3#}6M+)e49CgZB2SbziSWfC|*kjm;;7Zmo@;WLxzaKV#l| zP5!<6;FlRYpwbfkavCfeG_UGArYr_jX@a)%FGQZ>?Y4m-9^Wb7n&Ex2i{2put43cP ztE*AsYgd9lRsykR6Y8z((gkL$__-9B|1DXK2_tUC$T{HFp7k{|xJ6FqaMK_4V$m*X zAqTPFw^lbQzO{NRA=Z=2nPP5v0)1Hdqt2SG((G<|lYgW>B46l9!kgqCOy+sW zpTuPCFiRwnD#tn>v3kTdNXP<`a`L5*zN^O$2_Tc`&-ZD{`QlDIB(w35VrV1U3eLD^ zfI=My&w?ryRrX1`uj{JzTIBe0Oaed{v`V}T(@ZF-Se%lo@?7{9k-V0X!u4o%Q|n4G zeM0Rv)DZWt>vSu}9bG}oA8sd#v7T5tx%-Bu);ZHGfQp0H{4c!>3r(dk+h3zPOVVwV z2X%3JXwO&&-LOrb)mR~*!q--SXzbehFd~JRg|}p_NZgUD|eNp)cT6N zd6f*K;lir0xnq=#>3;e~eM7@1Q(|iAIU|#yK464!@06@!62r~7FME=9yl)7KRS>+^km%|SFO%#v52aXT z%|**{2%na$mDb!*%bLzF_+YYmf}8*+2M~-(4a=U>yNuz|w=0JsJL@8YhHLo4m4O(J z?Tlq{JWQBcrWDk zZ#O?bzfO7b08%d9gH{a3?V*n-Th@*fLqnBFgDhgFL%n;z=@@211@lEM@@AWgUAM(98Qb^12ob-mP?5NrHS& zirWlqPojVvSS_u#0=~iE6QDLA3``Gxf4!$Ldu(%9)IYdSoA#&rzXv6f*sG*yMDY{b zfRX8G=qx-zfyhIIGW*8sfcP2E>)co}xjQr06|1oo!B2QNdVMs50;MT@w?kV^gP)aO zM_zsR|Nm8}P)HH_?7+c^{8ciS)u<7B!P8gz<;b33Q(%$I$#;KY@`}U98yzA#e#Bq% ze#GoeC=;HNKL6(62T>%Wvn2aA4DhYx9;5McgF0K#5{$VIg=Pouk*DXY32t8j#?q02 z-~JEN5Vxz)UpN@4x#1vzp|#=g%i8tHZ6qOH3mIJzdOGZbG&mxjI>eNO`lAK0LjJx( z=?UA20sZ_>?^8JEb^jMzXB`!F)cxzByAkOIX@+hD1caeukd_=$Qd*R5kgfrxV+iR6 z=^T*mmXH=DR0QvL-uHL!x_7PnpKB>DK-p)XefH;hww4n@*i%z+^~k9X`l5f~^AGm3 zB0VIaqLZ5;c&qdaBnPKf>Qd#&Pc2?MIc!eGPu*0hiBfg76Xfh}Efnod9l#)JY z7>$=U@)TA|>1SWK?SjZi*N+jo4Q9e01~&0ZMX&B39^|bWYvErG-FnuyB)qArB^%JX zL`A(JJ)fxSoVB~69y(UJ-nyKdYDU{&DT`lq!yoZ0^Qp&~GQ$er@c^7Ofl?+zzgu61 z4_?|9INqf5h8qhT>k#fz%2sw|DTiz8QuO0O52(dw+Mqd!$rtzGofC2vIp?ehf0VJwjUjC-6-!sq;x}xIRrW8{ z>BY^pvZB+}qzvqz%6l&0z9r}la7my6)KU6z&Wb-H69eA&j97%VOICJ+4dN-ua%YtX zm0qc|!=podtE<|)BDGad)-d4TdZYBAjSvX2dLT3@N3rrMC9-0?6 z{K`~RwTyM#(&?fq-K*EPwG=M>S;-cmSFBp2YC+AK_=@QZH~z0F5(Q7>AVm~xppFnE zp?=))D_3?%Ey|5=d;wHx{ch#mQDI|HDbhEI-&akNW&4evaYdL}Na`LV?T9miR$US^ zhagT7v)M~YF4@9Hfse9Njxst_mtECDimHt>lzB$=)y_Hn+NVX$YRcdz&KseaX?0vt zgQP$5{N=ZPcf<=y1Di-1>|ierZ?UU-nEf-ekWUmkE$(}zGR_-J ztEWePeC9zSDPp+Vj^15wFJ<1(&Ai!S%&L(slVbe?QAc|d{>8=p{D@h2&N!Mk@%Zu) zD`#_ zbBx@O{kyqbKOK1$&J;h<13Z%j0fFKhf9kZ0KeZPf!0yG#XL_&44-FCryppm1R=-~6 z#iN$bQ2PLPl6(wr+!|beaiilD^ep65F!_*RM6iKHx;H47WDzuUVrk_((+04!T!}M( za7dF_SG(nkgokQOuH@If#^xXlmL+Y~g~_}Jd3uiSSm`44Z(pChuAVLp5eUOSveLCj zmm(*i?YHksCF*{8aP;fN&0&O`tP&;QLsn$MBnvxg;;z_zR-u;KnH$xA8nc4wR!C)6 z;^<&Mm&lc$GsMsqCy5=hQ(z??8i}amr5{Aos7ot=AFjA^Mg?Qgcpu5JOk>##x21@L zt|-ncuz#9;U)bPMD^!XpOg+#DW_d6mZOqPrYCxpaZ8*b3Wbr~*HWozb1@K5=lD2D|iE=FhpYG>7PW-()&ih_@l&eGx$|!93cK629D@njJLBCW-56%@wR1 z2T8pZq6!kkSIdU{A<;P{>FSjVMBxpivi9eQp-&!B#p%M*XfLYs@<3F={4gr)oKRk@ z8UB#eB2HJ<*!ccJl`PXZ11}%u_Ad&mA!c!QjJ0}(ZZ(}AM%Ifats}* z>C+i7VqSsIe1^FVAn1EtpAc>pn-e^sIC}>{0ZexC?CW4M^;sdjG(u`ag3;IrGP;cQ zNyGT?UhNFmCra8LJj8emwor@&at^At$AUr#H_lv@)G89UK>=1J`fHpqC70HU9NxG9 z2p&>hnqNb`f6CG#Gcw0uw~jJtA3&l097Lj9`!w2Mt?p|JKa20c@e}e9$t*!cDu5Lg zS~0QL$J)axY%e3AbXvSqv8k`Wk77LX5h(p-?1lD2je%;s2lM(k8b7{w# zY`D2rL9$%A$^7QoWu6RWHc1$v4ciMr#CfFt6!GbWVC9Qwwm>Zqf~b>8Uq4xCzj8@VtGcBl@%o6q2|iC^2-XP&mYZ1 z^8OLdhD$-}ZSbvu1+HDydy+NRa7k#ksFl4im1nCpmz0B^_^nN5)1LC^dGd6(eevkX zX@rMXxtfIs7AD)P?lNAtY}QaIZ^^5u%l06v@5+^hE`#We=nH(lHYw_l=RFV5na~TW zcLxYt+z5#i?g+wF`Lw?1+p4Y#rs zrT%vh;HJ4=5g257r#t5ap(SKTj?oa4dDV50>}fDzM}vr^I6YffI=I=ixO@LBO1 zX^ATS}~|`!8Z|le(8md_H2@>ODG}zK=S9jH)hnHm!P} z7ffCAw}`=`Ha2uU7&nq|j9a~=*#pBGW~~SHVPoaQl|fY|b7Ry!@W0Qz|JjrMKfh#T zn`-U*>f6}IEB>+TsOj>hgy}J(&jYPtSDBVvWGIOSD~>=zJya{$+g>TCEgr`(f#e}O zhQ2Bur(&D!QMqS?(Pu{qh9Du802dj&Ca*3Tu#rnHlI)Gg@{3(WbjUxkv2Vu#E-(<2 zqg@84o6<*KR^8Ggt>K8=&C>U|wKWVt%pF&8mHU}{Sx62Qo8S04Gqw$rN#HBOy2VDw zt+%uz%ke_cqiqBxom*t_F*}Znfn?987l|&7JP4ZC>aZKgNr^&#WFceVs3AnpTkO%) zLRNi|7OkNzuD8+@QaveOQXH6#HzuLYk?*PbEeU6Ht3!wP@fc+NCqNO#*(&U@>9d_C zLTp8~C)oki*w2>>v|%eqZYvCtx#+=I$32%v3tEfl*o~%zoG#6-Z$rK;*d=OXzy&;x@okDc>ui!$6iBa z{ql*dNGnpcINHT-uA>kk&<4+;pi9uQ*oa|)ETq4gKd2qUEq)~%8R2ir@jaGEQR~!B zxv#9bBX=%;=k3?@2EBqcZsi;7{XyaCPfXQeTOfz+Q{vp7z)eQOh zAvIoq%I?{s9nC6a7;YW?vsY_Kp;k{_3l5Y?-qJ?t~9 zw)%=aSL>qu)B3`!ppb1Y+yx&gi9RsQnQJfBE+O24PPqLVv*jzLAXqQ&lS*TqtHO*d1BbxclN@1&DT z4`bo?sG;7SJ>u4BI``^h-9MsLFBhv+xH>8H_DS~h3?SUGHCkE=O0^N-)~HHaT-!Sr z^-u&NU^+t?bC3w>ZD;};OEqEl3ur+_R>1XpuF6J+Pz@p9?_f-w+St$N=c^&zyK1a` z!)!&ugy$c;r=+5BJ!a5&%g0+vFtYX7WOSuHdVM<88?hf#mkIw#HT9H)e^D2lLXJrL zrJAhjnA<#wORf@;N+aWT)uphBgs*@mr%uOf^Y=`iC|Ma7A=~F_+k(X0MVE@)YQZ8D zCb1>X+z1sYT`8gVBhQ%wYAc7yTuyKUfL? zGtX<1oCXi<#|t6WPFHpgjw;UX%$32u&Xb|El$6&y9A494H`ay*WoX+#?h3Ve?#c6ReOXlt{adr zAJQKbgmRP{8t}egu=e#fFyQKC4NLy(yFcxI08XQ_PJ%8F#;2s}PH#RsK5*7E(T@|j zy}7;lqo2-k-OZ=MxZ2E)3<;Yb3&Z?Inw)!fadvTjmSxSXn+42{s9~lYWjV6nO|E+) zY+ZkD<5not+*Th<;(2pf|-Hw0)|? zk{6Snr|VKI{A^NUQ*>x_qvv`)ZyWI^Cer5FHPaLKXEM2>1e`kFR36Q~e!WU>+q$2sEiZK} zHPC?UsmG_QWb(+%)AfN^eDRmpcJZM7*j{<*2{Zg&lR*aj7rT8?IA7$i-v7IezkTX| zkQy&2<+(dZ{AC)*VP&H~5RSh!W3LyoSrB`1F(V)T{JC|4I1bJd4_UdP$@bi1&`-pZ z&Amk_gnbjCGlmGAwXT^!R#0cq02r(xw8r#jqkChWY^Fcb5XzNFqqJJ=lxF*etZrsC zmmR!Sk(n)<&10m+`}qjAq~&VoxIp4IJg8pM@S_{S_uAs|zi$4PWSUPpn`gZDz}`9w z>iz5gTOqu|v!Zn@F~YwD{jiRCo!HVDCGno$3rhbzUTlhTORXa7`^8+;OsHn9) zObsLU9??CBlBrKqPjy?|HyH`isK;-C`j3n>fDE8sl4QW;-)}!qSP1d7DyAfl*EmM{ zJ@gRNs z!rfPuOH77p*pI#zaFZ@jdlKCXNg5_{QzM;g2`6{YRWz(OK08j0blM_1%8gvPN+k`n zV?j2B>{G^wed|$HW(RC@YaXsARKJT>c7IiCgx+L)NMqNwXu$SuufhgfS&UT&Kp%csAW5qEAoLcvtbq!W45MDx&SFHBDX>uz%;6U{7Osg<3pmi{(36r zz^XnLC}H3xo?{!J6D3#A9c)=Or@%^lf7^yAyo&mHSMM!;*!DjF(pklt!YuJe5!-BH+>*t*)eX< z4?f9;!CrUz)mJQKy6ZUC^0FDR6e1x#OqoH!%$>lhG4NJ5HF@`T%SI9Gm1#0=s$ODS z8IOa$zU(ycbNm@?!L95Vy!g6wJg12 z2(_M#=vFHz_#xo{B?$i-VzoeDz|PJZ+rc;1wq|&2aB`}vtK!#JjU3E&nae|j}V>4v&ilgrb=(~&l!OLAX9j| zRdkU0jr+GirSNrs=jZ;y!cSRWTiMMtTLE@z)Y!llCxvV>0{2oUeAjU_@qAM~xJXx7 z6f!S?Q|pTjER%g_FB-2MS2!h$Adg^21dJ%Kqkkgb61$JuRJLgo7LrPn#;^Ol^>JnE z{!sA#9q`ue)41YAZ760yuFh_!$(S@x)iHwOJmJ_ZpV-Da4a#(d^3ZJ7_`by73 z*|*EdS+slsYi7o4#_yYiY+bm}WDnuq4c*?}*~r5M^~d#S#nOcdr3oX=qY6uM(>FH! zoBlF8U8r5I?-JIh!wZ7CO|r$*mMFq6MMG`=k2 z?J!TgK$Qt|wg3O!qvy|8F70D$lY_*T9!c5>**EctgDcH0ALz{TXRRe}Y!Y~$t+p}q zmMw9*>J@h$RG@_qgK|}i!YHO?=-z3O33re70EqD_-APagcNg_kxt99TlI!Z{nZi{k`A zPhPx#zagrGdrhCo&ca|W!^4`#UJ5)h*Pe6`zxo~@s^BJ$8ImGxO%!ee<$dPquT4HU zm+U|^Oy}MFG;+XjU}dI@FNny-15yNm&5-#V-q^nhex&u-GVswU;`;z`|Mmkz2TxDPp)sWfVeeZ`7yt*K<-6e_M|i`8supk z4@GJE8}ol|%xuD5e!O-paS-xfMY(C%PzvZqkfCp@_>9qE{5ICkv1uri_j78E{#YVN z##?OkSa2gowTfP3(%4YqD7V4STI@EXgzTIZkfhfWYad7v3x@^X!ayA+Qf}lOF`Bao zo5>^Z~^nDbITF8XIeUr&quUwI$a z_SdsSpEQ36!S%4-&GX_eRkF7IvG@JN9tPPF%w;dtj(NV~56ev7;Qc|9LCt4Q^AQs^ z##&g(7@r58p<@OEQAb=02(8@;DforaTww+LMkVX+&fzxezJcV>3mrZ%KM8nK!3J6R z^@lB=*9D)29`Q|F=0~>CspYd?G!Ig?NmKae+G<&>Wao_5wC%yRHq{QDDIcK?V&c@} z4lKvzernoFE8$Dsfex+kUe1_lBW7DG=B?Zxt_Bm9Cy)!zmp8Ug>FtTMt!(gQt3BH$ zXUJ)!#7f-_IbjPcH9e<;nnl>c)lHId za7~Yp&!rVPkL1PJHneG%|<8UaTe7dCJK$gKT0Mkp+`MD z&dOiDemtnfZ!Qa&RLI61fZi1aa}RY>{=ByY7QM=Vm!gO?xQHi2J)-hAE@kxKuvk1# z(sVcVtws&h0~@Mxg{}Aek&;L4Kz1+ux}{)Tp^c2N%G@aSP-y5nqfE+Z9;05mi=T9@ zXBl{Cc}$K9S*-n9qD4^*-=gx+C=3pe(uzEDq)!SuZ$H#>51d0q$52t|j}P~c+>yf+ zK*+5HFhjfqu)_~$AAiMuT-IKB;hft-RzJ!Azwa$?w1%uheA&xu^}LRRY|LEKl`Ul) zCQp6YKKdurT=(^*_|Z)6-`C6J?h2RXqvyZ)|LQKOMj5~bbA2|3o+MrH!DMZW zr*9$=a@w5Kjjke&4+Hgabbsr!Xwv;s91oEH2(XsZ^|@C|s}W$^ z-2#opDg*m@XBEdh#lC%&uemR#_0W$Hrqh)ZQVwMRfuSM=Csb=ar#)TxTQVT}>efo7ob&(@y zdahVAR>q=Ji6a}?GLb7gI0COZIbH^SY*kv}7hn}edX|bos*T(&5O(}b-{0rIa*LT> zbPwjc%`%OW$6NRFdc1<*ASJ;+f}FP2jvfn{$El7*=f>5uyDhH34)6&vgv>Vpylr7e z$;pGQ=!7TC?{GS$wr9XYWFZWCtz)0n@d&?1nv4T2PZBq2H9Lt)e*1h+Z?V^-k?V}P ztz?;jJj7}3jvl#Kkr!(}*A=9AT!5I=$dF+A))jprD&iw$qK0YM?!(Gzpn{Qs*SA%2 zlW=lBoRg;9T2F^D>NEz(9iGLLI)jzhm9zf<160^Fze}au%!T3RmXGlMp zBQLJE$BG^qesO${rljn=_#u#$64M5Q@WVi+1omUiioGp8*CNF<)54X@u|rKOeO|CP z4u&s(SmJFt6j?>XyUsB2;N|!3e9*N(%GVMkMtlT1^TetSUuVc# zSJ(`HeKt8yB~61%$)*eBJ-oZ=ky}nhNdGf)IXm}e62UP3wOz`b$`wYQP{96&Ku8r! zO!ryS;BzIeSZd2K`w)Gh5PLPUui=g*(_t)*^NL#jF?zOxznHOkoVm!cFp7S~#q_VY z-(Fd|+&>t1-d)Mv3i-jltK?tbWr#_&>fCNtEo}yWa}VCanS*81MN=3s9`Kt*{~VBg z`f)?Hl=5-SNuX~a%vrY)+#U;7WT2_h39hQO&L>c=&}@1*VNR`!eZDrU;!!8!`PHh9 z!bSE|G10ivN;vh?9IhXHCJyCDoBPRwf+^R z{C@o8cg|*WsmULEfx2jqzrv^dp9wE>0HUu20Cqo^grgV`=Rm^B+uIw3Y9yBaRzRU6 zd%0};{vKM{JEoL92z(l`>Ip*)s}tX5^hdx;#86YL8S~6bDOJ27TIG@v&9HiE9!tDX z;>X>Kd>PMHB{nmCE2#g>LlXwRI377_Jbh`)*@~CwZs6Sc$!(+ZDoIFk1hifM$>2iV zXTGSkXGkt{rs$LRdzEG`r-`ZRv@r9Pg|?4hRBXzX2_gL_OOsPb&HCO28f7GwhBM2u zk}$^)#*CHt#A2M=x`hA%0r;7ynL@u=xOPK&7~HHL3}|HZMMyDZb3dV7zI!Y?VrrlU zBgR-w*WZ?&Pi5k;^Elxt#eAZ!7(vjLN+ar;%NjXuZRUt3pG@by^CPLmb5iNTkc%8N zL2J_m#5|boOyFM_Mddp@<0l~iSVlpUCHa*2`J{R;n54(JqCaqqD;6A@fG?r9&YP(S zbs}J5-OC@-oE+P+EOp+PpLc7VJ2?sLK$IcIbCF4q)Ifr#t@<^Y++M~~6n(Ot{U$ru z6N?HMKOY^~tkWoWT1AV5#x7eh@Jnn==C7+SJU+ACELLtEUPcl|w|7)V)H_u1FwO_~ z@d!`w5r?)ToYVMuk=WsiP!1{~C9cVXyh&sOOwv@TSzW1Vb+3{c@ZwKhA zfVPN=RV_DB^nftC2=A@KjN4Joiimgbx5cB@xe9aqBe>L%+l8EnE;w%Z|Jh@G2S z#K7ZB4$s-0X=`NxC2RRr{maq$I7VJH!px-Xys;|XCNZK>sbz#Fn_GDUyjOM<;ZX=S zfUyg+`)KY5>Mor)lr^t_Zml@rbNzKWA75rO!AP7u3#b(3m>aPq#P|rkC;JDL<`eSD zo*&dlfF5@`FllZK+Fqlvglj5eCuh-$h&7)ollt9+^-)DeZYm}4^Gc`hs?#CgDLLH3 z(dv`iA{+4<>p+f*<6+T(z4r&;C%pPwr&v=_6l4T_Z5tTHgw@pttZytz$~M+<8PS(6 z3+ioj&19RoQ$kE4iq%!JH_S1>FtQX!POe_NPM5$hk1Zo?b$3YlG?}r}WDFS!9rJlu zr*h%LSlmh6Z=CSCT><|i4XU-!<(ybQ!5YiqMcOVc(s-lBj04xPLE0NX*hD6741|9pbEU&?E2kLASio~Z3~k9-irZ%Yu*I|MJxaHtop^<+s=0^kJ`EkoEu0{ zwMNs1{N9-A-XgB%hWm3c=Q-r5(cQL?k#3Nsbcnsr`xms%q3ez`r@kvfS0rYcsfmulb5iP!3Kdt&73FvKY`K1t8kvy|_liGiNy-Pt&IQjs; z>2>QS?NrcQr@0P%&%dTv(pSlSD_X0;jtnMTMj{j2Y)8>7DK($Bq$)l(H`Fg~Z~BxF zo)|;@K7yIkB}2am4GCD;O&SLX8FjHKdOa4hm;6n)k<8S;xd>EFn!?ZXKx|QPa(Ije zD;fDtx^gpj9vi1heA%Cv&d1qGy;vUllGz4Ob!dG|Yg{W73dji%VZ5E(nhd05>gcRb zo~a^uNvm=Iw|7|Oh;Rk3`WQbP#tIhlG!~bpXg8f`I7xnb%=J0G!m2yYOQN?fyUWe! zm+|>@2zwur-nTuH%C)a=wrGGJS0Z56e65c5z(=<8uEWRAJ-`YrGY5?=EXCd;J5$tb zi4J?NQ;TSE3Ci`9BCJgFV2W76o|RR55NXG%d@veni3hdvt*ewu$F6bEpX=sAd21 zXeDyli$NKPquG@SsW`2vIBmv-U89^2biWYAAUd>J_BLp>;|YY&_F!dY=g1HG>hILH zeC24RTqJRD#-Yv|2}P|Sk2&U5;nDSYv$|%{-f6Q^Bi>wU_N~}aj;1&8 zh7U#NJ62DK*}27;AOcW1nOByOPBr>NP7*lGx^N7^66AupaJ1tAJMpkS`P=23)@&_N z8&*_c=<;Px^P?nK_y$a<&qJ3U zZPyrwi>TQQ8h#&}viXp|vJQuFr7B>)c;O=%KUk|tEL``PE0-X$<6C;xA|;uhFQjlv zR?W#7T)|G%2%Gk(Xuq@uGK{?i+Qe++u@0mGp>@wFvn98c1QTUS33qp}2{>?#aj`Mu zM$x)tvNu)}OG$eaiEmQ2f;E;ilBzB6rFHj(P%FNvU9DT9t z^ltl-sdfD-zvG)ZxAp_nk=lc)VK3v8)o_pY!klns@-(+JMIev3=34 zoG%-B9B-+-ZitOXh)Gj zbO6e;FE)tSzVT)1|5L8I3P~W47f;8C&21cx-#EZTx$9n9aXN zK=d$4`nck8*EZJEfB5U0DLPdB|7nIaZQ%9fLVgKRozmWZl@8yD32jdSHi4DNw^kjS zbKI0*m2Wfuuw|Dq8sm-XctjpM&Jc!x9SlJ6gswAVZ)*Ey+x&E+&9T?qxl=b7>eNK2 zu!yf87R)G%MBFi@+s8K@R7~2L2}2+BgG{f6_+(mccXi(ENy*}?PW(N?UdPk*^S>o8 z$=6F}<$+X~a^%vo?iLUNsH?49YV`zo@ zFbcOYQxk2e&+I{{k)6tY9b?d^bZ&)KihCPItYQRsr*`esnq{j3;Iy#dit&-Q)F z4%lj;lxCE1~<7a)Bq7*!@e=on(6zlzJ z13n%qT1x==3ZtiaBs0fmv+V6196*p$D&C#pv27cWYG?+@BJ;Cs`t|mmqEl&sW22_` zeWgFpUU65^7p-dUve2!$=m{IDA4_WyVdsifbv$-3h0-~HfNx1lw5mjFF$$DOd$Kv_ zKP<@sqNK{+t!MY{&qH^J2# z_>a#p`XEPK5Sw^$L%V08XG{K5Jus4fxv9N9sGRQ=%;al4=uye^PQSWx0@Az^w=lj_ z0_J9=03k4Zy_-!(Q{ZMPtxZ_R+IMa~Op9ewVB)3t?@|egn~)>1dZNY8S_3d0lA7YW#boPlWDOJC zHa56%7Y6n0>zS>~*vaMa_Z5$cg>ATlt@%Z@5mDdVJLFB4eb#*=sZcIH=2bJ_&n1$|cEr~G=n-^<+?2etrPip6m8SAi%TekCA1L1C2U%jJEJE6aO! zAAJJaM-(RnC4K4!7$g?bqi*`Q0G$B%-0y4LgI!i)-vP8$+3R@&2N( zPdAXiKhpW=IZWdRd>KI2b?g2CpzZ?^#2>{>_uqEo1?BgWpJg(31^hgCuzEQ9_}~P5 zI+FKSa{wCY;wefX^K(k(i|kJ%3QBdK(0#XYajtXN0FY0CnC=a569rKJ*F^6A&qhmc z-bJ32KdZG>iw61yB-j64}j)2LJ*r9zq5B#6%6n)CeUsTUvTUw5s zz5j=jvo%Nn2O;Xlepy95fiHH^>v!kSJKnYV>Vvb7()Wg$$Euc@QEU19mL6+1blS(= z1*Z3wPH?NDn)TDC~PVJY9#(=X^uj$G-q*BO`*2q)J zWdv9xG^~2GX2azjGLlkK`?DLx1>1UMemZ$FyVgQ@M{P8L6m)Du3EVZ;PlRm~qG@DT z8(-v1shXt@^5KHKfEEM`C9vy5q2E*_Og6e9{rWlWcOGri$XEFijYmgED@WX3(B|Z1 zx7?`hN(2JoCDB>{BF~Pc$$T!>RU%X*=(Cw6W9j>wuWX3zl(&;OMAB^Jf#j+al8!9P zalldM(`W=wBXe_t5xdvW=0XIMxJ;up*n(`Kra+wR&-Uv>YdnQ!7Nrct(F)Dvv&kG4 zW%era^#ZU+t>FTJn}(7Se^&PbF%f=aY~6v8YKA&Ayw2JAJK#b{7o*72_wZRMK)VDa z(Rgiw9SVQ6s9F1`&_-2;)H5*MChMGXxnid$h?>d}JVFyvI5G30iMd1}9knti--zdI z+?sVd|2_A({m!G!Dg+XlTc<8W%#MOOyA}J~Rdv`u!7AJDVJmhHv z+;%v~CO1><6sMwTvkbVL8~%DT-<)w}W*-6Kl*F7m-&1unl;%~XGsE2o)Jx}}T=3*c z8aCugh{XElVJGs_DiFf*91@0T;Gt*drWN*D4Aj+HSnzmjeX>qPN34>HbF(#LKEkM` zVR$Pe=$kN4q|^$>_$SaRmZ>AT(J`dudhI!3%4S+}r7PLC{@JF`ol3h7{aeSo^)O*P z=32&oe-lYFbH_kFgR7A=;d<9u+P9}8IpIoM_MP9< zTF;Cs*G%Mm_jF66nkd~O()cr?-(L^v6EaY*@%;7EDMhc$4CK0PHCXuWMq*DYNlVt` zzu({IjGa15M!wI!F5d0g8blyMCX=8%o32aU+elPajy*TXfJwT=m((i<^w0SqM+7N`d>dMWP# zl~)evfzb#20SDq=6#Nb#ILL*}={&v9woPh3DuZW!INM9p>G@U^kJ5e(!>_&q6*LvF zv;e<{vULMTmfYRSmmWX}kV#D5%k;3r#0bm|P)bP~eb2(TZFfQ=^gqX6^!%7N(7C^9 z{oD=kr5NA-+ClM}Hvc``G66?hV`C%0nW{p(-D6`~sk0tvzRCx!awnp3O8Ug}eb9PCrLphd zH5m}-IaBbJ`jh;5(aFmZrhlk!4RF#>q-1Ez`@-LTm3V7wZOx+J5r{f2?t?n6*lk_x z_$6#k%RX`7StMAvMQ8m)0mMH8xk;Jb7`CaW|NfRaS)#~QdmMtl0V_?*mHqna<0cQlufc)(-<&h5ed0Y_=W{O-tcbv&e`|3{#*^==wq2F1dN*INsC*AxJ%nL}Gc= zCli7PK~Gc>B?yFcDUVQ>_(EO{Nur-0&lK&&x5;%)1IYb=J_PLw8~wSa^_(#thAtF} zK^iTVi@^#1xV6fM{4zD=W-P&mBruE46d~KsiyqiPUd_+XQ_9TGkA_d0fZBZ<)>%av z{HF^)GZ;q>DZKq+?mPd7)FAD9-`UqNxt-e|EbTG#r@G%g-k!XFcz3j-gWT1haY2pkAKgxs~iI-<-4V6LO+oudR81_7k+;N-wnakB-pD=Gc^MQ1m@sy z+;{)`$yW?5Mi+jF%pL|oOAgK9DNZybt#eNjCpaZWRWk_^IA1(^JJIl0~qP0$XI%jXaiTwyfi4?k2(* zrJmK*w_zy-Dkl4|`lJ{(pLF*2N6pS*Y2jq16sZ2Mg@FR(PfoJZ2Gn5`-wyx)I*;@` zd}aFg3&nv2R4~8WM&#T$@Ft_>POU{mL_i;Y<{fqcqg@;ifHeLFbwF(6Jf+6TL(OOX zM`TccNpl`iulvJ+yZl$0FOopjGWv7z51^;M`wVdDBwnpHjgPtme+p#@+%awkE<8^G zo8oU2qP$%Gx)O)!&G#IK4*|e+WyAk#;wJz?h(2g~wEbY!gYx`N0ICEOVs-F0%JN(N z^7Gs4(|q9l{t`H|mcOEG#K$(dSS|l>Myp`41VSJJ2LNs#O6sWb^3Uwm)z$HnizOsV6x00T zLfpG^IPEXrd4G6M-d(%gVV*a!%xRq&@O5+R1dJ04<~6_Zyv76C`Ij4;rl#GJ80#Ac zLcA8Nhh3+e4VgbSL)-akx=XK7w=hAi>YP{Z9Ih`)YlOsImr-EEr^Y&I40Jm@owq#o zlR&pV;Crg{pFUkE_GK)!_wTbbn=CK&7g7VOpV}z1Pk)llc#B`}+hyJ@F|gGn}1gO`o1WVbWU?^KaHCLhR($SwP1UHe!_ zXo*NXWygtk%~=!9+v;%J=m>N!D6`_$wP3NtYSxh6Zg~&A<%aVcx(`9pM|Td4dbODp zIT94Axg*`H9x3pDH}&IC9^O@&`mQ*1zPkQz?ykp=#tfu}?X#Pd0&C0av1FQ?=^U$gsCw3grYIyr>C_8_E^D!YcclRpmAQL&l<)7zUZ!8KNM zQqw}raM623NWoIFrqpR567)ofCniIKLrgJp%*PtBnX1o6)2L)^{#VUwq)47l#M{B3 z+326|;A%u?0Gd7;1dmF5vQ|;Am5g$Ar^|8e`EV}3;UlciSDQ&hyPnXfO}1Xht_*a$ zg&{g}C{_)P*jRv6+=HO(QLaaIj;h=UWE7jb&U*T!Px(<=POAhiO|3^OeP&k+&=6O-Wp~zAM@MDQ|>pb_}x;H!DYOrss+vXvhThA8vZaj&i%jK@jr_p4- z{qR-su8AE-Dkal`;9Op~-nm|#()xOnB%@`n=uWSf@bxmx>e!P;*vre~)CyP89+nIO zhvyJIZpe}1i=Bsh`5T4PP&}a#@?R@A4alULsx5xkJ|pk$Xim`eD!4N)=^L-gzD%b< z(%bTg>BVT1K5aZCA0LuyjWZ?~2v(e*9uQn=iFJ2G1?tYPrZj)~;~3n*OGdx|fk zlh-_(S6wqtIeQ1j_BkB&{I&Mq9^V!9jt{B>tlnqKOCK*29Ar^?_iqK^Nm2*ds5TtM z!sfy8+o%Ta0yrVsOgv>$g|m79FV096$1dL${9g77itkohiJGKzWnQ{3fp)1-LPH35jgXX# zc{lIAZ;;N9#x??yMX&Rbhr0`sZD7Vuj}g-9vQxbuU!~*W;Ow-rYp#LzsbM{8V5b4- zaWfCYg|kYpTU>4Y3dmckW*4bZ!>HBB;@0+bU)PAW^=`jY?#8RS{PyYpPUUxB2xK~= zeV1HOi+`4D2DU}g#3(Z0NS;%D9 zlXn|h82p;7xMKPcKDxzE9}y=7uKj)UIjap6z)x5`S(i=_L%rd1f!1z3a;)jt-7MNq z>)b*zDbl?H{XWp&l*le8S~5MNk-366PMGhKxCrjWKsq8_|J!}h^aB^93W3-T8U7xn z<%@$?j=;};a;O@ErUPxB=(uL@s;esi779$X7B)^Q`>Xn9OMG4%Z= zQW)tSJDJZv&*}OXLBZ5)TLylw9%a;s8aDa%M#5hy7Y?6*)OC$DI^+7FT8(A~ZfMaW z!lwVAS*&s{=P*R(BdYy9^|o3>?+@GB(u*MiEqdg+F;Dx}(ZI+PSkwo>pn_MkE$<@) z1^ExQTIW@-N{3`F1B#|5asvOQ45bVeKkt z(N?vU0tU9D~EDDK>+BJs-U<0Muu9>{$WC z?*8;jps{gP6f-yHL+*##u~&-T5F3@R@cN32^7J$xlEs!?2(4MBw{FxxY73n@H$@nb zcdAH~!nI;?2u*7zZzpr={dcBhMRhD% zuh&(&Mz=(i+P}EGaJS03!+X)!rvlo1m6pvGNG&~w4~sHzakQY-T@8k6O`H*BU`bT` zS*-c_jHdSGQxP#SG3t4x`5zg@{aQqitNn4EUfCRJQT1=; z-CawFNe;J!Y+kqSi8?@isBpZDba1nF^b5{X(zee2_W}a&4ze%RS}Y_dcaPHM0A@je zS-trarBFp_2vCIPS8rW7jv5(c)@E^&Vb@s~1Ox;iz?#(n%tY)@b)*h~%lru-SpA2x zy)sr*(aVZgmNt~~s#J7s`mVh~&1Zq?=H7KV%%HLQr2^dI=f9>obd&UsA0y_j0ccHr zjofe^Dpt1QR5>!Gch;p%1RPcFe*WU;zvKEdel2f1TwgF zMk_RPbDCOt>LT^$jR>oD3-%4GkZ<_-aMw~rB$v(gB0fyq#p+JHS zg|f(*iWMK2a78^Wj0jcj_p~1iM`Q40Gb=8=fX7?9j!%w(QHmTtF*5P6@cY+lKTXt}>&OsOTMEjytg#R1W-ct&R@tiS@+D1$ zoks@aDT};wkz8%g_7~sHZ(Yzzg47`N>ezKcN%U{=ymoMlj>(>!C8u;d=_5SL!V`wx zBz;`b+}wI=SNB7mgW@Ek@{MiZDWRt&h;d4($XUNFocEk~j2dOQ$ zYM;SwQkC;{OfFX}3SU67Y+$g>Sn~&9NnSDSM4arrPN;#1yld$Q^6;@kN`Ua$46MzX zduWClv@PlD(Mm)5%h(F@G}xM^xZt}}5w1*Q0&-ZEHMe)dK)XoXxFWm8%5eX9il81O zDvQ3&hO4s@gROOMNE7=ZA4PHc%14M=;87fBh&2LwGxNYlWeRB=Y+ZzhBEZa?FpGx+r7Nf_+@r;_C6H&LMigJj8SId^;rY&E zC9fX+w`YOt{j{uUbh9+g=Exm}g=KSJT{tyRIjU^_yH3&i!II27mZ$Um)_S=sA}K0=X2m7LvO* zQiS$L*mZYnT3P#t_nT!4(Pj~u0oHUQ+&TjZ?87h$b*|{#;GXbQB)4DKVF~42?Z?1Q zf?`X7Ket}in4BszR~DW2!(?WAm(&aHKYv{~i$HOfHPi(9sCL@!$Cqg-F;Ge=@r2o; zNG)I^7%k1iB{n61!)CkIoZUZ^%&(Obxw1~}X}U2{<5JkfQ<$qXv_ULEQ}=0m?n3lfl_RaBfe zxjE^u7B>=c!px15^P*t%l?0T`S*LRa&%Kz)kp7FRiO1eT35>5$3$TucYbx>a(7v!W zeT7Skk2Ju=Z|^!*fL~5OHheO@=%zbRj=bUgb1ge{6*U%enN<&SSxgjpUT!%#?pmBZwARitm_~plcpq(h zWc&Q{Vnh#junBJQXHm4rU9B9v9y&S6?bXe4%N$AuQ(1fh5)M$sepFsRu;nXBy~RlK zKro42buo6xw)k3sn!z+l)%jO!lCy$ryj08^FYce^eQq9!`ovyYGC5l{6^>4yV*d@l zZ{I#08l}b-IOd{c$2vr0K*O~uU*c_%$7Ncz7UaDiXeR3YT)X6&)H#7U8O}Ljz%h^1 zvhPTnexJO+LD2GKY>g7pfoz+d9#&PCn6OK-Zd0_AanhH*}_yAIV@2-~{@3RCc~R z1g!5JsuCUXim@FoK9j|Jcja_&jsX)I>VwrsvQ4JlBqHk@g!1iI_Tz*gbnHuPrAZI5 ztb%L^L}N-fJ1ma-X6k2RvC0$rFr0He_Nb}RCY>j+J*fRmALb9Qz%&^fd!(_j}Fd6qu>072{TLE)#pbZsrj z)ia0sh!hWK?hT9Xb3Z%fpKb58`Yjv>_Ld%o&s^((KB5BW&0zFrtLuBf4)84L6DbRR z1kx!+{~3Uj^}KKVq;YB;a5Ml{jcPKM!48O2WcmZE_uf{i3I8M3s_AJd_|Ln+n0QBSU6M*q?k@!h8h*EYk0dl5XU|#mR{zPeG z{W;NWdjlNq2=LI7x2|KFouedntR?pF_L|8JDWwq@_Q32pF!{|o=G=eE14 zo_NgwYqeH7&RjR=s39``?{sa*axIi-!2fS0(C5lIV3fX+z(D0(;RYoHDUR4iN+?XkQy1DXNJk65-CO3T!b?q(MIL9JO);rWYE;-hk_(Pe$k zBk8?r8hksOfB)vWU5jq8se(LRU_Aye&~R;?Smbk(&G)H|o9QHh%^W;qa7Us3E}%us zWg^LAK*quL**To3h3|O3KYZ)oKhaeyG!2SXZh|eza(6F*7q6*XUB+~qs*`^3(JR-y zcl(jhh-5;8JFCU%Y^cw>b*DGbR5^G%hP2fzg(ORZ?=ZQ}j=P-}^NtaLhF{XPXXN$o z7&U@MXZ5!Ntu)+Oo3tkjeJIuKgk-41@#lvGIV1$G6)9EhF^ao=${#~tS1W~E{T_@|p%bA?>ZQ!BzQ424`rEa?9YM9`$mDVb`?x^`$6eolz#7GC~GgIe2GK6)9>mi zHqrCs6Yykx0!BHXO(A7^;WwZDJ)^ZWl!f+ynCNKub9QzXXoLuX#`JZ7` z_}L@;nY9&)_wH7j(^qYl_u13H*?HdgnD*%mAW;Dx4bz)7i_~WMl=~agGO*#NhpXq~ z!h!qodBF6YxSZ@PFfWhh+0nPt!2 zY=De)V(e&@!4m}7AV2-P``H}`XlHvV=Lra%g%AYs%Q}1YUSS zy$3kMeM4pi)D~#Kfs(3T$#rP}4t$+fAefB69S7WT)ohvcWC3@xh0hL` z?Qv3Lf9@dQBL{BB72t6ErC{_s1*W}u{L7_GU3V-*kN>@yh>Aemuo&FM&gc6H@C7!D ztZ}Dhc+c~nXXZ8y{@6}Q6;G?^WXB`&NpAY zD_;>-j#3eAP$*#KjbBsY%NT=qtNSby6ZS4%B2|8+! zqcZE!jeNT)b_6{D!vkE64O3(DIJ)waMvPK>V68&$1E*DmkkGDG#s9bMx$RtwV zxg5#qEiD;BMaIo&?>}1HyJnl7bV+p$s0NfKy3Lb7AVqU8?<3st@=B{DSW`c;zwPhe zqQA&Ijg4;l%{ea+u^M#CIZUBmvX7fc)CbH*4#h~H6H#7O za}KZV6u_S5UWy)nO{g0>xnqx+XI;%7jnhj~ooLwCgjCAw(V0&BJiTl)W8vs@S|P>5=#MF`veI+uNgmS&Wc33~hLFpBGE z|CZ$Bk~E9l>f0hW05+ILh-H{Xl$^uC#@6Zwf%Mr6jWm~hZ2lInu|BUTvz4VaexUIvt6*Oz^p{~JYFRj4 z!TEq8hJ2hO+MYXE^p3I96RKRMc#kn!400~_MW@ZC~3UAkf4;<{nwMh zelz8eo$FLufF&2XdYf6G!U+V- z1zy8uYr^)c-b3X|h)RP8Q}6#d8wBvZyHlg^JBbNJ0g9ufXO!gLB>-_6iU&;A^;?wA zJ&1tuV_0UGtFYB(Hkz@3?337bl9Z$0Hn3BCz7;Oqc{{kb>1YoWW$#`KynFieXvKTc z*0yGR1!djV>k6Z|66toEyI+rF*FT^C3M%876f9A+a)j?RHnyI<6Wu1bO?@u}*udK_ z^8n73=MXZUNut>K!Kd~2PZ0pbWcgR^Ymp~6fI-|r%jo3yn%|)v@O5W&jj_@nSCl+Y z*pz%f0G?&B{Eh=R-$)tX&>sM9z@=6oN5I|$bj)u+ly5IJY;mCtyzLi!48aDRg?Vo0 zG1{A3c*8^S+JCA{9dU;#Th8XSjXPXnacHv)e|H2{e<(HY0vFl$^yp;pNep=HgLgmQ zKYbgcM|X3Z0xG(LPxmW=|D1vQcI!VSa<){JU^R$j)QMFPFvh;<)D0Ic(Y2q7CnNd5 zdE5@yUSqbrJ$o8zJ4l#(FW?2-46ixH_tEjMFP49rT3Q0nEWpMRk51`+4fx;XF?E}q zeOKA*l&t|&IQT~chUaDUHv z7!vq^eIT+Cohk~HqnxAxOJm!+V_LWWRc(t1%+glV6UdQGwUdq4_sO;1e0Z<*_q+P! z#qsV=S>xf3Q7qdZYx1czn0Yi7Oc^;+e?l-Di({Ki=F`rbwcH5^8qfZL-ebFWk{S99 zA7iE-w$uHB;E?U-R5?mrJ7Qc)A&Umud0E%XZc{Hh;KzyxBxIpQ;bbqus$Hm6 zojqeo|8S#tpr{gA6Y+HL5G2o4=1?g*RU98_zDO!X=uyUnj$=A&DC@_StBVPA-k>Yn zaAm2@v+KW%(g9~7&0t-p$6{!wN7a>Hpv)A%Lnf#sKzJ z&@YKkz@^3#C$L>0(qiPD;G(eq1(r-3olj$j+3w;BFhKPXcUv80F9{n-ld_}-_;M|+ zkjf?_-v$}IwR0_jvVjJUU-Gwri3Rg2g(RgG+jLT!OTQ;*9ie%rHu@-Q^7IOt8!Rbe z=Bcxv2pxP()c^^Q>Ais?s7!pM3fWQw!^eYv>s_Fg2OY@FU~FC5Sk5_8Q^nM?%N1hu z;S|rne%R)qv#s)@JEs-p9+W4eAgXN_i;siVgKXWdTBYXNw+L51(vG^ob8scSyBAxp z`P)4cU&)aX-~MC|i&_bZi;bib4#9~_rf}|^&&p;Z2u{UM>rtMLAWBcre zpEdTu+??k92^tT-wim~JVrD$Lqb)uO(MKNRlU%Cbt-aa&$YGQej)S@rh^CWpiT$!k zrF86um-NCj5R9~(vA+|YqsJJl*$RFLQFPpl4x`P{8iX%FKPkj1#-(m^keqRa9qrz3 z5Q=Tp7T~k|$wv;Lxp*msa!i#g{&bJZ{^IM3t9QM&^=Xj8&ksqDU1}P2!7t|y=53`d zD0)8L+tUc}*7lck^AIwW+slKQAxtxKV6d(5xDY2!bd+V!pdG2tBCpcU{y>{NUow89 z2s3%3AR^qJI^lcD+f1zk5Wl%>7R_rDMPpZT@; z{C3FOwR-URl+&`EipWLQNw1bTARox>C zN$ynci@V}#tlc~};zl`&*L<-Z*-RhfXPPu_YVm!ux`scpIK|2ca&IcLfpLC{6D#tB zEqpb8pOxdvJAOjl7<3ooRvt>MnMXgC>&Z!u(VDH+^VXCRjk|s>G`sf?N9fTSv{F}& z4~)Rg@&g-z;jKf8!gq80k~genM;@=69kUf6hCht)5iMl_9tj`6~eQMB>G}} zWjqVBR#8^babeMaQXcG)4rNL1;8!v+$cPQ7oJ&!c_s9o#ro&HuEO2?TDLw;E5qf=M zI&*Y^)d%HMJK%aH_Ln-8S&4!TX^?Ne6 z+JMQn8wOvcI6SC77{8D#>M#+7EmV?(n?5E=(uUx@Vy(o3D$NIOEXjeyFt9p-*_`G( z4$z}DSWaRj(i)5;f&WHe9iK=-3BGgEwNKX7a(8Gp37cF$$jdtn7@Ch~^!v*9W@qVO z(!L93*?iFn5paQD{A%75u-RMCBa{;GQ`=lzBvZ#>RrVRL(`1LXxkQMRkZMc>q^>FEdDOyAL zL0wgaOw+=+{miS)r0=+-J(|hC_mC)s7?MZ1)FgYN;FLX89njh-WoKXfVgm z@?R&mF!M@{z({&pacLtjtY1^Na6dVX>e(@f<2>oh1v)U(BN0sdO@$8yk7J>&X-~x9 z2w0`iaKHQ#U17_iHiPS9a)pl`My7#NRNI#D*-9E6W%F}T6C9?IeMpYv zD3Y4QAKtuoDg7#zjOKL*5LDeUL>>tGt3GMR3uCdK$)K2PYnwG(ESjy)dVe?u$Fa2h z?CB_d1t)xeq=#A-U`h;t*|OWjBrDfTIH~IJnFnLi=B@@!Ad;Gj5EGVeIiD_g-vTk8Lc_ zCZO9%tdBNh9R?0VP9AN{iXPa1QwPCy__S``I}1gB`*@yIBgw|RH61DmZWvR75y!*- z@+JgftabPa%$uUpB1=IO$XSl0hFc11{@7Rb3;JVj^Pb=MPvx8@W$zSd- zcRsxPxqR*Z=fY=tX$>AUEK0ikR}*${D_l4a7KI`IUUEFh?85mP$oK9~(bSJ*D{cv~ zPd7V_E16Dr4E}esQ@IX)9`j-lFQ1{eyNw+#$}TY)dE3NKTemm8T`Kc6PS_i!(xLEm z=;_Kp9tU?2NlQ?BWFxL<1~Oekz$g7f0khQ5caA;WjW4ys$~g_Ubc)Y8{P$k4jD=nr zQwg<}6CTu4p3OUg%B+>p^SG#)xHe4ida{NOHn83Fv`V@|>8_?#S1oDE6st?)>9mr3 za8mJE;+hRU^~T>j<PF?#gVn8qjyXOIOxGw2Zt~66KMQ!*@lNHZG?^j1`^|c0vjO;QryZ*Ioma^tN4CL3 zNvArEgf)JSfAF|r#m}iGT{u^lIh=s`vI?VILP4+b>{;mMDAKp&6 zv54**lF2QGo^-i&Pc1mU8iZoWzM@Kvb!DrGl2v_)fCnM2X6Rx}gR9Gr-XRNu)1$LK zxc=506x6~s9EoyP?V~(q(o%SlD6y)~$X(>k&BGH?pFxSyi=n2!JQy=!$8vDJuF*+e zN8*l|;+!Ry&k)r_^=(7D4_q`FCS`|>S)n{Tw`>$HB*Z+bpgxPIMblSp%pIOn_SF^~ zMWLjNGRJ|~V|Gc9Yv=<8H`Tw>UeuYFOfuJD`u;tLl+~7>%Op4zx%N7PYLr3Go{kL9 zc%m=yEemG2ddqfd`cNX>vcfg$>occ8GNOFL8~Z*OI5Wt;@=nLqhtF)I7EcuwMy$s3 zLPNhvW?=oA#aDLO?$w^jtvW$ZGgxd)FJiw&5Ug2W3=f6?V~mT72%1H<7+_gE4uQ;o z;cexLbm21=uoo<bqqQHl1U7PDx(HKz1qKk4&hP{)?w;HSXLf0!U~@4AhXt@y61M#|-E{9X>wEU*6bLdIq6<$2arx!up&>?KkC z47C@&_TqA(gs-AJ>q&#NdP+DInqI~QxEU71my6L)^Xo_V3Mt<#v6(Xu zrqmiK&dmAlXnZ|)l>hU^sU?P`@m0{F)E*^bIYgNGdzjWDV=Oac2CzfXKowet~gDNzeu+cVHRpf?2d-7+yOp8MkVHy=K{R zIDQ-U*j>UOUkgm`x8;;0zzqJ^^7Fa*X$NAk@ zY}mpsti&HFF)GVJ`>a%=o?2cJc9n{sqDnPl69{vj<3S;_GQv6YJDDAJr(V1Vd@6tZ zr^`>vqL+S65zj>g?h6SjZr>E;Lnj07IABXJLJQE3X~ka=!=; zGC%g$M-LcD>%T7nU)JxRYb;V3xD-Cz*xVVy$iLNSbIh)s)gE$cMf{?-+FlVRH-0#0 zS@rw7UG??ALB?!np9%-r<@NQY!*Zu2QwvPkXrmSsFYEJ5i4$=}TZHv>8ny}Q2xolg zNIkkB) zRaGHXHjpYktRMuo=u)ZCrrZo&PbvlQiedL-&q2Ur;3qYEmU*hD78Rigjxu7k`L`+_ zIYI8MX%l69dv54GeD)T6@8zC0O;M?8u85^F$oe^;Wm>s*Ii8_n(fPix3i+I+9uToNuf+!@x1r(334K52X+3963i!(8)- zhydP7u?)7}UUT-iw&tGYl46iS53;RE3Z?S667JoD9*XbjA8^_vBKo*7%|`h|`TTFrT~{(fOZ`>;sAx423qWvv2j(u;l+ou~=K zCy6AT7Fm%-%BYz7Hq4gN6T&5c@7C6`9IYZpm%Bm|zpBKo{Hx|$l_~Xk5K=Hb2Ty4P z`oDg`5Oke%a>#|PiU*PMn6HFpwq_*tLga}}kh%Z?DTI=rY^x`myRlD=M&pXmuaN8vo$9N|*LVT-$tW253WWj65!7B$S`H94C13$LUbeDGgz7S**pITt>x0+I4)MnsP%L3TE;6Ocs;XQck#Qun}fM*X*9UDz(S!YVG2x+@%z8#dN z6;iQ+k&!7Zkc4I06xc!#sD6-XO`3!ZkX8E|k6oz?6i;&(07a{i_}$ZXkevx5Q*AI>=m5_}{$hXYJNjWXlF1 zIc5fIBEKQ)UY(4)oVh5RA1r*BDjak06TZ6@+E_YRD-~^gackdlX=ii^$c+1ZULuc6 z%KsC0V5b(J?!LV7{+76PDJ)g+KOv?d(j~pshje4(%WlH(&+c8d82yXEstqIIn=B^( zxDR-0dnCTQx81a)gS19jtG3CpCB_0)-%pKf8Km@u(9m2k9|j4Q+k_oMLO0NG32D6V z3Esgsxku7U<&riX&^{tpCCHdiaCvLDy3cmzP;ER|-|l@!c@Z$z%QQi{;%f7<`IA7r zy$+ToF0iYUBNo`L#6QyZ9<8&-{cgv5d6|Y<{ zwWT6X*0XyH223?xWp=_1mQRENB+M}1Qfn5V93t>IGqttkWiPX4W?mg7OKWX1=4;fm zW2dJiLKVl*Ry(94x>*qd_QEG#NX6|1?(6Vfo>p zeW^T%(ZGE;u%G8u8vKqxOPf9>ryi<4#M}ilsI_GHb*F?rj|l%DpKaC}Ni}`wP^V8) z0naB`?^ygiha_973Jyo070P23ElinIz&JK%IPAi7@$_VfS)fpkEQu34gbRJK&A1n! zxwg=iXJ0Z_V=qfn=SSA0Jfzk_;{lm>JHZx&r=abB)_twi*X;5Sbp4Do7M6`P`!tOB z=EG*~-GX9^O}XyGeG)&Hulm#W5B$h5p3s*e8M7U0pY&jt2J8K*;bTq5CsJcA&&U{m z{Y6xq0eOZEuun+J61^ph+XBVOP8?#~m1~;_hy6-LW0N1ix~!dBk&WF5#lDh_CLDd_ zOU6j(OO?=}daSc)j+t;F7srxQP-P+pXs1ENysFauq3ti#aek>%rA4C>=0|Zsl33c; zG2jK|QnRI|@>mi|e=VsjgcRHss4Mh9VTW-TmB=)-z{-E83DQ$8O(N9Ub%B{qzO@F3 z-1LB!^ho+pyhID?VXt@=c=_l4Tm899J zny!bXsdeub`YN~#_AvPPZ`3WtxxSMBOU7|m%U&_d&4IwwJYV@QE22Lc-8g0n?}BVu zdRfVfbBa&VtI&eX>rn#vJfNw9MheMlFPh)QMSPR4fg&DBpmk~B48x4!CClO%kg^Do z_AjtLIix${FRfn$5qq9b&+|NE;ye0T^?WS??hJM&zYO6|MzAnVO-NGq~~fU)_; z^@>9EtQn==s{CjdOS69*;u~H}h*R4m^sTQy2cbs?ax!Vvzuy;3uyeYt8rmPE;I?xLuyPAHlQsvU_8onlFuDyfNj0Q4{jvN0D^rS@&kR z)ze;V_vaf%RP01&W{h^u?;Luu#0X$U-yGF_#F2W1O@@zL7S3mg2sJAW<4mbCinG;a zl4;X&f6h?~Uy-kKUb{>eD>mMEJ|W+{zdlkq&3tI8>WY-BETb!ylm*kV5N=K9M8Cq9 z@D^8#sZi?+R|6ybiM@QQgh4tZ=8JPb^jQ{(ubdl41exmGBn+CRR7T7#Xs86yxYoAK z-U@W7=PZNkGh$k+=5G^MHD<_ZVo1o+vAU&iPuyHVUybug5@eTGR{ycCkYtv?vpUR!jh2pH{WwYwSxo{yNJ$ z(UG5%0#@sjU@mKo`U;v+yWA${n9U9D?i8D@r&*$jS0RDg6^YM+u+-lItXt<$qo=8! z1GTeZOF}1$eF;c$@R+2T(vdLLxcgAC>QUrEi6JP9QWH=pdWT3bltIFK(L7WvFU_lw zB=nUxQ}3$R2jsA%NhMre*rZ$s#rUF06dP_dctjQrg@8b8dPN7@h!|SM>?Hr;%Y#kM z2REIfm;n>cOi|v$7M9bW#IZLBq7L%3J+TY#A9nu+ZdjL>!{pUoIIT$u{tNx04(g># zP^7HUh>5*0uNL({m}C|LjW5_zU>B=+DnW>s@tH{Xur$#6l>6#>2L7! z!tioUVZG;+qoNm*qeaSd8=;s>NGEU;TS!&M*Bp!-s_q?f2_p7i46Z4*s?q0++A0RK zZ>tm`UQD&7Bzj&t?nhlMR8(tmjoCTAfakKs;-V~C-fk>a;LXpntfTLsDaZ#et5%G3 zreclkyj4y$PaehVvB0)P6^;A@U(aUNc~GC?z}vPoSi`X2Nm=CgN#gvm!HH&r)x4=m z&yJ;+r_zwEtt~S@qulSJr{ho&*RdNaAK1gAe|I-NINvs3URF0`i-2mq&rcv(Z_Kg4 z>rykO{MudkbrV^l89PLi{QUEzZC$fLQ!Pxn!-pR^yrxA+rxZ-x*3BSH5}G5@ai~;C z%IO!)xSXm2pK^k8cEWNG4m9#(PObf-dir#w>a2)==V*pqTc_O3(V)O$bhy+5^vR1W zVj!nt{_N1tEKN~S4a1Mc9yd+u*9)E+5Xzx>h?0WRwHt!EB0d2eBNe1aq8`Jow91#i zxfJjQKax$%7q5Wsvx-ZMUn~)V|9=`w{~PN5r${>pTwUn%ygz0^znO{lib+cvJTCG1 z*PqYSow?mgu6^bgC*{P^<|S;=apdBaF#4^XF#UDG1AYyg?`+#<3#(oJz3S8<{f7bLiDm$BaC99>ST%cG(hJja7l$$qW?ou<@4FzaT+7Im6 zdoX9Xj#P=Za$%5YyugS>>$(E(S#+O3bjnAYi{ty38L0bbyyx{N5mi3wRKj4*8)t6+ zQcL)Gdms>xmMS{Em6r8MKd&3|OI{^QG?Ew;WPF|~5xaoG9jYo^;BPfWH!o}G6S+^d zW$K6akY0`OH=^?x)IPTAGo~~NsK26yDps$B7Mq$1*_RQ&$BDwxUM{6#MdQZ{c`cy% zp;1&z%{=SK1oI15?}*w!T}62mhS?a`=6Mb!9}{t~-kp>m*j=L5dt{pO(|udtAlRKb>6iufqH%ct(L;fxO*i&D6h$Wd;;{bGRzqujOC;#z^nB3Tuy zUW{tIX<5?BcM;X~-NA;^|)_9(xM^Q|=J6njdLh?DNiwIPvN#Jr;Id8(B_eJAA z1hX4&3YA3di#;tN4gq9VSn2PH$*+l{8cr6_;dfhU?A74|C(n(5$o)z%1M_@p&xe-Uv#U6rLN_F3}dIEbQ{@aDt>8A zdH@&-9|uGyXrSe@j^9)~FGbJxeQGrtCg$yRK7UQTnZPjBK}x(Tcul|88p$R!YU1tP z{xZsz-2zG?u0ONs0|~~Lle_UqcE+EGv}!<;0w)nlq@TQc-<@rH`g<98 zt_s(8_Oqj8PPn1pWVS5dt)tqYIa434hfZEY{CU$I6Vd+}SsuS!JX?qjjYQtPz0`+Q zedWj<3-uf$Va5-soMG8wSv@`e^mm4{{b^{4DDlaTJqEc8hdGnIG!)0!Au*XVI@NU| z3KH(_9bgN>=}J8r3m0FL`ZZy*l&&{nnFbUL`eTHe)H9?&bn^xd)Xs!pd}dkOvb2=D zdQ)c8@qxgs!2YgS*;j{-@T}uk;ul+IN`p2_ z%WUj^&9vZd^eH&7Ij(`tp9z67EV7SFbE33S5ch;rwQNb!58?2GgM+SnnB7ms*b20* z@wtp)F#ya%-6ZK>I>vV;`=}0Sf6b)|Y z-Dr7TUC686^%5_rJh}cY#)IM21a}NoidZ6q`dW7$DA1* zEwmz`=o$3rz}_CjOH8iYuFptVi{klwEjrD9>_+n84pGYzJ?|reYwX*91+lDhoBTcJ zTR}&op17J*Myo`S<`pj!*POrz#<{R1h+dTEGQTn#`CI?-6pId@0#2~CmF!B8(R9AZ z>6dtDU(-^?3F1oEF|1E7d1to7slL1H&ws`cng+c&opd~zl+SUkN~@G-b_Z2ktEKuB zlvlRjU`$CO?Be(XC18GouMP)JzZLq%?tSP7>YrXe^9y5 zo@>V*zSXAbdlLY|=ELK(oCW^V0i0%?pZ!V`aWE4YvuREyWZV{@UVCUwhoXC}Y2mWt2u_WwBHXiTZ(Ynt<)8$)|uE zbo&IUT|7n?DUU|aq-%h+u(CwL(Rlzt8g zcr}Wsx)i(e2`$Ym2_-%k#gdCw2DyxvSd%)71Ne8mzk%0&QE!XcLp zRvuayuj+Thyd3(psP%XAu?m#?@qF6i%)H)zr2{W1XvgB%(wjLlc-T_J=g0sOzw*|p zxebA>XaI!;0~P<#2XFPJ%=nL~(}CNxy89qefX9_0$JgIktytn9AL-ChG>q1EPIP<* zI;NBLDdeID(dE*zEM-$jO%{Z%iHW5rusd(VKgB*4s|1r`%l5mt_wLxgDDi=qEB7-6 zZ#q)Z-VZUU%VHrkP)jr#0=aGTl#h1ou!>_YL`ug(a}Pxrshn&r{#oW^+TlyExwrc@m`|R0Yf|F(kZs5d2u#lpX^X&z zo98vlUR6Or?Ey*tt9uP%OC;RIAx#l{DpfEzpDjDKhL2W(`L&qvO6%6PPQI=*3d^Nv z)iJPu#BC8W-xZ0Cko6J&%NAU+Lav67F!g2o{otTSaoCG5|WnnSLxgBTE-<3{IgJ!8DvO;{mN#|%;?~L?baK%O<*tQhqa^#ynjWTFE z+K;B!urbuE3u{~xOm?^~{b5SFSu&&vb)+x(&lsir1SscmIM-jAF2K#%)XhZj81wBZ zo=xOdeUiVq!kL?wr!nT?PIC52ie0-hs&fpXvuih7=+{J9_4aJ#a=KSUpX1e)#!5jN z%(I%F9Y^*B419>!r1!bLMhAC2*i@~7W?#g)g{pw&QgOpfapmV@&9AwTx8TM8(0a*q z1TYhw1Tuj;7fLNwE-?V)*3cOH9)ZGHQX!JhU`r=&LE~lF#-Xv&GY%!upck{?D?Zds z*213MU9!(%;PXgq=8|R2pvSEm?wSdozPWcJ(P-2g1Hw4pd~dr~ck7~YUdw{8>WoXL z9~(hUe_I-1G09vMOG7RL$%mT67K^Xy-~BDM@zzF#UYzS&^v)cR7HW;)ow zZ$tL(>o+`Bl7RF8Bkb7-DtGYIp0<4a=ct#BG#mv`OiTRmSG4Azzh#%0-)e_h6-ig8 za~QN;fpi5Kv{0U_6*&8|^!2DQa1U(DG=7)|gd$*Na5ON1qCEU>3)pM<^~VxPvGWLE zl>M2Oc^=0I{M8cp%SI9?mY(%C;EiWrd8ME}#<|GR{hiS+OEdEsR}#BoS@%B@9u{3Q z!_jdRd%>E_wSfd3xg&4UzRg_rB*njDagSkj9B4?Mrbc&Kqs3x#>MGyladZB<{--(B z)m{9U`&R^i*?vWb(~mg`x0M~Z;kP++lh+PQMi(2diyyo?*5q3!-pU?=io(*NSq9yD z10$K8w?I@pl=#>Y=0BVq7@yP|geoZQ%UG5U{O#%(%V@L&$dr1%#iou6G zMo3UJIIgHDD(b6Y`)!F6ro*k9uf%LtBlCu8rc8&K{^$#G^%~eUdd>$eEolKwH71?K zmc>S=!-m03zw-Yubyi_*bzRpEQrx}8-QA@WZE=bOcUs)t-MzS%3hwUiMGD0sxVyXk zJJ0tX{0BYB73j|1VXn2t9CO@yrSJ_YWlT(YB^jBq88}6YVSz>r_9h8cvn`=gvg-KA z(&$k%FmkG#j7$h+i{C#d?Bh3g%oxrcqZF3_vxxSJQU~hM8AYB6;tR9JXjZNlxtL~C zmLs7BXs~=9exf8XvWNDYz z*Sk47PWHl#UW)v^ydS$<$@&vG+on>dsGc0G*e?5qIl*Qp3?!E`tuO;hw+OjyIJu?# zd1!{9fkF8-!s;|`);WP6@yd4F$n|AKqt{sH5(wO94heQf%U7LPmQ7au@vn_q_OSa3 z7lAf%gh~jx#rv;Zc>SzVjB!kC#v8cU^^=qK#*eF9M5;F=0TotP#8Mt#j1&>7sUCvc za=%QS@$Of`-Y`bBfvd`_&_j5DGPC{U)5-I_u;izuO^2v^Si-AYTJY4)$}@ev0`|?9L>ESN5E?wJ%c+h{ZmE0SnXm3mv{G%RHWo@$-?=GGAv4uL zc>^DElx1JS8hD09hHHdg8YI!9?~**VW$*=uZ}1&lFEx=R2ve2wZoRs^LJ~!VdnTEv zkR~DRV$n*&ns<_-?UBy2-K-YAVZYl5o<_p!?%(3rSp+jmX~&BNU|j?b-`(v zrpNlvI1)Pb=x1Q9y>@V$GD+&U`)DUyt8*x#sD>gRLm$K@fBO6cgu$+!>SprqIwy04 z!-W0}V$}P|E*(S$K3wqe&7_wp|EhTi4;TsJBAVrL3RD^8kibVx0ya~&slRf59e)2n zlQs+S^?3Iih;u}MP*X)^%*fe|kHt{n{ZVXu3b-l=s|z3egUiP~r2>-r=C}xzj=dwG zs>&!y=ye?1mv7puijb56XGJ^PnEs-4j8AvbruGcIjIA3By1;#S(xHJ5GU z*XQL|dfmzDTG1zIbI(~jQZ$8JnU#FEC*1Q?bPQjERAzsQY# zP#@q+DfHp6MEi8>k18b1F~hOR@y+oCqx?3w8W19NDq}to9LkYu3LgxcAb)&6lHyzK z$NM`s-u%z#KRA!B14)ZIv7u|<)-s;SC;vaj61bna@h<`r@^f!!53R9j`+fn#StVr0 z-;O^7Tkn-4=OvNsxZ%s{jhNa`%f8IFD9~+Es;h7nj2=a9pHKzYD z;wD&T!p20bv?fj@<0Ik}nuB7{tyI+He;f)Z8Rnv_WPR>-^y*$ubA3Tj;=UP5P)zuh zU1aq$QXE71L?x6WQK^SXM=CnAm?1=54t@`bBZTR<_aT{I0p zy44BHfcA zO26;F2u>s|#nf0q*7xH>_`QDDPRPlh9EKQTj8{Kjl$Ayrzt8#u;UfA=M7M*sLnBx4 z`5+G-kpf5QCeMp16m~K|IK1S3?P*6KK-^Z?!FQ zCC%Ye(>QH$*)JJso+)AJ_u0KCq#^KF)W)bG?r%2*rfyRvT)!IAkb{f@AE ze@!{RB5fWTgb-p$yO;CR*o^AkdO0s4`Qk-0z4V2$V9%Uf&9Baonj85dIb`^v9!Z!f z=%4prJbKU_UZDrmCUkZd*sLpWI;0uj-vP6-)j$OKHoO1*rQOxZzYA}XHA@|{zw^Gz zhp&wB&~gE|hy1Vq0YR)lcC}9?!c%jtNN$Jgwfglrex*l0s^MJ^F#B`|CApRYv!_pI z?Wew{&XnyUy;)bzMhpLQ`q&YdhFq-IKMi=dx{vM3e`BXj`?`=Y%`*hSDsBx<)|}Kp z%Y$vIr9A(N#ou(#Yv4o;xRR9c*5x6qaMSPluI{n_Zs(GJc%%6K~5MZhBJIbV|eDFn==FBb4$8;0Aa+G{$x+bJa zreYsD%QL?~)?bCDzj8*npX5F}-JaxLJ&4%6*|+Z$m*#U;Zg+jQRvnHn{5J~g2j5Hk z#K|Tm&Ow1BCN?ECj+46Vu>Dg~KXtz@tE+slNH4(RBtdNNyeAG+{FCe((SgygC^}^C zeiz62NbMQUvyxx(vE8vSZJ?_O)yEnRuN*T_yE_F=&u6v#o$x814E*?chBhtFn-U%C z^aZ=dR!>LKzqPIGBdT(O!os?#+Z!7_%dEUP;c{n2pBo5Hmdn$bcn+CZ%I)Wb zC8XHcZl-urRHfu%Xy47K#|8Ym?&RG_mEz&*Rf+5pP({pe2`*F3_0_kOz&4La2d%ts zw_f(udh^MyXj&xvlUOhYu8tjFJSAf`gIm+BuSd8JxYn4K6^4~X45e8TtXV&=3t9t@ z`YTdUiON*UEI3AdHVLrQ4N^jLuH#M@?V&>MdDCwy11@}jQnFDI?5qHJ_zW|su9C(RLN zB02Ld3=TFuAaZ_Kh!xwW-T7IP3JK%jks;zOh=b9JB5Sb!A5>!bdVXf~J6@n$M?T}= z8kl}?+>c(&O4U!8O=h&Gv)YaO2SvU6>3(Kq`UBBn#q^JT}fYu`~ zJNHT7AFet@Z~Ab{zfWaZ;-|}~arP`Ztt|O5^&h}Hx${|L@A_FrXUq1*URyLdA-c9s=3Hac^D!d`oM*oNgH2Do6jEA^MutSSd4nqXXY z1Giwf@a4ytz>^VVI6x~t`Om2MQY-bs9#tspxAn0g1*_xKRx(TB^#pOM4@SU#9%B7b|ZGEGwUX^9(| zOr69=83Bx;d4zL1oDb8ib8c_2YND8;ZN^J`e`^5gOTl~E4Vqn7TJ$U@Z)6F=qPiF;`r$%2 zR^uuq^=K@Rkir`|VJtc-3;ua4r~N@{3En%&!(&)y75dq$Ti5Qb`~{ZmgluvcYl0@w zfK#i6;=M_xIlf0zW{N7+&tzm-Lh5hPa#9K~O|73anT6hh2~R0@xYCN#8HPLVYFJh> z1EhI-)+<7a*;c;j`%%$IlzE(RG52Z-tVSo%Nl(K=PH&OFG|Wn&nf!d?QsEap`3P!3 zi1=XwrYMmH3;UK)6R%W@X)zKVbV`>M^jM;RepBxk4CcC3<>SFn>x~AnqX3l-xi13aCN&wknjj-zU< zRv=o5VA%Xm^tO$^EU9m84dr-QK}0I*>c3aq$6DEaWkE>=pZ9+k=hrn0v*x6)E70)X zKdgjS9Gb}Q7>7vCXlc%RCkmryPUK{iq@&BE7NfExHguW6cnO5x@dvNys?GheGNare zd4$C_4R-r&;imG22(2hHQr!HjiYs>k!9%wj*kx!>E~Y#a*>g-HJSO(HRWOby&-@%> z2(19JN&WU14!k&1b+Chz<&J?Wk7%2G;Wzxe8;TzVIPY&Jty#^qgRo!(K1-=Pc3qoZ z@8ZikPyc|QXrY(&W3nQ^aw~)n+AEVQUQaB2Zu~M{Dpf0) z%V&!Ec|fr`|M}N{J@&EU*lOX}tzKP`AI2ClomlmE6BYib^lv5!q6%1*<1d#oLY1go z(nJ&%=*m}q6%t{D`zA;=?B3esrewcEGEpQ0e!jyN|0;#p?#`|K75|~C6(9MhT&jzM zx$_BqFe%!*Yzcy4Fe$bqu4ptu5Y8Vfp*d~s7WW^41!A0=M&?uMB3S$7XkrN^Lnz!2 zyeS$!=U-RWJ8HRaJuT-%Pv6}7Kd628J36P=iC2|_ZyoG-G>!i->GkVR^DTERaVu&2 zUlTN(t@{qm=zTPmsBC;SE_J!$*~JZC*(+UX>g;tos*<>BMj31^)_g6x0?r`|VHzVJ?HBH`UMsC-93V_0E>hMgMTw#@0bx*g*J1AMo>tGDd{BF%RW_~jFlnC$@4 zD?S1USm`x9$2UBO@?8!)P7W(_{eY=zeIb7PD_~sw1^OYNbd^tiP+9>LF97dw{n6d> zGUwyPfpo>q;VwYR0f+*(J5^BPfjQp(CC;(-=)TOAU32u?fyAu^*$#YcsoFRGxt9z^gDPy^?xM> zBt0OK?4=(tgy(#GR2_k)0lZ8CX^GIB5h%O>_$|a8kFA}LR&#d30=NHOTEBaUdmSRfAY=`9C)LKLQ_%zVqdTA zHOI=wWSxWPeucKKB%0xeO3Namhk$Uf27R1xcY)-0fjWoK6iR5^cjNnQKydKg`w?CN zB!ffwW6)>q?mOrHychqnm!ERB1LV&9%WNCDXqqBuO*1o$U0U&q7CtUs%Jp!4T7EuR z7CG4jF0kIT zM4XkU9e#g+wX->MeAd4D*nXQk%C0yC{ZuQPP7g6TEp_!kPEY)*d}h16#{X7jk=4!g z4o?N*c2*v5-QiXF!c|&6G>=F8rcrT7NBi$lANnzK5}ts|(vd+(5cw+1^Lx4%103@X zsZV5X@tR%yNu0A#?jT@~_pE6H>bfX#IbaeDv+50#p3@>*qcsWVM z^&#{xZ(z1~$!@seI$9RRBZjOYfFdZm8>9wgGqns-BHuNmN+IJ?ZlZRqT>=jfQJh?3 z+!_(XUC`~Uk4eXyr%0lI$6A<25fP*?z%;{19D-5yWQy%hSI#fWLV1D*-5dCaLr|GN$Wms z_(bXK%1RYj%30gFW7d4yW9k~Mj~Q52lo~!+c`uP=#mTL%2Bx3kf$5L1D8F6_rDTp) z34c83zIB%u$iNH^tmoU(;J)Z4UWr)RZ(zdyX?;CZ-t3#dvq*Q>;!4>(M<=t$*@y?X z_(ym(aaf%DLw~3v7V8H(X3RLYL9el|on9*j4N-r;+rGbO3Mp{@oshgnx=Fpmc$#gs#^v^&WwN-ZXWCp&7- z3W#E%diQ=iL3siU(tJ}88p;Vplwv(aFQ8Q2`jAF;q!3xCD3SU z(;@(2&{x&%Q1ZWg@IEE`q77b-_n*~y%=T{G?WbT^$5!c!ikh^*`*j|envW&7zQpiB zMRo#7g7L11C?7Ay;;mW=61Lhm3osGtvlV9qtvD-g?3Qsvpt@9VBVG)9%nl{WsLQJN zjn3ii;NmW1%Gdt(DkcWonNY3wcxt!$R>=F*dDmxl_i~}ecXvET7;~YyN(=nPt`TdE zp_HH}sp)l;i5DDtK29QsT#b^l$l5hpW8MXckW8k03UkKzw3>?b*Wik%PqyWJ_+0l2 z!G~GpGg>;X6#VXY=$qf)UfgG_(0884k038Sf#UFJ5j8b3_g8hi!rd^Bu640jPD_agq zpqm%qib@Y3`hmQhejo_!`FgH%9o_zJeo)j6;IFp501MB2FPR(p`1zQ^8G6CYK(Rq( z*0aYSwcHCJcyvDufXqD{l){;!ig-LEKv{B7EepDZnppmR7D8{c)L`pHqYyug9yaKu zX2U&}8<&xGV$v=sEj5LxR2lVnw38`n06cB(rOxhu?c#dCjmwFBfTpZKcR0W^-)yj1 z08&lEiw=O`u~y&5n~W*rPJ&B6LdY{T0hKO%Y9J>wcQH%Pj9;q=_}&2lsbn9NtHbP~ z8D+oNL|oW?ToE+Ej}QoDuDn0Kq9o>73lQ$eFwA&-2eP>^=JihJTTZyy7Cy!mJvG2@ zWJ|!^>X6C2>5-!|zb&vQA#NG6FkV7G!PB6o;s)1fl9MQGC2Y7ha)9u{Fs%K6TjMjz z`Kb;oAzeFAScidMCI-?Wo~wo2_^ttW#V{O4O|Yy@I2S4W)6!_PgxQdMMc7QnWQ_i@ z)2}hD!C1Zpr?9u$BOvwQw|~6N?CoKG1wat!_|*iW^Jda%SzTlTBDz6v3S|W#9AveL zPLUbLs$PN5;QHZ$KLH%poJp(}wDj26VDLm z2jgVvI!r$Dl-HsOknX=Qc{Sc*>{7|jZnq^Rlk3SCV0;8;6huR?=}j_<5HZdKkY8`* zDk?nn$=(|;j}&IYrbMoXN`eiB(j9JMS)#7FLQO7GSBw80gpdPM(*O(vJFCK1>mob+ z#EPKhLM3w;67{Yk=H?wsM@qy&q}2`y>&>ps_<6m6ey?Q~=DGGP`z4);mz#H{+T3YI zgrFoT;&*cTJW+BYmL+$bTV_DUG9-%KdTnimJu`#htqVS-!pHSh;yqFA!mKilq8k>K zIO7t4H~N+E;K@Rph9p682Bt_*&vFLtXQ$a!G+J9NBb(Ts6{#O=U^eI%S8Ew0?@T7w zkLHIpe(0_@B}1c+V^@xd3swYHo0*cU{tO&JBscQ68;8@0*uqp)UG>{yM9?pFv)|K9 zG~NuvX~Q`DaRP#Ybi9a3i15xV?s6=Vp}1Mvy<|E#jyjl^YB+eFR#=QWq;Pa}N-#V-#>=Xg%s<8o&)>#6uSE=2{=u>51&|7o>j zWhRBI>2yVsZ+64}jtZrqYi~i3=Y}xaUD0m>*ui^5aCxBTHEU=Mbns8!P*dRjzF!Fiftr|cYTR8 zk*VMrqb3Y6mBo$!2QN>S93;?y%WTpDK>Lbqx}mX7ha|< z^8<-;dLV~xmAP%2_FF(CHmDP;HZV`SwmYX6wrvy^TWPe9Mm@m~PO-zMLd7-%NGz@v zAB9=-e1Z%B2eS_=K9^&_QAwxvIaSy09;%=N!OA>-BEW5Xy^DXn177unY?3wJFZ)3y zcIb32wEoAg3X=dQ8=#xek5l#iDhU!mtMXr)X3M|XNUP;JoA+H|)Oz1hqD)WhxrV6DH4_6`g$ z8(`=?+x&b$`_jc^8LrFg8+E)NP-&0VqmZhFy0P&C$O#`fM>soZ@H0rd#R#ku|3EqIx&{pueO z6Z+xJ88D7)|9lKx1^zq4daQ@?uXt=)8$K?I`I{?+!)c9TdI*%y74H}Oo(*&X>C?a` z+I+!T9;vzBYk1bOe}s?Jd)~_spV5C_;;owE;dgH*zkSP%9#fd(I0wp}lAFYR9Ut#% zQqHyF|Ch;q=f_t$m(I(x$LlYw5y-q}dvI4%&h}*x=Y%59p!D%2ue|ysQzTr789#~} zB;a{A`QWu?Z4*#@IwY?Ys=TieQVP(_$ZDSNHvP^gBpXm;hhw!z#imU}SXbwScX%2} znNL@nAxNL1-TPJIdfuW8eZ_atcL~<@9>eIiRe`e|P#mA-`Bh-aW6mE+3_~&-_U3a4 z=pa|pUjSm7A?Z&bg<;Ob^5O4J$pQtH1m3h56Aj}@w!Cm#Eg70Xo6t;V0kXr~vi7_> zE3*!kqSkNP#%6D;;-5Lo>}!e!sQ;!yhKM^V{wa0^tu?f55%H1sEgipQSf6HK?c}K) zFVv-hK?0>ms+BltaKjsBWW(*ESP4wvF{_zTYmAL~DD+PZ=7SaNrKRDxDPfa(6UIo6 zqzC6k=6{Mup<^_*W--Bx{C60_Mj_LA8X>~y19qX7>N#%7}-z=7R?VO$uv zI1LR|xzTs`vWzgS+)K+&cC^vUyb98SvQ%O9wJiLm?#fyY8h`)v1fKowi(wj#k1R&2 zYxsF+S7H{^a0Vlt-=({>c((+rXpB+A{uUB5qJF{4wnjQbgqK^6u^)z>J+B^%f}9l5 zlb4(!x!T&*zULN7p&P4Vxj|TdqgSQA$9Po4asJ+TYuR8LMxJfe}e+ zNjv~Y#U#kVBA_=mLmCM~joQQwd2YMw&*)6f=)xM!D3^?-{QG&P83H+8P0=F4l4Ol^ zjnuKsY}KDZ5ue;cBZi{`z1B~;g&oaH-gOxZRCxtD>B0o2(y(q==ca%HAVU7Q;!CGE zN!xnA@qqmI=3!vVeSaQ*+Tnhh`*E34DS<}!kQFu93fLRD=0x-qHUE|SuE#TAaGQQI zHSuVze;}|x0k%ee=Om8xV=I6->6Yc)2BN!WaQLR@BUXKlkeu|Wod#M0sTp2Bs08I( z(;?}nw_l`wkcp3j1~2Q9=VgQw+92;xWZl^Du{F$40wt-Jv5ENW-C9)%%+o3H9>MjN z@3?U(jcJMl{*-g42OwcXSXNtabIDhI?Z*YHV+I%I5sOWb!{5ZDYJQ|1-}!akRB;Gw zi6@*aGxZ3-Q_1N}Rkg)6)ZoYnUR^$P%)LnqJ$Sf~jGrVw&=|SXGZ9{_b8!UQ-Y$7S zI6PAlt3U@9DU=U;PRuuC{BhbeV=CpqCQXg=JJaP|bL@X;HXtu@f_Djs9>xIWkR1Uy zWVkh`ZuBm|fxFdq#aUga{|CAo=nP1wMeRB?xNW&}1Ws2|ZxjJ!8%Y4vSmrw_CUpXo zS6?z+2pymMkBYIwuTDwy_rvzvUJKq(9P}`dGw*vn14Q7zROq*^yxcU}zq|l7)r`1{ zcTUfFjCT&$s~+pFKFp5Zs%6QJkKWktbdB`^1}5l|G5w3o71+pUyDeH0>bp!rjczdM zE6}QYY;6b!+>#&`40a{)h_Ofx!2 z$6wC-B$m&_gMRug9}4+I9d-`RlU$rH5B~wzh=X+mEuoe7Gtg^+a;u@~&cJp%8NHwv z8Xj#FeGh|KxUV#peTry_2JCh((+5RP*sF&N&B;G5ZoP2-h4`0>mW#G~PNdCJH=Zb` zJ)TCG^LgmFw@BOT6gUlbpzBdLv5}6pu_O7IZEEg+s3fRFm_TlK3+p!9ISY{dBWe-r zfcm~6l<#2-X?Na_uOR8@joSLS<3jbh?LnQ-<68_(qqrL_f>~;^rpv%^@}6Ye-Wpsc z*uc!2m@hlsvOG;#*aCZ<3b4@gQbT&;FH`&4zd7lp042 z54{EN`oAsXSnpZ2P*g08KC1HUQq&4@MwFyR>gEZ|a9KnI1kpwP#;}X& z#ZJI+<|fP1_S8NplIkL%a5QqF)Mio5iwm+W9VhW41y`H8necXgkARgwF>UXzIs*O# zqInvL14D52)=4cBrEr`PhIEu1Cbhx@jm#4J-U{v(3`?nl@v%{pa20CJx}>Ed@`uV& z|GhEWfKB{-x2Ds@AYt?4hFB-h0nE#r+?pMUgKuxO3-S?IgU3WR+*!*``$5dIWg~s2 zp^9RDlI?sI@zxPF!h%PKEPl`~RTW=K$SgIFPIGvSE7<96rDHG`(r~1#mTLBbI@p!R zjn0$`d4iWFKe$$lp?{qY#e{CXXNMJ^5rc~!;nVY*(Fw2AG;Ct-pvVYGhIgeYKT!pk zdPZrE$n;k4;1B|v!RGY@y&FFj6_wx{VdvfJT+JFf{5(*L2GX_j8})pA%Ec1%wel=5 z2(>M#5S_*;lkEDaf*N!wG99i+b26GTD|t3mlEl?#g2j2UC}FnU%Hb$ausFRgcKh1Y=DE$N(ALHas1UQpLJDntL6M4m;zf##B%HjQrU|sU5j3hqDuNa4^zw z@q^7;gZsG!PeAa{;sH;WF^C3PIIE?lxA`r<_w7-$``_H{l$0Zfh@gWO(JzB>y>50N zzASCb8uON^WhCIf@LZS1Jt&W!oK|?5w(QtkP&)Wtm=Iwx^+J-U*kKPrG3jun(-k9- z^4+6=V2GGP4{xN$kU(i_I9!?&oHh~JCMlykf^%Gmj9*DAFGWS9hXEN?jn-0& z7Oql=4NZSA+Q15_d;PWto(eVjx&XfiNV+^rvd#Tef^n2o;w|0EV$ zcmuBI1D~C_pnd;rd#A=nzK_4K1E8Y0u-lQA{r5X}eTSi&+j+Pp&vu2AIa!R4BtY`G zyu3VArgxjwHh%{EDHuH49qo?XwZ2n|{5h_(+CYr_k|R)Ffw~9*P{oL;>lw$Ll{GCZ zo-aU{%?oq~4JCXSzFq^W_rsyG=>1k`Xecl7?Lyd)IfKlq^6nko;INt9V0SLk=o6Ih z0qtc#B?>5s1VEbTO`{y0ri;i_ccz`}OvBXO7p{&$ui3g`D?1*D!v%ze^;unebo$MV zsr3ND%SQ(RMdf24xcx1(-T~Xj*X7CA@!BwoRt;)*6!d(?#-Z!+c;0!{M?U|Z7vg~K zDU(U-ikggZJJ8jQ@=_$ELMTLIm?jNQH_Rrjg`)SZ#mDzJ94=hN8XGYxoD!~e-vn7LyH%>5J&CZ61w4dRil>^ zi<@gQhFuI6)G>2TmrGTvpptC-^J~TN3u+!15`Zc?IaPd;oZmYAgW-Lvut;5QIaXBb zhuLcU$C{!Y@f{Ystdoj@9}}f!TttZu_q|6Ucj(;mI40OijI>sywlFSLU)Qv48?#9y zAQyciclC_m94$`TgVoH8Yed|Srnm70vr;XFn3L@BUDJJ$)~+(nm3!UZbj3jOA!?4? z?ZWcgiV`ZSL_Mb|o)WqZN@E?`;qq47r5JFYw>fOon#()OUZ%tazD+kS+E*j2M0J{MhPPSL z)iBrrWpCks(De0fVIaT}#eal1F_x88MM2-nvm;Qg$t-ayL^aGVzhr`WrRtX_eUMie z=Yan`2qRjoU8PGJX9Q`mjwmJATu?0$tJs+k`y?6mZuu%Z&(X|mizCNk+CDhZN_Pz~TS=2SodjY{>vUpaijWJ&0CapOv5z`>4-Vtn;sqZK^KojlSHjCT!H(+9&jxf5I0nv8L26A%Qw4bidR z#L`D>&CKlQuCNex2|{K~%Ub(l)_h%V7Gl?^a!5^jNqc~c>UJkc5VdlKxwbUHT7tVZ)|rR?61bW2z|l7T)r# zHcA-MK{=I8Oz*E$P8X^nuJXf+PVaX7HdUTfk!<>~#S-4Y~BN9ajaS7eo27)5W9 z8!vVZAQ8paTuAuNINzcoe|5+x>J!&eX@8S~$3eA`$8d8sb#X&bLHK9&=!~P(1N*6K z$xde)1_HrzFfsO^trI9CKMTkiVgB{naX82#+jk+rKSa4QN`*mQ8kf~p!&P$Vs4br% zr0;I_4kH{vmTK$c$tFaALt`WpAO3dIW6KODSOSa`%#=?P`6H}g*c9w6zyM~30mWyT zC6o+s@~F#(2-@Xhm7pZ{p=T=U7*qx4J#KaZC&Q=HI6;s|{P!g!xm73=E-Z_Psm6W9 z(|pYq+D4qUz^>Rphe+v9O#<$Bi5X4dKxUBD*Lx&_6(ugaMl+49TTqUdKfy#E7b zzIQ?m!HH>YU;OR$2E$h<%*-Bv^S&U!apxmL%TgG3c|0vG8yESD2^{51l45vpc4CH4jo!yWB~G9SzMiCuJ1r-;3-=zl zKBptsM}<(ZDH__vKA*WP6%g01xE88xWoTx1Tp=*n%=0Tzbg>1-^nehAqKzgNuf_wC zG*?4o1*cd`Pzoe4E+c(+-eJALbsxR4-OD^FlQ`n2o;o(KhjT9!%(G6ME&QU`0D2#+ zK$9Ah+=sdBIfVU*#2|kS2nzW4>)ePVfSaKx)h_gJZ(voOUyQyIha|8#*(6jrL}aeK zFc{AC-^N{%l4NKDQGTT)q38UQLJR6npZ}aq3UG7Zar9*IU40k+QdjFX0DtYEw0yd?xBC4U67N}}Q6ngG!7kF~~aJx#D2V-&?wTjKA& zQ2?l`T=9cG2E)d#T#Vk9kNZssD5&ZR-F(S2Hru&BQOav7qdB4pr{&wqqd3JNE_9DFJV_#}4A$Ess*@_13tLefKr zSV|ZuMzhm(&kfjFe9X+|J|`GR_k|!58TKKzY~ZlRNNYBB&Pv6OfMJx&C~O>?8fi7B~qf zZpY@gD5}!oz<4}nZEPRl$szXPz&~i^MTC|)S2}=Hkfj}*N<%=71*Ddbx$VEa zZ!0)19R&1dzq(s!&{vvVl=LdjXw+mb{<%Owh1>q94z6!%YN`>bD3MEFn+*{O?G3Ea z%7`4Ql9LkEF|Zq;h5<(+f~8rk2&h@Js(&Z6j+CHY=W&wrD$>fP156Qfm;(Ujhf6Z% zkzcY=W87Im<@wU@M|L@{@IUEuD)*-DSG?#0ASXTp^m29Z44?~=E$AyI2l)zX!mY(@@zH8s6`34^jCpt#?l1g#l2;EzRPRuPAPTzjf ztEQFl+I(L~Z*u)p$hi8fu5d4M_p~H;?nvg=tSGV~-yxPkb{a@wpC!MZu8cXdUOl(fOF?Dh^v^UK`L5~y1f6dxwf z_#7=J?ng=|Muc%PVP{C{N{|F$e+<1*EXU!Y0A?cP;gPHzZNE~@Cb;wQ&Ji65n!{qt z2RKu0*jb^=r1#Ff0}0B2jhT$Up(YTk!6KttulcIbUY zSzmca6j=KDOX^4U2#pJaOj1pv`g&5nVaZ3=A^wz_-69$e)p~n}#qHT;NP$E5Ri*978H-Js zEQ4Z7)bsJTSaUH3zjK6;#=yMrMLV^jQv9!EGMuRzzOu!eRq3b=V<*_QTn&A8~ z4@WI~;5$#0i?!gi34189%=(9fXE$41U6c3CX6MwKfL7fpcnO7^@xWWMOVCFvP)Q%l zhSbhDmGNvj8QMN4NHzs)ddvw|Zke+RqTtNN@=){#<@n6u_A8ZYlk|I(gyyo1ZAKOf z=P|)wRe$=IXPl-HJnoggN*TduX_e6JR)|TY=Rn$$O$D8&@tY;rNLbwP8aLA+g1TB% zMa_hUUmS0v+TUWyjE#R-&-aqQocT4_x1A5X#B+1|1H;h(>CW&KdXsz6 z`9%OD%@d&8_yIsZsDHErI4QiWVZMO6z?%9{shY%X-uQNgWOWpNRe@=C$vhZ_z!5kk z8M-Ze1sS|P%zbwpcndwxc!g(s?qmQnj7w0%$v`0B0pf=^^scmfw}u!xbid&q{NfL} z2_J+)WUmY6NBKycM>!9dCjcs;f4lsxsh8680FYCB6$lWZl4i@Io>Pq5?QR~M3^3*( z3mH8r-(R10S8qFRVLX6aMbh{Y3^1KeQd00iP`WKU&^848t2v+-=!7_c2lwqIUI77M zqw$Pf3_zjEG8~Wh)i$2aYR4i*nu!S&X1Ahpo;v1e^15(?{ZfbTQj?{hi#^?zqusk(tX5JD z#%d%&J`FvM8nwVm0SPy6V(;w61%}M$hlW<#(sj1dXEwnkS zJBCi8t#oKXT*{09oWHhJucu{f_Y6eg`4Z6ms2A$$F8w`oaXQNK@hg+UQ6#p^Qy-i# zmNgvVqCQiIj-@az(T{BfDSTK6wX3N>^zW8Gf~D_jLnQdQ3uzRSoNs7w@ZoJOr6J@e zX5=Z4Wi;J?xj{W!3MHw*IAbIRLnTT1A8Y9YOE|M40*bb{5~h%)`NG_XIubK*1j-y> zcz4Gw<|3DE>uOZzdU=X6`bog=Wn5V;o8QKQiD}a$yui_%l%X+XD=mx+Yl4Wo!g}Gs z?dcI=3P9&%*JhJ0(juvSo6m`eOmZ1wWC3KHsTgAR{VQg6#je6CoZt`}@k96w=IN#@ zK8pm`%kUtc^yr8*0kHQ7A;a}1qnJu1vCN|FJ_L5$KD;+rZ#r1%j=L!WraCNy+VzL^OBZ=F@zd`4r0*pH(d+&s${4A>*3!2X~ki&8Qt*PG2k5 zoxf!!5qydhYeHnlCXuwAt<&w{Og&=tlkN}A^gHspOc=YJx5raSg6XA74pU7spz=uM z5WS}~V}?7c@IDlVltf~TpCa|o5+}_8!j12asyTu|ZgoB5cAnuBCC)D zu}qsSIJ#J6`t2BLIiwGJI@_jW>m|lOps(C^l(xZHlB86193&Wxtafi_bsN#cT`7)2 z#(y>4oxg+htZRk9u)R^8-4|~X9t8|<09sg}M+z4k*~~6#(ep}XU51iMr3_9aw>I#P zy!Mvt`@Ut`C>0j(VUq+0Q&QG8J15PqZjzSe9X8`*l71{QzL^09EXwpCYcw1k*PRiEmX;pJts@ybdnLp-el_VfE-fu9n-;8lupaPLfP^IiO`7VJ z@qCsQ@M@q2GtJ0Cz*z(JfogO}no2|3&I~qnLd21l#sUgG%E?D*bc z9+V^|Llm9uT1B9?uvJdPfZg*;5@=7Y6EMUn*?$0LmVgEAftOerif&U9{QA8$#|z+& z=6W5Bj+6`bq8gk9om@hdqy1<4!o^lX^X$Oo*6KQ!rwaY=57UKz$h>bij%usD`2nTf z>-li?F11mi0Vu7-t?u7j>O%BetD1^nTi_JkZQ_jdqF2iQ|! zGiKBM^kw=Vj$Nm3`wcm;4go9D%+^*oY1mBc(`!XD!Yw2i!0T~T%D%|9y012S?G4=6 z`#vrKuFA6*b0f!d_LmLzmgCMw@7q&W)^*?0EW1%JYG-a!BkR$KnK6ND!1F(S>PJYQ z8!@H){kP+_!h%8x@BwA%b6j?F-0d6=$#1H{^?{yllDFd@#>3d*CI556*ArmYZTPPb zT|i1o%IF9WEh7zVe>A7IL9hVRij_5SHvyY2Dg3a#yUoipiq!o|NSUn$LXe{P8bx~wZ z|9(GeUO?>m4|-YuWJ_mP@@ai`xE+T^3|}tNI`^an9&OsL@|6vAT8?+JTIER^nmlHJ z8++nD+1lqtZ7zhbrKdL)T3>5_x{?Igbc8!^-?Ol;!;x$8nkb84x4Hwvd4v0fl^GQD zxgI7Nr;dx|y2{!*Lfb8eEz1UH#GQe)e+SgQN9E@$8+zNmo?UCC{7*Q17B%Z&K7`Ak zMkW|Yy=duNs>RjE+lV6^X-`soy4P8o@UjoTT^2Kp4!mwu)`}^`v@}%yJK>g_5wOo) zx%&}vT+6Ah060}=sC#Ubx4}Z+4jJ^7%}vL4uibR{E$W-k%T8Qs{`uZv;igQ#>{2CW zkSxYTHWS2TwN-I=Ou%94&bMrL-a@E>?9M?UJ4kE-g{~TJ*+I8aLJ3od227Rpgo-ID zcA^8V9({!xEzU!Rcv`IH>lZdMG)Z^0S_xY?*=i4U=aGZvfc*2F+~`k?kuve~gVxC( zqNC`BMyJba4X+8%4-kCB5W(PPq-%~DQrsGuu~ z46Zi3D8m>J-b#MF7>W=DY5DNh0RFZ?DKa;CrqymQv)nnx4CrbM%-=2G%$2V7axv}p zz<=Yd&jsWofEX7mWO_|-YQnb3<|3~FO~wNE%#A~M*qkZ8=N%th?yX7DLSK_pMj`q5 zQ5;Mx8e5ZV`8AH*>nvd(_U=hBpLs3rYzJaVF_=gQEn?SucpcJ3Gme@s@WyZh2LP-! zjACllWU{xL|6mdsq!8dmz93$JRjn#ax^L+L7Pp8-F8DgcW zY6vch&fD`t{jGDRd_?BGrdckFtrGmTyv6jN(i z2z&L1ujD3j=<^O~J`toA$x^U9WQ?T$^5LPLLgcGDVVZ|IJ$@uR&PE2lGnCmkx6PeJ zMs8TDYQO|+IJ7?edH45eD&4{UkgQFe4hay;lQ)s6^pfq6_;vQjy8KZ|VNwqiU;67` z&top$V=2+&04sJCUJfMC{i=H$2!FQQG=EvCS%V1tbM+fm<$5)ojd-+q|6t-%IJzf! zw7R}^hQ+@A*YtVZ?enUEVH&Qq98GZ*C z7zd2X38QL_g`2T>gH#u~qh6-xqA+`789($icfp(FG*4%~-t?6Vjh$HLOP@4_YS9sv zN3VHk<9q$2ld-9Hk(e-g``wQkb3}ZkZ+_~$n0iPMQMp*M-t51eF&8yr?wRozjjqQoU@|Yc z|7<{OWYU;TnyMwMB1OZ`mg!Sp+L>j4xHSof><-I*>2ObuVcvY7jhQ}PBV`*o2J;h+ z1g22nnCncgCCWxcDUg4+Bz$2J#=?!t*iSWRvXOhA-ind|hZ}nq%8+qS3L~v$l{vP} z(fq@23N-YDs}3B$rG3!)DIQ`y89`tx=TRVPjY;UqfjYzR)61fLvpMA9uJ!G_)*n{m zR6(A#NJ@!)uSMdsjbiQ73MugRR7GOMJDO~X%xqYzcjf`6uWBWX!|6+AKUXb*XuF5& z?wT7WnFS9npNMO2Tl8u_oTO*cTsW>sraDXLFh}Rkd0vLJLZX8*C^nPtS-`B&A|A%D zw+~w!YJCYxd!rpOZEi(6bP5@TfCRv>7^P{jnSqtou1WU@u%s@xJbL)XKv; zwoNPTvoN)QR9rkIWwX_?t4tUA&?m z6&P5POVBcNKA}|g1F)eo7;^R$)GFkJ;IFONc75skf}AG__&hqnWlRxqF3&*r(Ilur zb0RAP8{`y->#GdXOPBUcy)!I=!{fR*$$;spI;vb2LuQJzY-P79_J4=d$Jn|8wH3=N zG1zDZx&EZaLt7jk#4M2v)jY@)s^FO*Rtg^r{kCjAxrMnKVT}t9a+K)X@9K6t>ZDYi zBtB(!zXtl3$!o6RSp1`GsSYfn!He!es~DSv4W5Kzw{lyoyN1?Tj`4-#!uDUNhRM>I zxK3--h1%YC)-PR&Sf7N^t@EhUjj0Rzanw{I?DBhqw?b1gwE1i=(Q-yI@pw1ZDznK~ zF@Ax20fdt<>*4A=g)sK8rrC70f_5M4OQq5se&&^&3py`L z6U$~WVcgT@wP6SdM>;55>Xt9frkt>a`zJ%$qAM`M*%=QlOEe#zk=>lgJ7V`*kzesI4TQau9m}^ zst)byET(Sj@EC@d?9C={-|!(bnn$-gL1|$d0OH*x=S(9}zSkgY58p0jR-ip`#~AbE zZWpedX}LW2X zle4l{%xfad(2m+@_WE_Rb+6<-^R~&IdE2Ep#eO`??*T5l+T`3}yq??Oqfk|9z|!0g zc2*Q?iLS{S#^RXFC^Y9BE#6E6b*BSJXlCW0%zay6B;c7c{aG+fi@jQgBBadrS6C=;6%xin#{{Od#JKmRZ)bEA^TpJ-6UW+oa!q&!nm(su zYea|ZS}YbUG{2afQUkM0XXbK9Z_vH5oXeCM_-j>3=Vh(4%0PUnUG*Xf?ga(#qjAno_qtUPh#Y%$8@`07R#q>$!V_f z?;L=Dy`G`~{I*D4SvRs4(8y$1--TLpHVb|go1@5E~n-sQbr;RXg2W^=wDrZNPUzl&INGFEr?IIFDqGC z8Ciuyfd>2f^kp^e?tKSV=IlDR2bP?i){2%pB)K}w@T}(UR*E4PR%>5Q43i!PqfXaE zUe>FnfxZnf#o(kY8v)|iF!pG%jD|MejRvR5mKr>-;T&JFx<9{^UeSM2TK9Hb7v7*C zI|i$O2u27$gLB}rtK|6QzPIL%1UYdNE5hC$p(iUzQ$yN|X(enYY&?66R#OZb_(JBc zqG00T&niCLW%ydD)MO>~{drG`l;{lfzNeWCt**OnHvjHL_?hY+) z{l2Ab-QTv>i5+BM1>RI0I$JzG^xq;=-uckmTb~D6xOeX|R`Fk~y*~m*L0H_sAC@y7 zv<0jQf2p@VhLLLcBGuu3Ye?Z+E_?p)CJyT(Miz%iZRG}XzU`U`vdfH)pdKWk(mEJ`sv*wCu=t9imuxMGr(bR26J3s zlHpowZCRFtlcHx?OD?(dAv#sv$^Bfv;d2ZVIw{D0vuOXw(r}}b&+?3u!HyAW5gZ&n z`{6$3@9Vp71*|ch3x|Alc+5Ud892UQ^;FJ$hRSV+9J)*z#86fq+H=35;(y;Pn}^?3 zefR=Fp;<`&o@HJ7v{AtUNI zTI`(BFk_#w=`z8U!yT9?&@erfi8<7!5mnQ(q%)Xt0AFWuLvZiPuu&gGEGJ@^!{!So zw6@isTH}bI2IA;4aBecO)PL+1p-&73Vu)VzKffRy_}`(?5nSI5Q?W{ReU4srAiy;E*R%9OR3*ZSo8#a^%_ zL3Oj&*7}RI(z*RZ1PhXh8ZUjm+UaO(2a=ma@sah^F3`(xe_Jpwl%eHvo617yK=>LZ zM)vq(mDBo$KoFB}W!g@92y^&Aq27jYM2V}o$24Vp2L@|JU$PFG`}FtpWPD%k(RTu8 ziW0$Ko#GdhnZ_#(Cfdc4ihU%^0EMAe3!w}A!s6CpkIp@O@i7xxhfy6(LTVWlZL96p z#ujdNhQ2TdvS$!)JYlcO*GEZ>2FIIqOFK#q0~3E2bu1S%;?4@y)|U(^Y3(P>7wnzY zowF2$4rlh94xP*^s#-8>t*Vn;4X78&N{SZ(Di}O1227HRevEV53vJ-*$-LqLPZEz? z-|FvoG2?qM_@c7$r+6}Sgnw$crt2JjAtK{9eE_G`Xm<{3%%)~Etky1307RJU(CBDX zSuJ^F`w`W5dce727N)MNL+gQkL*JU1|7mB4>glVThb{e&{{F4@Mv4Mvsgz3rbAX>=LG3vfW#%ppFg7 zj7GJ0pN6sH;DviMhc>p0i$y2d&6crx$Qwh*4{#{Jc0LhF4nWXdP9td{>^rZMbLDD_ zic8YdxzGRX`Gyt3{vP(Umq3!a_qTyi=m!97n55rooetnj1tNdlhgZAGs+y|%2>i7@I?4)TT1JRRs&=b=E z3Wm77c;VI-U$^8%_X$*Ka-!}$k4rUtUzR&E#+Tjq`zJ=1&eHFN>8}zBIeKIoiy9#Y)qZkVq5cX?F6>ff1|c`?Lo3uy6J0!`zl|k)i?`?K^Ugf zHxeX04~stqjJYXEx~?yE?6G=SFosn18G#vxe+c;c!gnfR)=-qm-CHO#VahUZ68D(V zdRquYV4yTDGn%v%LnU@wwYfoZqGQx6E>TCADVc)+Oq*V5H-VFhV_9~9%I5ZUqP0u) zBI2B>wZ9&)fS3J7|6w*FyILY^WBsDY^`3 zrugWpI|Wx`@KH|gsP#a^aVu?wGaKvA_vsDrwwO>&(3)HCl!!&%@uHS}uX%78!xosQ zUR}<-R)9p${#L6qzYHLXaBh9Jw;|&SLWecH&*CL*%<^)LjS@|=B>@U~3qf>+yz6kG zT@(32TBT1jYa}>wbl+xPn+Z3bDudXW1%#&>B0!WsxfF~F$)se|egnfzNAw&NViUKeIB}Vz?`?<+2Ok{+uD$i;nP+Ey%&Wp4(&GCUwyXX??AG^(jI< z??sdKZ;pj~(1^?jA_Iyh6yAF;S*eW`bSHfDOGPI^>UiYzpzVfWyWJOS6CiS3-cuAj z4B{As>o-j3bTjvKKD*oCy(KJjr1AvO-g&y?RTEdB_kC+2f}b+mv9ly}YWMDAIG3p< zg9nn9w-txsG;b_R5wo_pBVnb)=R@P!RjkKKf85mW=L}94=u6`F$ zQwN1SeQ--Y3Q>yuGWKST0mpP*hXh*bZ?3F~O6KaaJMYNdfvMkdVkZEfvPdmt7i==- zhO~3#_N5Qu2P|k1`%w+f$sKHhUu=+pp>_lU!A3!(W$Py3$L0~+KSE`n3foDLZz00G zsZZv{yD`(kYv)}UJ)NqzW~mJy7fkdDG9xn}8pZT6l%$SUg%Dr)ZlLf;mQ?&jBTdO- zRW((CQ!NMmjhF0U090lo2<#auGLvvrGGa&T;}%yC+0}(Ch?i9VFLnFhz|ntloBy4F z`Zs72kpEEBueUjZ`#PCPB`i8vD=e%t5&**@i`?u~4ELM)2{q)2JGKSs(UOr}bTV2{ z)ULADG0<`#man%=ZUj(=@jS99HojzO`y0iXJksPx97ikHQlsou7h0wH zZS!>jM1-c@Td!>{U==Wlazd$^ky?6bzmNAbKY?58Z&g*AK}gaDft8g{lbfY2W? ziTPoJl52`%WwPR=9(-Hk74&|8glN!6C<5nSrY>0b|`7+k{%>Y zU124@``bVkxx^`NTL}e|JZGUg!ww+PnsrwXGDNOo-+mFUxVm4hKCQk7yVQx?F*14l zc)KaQv{c1G(=$SO-Lt$|ULGD2^?~ctdsxuKb;v@{j`}b2D87DSS!@PO3kE)AKC?Im zqyvtzKPboypDC(Hn?}fS)BzrALR9j{!(vjS%})!7~trjlGsxeP{zTr3*2!o zyHpG32wEIO1Mn2v}Ks~=ZHi%XOnqkfr4=~Tvf;MA8Aj|B%C8KfD&s@d zLz}+KGNuR^zy--+4b>%N9tl?HeA>^({|Yg_zoR&RN420AG(i!)jI*F7S~ssY4pixX z3)d)8iTJ5s)2WJ%Eu)@TJ;aPt=Fs&by2NBFv*?s-TCg%c47;;pkP+3C%62C*;13#} zl3a!I@^peO1`4dytd{m%;xDZ>(Wj`AgHUC6+j^CMr4r6xJ9#>#es`Uf9-|PI`SaE| z)NteU)rf!h3<~|b_|I&YJLE`z{KK8f_?y{H2@^snWl$zs5<*oa){2}Hs&_MUlgn{R zQN>gt70iG^$TW0h$3>ID+KUUgri#|Gj8qK{A;D}mZ|*P~Jes;ATB_;b949j&;-jgK zf;E6esX)hur?ICp6Xd==f6~Mr2W_^T4&da4a>BlYAFRvvTgrrGw@R;1LOk`_#li=9 zt4A7E5=)73%n#$#%)0!VLMzYD&T8)N2G^&j>l-;Fs`!qF8$J2-EZLS|Hm?*ldIUw& z^~e&Hog%OyvOi1mrxWw-Mm_TzH7&ed%ce)4;o#zQJP4}8vW&G7@n!Q`;DW`qK?E46 zLb~&((|%i8oL1Apt}QB49`vPXJC-1 z%Efwh8H{_1Z}0i8L#hgI1E&I@hLT3XLuNjM7*x4g%UUj)urQ12(^JWiBa3ooq)iXm z&F$g>skl5dCj_XNXK+BWlx6Oggj*WoogClMAYb^u zPxp*pp$VXDNKr6yoT`bi5391vQ&k&oZYNvzbr;TOl^6nNqb}1$?r@K}QuGw#Jp3A8j`3gZP?}tLz8;hRd4PR*v%mi1v$BYG-XCt=F@N0?Utt}opW-G9ZX)^lr`_+E ze^glVSl7LQ(+9YL*M4G?w>gO1a{ik7G7VD1o8|Tuc~mpwkK}VXc=#(Ve57?P^$p(F%k!2;VM>?;V>UZuZJ#F9F9`_yya|4e9UP)nJE zTq`OD6G?5NtFh#mDMQ^KSe^LH))@Wmv}cm46Q~M;e5v08h0Awta-;B~k$~(-4MCXx zS_Q)s^#b^u0!?hH+Cp`@HKg*|_&Z5Vn-;46MQorfad>VsZ4lcKJc6Gi1}nmxa?}L) znsd>NI{1kS8pO0`yPjw#Iz)B8N zIxI)aRiZo}Pdyu_;(z%;mN#Iws1#ZUCvC4wS2ovY8sUACCRUe&bhN+ zHCD{K&c~!zs^hq@5;fO-R^IusFmyi7#?R{fOU>qV4tAtx!XKg$2Ft>!04)`H4S)bL zcm{lQ5#~OvLU-(xVaj23 zdI-Y?jg5qDMcHy)OiVD?SGnxjPb`UNFU^zv$9`!N#}g94ylXwtqAK|~nTjytak4R) zV$lx~IE^VXF?Wih7--FKc~qHSj5}QpRipyXMHm)wgay*)#4;i@4= zX38Q3Rw!xJHOxEB6*bjnQD(ZnRr7)n0)GatknqBw7fwb~V6$kWY*;ighn}pAUIDId z1E^F+=;H!`t`p2{XVJJC7V&@9y=n6MXaGYGBd8wCl$}ZPcN4miJ~1 z@kk>7aevtG^@>qyBSOl+V1}rhbBwI)Jiuhe+W#^KhSq?_0DVC>yq~DTb&e`i%EkcI z3&UOv_m^I;z(aG55C{n-7GAcPl5MJ$rn4Ug6)9LLC!wYO`NBYUr|2U25d?BjLUSd!K2#knc$zjGwqF{h~7A%_yr4&(HhOtUykXUKW%FT3^ zi{xY)&TO|638KE~ct4OlwbZcv51|k)OLPHZUFeni0(vTf8rWN zJ4G#L=$93xw;pb*MbR+xw@-QQi}3nCBeAfJ4c~SME-LvKMoS7sIJ@3cC^dingw39> zUv>KX-I>(yJz(LUfL`viKQ8_CpMIkrV%$}h=4>G%F~@W9MRjXXG7B>-(tpH7V+7ak z8dP6OeY($IHoYd^SyNkFco8NyD_?uV2uyxMpZ$hi6U~+hp^?Th`;BM*HEHh7(xFZ{ zf0?o~6HZQClHuE1dFd`*=D0LHSy}f7;ifuB zv!Tkv4jHz3gT+CSSxJLSkk<#|bED27UUfliAh&)+%uy;&orY#y_v9U{?BS6AT)^?O z=(S`H4XpfVvk=55aN04)|G=chr%cx9??`nJdghy@Fi;p9;>JFVllcvBFE@#Lj(^U< zp^_gKR4b1Etgg)>|IKqf0E9phykMupxyQ>SK*q77Vhx~U(N`TugID{3`I8~5;wW9e z{^1fzsjuFfl3w$VV$jDH&x!G!(ZENDtn{*8n zENPYAtXN&!Ju+0rMDr62nptB+A*bZToXj=kfs=BfvWh$pOVk~|YrVxj_<(s+Ug?Pd z#vuzR%qcc?vK5}uE<&L(A};6lYh7gyLM7QrEPcCEG=~ZaJ&jxjLnMYuRlCmp>r9LZFAx8~aB9Pl?5aLBSsiiu~ z70f?4iVtoR(X_6U$Y#~fk;_=^>o*Z3<>!CB?>f4g$f*JJ))IP<@X!U!N$; zZG=^%^)TNkvKUr#q)#SfG#UYL!^Rw;0U0|0S<5U09iqXI(*QrZ>zS-))ccSNXPiwi~lZz+70AIiY@^KE&tr;f#+Bg)@9j7gl zo9Wih5Ii2*R>@uDbm#WHzMGUEH0u`m_3XHrmBYP2CyOegmZWKeuBva*NZq@vV7e+UFy_@gy#XV6FU-J>O?pX@k8)#5yy`-JazIV;r$^n>=v{cogC#l+Xb6tGZ-CrNIO@>C3VT-O-@J@f&sPqB2qsxM@rA z>uqZ)VU_LnHEH|2_;dy265lD;T7_A4tx`ADHC6oUWpuh_R;NTmm4tDV%W!AaJhT@9 z$CFx#C^b=0sri2mQtcTSC?qbAk#d&wc%fH%AeF+l) zgQqgod_0FV!E$;vQBW<)5@J<39RK_0DfEstH4gDcOkHuMsi2~%?q);H<|Tb8FvN+? zI&|F7QOHm`Llv8fp52iPnCIG=WtZi};v{iLM1;mGPo=JafodkDj)ip+wpC(GM9NNI zfZL2>?*!zbyHOQ5$NXYwR5PNZx_byp!B#_Mkc8IM_T!=jqR1l(hqdM-GE{T2c$repN2&|>!B&CZ*2)U7+dx1i> z*vExI0Op?xCB{%=l6()n5OExeZ~xWt*GOnayO=i26UotUJ9y6D2+p|4es^s zSG(cJG+diNb%aHMTzD96bpXL@~HbVeY_(jo|i4_e;6z@l>}JCrtrGKjn>=8+uK|JThAe(^E;Zy z=BwUdRLUU!N4q|hl|OfXdZ#~r?=E%Bdp`NftOey#xaDe#`H52b51G-pcWOo4BJC)4 z>*VXTqC)?9>4~seE`3ueflPp8cfp>3H#D1<5fT?&*Iso22;`O4g6`W@jl4QH!i`S{ zgCEy;5f1tPVN>oQLmW?3&!;p-tMSBtw`$qkI=7zsSb4`m_VNwLV(3N*2axPu+5-KA zTA?-Kb%asa`OV&Y04;IjNP0iM*W%B=Nm1lXsb4fJ#HKI{ZyVBgaH~C%kqDYQHJqaV!zr_A_?z%2%y1{pR$EcR?_`r9!J2m%g`}aZ%7e&jV4C1=e zV@ZYtH7w=`^YmP`0Q> zQ7icudPxu*xZyFs%v5$j1ynmcrhJYYC;HrEZNpes)^|aF%99p1$Sw;zZcoEuvkT%f zD5`oVpisrVF)3;oV}{o;cqPdsP~sW&cTzjT|Lvz}uF7ed&xQkB$6M>rKrKd0K5Vc> z!-5qcT3O8e8FcfwDmuK)JNk~xX35-CoOOUkg->0`&Zo71LbP^GLqb$p#hov06(NS> ztum=A1u)YiCqRiIhh~@I1QC>`>NwOi(<46m&xIbFiI-%!CaU5j?r?-;ZqfFu=LW%P zMLm}_elEaOE#!zH0OK%%!M4T$)G$3|zADR7bgf2nA%9UpHf@La0)t3WMI359rEjNU zH2ePDo2%T)!sT+bHA@UmvkeI4(mCl&qTgT_0lD-x z(<~t@rk$oh<%2+qb0FP)^Z5jK?9s>kDpmQ6Z^E~Ko^ss;SRDHM{%zhjU@NvxG zFX6ee5Xla}hJd*Xdh+aR0_OMW_c)@n{J*8GAP`3J^2ht01`#EP;)7J6GEkl!W^OC> zk&RKvMyy+?@}bIP3GUtMKpSbtaS#@B4&rCXxYaXuD>elPfd_{n%q81s*_c=*^GAky z86T(r*WXGY5Ra@d5dDEl&>`vY-zynz#K+li4yNd7nCd}&R#fSLx4mr&DggxDGiiwe zaExC873Zq}6;0Np6xL%DEdLP_9v13Q=MP%)k5SxO8BF5>v4~U9#6|;#`lB*dhXh?2!%I)kmtT!>UjO;^f%fNJh?KA(;M1RKG&W=?$TnLkAzZs054!RUpC|Q?5ElItK ziS4v%A|Cf}gN)=Z+T%Ss?*%@4n_2i)0vF}vj}PLPZjUtzWgox{55?sj%~tYNZ11mF zB;j32`p*uLOV6)38_B(CWTiT5S^t-PH~6=kbJ~7knK|&M(#M|y$PsX4KJ38dpCZC_ zkl^C|p+uy)A#u-?!TC+_TQ8Bo$-3exF;_?F_n`-y%Rg2g{|E)vIqV}N(4V(%TUtL< zX?*(c8Ps1XJKk zTeN$_oG|52X03@wJ#LY1bCs>HIQkO^>h~|Rt^`Z`bX7=Lt6e`W)&!(ZXI!yd-I@Bq zv&p6Z_#Ph8+C3cSz7W;FYiueO`BoqTEXH6J)oE2P{ua-YGc>6%^pGMJkXIJfTJBbX zCTGyXS=V;Ca`9ovCvY@0_Dkw4O?kA$GksY(=CBxwCNwsD70Nm6Ult7AsVnL%rF(^6 zR_J^{X>7y-@+JqLW7y2NvUY2OwO>n8ome9j z_982&^oTc$EK{X-wES{cZc08>E7(>>VW@uuI|5furvuW-Qyzn5T*3&WWi%TGZoU`! zCplChs@u}R;e*?q?3DgC0u5i$L8n58H`^A|ixLxo5W{vM1!^d=V}h@jpae?nR)v?= zZl(A&7>WFCxhf+T$nvJ@z&$GRnf%=nga;EiA6yWiPP2_ICvS_x+q9%3>myGtBW#w^ z^vb6>S#Ux+i3#+c?Hzk*`%7vZVImc(h&iaW01Cglu0xFh5M-h9j7$jPHiIa)`?C2V zJ+T8$B_R35NMS&ceKe~yIx7uW#=PAh-kL#(C{h%Ua-$t74621f9TuskbWz1OVwoG4 zp@SWZb|x?0!@lIf848wMiBwR0Z6KJORsAD65jrC}F{>eN(J))_08zI}-z+moPmOf%h6?wl#DMmCY@tbuTPvN8NrzT`sBp95}D%7&I%bP+)+1 z+_}cEL7>-vD}^ z*#K*;oPa?Rn4T0_yn&OYx>@{B=jvLrctK+g#9dUXv+0r$U`8hBTo=?Fq(x*Q)doFo z+8#>t(A7(0u2BFZZO-xg{pgn{{c3i0K<<8ox1dVw#8|g}SM$$ek;XR@=bMcnolL*r zw>7>M9vw{|>t6{qLz05U;YN6Q^U~Y&g;`3UBCy!g-oM7}k3$QX+P(mSDlWBGi; zMVV!TGN`J1OR6~)j*jH`YrzF^0>cdVb0Eqk05P_L%D!YRJm7c7{24Fy#CbJJAa*dL zKS+L=P_{%}UW;E7*V3U`DK&%#wYt5Eeg628!{i?pWGk0_Y+Ul@9XEkYG&gf$78Py%Rh9hK0-%! zX+#p*WXd&c{yKE=|G^4Zd8M=#(4GWMsx1`I= z3y^h6WuSqtT&3@Ig4cDT9#axizD(Z(m| zEieZ==3Wr}Hq5TxQ22XeXq7Myr5{}PMf-vHbDYT1Qs8#|DOUHLBeAi_Ya?m;*vIqP zE&ABiHU8Q8=?|)J0IK9I72t|(7^hFq;p|gHxkun-PIIcbP$Q%OEIxcI;c|;Sy-C!n zpxrDxl;K)Yxb;KvGpCbigH}GW>jp}=S%!=`( zIX%6sb?$BexSKLN=c1=kf9cPtG*MQw?SGpUur#r{U8}4|RApXYnCeExPu(RhOG>pc zw6bzkqh4V2Ls!76)FLDj;GS(?la!=W6iearIV=}a`2r-^hI+2(dAQL2gJepDP(C^e zT9sLuuDpApcplZ6eWOv|U|7%+Q9#FkW^1iiSwkL0HgC=gV2Yqjt7tB3wQ37+A`Whg zA>(8T(Mcx&tGn+(W|w}ix?4(c;A;Eck9g1PG}m%)%KA?Z*OjrjTJVx5S%7pVAO=aQ zU&5EylF!+L$O~r}7p+WA^k{VYg=+lSd2*;P2S!hc~i}%xA8~~C^p8<;k4M@STg2xev!XnrXs-}~lIRiD#AF~gX=Q;6lwjocyyJ?$?<#>oG~+;Q=jcq)-^Gx|Lf?VyKj3Sd^Tmn_v|-B_`x zK3_wLiQAJZE3%*ohN2LL#Nh=hDT(sym*j5>)_O{Pn=W%u^xY>)zsgy&l(cdoNW1H} z#3y`*;sZ6Zqp*EYhr-UolsvD!0WXNIs}q%c#Zj|u&uvXs<&~RkQ9L*j_C!}?;+vHm zoPv9W1n4^ccmdD_xg|P7399fcpwaq7w`3fUN-ZL5^5lFODg)p_oON9cT4#}3I_teo_K%sf(InH2NGWVQ z5VmFwDSTHsXMYwcee5SFr;v!FF(nWk!wuRXy1g~djTsjd>y95zpTIT=8Ut_(ps8x! zHlmf1k?yd);{&5iEhrOXdbYTi)cegX?Ep2%W8@gLF{n37_h(D110sx&DlF;#x1_KN z07MmSy|ltG8km!ZTWg>oTlcL zwEw<}f1LQwRo*|m-Q~cuWqKqUCveX!JOAHtzVywF+WZ4G=WTrLpO12{-e?&7`7H8S z9WrgV@K@yAq4-IdfHvm2toyco87q(*@e87v_khrF5B%Ti)-ck`Q}b|;$@ITBgb|*; z5R_)Uh6VKo<@;)CPLRDgzQSS%`&gF2Ab=?m(>M99RYmWtmu0$sSgL5eiy?KCc#41y zj=`DxYAbrOBRbTok$A{%q+=BBCSq478viTcbPwm{4j{b?XP!qoH(OKUHfKssQSErgSh$}R8HGQ&Wh{~|X5VP-C z#FST7;-BdoY@VsRuMc8glP%C#P<$4!WTn>G$#0JMqW4{}Uri4e7hsPWNh?IDxEzN; zb-u6~&u^I?OKv`6EC69oH?#~CA6wFyF_aIsK;sjj!+J*WDGDYhL<2@ySlTe2qZ&0& zTQCM*xe`4e-Ibm$Dl?@0*f>aTZ;hirCD@*TKlR>%mIq=OOEG7xW&A>Wg#UVF#pzSS z@ihU;pcb@dUNC+yBT)e9qn4qZjk18o%q}uoD=5u2ae8Z1({o|Jn~gF%G6c_$ks}IP zTMet_=}aae^F30;bVYcU#Ru%t7i6kszTEOEcN-2H*&MM{?8J0hG0;U!Wp-#-8JbX$ z+BuL|S2zCh098ANt{N%38twh~E${W`?;Rb>m2}vIaQ%05H5nBF#b&gl=CsxLIFUtF zT@$<+UKFjWWzQ>Pj|fgdW`V6_>_}DUWdx#~ac{30(K3ILG9vGa<@#sz&v2 z8W4C@i|51qr{{Ic0iVw^VOVUc_F-XzDmz$W2a>JBEE4R?~UMB`r(}UmfwFZ|D}M`h;04U zoelw#3LfP44%{D3$6Z~{b0Df~#0u)x{l9U8lGf01g87e%5Uc4)e_U}eU+Bd~rCR_e zu=fk=)|yf8{U)X#&Tw#;MR43YT2rTbn|ik-M{*JTZ0f31bF&>8jB4r*4jdp0fE+^} zlS_pb*M|YTF28Fvtuf2KqqlSJWSKvHFKDH~xz&&=QOY{9Cj~BB6T!W;xWNULp_M>X63aNo0Ta@;?r=C#nh3QL~H0Ufou{>_K{X z{vl=Pu1}2Dz=yNC4`&W8Z95U~e;{eCtDn11t)B6``Sm1J$T^fee3H6-^*cmxZO&6--zI)Q?BeZi zweY6ry!uNd13VC^q_elNIeaoF=Rf|=f9tgfVT~0<-lcjDkIzb0`5(q1th=7acguC2bONn|XvkZ~ljBiyWtYV&FW9 z+>l7~zsMtjKix3uOV)Sf+wp1u8b4UN60&v<8-mm{PSi1Y>Br6KW?M1T5- zQ2v8KuvRIlK$JxXW8S9JL;J!u34) z3(I-FKCHd^pJgv6E?0Xw<#SPqJyjp2D%FCb5XMj?v9g^lh!(RE1e}UauU3%*OJ#^` z^2KVX-fOVjx^^UA7N%aQxN{`PWlzQyDP8G}zqZSfPn!DV0$byG);8`(lJstcH{pw& z$g9rdlFqJ=x{iK31TU3u2Z-00XrI^Az+Kf_G|&VW!+Rv<^OgJ+6J|u*l8c6^aF%kig#Vb~<}xN(E^395y)s!HpFMI&s36@gQ&Qb!-9&Xb59 z60qVF06J0>;E6B+v>F70LY6#aStP{bl6LrR4Oxmu#G*`+Rg;2jF29#Vlz@^nP#F#}a~KR?8E`~wpJX0Xz^7+s zZ9A8?nY|wOMGFkC80a5ZG^Wvur5^6qsAU`Eu-gR+hLZq;g~i?{(oq2UghGuf9`ufd zV8;Etab-G#2+mMb2Zj+hu&pw{!eqHL?i!}LonC4fR)zbbfcLnkJ@mU74BzML8+394 z?^)v(-o~PESs$S8Cv2TK6}M|w9}@E!i^zjzCup61Rc@}^$B!R>=&N2~tLc8Zih(KN z$;3db2TB)1iB~Fkjq8X&Ss2G4B&&XzRO1R?rsdA*Pu}Ha37GJ!=-eFZMT}Lh0{b(0IDmuoM7Xx4q!lf#T#WiED zbuv7jmP)C~u3J8-Tw;(C#4HA*aA*zNH{nSP8peb;npU-xotG8u@m5R}S~a66I~qHf z**7<@iBi2vR~7`f7wn$m>B5c6AQhT;~6~8 zgJR3svxlkChXHmHqvbN>>|gZpCvunBq1nm<(<&El{1F=jY=c@&GsR1xY*v&pK&<8@ zWjb5RF=5EoTalu;;&Xgq3L~lri{ZXYb_FRtW=~KFhQm!|*;ZR;-O2uWX(~VdqTjI@ zokz?HvAsPzDjJUV&9*}{VayF7J7E%$&2`~jCcqL0H#@bJ3BdLEkVM#nds8g zQKwwU@w7A;B#nBCIL=MsYF^L_SuHqNFV?$sH`N}S|BYUfVOtbI779#;iWqbi^p;r7tQf=}Nw#GW-CSaOFoe2%g}LLcKhgWebaZL3z3K22-v? zdtezRoW5vpSV=uetg?N_vQq{VKsTA;W}8!{w%qNu4^1H^EXEOXYMj^YN7acT_c1EQ zeN!}dg1Fnb{@CNb+`IK*yztpe(=H1in~hbvk+jSZ!iX3{>qTugk|Hj4H`9y`_$8(s z5LOba1HcFJThS<2*lOePM_CNRH>AvO4s@@n>0!iY4DSQ8NuuoCd`29DstIQJm7}Up zWCQEitgZCpRzjfbZCk_DMj_6V(h`ARu`jLof}UafM)-+5b~oevbw=HG`g0eBTqDJh zd@zBxNDK>#@9)XCfk>Ge(%dtJlJ|f-HF=^*BE7KaC{H$@rz+oQnp1X+{`{8=`!}S2 z^??(q*6!M1^?Nd~AvYg^NN2@uIPzL+2YDbt^mm3x>i4*251jQ6{OkW=>aC*MY`d=Q z;9lI_-HH@15{eafC{A&gVnvF(7k77xyL++X#ofKQ|5xtk{l@q=*drk!8RxmyTyxFi zc?<$Y#Rq;1Nyuh!g#H=A4Ta3ho=<18U#}rI4J6qeegpDw2t)!hS_Al@$JUjT9uv-x zR|5%H!-#_^AxHprn*?+4tltBb_Rsx?3XqOl9fKYjtC+-@P) zFpzfEHwGlW1q0MuSEP#!0p$I5->|x+`wDa6W72c?q45vv&*fc@<-o^6<6(t4^tf43 z#plXBS+>S+($o*3;I0GdpFpyjpd915$E254<;RDFj~+)9Su;rHxb=%AqlbM@+@;Y2 z{LUw{Ej5Ibp7V78{-U^joAi9R>J<`Jzfs}C_usWj{<=x-Ggqz;AvsUa!Fzec^1H$Qh<3sb1a5o&JaPVC;@h$AxIxi;>o7K_h^bqwOpV*0RN^OqM>QU~#$L{bk!a$_(JB66%6;Ch9G)VU=cYh_^}k8f;hTq;V(W-Jld9IYyAJmr>Cfz6ZV}j(p*~f3lOC#C~=U9rPO@{Hg)M;%9FnM}~ zf=^DIK4*hzQ{$uwBc)b@nH#eW4f|m(#B`NDf*uE%ha5Ka} zG)q{uq&vhygW`xbfyMp|x6!lo{Q$4mA!aAoij$e{otS7a?!j4Q!+csvWPTZekkw}a z9Q6Q3>h?B%YcLE&j^7BIBgo-s0DrVTGHCBM$GAwaTzQ;LK)5-pD8SMw22kvHl8ho9!WagCnY&=QBLS++euO%> zUI!`BxbT?9k&>fuyTXe@1GC44@Z*;(L(jqY#a7?Ho@aHu98L=--!?B;#jbtNB*G{} zEhJdM=s6g{z>L~7977Vy`UkV>itlg-Pebjp2rXk;C5cHY>v%rqqb|Sa(A*ZTqn%N} zDOY~?RQ+<3R04w-a zOL;@uz%(^2+`V5dJye`$acV}5{Z#R-(HBGDL|;pIqxTF~qUD!r6;qpLBy;1^yq9aZ zsAxPw#Ga4CudE`*skGoW%|2Y^w*bfLjOntCmQsO1(yd?}ynAb2Wv}Nn&d2!$nskz~E4DZ>_ zvx*JLt2MMuHl|EPcgnar0)Tqf5d47?pQ>~`y4ni4X!Yp5O{hT8NqCg_viSxCX>=K> zb3a&$5xHP3Vi~f z#srW>1G9?G4kmv0>}9;0pTY5(`2o#5^NHWW=Wgw_u)}q6G57Bry5|Kh{x>J`obXaf zx|Hj_L?`zOniFP>JpLy_CaC@ld~+-QH#x%iyQ=xQ8rGQ@>967HEXB{5H;J8IQY@C1 zqi)DhD+yRpY&tTFR5wg7!v7N)&B4IvR&KhP6SB* zdq!#t4d`Ldov``yNLGG_GT$Ca*2Hr*t4)(gmbFVLac6Kb}aRBLXfhg^6fFv06_PhG|w+Z=^76@`}M(AJX0i%-$pqE`( zSZgvL(9ZNomFMf)+XrRr+qm7i4tL%TvZ3q)==M{{vv<8cb*-;l$qUU_pA-Q2rtrzU{)!Zn{BL3!G4OtxKArMer&e=t3o}}OD#M5WDIph zF`4NdvZ7rlHu2b!34H6mVMp=c$RkOD^Gc-r9;eyHWRkPnal3|{kc!S+s7>< z^mZ#Lr9NR}#;R>CV#5NeQ+8FuFD+1@(VEhDrXnr}W~vYvm$57lu|EknJfq2Ehpn>) zizm}?Fj`f)P7VYUJ$w+DcgM*4p6lO8>lnGXT2ihe zN8rRo=$;|bFQ&E}PkdHfQFXQ1J{YK!&_dTTM4H1PI-*`ga6wwBrFISqXokC|LLSX{ zbq$MUJBNTdzu`!%uF4CQsyE-WpQe1;EA%=iEu4`0pk@auP%zZR;@urAiB)+Dseclx z-?N-G8dvR_xx!-?L!0&T@^7i_FYq zz9)yO#7pzn&jX+%4cR3Zsx&zTmDV74}7=3)}cXRKX5IIA|^%4WB-mK0s-V`OfAZs@&WQ5iY%fDmT=+!>6SvWQiQilAJ=cx{3Gafo%x^C1_tkWm2@t zvY0&5_{V4Hhe)^_E`jd1Iv8}ZAI6d~&*y~{Y2Kc;XW_pj4d64Vom4$PV#Xv@n!eavtW(qvKCNyueC z#fdxH8#r_$k6kier9-$yFOoZU#cVO=@%$q}3e8$Z8;ZBG{LzrRUhLa%D~^Ga@hR2N zc!f*{4lquHR@gyCD%f1E;a~jOiKKNVm2ej(nO)gz?C^JXj48OsKFNVG3Sm~7A&#Ui zJTc7Ey@Q8BHFZW}G6X=Dd7)8DDy%CI*($-f&LDQBgVBn9-FJsSt(7F9(=i$amYbUF zfIcM~>Q`u*$cYg;%mtta^7?)U!k)8y84HDgO`$e`8LiNXxKWf2p>n4~?tn?}Gv`sq zrKTX(Fv?^-10(s9 zf7U+l|B++uNA_}NSbDs9+vcb4I;>b@n!65^=6h&3v(W=UgJQ^N;;r-isS^@34XBn6 zszBxcv}9?Zm+^R6{T1NdyzNg$`92o=LSKYR32hPA2cBa~d!!0G_(Yt|Koqkx*XULH zuD?$LioEODaFYECh4z!-UaJCZbx6hY&lz{wb*rljlurV@yvJ97q9{_GJ#l_j?Me4V z;qCvedqHiy`5d9Y4z1ojf6RXNMSqu87G**h4A{j$HeCDErttP0&P7QdlM%DFD!r^S zT-G{Pj=sf$4t#!fYwr$!?HTJhNcowx-~M27z=)5oB@7KBuY1*7TW7bKWOUpfi9oZ} z$bY&TpB@jH(-rEN*bp_z&7P2eA@g|2sL`?s_ShOnL2`GbmqT^@6Tg&TmKQ132QRXx zya4>XITwe5u@7&Pim~$d!w>hWqjL|_E$qxlP20>Gam~!N$IdKQ?zt1th(}U|maaxY ztZ=ERQp*(RuFY!dz}+J+VPs_l6L2`lgmaiN*8WS?o;f?uH20&=%LD#7s6Kh#8C9kfL~m=&B8p=DWH*#U|3^}rI*9fO*mWW6+;JGI zJBUSWYl-o2o&pmV${g4KLk$1+&6R^H@dpL+N_tXWkp@exg2u|~h;flhhV;4_v=ttz zr%hG05dp}(-?M{k(9yiX>TD{bKpQiG`^$t(`DgM!B5rN`4xOl!f?IMwD_G1D6yzNr z@)rTzlUWrC)_kgO@K|3;@{WHktJN8f1B38KQNQ*ipq3Y2rvijxX8#%{V%CT z>TrLQE>dl+@;4*VBZ1|#+1hiFxuEJj0%rQbJiXw7ij(N=GpoN{#&^>_ufo7|V{v_b z`J+~~?p2s+jq)rGoh(o05Vj2S^#y$Vyi6Yz1`>LVnOWwFJ_{P+^PBm(o{6ns`PIfg z;dZ9;X~*Pc(C~^4>bEdw#^h$nFv~6wB^ELPR*(%s*cTSuhIbTpm@iPup;#FV$>c31 zYE0bqn-u=y-$|%Y>BMnma{hb-%m0MOiX_^?KrYz$E3$vWvoAP!?-S`Z(QtcufA3#2 zLX=Wjx1VM`arZhQoP8-2qf1eu<3~UoP~$NiUV^w0<(`_hY8oxadoLsygptc6Tvv>h zLih8<*m~K!qO<8sD=|hYV*I^EynNlci*^RdU=MVk*3hoQ)ChKjq@r?YP)L%RrL-aY zO31~9&OnC#>B(B{HJ#(&QOBG6oyNL0sdeSySDQVS!ecx$5!8T|1gvPC@rwDc<0R0S zm}O<(zET)&^Xb6lNJ`>}HXut?XQF@mc7FDyCn|3R`OcB#?l!6RK&MK~e-qJibhLF^ zH1rp9)N+BC}_P|~donsVP$X0Rm^BrJ4)X*ZXH;~keDnV|jCeA}5Rq8;jbk~inZ zpmRB=x}A}of_8VNGuy-hH9w^6b6Cfq#^R9t@`Dq`5NG|0q7ukxE^4)Y(@4AIs&V?} zy~~W+b-k6)eof_m*~#)q^|{muM;_)!7q?Y-ty^7C zHaSS-Uv(tzYnvUGkVFqL$Q^sVKj8>5HUGh|jFpt{p}R+o>Gc{Ip3DN05l{&~%zS*A z5$gQH2K5Y4e*ik^`|R(J*M}%wy&lNlH<0lO9uR;)l6eyXc#_}dU9tYF)$t!U^xdV8 z+Jgx8l9p>s< zQ@y9O`SDaS^+GCy0N*VkGDt>g`_xTzb&NmcIs*_J(56wMQ#woyWUU7 zTN5U4v(>x3WS#wR`Sv;NsM;u!CVKK-0_8Ome7Yr0jYxi-1+5ld-xNdR+fyI zd#20i$jaY4VH%Pkaz#hevxPXnvmS$mVVIhEJ7&z2TQ)+|P~?rXpRw_5(Y&#jnd_I6 zRo;6ayRN56LleG=C+%l{VZVUwaWZ~4ejA>0X>k`e6o^X>&3w<)Qmpkt&#ZT5(S99B z9g~D@V1LwL?Js^WGHN~z7$Y@jj~Ejpknl_bMdyEgr^uTp!gL`IfwKE-WJX1h_xaJ@ zBpuV0ATOe_h1;2%AO3bI`BkF|9Tu2YhI9L)@#xcz)f zT6craeeW^ysC2{=#aYWFH`kK4FcDETtVxF)|LSVQpL>98pz}!u&Dr(NQZf?ZF(0OG{c~A=4+_(+VYiECX6;h#&7zbcL zJXdC4D5y}2J-#YQ>e@~8vnwv5Vjc=IdQW1DTWS7oUTJ$e^BOcdkRzN+M67mu+fH>@ zUOe)P2ssiBVlcw20=HsFr4OV^m|)*%j`j9U!-}RFV_0t6n2~MD*u8T@M^RaHDjBx; zhZ%kI(rR=uFTm`~$#+O<$|K0Cg^- z2*IIr`~QEY0vOfg&RyNkU0{*s5Hfxyf6OIs1;8T)fMTsDP46ST)q`5Lz4QjrtsjO4 z0bHvo2++gLf%!l&`Tc><>K!Ga&`?A73(@JF^#utTsM>vinav?m*k*f&G9$&HxNsY) z-*NRC)OrF9wSiJ<^IHMJ$oBH`!vDLsUb1V94g6>5crO(xC$d`hBMhFOcD33nGpm;U znM&f)D#f_Wf3ZszGEI#8*R)9ohCUGMNY)uSAYDmLbD?^+))K0N8? z%yXLIDu@o}Ex8V?U_T_#^hWa>HqN{Ipn)c=!mZY*v|9vn5iQ9Doi%1v zS(=Ebzy*(GtH0Jay`~#^3?9<@R;?>Hv#3VUBsl|QTi@WP*zvds5>)9VJ*Vo;QlFQ= z+#5Mmc;V>E| z94h=HETmmPNyQJ|593&-+!wnW@y5oMBooPh3q{A2t9F}PuymoLl zC=3v!>J37wbA;GlDOEPKTB|P2awlyC&7g)YLGZ5r z=53?ZW`U@#H7-=BcrF9I?_&FjP=!hh9?e0d*+&%2PtwiPYJbCUTz<2XtDa_P*q*OA zkuV40@Wf1=th6}aWeG0e8pY|4ny>*7pv+8cT@+}#YX|ki)~ZBkX^^1qi=<%0WxS^y ziS>;Gj0Nv(4b{?8`BEv<(ghAKT>tp0ZN)b``}3^2_tBaCskQpNCciyq2TDaYf_vzfwRPd$Uu5e$LDu`_;O`_@eY0S3-Di{nR!o~UE zMjepTk{X1OCvVv+Oye(}drh05+G|}XTTIo9SiR|hf^KrQjR6&iDZZB=I%AeXPOLKz ztFHb&4EAi1b{2l8Z5g=THYqn+ZH%$etsQ<3^+91>5Yc_71YLNF?28QJOa15}M&FSC zel-XgGeVHjtLHv<5E~JU`;g$8BOtRvAguq5Q#%2-ODmuPS2b@TgUlxYgb`P^$NdIG zW`&%H5Vw;T!0-bki0rKDXW{iLVMUMMsy=7?K4%a^i$a!AYK$Ln`U(mPLdZ_OIo(qF zoBd(fnqM3TAj8=OfXa0Cp8zrZyAzl@y1xSRLDKb0QiSM_cYp>0@S3jYn>ufRSLn9j z3OJP9$hs!|N!@xKgM2|94!+yX0{R=Q(bnPAURNBG_YOC}?A0AWO92u`q0c=DgwhBC zBxE$uW2f(L)hy@@ae>QbV&N2bj)0@)+c%&F_g(?WqQJEF3gYR(_u0f>yUMz|_Vztn zX?e(ha$OHGy&zeDKHkqTum9-R{oA~aQ^k|FDSCd_G2)qkezSh?4%zs@o>8-#ULM}nX!;9WALaf=erl() zc= zp^>&bQKP-&lQ7&K}dNJ{eANIjti#p+4ixstv=X2MVZFP1QSa@4yyVSr4jvr!Wa{)1eWhneuS%-lsF~xMxU$4D?8oLxrhgiloJyvRx2#5>6^`C zN|FY@Qs)zmjYo=0_M~Z1Wo%w>%$0`GovyT`&#(H{34fo%XCC-ByGpxZMmbFrPH)_m zYV>|L1L}ze3qCHZ4fAlwlCkW|DprZ*K}Au?FH`$>eGZetZskeX^a>e59!@05;}Hup zgfm=5y>#vL$6w7TR8(3M^YoPG(o9A=98uKik&HgN*(rkCs^n&NJzT~UF8zYV9>a|D zB17oEuJ36lq<;KkxQD9!N3XB|>%Gvy1frw_e`SIdZ{HY*MWt)S`O0GUQ)sNW49rTN z>K)Wy;xaGfs1VIMqY5(?y+eVd=`e~F3V3Qh7Mm${1ajs=74WR&EY-@G9yFp1wT;rW zeTte96bU8S_N$&BC`V;=B6FF#rJ+L_%GUYHfr}nD?N3{iSq7bo=_eTKh9L8pdDG1{ z!oVOJAu57~0OAgYrz)v+SO4Ajhw*tjt)1jY?q>F3J5J$A8yf4$;8VD34EG;$DIu83 z6om;@E}5Lt>XL!!k~|+m;Kal+D7YJdp?K9OnvsKG(@LAE$Mo1xD7)`2z>hv!2zFFc z!4(S#^ibo1Rcoy}e;m*N&(_SVsZj(_7D_`=gIhZ4ns?&m8lQX!ZpFU>wUT+wffp{^ z1{D3~9<1t9Yt)C>hP?wl7QE$%wUtmM-j`GOdM`wA$;VC{+~$BPrl3%VbodAGC3^b& zkDDP7fX^gWbFK~K5UOL^3&W`6>S&J11DP7vf0%v0Qi?o9P~PHNh{Gfrhhfw${aEi+ zZgnW|o~UEx^FDnP4=h6wyL(`e9Q4>`0YdC=i~>A)N{gDrS%i(ffH{ZqfI!2Jc9(SqI6jA3{qLhFbq4N^L zXI;O8Ky0lIo|b^Cu(D&jAGD|yd>pX^x3IU@`ts}{Q^))`g`BA^21`afc>D2zI z(cbF>nAbt%j3%GsCWwv=XczJyR#>GQJS`vOc2(^0;g_W10X`|Q#CY|&SB zJ{|!g^!f4At8@0#%JTZ_ZT4enHuME#Ug`@x#2bi4&Ej+1f}H>QJCGS+B``c)&~xj! zskDbc>;Sdn`v$;OoZC${@B!?Z20jnFz*|`O4{#f0|9$%b<(9eYAG1^zXk)ndZHoM5 z3WB6{-khS z74scsZTfy0VE`F*C}s+{W?g=F7ZbGe)Hj?YWAttTlqX0d1RgYa$@cwQ?%iNi)4(9< z`Pj%i^>^fa3TgpssWidNP7L33n1Gje^RIR;_c}|z5yl;#r}g#&?X3gOm*c&O$1Lh)3ZI2Bv7^C1(s_fejf5Z)blRk=uGvbHv(pQrF?I3(P1)%simw> z7fUZ_JTpcMD6ux;)s5#xn5U<|JesRr@?r{!yeP0tEKlQY{TE5`kU~wP3JHJb;n4C6 zh&Ki?m4Se)^{<*yDO)eYB@cxnTs-{PZ3QD1fV|-9sN11L@lR_R= zxH6U+87UC1fFG?2<2bK(2hRVHN~ml8TgVe~Z_EXT1-8U(XimguQO0S{`3_4zSpzUJ z`79bXZX=^#yb6F7=E1{p!^bHBR}zr;F|B_3urS-uz}eu83CASXiU(wruq4aj8X1-w zWC%M?{%Sgrt>NkafPsUAOWj*h61k0q>Ah}=y+=AzD2NejXhj-OuM^(4Zd7`irWK!jhZ+htpI$-WnHwvDSjA=FB!g*xEN6Gb{SZDhar;K0C&5J!t zF)xsH5Y^yZ!8v@EMh)UQx&y&e8yMK{yT!| zN!xtkO23nGQHY0h0^(@er`;quSduly`%v+)lnk#E+2n`JnwZM0!-vo=ZKFO~n$ahb zk0iR%_m6?)4h3Sp%@MIB6;}O=&KadC8!+n$WT3W)>-#D8DNy~x2WND2QE3$T0?$g7j%yvY;JM8>#&5|g%S2{9=VD-TB*1Os0H!$3zBYN=@+QRDI}IL z5})Z$o@Q1WMO0S$c$J$Yp>R3xGqB8Ba+xUOVtxSSw!DTk?7?JUvHZy?gS)jFr$NOR zpv=4mtRzI3xw@?kbys$pzYg&6&ut1D+r3B%uRkqgA=IuE;wfTJf#HxV*1KzlTMkXq>_j+3a>{aWkxC%l8BdSt( zbIU=6SLwty$jAi*e;2y4ihH0hz#V(A36eqlH|Df1hiVgyXy7Ft!n#t2!}M*f7hD#0Vna8ud(Qeq^4(0l*1Ao znQIRZs{7gpbn%`UbiaMC7B^HRg5!~V)%P3lptb%F&R>AN3IMD^JdrgJ^UXR!GZf=+Bugl)}Cnt*^zCUl< zH{a-hS*0qgxBRj^k>s_-w&;-b+3o`(_SR10@QOCgFS*ihh2!_4c|hlMc7~NZ$ROtBkC$PJJCbWR zop&!I#y{%JYwBjs((!%Iy=vMbvY%y6PAW8yM2asU#T4(nD;dDfv|nBA*qvn@Q#+|M zuYO~HgEODl@O@!V^p9W{5o)OReS2D9c6|!NZa!uMoCSc&7+o<1>F)totkYa%TbujK zF%(2vgp?;o&BH&76&j#^HS&F_^X2SWtkZm*IB(xMe|@*07n0oR(m8qsfS*y`jtn-h zEm2{7o|-NNyAp=Z0l#rC@Ll7d>^VCNvF~v0oQMn9f$X*Ke|&p*I3s`l6Y{GqVxbdH zP!M9j1{}&6L+paykBz0+3v$bJ6WkjHx3$R)I?pGQoi=ZQ0{_mu*P9BrPqbIux2;z$ zQztjfeav{)C$nBIMiQF$$yPj>eeOfhQCpIM4X3TPF5>k&@4t%=z^V`*dDp}BVLI^T zB7fU1s}CvaD@&gst{k1;`psPZ#dQ&9sB#(s`TLIeV?_1?YVG33+nSrbj-&Orr)80Q zu@n2-IJ^>_cfY!3oB19N;MG!Wj!FfYF-k-lU6e8cx2 zJFKLy2gAHb{oaksk-ur)%vM!c_?27t8loXWwQjx<40oPqU5%a?}yMD^Oxa z$4}pUFgl^v_wqsrZZ`qBL`cJWs5jEM!3j%KQpXn&)+JUTko=IgXsS6On3yg3jG__~ z7{0$?eK^T*%&mm!IM&)LAL~I7O!IROQG005yw&!TEO)g9iF~7H9v8gd1=u){=BGGj zgr5gvyj5XbWAWK$u59=q&FjiR`e*XlL>Y9h8LP_jv;^+j?k^oC83K78Finiefn}{B zfu=*WO58D0^`6`^%fXLf7{7E@BWJp2R4llO|6KdAeu2s~F#Gg-qUfVlg(Q!Zq56lE zIbgNdgZoV$b(=u4|1ogP+bO?duH@Qcr)5^lZti2&o`?zjRl(>hT9b}-D`UCY+t@-_ zYGEcRQg|#`Ny7tLQ&_3hHUVZ?LbSJphVC(?agA22Q3F;%XqyyiouZ)nSXyjOXk>O)jqRiRyUP@9!mXlMUasTzLE|V<<99 zFFNS&u(LfxH0W@Mmfl~J?q5yFUFdf;|G3w(OK)w2$s4nsYAQ5dd-&2+K;f!e_|!X= z;y_Hw8CgSe!~xcObRvXe45I%sI5m+W_`&_OH81nJ6~moWkAP_lR)|8LMo5%y8@on@ z5d%|p!SyUlqtN#BA48@z^NTsos$ttzHmLv_OZa-hwDY_r!)o&K6LKj#J4cS~A zXyJ}fUPl{Q9MAd7Y7sMR6)4?ll+M|4ESE!lYQIBY>(diG9J zYjfQQzJM|n7bk(qz(9;Y^h?5D;rvYX2Ud(#gEfe1rJU~68_t{5P-0CSWVuj4+{93r z{m%yyIWDrBJ44KBxu0D9GhHNGt704GL(`t0KC>D#Qnh3eJ017@_NPE-A5JS~k7Go| z>5-i?xiO68s}Ij3^g)=af1Yvp08N#q+uip~5?u$U*g=?a%+1(h z9Z)s_^@kNBJy4M*8?ChM#7D4oTpPPJIiAQB=lKusH5K_y|GPts6|f~&q7=sv`T0W| zDLBfNFc)^bEQE4Jl=HD2zhJU%IB!|U*Jc={wgs;_RlUivqBL8%{OfV5$6kbsUX#bK z_5OTj4ZE(ZH^(<9L$VwENlf~RZ^dY!_AvYD<|~CSKKyD%!O2}D$zS|^?-AP1T<jL9kE(df_@rztn#?X=>TtMVo<&lN$Pom&|+0#P5og`P6E`CV{xH{qUy8 zc;27irtLM-V--Fh2+k8kJynE4Da`8T7BJbnGtg2Il-3eUzbNuq(U_{rCjZe(8e%bZ zI{2(M-S;#d5!&K7P4gk!o0heVjqK*=P&Sec*4c*%=&W>ZC&eTAq^Ofzxu zOI95>o+Q`^I52RKh1Aq==BwmqIn`DgJk-nnr2OKgjq4R{rsGozsGRV$s@=A@0&Py{a)Q(nq ztvzm>#eVZl4RelTG62bemw=(ST#^Tr$Aqjd?_>ef8h%?#kaS@s|C5j6oqBi@hRk(r zfoOvqT?tq1JY`-XPFVp)WzzeHX6jygkY-|4!{@s>)E^Zx_`tbKZYKe8lfN zFvwSr4T0nm>x{*6^Sh&8`>v>0pc*Bi+q?l25^i0WT~2)a?7v6J=28;09XK`IM|dTn z^as2h0a5}C5y8AG0-%`IG^Dd1N`=xNXiZ^>W4LI37Sd8-t;MI1?vjppM~6x`*uqly zm8ejlrn?Z)EgWGa51U4tCQK@HaC(CM)@;V$W-g+4qo zhQFsq3Skk0<8t$u8t3E;zV$Y(tg=eWd_14Bt+-k1*lp?fS{ZFf>aCbGnhXEayI2R@ z+_0+WGBq(Vk}!P(w$OZ!@_TjMdfUGUISl6xBfe*jh*n$_>ngLzl&6n7soAQ&Y96_< z=QPz(9Nhe8m9!^Ei9$u1l4t*2LqcL2heTc3S8OS$%*5%4aO5JIA4E^KrweYkizYrk zyd$Op75yL6tZV(!ra>z6jne7!Y@_nrFNk}3rIq`rzh`a5b1MWb>I1RFM)g4m5jq_j zGb#!he9Cybg7l5lM}^5*?FTzDMKcn6P|d0gF2N}I+;Mg&6k;whM5^&27=Duu>PPRu ze>&c)a4u7myi=8ApiB42Ex}W-vCwl%sRiSI4oSD0T~B?D zuR=s_Nm6POw*M=!$Vxe*w|DrLx+|~qw5Cdw@UA zh?bSrDyKvYT2%V$DJnLSLEozLFG>GmQyR}mi%`t@r;ba{RNfjI%6G#BY{Fr4P8tac zYqnO(P0)NCPzrUS+>BhN1E1cI)o)}3+)3^3!c-$0+}u3);lPsWLB?nC0tKRFH=p{o zq?`k!7u@uuLczz3%?Qr#@!(?F%JS0uvd`(YCMjH?t)cn+xF>8vA8fSI&|@w>iQauO zkF*&pO1o7N zAruKE^<{<__)}hZ%3q!@%u#`9`DkR&R$Jp-Kju1)TX{4Zq%g`Nr7LH5*7taz*A5b| zU@t>oPM%$Lgyw4z(jFW?$Ikq2Ovw7x&d{?+wf5^boi=fm1x{ruRfmU^K-)6Z@GxsVacMPNbRKavGa82-M^rYHE&a1u5 zC6c4EImEmzUHcb^fql#bSjsdWlgid;&LMY(3zn=HgH(hivqrz#&gZPm@5TGaKV%ybz+o>>@)~PtI|1_0mMD`uv%d&Kh>zCE{|?B<^ywx$T?1Bk6jMW zufgRU8ebGXeM9Ac%b+IR5Ips%GJno-=}#2+Fy1Sg!}-dQ`vY^(=DQ}>?@r#?;{`cI zik#bzQeklw!h$@esW@|u8h&Fe3C}IBhTAiPt#p-sp^ZjJ+A1&l1-if1iQ1e^&RL*N zpE5H~6X=_o@CtEoKd7H3a@>_*iW1D|={x(unLi+Y_<*g z8bdXYH$wP=kN9M-SEm2@f4E=!e7k|}vvw5dG4Hy_OAiXe?>g^@eV;$R?IRd$xV3M< zWp};Y>H^w7`5pV)t~@aQ?bD3wTiLDFMep3^pL}=*8vUj(P9xi|t6gn}aSH**^Nr{) z-Coj54?Vbhq(BSm`ien^j_}26i@CPWycCLTq0=xX)N(N`jaE=a&>RHgSrTcbj}}l4r+IZ#X8>_yNn5 zNc9^R`>aH63#0Gm$ETUvc6Num(7R%MwVNxWLWD2w%bL#=e?M1kXrDe!Yn< zo+{$!N1;b*icZ#4cqj=J0-w)_ppz+o;*iW-!Okp>r&&j4quYFGm#>~(< zP*?QaQr8r5R6cMmT}@I*?A7SK)>Y8kr%NJ!>JP-c(tQHgQI(C^6x~Y1Hzk3qEnKQU z*(M@M>L5fDY5iUMNh`1$N^@U`Nyq8U8mG!@d&RL_JSyCz@tUR|fCP#drV$`Tm~A&< z8bh@&PQG|9(x2X(UL7w;tj~%HwVLZwFVU%Y8A0Km^w-vuRY4CCn6H8V<3>s($U83< zj6^F%<-vbTg|$IN&*nTu;A;G<>%B2C=VJ6kek`GJJuW4ng=8jbRwh|21iIG2c5 zN}2y?M4g)i(pr?H2`kf5Rj{N0$DukR=2W|r^B*XR)v;miS3R(5ynC-Q_MmlzAm)e% zCDxChd}0#G^sAO`?1@#!HvG|j1egP}bDN+kRsqTmUVF{ktt5@!0uBuRX)KK>MBbGk z8JIwrJlItU0v%at7@b-?Y-$qmoJ1>)@?y~{L?Y$vnixx1nD5iK-J zvMs4+lru-Twop+?1Y+)Ih?quaQ?;Zkm{3=-f%hAsqTz~ltTggCMpQ>hD)kH)M`&<3 z;o$`YKDxH0T!i(m!-?01XS}FaKE*RjZ7Lvi=yyR%bUIaxKcQ`9;1EMvP++in8Nvs| z+Z5Ei;@;~dR*{#Vu6mh~ND;&Td3v`=A2!x?f$07>5nXa>@Vi2}xtpT7doBv2*e5ba zQ4+k^FKf#dGuOW+KP7UHPvlbBE(9e;Q}I3?RQ)mJ``l_{sw{8EZuG7?j-Z-2MPS}m zcx;no3Otv;*r52hV!<0F@(GgH*G-J0i7A2qOuhk-HLHVj^I7*`3 zDog(SgdZkv(%oGKke>&9F7OeI44hueH(y_-`toBp{?{4)UDPJ@7m1Jg_=kP%I&ERa zB~kUTPjjQ%7k%xzRB`p1;iyN-Q1D}O?+Os7^I?_yraLa+6x!|)vh@#)SpPn-{X;ze zBeiP$Z`}LN-d*VEThjlgWBqiuAq6>7a&`t0kgMrq4pCZuQ=zW8Ggi;?@Uzcs5!D zsNOI4ld&uY!Nt^wigXS9dxal@N@AkJ+;IKT@~w!xJr21E-)R7w>}iKyI9IdA@t{ee zTLOr*-?kQ5QSHHwcCFq1{HE6zknV4$qAXcb7H?cSj*#>&u#cYKxCt>Z@5lH^um6}+ z+ZmM1sER`MAK@FG9vM7bG$agB4*paHFu+r0-fY^Thmw|9Y@y=POraV-yNiwV@C-|; zlJhA}oztnL!~N+>Qcf5oR+7|t-r#~`8{HdC7=+L-G&t4!87!((Y5BT@Q$UZtGiZ^O zk(=7ydjZP->P4fEpF$cuzRDC^mW~mZ(uNhs!Df;*e0XGaCJP(xR){lKp~DzNrO%41 zt=_+?%G+xquT>DKD6HgE6yQ z9#Nnn?dns4cr^_hE!uljE>+#0aI|-n#AupeY!|gcS^t_vQhnBTI_crCHNJ!;vDUV4 zt1M<~N=IP>TC$i>eM6rSL6Qe8uhuX@pyq0r288*pFyZy~bQxr-)aiGDk{G{0D=Ab< zr-B*u3q&yj9=90_jf1nO@HW}ZOxocJjb%?lvkAP+(u|h};BT#VEeF9ye~F{6t7bZn z!yPCKM@`Xj161cES2v(?Lvx@S%UV2XRohvmMtq_ul*Uz9bm*?pT{Ds>*_U#WSo^Ql z;VHME($m-u?*vE~X0n$fbNYol`@o>6Jt{X~&b@T(+#+LB!bkB#hp$V)(Y zn{h^04Np(oMJEv2{!lTFZYe(1g1 zEEEMnvWIev@Bcr#-l{8(2HFP zD@K^MKc1}gPcJyckCmv89NsfAB{gnouF<=5dq_Vm23ts=N6N1(DZ@i(oLyA2Gw zOBgL&II+PM8W@6!yR?>#w0|ZOQwvR$&9pJFCAXVdr;ZUy#Bgnr{HVUKFST%H%PWLO zmwPl!ue1Lz@i~KyGx$`FskQAPsA|2acpmvD25~%h6{<{oc!+91S@-wqhU_vCfi`27 zQcvT|=s1i0^OX_}CW1x#NVs9G(&i-A0sw;U<8TyL)3Lf-Kup(|Hzh{ zbk?4vz(;ChL?*G9W&%?ke)IrK0M#AhHbIe9b;S<9!piU{u%*I@Q{^*+;5W#4MLv{G zMOKHRAR*GE$p1EXzVD=}BqulN{7y(w#h}hwBroX07$bmIh4;sGr%4j`lN$Zf&veCg zQy{PyFb1r7FS{^1pdrih)m5iquEir%WKAgESP%DBjk_SbV;TE~-%H)cB@10QJb(~R ztt2?NG}FFw{t)mU4ZtL}>Tm#MPu6-^H+Y z!UA{aX_`Am=EM}UfvXi#D6tiuI4uk_74`>6_47R!j8EcHTPTW|f8WGdM^Ja+_!h$= ztHzN>-9*oIOc&0!Qd@jki?U^I54F|9db`5x^tM#nDMpghV&7sj|I||3M>4a* z0bK20wp$7{)&dDK>-672tN?R1a@T=UDQ+B-!A(%7sFty4l(GmT>b3{vV)mjK5?hG^ z@2j;kUO(SodRohLMZU8s-qhW7Ko$_q>p7-~g^tO{ko1%An!c)faEk=|UrGMm<}<(g zldd@K|;k4%Qc<832l-VzB#|tFux)I;hVTc&_aGFud`5RptO^#os;;y05jUmm){26=$xArwnUk_Qqp?I5) z=ZIIeClNa>Wd&}rtG|?a+mHrkibxao^@&s!6#kL+lhUGk#`RQS%6P#v7g8+5N>VWoO{Jc(j;hXF!@oC;)*pVb^WM0f)V>XqTPam3g3 zWyVdEzsWVWeaD~GRE$;mF>Ahnz|n7TsN307%soI+A03kbMkR@geT&bZ!{NqWz?9}& za-j*Y#&pT_z{!;62Y4*UtfkAYM+{nO`hTuFwJn|v9XpT_k}61z{A%MK-Vd_Wm1)&W zwVcNP@DH`owp>@KLa`8^!+17f;cta5yjBb`tQr%CZWH(Y_pW+u+z9)|5|#A_dTru* zQuB@`)Tyk%H{Eg9RPLGI#b@Vyp@#PBqM91%xk7tP0GHgRyyk`@pG$1Nw0f~3UzFF) z8_5P>#LCc&*fFD)vQ+;FKOKz?+bdsk^}ymSz$bW*v&+4QINjcco>(t}R!}YwUi!x3 zIm6zfQsJvql31m`TfK?ih}wzZ&T;>Kk-|M<2s^h(9xMAF_NQT=`I)$$SvViW`8Tx}ex z6r+X5d#;U5Kh}TY#NcmsTSX&~>%*prkFFp@(*D5IY`|!T!%FLT-M~h%wyTS$0Y}X_ z_xgGY>aS&2(k**@bpZMgi8EC-#e}|85`^{lC6ar6&jZ60pDG!e4Ysj}y zQd%0C8>G$gvohXk=(e-Nvrj$b?})CB4&Skto8VXJ+Twi` z0V7oS#v5{JkyfV4YzGsmfx zX=NN>w}dYH3sJFDGlXDIm^M*p4nbrZKpHe@p{9~%jqSLPl4+8Id^=gF6CS0+?ZBJO zAL5JDd>|GB8AM``F`r?K&IT_~~=OHV3wn==*C{0nY!iuSer!~RsYhDl@ z`v~EzPuxKWDszTLAmeThsBW9?-|*9}%Zz95u0W7PFv0qA>?AU2656}|0|6t(Xo%!t zG;QsD6qN44)p5(Y4eIaVB0#B5a7QtVXDjcKb8Eny+Km6Ef7KqPaCrAQz>`U_vZCcD z@%FAjFH+KcN8YdDKp`_gsJ8rc{p@?4!q%IOqnm0TKEZ_)y9rrM*O}}tYelIDk_{vv zT1=PK7oV}mZIpyRC3UM=3Rn8cgQIIkR~`@s2m$Z=;ecq#L>#j0w6xXFx+)JsF#G&p zho2Kq#r!Vs@9*EjP0kIfB5t4e*J@|DpKd?T%C61iDCmdzBcA3hk?OuTes zX@Na|Vd8_GC59pQt`{K{cGDKKK z7lN_~!Gri&A-KBn0kte6p(Qj}ibzf=^5IMPon@Q?H1!Pl2T z^u)o}9r>yL5)_sJB|KYdFy~L=&`IRTiAZgu-z{idcv*Ztzn zz)fTG39<^97enT)8>UbM$0xyVDeuC~TMlCh`|}7-1k(5TuNf_ClZYBVoRUlkJ#b8E?^!|l11$N93s^H{l!^NzRC3^Xy zofRmHlWnkdQ|DDJw!*#Tf~+tFH5R@svEDx_?sL8-O*67PLe_t+cb=e2EhV+D|bC% z_?XVO-?*&yRS}Pg^&%N+oC;sA75*>@RkWg}WE5=~`0uqTeT2m3FZ)vTm4_jkz|z zNu5FQwN?wBSJt0Ne6{HR;1bwQP7=M>k1txFb1qF@{mEqYBnpwlnu~)d5ISz#VQ}{) zqMxpcVdE%iPx3v2!T=a85SxM?k>>q~&ZdL7?2WLg7EuX;8 zQ{E4e`l)X|!cZ;DOOoalGk%EDvgU-)KWI-~ehc6p&U0^Tt=<=A4{%c(;@eY^v^*8_ zNnKg}!PlCVeWfoZYj^7b;U8Wm7$o2XxYQ&&*3?!LBpA&q97YH-nW3<>iZQ;f8hz&g zpFsL5_G{P^ba7^X;9>ss4_=(Z0V;MjmN6u}uvyZl2pi$U%}UcyXz7Jn_GI}dgXm5k zOrQRMy`L#-l6y?@*W8t8tk6h7W*E#HQjs+2UA+O{8eU;?95->0$*ixsb>T$IT|FPO zjC8p$X#`+tqm+s@HNxN4oiTjv5)A)F{ia}DyC@A@kSQB$#+=pPBnfHYaN0-=>%t1T zM6ay4&8N98CZzRImo4KaIy@y)D#K64;dMA~vF_5V(`SQk_Z8z;?|BVfRM-9D*03Ww zMB}Y2PhpDqreD!VteW65b!eZi(lN6noCfJ`gl=-GIUy)A<4t0-!Uk|<)67LrcZi4uBpPK$7@dGPWx19|G`V#AI3^#misW5+Il-}}}o{?!LN#F)b zXu3-1#7X$|m&aZRo}5G-_$}{#FpGsS@7hp4wyMAXcfPrABk?jD{P;&L_-UUg0o_gS zJlP1VOhj&surrk}i@DFt`o|~rKbby2kH0Q%(N3h&8Dc028Mxe%1@*ka=Q#db<6m-G zT06TQJ*7z8Rs{dhTP0i)V0nF0Rm1msa(+U3kDJ>!IFrt}M;*EXi$>rs?;>%!U`O^u zN~W~Qd{CUaXi$(%Oi&)9SK$Hn|AIG|Qd^i|Tl8OgTn=WyxY{_`JX4tUNhqS6nF(oB zsqxG%RJfxH`j{^H(KbK(=VuLzpGd?k?d(OV-_s*0o^c*~BqSty{b9}q86ctqkpv@| z$_a>PXTwc&&l%Drk&jElDUHV03$d2a;!tV;K!!$ovij7jbWC@_Q(n)SP0v~xMKFJd zh-#kak31kFeOmbwi0%5Eb9na?EQ|1q#iD;XWVy7u4+L938)>y2asPG6Q7-ZA+X63P zRt}X7((e2`UP$dJ4%*r5;%s-z67`uzc{-$I1EM{?%A>j$0@;j=X(exi4d!+K#!UJx zZIrFFfjR@;sB+9*@$VR$VHl>xchMUE( zTK8{)?PTibSK@gLVZiyp_*%K~Ywe-gA$7rNK7T>{F+FanL42b`SKWFMM{6w=#0Lif zGV_WOMg1<5-T>IXTDLJ^xOCP~ev@0#Ou^SCnNOntcxX?Q9o`-|ywXGKQ(+NOEhqa+ zqx9V3S;wNF+}r> z4=DqH0tQ1mX?asdyqp*XS`_6l>y@@zmwsa7Xi65XWRtMvtfE@UUmIT~R58-~T!3u6 z8I2qiE%zLK(c&Y*8xRy^WoIIAg{YP?iet(b);s0am`}Q?BMyEY_7JzEd~y-=J^@j<(F9yf3ZRW1jegDCAG<~ zmpS~eGyS~hb}3dJ-+{Q#Zvt3YH3V~iZCVq8LuEwI_hEcW_HpAIvh_^caBg$DIPr7y zxzc(TJE?XtDu)aBzhK3GC}Zn+E-jeNA$8=yp)AHKSOjTG5jn>C%Ld`0^HNSB-A+;v z*e%25D)Tk)Mp)yD`u)qJ!VZ6^@7I*VM7zZ&J@Ttvx1e+U9;vIKtNi@f$=5ZugzdgA zwp=&_D8ZR#6%c-svWwqAP#H(Rlkla?nNw22GGage5t<(J#>0}*!Ny{iQ9dizwy7Q?Iw$f^l57NLy@g0R<^we+E+9$>;YyBS%PGDWu z;b`XK=K%N&xiLIC2`?wc+8czOpadQ5u~MT`SBr{;hyBPnk&WW>+~~2ZP`6#L50#U;J3RO1Q9H zGcGSL9XvJuD!BXj97nm*W~7w>%Xj4)G7C&>-jMduGVqWUsUl~1knHI>csr9r@E?*(RRI6;HtdbOt^o|@to4~niyrI zk1}^pb6(Zf(_@R57679#Gg`7T#sO~2Fn9sl8))lUSp4c9mq+Z4w4ip@cDTAjLx0ZcC4W=K0PRCUGS^h&;J-r*PhwHbE3Tk}4eC;$i zKx4Zi73t}T-{ME8>D}Th{iN;$leu_dfz9<<21aYSx#vL}2M2%74@R~X#gep$9#j zar3%OJ{QpEzy7A(UF>noE$F%dqD;IbgDs}u0-&l@U~RK8ojT?MyHPz7^5i5VQwOC? zrR+kiJ#{>Sof$JPugoeMr%8y7wnF%F4sq<&roTM1mXb_a4h7}YEDR9o-TEkL?8oM1 zUd@zvMWu+Yjw<0NEz#btgEKYNK%FQQqSt&l*X_H(PZfB=40D3VMp`%(tmxqQq=|3j z7se?~J84+8N+g`pOB5rADwN=t?Khh}7_XjKLFO&~5tR<2@TiB6*yFr&`N$>P+`51u z3LsY`mMpHK#83aFZq9%`Vk-$mVnq`|wYTGw;Q#%G9=!i|^iWsh1IQpKhEc|Kb;vqQ zHk>{}o5&ysQ|`(khF7h8iP3A4!Q6ohWdMnMq^B~R+eydYiAb|9+(^CuBI~xC-v4kp zolMA*-voR^6F)G8O87k;roVsu11=jFRZzSr)`5|ccP1)4V%$`iQN)536fO^NmbNHW z5B_Cqiu3JwQAqy6aqeaZs|D>xz3%G;Uk^W4t-yM~^+m#q@slg$aXHJcki9T7@p$tR zBEd$!l-(r9?7%}c+k>Je)b=FJ0!QVla4IbNOxWB_cpaRpmMqX9&sRgmI$0d#W>r>Yw+*c^eUd|AQxsOf56 z5|PEZNZz-(7D;9CeP?os0Scq=!RDdAq0FBu+Ld8)_Om@BW!EAi#xW0#`OPU@g4#r) z@s_eWmX@W-n7uApsy9#uG+336swVq9YSa$WwN2vvRm^T5H!Rx z3n2iHYgtRLTA?L!`QoUR^(sCGjoFq@u^SYO84E#s&nT50{WH};(WqPH(!y+Xb7&W( ze`Xqmu@m-&lIl4fYCJ=8@HP;FKc1Yobyni#)g=GbxY*2$XVXdKx}>7* zBJNq)X+SyOe#m-iF&7pyK@ho3nG`UTWTQr7=h-+=6c=H-;#VAJ=lY@8z!Ga8>hH`o z<_KN#%H6Rr55-`Hgi1v4sC|&2)oHfDvWk>ibd`11Rt^R36oG~hLki&Mo2bo7qi z?lL64o+tF|Uq=kO{_J!4hH>TOIe!9u0H+adnL*Au=C3`;Qd#17WNAqe^Q4^im7U_% z8v28SgW@)+N(gEUjpamzQa0n}HfKuNwmPyrm(;AbHNGE7z@Ob@c-<@!9gp=05gE9d ze!cPjX|6Ou%xf|DS-##KZStqVXSL|BaIRGLN2l%5EeEo)5t=CavW|~Xy0tmZWjPDw zfeoe8z#$$>uX9Un?NAaLWuD%Wn3_%u+T(?iXrYhSyZ`teWMYRgVot1b_2c{*h5A>y zr3PpL((1n`Y2%O9g>c6sQ~+?FfsGnx@o?gAJA&T-z9X#NLJa|0)7>|lody6Jkg(%s z(FI9HgHWKG%06_`7i2O8TUxXDi@W-Nk2Dtvf`wE+PAHYf z5%(ON4~j5IlC*F8uPL-=`uEd$8*SbzZ)&8O zTu8L$pnX1cWgJn+^lC|(@-0aZOIg(4cK#|(ok{!;1amb=G5%+W(lcG9G|-HrF2>hW zx&3MRTRy2hvRFpsEbJM(@E`Sa&`vqKyZy8+gQ?tw)huUbD{pZXf7mKr?uOf8+7h)8 zDb}(83X#eCsi0WI?;s~52XH5Q#%>=j^G&waFV?+pTmH&{TcFLFPHU6%!_!%RCKbR` z#esjC{@dmqP82$z@r3`iA=*s2@_u7%5LnD{GWyc%Vyx@1WbV z+G~Cnlh?*UqWOqs?MWv)xD_Nj6ts?g>2+h}2D_A6W;uV%18TUnDpG^pfCfHEn1{5H z>b8kh@1(RCtUlD`(3o(@%S!>}blb9_USLb>KTC;PZKsJ=bZvIlxw#mTO7^uriP50Z z*0c2|rd274-^Ds1s2mQ)&Ewzuyt7~R z>gIpXy0cW{+t6;uATpPf3=~V7DDY+UyQRE$KjGr?mj=(}<#A?uxdAK`_+Q#TtO!e& z*&Jf9_4#k4SUEENfW%_T1AjY6kxH-`{jr74^?Bjf29)SF9pp{meGxFHTV>{#W5g0d+>FL>}ve^>?R#W5f2^`oZn*yPfc3*Dfwi8)m~=Q*Z{D>jH+0ug}P* zal_?2ONPi28DJI5x-+hpGe4ZZ))zn5YL*`2S@PykKkp|iCWw_XV!<=Pat6g6lYp#TP=%$3_w zw35Z|`DuB&-s2@un>h^OrF+Q0VZdeT5Xdn&4eg;i^nU{qfgb-qw~A#HhbRc7M$U8~ z$EffzW6AIO6iv$k1riv-!b@{UQZX#Zah)_y6_AU&uT@%Yfa7Ci zQ_z*po#OTL$kXncQ{FC*rh63deciit;ZLzx<&e<^ik$Y+71~9uRnnaO($&PEyZ`#% zcDZ`K@v=6O{c#FxGYPso-+Tn$bY`Sk9RBoFuzZBx_R zR!fePOGST|rU>F1^s@WbDc(_cevtu|hQVXV8JA{$eq+W&i^=H~Gw2;q2UfmU7HOHcDO|8pPv(Gsb(r1K3%iJx~!O-(oAkElk6^Tl@R zXlrJ8eK7!yE|>Hs?tUZ3Zd;_1IywFR*E{Hs0USFTe1!UF|- zhfO`aCL;=}aauU0QG{W9)M9=YX)bo*4))LNPEO8R)9GgY+fp1Vr>Lss;Tf7ELb3P& zG-@lj4>#4(0r!6E&P5$vZ7NFTyQce^lRYl}TRzm8r3}2cfn9-{E?g6n(ebsiZ0fw{ z)DfK?$y{tZ5QME;Z;9(ygkr0K%$yNf&{8ccc#rCD}+g*q(z@6M((y zzlUnvBU5FLLTbSqof`?X51M%qPMFumx9{In#9IJhUwgXxJshTXL})RN^GJ-I=>~q> zWdQ*HD9@nt6*Cv#K(+1*7MmWvg}8gK|GQoa2totSJF;UR;P{`uS>JULxJTXtdXt0# zD>g&^L8tk$jg&0};Np#-t$`|W5KTkC-T@p;EMA_AB@e~HGsQo;0_A(Lik+tu+EH@S zx4qBHctr9Hw6bjVd?E1#A^;9RtGCbiG$D_UOZ*Cqz5>;5Ibq7td4g};RyGinEUXk+ zN^ict8|?Nn_BM0$PVhsf|8HjVjp)oQfJjT1$(`n^v_YMmh?r?O&Jk0|ko_XUdzz6f zron3uJ&u7}Fi8>{1wuPrk>AA+{$oD|PxU39&{gieJ}K0`APZcw1zZ>Fe|e{Q!HuqY z)mK*B=Iwz+&x^WWkNrNim3i2lEAY9)g<^&K>$aEog~jFmy3M1II#&4AU%%Nq?ue|* zEhdv=I$Q6QDk|edtkDs)Ui@@Rmmd;O+pzzFh|b=b22I0BPoB9OZ1ws-yxcs1z&D%w znn6NU5PidrqokI67nw{QDnjU*FBNC43<*iXa&n^(UPKf+IwW2Op7&^HiIb>h_(xTn z^+AB53_buEm&fw?p{^mcNQUmztK%JR@d{W8HTGvife5a5;%Y>U>32!8oj73HK9plu zTQ+6Mu&RriApPUVI(C$v8>oi*!NG(L`<|_}_m5s>>P-%Ogk_STYF&zLXXHL-& zYppAl5E--WRk0Bp8o9W^?=CPp#EnX_|1-`#09TpBG6WkaR@Bt7+UzbpB&J{h976Sr zhq@?x)VY}fd=f!0kWEQC&%)%UY3up~LA>ufjN2>nT5Xi?M`C`a*~NRI+OqYQeUzA8+6tOd2>AqCCbt#$t7xXk)sq^yf)XTp!p4um1mXP z1bXy#Mj`XfdKBw!Eq)jy5tj2<2 zrKG@$P?JtX6)_ecF#xGa)_~6!YfFn-lQy+oTA2VHI(1a9-5##^gfz~5@P+8e0R2=d zHK(JYuodKAvP;{)eu_U{Iwag#Ayhw2jZtrmH}0#=A13j^t1vLL0bU3F2;8X4Y9Ps@ z(wR8P4Y22X?=GjVJ}*0!rUPofl3Q_JJsR~AU@VGSCmC=Zs=yV7L08IKMK=6{$3{2? z!fkQm)R#4rM2fuZ^=TLHH3CcV1?XbJ zQxwVnhO&jcgjZ|w_vbNp%RZxbybo7bS9+#_#$qD=7e+%jexWS1DzKdKmR}I3z8{R? zqURvlEFZ3=QXqdDD18}m`d;*7eukAerTHZ3)BXKWaj=HyAcOyFQ&7Wg<$5-G&Kx1!?| zML<6CE8b5tvJ!{Aq0I8R?j9ja(BPZm;)ZL91up;p7GJ!vq+BX2O|Z}7G1jf@Dr97L zqz?*bQ$!6!+%PZW+DwNsKStjZF?r&hyDg)9_vmbwKkf6Uj|RW44jm~Hc~TRpu9qHz z4=Bz>w!({H+nbcU2^aD6qxs#>t#|rx;zKoRi5M<8d5K#79`sbfmsy5>+Ec_+i9ued zeS^!kgb2JpR>x2tU*_juZ<_L7M&43RtYy8KGl%n`##?L ze}G~ezT;87HVLAF4mcis@3jVxn{YB$`ml9i)tuq%C{SQMY87v(~^k7K)dEl zeqTo3y@+N3kQmciTxn?z>LRI{GGOFp=|?3PI|8@oT09wYi-?U$o54*#ekw{H^Q!$ z*3QG;i;iA^w$*76i8u}2>0QMaASveTtXMs)d8u0md!NUpC4Sv~?tbp(I+2N%8FElXcS~C#!$$#lg21<`) zkg~>wT7Q__;6OM(&(t|yhZdX7FziDpKbRw_?3z0b(ZHrYClwEu%a@f@eyrcH=ph@^ z#GZUR*EEq8h7GFN%J9r3E;@2nrJ*>0iu~x_t~7zqPft&m0qgF@T$wkQ*Pb9grsC1O zKt)en<^f5UBKY)i2V6ih&A=wn7;l&F_*=iCPTOcS!MjN!fS?t8#YywQ5c%vW@Q-*# zpw)ytS&EK)%ds0P4t&+1zhTXa0!Ik3qJZW3uMZ9-uhu|1S8RanaCyZ-a0*XHfn z8!^u{4cWW&uX3D3 zMIYmqXw88Nb{|*eJrMkm{1<0lly?Jb%=Z%?dERwsl#3AG`Ybl0mCuzQYQj4uV*qJr z^jLC|Soe_t&(*#)SLF-N*DuTM2js(qwS3|hPzFYe z`A@5Io(yL$WjI_%gA@{vW@|Z$w;mGE%gqfoIxc1{643!oJQc1!$;PfxYd6V4+`eqCNQPG02=`0vd~g~2gL?xXv2As@yMyw`6JGmS2I(kkhK zGwU3CM$2~qCQz5#yP$c4fD?(s!@Wb6c5&7+m*cL{4?W3?PscY@cD4DUFTwZq_p436 z$zpmRuJtTj9v7MHZNDa~>Amhe?=wlfYzIG&*S+lN^_0kd#{qxM^s@Uv=47045Y(O& z#pe}(E4-QoSJAu%VW{DYd%y!wM%kqQ8P6&(-X<{VYV^6-E=WbIRnNHkWTlL&{;rsu z6_5zJf!`mQS%_RQuiiQwv|^39Pf|GhtAYhNyHiL=7HG0YM{uR`?$Iu)8jueBC6)cs zG%9=>-6qy3m&m$Yd{8LM(#7Y)gkGOVKq}m@SUQP1J4l2`f^GI0yerQKn27Xt`Fy@l zEyu(Hz}$J*WEM@K(6V-gc}_D2c&}n^lI8XKxlNasGo^qOh8Qais{U$+%p!sm$77>= zR=a#I=r{9Bkvc@<8(?!q^uVs7C_cV5s7srXgOgLMU+O{|h0Hf%yOtE^HnMs?ANz<; z8P<|bJx*9nirkdDTmD--@3?SHixm&}NUYS#4#f6e#AM?0b+j4gz$rzeVQAN+)*4-&sY%`j zXJ*`dqbDPV&t3PsC|x2Pz&`M#(bL`^s%TWV41I)JR2X`Uc*`N1X|;TwtFCb_;CCR% zd0eS)9L+QPEO|atrR*v|*Pw7gqTU)dy35m@jjjA5)>tu#POMh!EAy#Ac&F9rtvRkO zGZVGB{N%Cxr0b+qLy_fHdnwm2U?*kd==*nWX85?7R=JW$1dLR7J)xBh`L;Cld1Zq} zAJUDh3E(Z7plor#X{GA~QurQaE0Kbij?Mzrb~+M-DX z%$k!!%~ZEZ;8^uCiqPdP-wV^`)QISBC<@kPc~yuDqT3ONRi$?krwW|PUjb!B73aA_ z3@Y2ahB@P2j}wDj17X){uh(zE&!*Szf(j9WD!!GrlCXHlr{DXmOD?&BdwrRAW)y;3OJPkNK%oWH>}!4nR~60w?iHrG_2C zeiR88yt-#{aA|_cbJ3McU(N$=bMfzJ)700pP=*bto-s->EL?e|uZB*L&t(ipW+F!e z-Pl7GQ;}q?r%|o42~ansPLjRWJ2=$d=tZh0#m2hee>YKBRAG+i7qur=#!aKGH|#TE z9|3kZvmUgYT79N1ldDH(W5gj?AJlNvYF~`v zbYJ~M z{qq=Voc}4bFiAVf(Kkt%!*`cjqKL1z=Jyhc6Y_R?*wj15Tb!gXS*z1{g%aYI(++)9 zxd$}##1)3i45I&3x-P`<@~#+ zSpxCu)KTjPKFeOs6M$UXW$P`Jp=CJ7|IZ$ArdLIYq!Q0eme+(L?)juGBBr57Vk(tA zb^7~Q-wHD8o4ir^$6|(+jc(uD*?l+kgH|VSWAl=s0|=Ixnb~;T*~K+k%p-EUZB}&! z5*IV(%*nx4)J(Ti^%!6wuu2X-`HAXbYMao{XVc+UTI%LhhtqI+5e|G^9z zVq9YT%h3@-&oh=LvLb>Z&P0Wq0Ql$J6^|qtlKhDbX9IS$$#oXQukr&Tix~quvLJra zVS12}ZI1Y(%T86_wJdibBT2JK6RG^5R>IAKAkTTOB+D3cGM}mdb#B9=5?Ac}!fB22 z&P<#lBCzYnn8(JTA_IF3$H6uwjwdIBm>epaFD{=}(eLI7x0CFKdu70!1LL%!q0;fA zBSJQOIdPtSUEeZV)PcD@g#68VwGJ}dZ8=z^`Vgydqc;vsmG2x=O>S+y^)x0F)Cy6i z^-AOl3RJ)X2!}xFuI@MI`SbJC2XyvB){lCzj~Cc{SGPX^Sv%MUY)3JI-o;~0b4Ia# z+$duH=)WbJte-7Nr{aM;*{G5Xx`@V{_#|A3UtPz$O}L8p$J*ITkBL_0 zj^c|yV+yF#Btn%noL&x4JdmDeeT37XK#PY;8&|@;yVj)$JBYLTmCcla{^B_bE4j1oCc~ACPzygcwcInz#xo0>d=g~f|FxR-$q?`z&Dd+Z-Y$OGI-u=v(4FXaSlRgx&daM_Dh@m*CA+=wjYRD zHg72V&Z;NLQS#!k^~^Nz`DWk!dB^`^GAX&II)=N+I!}y#wxKyTn6dOL;1o#5Kw6!) z6A`Uyty!XChi4zk7nQ$t^2Uv!n#=g57gKOOnZmUTgQ29Kvqt8G|3gDyWW!*On3 zqN0f7?FeeVfF7;I`OIhYFZ1txWv=>bKv(%#7-3ZTYdNjEdP9Gr3LoG6%29HN1fp_V z3Y7d8l)UQF=gZ|ckEY#^+psMOkS@_my)TXYb~Qlch4~R;6E%xHXqx?MV!s zq07vqOY7Y0Yoy3r@qHTKR;*1^e5;_&wn>a%El7%{xks%33OShhc*2|BpBAYs%<;|? z!Fj}dnX<4Jw#!~#u#s-iTeAm6EC~RaEPG9k{ig?s!b)2@Np~vj>VQGZ-`AXZ)6E!m zu{%hH(GE<^Gf>@wbsk6I!a-_q$^tTPb6-lc@xr1<%sMmu(*nxke|~n9au3`c{%& z-L9Iq635J1){D?;2!agrH|$pL^@gFv^}NM~--py{^IzMB zc*OZ8r~D9g3 zrP2W~2O2R-%XwFvbgiO%<<^!ugQ-uYI1-Hj*g}gdzUCp5Gr=63` zqd+H>i)X9#BI%(YC``DdgiF!2s;b`KbSs?Xx8^sUj5n$k80%{tuDN}C_N+!NhF&iT_48m#LEbTpZJli0?J9@*MXIk zIkSN9J}~${hG&s3=Uhq%kKQH# z;d{7>dw!!_b3~B;6OWWu^}d|+zNAXrr{=#t9lrjz#&s+|{TI`n|MDmQ<$3G%S>k0^ zB9G2{>c{Js8!8F^-pTer!I9f8H^N@}<%jhR)c+FJ@BWJ`eMiWg7zs>{#}QKXuMQZ<-aSU zoims)L`fz@w&$KQU|2PXp!8{$Iso77i{rF|gK3c4^9xa?50L}maw*8at##Omk>t^} z(TW7l>F)5jq)bvkoTgk~G$!qBCBdr@-66(m@j`V`{9%H`#_xS>N8TeznpHBPqNl%p zSuckk%wN_v$*N3glxa@n222&|T70kpX zXURhL%#Unv<1IZ@W%KzC#w5PxYsw}=lB>%ZfqbO(vp3+vb!q#wGr#X=z!`WFc)_)j z;>}ZTU}PwNy+H?{-FSX8E&SQ+5>e>1vOJB!cKp(!$(LR_XYECTUhEV)#FYJV)Ih9! z=GaXvqcKtSh_v$1dXebc2Qy+%7YpEccSH|0q-poqo64psr5s&zCFTQaCh`@RQj+&^ zOTUEzE%y^q3Oqt#xzro+BXg*1K{^PFhFZ!UgXqcXvTAgYoHqG3h^%a`S>nngSh05a z_qy^<=hWR?N+s_|v=!rrrA_~>)*AI$92yPAzLac1`Pp>>u~ezpb7?anu)#8CT6DY_ z8;=Rh0ltiv&d&epYr&r;G z)(z-i-+;e?>ga*t1X#Gwdrkw_VMZ4@<~$D&G0AJ^nhqoDsr@O)h9#~)7DLMzA(^6i zn@sINduBPx7biSTdFOSGrml5AgDM$0VO|RiS5gq%G;lUhHh224Prv7TQJ2a>AFrPC zFOol;48p=4gDSZrB~~S@dW3fM&ZCdXi;&-{p$M6!N+dY^iGYEPUx8oQyRB>ZeFWXE z)8fZGfGhq1&x^}cJwZGUZ)?LGCm+^WNFgm@ec!h(r@$?YQq*ktgQdNGe2gz<&ge{# zYSn+_jv?4+TDK<8GS*1sH9x$Ik6|Gi#qf4WMiL)K!Q#+t3dhLsDUHf`a;4iFCSkoR zLqLR*9VLclWp*HaW^2}>JGbGOp~K9_G#27{YpvO=qo(;v_8ZW0N)`!D;DdA5o=<1w z$P)w-9}`b#%U8U)eh#-s`S^Nw7!17)2=ZlY;p}O*N|gShef+Tx)l1G`GLibP=z0KW z>nIk$BTwhF4O5a2V3hr)p>A$w0PvzK-)tM9KmsdO_sPM%N^5QHpi{a`ng%{D&!W96Z=7sfrPiB7Mbs$xN-+59zcPs6`^?~bquv{%-us;1d;eaT|EquE zA?&U5=k@&J<@~L!z~!|q5%NE8*jorw@LSJM@SsD`e+39s|JBt0*R0Sbg8DY$I{tCg zE%$CWzPyUyiD!de;hWCaH?-c;!Cnuy6kb0}??{xrh*{hmYz5``@4Y5zJP3gAsQw?S z-ZCnx|9k%)y1PrdTe^{ukcL58LWa(f?vj%3MoJi3q`O6C0O@W4=}f4@}puoQCX^*^V5h$g2FjXhg$8^Luyl&jN`xYAT*t@-DI==>y>QdODCCIoCf1@6ogpcX} z>-{#RhLpw%eZk2C?Zxs^4F>A&rnaNf8|4zrEBmelGZ`_+URr9T)Oi!Iv7^xGju?!_+R3c_w z$3e%K*ua4~z?S-&a?vKeS?~q2E`Em|imKGFJF64EChF7%wJ6@v#zZ7C3p8IXVPOI> zy$6qUJT81y{=nYF0NJ;(NR z7(R~b|Gr{AFQ+WcFxpOD33A0`G$Zkn0?YkcRzva#PRgrIV?^;;wca?ayGJ!_cVoF?wx``^cZsS#qC)-CX6m`j zx_rCl^qDu>+S+G;jgaS6g#qsV2hX71S)a(K>=rm2%lP}P|pJ9A>b-D9%;?y5DH6~je&ro;@;&XeRkVmS)0-2CszJgU6 zPNaG>`H>Bim^!+sXS5T8i>-Ei;F#t2?Fww)Es>YQvE>~*y~r+k37plj;zF9og0l`U zEeCX0%ta3RjOPrROhmO6K6+W2*Jix?i_;Dk^4VoLy15Dm-Rro!igW0OL?&TptYprtZK|S{YLB3U?LjnD2L?1=5VMJ|(jNBY zdwI-CH?-M#_&Eg64D@5TSY+pEhn;6dldV~zQ>k}r$iG)$(u=54uJ8;DNDsB2Sb9#f z0A^KinHW%VM}bG2YBHt5hSCiXyrb<(a4lRPeIEiJXC^jad(^eb2J(Wv@EA4m3oC!i zP-02d2`Upt9&`Fw4u=Qkkq`*N$ORd*IyRm9n@w~!tImdCj0b`(NDKicMDRf#PEbJ9AFfgC3_joT`;V-M!sB^A@9|vE#!X zom?%?w5ZUAYTob{JpX2-wj$H^_2nUUGz(<=&sIYnY+BES!)UWuOC>j!*$sD>;hIv9 zf7lvV4`UWvW8L9cpPkX7r3&wZ0z@$0xF&%LBpv_Q*a&Q$@|v~;9_klK?&m`%#CJXv z`31DNu64Av-Qvh{R-C`iJ|r+Rq=) zd`b(+V^8VBydEMK4h2k!KJj9{c`P`OJ@N`}PdgW>3C|zxTDc5w8vWaL^=T+F-}AA4 z4^FB}uPLGLgvLYWBs5;eFACgffT_8Ykh$a**RmD6)vtc zbGQtG5`u#4#6;dUP%n;lXhSP4s%jSnfq+D+U|G#rRb{EaHel``6;i#}^J2o%qC~Pv zw1yOo) zs=7pY$E_|adih&JEM>dfFc+JQS+BJg>cRCrGjJ@izO@!EWAw0G6^TBY*8D|NOeK$V zrDWJr^*5+DxCyS&P3xrY;Njun=jZ1>^@54BXD!hLG`JO(ju`kj{yHo>sv@0d&I5wk5WtQqmYKZsSaL z%j2T{g;Tmc?m!DRaK7>@k z0(N}Kj6lCpN;XnCgh;g3qR&qY8aK7FFm|2j!cq>gD|BoOg%TXGe0;|7MV})_L}EA1 ztv#2R{SHCkqbZlmue5a1x5>4h^yg7LyNHP(i5Qb`jj1cEa9+Z^d$Zr?QF6@K=f(ZO z&Bq%#!jcq!3zaFm)7IZ|avJ4^KX-Z6Os0~{x}_nT^>R^A3C>e3fojOW9l6;+X6-|a zm7LK(&z08{+9%MLPq`=1mKtl&xFBioAWXb%C8IIMc~F{){3qUHTp~Kry*RX?FB=bC z+;+H9ml#4$X5=aj(}}wmTcoOkdjw}(9PY++x3N}B3P~s@C=6#%Sis&j>#td0>#2z9 z=`(%&Hf9cWf~|rbqpIJPq-T>f+A;eeNl24xRh5FU^jUF3Uu6)nYT>`l#^H7PcX4?s z0}vKv9<@Q??^wWSy4}lHWfDEGqGZlWGJo_ ztm4)VtSS@73d1yyP&03BBer8KPhA z@vo;3t(hVUx_Xgle+zy*I$e%TM{mjrn0OCEkCpOVB{Nw7PY9d1s>GM-=HbcaoAz0@ z9Si*46~&GB)5p5<1kdStpb7NhE8Oz?ile!=kmEx<72FdLRYqTgBp4EbA8uKjOF|Ml zl;KFeHv#>qs-uKa1{+$1i?dd7LEUm&V6YC@_QCEV4ropzkxBWvVyK;9Jm({ZyC`Z? z_V6G{y&u9UIGCEGd`RxS_=E8&mVx;Ca-#r}K)Y!sx0oW`m-1*_fC*fP z2MDv#a@%W8R`p(_9E9+oSz+46d;|i42LsLu5=hk{vlT)}w7TG{DO#0qAtn(yD2px- zb!=awUs$iS%@f2{FvVRnaNlh-WHh)YW!Bo*?Fr*Wye`8TjLE87eitf4O8vZXJs~WcRcv z(sQd8S5hT#-g`9*ym6E8wQ@D;CmLuN+_DS~c6DyGBM&-soy9`28IGS{*KgNRiQqVh z5;jMlq&>G-^+iVFtr(vb#M`Mxf-v9Pj~h@A#tzg|>~gtQ1&&juQgYT*E5ip0(B_GKuVZWC;mD=5o?z#xP8ej6-0zK)!$rvD{(|oq)iV zGK$9zPjkCp>06CeIO9HR8pEoD#ldGkP$?ZJ8iMCGX?Jx5vU99s15&UAez!PK<7B_# zsczNm{PIO<(cqJ#E2gJcgqJcGgVkxq52Wm>9EgYzMp^@E`DdeZ^szOwkKG5YIbxbk z0XL^I0oO5@uc|Ty+ECA4v*hFW9}C1}Psc~wIM=L$b1L(~lCvWekLa>mH}L+-d~{IJ zDJsgNS!AFMFJ&oJH6u+4XvWpzs5pEa#bZRnA1w3N_E$D4dQsS};2V<2D;0M{cB<``;%nJZ4z6i9FrUR;|p*qKpYVZ(3Y@ zqf7#_z;jz9X?Fv1GTHZNUM=oujB@dmN6V_@)#<$WHNC69Bu{9DU~62WK9N)Lk6 z*L_UN#LWLp)ZOELh-NX9r8QeW1($0&A&@V5Z`(!DX9 zU;NF#NA(+@ZO5OmlBTZhKX&LJZ=V2yPmAtP?55o&*RG2Z9R9BJy*#)7N>Bh2T;#Lv z$6oL*HD?Vt*>sc^3I|A4-m4y?NWM3n8xOzhLxQZVw&qRU9=0iZZ-4NI{OP)y=sYNi z2ROpPX8;xPP-^`mad>#xE$GPf?tAFL+1dTXne=%dN;G}&EpQNYcX!gDunn5!i921$ z{l!D8q1Qf80H0zY^+f~5&jKkQ*)1&X+smxpK;UNNwuzDsdjHcupIA>%PXoXe0YZV> zN>9*T`oqJiPj9F9=j+SjvD+D>*)C{1t!2@2idl1VOj2|^^p87$3J%bzu7D@7^2K2WV0Z)ocUR=S>`))_ zaI~Pc+QHm)I-Ms=RgpiMFh8rZzi{~zDzuUN=*X=JwJ0PVJ%dY}NzfC8&ir5;~cV08sbsWM7LT(2E zve=4#;br<03sO7yGL7IoCjY-=Wqg1Cl7RObITAM%*S+aS1(u$XP8G3{QutqGC6|>- z$Gm3B&hVH@*!2CqyTcbAyw@Z669OW36t2GJB0+~z zO?qBF#JH#H^>S@DQFJ`*6TLM`Q4t064pMjDoC0yR>PbgWqns8_4Eo>ERf9GQ4W&c@ zr%2Y?8YgLLyo#MQ^}NHCnWVi{n_sXIj)N5T=38+}_#|FcB{Bs|XJ>CRW|S7Y{aja# zoF!ef5cPDmuJ*tF8t4aFpJqEtlKl8o*SBc2uAymRYmx9_DuHMLE=Hm<(%jCE3CB^} zV$YPtzoauLodG8kcBUWU`RlH`QbU=dN z#_n0sS6M*eLqI<2be=pa5p#@$wiSZDFnJ-kt`km7%u}!UXP$V@;M&_KZcKslve$wOB_1 zWi^Hxv-9pYkJfL)?15e~sIQ`6g0JTXYkDPM>FJc`BEX zQ*E<+u9{>V+v?g^>m3FrHLOs`Wj-DQ8{?J%OFh|yWp*`$kd;teH;cw0`Ou#*{h$V0 z{=MSRP#*dIo11C6h*FYkw9N^)9&3bMbIrV82ztV_u3qi2gt-T%U}IaZAD(*#OfxSt zrM(wJTcrQ=8ifYt5yg$Rf|mBqta3 zAQqS<)vcFT(r`I)RkuBf^z_m-6gU(8dHxM=#{Bv7R%Zqn35mzqB(;#^=>S|qZHR7s zy!3lzqb5V@=Fv?a9`wM1yMIicba^0bIMu{*eLiPMTlE^_?U6cZ&fDGZgltUu`ha&a zE56Jx>G67doxA1vFN-!;5?9PUSF@>wlBs0L>SOtyfF#JFaQT)M4Ux+4Ma#Z5Q?Pe5 zW_B#)rXd(n-Jw+ltg_D=DuAt9-QTb=3*boaCP&<>y$xcG#$@~w&MQ`MCKCMsVl*|Z z{1fRSuVOqY5wJg=Cyo_Hiw;c&siqon!1$2EZQ0yjIkuyIJ7%y}rPY%`%FC%XK&v)v zGMRXb<|A@bbBK>0?C(LrH>g^^jN=|O=(sVsiDHkRD1x;d220J}`+i9*vC1(z@|Dz!5Vta*nhTdGwpO`J z;dRC{2Q`vroiwAfw#bP2#}nZvU12R7sjumFI6-Jq`bwGK|GVkNUqjG-QOG|kyZnnM zt}ZLT-≦#owpTQ(y5J8yN{S2>~icbA8ZB`+niw!&%5gKXAK3z$yGh zl`o}#IJg0jfL`Xkml^e4K>ny}-^&H&VH=OY#O&yaV(aENZd!Od#C|;~c`-!N>b4OK z1Xq+>1VGPy`p(JV>n47H@7v-6+!{Qq_x=ZfC2s9~0uG-?&;ub^N?-j6EWg|mG*@l$ z8%PvVrwu^y7y=M}|HAELNkW1e@IU}juIE=-nijzIl||hIFu3uFZo>F8AIL(%gCc*J zo-*j0xq`75PqplR*VA=RoZfVj3)tuG0R-MxoIyaA_Pxs6=nA^KcK90r7aXmTG7j*Y zdfRmmX97Xqma_g#Rd<^YZB8j`O|I?%7di(XVKcG!=(-z;h z9&6Q}8b6cZ$eX}BLYk`*`cA6$%-bDbA2Hv+VpT{po3|IeS0O22={L*6FGd$pN!cn` zd%14TKL7Xby@Q!5YZ5=rGjLiH$V=GHGaNT_j z3>S5rK^RkV9xPQVWpWZxJ|uuwXc#J@HH;;(OI4+a9uNW1MNWvVLwg38_br{-rP!=* z2H{qu&L*3C@*wN%938pMJYdf6!a*z8Gikw8>TWFUFL(YF;g+g06R3~Yeb4sk3>bq~?q72Xr zUWcqk6$6Bz{{sbFFQB{ta%%!}q za-n0D`mas}uBJ35==>Us7B@9SH3#$e_N&v0N$e)uT~vzCi+0mJCp2ev^Q+VKz#lns zpcu{7j%+*WFb1{fO#-nx^JW56TdR)1ltdj)tWy{xfU^l>WSihDFTr)%MQ=iOCx)^I z5@zQ2f3~S|6eB3Ct!g&b2a6dunZ#ibD|C}Qw_{z?UhZBu6QzLx8 z((1hvgv(5qUF+y!`^)iLp8Vw5pyWMI}$f_w{L0?5;)})DEu2STWQ)3g!QW&u$s znzH*;c0j-gB?jW{O6Q-#VFe!sxPY?~5OAYx>FTfyV;GC22iuL2VZj3|0H&mrTR|t{ zBKn%UgnBELW_gZ7okolLD>JRuF^>k7t!r~OdNz6S6rC%huZ}1;Kbo?Z5=_ELR47bo zO;yh4Aawm)I_QcaB5+| zZaiG$rE7kZZFBmezksu5V}4YAzNJMZ6MQu#IlDM2mgdT;*2J5If-r?92U~)qv6C=H zZB4^;d}&QpsqIq9;w{MYQx3fs9k~~(&h$V%o4^f=^C9Kh9%0oXj9ASUE1JHRYg2>e zV=1V?9W6{j1jR7645kkD<;Iw{s3@zeetu*jOguZgR&zD7Ns2;rytqwjE?uwaDY^PS zmaXB|b2VPI5m7#HfmdV)(V~TP?-sP63RN-h)6&SByD(Li*C8!;2TT@gJ(rWme&gVI z(-07C<;FZQ^w3T-8COQi2onEk18A&R5#qp-^f+ zhFQx{M6sh1?(X{ffCgO*$>?2N#A)`k8Q8)d*?-BZ^uJ_KDZ6~(wyA#V^h`E^+{4=ZYDt}-4ZfWx0d~46|6Soj4o=6}bpED;(U!FbwJG*OL zNeViC0y&H#`vS!C`zNZ*qD>N70}$t*l9SIy&<)qU7kJhSuNVecWJh9b=7PW|e%af-0iSghYTmH1qr;D!XG&3wGLWLI}#&G5n`#MlMuP2-^^ufK? z&GirSZV%)jCjSxO%TMFpBfeb}+RA3ZAJQFnvZE)Ug|%QGm(sb`8?twg4>$EIu>7lZ zs^^+JpO%{EA=E@qX+pC?Gp%H%CgtbC_w|*lnfQe3xiO@Wm6dhx`-{=X@!tFK)z#H7 z`jr2vXGN2kR_l!tt{^RgAudxdnjg-u9Lbpi==d`Go_Of%!l`U+4A z8#g&FciTH^u3Qhi4;$9h?kNbY+LuA^BAT=*SL3S^gwi1ctKb5H8W7P9Jd67KS+`??Pqi$pq71 z7Jg0tMZjmuj5>zI6J9I?C}@9*HFx)5mg2(e{gRCl{m&pVJ)V(Mf@_8!Kb3Eh1Q{#; z3m=@Btzj@CXKIm^_-CP$+|w!3SjeLG9mZ-@#pLeA%$F<#N&&q@$#3|l z?EUWb99!F3LF{wY>?jFZc^uQa00LJNXPel?Fi^8W!spmx0h_H_2jzjPZTa`vu{cJy z@{7+XHYI$=NQZ*1zH;m_IHQF$@~ceIwiSqJ?wm$!ftcA$^$g3Nu zaq3tv<*Pb9lngZ5c9Wz&?ub$N;)MUS{H9AXd|qtjO>5Qf_B z;^4r!&%-rWOpb-LB)>UYN$Rz00&T9*I<~6KF_!&7Ix)%SRUkuKXIjTdQBi zZmX(A{foyE|QZA9Oh6ns7qB_hX&E8k5eN+k6{6Vc^hDgtE(JLOimn5bJ%xW69AeoRs* z{le5xqdHA-?Hhv^NhS&+R-D+|&Wy7ZN7ABgCa0zmB=Ts(u|pUGhbs*6U~$-0hUp&S zY$~BEtH8;uB70#l7IvXN-ij$}IeY_Ly*@YY_rv|G_@jOeRe9XdIXBA}oGqU8N8oKK zJS;pG33TD|bUn}3{1spxXsi^u6uZeleu*`QO;6Gj?;Amua^(y;)nLh&FWb}1Qzf$yl8z%|%*SO@t;V-`e5;TquohQR5GvlMTfmjDf)v;*m}Z6C!ik>m03G@@a%bpiTL6aL#W6!f||G3+6z~LQqdg1)*Eg zAyWxfxicT8oAKR`{ntMysiU%=CalI9RR3vb#U3jztw;wVuam^LF+m%EFvN~TNz@LY zz(8FG~CC6S6e!N42fUzCa=0K))k^5HZ?e`U7MRyWUPHAj`c8`aPE?=GFtCVCQANFPxkK z1-KyMZ7mIeS@Z$Xdd=!yETm6A=`+=J9gg1;Rcz+H{r)F3NhJ3i+v?5Jtt5EbA(>iWgd;pq2ocC|EV>L09{TEC0fXk^8TuZvJD6LRQK z9rn+V4ebnE@g8PG4kQ=K%Qj#`3s^ceroaxwJfBJ)C_gX=q!Hr5{DXD);RIrcxxrkL zDvC8r>pcVx4)A7efnLCoD?YlHi9`s-MjwdP4teOS6#Y(Q#worHOl&+{&uAb0-hJ>c z59<4XuG!Mrs)&Va^Xqu?IdvqK_P5KPJc)xIYGphDWJ=->&{7a5PW$pscOZMdy7E0O zozQ0*y$|iRwidL9=M#;eixeT)EmzqOuW-YLWdhtLg5@PMp_T%)<5gz!oxz!C4roKv z@fPapY1G-UWnoQ1J@!C0BL49u31I{11Sb~MS`Fgj+9bfP=2}s5JT&h;>B)p$Y>Kx_ zirt75Not?p4&ws5hEsHMzoclEWX&-*lgb-x?kZk=$6e)RA4!5o5tB7Pu_3D+O}!JXl==Zioe}R zf`jvE2v!IsQMja~ow9aY`Stu;BW;e2M0&nJvB4v1Ft$*W00l30Q~&+Rh>###B%;>+ zOm}hVK;4w~6!P)P6bz=GU2^tt;4FU|(LpSlLdv6!ZCID*XgK2xieDAd-qnK>Oiu<%zD@)^}eZQg$5rYjIIg%)UZa5GuQ zQgrTkhk1_3R0TFP_CgK3wO5E3M16sa-{#KaJttjacI}dEN4Yt`LjKMbB{@4)K#H3P z>U`Yo+DpzEM^=LT@bvsqOglIKJ%dW|3Y%NpMTuQG0v)e|F_nK*LB$3fu);hgtQ2zC!`9 z9|`94kq3+eUTO*9>nF~^7SB#2M=p5*{Q%HT%z$|Mcuw#rU`tQ%_H&68qjA>;-J6vk zUU^@f7V4TO{e6ku)*9D1#46O5gPtl{DNTW^s!xS~mjE>g@I(VW#?9-V%M74cHz$~s z*OW-gdK3HysAuKp*TUYpJQ{AitX)pR^{d<~pZwCc6|oj|9dM#8kwkEvTV$otUOytv z&%>i3u}LsUB=MiCrpebnBHKZE?E7v!!2298OKd^J_w3dkw#2?iO6V(S=c>UuT5p4Z zofLZXviJ7h=f7P%4B5CTwKlf1`qA;3HSH@ap_{;HVLu(HD`oZKFxabOaM)pS0m-jh zCGvHF{rbZZD)*OOaZ)ouwdZU#Ag`(zPgriww0cjCjRtSQEw*kWKVE_Xc3WL%r%kE? zP5n3a<(Z=KZX!#5NzGw5!i!)zqDcY_oI(F!@ftmA(YB1Nk)Z);F|k&M8R<=)P%6Qc zh}hVrZc56s9h@3WP ziWyRCR%ecn+hfEzmUYEM{g*HLnDF!}C>q~#uRP=B`-u7&Qk`#xvjU{pZ|p#;%*{xp z_~>4wM0JsbBdH&O@vE1n!WcF^PC6yu>}O1qnZ|PKtPP~EG%vCxAvRUKglcHsc$}eH z8SiFWAgY{E`}W{Z4c}uQ4Y#0UJWTyt(5CcM*j|lNC5)>al^H>`ORTpT=0LV(Xjw8p z!wy5zFkdoad9NU{tJtnjPbW4F9C}{WcTh8mvOj`4#$#6t!{!J?r0cO;tZVa>mJ+PA zS@*H;s&R5moVo(bHM0@3UUaDo6^=@}v5KMTy!AY(M$=5GWi{+<X8ljH_Mx zPU!B*p-O0aXzfva&(%0|DG;&NsVgogd#8KLE35B+HFS);Mt)EF?%zBQzUWoW@*cUo zk(1K|g!;Nfhqd+DKit30Y0wFD6&RPtjsfRKs3PRoISo-n!pMgKG+E7_$`%vPwzk@)q~J_l?m*O)_WQC+~ANdR^t2+$lIP-uAldys|7V zVSFvh0gilnO~Gy0TL?zPSHB1yQu^p;@lMUi(h(+UV$pHN9+0^#nn%4#l_arCH28v7 zjU)KV3nw84DulgC0V$lDOIB!D7H7$yqpd?1;QTUYD8qcn=6~cCr;Zu_CQ)Ml^fk8E zZybiL5>m@0^Sh45TSY0!H>V6?>tUelk1P*f(nQE&CJ~U(SX^iF=oQL*MfP! zKqsJCe{V#vG22_UuKOQxRqQBI0y2VBXssy#Zvdv6fxFCr3=RxFub(8>qJO_Wy*Ur3 z7jhM*bxf_A{})${TBT-$e~-|(N&lKsyzzT%_FzbB_Bt{I0qVx%KknX3 z?z^>%W^;VB9q^OjeD^);;cJ4|sCVgVHk-qZ1oG2tSyrl3x9cqEEC5hI0)Yv0+}9OA zW8b(<*zmPy2Y7BC|5c@8whQx`5f7$8G|h*-k9WQF&hMoSuBPplFE1~Hj}`8^uRrCF za@PA*wp^gJ&!yiT`t;tdVTkac!;Clk*rv|SkGGA2X0uV4Q-JXkPc`N@67;U>4FSo>k;8dZ>xjG#D(%hrw74ly zpN)`-J}cADzw4b#AMM^&M__88#o^BSBL6bME23~7rAwA4z!jMZH0PcDT(#F8_nwSs zkrd)C(3tjhFM{06lwB)bp6tc90AqLcubI4J%Un04udy;T!&{La2>XXe&H{|%9%>bt z(qed$6V}It0Nh3lBH(Y8exHh~>lWEJmf`LBO8RMeMC@vcR0Eri>2nkh%6J|z|9UZ z$&nFuFQ*8{4S)jGK?m2r^JfND(NEP3NkP_cg^GV>Oq^(~Gv4$C=t<&QI&u2Ub82^$kaogx*8mz9`Fb1)wr6N%F_(d)#zG|0 zZoAcjH#@B~WVz&7;K(>8A!P=JS`&w-k)*QBv5{-ed;w*b!?2aXde2p6DhK=Rc{>%A zGV^rJ=kQ%kGSXSVCzqF%4lo!pe061hrWn1c3fbBAk6vSnZC}%#E)&YDut75oFgORw zI%lbq(_C5s7Ry%qxF1LE%BrWHucxYkLH!nj5A|+~x5nIpu~~af;A4)PnG@8wn0%mK zAa|7a#>PzPzMAodFr8MOYOMZoR$Q*x4Lb@g$T8CmT{NVDYJ<(e&DR<;8P2!z+&13G z!&pg1+-*ffB$3&y+3&5STtcJOyK!E8_`146yRT~{FFLQPu0$+46mNXC(ey>yamhID zJQOP}PqH7bvLr5PJuFOx4n<*1L#iuNYDU?OP57dmCo`wDYm7ip3gD$1#MSc|TIIrCN(q{+ zzLyXqF?py0hOF~2Ufte=t}PRsp%jLu2^yB6Gz7IQCMX+~)kSLxeS7t4E9EG$23`DB zBg^E4y_FSFlfb)A6Ou-ehyKaXXU6(*WigRm*zu^BBQ;b%KTqpbGhaEnhUG!3T=ZD; zIa37)RhrvrWqeGO75fXRYTpu>?h zkUBE`VTL}^p&`z&F%2>o!hovn)jiSHT>%r-du?bQvsw#Zx@WX`qshi0HL@f2zn0|0!c}-R{&V?cd4> zg52u&0tlD!T`%Ixk(bOw*Q+q&iS2ZqNt{@zRcdtfSQ1;sS4zw-CO_ENq3-gxW-OzC z{Py;l3NJ&xyxJy&3f@0IDbcy&E^ZLtRM3R<(&DnIv^)Ak3#>D~A+I_|BIaU-TsLo+ z=ilhie`&$+c)eT7;%$-p0M?}cd{bT5mlKov36&1yiW%?>mI{EfMMXuw?;VAcK3=k+pLbJMdSwV*#vX@_(k);1!Bt0I! z?)3+ZGI>i+29k&1Z_uK<)u(CXc07O2?R8_R)EA~(W-VN>ofys$S13n{AtWB^zDuRpJXkoV#!~y7SMJF z44FL+t3Js-{+Yx8Ok-!jKpC*={OWssAe(0O%`YFaivM;^bE(;D#xi%VRaDdwywai% z`6^4|+uN!FdNR_G{GTN9k9W@NW~6)7vGj=kxX1rzc~+tSVbu)5?V!67kddDx>SxOb zxAChH=^WYC?Un<9q^I*8B6u+$q&vZe>|^}#b~1(U#pRh-xuu15#hKQxU2M^t`Ok=)H)+Vz063RSf|n^=hQoM zX!eNG#dx?T$S+g=SPA)y8e;$9Gz%xc5~c2MWUOoZyU){Gf2cl}&{_6cr)d1EmLv-Q zPBZ(mWb^80SqRj!Xq`gvU3ezaWHIHpI@K$!Dmpr;#?6_F;O->Xmw{f-I-p$GW8Vv5 zz-!v<{$-9a3l(>2U%q52Ro7Qn3Og+bdrNpt^dpa83JVtJ4EQJAhFkw5e zh#04AJ2`IGyt!gwC$}WlVcB3T73$H5gqnI)lqmo{Cs@y)yA$cCsk;iJHf z&d~`dI2NI!6qovrD&HC=d1^FDlUau}Of8JLD%}6u?5CO<$)*|M<{?a-)A)ex-Swmw z@xJOCvDWARQe(b;)Puh^r(51z<@y2V;j0qTJ^i&yHAPAFd%Hl&oAn0k1jYJeZ2Eh4 zvC>f6Dxo&Wk*OQRW#xSn2aYyoSCWsa2BBII)1NR7=h$g190h?UR3{}&0@cQAA^cf0obZ|pro$J(%p7U?+gtDP$4!~8KrH!Doo zFy2~SjN9(833)dN7}~E15jClj9-$6CJ8hm-Dnu-^CFORlT068OT)5#^5$#s2WGSsV zOXY;7cf+XLn?78cU%JN0t@o1S*}3wA(Q9SAb4m&dFi|pW8W*sNW3R?|svY-tpV=j_ zsD0BI;`FFw%R@`rh@(~C=b}ITazP4#cngVl!5n=`$)aU5P!F`2xb{Upr91!N#}+}m zGRgrl5HlqrKH0#1xHcqwR%(9Bf&StpJwlomh zO~3*3?Z2TSJq_S&d@Xm|Pk`KZyB!Z4#`CzkmRIqlFDJ@eFSc!_0fRf5joXnofILF* z=f`B=o)GBC(z4>(>EhvW@npT^e)C72=nr5xdAIJj5BSfu{ef9w5FmSWJwBYtZO1S_ z#kt4Pko(c3koz5{`tEB%z{m*LT{fQVlTYDxst`lE1+Zdw1!sZ#fa!4+a3^NGw!qqqVNUcNq**_|ND5h9 z6LVSq^|Vk9dYVDL?mh&o&YCGum6 z|G8$!LIDpbjX?7Le6aUCioZrP+q~1e`^n`x-&6=*_)Vlj>v7t?f4bOcvz8bFG%H;v zEi0Lsng1^6A3er1c^Ax}2q1Oc#A*j_XWJwi&;3Zav|F>Qb=>cGliy`oy1F=CRwLDN z7JSpWfJoR$k_#?U>*Q+HmiUp5!`EgB#;-p)UR^bN%&9Okz00NNoSE1%u> zVaO5^6FHP1nBWwf!2=lM!jn?rgr+^d{Boh;49rcFq2on2G*F?X%;K6}yE* z@$DG!k^P#m_*Nu|q1TfOXU*`WoT7TU>jt&wXGLCx!{E!D7W&SqU857$nR)Z1>Jh(O zkrL+)DZ0c&V=ea~ME;IH+& z3VkWme%89 zmcXe!MEr9-$}n=^Kp#USX8K;t!uvrJ0_rzv<-_X2wsRD(8{W|oj7jx_E3ZuCTW3BE zbIsb#(OqBu!HzqpJoxc!#1zTEhh$Fi&B1Qz4l+@gR0Q!%@wOH3pd_9Xm0^D5*Eyav z&OwDezpDY@#l|M~9GYxkg{_X?kSC=Yn?JqyDVd{TfY|0})%{+W(nI5A%w|cnbcC~M z-DyRYzEru6?92K$h}~T@Q{D~yuLI*8Q!p#~oe;{jt*IQ6EN8)Yl3%7K*8ITXA35gh zMy~v0O2i7t_Lvrog`J5SG#^h3V|8d)6X6$Bt;jCRHDmXO3BfFB=}^DyM!9r`u(~p3(FqTr60fI>RfVIS_xHRt867 z`W+j4@QGOr58X?hGcw(Llz3i)b~wDTR!IU`mzW6WJO>MP?lQ9|-u+8GC={#v!A@JX zT=05QMu2vAhca%pB`j+*3`+kf@KOS)1>j7G&e1*!qIpR(d57pS?%vs@xDgV5t>)qJPn}Q-$(SXy6dpU zb~=qq>~qkAbQ%6aaz*Sy)ksjlw(skN!*>|*qob}GI){&G`m>4d^yfu+)=Biu7ZBUl zGr|$DZ%e>G?NK_Ws-E-f*srUzvoWZ#9l~0i9xI}?dxkmbm;z#6l_aYrmr?QSFM5qT zylJw@vckNQvU@lj%{r(2M&C!Zn0}oYwx5&T&DM(*@#% zqkqXmy;RiOT;kgXEWf91i=FM_E6Vp_*1jcDSIckT7^ACGj*pTOdpB;}tuOykufd=t zSLdG3)ObFa4_H^TiryFPR6*gWCT=voKz3Kjn6?xbtAs`1n=E=x^?Rj~x=w4*O0GaE z&@mR8Bl-;HBK~ONKnEq*=&_7DNu7x6FhPYMsB}rTA&#fB53($L6-=kDFJmpsAPFY8 zVC*q_pG@&{LJ<;9EQRh3khm0u`??K{5E~>MR&Rp;-$nxQ(^U1*#s)CR10N`%!^-(V zqTVM1iFCL3`+{=x6tusyN6mz2GbbM}`FE};dVs(j2pn&Ez2rMreJ&OfQ6Saox@N*q z(l+_{_swGC&aVQgv$mbY%d+8Nz-DLVLA3COAmtTb`|gu#bT0d82K!}3i)Lf@@xF)- z$ZTl91R=<#q0RRaIEX-O)t5O@mRic^y2wrH&u*ud1X`!}M+f&M+qV15+xuTGE2qAD zLXA!o|F-!Xp!@rBkAMCdABlqcu-Nm@6WjuAPWGR|rpSU>lT`!~2nPqpsh)H2_W(tm z)Iav3!2b+1SpmqtGkNQzU$@`RddWy^x(N?HKJ>O7lmrpnZf`U8KCHZHJC!_M6qI;h z{p<@6Ri8YkPBekQC=FX=jh+73NdhTcDewE`iGqISq{(_yqdpXZ&6%Q+ ziGm$IpPQu)n^6kyliYlJpfQU+UiKOWo@vOV+wi_!(L;rK=eqFsTmHZ;oSka{oBat7 z6>nfPaZjp!8E0lKrE0ych;d zp6vO}=N`tofgPMco5w$$rBY70KC^Y^3pIZNPp&_E9nJF}FN5FP9vMm>>NXY8|7VK2 zfIhQPP_x@wx{71lddY@f>@Kovs4_dUvfP&n+Z`BCiYivCa4cq67SFDRsaJWTe8m74 zT$io=Kf2xnn$16c^tY)}VwKhmYSi9)M(q`wQkxp3HmSW=?Y-5Es=fEBy+>;#sJ&uK z6?N0^@BZ&O_kYfHo^vGOkSFoHeLnB;dUYThoe|dgkUi<&WacMtoK|?%4});6xjDA= z5-+#+URS6#{&GJgus3)ugsjNFF4%Z%KuR&RI2-vQ`M+nnS3h*0wmot%l8pXH)Ks_- zRKpMoqZbPK`6T>+5~Hth?WYpdLUEq;NeIrMw7HX^N-$GmiS|3~E_QJetDCu3GeP(NDnG!d=%jMxKIt1Y+Xa8k54<0#_p4XKWwG8ZY48j z9J<5vKONY0)k^-hV`v1!7oA?@D0+ej51tq+S^275O=oH!BaHs!fEq3-ZO4D(}_1z|L=**JV zPlXkLHZh@lkpI{reyYIKe)?>|I+9dP9Te#xaX~j^o$=t^Vn3F6*_)pe$y;3o-t(kf zS`r|ZS8AQld*z@Hoa2pAvcH)^>lKah(*Wz$Q5)$=LMp8y$uSF|nJTA}YkH;W+2%vAlj;x=Z3bl?e5$kC;sj<@t7qSO0 zK|W6NYU>E9zFx)4i@)4iwJMrF5-yQb3RCbdQxWicZeG?o_-rIqEj)QxpOWe!dzjzJ zc_1t{E1EO89kQLg28&giEr#j>$@ITcc3rM9BpckXArrx0jTyq=H=RzFCCUl+R$w0b z9;)Z~Ie$HaCb|f z2&)?_C!AZDg&436?J7J;_7KAY+C==_9mKg9iBKrmQ#krn(1{+JFW|@L=fX>oF~LmX zosjQiMlL=;g5xUAe8r}`vb@Ksqdk=X4q|^H%bTf3uV1Gl{$cgzYLqml>ytNfAAvyB za=rTXtXG%bm+MKzhybqj@2d~Pnt0NExr6#K&{8z+20bNpzUC#X#;FOG;~?VWlHg@9 zKgLU4x6iv-wG=s~6jmR9Hm6I$?$c(c-|&6XqQ(n>LA+bQj+~g}lSw<0qWDRH6xva5 zZb-En(TMT!{H9n)Ky2(f@klhtv8jG;To`OEmy-kd;8vLXH zCK3?&{jTSr<+`KBAY+3&-e~MFUq;2bY4E!cJ@1W)rth4#JG#|&gd)DNzhVa^5WmIV za5O!lS=2-8UJ`!qe;)gLHSnda>#+1gxz7$cYBRcFMK_=*9fPX4`+s_P_vrZPBIVtK z`Cr8P3G{Tl@6&;5=C}2uaL8rmf2f~fRN8O-PxbmAt%-CZAEEB?dEJx8-Sv&9?|z$W z>^ zL`0N%+|`4NdlMhUoHomM^-O8B$Q{0f- zU(8px;UznJQxB8e-7``58i$io3lGySfoK`h9X*u%XCmr`+!9J^YyhRw=(c6kSc*l@ zx>e6M)58<+hYWD6e)tRw;#1JE|LJNU(PZ$>D5Ln7{$QRYaEnF3El^*f5=e|0Y4@~$ zE&CbER19ZOD!WYvYpWy6_5!yT(eiTrB+Q(>W3Io=D#0S$-_@6wu-%T(aJMYLH~`bG zc$b>>N%Z+DIzbK{`Y8QYrB_hU3O!59lHcipM#KAo7d_I|R)DyT8T`!IqWO)gc9Zj) z?S-x*OT+9?wQ!OrUunemf7&oaKcQ`6aEd}$o(;wIORy&tI$%}WA^H3HWAw1IBb{ya z)A5k5Kw=#NZBLCS0c$A&+EH@xv;_E9q6=PO)313Ndz2>SOAIZ1RQPlbfuIEri3oFU zGHgl9l`knJhqR`0s)9ssv?AM66!9g_(B=F3rpRCKPT6yIB~)f(;hKx?y{#;TtiOCB zlIDiiCC&r-BUNIdNnb6|InUTX$I4;1n8LfTK3-~`vB^EO;=eR0VX%|iI1s`?sbmry z6GH)Q_f9BbF83uu_&fa6=`yg{Z(aR<==YsGD*LSfu}ms~EN{i0Lz0Vg3?9>Kkxa3* zP;#;IDeNF*U!yK|Wp?w2R>hFRC(H{BoWHu8g!5@ymd5M9jgQq@?Hw#oqDPUM98Duu zA0FyDGW;s^s*5284W35n#$+V^t?$Eidu=p)KeOb0hF~0Q-t^W!*M!$cm6(N(AaLTB zH7wF^eqjM3@v6xpB>cSs8>m$nB$}P8%A8*h;g3mu0kWF7lr`Ipy;dV$Z4QpHJbvGy zDK2cWXZyL1LQYx2NqBQ%!8KYRXXXx(e1!l_(d%gs^g7?Q%3p4M#~Sg>WE2yvP?_y3 zHXpsq^Z&o&r`F)K}dPf4bUfyxmxPgaj~1Aez|{ zfrrIlH9AHid~U6*NNE@&IQ@p2oaPLJZ_c_J3=*t6zLlY-OXj)nGZMB`TbeaYsaEok zV6xh~Xu_ra!M>cvN0B3eq;lyF&54|(+kE=zAQM>(2{k%+V?KE25}^4BDJynn@jWZ^qyu79$;R6xqtm*{dd9R<*0Wc z@{4BR3){z2R0PaI!P6e^$^#B1#lH+}?xIj^lKBLun=qtBehRn5B=Rh%=l9U2tAED- zBdV#JBBsh&LsSz_bCN%lOUV+^uKqN8MGROJP$B1QIh=$4c+1x_Kd>x>0WB-`ZV`re z346oKvEpjVnx(vX#D}jZS^5j#_PS4>o>9;NxcM%+<1v4?75*|c8Z;RwsAG|`RoP!1 zo11<=-SO4;z$xkArmMtaFX8Fngu`q{PAT-OYMW_>{Nhj}D@Ayv4^kikx;-@K0y$aC zpoLNB@E3*6D1F=|+ApzZXV>IxButSFY;T z5?Id5%bd$UFBaa|%j0&EyvJm37B}E~wcEq3u=O#TF@*RxwcT6F=;VxzCz$ zgQf71tSY|w+A0~?C>D>;qfsY!bHWcGl>6*D4=$?xeRB#uk6cejkb&w-Nx_RX8moe5 zb`w)#)mN{4t@|B1LO6=Zq=KDziU8p;ryF)g`^s3wf^(JxlGk1mQ&CAsXcpxA{fV2p zptZE1o*sYWWxV+-sJ`PNZ{5?gyJ^MkIzoZgeM~ko`3Wrmg&xXZU2_E0&-JJKL^HDx z>5i5RSgABTdD7?pHS^D;*4-LE%i_G2_-UJjxc74lHfF(Z5650y9%2pHbC8-e{Ak_) z{5cqB;71V%Zi(Oh;zlVSpPHYhX};IQ#~N1305L&+^)|v}Tz6iB0rd-ZB`XoDGR5*k zJ3x|%(Zr%vdHD2|4NVILGoCh}y`qw2;CH^FkTs87;ek*3G8%v_UDJkcZ~yS>ZCQ5~ z|7sWRtXOqv{Q1H8-}w2Dj&H9Dg(Gb^*_XsWm)mtUF=ZBLI3J-3BlywXP4GJh%pI zmrp0=R#z*5f@d-giqd>KJZD@IeaRhTPMj$VEAK<2yn8F?+ct%!#W{UVdy?!7lKILt zzWHVhY_Zbe9TCdnf>HU4-Pn-CQ4@UqD@mBq&0U?6sFBQ<(GN+s%ZPzx&5;l5LM}lx z3mda0MWxEFTJc31%6=HX5fZlmLP<8enz~R}+9mLzpP?#eW$N@GIzR^yCJs~-1mKa7 zy$*L}xIAY?tB8}Lq9EZ<_51#U>4VtX-OMh_C-KQ)TWnX?Q#27P>3VMqspB{D(L|M$ zFqk-c1=XAOc9|0I!293lTQw5P8qSz(#|T=k5KmLaKla~~MbDlzv83+14p!1YB2`58 zN!0u6wUwW!SAFuZ#nig-Lj#E9X<&@hr^mIkkfZs@vg9(+z`I;bnnh?dkw@(gvv{Y8 z;R3U7vDt*o?=WY1F_cMmPo^ytP)i@jE(KH6(#=0*spk>-d+(8Y{V$4o@Q77#OHl7P zNAP$n-P2RkGxLZ%GY{B9RV(^YDVs`^(@#9$Px-sYn#XHNsm%2U7;5E~!+ZPf^v^e< zS*P0|yR8n9$@Sae$KOv;6^wtC=F{JwPkkORMe`ny=>878`vVC){Q_A3JNWZK&Ev~Y-~e40460~EEeBf4(QlgNFPc78d{94GbsQ`9IlEwY{t zu9D}EXT2*flD${5@BjR-lTfm7VAR_Pig(8&nwy8eesfPBiK1MebGd?>4OeN0F4c}r zmKE%(vrQ{tPwi?kf@mWsyFS|5+E-L{W~H73@GNEG4LPsY6V-#IGP4cFMC zvmjd!TOOc<4QZLE4p{LCl$jIkJ^7rmscrAG@8OpLwR?&!X{tG~r0>-5a#eK0sj`jn z5xBe8F>zH{hPrcP&I-KoL+gx@J5 zf2uQhC7)og5j?74tzMovM)vKTr%uER_tOh%J?FI^23xT&^748x@rsgHo(*I%lrs^1 z1h=td9cVe1afSt0=2N57lD8%xB^Cy7nUo)eJ%8sMOttbBH`xKGTZ*5|)}F(}j2cjF zUh*4h&sR^J#tuF$^i)f9Vv06**dB;J;bmeJ)o6u^C6_y*uJ}A6(Z8kZj zC(Zl1yfLf87->!5!j*=wER*+~1k{4ZqKM57J+L(1`DoUL1Oq27ImH6&* zgE4w06d_$M2wFrY=wnpH9IT_Eqh>rA{||g$o)0tA>Q9OyqMkKN6!yN35x-yZCn@4{ z*MY^F(tw1D+Uo#<o)IL(@|85~IXVV0@$#K(b=|&wi6j;7;0)XX9>< z$I9iBkY-6q*qs+}#stkcqjc#Iq1j?rX8eI@yuReeTRk48>q~U9B-bDTo(VGI=%o%j zuIiN{t|N=d{i`zuSCkM`Y<8cTF%2oD+eBvSvb0nC;c=W!+7}$l;qVgngWNqy`+Kf{ zn4)c*rpw8}JcLEP#Zn)uYSdCIj9vB$KKVxX1Wl*P_3M-LK!tk2o=-d{yjYOuBedb; zXF=1I_GQUGz4Aj>c`2mLnQF>a1-(q5xqvGmJ+soN7iN?Sx>Dm3Y|l>*Urk(&7)R;1 zM;#75FBoP;U%-v9Nyx1G^^ zpe86*$vi-VRet2o4yjd&1^)i5$7sp;`SqMdAuX{roL3FfUdg7t?13Reo}x}BPmy0Dm1M91uZ$h9e-fG~k^MqLVlW0#&{H#%Mcf{8 zrM!|o?=yOW7QgxarFNrT!a;@UjeaLvH!|GypoP653{+;ehhkn4ha-%$w1}|=<|_GH zO1NnTI-o-KqwIID{>rFeJTI3iU=gP-O?9}g7E8=ow?+>Q9@P-9KxB;#ZnZ_=XYTJnbj_-sboW~cD>K7Y%@#GgmNlrae{K|wQ0 zuFk#K{h-mZ+}y01DJ9AGwVoE)TsD3l82F@fAT@qE@8fYsPFW0qMuH$7*~|S6-4`I| z=XgW9g7U)Hi4^stqPDmr3rID2W39f#>N8Et0*18O;)v++@YYvU40K95``~h7@VOdi-MD- zSQJh4F)!Fo7RF4mfBIL|nkSwiWT=;#>?MWXjai19jQ8niDJ;ybEyENh2{5Fs%o%WG zRM~P0o63|_*Ea%57?L&AGSdeIe_XqY<+URPJul!`Ul%_QKO=v==y1}-ZzC>eQTZaZ zK1%8G8K>p1YTR7?7yfni9I+{z4_;m2tmv;}J7iXt{Kf?0ScmZZypuhR=v$>}gXJ&U zGunCjFIBRZz$0dAYp}b@RIqbI0>+R$BNjj@Ndb2EzQdry=%kD>Os0-v%5|J)3r;Ra z4z=fnZf6>*Jcp}4$2D;=|5n441Eb)?rwDU z3tR^tD?cW;=qot0>0ful=rqgc4?MiR?MkC6aP=5cjwKRMjfQA_>T`!xP_DxOmyU(`?_gi{yR9dMu z%X6B)wZyW9w@DGal$>=t=GPQzKKc8%8+uq&oW8_J;3!Bw`}Raq#-1(9)Y$?28fV^6 zVIuAd0ap@yZA<>_R71xbuOYUtehd97^LFx?pUdr;C4sQ3RQzSM;mng6$%8Ge(Fk1a z*f7}?3=vHDTq103b=PH$?zH7(K`2>uu_MP%$H1n7EPARtc=;&!st*&hrrH=p@{EoE zvoyFbni>+(a^172LskLniJ>2lfz<6+GiP?Jm`BDE&5;qo8{XGAgB zA>JcC7F&%>m2>m&_9*F`3+m&?;)FvJ`o+k$U1r$R;!L(ehvJ*#zhty6-U%O;UUHHX zzgEx-RZlCMTSa+MhhnnA?tUlRFrH=^;9oU;yZ(I0j`r^8e^za%)u`$JzIi?QuH!6= zt3V|3&6tLDZs*$jvb@Y?z_%C2)%>|1;@AmljR6)JSBWuY0BB|($HzQC+?nzC$s}PR z^5bz=!cSH8IQZ=AJ%16kXvj zD|a+57PUNxP$tf-clPrft|7(|wUXc`F*sX${}!i1!$u)M!n>~QMZXe{{x)u6k{aW&9Habl&oXa-UV<8ZbW{!s~faqTQR3Om4BOyy4-PJquF69*`Q2f~IZ)75IIJi9H zxf_6{3s)ssDlx^Em-V^aBkLs3maYw+_WmHik)60qDNEfB%WW>mJICq`ido!R1R^Id zOSDeJ;L%g3I4QJF@J-|G@zwT9Ast{`o0#%BOp23uA^5%I7ao_oUV;MhwtYT=yWE2| zE(=={7_*4rT5bNyJTf8jxp3pY?anwTE;<)3Zg!H#`lt$|C{pU)Vh!l5WaNEeKM1-q zpMlNSnW=pA)~;;YJ=EZiW6l4%)f|hkdTX>i2BLg5*iyX6K{L z2tW$~eM5`YU{xglABvpXC1aJk;&E^v>Pm_J*^C-;kSw0&SOobeT=Uyn3_lssIMMr@ zC62W*t|t(GUHB#}K~cUe*&S=eHb`J&cnRVIs?>`;c_TSw_!LM_jEveZw`cnujfX*Y zM2lRd5LkNUsV$fa&M2kTk9V7QA)0=6+j(y5-wuMbgWM@BWTkzA@CL(qi2z! zoS0dOJPyGaQ|3x2Wyz3k!vN#$2{oreTQ0Ne3!HF0fD-7{$0`RAiHd9(FNZ@|2{HaG z_-SIq0U*bjJzaAYO9%J64YMj+q7!u+^&)`h-59$yQS(xw?GE^d4X+N)rAheIu8_v~ zSG6fnbHny8QDeC75M>`{N>g8cp2g&4-`la|rGwSg9D@fvl_LA zNC7y&Vx$D6w%}`$0LbP3?05}VOA7-9K!G`hMN?}(NBEH zxSCP7DLsuhaToIT+vk8-_pf~Uq(PD2cSBfp2%aV+pJ3@st;-Hq?#5Ufx+N0pwU#=W z#vCKbUQIz>)UO&E>W(e|?3U`6zYR}&rO(b6LazvnXk|Nfc;+R!B?1{G(-3B=qZ8&b z6W_7YW3l-?@w{t}ilJDjX8&jDvnaSwVF%>YEY9JTHEN<4>)GC2mC{94O4{M)iAvir z&EL+-?G5Q~6G*#qgO661P|)r#pK(~pU;C?d@5Qa`U0V$ zSTY7eFTMWx`6NI*o)(Zm%LQ%z>S(Ia*r9mjYvOaYl=G#k0=)~l)quJ_yXXR5JD0|j#wK-a^jyEyW>Q@T&P5f@#W%)+IvyG}q@jUR zzE$8L*HdT5lkHixA{;?B=JgWG?*a1rw9cz!?F;=f&riFE=o^SjD!(-?8K*k{&W}Be zRl=#4N}Z~mO{!G2`JXC|e7G-F^hj8ugoUXlfhWjbfn&K)V>Hv}+i`g^&&)w_j4x|L zJ_kEbIGwKHe-$0R%0lj%@P_D z-Dd(aD8lRC@>uzdM7Fdz&SoEZ&E2_g<~dt*gm{A{ATlrd=J$O`a{=l5p_?x77tGl{}g%@L3($^(R0Jml=>m zbegT8%yGV?3eoN}*r-Z960ja&q(7+u)&-odeoF!1v-*SW~f>bl#e zDP8QpO?!SMiU_lx;{?grBoM3U!I~#ws%()1vK}Af`V7KZ2emwcL?nm_>h2vY1Ch;IH4aO=_(u`8%}Kc@;hS4^Nq;X(iGqp9k4<93in z6(_xR^+Dnd{iR+m4>s$WL#=mCOa32$=f24V)fCsbhc3p05=2M&vFx_8#Ue{D8^d zZjht(mR5-Uy`P#1n)V-gs<-LC{+3_aLne<7Z;pRW=pllC&D)!alqgle_uL}4MSohn zI!T48pU}{SC~}}(-y|l@a?zu5=cblAeaF1GB!(<%hKdTUJQ2AU z2#I!^%y#LBE_MEtM3S|2ct&!6d}}K@UO8s|3SjrxEA>-qwh&mRZ=D@icS=9KHtNd> zceAus9K=f_IHu@&$}j168cjw4AX1E@3YOFnVwoe}WrA5#MOLCso$dKcseZoO$$J6F zphY(Ru8fi;?noX}!$DLp+GsDr#U+y&a^9~&F+X)ivb{0xQV2~XpwOc)lXNX8-fG>a zh4KM?_;YS8dAO4^)j@3dO?Y74aUk#Dnr=QY`MSE~wDZr^gpEOH1v|&SGPls;#@Q~( z)fs(Wov|Rl-SZ45;-HmhA_gO+QJiI!pNOtUU=tToOR3IfXioZ;*$IoO=Iraf+3Xm4 zvqf7x84-S`AoT#zZz#$I)a#<*}(q`WYRh9(4 zZzdxTpCVgKD$2@MU-ti*$Z(g$_a%TijTX%`8P35j3o{+ERNH8aPG5TX*}QbOWv9ug z#QR#W5o+ff^bvNtVMx;#r0QN3DCLti05d9&)itP0im@*((Cxvq1# zS?~}EXVV!h6wz`{h@EAtS1SkD1%&-;TKEEODT|AtG1>>9UGd+=JBi;BZL zH7zy>rFAk&FD8jIR;@1MS4dM1{VA@b+mQ8&o78p$&D!+|+T^Qr#4~hCf<9}@FeT7B zW8L{H!rvFlDgbR#Oyc4)D3va;wWG3av%?#QQ&SMcJ-9c*sRG!P{)`BjY6UqBEh_}- zplQ6kx<@cr{Tb?gt)&XmS~zr&jcUw4dBd(h{0FOH0>5^)EQRE_lrGguR+Sh#l|ph( zon5Fy0n5f{L&BM}*O=mU+HyP-^LKSdEgjyO131hy`3McLuh0$o#sCDXcBTGQY_20h z)r9eNybbuZ-XX^!&WvXi3yRMMtM+>c9)q5)|YYtoYMC^KWzI zhwDimgsN-){}wzy{_NHyv8fz-_{J&0EPC=vex?54q95zXekEh;5B`ZcmltMCE(@|t zsG|{flINAlaR38kY2$ z;%{Hb3@2JwIW>sZC}JYD=ud=ZAeQu(l}aS!2ct=w+4SD*0`(?|O^ZN1#x4S(#o z8ZH^jzKf|=HOgpTXio(%LbYU=^}yIiSNYisTK)@&52xKHO+B8izDza%9RB1wNUz;Z z0}+)-h&h-G+x?}1W%;RXqq7)2|EHu9e6@)MxnQ2Fbh&zhd4X~p!}%gVbeyKOpzrn? zN;@xsz5@PqO!zfw~m1=-V#7v`*b-7CA$RRBqFQ?)lFd#Mjz)c3@SHn~op8*0-^Scy-GwVCX8p z^#x_`&CPJx0U0oR+~kbJOD=*AMFetrWq)+c`j*Gg0brS5xqDI`{PKSu52u>@3S!omGp49JTTV*@69pXU~&L-O7)fFxQeo{_ubE;-{f0+ad9VH`Yo6{7F>=?*rfW_p651-%AwcUrLYK~CnTFy}|e-#*E zzyM?)VDvHNs>&&=C`ZH)(a-|fOQWbF81n6$zW>`^)#(50qWIw_`|uAVQ1h@-4jEBel=f%`OQ{O#3L!B08Qwfb zc3NgPyJl$gdro8Z7Ux*qY&o@sMkcqj#_OWqu3qN5jgbP#31@Yai%G_aP3Oo}Tf&?M z&Dww<(%Xj^ggo2uQYK-;92c$n-A2^D_GNutM`xJJ%^Tu#u%kE*rjqQ^SFOwO>@vzI zB|}dY2nPq5iwpp``oT`?W5Ta%x^I#)-a#hE`nAgP^e7R4oM+9R1bITE-%Co+_eiYO zVip^hH8hP%gvp5H%U&us7bbKCuDi>Wr#Sz7Pv|gm3_q4rdRJclgzZK<+iOJ=NbIR-;KkTzIL-OGI6#AVMSoIfjkk8rLmbVHq)c~LMkX#M zKKAEdea-GC@y_W?a5A^Y+i|nl4!9*LSnZG{%aBs2Q05|BhFaQYs54|3Roj*oADnu4 z%L!!7Kr!N@;E)irJwClD<>Keguj~vTe5rdQU(=S;Ntc&HEB}0|VxWvwIlO+w0Y>A9 zy{%t^f9<+#Y}%?UXs6R$J@0m2t-O0!`nj@1Xu}=qsV30EU~o=VUO@|Cdtidip%K)QAyJkejWxzNPBnhX_$iCYs-H`j zH{g;$B*F*OO7yltk>e>Ub)_8YId!;CTc}cO9~%WaYizO`o}afHzP1%@^gKXxnV^S? zkJ7FQ>(0@8qd~zU}-K;&=(X2DOSKPq`M%%rt`b z+OxR|Y)IMZ=k;IepxM?H3q>vAvz5xFesO1Pb{5amuwJl40e-l9?&n~zysRb!Y(Nt2 zIhYMi(h@GkTZk_!qpn(aarF~bLD6JyAj5!nV3p@}of1(KG)ohL9lM+s`2=a0e8~5A z`($KtYjr0Xw}OX-QFTEVXG1$);MhX=!ygzRwc>HF_8lzShO|^!4Sre?&-y z?XT<5T;pIxVh;_mk^6Q&`3YsQLa|Kr^s2FAf*A_`pykPn{#0<`3t1KrpB)?<{j(6x zVm-%edd<@WtsYt5>eTGMfjj^_V&*keEZz6BOVEYu!H5EzC&FKy_Q;v$wJU*H_aCSA zA8otfcXYw;tb*Hr?OJp=XQ+sT65$TA{AafKFQVO`II`kBm*VSH36MvP!#uTW??5NI z358p+XIsL<=bbf|+ehMWPmx;hzRA5qmj14y?d87j=f2-{`MVowant>f^9d71|G#@x zYudON5~p8hpmBN36k&GPPN~!;o^3ol03vOw6$CET@&M)~fv?Gh0To7zr4;;1zt3@ATOqkMixW8M9F_c_v?5{z92d6L2PE6ZM_|LwWP4I$D>X@W5*xHJtH zPra=XCxLU}me(CK;B(pja`^9G3FAj#6{8Ge^|TLVEiEmPO)){lj6p+7Fu-Rc8qxIwZY^!Un2Q%ZpGqWG>^e7h4Kou-u%YVX>ySsK ztc1h8{f(f2@Xd?T-AzKYa}n6nu0WN)cb-@*EJ(MPVvlZ4+OZ$td_DYc3SZAhL*7Is zB&aq`{j$MLp)WpP5eX;qH9c`vAs7{Gy!VZTZS#R%CSH)KRujxPp9J|8S za_r1`RRxy8m`Sc@bK2QjxIwj{MnXb~!KcO{js? z%f43b7@G9$wyz}Tdl0CSR0^t}>~;Cp?AJ9IEMS|FuC1f%wF2a*+PU3%2&)h{uohY5 zBVs8ydoX5xxzzr{ICgO<8m5oL4WBC}r^$1nwf&X!I-X z+Mi%UUj)O&7og-3F6HWrx|mL{(Cx2u#Fv-+)-|9CU+p6%8EwWtElF^H8xN24lPC_Z zM!N3@9l#k_c=H37Bbgn*9z70NH=TbX4IHGr_vK#TA|3Qq^*TEWdZ4ih${;7Qb4PXB#@5^rr~^~_4DN-|7v=|Z%@Sf zy07U-hr}22o*E>M<&cHk@`qlCeRVPMUT%+C0PdTq#jv}3r-3SipUE(?ax_si$(zRb zotmY6xY{rtvozK%aG=)A5f9&kEvB}B)1+9a5f}+?`7(zCc65UxOMGaj2MWey%H<^pyo^;XY2Y#~-vXA9Wd=79h|ICR#j;cY0WXWlQ(_!}1a^aGte#%T z8DnhrV!7o3C+vgQ7YOtav2Q0E7??Uc%X_ZRkR{A4AN2~09b6d(teo=1+2X8o<*p_$ zqz8sd<%WF^YmvcNa+Jg|z=1@7&iiyx_JN!1A9{k!E?AK-UhoRl>m&}Fr?Ui^+Ny?w zRJQn%;}i;2iX5SLTTzUR8hScE291UQf?w#dCZYxjh6$shAQgVqf=!w#AS`U+_)Yam zEXR-(5+ZwW^XTTpo9t%;l6Zz}B`(p6c{A6dRB7lk*g`9)2^Vj>3ap4hVz5f3R}4bx ze3q|p>&~mk+YWmISPZEz?z0bRqF8O#>IJn_vrQ~`2;rB2GJ-qMvyF*$V1>~jv~92| zK(a{(WL}A;r>=`8SG3sdOqx=R171vy{Z>r%ghrMh&=i%rqZ@`7sT2lLtkmP!!@%%p z=P{~GhW1q8JJT01BsomfihW+41t}LQg6M2b6Y=n--2`_m3Dr2IL1f9>x_S7u$9~08 zKBw8U+3W}DLfGo?Io@*f)`2d)Y%s)UH92)k*Fn!Zl+{9R zhwV?Wr|I)#lgqoi`G*F(;k!F{2O(W8a_Ntk!>|tbu6~?cAtcxM$a#MMmqoEEuZV)I z+;=A6LD#G;rUD6x$2WGFY`xLK>=^q5*3w<)+HZMk;`)xaE&`C+xpvYA6O;pE`sT@H5-s_4-0!whom>JIUS zn8dObXQNRB75Lwi;SB;9NYe z8Nw`{L-{%BLT1Pa^K+w;yw_(;cXiz&*5NM>jk|axJ2VS8^XBX41fgQVZ#6lAi2%&a zoEiQy%JBCg-auYF3WMQ-sE6s!FsiU-b)?0)kO~f1y$Gl0`bBq*KVeLp)mTgl+-P8-1grQJ7|V zv$JzMNeWD4A(l#6oTG#qP)#KMEy8sKmnAvB_7?Lla5N}N%KSW8UO~x|yPTdfvVgewP?q(B%PE4ki=b(8{_rKJ=9h|ryaVy=YpeY-tlSEC zqt|Cigh0wBN0v#1auv?9%<}aAH+!y>h0fYYFONvtvAS!z3pURm^qmNcjI0>Q+Q&*VG)+uc;#!7N3StgVzW`7Y z$7`#AWXBTuo?sRCMTJ}SR(xWnM}cgmi%G%;3mCS`Wyr{eI%UJM5Z%b*rlq^#mA$LH z{QM%^D}Tbps+i)vi35M+GUTM|G}lgYdcJS`T2KNlvXVrH1tuZuobawC`UR>iiGZq~ z=#u9vi*NU0gx8wYHE1F=NQ4qs@v9;mEE99OUb)>HN^-O%Ka7|%QMyt*RFV_wG8b4? z^Cne2k2Mbd{ZdOHBiS`dRP|9!jS0&t9UqSSGS2)14S^XA?;@EA_)^d#p^M!sQlKqd zo_}OvEtM_Y;{&}7EtcQ~S#pgkuu}GMkr9(v1{p2$$qR z56Xrb`Jhz6!MM>WRJ2t=t+v79{R#qScR!zCVtYKhvp8(P+7^xE5YnAoTWkz<-cXx5 z{$N39I>GK~Fl_c|gHZd05RfnPeSLK{yYUM6O=+X8^Z9La9$izzm)YIrTXlDL=c-aq zpk`=pa&HPbvsOxJ(n1MH*)7R(EXZ+oj$KhbEaMl*Tn6KZ>Kub}@GBI{2*{e0!yExY zukw9A+>m3pTAWOZDz?O5s>CKS;;je?>odB)d=@#8SKYK+;cU0JhdSPT(dMss(Y;HV zFz(Y$vm>Ociq8}8DIuLbf6m%R3L!olkX`M7zQ8pqg(@cX${onpP?_7Jo@)e#tq{eV z7@F)#eSr2cd0wMj;RyVFS&l;*4;t^2)*sX?AZJ-U;aaXF2j|%A21WlQWH`AtntsgW zWP)OK{Gy_Q&WEzHvdmGn=(r6w<*NvVu&9ZV$;l}3QBOm44Gb*AcA0T7_y@SKj7QLu z#|=o~N!KEyUCB)I0V>PF9IMIXBXS*4hD|P986|?e6AE8bAXBcjk*(q622RLr$RtGn zY|PaDEfN(K1+p-BKkgIIovNSd7862sv;ejG5o79NamQR!e`~uL<QPIZ0zvNEKpd9evulr=UeQ( z$%Sh7qt7uwZs#f}8_PGR16BoSM{dV3vefXWRxJNY--{5)YO&eVZ|2>u>&SFI+U+V=)>A?)MK}(Nz#7ijJNeDdMXn6_#^P)$G=tX zKV(t|%H^2n4HxzGABZ3WpF)xU(oH_xqSTf@i8jjAbG%RpJ`@QS ziF)uKdg?DKv0#fjxAKC3KdbPYW^VrjRl9uO-Q(k9l-8ztr?E%AE-wovM%v8JkwVlo zao{r}yQ=SSvcI5t<7|>pYY+Ci0th+%M1g3Ze>Ls6Ic}JSyYxJK>;7~2&x7z!_!j=$ z>~~`1$59JkJgW}-p%blo&co?DII_DY;JS*RpZ}kL@?Y*m`QhwDVxhS?M4{T$b5Sp) z@;8bHV&O*Tb6xe$|9t2<_wwk@_UKZ>S;FJ*gmM&p57~pFYy3;hJ0PU#@J9V`t&~)&p+8sd7jtGKgsCmrg3Av6lwwQl((6JboyDl ziTb9zHHv21#uI`IYbQIo7IIatUYl2|s1cX>>PSn`yGOU?$$xkL{q6j-KKvs>h0@(` z{Ifpn6wv%bR{i}aRux_D$issFC274wbg-cAHq_>EdNb=={yPF}zGV34>++Zp&*cfc zJ_%_i>x9km*JDbtikIqpt{v7gD330(l8RqAJWo$*IRQr#EvPPFzX<>PSk=pPiarMkOH1Y!Sj^m;S2!)u2zP1-`p% z1XGelirbjzN74}+##3;Dyi@*wG{jClc{*K}QMP zidFJTe7dI8Xn&PKgEamZU1u2;RoI4Wy1PL^7`l{{P6_E8X(Wg429cJM4v7Kj7+Shp z!lAoUKoAh=5YC?O`_5YD&sl5!%!0LN&xZ9r@AKUEdtbX&gv&na4O7Z_*1tO`UH()@ z4}2E2loiqe31Nji|4a~hywGRm$?@gH_3fZA>sU!StI2 zUM-%*jhX1@iyd-X5m{;&p z5?f*=$gl`$-x~q6DbDk68+6>mA!+U9CpmqBC}?~&?mfJ!csd@D)YNjxm`m&UbRSgd znk|pbs!S8biB>rh-Zg-nzfvuGd_$%rSD+sE>EVCNX_Q5+97NLjqys zF4U@k(Lo1YE#txUn(_j+G$^un`o{TAm8np)&F}Rz8Ue3+pktk6*$yk1bc>!(C1ct9 z3LfXjEe(=Q5FUL&32yjEG&EmQD65$`PMO^q(zNt>mRkI|0Ile0Gy{lz4n#7iU(1w; z)EmK$ouNY_oYr*n_Q&e)z1AsV!T!{56me})>Wv}a>dMRGky({xf6wnR8GaCV7Md7$ z$pwlvvmg_DF=RN|u<`bcEg>Rm*^M}<)!X~yIfT2=T)mZ;hDC({rbutz z|J~#%F55#^Svj0IxxekaeuTqq-i^WGmE$6)iA-^>2X}lj!m5RZl$a{#+Vj=(e`~9iPDXQmszl>)!Up_r+wopp zN?ngNnQ4rbEU8JoaBA|dHaBXtH_S1Rz%cG(?A81cXpd~naM(>oKEnpna*ySD-P|+~ zZ1f=sOWi}4W&jzVwMI}1eB0`S#S<2VS5lhUnmXN7#m?l`KpIWC(pVlr8KAEc-pW(+ zq3V5fn!afzQV-`@6u!^S(@_M4Q!l-L)U5COvH#sPS=Q0Ff- zqp+G9|GA3X`_+8_5d8w}4+7g@a_X;VECtkDL|)y^4v@w7&HH#60Z*Pfed#xmq)6wt z6+wyMnjzTKaQNp;?xo@pZ&M&KHVA;H1;8!oJb?~vUGIzUi&W^bIYB?fU7zB~px9EXy(F zUn@X@19GvR{#Li2D6^Y>*-tbaa^%dqxGX2kLH63#jj#OsXnnM~iWKs4flN!lgb zBmG_K&jf_I9jwBNmS8?c#fsN2=dmilo;+_Qkn&vl^k_5d+=o@{=UMg#uvHEI@~C9b zw2TxMsHK#amPXkcF9U4SiG=U+V8P8Y7}vpputq~#vo%s7DecMo4(AXG)D+WU0y4nt z7%<|1gO}ldV)lpS2y>3IWZkkK*E^0t7`1Qfo;})jPF20HAHpLjDEOQpVx+1732zrl zElHOUOG)tFKuK-9pM^CEs>8xU1*fJMuS1S+q&ciqmxIWIMc72*CVn?SF2^fGJlq65 zw8=9Pc^MKpFZ&3Dm`KbS+(DRWMAP1-@+DI#KT-ZoW|rGKz+8p&J1*jRS+;vbr~F3T zttC-iLqjMMRZ46Ce;qH1Vef$2zr(#p`gHnq@Kk{KXZ z@Pi0HkNFQgelvd54iw7d!>WTcfX(0sAI~`|BubFj3~~Jdgp!MB>tDJ-;ow8ILjt{) zcU~SgJ{Yovi!m`+t^N2A<2pCi)4aRrWC9_^8u8|Fsf<-9wkj^ppE**Y50YWE;Nd7H z<`#wlgUmG?;-vGUHNiZHp$rYds34|d5*v&XFPIU-!#v;@ZH6TWxD)KP{e4ZWt+^L< znQ3d9Mj2aCN$3sh#j+SbW-X^|;S^Vt_UIsd3~T)!6SJDgG#`%Zk3@cOgeL|jR~^hd zX0!bVP(hX9gPuH8p3K-MOzI>*2%ZbRbl#)Ms_x5Csq;5MN|IC9Esm3~vWM97u-4Y1 z{Y-ApMs{(38Gh#LXebTU9u+BNlCz@6Y>4pkV##Ub*E*x`#3a$-MB1dcAfbrMCs9>3=!vinZDGb?vDKsGT-K704h3D_B)J zNVQ^8V2mC+3Afetcb%!pgo6aSNThRJd-L8v`B;{*uHkjkc)YS0O`PH=h-o`M&x4;H z#F9!v>}FI(yAm}wi@Q>`xcXpwzWRIBw=2A^70Vj=eAO1s9cx*e1eP4K967|5&EuWZ}h8#bCg@^NU6Kz~n#|W1_PDT_~ zi1G?p6-jGkn`ZRZ_yrmPsk;WsV2ezCYtLqMnBDyA*>Yf%u9fVKP554tc&}M ztIsTXv#G7fyV7~j6#JWqO%|7g8~#s6jEo3uJR!dGZTUB|89C8ZeOj5s5qu>S=n8vQ zbir&5bF$3O$H0QcslxK*2@bOiS`y+S=&2`W9xiIMxy(afSR>h=4-D|V<0MFY%c$kL z>ui;rLFH(#^;(*4hz#BRYdz8J-dOhI(YV-xI7EnAJzx|W~>(?4x%qI!J)$zJy z2A$k&oj9?>Bvr$x3V1Rw6SeKbkWW)RQj&$y?f-QfwR$kW+kUFoM-JB8CVnQg@!=d1 zxc(=84X83-FN#=!67+8d)ZoSU`1AeaPoP;_20FF*<5l0CI0UV8CjmfTXFqMfdfeX2 zc98@+x-WhcfZ*#w=RVBPeQDHIVpOU^+q#*nKMO~=xJ6^*8)rKSHiYJ6go0{Fqua|C0& z(njJad*fjbFd02q=hB`$0-$k^+ok(F%XYZJf19#*+etJj0vjBWiy_*iJ#?DyIdw2g zFKbF!yWzfh<;C2xP`Q}9-w(rCzs*=jL?*iqN2zH(AxqY}YCQ9NZLS1jSF)hNBGk>6 zF-6U|{r&KPQC!M-A3*L7RT-v9R1uOs^)pF>3!m8OU;(!sn|K|9`P8JYKm;JNa|D3F zOa-ADBvk5xEj_B>3>4!blzd6GJPg>{$xshxIV_!i=&(m}FFigcdoV=zTY#cB|NA=qFnzs0e zR*t3%hDG)2vXYVaU7@?Xm`!xPXMHBKB{u+?Ypd67)%7Tp%#j^ysdsFA$zwi?@5At} zEUOqVu86fZxS|L0XFYW1NAK!uA*B4|U-mi9=V&7nIUK0jYdBGxzpY>#l>?0m;Vkp$ zc_+wshRqH{QE~&=PI~MGFwk427(3Qr8t82VPO`761=^Ut3icntKUL_iSrqBE7cy!x z6d68|CfZ*P9bNfJM|m;GCv)_7AoH1S9zVZk0;^8xDi-mqZY(*Ne^##KPY6W|KQjo3 zhd|=ZcecnO@Mlf^jjWW}`l=d+%_5*FJKZw|PJ15QSRWBpL;xH52-PMilH-gN)4W38 z_^aIGr646#czktv5MomO6xS!J%@xeYjL5 zY1)o^T&YnxBOpw)+Ob3SFqEOmMZNSRsdr88~)gYgG(|X{)v2tIw>lGtWpqROqC`VWA<7$#) zgxnaI7EbWBK@>*VlU#-fFSG780r{Zi#6X>KBJE{qU{iUM0oVsaeQbtKi8=RkAb1Lccm7{qpPAqw%;{6#rDgg zg$pmgS;%uG(`W9yG|(6j5=u zx_A1U>3GwE-s4;9_PL5J#i%^k`WUSY!U|Puaz?z^&Tpip*kFh z=(P#zCm#8rdots0eeaR?5_bl$6gik&%(1WH>sYf>{D`RsA1AmvoiIK0H3NKD`p6o~ zU>4tbHUG2G-mLqk`wpl>h^%=esQ0qnnV>Du7yRnl;GzYFZO?)cid1YhfR{c-@*kT3 z!sk(Y5ZF;{B(8lr;@hc&j}3s>zH#_Zs;x~O)%6xJ<-Gj~bWe}HgdZoLe$2za@3^f3 zNiE6J<5potLf_cvEQNFLgipfac8`TnQM_tT6W zTlg-%*XbhS$b(SDQkgvYXJkcIXtDXV#-P?zKsh~`op*Q2}PI1Ta zufP4LW2qxa$iTAeqO-|*aGv~1NzP^h&su{JX@NM9dZUChoX}dLZTLd#u^4$H@+y5b zs08Pxn|4dSgW$OyDefr)8H@6|GDY@yKU8PlWdHD+S^Xg9tmw3oUSMuvcVcC<*|j#& zU@f)dw>h51+?My$G3aKXR5CCxWVGQfiY|&qI5H+}JseGo;qKz@oP{inN3yqNM%2-o z>SsSG(4QJbifL>4Zq(L!U0WGcG9O}s<;%C9s^79t*&hX63oStxiu?p*Qsq$4<;?vc z?gN1a8vG%1@Y%!$FMTR?$W5@7G}A1yXU=RrYD~;Me@HYFa|u#h*^40{t|PwWja)FV zU&nQ^s}kCR8^3$aXCYw~W+wMQ9YRzsR_tH8158@QN`_!4{u{k;4%Y|;)%fgVDnM`>ZV%8UkE`H+EzL}-c&M`uE56g7u=z9%nGNm)n*T&e}`H{`j zZfF!!{*wiLZE3BQ()XlcVT_O=E`pYNz{z=;=bVL5Mj|=P)8Td z6~JSCBTpGz5rWE$V`ry7)yIv?t3>~D0Q@2=x;?)kSg&1{$O1w^L7Ckk^c}@I5ev<< ztjASP@LR1PlTWHPY?f848AUdN0=`_)ObBOsnoyKj59JD@hSCv$vQiE;WEcsJ1XXxDX^%;iFL=W|H zCH7)yL`0@CJ8Y1>#|t$1;QQI0mab8Gy@|WEn9RAGM2rA+69;4H8Z&warO4hKdR$%I z=s9FYPiZHtWE9hco>z81+9$V*Q97R^%Vd!D-6@0iEt6<)a3f%MLqYqd&QqA%Sj=5F z1)QmXy0ZfZ<2>g2K-D~$&x)Z~>*-q5%}|pc`p;+7_@D0zR+K#MKi&r|$1C#B;2G81 zFS^ozNf)*C5Jv6F!dm!Kaq+=Vo16bH9|JSAz zPGR*Z0s;u2huDc+V|um;mdG2mjlP00nm$Sp=Bup45NQI#9iy**Q%jA30)W_)7wkvU z`5yowUmKl|mo*yz6a=v;?>Y7^OQLNv*SZjFBHU+hBHd#7W;atZ601de9Xl5O{$|#Z zv+<+#4gyAUcX{-L@R0%Iqeld=Behigr#Zn+{P<x!XV zO~^;c+`!)Z-JMVqX`({H0XKD;rXjT&J5 zwBzrvQtJaWTZ_J+Mi7;an!gmLYzrGk8NmvUW8=BZ+vi)Q#VZ|sk883|m-W+L&-O%a z&#>4ZKLlo&(PC)ko0Gr=dsk*a&WD~c9E!85lZf0x+@mT-;$v^4Ww;g^(Qd<({SawY ztY^5|9zordt;HHjt6U6rUwvcKSTNj|tgXyG*z6CUYa#=?V_{kxK_F#JW{H?0&GoVk z()U>O6rQ>LssqWxy5KW955 zNIKWSmwT7emkx7uZu zCD)0*GZA6Yngs`!ITY zgc>5etM5T?USdD^O?SfrQ;S3vBt4gJ*ilBqk&+BQe9g;n)dSKzM{3tmPWI5~_9jer z)dT142^yu+hniKTz<5P4JD(FU9{o-UsIf;H9{|army~Q3t)`h$eJ=3DFpCaF3KNxi z+c!D4S!HPCIkQ^Q>Mcoz^xX+}kf%6x27dSpke+)#8%KtfjAV*jQI<#0&f&F!4&jcY zawAIt8mNL!Dq^GJa4HQY^>vOtfRXuZBHnQpmTsZht}%4{;5xZW=FrvCN!zGodkM3v zFWYftVA|TE7mDK{^4{r#M$ja&6tA9nfYY!*Yt>*q%1hk(RCLR`o}N1$TqG@Bsql5N zD3QgTP5-QRk48W{`-y$_$?$I8OerM8n9E<}yStMolT)okjVVfzs==waaj~W-- zi{Gh83+xnU?resIOKrSWmEPp!F`A4vpq8QovIwOR#)c{{+4*Ocxh0NGl#}D7IB2Os zl#>g%Fy!X5`+WAj%KF}5y&Wu1oz9|=9>ZV9Qrm|Q(7TZx;jLC!i>d0vKQHPerw+sW z=34eXj-5p`zkrF-HN%PG@91zzTvsTR*m*Pk*yZOk2C)sv{xeGd{J-^EX15K16y*Y= zkXQSUd8UAh?i7pV${>4>@b8+{0!9K{>4%Ot*W%$Xoj9GlZuby=1Ec03Ku_uXn^q$Z zs4{Z9YXGtc7|fhXg)5{7^%wX8x&YQDup>A19a2|##d+bnj8Ix|HUSLmhhALM$@dR? zLfyA{+z$nx{xN8bHEAE|iNs4i-XL(YKn7#b4WN#kY!M>X^H<_a6oY^`bY7+?VZYV} z01T?c0Kou(Bm9~7e#LN)Fu##mtQ9K0G|u%f_2S>M{%`Z% zJvwzR9B|Pb#QRy^w7a(n?@341@TWnIERAuTS*@=1>Pes{)o#<-@|OsGef+IwcEBXX zkX;@lEDMD8Xlx?r7Ffs~I>0Wd26B!ikc$ixPdlGAlOM*LJ9!S&bbV>je5XBb!StCA%aEnkk=OJohfvo_T;-X-+Xk zdUx-z#1&jzppE0v=PSTDpd`#{ZjsJoEmvy)cFrU%s;bstVyOBbm#uywGFY|^TYB5u@{VVF(*Pl`_g->|?(&v76 z<%MRL%&p3yooszp(M)IKC^PK;&g{kl`S!Nyggnr?^=by!ldO?W^K?EQSEW+UyL3{I zIT#s+q_Y?tN^JJ-g6|zY>1F(c43ZAG+0=11b0lM@70y@ahX^6a8C-n($-vQD#5o&Q;o-imNJDxBy!m?Py15_lmj_0uyD^u z3v(9ry6=6h;x;I3_K-s>d*q~YEv$?7h?}O`0a|+g*#8*(5&vzIb&JmMin3SS=O)e_bYyT zQx5N{3_3@_YXbWNt7+tDc+W*QF-j)^u!qv|F8gyQ+7o-O-?H;eIum1gcClj#D@$9p z-X8^oICcuEGM66qmb8rAQ<$TzN>l}yZA&mSEC|0i^MhUp@CgdOm395Wu4ZlLPA32* zwPr9M5Y`Lzp+CfZzA8#qx0!*4tFVA8irFZR9iI2+-HPoguGl2)x`LNY45M&U)8eZw z{Ye~Gq;ae8vNSEtQtIR2XT-C31T60qjZ#|$IYsvMm1kyV9Of&jn+;U~{~X|7(djqW zBJR-@QKDddHsq(L6EXPwys!?om%3BrSukx6A&oDxj^xJ$zu52>#abZww)v~ciM=>n zSIol=7de7LGw)R-5k=jkGn>4<0haYh66*kcVml?+$5Ne1)i|?;4))CLfIc427YcO_ zc3`Jdq0MhUt>lT8RAi5692C&6kz4yTGB?th!W8ZP5~ZG}FGj?h0|W+h?@X1E(c*n_ z3&&>F^ajt&uVF>7i`ezdpUhH}!JZA~d|ozZJKL1KKXg42x35qoI_p$gZoY0EM^u;HZ%#xEvbC#NLuzlYi?Z5gL*vtn zQ_g{X>-i%`uh)VrBkakzZKc^FuOo|Ad)VS+L^7iGosY>LF{lPvpd*<^D>{l_15niI zl-!FGK(7UYcz5A&RZaQ+2seNKyOZ`)Q_m-aqixM+<6mX{_#I$F%k}6&09o&lF`xhG z*q1m(uml6v&*_j}JpPF!6g|j8B@j0I>+{89;;Oyj%^AYD2B`e4fFJJbpK#Vy|D!6m zskMb_lYoQ#NC2tu3LQYHBGd&040a=5!TaEoyc+;95>~n84p;&J{M>%IM&Mz7BpuEs0__K2 zmt3dhDKD?NMC!ZC%!7t?>Z@k&!0`x76k8()s|{#?W1NlN3>Gv-SW|;*0K210WB+0)SEoOrMC(72HPh95A76iLIZ-|9I8?0hpel*7}|A0d73*yVXaxCjK-P z$-jKp-;W2}SuVD0mYY6VDBgEN35 z;<}R;FM@1UYf)8K$AgV5nbn-QK)YwvSGBCGJ~PwblzQtePQY#po|}ecFTM3z#Q+__ z4qZnaZl4s|ecuqh0o;Vq8(pW5)+XIO; z$@hyouWR@~YVz)YD@HQUekzqJy}8C`GEWT)^AUDErIp}|Vd7bMZFd~yl~>y=>fmce zA8e6b&GR&}zF84gVw9!X**{wC!2jlcxeShlPQ<~Y$tDI$vViKU-_$#K1+SAyWNq%t z8cnTrd#h(N3AwYhcyl-oe)1e*#g?ov_36Cvfp3g5?h!wuGIHKpP*s*?*S~e3YE~YE z!@<#PtVxpxEJwjMx?0OG`@>Fg-`4tz*)ml|iy*y~EmbsRt(r%&wNq={5sI8)CPlAF z?O{^NSXxzE+ob>0JT; z=hY=tOOG0T8X`w03KE^zg?|UbH8TB&znm%1gjs~fL=t{vU@MD%YY1aJg6(CEw{np(&Z-Z@)C zljy}tO|!7A>`|1fyb+8&*lsFS-yq65qc>(9X$3X$EV4zi9OzJiUL7Skd~M1u#?6_g zuEPr)J?&v)gl zR88jaDl$oc4R<7)tlf(C_xYw(4wWbZEHnDEVQ@^mu3VRUXqb*|4mYP8(OMvbYLu{- zfW8h0hjyFbvzHL=lPyZC!3u>ilQjjeyDQN>7Frlh(_}1#8$T%pWIVaDz67I3HJGxB zTtr%a*Rqjj5+*8+EDL3#)?&01#aEn`?E#5PJQuJVgOv|S`Hy9p&m^`Jp?^4F$e=X? zf1n`lU+qt($1Y73PT|NbcVJ-fhA6|Sd{Jgn{fruDzf8@V3D_&{oPA(toGXC15>xL& z65T;GM10gCg?xF8+ySG0lLCFa)zNm70wQk8sU-T+vUTY77cqCddsi*whxT^)3P>tFiOSBqD0=gKMC!0g3rYs}hIU$S&sJNw?RgkOsc<;`3j9?IM= zDRe3!u!isb26jSY*d!1Bi24Are7vyShz#K*T4tSR#IY4jEc;p{u$hxmg%uy`x7 z!`>!Wl=sSjv<>>g^M2GbWi-O%(hDJYba^kOOOhVflt57J(D|PcY?>&2Eo%+npS6*j z13WY(yJg3L4L{5^6}HJtP;`zI-VC%Lrq@%xJB9tsvGt#(+BC~tQTqu-M7 z8w#=N&3GH*_-f8VgeDrD?1lzo_DYavX7lW5OdIXVab=>CrS;wEil7FnX$pnnf^0xj zl1Z&tPMDuT!D-fTe6TOIq5E05G^ez5=Lkb}D+1XZCC}d3zNAj#d&m(Ne4ByKB$gP- zhet5FAlxO9%_Dy5vnWz1D`b2)8Voiu=dO!jQ%Qaj6paO1ny07lI7l5N35!HYh;!F~ zsrlv-fZz^^@9}E*jp`sMu$zmWfa^$d=QDrT!_QYwOJDyj$zalwUGGC{075RQy6_gZ zhHsx~!0}}`tN0dxtzEj`czQ&L@QCBrfHk;CuVb5BZAMj1%_Q)04ha|%}3-D_BLfKVTF? zc;84h#LqMycQuec0ERU&;9{nC(_bWy3?`O=VI>0j+w62-?bCULfbVK4(p~~|-2G78 zmr;O(SAw{WDO*p#3pOz}76>41SFFF7AjVw?hxWH0FU0`j`WMHd(~+&n7hSvfDTG}U zlJ~}bKhqHRVqlZw1)$AM0X`Z4y?sCw+SyV`L88`R1W?u%nLrR}ol%l6;j>c>SL0I?mYdDn=yfLvk<_{=(Yel`zVZFaW1bUdqqpbbDPU*oazR)TzI+G=)D%B=?XJ7Inv+S! z3%7@}p$)eoS_#t|*H32yq#CRK`UH|Un?F4rfv@lc0EXLd4wUU8laB$gWA^WfUd$H{ z@jwqat@6t28mO`eL~o|!1A;H#L}x!@-8DoP0QKFDjy23y9R%9er`%P{rkN4Uu@q(- zfNH$;0^vvi_7a#q2mmso`2_IxV!?=Vew5w)@7U$lA)H*#_-r09w*zi%(;0z)-*rPH ztY14m{<|C561|+&xgWaSk$T*5I)3&~0w6Ya{{wh@g->hDm`-A09k$h9o>u^ZnWa1B zVUQ%?eoX(p?oP1)C~3`rMQ-V7Bx9ANc`gJ106!vj6^OkEu-EcMME$q8Sw0>85D`oN z+POl#GLmC{q(CutlO^at=SdMScGAM!yqcyD_%5T~b&R{I2J!LBSK;&cfUJ1S$oC*3!tMXZWN>)^1Ci9BF4j(>aDor$$g?ye% zl~#pnD<@;6>Y%XoVye;Elb&A3HW?~AKp>2bO-`|`*_2?;!MX4xW@d9DkrY3+SBBX! znIu!LJhZQj#!OUfuPGF1ic(21L~0BL1s$_kaQWN)++0-7w5itL_OLz2>mFbNg$;;c z4t_x)q$pQULs4Ofq;Yf{IJ(Ot_Gc#jq*3H!8N(6iXu6ss(`6n0*(TY_(47RrbE_@} zbTIx9VZpb_9Vk7uhws~ajPaFUc6_x_4yNYPbX~}O_2WRqcD@%XfxJMgfM;H9(kSU6 zo>*hZta(z~_0mKCiREw;2>sz7pnL1+Hky?1CajMwMlm-@zWZ%YQ=c zMO8LjRLu@$9^>6=5_rsqqI2RjEw0a=(xrK-ma&-ufHICg1o&zc(dJ{(lcom`|u9j>ih!2u%35cv@*?IS-! zyZg2eW`80(-X|yW_AdolP-6Bo5n;UEurWAVMw?;n*io)yzP5VO?91dR<3`=osft0n zydsnLFjMEsNhO)f8}j;_gc!e@c2e%Qq}R-Ho!@-^akBoke|r8!d{xImuRV*A1w_H4 z>~NUsp&n}7n%SDNBC0Kq!)u<#n)Ez`~oF+!{ z^7R;hr}E9e9uI}SPi7G~k$s8s9lBkF&F@xE)XC}-n}($afwf%)7YZ$Tqh!m=tGVg3 zGtOEi3DjDQ)bG#EBFRMx^MiA2q*oBF-_P-Y@1*y-OEZOA=?(oAHTaLNP0ac970 zwh`P}9l#(MDg$p3pc0HcaP-N@szPIk`=f>%%3wUi?Df&~^KP>$svpEm5Ubbm;D2iQ z?jleuB=46dEW9a(o`-Q(Bk{j>9=NzDM;zQKFLe%lLiC~t)alma<&oPcJJJF+6GGudUlL4huC2R}LQa_1!)r%-z@hFShf-YMs|)zf`vr zG<8o%`d$=LUTy*IfG31ULFhj7sJj2|Qux+NRRb`VF9A2>ZT$56a-s0P1vn|he$ssm zOi67vo9AnWzQ>)z5m6DZ0Puand(SBoOxkeH>K?y+^PTTUHQimO>o$5-eSz0obqRyd z)-|7HMwQrc{CO=FYZ)&x0#I?jX5^S$Y}PzJ?ALviSigF$s)1nGKL8>Y-GbB=(A4_z z^!(;3DSeOdivz%W80t;5hS@*=j>pSIg?pf~?KcVL>*(m5O6`2U4mu5J0rKCx7YnAo z^A17%2gyrcW<@wz_0c^O`m}8SaB|7d@4Ja??8iJ`ZE_J@(|WEBINN>CVtFP00q4w0 zx<6i#>p?p|N<993#VX}sK8b|%uWWvH*_lff@Kt}LK+02>K-vTl_P=Vn55YBuL8ci7 zc~?P-S!<%|{{7Ef;k@*R{Ks2(JIU1dVf*5kdd49MAISipMujE9tTEl*KOYMo2lGfOZ3)|@Tgecn}R8ao#R3p_7$xbSRe>xp!X*kFbM;%TP?aI%kez3n@|h)8+2&b*ut*(b!Z8P z;~i^;f6U<{=I7wgV1@gwVWId~@aQ46yq}f0aDW6OZ=2RL^NpAoy#A?#Q+>G zW`@x{by{Z)dWbiR9xI6CEdG*^gv4gy(T(CYg|0svahmp>QnXlw;whT!s$PMxu|86& z_I3e}4{kmRJn7CgwLpXw@?Sd(ffDjj@5^w`@jMYj-$4>nhxaCm62ff!RbML z9C`Wv)nc~rt(Us>ad*(YLASK_m=d|=nKYvqP%;YiDT0vmThupQ;xp+|qj4TqHnZ^T z_Gk1YFkNm&djkQY%v`_L<5RYv&v~=PY1DmmsPGrAxNXca`Vn7#JZW!ElqA#*fXpWr zSr-2A?*%b-uD+qqtg7Zvo=R>oJ=$|J*ujY(O(#eKXY}^ zw={_&S-GW@u;{`dQb9ancTIU6pf$BxDuHss{wZDi)5r(8U{-Z{`1Y?~4|kW@=eNcV zV|Gh-cT?F3CmS7pqTJ0s&9CHR&0ePQm8*v{Z*^Ro%DE7D9688dSNWvF4CMvbe~1Y8 z&viS|O5A?{osr8D`!vk!9T{2+7@^6d&z>F2DCZ~yL`EgHDn>+M)Kn1vY5Wgdac?Te^|skTbl_&~0mpUCLqv1CI!q%eB1^u`*gWo4P~1HR?I z6#CoIYt`3)Dl25fC~g17N3l5e&x2={irabPt^3tX+p3g!;AP>$-qe_*6{j#;v1;RZ zv99d5!2Ihurg|Ld(O-{+=gR?~%CC|7oOXve{Q{tm(>A7;&W-9cSATq8j=Ji}>f(%k zU)y`DC*6`Qh)ay7lIefy;G&abpJQL;+~i3bV}FL_5C_sG5E^=ubMb3S?Y+9LKGhbC z4Lim4Cf&^y5m@nT9svU`ZRmQiei%-WCWqXVf9}2{;1>e{p0$^y_D3==7w|43t#}7N2PZNL@MmbQ}kx zDXh}x;uo!S!^(<+ZR(Uo)6uA9ZHZ6hLuG)ROT4ryLdxVa-QzW#G7lgBG79NLnS90) zLSkNQ#urE0pji`%ue1Qv*Mco9EM}>HjIUuqLYB?2sq~x};w=B+9hz?OZ1Q0g4zdQL zLD6d*5#6z&Em?N$R4(SP`SnYSvBff^0QHRRs+mH1~#!PaasQDE@A{#-_U3z`nlmqsJ<)2h}3lAlX zFb-|u0ZZUl=N%TsInM)Jd^j+29&{Q zwCV&Z2R|vkjYV=_32$2%^0JTmRU%CzjqWnB@=(Y{$xr5U$PE6ODe(CstId$LVkD$z zp&_qk&eQqWewB%7Nf&IJxk{TDmkO0FX>Nj5xVjUAfs_vC8*PWG;%sEV&2c?%n8~3e z{}f^(XP@Ivx`?iv(9mZy;Lhd1|6W%mbB}}LO?K>$aHM>*9|G$w=nPbf z7V}rs!{)CEd?KHTXfA>q?6qK#KFxr!{~hL$xDX-X`*~}VQp>bpY4rZTBlx^II@)z( zM)i9k-(qVZW0lu)fp0g<@8jQn#tLKgmJ)c&BL_{U!fuI~EwJWTPs1BM&(W3Bnf@82 z738g@7;c}mKY7;qW56PzEXY}4>f&d1cH~dlC4YwlI{LDLGNf3(y5CH~eMXFSZH1@# z0lv$P5{sReyder%FLy%Q6qPi7=G~Qc&+`pr+5NC`Og~dqJzeYZ7R^bw_Bx_-bTXO1 zG79na^>vLZOaG<2nZ~=&N|CP3ZV_m*Vwl>f&i<3r3^Joj{Tm|jtE&-4aeXikk}Xyk zXlq)}ikamow%2kR%jSkie%UeJr^8PT_LcJ>)3PbAhfeHwz4pm=AkVudxVh~B-umUb zIJpvULK4 zb535UUu(p|6k0^!*-`Lw0kss(fc`f|>ZK_#y1hQ7G14xQwR&2OK$T9R>-EpbFY$Za zvV<)~awPp9hI{>BFzr-F?*7fH0Du?Y@Ia!djCT==X>q)EKF?MOH2!@+qEyew z)xTAcq}|Y!MAzNd1BWvu6TXe9Gvklr&4K)#|ADPL1b#c3uJyVFja=Y9-nwiw3K;uF zfnyEcBpYK2P)Nf(Z+VsjGJJ69^;x4$obV(0pYM^ta3UFyQbA}PUKka4eYNe10tKI0 zw{dW^=hn6(b<8~Yl)LEVMx;}Ak8rRfUG|3Gs=Wn|{oZcgozZ9D&1*!pJFq+bjCD?T zLX9?@+BoA;#DR02=vnHf-$_M>r6fkVwdec^3mYcwg(adaSz4vg?A&S46M2`h&2f;9 z!5IHXn;2Zh(Rp1kNaf=r^z{}V(0Djh;Kk>VDOX|zBCgq@W9$(swkD2}25x_&d~>yR zGh1~p*ygXTBn4&YXPGn%ohnw#gav$hneI0@{#W%ViE=3WjB8LwBq}m&onl`VEj)EL>P(~$&gR({Dg$x6G@4~ zdb*pM?mZ*lcG!If$i0TIf9lezcpn|s(#cHYRb56#4xLXcv%lK#bLq;Yj;~d@XMC-C zCfU?FaHuvI|&Zlv$)`=Y8$aN~T;rv3a{TQLrJZ-=`K@91bby?DX>di>b9 z^q9*q^jb(sN{-5$Zp!HM2`S!_y*}Y7)f!`UI6-@>JQ`D)?R0DXP5Y32V4dU_P@}5X zeCE2|gi&r(Nx5fxxsw{J(WG#G_O(y95QbTxP|#3fPktKNp_vU3yvTvt_B_wmwjQfq zn}G~W4#t7swN-~{6NX1-M?^+ltgkwGJSD6&E9%S9t>`O5%7ghnb+uC8WIoz_&UUn4 zL)vbDzMwnNx%5itdL6EkkvNq#Th9F>Td2k<)6QpW3V!NLpu;Y6$)l;9qeOfp9o1$} z%)ah_PL51W4vxG8Y!USWXvr zOZ@wV>0;GZ;StE=C-4%gs#cnvZFgl`I&|JDn51pv1`Fxq0R6ZV0Kev2Wg~`k8ezdF zvy!;}4_j{?6y+N~YLk)zOM`TSEFdAZAmGx1uzo2 zormx5J@3ppb9VO6oq2Zeo%zK5x$okn1FPDbYomvqN}s>aA9f-rE)$Hd z5()o^(?tVh^t(pilTY`fJ9Cx3TL-rp;}1m-r+b70jjnu2^vCTTHCggSmyBfRl}#k|BoL0)@ASQo~wOWpwO4f z&wFns>@^DHBm`awFMT6Ujhy+=w~tvhVfwFx9Q#D)o!h#8^dy)G!p&f(ctBcG%CK~E zRTm4lnjsCMVsbj*^laL2yz|=4eD}ue=N4VK=X&e!iY?+yr+Kf`^znaF_@RwLGL0N? zm#DPXlE_>2o!=nY`dKmTp+B5_R73(E+cyn+v`06bhfu13;{U4?Rlz5fr46>&w{5RHUg|+f-Er0nc);>}zeE0-qV>Z1wSCnGc&wa;Rso9CX z1XDXJZ}vWlOPcT8K=>(dg?agex3zM*&LhOXjvfyT@EM;xZS-Ii)%(~r$V}|fX4JM` zu!zpqXb+mS<|bJ`VfYleVM4cj4W6t|Ch2s&aZz1kJbMbO=`TE5)2#|EC8#FhXnA2h zih>%r&sEjYAiEVm2|?p+sd^!j{Ho{Q@jCDS<2RByRsH zK!&R<@D}X8Gmf2qKcUzCgzH!Pa{C#Bvh;yLF?O|N1HHB4O#STM_N(!5uhxRONm>w+ z99o_rBky*wrOjIabvt;zMx>JMWQ(@7H!Q$g(B!G7t*QZtiO7Z1kfKDnT-o*eVzYT+ z+3_1e5w5i>%czN(m$I|7S^Yg3*?}-EJn8F~dyS$3DD4&sDo$As|=ndrXzToLsSZ@b?x^SHuY>6>I{TI zC7x#fkyMJd=v*%RL*B8Vq8WtR>A@oG`F-n2EIT-;VP>Ia#IT6#SxM%LT)D>g=joz!?aJske-JzA#V-PG;Yk7%%6UzY}f%|*VT62-dVL^W{l)Nms* zk?JC!>o{xE)F^YJb;G5V)U=-abyN&bE~&kKcRW3AqsxD9tVwq1YHLj)bQKovPqTPuANu6u)mLVP_*fNA>~`y_@H?L*J$|BjJ`4uo7I^qU ztR3_N*J6zRLD=CTOJZC~S9%u&mApiTZIe;BChTXn2qdU1%IaqAsAp`Zd0-kk-jF_* z{M;heh-$=hC!?s~-&XHYub@hRuG-?lSP`2NDAoPo{_xPwaADm|1EH6em82Cx!zNev zy2QtJ=L#}o$`LjEyXcHhrT?|LAD>q6BIIo-PHrj@MS|T0+)H;3;JBYGzOL%G}QQ{IGRj$t^9J>Vj zSrqqb=~0;;6avwZ;fxivi=bLp8-a8DWZZHK3-a`UYR;ro%zqqqHy{VYiada3yGgVq z#gid0RM>(ul)o8t%N#yCje*{?C&Ujd=4DK#}u@s?kPa&Tft zsgaRIT7N%!?Jr&P)xaYmr}hK2b$q^@smK&1Xrh~YNn%98FOxG8LzdMb6-PyAhb4%= zOFSiNOh{*5saId)S$+~6@X z4Z?ii_<*DtSX*^N1Y%Ks{&~B=ZK6-JvQNXx>ikwfndL0ZdwF_ZD%shZ{FkN+RCxNB z?YfZvWv)taisT4*x9;P$cfaGc3Io+kNn6G0lsIat5Io`%!#_6P?CBmHqhwQOXsRuI z(8t<_hi=_|HpFdhwdrJ9#3z24=^&~SaQn5&MPA-Ly zcPKWI(!#w@Adt`b{=a<2GG%`opLM7f>nO4ABuXV zT#{n(7rbrt4Z|Rx$n1ZbU@Yai@}}0gcO%rD8mEUZsOk;mtf%D4Nv^)w>XqDR-q+u0Wl$tYv@# z=(2&J_rup7;KXoucb+)Xou`00L#iBezub9e6rNVNb$MQ z)dN#$thaXNQ`}}*&n9O=JTkCY%w%GHJ$aYdsQUKKRCAWzz{bxLi>tNnxhVQ}+oJcZ zdU|FRCEJzdzNZu3I@9n~_f6Vx{$v#)f(B&K)K%WxC#j6hw2o_c-8oy5zfQL0V5{nr zu1d58jvSJMbcx{q}O-zrI&lwn@dTp2oNQt#^;!7S3;{WuRzV%Hw;v2hI`T=!9e&6rWj0NF5rzP$pupjN8>PArtM$L8JTu}P~7qG09B4zX^{^FO`tbm<%nPQX5j-A#x^RA){4$aPOVMJjzI31^QA&I>3>6RiA>L99eZpaAD^tAdD`tstAkl<5OmH!Xez~?1rTK6Qyhifwctx zkxPWF?Da-0jswS;M@P%Wp}2lIBA*q0`%L*Lxy8z7;BTwto2ADQElFW%8T6Yjdf9-0R=pJ^zNW%Tm;|JRD&$8*xivTzOvqx% zVj!?dHtH32*=;ilbneH6UketfL75XZO0xGDU5!+>k_aM2a9m`{Xpk@Q;B)%(DZ4sE z>uLu6fx)C)2KKDod|_l5Ny%O$i>gV0pS)fl9|oHr^`8K|wRUx~GMT5l=T2n)!LKt# ze_8OK7&n^9;{gt)vbvcr?@}@e4nNmK(_A%1W=ir5N&Sg-XRFPU@i=m+CH1Z?#*Lge z-|{Zx!W4vRkvuXb+d(d_7?8ObJAvbtR!q4tu&7F0tKI=Y%$f(hsMR7f3iQFU8ikV^ z9i^jzEda&_5)vT1Q1Oh1E#1|n7g-P&gqBF<2RREXuigO&(9&21XNb1 zS&ueFe2!$Dr`>1MtVU^z<<<<~`%Htnz2}r}g!&U+)TI=zX}z*aBsIAxL0+S_w4C~b zwblX?o{wPme}AzuEI_8u+G#6t=GNYWRpbVL&o!a?_Me1xd&=e(0+x`?y%T;2%O?e= zCjN~^^&JzZlEvdRrWo{zpu9K!7`{|M%0Kc{FhQTQ)onlXcMAzLp;=W+ORrYrfc!;C z@j!lorL-X4bC#gx4B5%g>7aEcRkE(y5(agw`4~U2nwPR(-xDY8dAqAfe2PyB3yzF~ z3(Q=d$aQ}lzr|mu#_iVn=%6M&;l-r^O)|N#T-Q(D>dBVs2}>tXv(lN-(Xs)}Vp|Em zt_iK4!SeT9BV}orZen2Elv6)bjrJ{XGS(myHh)F8WI`FES$3_0e^Y}GO&4%v>ED^* zq~LV6b_qI}^V!>-{&TSxa^hA^AG z_N+wsPV+@a+3?g>$)eaeiBdL)D3%}^Q#DV~-|4QFs^rwg6(w+-MpZz{2?bZfjUc;wKB&@rer$ ztJ)_>R zqmeLseHL*C)S)VOglo>&|7U#t&!BicJvaA67>zmqkYDu7hWu24V5Qss;nwJg2B%rt z>f#mj%d5tHnJKxM*p%XwSaH&z?1Hf=W-%EiTxeYw7pruns#|I>>sBevdRc5p#j-m| z_xeljZ;G*UsSN$7e{|P+YOw^Fn2tu8HgZkfh_dcHnI9&l871mJS|1uFWLSvm+YOpH zT_||kV(`C8jBODe#4wK4O7;;oj;oHl6iY~j`?Rz{{QO)!-90aWqaw)tb6fTr+qw7w zl(~V;i*-=9UMdN*%NK41#T-uJJ7vWT1B@hhPw^e%PIF`1OeFS)F+Xik0IKU^2+9k- zM4~5CysG@&w6Y1Y`>#JgtxO&Gx1QCl_i5H#zibGPL2v1HEC1}x)X=KP};Nb~UlxPH0hNipU?;KDgp=(o!4RQA4fqjSz65m8o3iSb+Bw5(eDoDZ*EPphTb9d{^UemF7GSDrunVEua|K2 zog9Dm{`;YGZ){Co$6A1hDRrSJ%+||c)p4=4zxkqnMpc5Y)pa7_qxat1B3*Ns30cVy zQ#293xV0v0QMzvEGn9nbk-#v8C$Aj>8#NvB4|Mrt>X-G-HCYIKqnFoXe5@>SYv;Ah z5P^;i7;Sp!GOSFlQIx+tk(6C=V&D`tq95x+31OQdQ9*+E`Y(lO$iZROJ2=KcMgsg6 z;!6tjV}JJc{@6ONm#wc)WtwwMme0@bvFY)h^MAx{Fn5$mPx1p`A>hiBlvwKHJF}b0C>_xNmKFL_d*edV% zIHIR8F|~oq%YiQajn;dEXKTpvv(8Dl9%tyHcy)2XNa*X5zjf)|;>=5n#%d%dULp=OP?qC^%v=dCUS6X} zZEqlz$5+U(wh-+XETK)=@^$sVOz7bI_4QU8T@+RZqJd{$c5C7wi_SJOl;UsXMoWcz zPLWt65Obdsa}nXpn}OoiooYG~M4Xauf$E3t;`dJuFNcJ%PM+6l<{hwM?oZ zF(%AQ(2s>fhx8Dpr!24hVAa9BIjhY;M^9gAvEK2cy^G^N#0T%q*)0)ZQM^*bQfN<3NK7>BSPF?fNpU#qhJMzsfX`#QZ5v z9Wpm|6MOGSyLstxK>mzjVOjVrQz-qY7XtNv9_WKFFI4P>i2 z3o`^jjKIkk+D&x7x=gkhw^~TyIW3aTBml40ShC>E|BUv>52{zx;#+6B{zD6rv%)G| z8E?92(oMQ4uf_O?W?%d8ov84sfUqb9rx^9rg*1svX(at-s48gO^m@N;a_r!d#pw+> zwMnF`M!u%w{mUCZ?Jt-yE=lx5v~L{lZoNr^&XVc){FP7fYAJmCA1jJ1!+7MWzo4oC z!u2)6|Bx@h*v#}$$AcpIuMKq{4~8M-MgK0XfLi9b_bZQxx)_0vf)v4sDU7~0Oa_3t z#j^?D;a19S#WGz>lhwpyQt&+g$qaj@S^#X_5gS*CX&L5+eSftJXW)We_P zJ7PWXH?5na$K=%fB46OkCSk00-DVh>3RR+FR{&|1lq&tKb?jY|_ql1Xr2+}&%S)U) zo#YZr^KC6weRa%arvZ(a8GTvJTwmsdbO^O$L5vwN&eLK<$4BW^tt>mAxOIAbb8cys zSfVYY2;D;RX%!HlS8qClWl1d7{lQk=8x9{fTA;`V!gtLIa;7&gafFy&MbFyoXk$A@ zWD~)@MZdOe{PHw}h>GE<&P&(MsgDM7g#O~D%6%)TsyzRe?%Qml^8xp5If|Z@MIUQ- zndb@!gGG}wU_~X2pUg{z)Z;kw&mJ;X0`0!J^?B`pyq){5gvmZCCCWt1_cWcaht+@n z5)9bT6La>z=Pan$Gu(kB$Y>#=?c5Fwa)M4*+8g0SFQrJ@Tiq|h0*ohmZ@0F#){k=Z z#Ayg>Rb`bxx-C~z8sOBy&O{8Z6A0;18#+Ackk7{3{)B(L)I&03e|5=M zustPGxFFt6FR}K_P|FfrpO{;4p)*%s?_)?_`_myTx>oRGbE|}0&(xo*qobT@2MArn zWY-zZnc2$Xa&<=?(ci1KWZm)t(zEg{M&@6#JtGn_J1nKcHIkA%<@Hk7CGn-ec?K?} z5P$$Q2M1aslpnD0<`@X?2Vvd<7G@0W@L6|93-HzaBy=p=(AbIYNS{XTMaS^^ax!Rr3Iy>4Tl`215-+EzjE+cmB?ha`@so@Dy zZf=%P&2qmG04|x>svFE9Y!NT%2|yDq^|PQnlTw-@i&BQM;bY|1x)U6Ntv*5BndNl| zS8{*2yI|kGI=hpPXusKJ?JQ9(eh#eMJu=Y8 zlA&f`p5{8^!ekqWH%v%iPN$Eox@d6n43Fg@4 zDn2@VYsc1-<;YZB?!6o*{Gpg$KRx_@v z=GU_3LHU4AgoQdhIFO53z(oflaASvFIaJ$Mcc+}1yovQzbpP(A(zTiJ^$jZfOfma?`P=a8lsibTvinKTT!DIDEuaZ z=Nk)Q*`28D4AZ#?F2tB0me~VkI7cul9{t8PEId5csd0HbB}wRQ@9N7bqfF~QhbVeS zLOjSxy)-N(Zq-rJ9k-4YcU1W8`QiK%|3gi-f3tJWoN(C$87%lg1zbVP*)=?NImAq; zArcne?QziBCd`tD5I=TRC@P4q`MO~$ogG)%uT`x^kP<@&U`v9?SGHYW~UN$9Y!I@^C#iA=%*^%}&Lb-^`*!CY1 znHZ;r35y_qA#kt^;JV7Na!S+4W=O6i*z!uD3eW>lR$|;N74n;OLIx;*EyP^)$z}CS zd-oHbH24dmLP7~cANZaIo}S9Jrk#a-L6R4QA>}9%c{cEC zKA@zHx_{gxW!W;+44r#9b0uB18t)lXS_;B%3dRf=qTz^!34X$5&Sa1YYbg(Fceh$< zZEQ##o|7lR>3hz@D47b4jrO0w>$Rg``aI!Jq%~vOkt!RzhZ&2dp~;{b^XEva#uZ(= zl&!l3k=Zx}hFi5a5=hoNm)4e6l%F9BK4w_ugoQePThm194h^?1QZx$pTfDSd2V>sF ze)0d3OUKSyKT8wZR(RLG_=WJ(G75|B-8%3(`Z0o3jOx!T<=(U~7(;W1Vm19VQ0N&$3CWXB3I4)B|wPt5Xqrg2qNy2Cd=hH@UsJ zS)OH^j^Mxh`yv)w2&7?=gW>g`Kku9939+m)2$DJZ$V@mT+UT}Dv)n_+%yk_`>t`V{ z$}g-y_7EDRyW#8J zyaxo8`+%H&e<}B@1B>NiWqfBc?ej-Yr6EDiV5^Ipo6v5SqLcXyvGEfxl6b<7>vb&p z_N`4%|N0r#O-CKy7jJnDY0et1fpJjL$shTmFceyyBy*whVekKrR6hLIhn{u6GXgFg z0=MFMZvpqnIp7#OFp&R)rS<*X>ic=b_sfX?0K)RVr}A?XO|!1v$6j1XSG;$Vymx?B zw(ITP^xL~y-}7;wfuwb#e>_z9-S$x&{eAY7x!dzK?#+!nbrf9{ygR` z1M{gqTF}5R%>?DAS%0>^6Y6lu!bty-mmJ81U^;NT>FKZZ-kx6^R$QQaPk;YGe{pG(VvLxM>HOtwzSF{u@*!+jJXdTM7X}{Jvf6x7`tf&Lqha{^f-lyHBQn_f zM=RRi>h9<7G`Trm5)iK{e*avJ8KU~x2}=XA#sIxql3B->=9`QaZCjE)%AY6=C!)e? ze?Fvlcx-$SdwmrAxxCj{FNYKF#SAhcUn}37I4sOoHFujxZFB@%9lxinXyRSC(t+*H zWZm>uHk0?Ngr;Mw8n`g=s4+YLpLhZ_HT8A%GJ-=VP4{I+)VzK)njI8dR&$swps+_v ziE7_)X4dok=||3%luO}p^IiPC!)nXgBpDeftT4dxb9Qq93b*kfp3s6zT%-FC1Q%M-{)o2OIKAEVURk`1W*WR3LbKU#UX z)FG_ zQ&4UXz3t)d+uwXvI#lA!bycM5WE*N`BSNg6iZIV-=PR&(E!^w^aoAdWh*{4}sc;y| zh$oUsUMjp4TVZF#=Ofg6i)=&7K_JFMOO})s4#T zQHc+fC{&Ri%W1m5O@-F4w%cYhYYtQ?PMraf#(>vRzMjC{MK?ZpK+1`5TwF$ql#Wln z;-E)wv!a+Z+$qXE6NqS7dR7e;xy{1GVL_krpk+3gd2~pAZFN)R-VtzQ5D1ZraKRC+ zm5f3~ErL*f6*!ccinPaSX|E}>ydqd+qtyZ(((+X0bYjq&F(pgl`lg~NlGJ}HDXEnvYit#9p%wBH=>XC(1HPJQl(_5#_u3jrFiKh{N3vzLp+KhY-v{WVd$pv z{_<_dF>*98k(k$3wVXLo_cCe4+u1ce7rb{ny@+d^N?4#u81+_p2Xy)Be)z!P`{H9w zSoPTA`uyAO_u1|Dxp4J$)mHP_-}KoR_B|2yeUw%#UKSs0w7=RobA8xfy*p0&ehUEC z^R&Fo`{)5PeR8nEId7`?lZrmUjsMR+7F? zSioJfVdOz3eNMRS@h8rp zV_d;bwPq^MP>r@*TeaONWRCafZ`#ot6fc5;1CaKX&zZxk5=-L;T=fKN>3&urB{=97 z%D_canp^l7ExJMR(>#nQW%6P2#R#`gEoP`tHGI^ruxu%o%(pKCpvmrb5l`rLSM5CS zpR;l>#u5$!Rn>PIK4<)#HpQ>7D=d0hv*_Sr$(SV z>&_1~;2DLOkP>PLV+z5LT+x`Hq8}Y9o?8>6*R7yRJQFuQ&M-7Nt zH?&G;g=YZ_P@%6WJ+*VcBwTFI*>a9j#w9unUuX3$?%_Sd@Z=8qa>NqG@c#0LdF@Dl z;caV5N_l(1nqcR&=$s+y2D6N(e2jj1kl2*5iK@ z7OCp{GVwf`#e`kjUh3b9Csv*<1^?3@rJ5$#UFGF?9PlFA8k>Dl!cgHkYx$l?$*57L zwvwEIptbfijI_7vTGWs~pXPO`3_4}Gdo z^mf}q&DMKn^gcCooz9;FR~hZuMP{xH37SjZd=@Bu7o$FnoCStFDZFW2bh1n|b|6dj zvM1I`_7wckd{=f^G^G}WpkUX=*-_MR89@bU5ggh~IMno90>%D`K;}GcOtks={`{@K z#Fco>dvn4-`UqV!j#QBUsJfCV*KbFO#=;`M#xS~-qOC$wX`QB=Fzh9L28)Ldkxwxb zpQ=NRJTK%vaHY0;hVUNzn07yFBzwW#!zwgco!j@-VHkrx&H~Eg$dHM?4$8;fS|2bO z$iNNgL9*+o7hEA^FNX z|8?73jm@p$hl7KMAKD#a^hP6CrKQXZS3&=2@68i*Tjp_I88B;0^uZVIZWo zH(Bf~0MWLUchmhk>*3gQwl&`20coN;_Uf3~_p0__iH=PozE!&s%N6fH)+se2tQ5iB zdS>SqMha+fe`jzh5xAu>vCH>cfTMPH4{k8sYug zh3~_~!|dv{p3wo;{rT$sBCr>*|HzN^y?*gPNCx*3s4i5z`Gwe?&U?%sXOX39J#kn9P;J?x{!~FeUcJpV?xNpH=?x#*vsY zAdQT~l%RfpX!$Jjt-kp;X%-n`HM%ctuG9uE;?4O9k*l;)e72)y@jM0jb_Ab|qMxO}ISb+$ zIEejt(i_@&e-lM(^bU=t|5D7Y$RpL(0=-l&NJ2e$PQ0DPh5_`pts6_>+Au4&4T)i;^PhjZO`brCQtS&!kJU~DPYWelX$X|RC-dpaQ?Jm%D|mye z#pk%_5{Omx%!6I~V3RovR@X7D0fn{&{DqFZ6O=NZ&9hRtC6yl|Rn zaIJS*dx-5<`8HiY%m~$5DgvqA2XDZ8jry*w@^!lL96yMO_|4C-P%ipV5>XOmVn;N} zF5Ot3`r=>;{1e!8*-qKb{l$LM&c3HcW=cwidUw-K4K`lP;YUPB#-hD^cJO>k;03^E zv(b~!D+E^2N}Bo?W0;6~tmak@vQ(BKJ}f1|r8GFm*u(^Urh<;vO;ec2VQ-nPqxF?l zNM(`CH900QBNj%C+8RIU&ryWI4t~PjCG zEO=w5%__r*JJW3T5z!}$lMZ_sniiqJSrCk~$wHh(^TwE{L@9BiL$A@ryhK2V_hx+z zVCLPmu71B+@pR?pNx8Z0LSsc}pnX+l1R2sb0>^H*`tn#7Uw)#-Ik2Xv*Hi84ty)@m zxc}$7Sh1nYT|Z2KR%b(jDLKSxc>d05^PKj=dbQd7q+#M?-TQt5#7c|%RN`ow{L}Ff zLHNQ1hmZ=f+?cz*mSoI;$XR)gUN@Ux5EvK@U@TLKj9rTIi?x=D+b$1i06Y zBwat?edWFM!GnX8DEi5N^1`X`1ip?77K$kuk4BWt*OzIfEX8zsbwty z?~zFR3XlU{4SrZ#c?syxK|cJ0Cl5%BBCNA#7pPx0HmY_RweIPS=njMj={q;P)h2h@ zT~;3-GnL#oj=*oSo^w7@wswCTd*an)Q@7fT^!F3N!OvTzC&Zk?oe65$3c^~?=O}1p zV8FwYaU_-ufh{`3g%j5%*$dNAFe$zf5XEUzT>3)Ys2U`yScEx*VH#S3>qymDfYnLO z$j1?(Rm0q@jh4psjl9P6_l(@Hf#vl1IDOw>7RM!PRk4@&l1xatv`}4)G`HO zJfAtB*q%M}DYj!55q}}I4{rnGnnaU=B?>9yHD;Tt(Q|GGgHZH1{xywM%a5xGg)(H9 zBBYOL#D%j%ifbYUX?ajUno2~KfmC2_GQ?k8;@D^`eOd*2cF>kN{B^*uW&G@+8ck-R zh)(tJE`#Lq-?_v(WF9yla9`*+b_RzTBm3<9u^oHsxCVY;d#mGG*fnv*QLgpiI$8R$ zpO5tLC9^Rp>AF4XA##0=D7OGHIF@F=BI(TVoJ*;dip8!?bE{JpQkyhf6O6BP4*iN>sR0n>Dd#4{2rMKR;Txa z@ykM#q1j3YtVIp$U&u%{}z z3KO57X*%sb87tXT^N0>H5Gmdo{>NY&PYv376G0UQQ}PdBQ`_pZS>(^Npca1D*-3XP zv2?8zp!fxML^UA3_3vLus>)ETN6+N60bof7Ij7q*j+EBh+@q#7xYB z#llHVW{x4#7y-~oQ#W zAMkT^gNB0>l+WWrQ@|CAjo;+Y(1k!Ep=84Bo6!AT|pwEBl24$4T6Qf}w`VLu$`JbSdMRcG%U)h}*7gus@ zo2?C^vH@pex1Lpr?9a7N2EP&v(@+n6@wZSwxPWC)<2eENeGa~99G)g8wLwoG-8GG5ihCDgGg-f#s@^j ze;H?_#In6b0pW?hQGo^prH^oH3b!;oYXoCcTNNtM384TE8Y8IgPl{a;D0na8(}QXR zQ3g2KKjRiwC#m-L2<|8Dw{B*p%clWOP^W?W8|##tiHDW5`cGbtF1GvYQ6k4TfKvw` zoQ=LwiSuq-Vo9+v+erlLy*zmJND9>5Mv4BRz1caZ$ASfgt zqE^lnSrz=4jTD3)fX+_G7TgznW~xP^2wi~{sfE?aF==R8QBVC+ds8$d=#%;<tqkHb*_C(uidj$~FJu2fKso}r}#8El``riHi!To+DtvG?i=}&-Lw*!2< z?fZ%(&r0UnkV21oa6p=8biYt}w*dIu z>^CzWxqb(axV_d*65+`oj}Th`@N*70jO;s6v6cW3I)LFDd-T0Mdi4NI-n+K%@_7>g z@iz1EcMd(TgaAfx`n!Mf=zz7ZqsnHn;gLK3C|B3gHaL4Uva<5JD^{rsyZuUSq?B{J zIp2Gvxi$g>xtxq0+K0~TW58wi@c63%3*N}CGOz{T)zt-%r@LTm(zm@vx4n-Tx-faj??-+wK>cd~_~>7Y_5pLz%{lO# z<6&OkF~`i>ANcyq^%CR3XFRPf^Hu~Csd4|dzg0?}j0imL`j3r_=mWmj$DO8CKnGYZ zYT8PBMfh+?nD)|Uq1(V`WJC8Ld1llN(CF5-70~sJ@OU>fXl2xbDu2X8^c3T<}k+1B>v9X^Caf;Sx zLhZPvI;xpsjRfZ|USG$LZ{H987wg0$pl zV-Sit9N=%)1-#a#Hv-wOu#y>E`=%w!cW2|w@=)#xrGVBv)L8?>LrWbwgE`PgW-h2+ z%XFDoN})X|vRN@>782=idzN>kE zF#Mc}X}2$(h3_)wCzQC7@<|{KhD>(uOjfIE($HJlRDYan=Ihi1;}rpcr4UZ~A}0fO zfv+V>N?m3D>PfEsX+yp-MQ~4!3o#YXEP%A|@W)1z`u`j?C8#r}D_Tauh(V}~wqgoG zP})d6C)Co4?VKfL7Q`4nQ%JW#;O(fCX+>er`ZHSghykey^7V=ErMlq7Pim^K>Cx(u zy)r)*#L$Re_%A=7NLL6rf7a&es2u?#si@dQyc=u~YqQWV&&F#xcWd)H7%R9T?=O$3 zMHzu2gNs3lJw%A;*PW!Q+k(|ZlT|@jXw;S$s&5W6qimm7bPG1~z3YuYOeZf??OuHI z_M6W6t@al~OhYSJOdvF-rnULUOcx%V&<^$?bT{XmeulnhqzoJGHSqI2k;EEV?=e?9 zt(7J>8dG{K)J04GmDh*QGP&;$g(!&)OO-n2xC27fd1T^$*tqTW^R<+Uf1_4YDs~r7 zrm}=j&$Oz#?&`N~uH3kAgL%LSRlG(^)&CH+d2N7P%===#rixE|(MlI!acGc!Zu5UzF9fHaV{0S5I~x$2JI-;z@- zs=96_Cblk%iNTQ6dDrjgFGnLg<_6r{mz-_pws+sGd{~@CCxjgOd0$WosVG6Ewif>W zW%Uc6M~*HcU)roxzrXE%Xus*$i^xk66mR7-Or?sV7@Stfhkf1Q7x!@dUGGaCGf-F2dEOC;|T-DNiDYDgc zWLG~ZMf7V@QonKp#;_=8LZ>zTB!67Ss|$KY{99}C;TyKH>i*B)1bZX=Bz_G}+}5gc zZ_>kv3sDXQ3#+S>RTC_31?3kT9+QTK(gDB@1%T!0GnfAWxT));BKtC6Og)+d(CY30 zX*>=Hh^8oy0##oCJA($$*^F)h;;0aT2tW*#1mNukK=k}JewVR&mGNlYe(Q4_2cXQm zDs~JH11Q>nQEuB-VVcV#mMDNsH988{P6tePt5;*L1g~xn0lqEHBWo4l+g{KE8Smue zM6c0SYlaZenggThOzX{5c1eKC{(Y6;aVYH7!%TPNPw0ix320ppA5|YHj}Q3|ArC;; zu-A5hG68tZr>6Cgq_z##N7o-Pc7FiS@~sxBk6I5P->y7zZy(Jbuj#LUJ|g^pJoV^C ze+IE0)kC=~U%f7WM4pa6+>XBw`r~(&dg^xrX#0xv9R^t+6K5}l5jPWihSMZa7XaEn zcCU2+P+$A%rWQcSN)(&|B3s^jE6e{$kGxZ=ukKDC^KqqH?{hko-~6v$`2v+fi0F-=(R`wCIH=;ue8?xP%Cc*(9?4=~0C2M2$E{Gply(6_0~4T~{|hRxR7 zbG;`?ZqH1CroqjQ$DJxBd^n zft>$xAccX`1h5Q^K%NG`e@{9e?`=O81b{%LRruIzZg@kYY_PT7>ufg}(z*QTCEOPk zowIr{RLPRS-%6cBty(Nwy(AXCgFNQG7hkjHDI31KcKe~XQ#K$%?~Vrd=A@}T8Xd9f z5K>gGuYK90qMlyin!jV$W~xe!>d$aqFe9ioLwx>*@k~?M9;^~K@rkw@^t&<6vhhvX zzL~RY=C>~EnZtVHm{YcXZjzVbg7`7LhMQ|%5M%WmGl&!#x*(m|?<%RM$NF#kS-_ai zaalpXzO4wfeN4C|lS2W&yYo&FJ$<+Hj&lmdqt$auUPz4~ltg`u6R4%Sp(bCc7+C!} zJw1*4JPCAm)4O#|i=O$R6H`2WJ<345h${|p>8fAg?MrM=gtfRdKM(ff7F9L{O+WR1 zs;M2O@tb9dMU@jo!j8H|RD|1^Tv^O4&XxZ(=nH#U7*JbW4Rqmf zeHvHszKlRw{n1$L&)IpYp|%@5_>7u!CYmUDx!moV&b%|>(K!TyA1B2q3^|wLPU;9i zN8vOVd`e?-;rIYoNj?Q;9t(vYwf0pcS+eW!Fy|5SKzkiNbhU@45s;C5-JKu zB#oahM=a&&j?WXG+8D+xGn{^Ai8VuJxFFU#VKDd*)b7H#;Q1W_km zZ*3na^*!e?fAcbax>$TEq>-|>WsvbgwZ~34@P#@POduJRe21m!LX6EcI>?h>I=Kvf zh4$QTC%X|e;&tg4rBNn>eYR%V^sHBC1VxF{U`~A~u5vkf`Nt=^QgV+hOxa2&`U4I& z7Y7W!JvoNL4*j8&U@|qm5{MFaDH56CtPJ!|;;uYkuuDcF3}zYT2B91Ol8R0!w$_P$ zo|dIpn>Wq!f*C;?q0KT!k)@sUptI`H_hDoRrlhs~BpV)P_D{jcsXmu63;Oe6W<(Rr zqo@2jYz@LK5{u1p^cVCNKeFPfHXfP);Ds%uW~B`zmM8mH?5tjfF#Nk}@@_;?SzU`9 zWE-~BhC$VST_L_^ZChH6AC5gf`qg0p*Olno{F}t9dBkuRcZ7oJ>dWuWNE4ey7lS!x zgE4oLsav3BOlF{|Y8O{NV^E9p?A(2Af*PudaK)y}`|m!^+}~2Mlb>4WEb;L$FYZK!Z$$=I-vI|BI@# z4vISL-ag%30@96iNF&|dNJ)3P!V*e1NOvmT-64%2EK<@-htl2g`|k71GxNSP{NV`0 zhU-t=5+IfP8tBu652_l0Q}=h*b#pBg`w2P_<#)UeOyPH6#q$|93A#Oi zanIGV1)#vMg@MN30Z(8!9v0gAa;foh2|R)r(1*cMcmtX2RNgd!YmX3s!JfVLc~(mS zUg%#@vby-yEG)xafy&1^r+IGxprrhG>!ziA2RNrb0j*foF_a2cv>JeX^>GLU-g}oX z-v_{tz_$TV^%LNSmw|Zo5&C$n#XkVcM5PjSZv0w+@cPY+04Y#&VQsLW_vwC(xFLrL z*Uh#2FM#CE^=^k%!v}z*bY)%CuO@zY+HB48M&->0i&_UZCIC` zGA*BX65q(=X6@x{jZroK{MH}?HL#~U7dhEkt3y{4Y9tz|^kfHL$KE~9p+)i=7ft|^FlHz~@^4ry?T_9XDX6(4z22rUK? zy9u@6UaRtDynK|kG=~tAZ{L-b?`NK0pphyY%@=}W_;q+F>YGfioNymSJn7##SOUc6 zG<<@!hXXYSOCF-GKTEP01szgAZ?AMXcK2=Fiw4zZ#$&UlB0tji2P@~xX<|V)+$}Lw zOzAKx?IS9aNCb5%;JC?F*13=68cf%>_stP++{NLYwOHVgUNFs>?9z0R+u1JICk;-IF`qP`XFKzQ1QvJzNu0g^i6xa z(w7(rAKyugYiLqrv7t%7yRS5E`z9wTAp*8`d@On?!HJALnb zyhkxGBP%$b)=j8>T&31WJMP4m&6%rmKSgCQ1Px(Vm<`ouGR|@sF14_8astiPE0BRz zDTC@De-Z!;^6iCxa9QqX$A9G&tWr%KwE=HSR0E8Cr@1mFXkp!@`xi`L(N zeJh?TH)O5Y)~9ffm-`)5!^Q`(=Y(YXkh>Tg8nzv*`u(_h67@P>nHUH9hM|r#?{;{e zDOL657U$)bwPznMk|dH&UIL}U5?VX1qiIXyXd?xzj26?eai!1@6%9C(=ItC=?{=5; zSAG4a%i5*}DxaImNdAPQ0nAgS_D{K@@{Q4Al=|oIikK0PlS}K>hq} z z%ft28O8MI3rI0`U;tWT5R$IFbbmstD5&Ro`2LypX2PWIm|2%XFna{!T`%@^+PV`z# zTp&u|Ha1+KRxs(tFA;SN?9)Bvw>V~YT_V{1ucER>v2YBIntF4Y4 zF02z7Ha_8c-#Zs!SK2+HqznCbYR2y$ZWZXlLjzF6ULq-{J7T(H3@-!qaX!#=o`o>u z))*CvuQsY6u0-8G-2LLh@oJQw*q7x@Vz6P-&_;K!7ynA^*Yk~ymK@Jy9sSNcKP7!o z_Vv9$XV{pHiwiV19QX6as(NA>?}Dm|hEOGoQG9)-fp%jx_mL2JVCs+I@Se`>R8xkM zAjjiTVrMkS^cy7A)FTr?N#T~;1FK4ec3GBUHdB_Z>%$|{4%LuvoQ>|zV+O}u^JzRI z#at+Gf#!QzuX}NLnL&nnyy4^(0{a-baah(Hj|WC~llm_P#?n}{5eWuk9}3)OtM2FE zB;Ot07hw2j`Hjlbfa~6@EJk7thRSYlTk4~`@&tN%JA{=x` z#i>~N#LN6vht1uF7vs6LeITY!ce&*gV_OFI%_fWa)#m>3n>cwP^u3&)Hixe8)qbfu zCEhD<37M!!_^c2XDiFVuj7y)`O?)#oqt->G+(;Ham1wPCC}a#!fy(!>rI?ZT(&DezLSkR60NR#|0<) z;Bj)Hg!ko#+m0=2A*f#8Qm4H2811;_Hqdy&r}6MDm@1_Yh&(B@PWrL%foVExF&~HL zT`F9aB16+O<6yXzy0H1Nt2&k~T9Nx~slCQ$>`g1fUhO)$foA?dy+fm5KC#3E{2CQ- zU;}rBQzJ8zI-4qx&9B1;M$qEr6U3XhC2UlDQ?bnoL{xIr7f*jV+)5I#}38gX?;bf>r#`$3jqG%mq_PLe$}{H;*MZBRN3~x;34tR z?be(09Whh5C_g1$62Vnwf9G^&reZW(whTn(6OEFxut8z;esdKL&SD@{2rdaPVN@NG z$TC;{p+zi(%+Z8w(no$y8f%*x<-c$g40!m1s?E|9lfl{ydqmg&!Z&(;6u;D-id0t& zi2ppu*3E5n7-j8{uhJUPE=H>|h97y~HvRMc``%qgfJz#i_OgA z9K;yRc}!$`M3m6dSln`p)pRs`wApfZw^Mw!tCg2+tk|!zRXnAd{2G6w#tF(FkqTyY zcl!8oY$GEfbbYB=P9J7?lI$A%^*S^f(eR^+dvSmDIJ<}abKt^;??9pIpD0}gT+|KRY> zo6_-xDmJnb`OZ1=%o}SRVERBCY{p!FrfcH}Zzlj~h3ArNSED0}uHC4cWvPl6;`!=l zk4SOd1BrFR6B2m1+Hh)t=_1r(uExejm>CR4(E+9$-9Y=$^BL+nUoBh*Q>$M7s4km7 zKf=T(fGb|>c6$5AG+XTEr^5zS(zR6VL-$yGzSxTa=ovnKISX@W73aZ>vTIfG*_!H- z$`aTwlepVXe%Y^m-Ukqc?Ki7_h_zqv@}a&mUwRs?Lg*W9AE>LeOix6B<5oVc?SC$X zkB22BuX$!|k5F!E(xS}1u9>gn-7weun5{v*p&5*(W+tU6nWWHDC}r9t5xvJ@Gn!4t zBTTQ!zNN~r=ZM@&D*HqWsvIm|(8oD0neTq?3$C$)(?7IpfK&_<3C*~YdZngAA z6&qtWEUkwhQw8#zgZ7bX@BtU8b4*) zNojMf{h1oFK0csHn^hV(HpuzL?Kd1d~5!PH&N?P3_dp>c@xY~uCdgLG*sSB-M4>}fV8BL z)PFTP4G2OD5VQsu& zv2Pb*=)u>>-28C8#iW{Vf7d$+tE{kT3i5@#20S*~IUqi5Z0z7Z$BYPMxq{2BS<(I`qIqzA@#mVTvPSZGIA3WhAcO@-c%X zaJijK+1SK0q9paI7IF&1mHvd1PKun!DjI$y-x*e@k@Ng{UGum9aeNno*$CpJiz5&~ z3qOsq3r?;;NFlh7tsLC3z)@$nch)0W2s7AEL!rHV_Cc;OadaW|sFlkvu#fINHp`vs z6EOcu441|vI7qAfVO9*io`FsWRE-Sa8f_4&xWN1W`dwYk;T0JieRVNuq`C2xrA*mD(UM?Xl|(t@#wVmjajJsnwH^AprSpB=@_#Lyx9BHFr$(ReGB2`N|0;ex33~ROrjSNXMwljKp0I&$h|BiuKF-G)3vH5^k}EE~#qEQMN#6f=(6#|`3Jln~ z5Voc$cKIC_`4qs^ai~%-Ta|&+8>K-4<=@NSVm&GeNGV|IDl?Wh@QlnQGB_a zdM*4cbutD_*z1AYZ_X!R;sL1nFbNzscHjc;t@^l!tG4~CwoCGxOTbkDI7fkW(*VB^ zvbGMVWVlmbjul1A6IusBg4a2sH-72g{NL4W-=S|mB2u-!eHGnJdEG7I-JSTzLwy-S zP@3zt1S6-ey*#Z20K=0mgWs<74lS#iYbTG;+mR~Qmyov=PG)vjRT6;gBhWCY_8;pQ zzkixlufd$CIdbFT)lc}y{u(& zMM=5B+a2~xRQ|-}=QR$h9kJLTr%)uv4~c@8=~ed-w8elo?5zfvPf23jRymQDpcTtW zicmB8)Y&E%V_Hjf;!H0ZRVhTbGE;Z(e6O29q^m12B^qhBosg)orY^LbO@ADr1*LBm z=&Wo6+nDiqDy`|u<9@2XZ*V8D6=HA73-PxL>>rg}U%$u6_*(l-C{-524kacz^V@m5 zUj6LSwT%;muyI0}9G_2!hCvffz;>6#1LNw64*W5s-KS3yGo*iAU8hjERl5nIsVWhNAw~nCIW{NQAm$@KU zj0%#QWst7bE>kJRL^smgnaL^=DYr1HI`zr1uVsIx9rutXMzL~iye$0rXSQ?tiDpN0 z&|Ix)jZJeuXD$>b1v(T+7ql|dxZ6n2Q>ph~bj!MPc$LrkP#4jX$_o5d7s4*r*I|l& z)3h69&U3 z{4>sr4G#RjWCe67NP{b>=)+eHTHmM+a;YU}ehJ3I0yB~{TH1~iDc_}TQcz(N_Mgmw z(#jQnI8`UR&!-Yt{;i<(wb0)uw2A(Wn>aY05?O9+X6D+d{ap`Z-Y5M17bC6D8#D=U z6m|9F49*Q?XK4}48z}&vkOBWYU|-l}&F*vv%I;(&@w8DM?@#Ke(GgT0C3ac%%#E{^ zNyx?G%!yRe*1r&Q3~#O^cmmN(oc-brX84|xog?rytINUv__(tbz;lX^si=VXK#d@f zqe(A#t* z>VYQi(YN()$MK{LZuetArRI1^ez)H@J=gi# zSE;kldI3nxU+WaR0=Q|tqZfoDcc_yvy~I!S(9iSKm;SDo>e9O6@%9WronC3h`_3x7 zJ5P+^`r%!h2bG_8Zv9SW^kemq6ldW-Wdf1(&)bMkkb|nctJfx*0`CG!fq4d?m`Hq~ z6~EV>T6APpM%>{nvd=@e_HgE@hfwQZ$ONmVgFZVnkUix+iqgQpg-- z%d@KKi;tM-vLuU_DOBW0M3AFT=2PWgoCKXL*^a81hq zM62D|eGGA9;gvO7ZkSl-3+1Ijm(qwwyx$PpvNO3c6Nl>za;=#y?2e(7GA5tGJkVYV zg1&y4NYK*D(BhTeR~0ELpi?5}KhBAge;?YbIgh7gO;XOyE2YR_gVJ7E-jPmh>TD}$ z5QfO3N--;;d!b#z?<&es{3g01ETuACeQY84X_(^I@YHBZqx+X(TZaCqMuVGoe4d^* zHHCx0?z7u{+qXxMTd8ebGLH0S`w`@MtPG|Gb0z-vh|@M4iINV zb$JS0PB^Rt)Z1g({hH$nO%78ny)fc%J^}{MXzh*`7nS-qNvbJ<-0tkA9()cdhB=;I z{Xcf5z%yucRciyLJ|GL|amAPQq9A%!I( z?x8ra+FFFF7B|+s1*5d3kbFxi>VMHwP0buN)y0&G8aP<$!(!TSc5Kf3nKBYa0KaQy z`Hwd=&!>zabhNBfM|oT~V}v_fC_$LkiVfM(wz!GdgV{E;>QqU+wbD>U1Qr_oRuygCdS6ix;kdNBLBr&nyF|4*_5G-@8l}< zq0L{h;3IjjPQ}6{aM2jQ$#S06Mo!Zru++E7Ek-ap0FfI(oeFA+JW8$vJlQ@5O=W$F zq3?q?54Hgyr?~}4pmeZ3RF;2ae3sI^Q92i!1bQ}MZ9%?W+U>$&ko^fHG1AfLtuQwGHelSP}HFqgdDjI=;@ zk(Hh<9*PFNO0uE7L*iG>Qj>J!fUD}KJIWwSa)yyWMn!Vt_Tcn3nf&<|q2l(IKP}C( zu_P_74^!e`w+~&FN5h4gQ}Ee)xFY5j0;NE6WV{RFQ$`Zn$;pZxZYKP-ZX_b98h(r9 zp-w>T&T6BFX_}NG>-*$#A-(b5RfN9j_(V&?0=|&vP0k)YbQCs~^q{eDzYneWX z)#yq#*!@(11ioPMhZWUD z25cmI_dCFU-V^4^g^BHE0Z&)+CLo9@7<$#x+I^H5|9Lw?;&B65b=m93-J zs{lV47)KZY<;PWxAQ31PgfPeH@28dDM?EjkFuSnaE7Qv}fawf-$mQi#lyw;28&LP3 z0ap@EF9QmoAsu+SpT`BjHoSqS_U*y@ip!^MDuhe1Cu|v>ph&Li*)aw}79bt7rQLJ@+sUHoS@d-45V-9S4Tq zb%_IWU2+q5K%XNHi1gIw2@ztCK%E|uq560O1p}TSw*X)cUblPJIW+umUJq1P*lfYb z=)M)`iGZmE@LqZXU-PinKp!Wx35+VP0ORq_G4Lh;PsM4TVgY#G&b7Q7vpO24CsJLo z77cJ_zrbv|rYFAhlHnP#8ejHxf`|ccmJiIK4G+wxT%jHR`7YqC>i=rDo}71C1S|B( zrpqHHh8GRM47rji`w0M~TR>>ZIsJiuS6qk?Kp1!HzM2~v8mg@6*q7t-o$}=f_)}@- z2|PbFs`k|o(&L8KQ9fY^a2+|kB5-cCRmEAd?t$(7yyb&QW@K?|l~mPcECL_z1D@ss zuptWpFHbNk`_Xdi2ah3Q*u30;`VrR49W=wN#V2veTYSRowLTChFO^hOF<+S+;KKu( z$S~pm`YN_|HSLV+bUt}5abGB51oBe#a``>l9&ufJM*;H@T&+q06L&L^;=D>Jl%xsf z0RT#S$p^ImS&H>}#HbS#%wJ`F%f`+sO%6N`+*N=6u_~dqUsb?tdX?QJ&335`zFCMl z5j^%gC#iDz@^d0LlRd_+;@qc+8_h%7a(c~J1}Ge zzMw6;gWS;6=xr%ON~|HJ{5nIw>i8~^d$z4bWLP0gJK>}l&@hYU7)9ljpBWf*74cw`!7TIbU(XtCO<6EeE z${D>^MLGZA_6K5Ejz>eQStqXd*4ZBY(DYv=7fYzGkHL9UX1LDDFY=wIzj}23F7ocE zS}H(5eu&}(QsECvrjekh;7Q|Hl#f-6U1FFb_=&p3Q-y;A8@9vl2&Fl)1dT}V=bH8$ z5L6G@%?w5*M)&yQ(lVxRH~_o-9-!(GXL3 zrNyP&Nk^GReVk6%TuImTUs;noQ-N}xXRoSg#K#?KR8A7FE%}=5?;z9K2jp8nWL=1|84U)YXSh`@cOzf#ZdWu2j*1LNJ;P_MhS#V4;ZFb zI*T))s}4A2?&t6#%vNXMqod0)$%h5u$?d3%N3^G?>#?1!Q6AG-e%m~@t$f~)ReJFF2$99XAqN+z#Q4! zB^h0S&IvXOtdY9GIFAJclU<&d7F;_F45jx*UKNR>l7oR{0rzm^ldvE+)qNpUQ9UftNc8LlaoT1ly1F zyM4OLzeQ4iN7i%Wmyzvv3E-%K!u!s@=MnJO&QGDm#AIZP0(Rja573k0liOZY_w!Nj zQ59}MK_ALT=$ge?TJmr4o2$M2o(O&M^Thb7>iw-9*mBK>=kwbOm_z7l4Mp*zK#&or{JI`VZKH{H}5pL$!VO=v5K811=V!_ZVv-d zmmf4#Uc+hW0Y)P$tBhb6+zf(V{-VI8;?6q}$e!km-m7*`7pKG7U$4`H;0Y4W+eH#SW zt=EL9eh)<4GQS}83KcQ0zNCw$<944b7g%0g{a)*dcl&|~(3^mJ2yCP0+Sh*q6PMcm zc&cyLc&ew3fr!?)qkRm(u$KSu zxX1H>`qkz>23ODHltTPFkq+vNe(_Rp^5t%aT0FB`;&DLY z@deBg8`b^gLGVXVz|F}i?sFe(Hw$Rm3zzM?PXA8r0WUG&!3|uaIG2ljmHgp>-2ZRH zsg*=pz&&8`UdMeo2oUGY0e;nE!mAH}D;gk2ot=-}J_Jy|?5?e+8mzj9=g(z`Y0P@y zbZuzC!yT{nylndoTXfxSzV?UaYTQQU-$os+NxT3b#m@MSj(!!cCpn!1Y=P)Xwyw+R zn0Tsg?+1dO)A{G6y<_M=z{`pE%frPLY$yk#rwi!$KW)eWleo;2fQ_(M?{5B1Wk_>% z1)ef!D6jFb= z#e3Nb*uJ4E{q?f?m-41Q;4=R7e2k_w>@+-kAou;vFy?k~`f2{l#X!&Ve84V{(Ibk9 z8c+2Fh|!3D9?joA_}Tbeo_`+zykWpK@@#hZp$9^6d;RkzywH~-r?T?pVcs7*o_cHS zgFNe+t>W4#=-Am_;_~lQdLC)SD*&CSAy{_d76QsWFxm5snBSf0{+d7;ycTW>b&n|( zf^?{TW&zgO{-+;~=b6a@xlC?~V4@g# zgM8azybU4m*Yh?NI7)H?@sYA`!L3x)J{RsGS}X*UDU=6HGEs`GDvr`oKX9mddF9y6 z$(U5@$|5ia(2xq0#$cnHI=8o`)K z0$C-qMU8Nta6G$IN_A^<^+5*}$2kHx!tEW(*+g48S zm_kg{Jjyk@d+D%&*Lz!mCJYrC;%dSY^G$EB3$rPb)m1g{H*S_WIxV+u1wifC>U zltiiFKw!HBA@ne+i24?NX`Nc-MW%QTuE?Tz5g?9SgSj%3hYW;fQK6Yu&#{kQv@To3?bXrXa(_o|bN02SmARkU&>1Lcfv`H`+A` z+R8%l!N-h`v@syzkTX;v^Egfpt2L5M+J(C@M}kuB%Hng=%VpLWN64@!2iDmh*>?MU z{xu2bIL!thUr=>|`)PYyr-4|i_Z)Ad4~~)7$UAa0<+3-+r+la?JF|i%rW4*O z3;&HS+-{oF)%JCWX!7+036IGwbE__HI{fLih09O0C_z5GII60Z?VQzqj+BB9A`aQe zNS|#+_F^&b)AhQg)|!`<%o{k)=3}qUf-vqz$?eR@hXn`iM+gUlUvePXVjbDB!ip&G zyKbx#*Hts~jWD^l9Q_3qk+x*@*_OQYKi5`_$GUkCzhI+)SUYWyoKclVC~CB$ zE80X+m&_R??ONsZ@QcBGd|F(MPKq%|;w*2nyza1wj-609E+g#^FeGIu>)r`u2GS-( zd__CRCE7lD-DWI7!M;+N*02_K_0FqWT|Rb~Hd?vds4^)o?#DH$FnKlj`>wE@uY4UHEfiKm&{(}=V7 z-{O#iBf|XN-_M6LJ=6jBrQRE1&;K;G_WWI8v%Rgmy&kZ_I*0#LsXqqbkyyjtOM2nj z$-cfTZQOjHGoRde47pF6VLMkXT{P}=|A9DmG$DW1-6poSa&UD>a(fdH@XBY`?y1V4 zkI%G!Ph`G*!m|c!=z<=s@cLLO`iRn=&sBvU+*HOaw{ldwE+BM&iOp(ij=9*KZTl;E zAjb9cXK1MQtFUOD^*l-YqG-OVK-MwEd&1J0GjGXb_5DcxtM8~O+Ln*_8XDF*0VfR9 zZYLC0VOECc4kdrjE#YY=x{5aW`${JjxtH2V4@`cFGuWT##kjlt1X^sgPT3(1t1})#;(^ zG)16}(iNvvG}BO%_*rW^zoYozh}_oFw4`iNUEo8e?9zUG;Nw;%lVMxAO}s(#IU# zyE2l(*J6EJ2ALFN5BCsQN!1>_k>m98%+C`#5w|p!JRabQ!pb=2S)9Goh;$@xya-fb zmHWhxt$58n_|I}>H@iZfrZ7#X3rwZ9-%4>eoGqaAyouaZeaPFtswE4Z=kTl_ zvARMnNUOn8o27l-jgjWa{f9%IK=n(vOS07oCig{z6hp=U$Bh+M>L6qFa+%_xrFnp0Ojt#%TLk7_FB zwi6~HbPRO+O$tJO*khv-6%*a8LIX8}#&;xtIjGEqc9asKNct}2hS6_$+jd8YG9}UW z4bbe=2by%G| zv0Db&`1aMRubZHtV0Cpx1v^4$Elu+=!)x>vO4C5P&vlh2?E&p;dU_q1SFS!Ph+*t< za3|gLA2EOPo2dq;TM}^rx48NHS0C<(#cn7#IrFZcD!fnp>T7<^-#oOQ zJ3PERqjfdItPX1&d*_1BC_q$!;L(MK-B6=YEwddo`--E~U^~++tJQ1cGius$?$=E} z51$|H^9PF@r#IcW63<(=)9HCf?!Z|fJ*;L;!Gl~F)%SsdpGt#BatL|5&9sF< zGEE4C&Awv(7m;}GASqfk|Boum0MCwj(j+Ht^xr>ctH@=elk5BPznoh!;WlV9a$@wR zL#-(ml4ur}?zre$nggtp4Q$r?E;x#Oogz&}`juKSOcG$0NSQ{xqv+6pYbx0+_)>E5 z6n)(6FKhj1!9=9i8tJ*t2X6zW=s6!N;l~V$c^M#ghh&cSXRv{OH1lbT%bBZT*KtSOaSbyPcDtO?{H zBrJ7QSNx`_%*kSbA-Wu~eHKe&rbi3S!Iv&M;2CNp54g$qudbz#}9G~Esmd$bIPf5la z2E%*Q>zPS+gIwRR$jPBu8wce&b2XC?m)TSCmB}12(HBH(4|TLFIB_WAzGBr09F0lx z8~OVcZxSA5rNPFUFkd$*k1~&b+$H-Xrl2zGn`9qJNtTKP+JIe86grd83PuHjYQNB; zwFc|GP(B)l{(+T38L^)x8FzmZ29d3|kmYCk6dTn4kQXU(G&_E$Hvf@=QQnAYAzv|O zJ@C_(H4H5|IX{;&O<;wVAm0}Xy59bg^+Zze@0~ostde7iC3VRD1!pEvc<4opJ>dCR zK_Q_F{uUPDIh5fo$H)+gc98e&pu%UKR?+^AwUu{qh2x3(RC)3)ak3O|#99Y3A4{Ut zs^!3*1l@1Yy!6P3GG3BxojW+Yd}FaGfsNgoCEcMgHTH8U3H-+2ZhF_NcqC}>F`Dv4 zTSt3&pc#9yt`_#qrMT5nn$9oC5BB)vBe0k1)hdTfUt=pBmwgrpN{F2+p%PsYNJ3)a z3R%x{%H-w)wJB>66DQ`3(jyAz7FG=TUbxOd{zVGOeZl(#h)349R(OaUjZ?;aZSTkY zoHprYeH+PJIPO33Ucy;o}^NY<7$!L zV-&PU{hVN^ggL)>G(CAk+aH*wF)0NZS_s8|wcFQHjTp~PR2IQU^YdxLXRhK=>$av> zLX=R{x+RW&o&dF|Nc;EuL!D{9?c_G#(Vb}#y1LmXo9m=+ranrGbzcq22xwm`4 z;_8Xr%l`=|5UnpHi$6=F1D$ ziQAChT{qnUuq?#*?Sq%|5B?`{y~Z#1<)x?9qUl^uxjh&E0oXVUZ^0X1@oePhav)X(<^tdY6sZq)zyq?j zo}EmGJ^sI^U^dZx(dbp2F%EOhiYTYq%JtRickw+o9ccT5^KsnQ+tC|}cvN>s@ASD# z42;!I69lBUcSEZ@s`9L8qi`y&aVu7N?ldc`^xiWa*s*~9`QJrl%%;+NK{_4gcvN9t zB)$}n&tHq`d<(wii*Q0Hna>5H=&~B-O7yl3hVdmuctvMEP)OMqbJFRpkm^RGZJ=pJ z6IIJq7L|y0^-yiNcJD})Cs^V;IYoFjqoJj0E5E}~=dB2HBN5clalrp0dG2#0s|af3 z7b|zH_5?D3(CAp%Xd#1hqWTEVwoZIWMuioXycbe(<;uuP;kX9w;Y!h(EE9^S*XtkY zboJml8ti%EB@_1HRv0J}&`RJE>7Ahpb3BY!MmOAXqg(K}-)B46%2$g6Qg~|$HOqEa0(_xOm~g!AUQ6RQ1|P&uqP#Yma0_$F^4Tv!i9#cR_J zVk!-HPvaaN$xTBlmB&0WWc&sF-zugYlC#ihg4v(NML5;bgE9;^foUPrFYdk2qKH_V z{(s!tE#ZC1o*ToFQ`kXai^ooga=Z`)bv2z)L*?ZLm_&~Dv5=~+JE(xqs!HqUkFCb|n|@X*kG zLM*7|kmk+IRcZmOT+)o5#q%(MtDIIll$`MEvETOjD&9)ZfLT7}&-q9yy z=v?&eIT)c=RJu4n%i((AG?Eh$L^4HZ(3;{d+kAJel4m7%n>sZ2wy6&z)ObIE$w)7) z_CkF+{0P5vwLc~*Ey?lvWT0gU;_@*|>Ycf(lzP$FT6-FCKuV0Wms6p(|1#>qb*IZv zkkxicpJ&^IP1{BCEPDZ&&1bf6QY=M&aGXS8NL|1MlAXY^23qxA@SAMltTw^-*aWmu z^R4fNd-XP)7l!YxI`OsY`sEkk35%+xoxipt=06rlo_uktcdW*SU$(Lw`!2^4Q;~IL zK?7m8?yp9Ue=^HF6Wi(?Tk(@Oh;Gj`<^%0D97=k6H&T&!T7=KdzmdCUfXw%P>pJM_ z3601`WT|Mdo`aWVMcb~<7}A6GLyb?y!4;7MRq;JSu3K{;F{s?RI)jj_fkQw#FQ-&E zi_AH%h;QQ@yTw1V)8m&d@pRl{2M)SzbJm{?hd-%o^ksE*i6aKoyeM5L{f+0^93fm< ztbxIL``t!*2NU1L+2N3NWo@K(nUb|tGE7ZYYYC16rtg=YvKCu-^tI@^AYIvD1Ue%O zxmkK0j&B7tZ~(PXTA?A8#V=eHF)(geEK|B z0-~W-jHb>0cwfgU=k+Q^Q_`_q+Kc}tj&O?qi0kL?s8iB4y3Btf`O0pzSw3aeZ>P5Y zQBX(zHXmhWrB^F2|BfB7h~+ToqUrUng;EGAd!f6tkk8n?OT(!ZtB#1;GgJzWQV-KaO$52lND z?v+DKn{zhrt6Jy!a|oMrQ8Ro;1K)r?N|dVL=V3I7ZG03#`S@E&uzPEzAzX$@7Zj5< zoB{%gl)8smS=uv{3K9?UZ&*}d|6{ZZ|Aj-*I%}ln=LW6DWG(m7r0efb)>64|!Q%O{ zm^qwt+@>2pL$72Z#J5V!z`#;uB@4>iY_KzO!8s2<_qu_+v9op0uUNIe?Irq+QtCCl zmM7hxj3BPydYF*yBGFHlQ6U0XF`Tufn%y;j9>Ui-1kQ3oLOmF+1y^^hCwTF9IY3l?ZBk6`MRNS$;IZeCCr}b}S0@)24-9{eM zJdcJiHMzfUZrIF2j79ve`3L&`&de(kmjOFwusCyDrko<{khsx7^BfvL(57H#@31en z7SyXu#ZOzy%O2Qwl2zpW#mC(%eo>knq-kp;FhF-+V@#OA^+rAJ(6}KIiEIwy%R0ss z1U?9?bPUDMiaSYUIm}abn)3DVkdk-8Zr_n_^85mL7?v%%yV`ylsq}TOUaYwG$n;7E zlGJA-(=vj6>Y^|=|HyHuZ6j213`Gxua6R$by~RD#@Fuki?U?CqG$Ds)%>8aI>KvEJ<@ z&Yo4waN&wJ?Z7{vXFCzYl)wE4FCu7ziV!}RWC0C4{7*|b(c^oD7m2tyfy6BJENG!-gd}G*QZ?TpNQW zOt-w#=;VmYtC$)Ber{vqt3ef+mFc!aX;EkD}0Hs-&WLRX|C<%%kN%Vb0r z{4@rd7zN&UY4NK{|0|Eok}E;=0u!bqPp!zxIXT*`xbJ^odtxbdjr%nFHaE2^NWjZ!LK61kY@Ii zj(`{FiEmw*ZaC8~;Vl;U=oIbr4yR^gKIudeb>Lzh{3--M|eT+a5P*(v%K9yCNM z8uB-_NJsWY#;JR}Nw4%X?`<&+(#B+50d|lHDSu=0{U2Lz9TepoJ?zsi-6g$r3L+(- zbT_QDl1szVB}#X9qclr*OZQUJ9U=&MzR!NXzj)`JcZR=UhFu=rH1uxY%&5+`iK61B@QK)8>rvIHlM29g+OVBT_vqg(9!_`XNy_p^ zpoefM__OH-cEm-6N2irMv8eQsm!F)Swr~pG$|d4gtc>Z^y!ZuTDjHrNkICLNfk_Dbt9mBLFbsA6qgw4ay4=B8Qub~uKrpS*w`B_tLs_MB3+`&K6+g~x5O zJZd|-u;9^9)f0-Yw6o=szz#OR^vu#?ubMp&Z4r%>Z7e;GD}NKXpUf|oF5mqT$%S@t zcH7e(*2`ehzRjP*&KJ<&;~7-;cu$sqPgI(PeNGWV8A9`Np($>})D)sV|1_BS)Z1YN zJ22z(F$?G;whSfNzAKTguB;I^ND`#0ph%53rE>f&wDS48``}hz&)JQr?#`SLRTf`< zzKCVdaue==|Lv0D{}Qygy`z4<4KFDCa}13cBKJGeWZb6UC}QlE9Oag>)X#IRKtIq} zyqGvuW;J0BCaRPV@$dxg!NGd5IoSMzXt?3V0fAS09?lhmmeX6sNU37hUDY>R`2%1F zmkHU9ve(4Ze0u5^E%xQNzMkWnMf4JH7ie!{-}W$aJb$BT zNaQd~%4&{XCeCW2pMugYe0u+H;Om1q_c1n^sxW1QsK}?30UC7N2`_n;TX5k1-{R^U z=pm!rd{?C-)--DK$gMZ;c0!~44k5aUwGw@894RpYhdbz155YN@u?%`EyV3GSZa%Wa zgLJkmEu)rABCZc*(B-P&6 zk+aT6w@hZ+*4ai2@yqm|37PfOMu>WEhNjU;K>EMs2+~}COXBD3H$=>Kjz|%*5sBJ9 z2eO`~4DjG*leA#Rn2U?V7_(7Tn1=??;eNGCVtLNktQtD5Vo&|q6XQ<7VRlm=EnXFj zLrTJ*fic-t_acui+D!As+sG!}8d_4VtmKbN3E$SfB&NUl7M93QVG9~O)OzYm#UiUq zN=b=(1!E13E<|rndA6M1c)XYYu@Rh&JMyA=$nC3tT(oiJ36>Y<zM@!RDQdfOztvTr-F~7EOp^ zWAm%vJSO+LLUFTvx#iQPgPilKWSNfJapd=b@uZe^yanr`y={*0{w)&0N+L-|1tTai zHJSnLhrrqI=H-s6a#f^_d^GUv=s@6(v^OtJdTuc81K*F`&U@g&BD3I6!I2+ja|0Lk z!eeo}qT)esNEu7)gzd$ZM%_k5J(1B8VR|a~i6lnxv~=+on$@E+Ys3+Ah|Mr&8>3z^ zt`1uji^+SAK-Ix)Joa|riQmR5UBJTUITRXQw=_bDSLyo5bMs6n0 zc+-QbCZmBnlmkX1yurb%Pr}UjDekM*FF+FaJ)4R~u?o>S=-cZo_w*iPAp9^{wj)8S z7Tr6Nl(cj-v0Hlo)KXhsO)S+ih43L`g_8KyaQ_W5T`^uo2G^}|G)vb5l3UVD$rQl| zYaA{<9?AKZ@-D4dDMjIIF$LyH+K_yHD~y2D4cSv^Fjp$bp5X$j`c5`pUo^?S7FRdR z#PPURmkswHx{Y&)j&FC6VRKuZQ%Q$1o81G<-gZ7NF3z^y%naG*9dxxW*5~hEg-1mR z$!4voW-j)OlvGKE%W*44hHMlBciRTa`gM4-lvYMN_5Z%vyDVDTxAkSwX~LpM*Fmqu z3yWShovZD<%^T~L{`n5nj>KaD`Ei2{1i3P7R&yogxd{db_qfUg2c5AMv3gCNq6&~R zFOPxJuA-_L?JcS||9|9MlEqqKf#*HH4vGppvJ(I0z%L?WMsY>`!z&I;R@orilu5R^ zMy?X^MQrMr!S!5x|Rjc{Q^2+lL}3V*2fWwAn$5G zU+!*a_G{e8GGBXh_Vd2!VDB@xLl&OrhTkfUz(Mwp7X8*(xWJU&Tk-4cYn5bI%i|W+ zyd+aR;!>L*Tzbl?PZp@U^B?1u#~8CIgc}I5vPC=&X}ygrGplzIAs)mgt$|454L+gj zHN4r@qvBsC)@4`2X1=30!6p(r-%FSXQJR=nuosV-6B;bcQ$DRNyYZ{M0E1njmKZgO zhkUZ`gSBCdE&YzCHGK&GD7*ng$uC7GjvOHWrU0NuiRE<d#jA;X~HWuU_~~l*oe;vlYIEV?@CbGK(r)o^V$OH_l3k(R}LN}9aMI)Hc)C8o`?6Sl`OxaImrjnW)3 z2nN`gCnuMdE-uAiaKYX0L%HBsfm3;W9`dl;ZNhZ3ijDeEXZ2VR1mM+S0qb#~NdJ{C zIzf)wJY%Odn_W;Br^--T*W0exD_@l^WAb=rgXBTy8XCMt0==Hfr>4?Ud|@R~ye3$( z?TN|x*ox!k42=H#xUDlauW@j`Fuy$ubTG_<`GIJlCA#uQ9Iwd830E7YGeMPV9a+V~ z7j$Q^4lHmgUu`-`Ifc3sR16SOLrv4~^qi``9v*UlU5TQGEX`Lk)Nwfxs&5>n7T?TAld-GyJ4s{jyP=CUQR`h?yoX(k> zpY>uChG%T|g}J`Ks#>0cyW_>yYtHE-6#)LClD-cvBem@_HDFpV9f(23*lO&@wRN^$l2e0h_rr+sHBs8$hV zN5e{!o=~~bopiO1V{O(NeJ0y61xmyY&O@*p)es1tc+S9*YTE=I_s5J zH^u%=Z zYbr$YlW3`$K-55lagf^7islRI`;}E*scmB$g!*WxX@rqAlzU>t@25J z0nO=fYf!ntT`A19`h{IJXh7xStRb=c6vSCrA%S&$(Kh&7Mv*vLAaA1%c{RNC024Pe z;~MO(KV?zl&g-#EY~WIiqk>yJ*ULL9Pccn7L}+;w9dD&*nF`wku zG`w^6gDFx#0e<3K$ygP3=i%YXK-vm~V+uKC6+zqK(@1R9u!`}o4s3<_?|-#4{%E1& z5UXpk#CO2tjxQAeg`%sHi7BS~AYk*UByMrrdC%~P<q#Z zh&7p7a&jgZM;$q;j@@P~-_v!T;(%enAOy`T5eXpq|0w&l?vav}~oX3Kr@WJ}iK*SZQ= z7;Ikyb)G5NbW{$}QZ8#2yKg7$fg?hM@YwIGh{tO2O>F0&Wpj5ro%soDUk zs_(3qYiKI(!+{Ae7kH?bNLx%0H-Z4sg}Fuu{b&;2(qIC?BAu@lYZr8%T<_w67^|84 z+~=E}21LVBr2LYS+v?6(yxry9crjL1R+Kv5pTC=TJgoJf*T_3JVJ@cF)}pac7{#^j z+i}}t#x-R$f}TSKuNnlb+6KQXIVQZr)b%~+9f07zsjm+(?N&1-KIH!$YY%4hKl0|p zE@u4HCVHNl8h`d@gq@j^f+BMhI^7-UITrh0s`EchrrwfM)Y>d3u+p@1-@9`^Y52+G z_xbF%)Bl{m`v7VZ1yv@`})k1@MhI{2Pr%ze@szJHmWAx|B#Yb;D&XDP3n&IY_4$ zPcV)eVxX&syOLzVDNsfzk4Gc&Y-eL<=ZPZd)Y7TY{J$_@lHTgon6G~mzM(=jZ&HxZTp_w`b>Gw z_MZOm&`ucEzgop5IU7=cZZW#C7@MEmXbfGDdong{2Yf(o8FH~(G;q@S!+r*TeGz1wIvU3 zH*?AV_9^e>lj&P}-8O_sI@vsh{Snqhi1Bu+j`lwW^^%aq^eO0YULYX!NOyPQYGsu`Kwo(l$ zFV@~>k_h2eY;D`#v?f{%=A5k(NHfqTeJ0j!5HQH;Bto2V{ET{fQ$HKO*yh9|blf1n|}MfK(zNL)*%bg z_hFGFBm$jBua#>AQSY`4OjmjP`*YhiE(Np~vwfrp3ox~oepWE&K}x#T){VH=d=1lq zVvee|r#<=+DI$zN8bnCJe;i=L;}x89gr{f8ok6yjsbM#DSH#oPom2Mp_pgv+RwnUC zmWG1u_s!Ml7Zh){p0`HJbfv-E&IHy<&}0eN#Ve#Hwl_NT!wTz=s)vSU-BHAI5$RY@ zqjLO*X~ZTwo{x{Bu~1l|4>Yus$z_`O+~=K&G$|g!#OaBE;VOx=t*zgd(kF(QI;xBCE7Clbdibt04V~B@mAt1%5vLDW|Fqa4XjfE3A2Xl&@Mn;bz5tgU zB_;Im;#Y!6bT!K)6Bg0+;?nn7K1Jqyo$m4#b8EEc#)hu(aF{^UXPDFksTr%9R46mn zyIL8=qK3YlLew2(KA9>X&NDvW z>Rpi=9oYC-dp#tgu!&X{8^GMtZ5(bo`zyHcyXtf6(JhQZ{b!bUz&;sKvRo2OVT&IF zk9pFgvmFo$dx+BfH&*{Y7lEA1vwsk?|GCRiE=Z=k6sEfeU|aCbuZTBjFd)!Xz5qBk zK`3wy%FXMteZ?Ri->2}fn)I;B`SNbU7PtMH6*?^U<$7Zom8Lljr}G zm;p-Oc;eGzZ!0X0zF%HD&>uFKWxHV5ZHnSq|2manRuhq-I&$S7!=8u|q-Mi5U zs60cHq~-QFzl`&{i}k77&=tkVi4eQaR7i@?xm02=rWii|Waz}*%B4tNwX-J6V~aE&wb5JE;tH7?UuBTtW)%c&Pi3}5`+SJTRdxuER*$+qfzJ7jUr=sf&%ibAv^IId` zGE|zfbr%zOtwYhpxll|3aQ&q>9SRyOJ1 z3T$`d?{^57`tZt4wiJ$WlTvG6XE{5$bVtJua7&0n8| z=$8pDDszsj3?lFhysm2~l86EhlMekmqf|Vcysy7vZAH!dV-=A*cxygk4c2@kcGd6! z#M~*8D=ddOXG276bLo>MtBXw_J(M?Q;5NIYc*z7$u(x?5eQKLk_zISc5d(_k%nGnyQ-Enq=bE|S!qmMx(G;2zI=vqd zfe>eDt}zFxdW-Xz1*RY#bYC&wj@xB=8Sd8f;$j09)}BB=BkHEi0oAi!({o1I(mbhL z#n;^-FhSu{hZ@eI8cVNromNODa~B0mH3kLMw3q_xt6tXw?Fu)a^9Uaxq&P$iG8 ztkl1G!?5nS7yitXUy+v4J;-R~M&~plI$b+vpGBe-KVpz`Y(U%Yc2~^|$flEKj+wYX?&?C8Ow?3kMYzvqQdXGvl;-$$ zjMcHZ%g!=wWvjldDC)|4Ic@Vd^J4+#uzUeWGrAGquI^9oT+HkLA!q;oIo%2PZq+xW z<=g$xJB3eb{b*3|;&4 z+V)olaQKZ*hN{$rjXOrnz_^kGOI53it}^k}rV;2BKR7k@s)>&;wSeH_i}y=l+WzMI zDXP>gFhaRNmX?efsuxJdueRRJ4|*3aRS_2`x%YuzAfjGKrJS_NW2jYJEim-z@5^ zTLE?cSQGCzStjtvTUhm^BD=oIbgwUQ*&+tFx;aQTRxOiwnw#~ywIY^&0(*^dFKHY&OAvz&3?jwoa{Wvod8mt{g zJ*Qlv%E-Cdo5>E-SD$vpB(;kEWWvSB&HRX6ZAlOAXfpIjO0*FRAfTp@{Gc~I?KM81 z)>9w@2CRKCXleF`MC&M6Lh(}OirKM8^?ry;xTJ*4X?mAffc}lUkAK^dK>sG%(UuPL z!it^`w0)MF7k?j&?Jqz+al{-w0Q+_`84N*ZNGpQaC{`QhoOybAi1gr-vl zf`D?Su;i4}!DnrC2@16kgA5`43fzy0mu)J>pNG2rP0U-vhY)JqCN1{?p1p0$Edub| zpKmm9el?jonhz=|Ig6bGHyG_bl&&wy3=I5Ei8f3&z%*@4l$f~5HMln9`lFvWR7o(k zMf3WR1K{JF^uW)ysdP0S&j{F;qy{^`Qwsf}gP$<2tcV@9nVwwyNKH{4>fHFXn-z`6 zvemfV!t4Td=1d$KaQ!H!y)H3=;jlq%DcWGq?Y(yO&-#2TjK3OQeJONg7FgtY{@qpP zGGv!C)<{+nSK;E)!I`{-tRy+^#}zuRkRw}9csl8%VKj%3Em`#Aj6oh}45c`wglL@? z(T}a8ki=&vZo7p&5k~O7wwVdIHx<-h*YI4zC&t z2LEiTP99)Z$N&lD7_(EfP1{Ur5cqaDHr|3XT`IUFSw$9JZ3$bj5nyt}#&X2r7__=P z=Ag2IKGmS@2N)3n)_7>zU*22woIvV-1K7L8$_K9zfTDrRY%sq}D{+KU5CVXScbi`r z+Y8ZA3=sEK%cutf%>GkVc#)Y{(a)9&0O9eSb8GBhi-XA#-b0moUXfSW%HwuvSIJX{ zRqc8EbB_0CS44k`mLFPOuiyMy&Hc~5;P8iUq;%*T8>M&7`8gX-{I=q3kfGsx%z~kO zx}==5zij-{#UUf_VBO*YiKD1+sHx6Y?5~#KT8Jr)2t+P}2P)U2j>U%7{Glmi)66^v zZ}^z%bIGtqh#+1wC@%drZBH^v%cJd!#AgAjyn$v+JVGuKiel!wjvV7<44nur+Y_2L zWQ4B995b0vCppF#H(5DYik?W+IeVkQQeK2+QE$Z{WY8yRGkYSAsM+^P!%$_0(V*1l z`_ZuH&nv=q>s&tut148fynRYt@C_p`eAvc41bYr$>f3OL{31ociLb6WKT$c0sCkb$ zyHF*b#gp*nxR-3$BI=z(J93|mHHS_YCG|H$JrCoFoRozmaJ~;}iG0wREx?u2(7A;< zLOH5%(J&QeuuE>)kPM6qz<@YfGh0749w$`mMyFPn0ZE_YvamU-Qgv*VW}BivGW?>3 z{oA)!4PUk|a|8NTDG*OmUT}6c+uHKLl&^E~e{Q2EMd+wRB;X0U_lVkYKpk_J`Mk+a zXQWF-=A%2H<5bG8VWnmFWVzTDs;g_9r&0imj!fv0)VXEfCZR~%! zcXcV+s_Nrqga*FT+?hwN3NY?{v*3gtBMf446o&cVHZnM;o&*T0R6Vtds+P>AIDBlj zp}?oh{7W@A z+FX`Jh2j<)twF1_1bX^n_EGI0n_aPeZJ)DCbBuk=CRWCc$|W;ni)je^pb=bhy@d!@ z+1yj2SkUywJ2hO;8xJXW@#W)7G-W`V(GZ+GpFlQfAyhlGM09aTE1K93HV%)JP7llZ4p2VBv?X^)t6HO99>-_ud2vJDPf3>PX%R~61X(O;Ko z4TEc-&_YP3rxBS;1MN=3!1@=;1cFU=Y)hR#=x{DJ}XxROM(f5%=*8ysV)#-6dTPUdahkJ=dv7s@+%|yj)^`zO6=yAayLkxR6z!Dl5#oBaO4Z-ypTa|;g^Of{xNIQ7 zja(YL!@>BTuSCQHb+gW?G{HV{i`0U#k9-WhDf_Iru9s6h<%d(@7w<$nB2~mw9A72W z_(0VlW$;YTg=daxh%*K7@aMzL10O&sdiXOr>a5Rw2#G`_@2*3^)Er=U;gm@Y>slak zibEVMErs%w&$8)+gvM)NV>#m=wk6cY=pQA%Hl!qNcbP)KBSKxy4(nXu<%i7FA6JD3 z3s?>2_C_|)*ER=+FIoAoU&?jo?T@j^rzWQjMZEw0x&a_||6~6jl{Y=Wa3Y?SxxWs0jYu7QVcWA=-7eyXI$yWic)5G@p!+%0JKxyX< z7*3r43_-9uP*ww42LI1#g;={lseS?=oo;6UQ7g(4i)@+#qAC*#8;ctD%{2cm3E1oa zo9wyk&Zh?ej`(}~_LJD%1MmW*FMV;s2D*11&M=9@ExvYEGkOAgp8R*ek2#Cp{(y=1 z9HgrM{pt44=gVjUz!Ch7L?Tf%rTrLA6oG0=;09nX1+JlYA48b{5JuL&Z%Kba{k*R) zW8v_3021N>P_~-fqyyTyhj`(c?7X~g06T%g3ZcMPD3WflE#}`k-`>+)r#gwm=Qw2p#|>5eYmz_tPnW@c{fb6iR6t8A<25+F&_^vI4tp z_Y^|w<1=mx{+zOBnR$%T+M!Uo(4W9i^Fy*cQRlDyIAXx)*Q#YE`WGcr{|l&ep<+Q; zf@{+#SY@wjJ z@BfUw?>Plv<@?dBugr;fo2_a;8cArL&Q@;So&rziKI_wU86ll0AiCv8De{1GPa;Rq zscgW+p*auId;+TZ{nccxscFi|+~>jn(+Op6xv@8!Z(8LP)w;>X3?rS-Y(v9^m(Yj40 zH8J|74Wwdfyg*(S0ywZ9dhhdRv1#%1u5aiKRe5q)JSy_XqbIgZF~f`$KI%ltd%kz7 zS%}MR6V*?DMi2x(tgJ zj-3?=b{zf)HpOra>`{*7P+8BL*ZW~qnNNhmAPM;N*uLKF7iS5}RnS`*cy@LIdA~)n zm z+A_A3grLAsN;?=BDwhFD%)dgwXsmv$Lw&7OcNgKu_GT+D^7Cp>*U@ieo_~Q7&9d+# zVIoV(iNp-IGh1MGpPa70XXX-%iDFm{bWNq3Hzzj8F? z(|$eQw1x(f^)blC&Bi_G@+2&&g)8V<7uSMLUAop4(#HX>mEF5aNDwU7BWIeU2>K?Tk zQyuz9;YIvP|NH?yO$a-ruouOz&ON44$ZduP9FxM~WK{;jq)A}Y9^7+T=W$lL9;6w|ilLP<{fn=)8f~F;dnbEwu9L68 z%%u!XQnw^^2DPUznHoApUYV8r8U3sx@w5Esg{SCwDEzF`2+GJd>(PU>eG&+`xvv0t zAWi?x%A0=~^>4BJQvgdH%Ax1ApxG^P34H78#?IfLzk2+y4pD$7)YaaXA{2i;3h0bS zNgc2NQdL>=6_hR&;I;RlIDUkHy&Z)P($|vsiaM47lCPwHE6VSRQX##0SbBrr0h~TN z*X3d(x15E3`*E+Yi+>&E03P;D_c3#T`8Z|Lv@C=|4hI6>Z7cYwo)>R)A<`xt*94S7^A^%W(u zLs1*;-v6{a`wMuLY=Lw9@}UXcE%y*Oa#aBa$JRLj8f*q^vcCY|tT&2n2)vfz6UCp{?lcGTlm$&BzacCKNO}iY3$3^HEDm7>nA|lYrGZ#NZ60+bMS%Y8-U45n(ez* z@AJC*n#BZoZaqCcfjprej^ZN&YIPHDiJDwWC&H1YpXU&z@8xe$?{Ejm4^SXW?lM#f z>9Qf9p56M{qPAsi8gA?@Z*(&Sv4brMyab+-@e!rZ0zhLD2gHZ37$&yZPMX|Joi^62 zhnCZN1IXqFlZu{i(CvCh1I7z z8Y90$#s7mEFZ`;CQ}x`DW|YF6)^e=V0(Y-2;dF2k{Va4zTc4?BjG^qBV*rmBaHU5? zta#3BR!z5gS{ev_7uL6X8k#ayn(Ot?a)O{WEz|aJ5xsv^v66f$cRp+Yx zpD~&>g`#W{!&)DGQ1VEz!zuY4CLb%*ibPll!aa?cnRZzfmz2!Y!;Uh3CH$n9%jFwo zYA2`Tqpmrdy6}Fkny1%NhkiGN$*daL5-`$23Pk<^A$9bOE`>^#dY)G7wSa2G?cZs1 z7ycOMzzVc{osPH=yvK_2wP@+G4_Lcj&86pXm$Vu_lNMLaqmjnkr)OsW^d<=UV!*Fp z9>>FlO~Qw!ovmV3{3IecUQQRHA0cl9H}JQ_k4h4;y(yojyp##gSDMYn83jSERr7&wBEAQkEiP#raQM<7tffPZ+QgQx%pOs?acfif!5{(Igc#z@`kf9t zpB9;~UiXnqGWHWTCDTgPE7+X&*bp9_MnEh>NOZXExSEaIN>paXIiP0``g`hWBHY4> zG13FmO_IW?DzrZ-u3r$-Ziv66X@?CvtHolmLd=bfXv8!dU)040I>;DN^g9Iez=Atu z!Z0{|-I}2Kp0a!Um|R-Dic>39!i#(zHSjLp?&>Z9s5fzRG!1uSO4dFuq$4kR_!@*u zPJc!p_)3+{yF)+42dd9IiLu43PdfCZm4ih=oB0v;u8S687@RTwp{~;UNBf$Ir>aPW z2|OgAy4+=hOaubyG(5E5@Nq||t|p9~sj{tj6V^Fd*7cvjiO_LLyTM204(sq#19qP6 zUThN^OQJPPNJo?l+NSxu300K^v=H+KB2sa&q}6!bA1ck~VsS$>onlg`%p+HhbDLhO zHqn0u%6i3ZcBi6l+SF5)9AObmU)NZ<7>}@~#jkdBg0Fo6KdVY%eAWEXP5@b_#a9sL zY1UcClU!NdTH94kr39u;GjB@!j}2;ywi? zQGt8TsM-iNTP~C*Gz$-@t?~^?=Vs|O$)&Vg{4~_VKA`1R)8OM%g~OFnnuBv3meTe*fe4`C%Nxj9sGPiYj{CFz?Qx~6d`P&~4?q1U4dP0RcTT*Ed zd@&-zLd<6Ddj=IGFL7GL$C zJnI&Ovd%zl#7nQH3`C=%s2~k{-FB<G=wv1w?^~ z_dtPjvX7(zDc|qzzWZ)fv|oS%cJl%KR@mSMMZa}>Saw5aE-nEmwMGB#iVUTHpxm{@ zkLY3jK(*L9#{2S{EOBl@!GGxbbATz_Gs|x_8+6)*qXSv$JSq&lo>xXGY=J*)(NzmM zwzKu`lIh>&i(7YNjn_V6Q3b%ka{m6`JvwkY?d1IV3$PSl0*BVD_?P%6?=Is|G!o1Q zb8iVG2k$F}SXGf6$Z4rG{Z(SWN%t^ZxWh5) zQP{xm`U{!w27&nnt!)K2&yX){&L`K_9=2Nx*UYMuf~dA&Lxh2wa=v|-^%?!QF0;mV z94~bwH_o*C{w4MGZV~*yjC+2eGW{Ezolf2miqa(bw8I`aZ^45yR$T|D0wBa5%}dZeZfwz#fC) ziU_IkD~i>~dHL}(OG0(*6XB*gat_}pFa<4lWt+P2Hw0U0V?E7+{Ir95M>7(*a;Lq5q&PqzW$DkHEOmu37vY_B?ljt6Ku?kiCqlbH5J;fDKE-uEOxIg3&-;KD z6K=dTZ4jdmaAh>h=LG~v=fY`r+*hylzSh&vgCkJ{xPr8i>GV8{-F4a4HG2nHC@}ibn~I^6ipYg zwONUbwK*)O>VGX`JMi7NBbQt_d(l{P16fNc_8l!If|tYaz~Vj5<;z|0g3en*PO;X8 z7LLR8VFX-ZL|giTm4qu3oB>C}%hC$=8?>S$h;eD)T`^Lt%=c9Oii`rfluP6+*y zrKJYw+oHw;l4B(i^Boa_E6vSx3MNU7PV291=Gy!>+S+K7>~JW<`pt-ce8}uv z8$dQFJ;taF*>H9(&!tw1E4j4yX{$R$mn&Q?Ad53XG(f$D{)3M3~yXM-aS1~G(E{l?O$ED)}=!a?L)VdCG|@suCSbdYsOhGnY- zk?2Qbwipk&iLcf#W;rydK+1RqJebP`S(SIIpx-K8h%+a(&dXFJ>N zr#gCG9G4M0X?p6rP(?RSgf#%RLmu&mzkEnlIEyxo{9R#QF2j-};Zi z=CLp7&q%DUKCiX8Jag(FT{D1F{GF{+qG**Qdp>1gBeiMn=?W5{03)^`Usw**!?W3i zyrHxg6HEl1(Ncm# zE-Kz21^zRgK);yo{H6*HBYx3w5TFL&+P^SebSseR|D)wqJ9g{*N`;o>kFd@x@B>Dm zFusWtp%(oye*J9kla6^^bClh24wM$?yFegK1RnR!yD7$Spb_Zn`@a7n-tR!!g*v#+ zWo3}A4nWoN)^%6`r3326w`%p)9+l_v$fY1+i31WeppUr$I8a*0$PK$Fpw*y!s;YNI%}D6Z-@fTW)VDixn*`Z~aCA`Klm(2-)MZLN7T`xX#@UjV3d z03(l5i_ZX!(hBMC4!6RD%O)b1v$m`-lr_9dz2U^PAarH zG}%ze;lo&s{-;APnYI%xawIhsv8PCziWVx|86YZXeEe>=T44`vN}$s_L?=a|%GqlX z2o-*n{oM5Su&d}YIPv!m&vNguGD|7dsZqaTEQ6E(fOgvPx71A1sr}IuB%B z%T3wZ{%eYyUh5WZlN_I2bh$rLT=vGj4lUD;AU}?FiS|P?!>|F1FOh^pv5HqRMj#}P zk(Gy+Uz2yXw2*qLfje9#;YsiOQR27EO;V*iZpa|_XiA#K#cDsIjdw^q#wfT6G0etH zQtdEPezwWqQumCxsgs1HJG^~7ijm;VZq5u}HsNV-vc~!HkJN<*wh%c;^H;4`1wtR0 z7%xIiWn*N9k)3%ZL~Xx7*G*ePW7DMahFWiRl^Yw|YzfiopcD)lvV=e) z))9i2~i%Y}Sd3Lod&Ykn*@nR^+QCO;j| zFg!!F-vH(mBzR28+qjl>@XZ?^Ap^616z}{Q_tUvwQ8Ia8r|%U_Ds>x_?a~}RS2i7$CUwl zWL{e*?T|NAT$ly{E{hnsG=KT$wtU`Eu;!G-ojHZ*$J!bIz&?`{6HB`ag_7ge-pN@B zL`V!c_%J1noiU1F4DB_*d9K}bBsouYa4oc89-N0146~M;8yTA6)vgU%>hBFN)B+Vl zevuaM5!CA59297JB8xs(z0gsEm=m&lNzrIZwr!RN=)}S7`WQ?(Q@S0TPR``yTr;Po z@^bR*X9}dlh0_l6@$EJj7blxMlq>nO!!IRCG1r|~kdtv4Y!BNT-*YU%McLV06j&?^wzk=b5%*@_nBjez{8Ef$97olL3ZmB5fr*SK7pw#X= z9O0L@owE&GPS0pziLs5XuN5q!#0+IXILM4PJwDB1q*0Z=Ry z)cnzli;#a0egAF&U&c)+bJ-t3|8R4wPC5@=~r zWXR<9&AIt)XVNJu244od#Sr^(?EHgV1WWxroBjX7uNzHTPkYAWnY4aR;rn4BI1j^2 zBQkgU(yB4{nb+Qa<;&AQbkt|Z6g1Rl!9;pvnE zDm8e`_gqKHR*x_`OSjr@E`u_Tv`rc@jqYo=HrE{tei=JeF#C~zA z8lOh_V;h0!27~+)M{!}{W=la~Q;5ibcy=gxY@cPa$p?w)t#}`VeR)H|Gv4gCh;=_H z(PlLpouxqvR+?YFm#QN8JWS-KvhQo{FYCs0a8K<$e%WYO^|XxGgpSa7r7mHkjiyd} z4#3Cxvt7Tjem)Ky+4NXC1W!O#ub@uLv@%X>Bq9%U~q|M zczPCWdQVr)Inu6T59UnsvNdF@_auJ&+nre*(J?dzp|*`Pe32&^++}7-*c<=DL~OAF*Ig1Ux~6;VNhqLld&dc1oM>T zbgp$0-anJ@Rr|8tRx7cnsSqAT2L-HIk*Xj;jwq5&xCD8(u_)(JS(Bhnb!R>9X)I1@ zbr}!Qxh0yj?1AXb>!FhC=ZxUjh3;IG^ze0c^uYN)#5TPY(|*Z^Ll0(Ij51r#d3H(- zgwzWhL!*=B^BOy$Q;W|P*kmSnRMlcuAujIEJe1WSPknd;?V?=CHID1wOK906Ibm_y*s=nnNB@hevy6(ejT-fk zlEP4e3c^T-(v5U?42^_@bhpyo-7PtEcY}0ENDkc%BGTvK{l2r-IsXuri)Y4h-}~PC z+WWHkr2W=*wV~E}5e5@|A{jlv;Bd&Nv^tl=Mt{M{=8Ws#y&^Lk#vskXVx|gp4kmGE zpe6Bpk38TwZi;#>l5|aLD?Jqs%seG57H&Us%~N)|=Mhyswc~GG7LwaB=ObYL4zjWR zNVI?bBL>h%{L3a(1-ZQzthL|E4MzO819YFmJO71Wum2fpS-ivVmTd*(fl1&h5$fA0 zz7sUB+2h95s3^;NjR7&_>BA%)8!ZXsi@}mr3ci>ukkr` zENA;FcTL_`9aNQZJm<-k6;&F1vmO!-6}-uc30of9Eg!-}-toB~ zCf@$iJgEvt@76xOLPRQ}Ac&!EjnrPLW`2!EwN9Xt;tO^j6(K;>d#O$x1cOqreJGYzs^Kf4MFG-VgwHZ;w3OEyP4h@$+$NuIuYWPyxF1F>sM z{9vGXADoJjpiM6D;Z;=nnc82?ZkGk}1ETy+xY>1KZlxg?X6owzv7 z_YGYb8_Ot`s#HAT7jS0mD1!lEa1a!FWiDHuu%Rx8g{O3Quz;0A`5*x%P9LF#W+Na z6jTttvX|~8^^|cm`)e6lN<)Y`k`_yrJbYT$!@?TO)21|QmGSI^ZO0hXl)nxzUrq`# z8==`x#r>Vc0~Y&n$e5+vMg|Ef*^y_=_y6)7A`y_9dMo-_Mr*h__KP-c3Mi!Dvc5nm z*QE-x|AL*%Rz9*=dAZhlS76EI=xzO(9Koi9Gsl+`_cnvV2wvGR zhI(bUTo;b{BNM2c*kk5-tPMk!Ups^xVz3dQa$HL+*-vwt&ZR{El!mE6p{2-M%OLgN z<}S?h%*8sQGSqVZi!ZW5lzPR989&SEhK5i=k3PhO4C?U-Z}%9On!0duO)T!wS{9#% z4I=B*{c9ltqXl=-sUh&Q@&x!{pJdgRMj=$ZAjGs3R&TF3Y{@Dq^-Vq1)U=X6^w=|S zOfj|YR%5d=HD!K_1qw)az>r7jV?*?5O%0(eA>XR@ZsBpg*YXQ``e1N!Ky-8r*bQxt zzHY~R;fI7Vi!fi2wkE`0d5Yxb^Eue`!ZnBDXU-EE3*MoMv$pF9i#v3!yhUsh6;D}j z)^n02FnNh<^ra~+a04Mxn`y?Gs%L>|3q#_^)W(JpUdaJ34>uK=nonti9k%$sTNkEu zu!JK^cGN}vhZOhatKWVIpsF0>9FyVCF9irVL+Fa;iA_xBWr0b2WTf z5-~)B65gbmu7en`P(IMRusqa_jK)L!=?ZArvd{f*Xg<%U5!lz7@R)l8Sj&J)#0HSM zB3C)?jswzD=Pa)^-xr?&CJE@J7N$M`Ab#7#nA==!mNQVYel8p*fA#>1jR3e8ej3fa z5dwHjOMq|fFTwwEf}X9dEP!UN4=gE{)tdDM67}hJPZB6}1F>5NScw>IHD5(RUq#L1 zXh~}KuBG{a?!*gd*a`p{`1f(gEF=T&x6f$Svy?kI^A7mk_b08Vj{vxI9U{rU0kBvn zo!Ob0?U&N*XgWfoH&|Vf<+2OPTkn z_LEVYZKI|o?OgnQsf*z5w}0!wf`F42?cr?2?Be^p!LfvrC=fK{IM7?KEN;!vlgSZFRs-S!{x`0|;&*9)(eUWRUJ+k(o@iBD0%rfOh zCkPMmUq{7!$v`CeBQPw;pZ;?YFV+c`o$_J?LqLCyDxheTmb7_&{9!d#o>cv-6R8Ud zvgCBxe7(zGXG#>mKm?IBw<4bP0D9j?qG5_b;Za;=(dpM(OKGx+rs*D<1$mT5sL|IA zChDG*NQ`^ZUGi%N5yW);V~aT_frI_1=Hy$XX-e?H z*8>FTpN{CaelhrnTlm|UImP-)+-#UvbLF{hEn2;Wcnq$@+BHmyJza|>7*p*sPmTx?%((Jq zE@5L4E$0b-HZol4r0sky{o)pHO#81}-ps`9kfD)NWH2F6$IvZfFuYz+zngNf-DIdHBI#x8JFEbyIxwNJE)ju?!;8Bv#^~bOklkv~|Pb z_V!?Gv`;L!$R=!z|GoB3eqbiABzeRDYKuPzq%b*QAX1*8A<)NYYgj5y;-j`n+e2rvU;-ZXnaeeP|Cr0Uq||nA4`cSXac#i*AHs#o1w^_`XU3Rcp z`!w@<4cX=WIJsMVfjI-UTBsQ1PE4EkSu=BYMoK`b8)NcrAsh$Qi^P+B_3p-E=f@N=!5U3Tlz`dTX14)1F;?wDPZX&j;KtOP z=V4`ASEKUvOoX*m1o;cgr~vG>4r+d)2GQ>YnvSOH-RL zApwpsFKTS++jm%PTNrPzP^y}UozwB}0`mFSc!0h!T0|d9{+`py52xJZ=%{wJSx{hn zYv9IrJ&m3jcI;*Z8y{1AR4Rz8bQvtuSYXzf@YmdrsbXs#2+-9d#R|4w(oScPuCL-F zdZTL1Xg}UO)*Pqy+c{^*RD6Hon)|5uH}OuhuK1a0wM4#oUhmKb0KmE6p5 zgf~|?+S|WxBbjsFpd{o`U1}KndIVi*us++Ql7=xDT~N1$=s`&t=>l=u12Irzcjq z6AR#8;fierSV-^xv9U4^%$4g*@a$$h9|}O+1Oh%kU>M!q-F+TjWdP*caL-c#zy$j4 zx@qA1^PJbS94yMUZ4=OQ9}8x?@1*VmT~-GDo8f2rXTs}m?O{vD)trvtnJ-Qo0JuIp zYqM>i{@McTCQfHH^dBYxh6u2H&;LDM0+3wSEI<_wh-JJn)&L9LBtGB-f4E*1Tm-tJ z&!e`_Ku)w<-+Qu$JxRe0aC8&UDSdnvs4hEBJRfx5p0(bEJ%?cF zTq}4ETxgmBng;|xOgzst66WVKzj_58;6k(d7tqlHv``d2aG|UK-X1f-yM=fpuY;1J zPrE!5?icad&xgh{&uqQ)SKiiR`kA8o-L}I4EE7!cJPZ7Ie*-j!fzuXWqv`LW<^Nhx zJD=`=RSumG07L}?y6Te2`dW~r~^>NmL;N=7GnDVWiicXVl-?VuzhQ z+Ss4#4O_L+OUK6n=*W2q_^dg)tX2WeIzcVPzZGV&6}*_OJYLb^_6vDBmU+pMy@m4W zbBn$j<2yiGzO#&G;U({04$z999(moy8jn!M8w%iGXEvyYv-Vj>Gls#W4OuM9rTN-_ zmlsOM>~3ZMyS%Y`wLstwKXC&fobM{rOP4r(Z;+xPF_Ejlfotqc@GqM7eqpT$90ZEV9@c-sG6c5HnwY%<=UT zR3!GcCy%_Pt#;~=#J;x{BjYwIYi1XIS2g$^l%r__ed2X)veOHhQKKzfdRI3HKUi}W4T&(h-xViEMdBAvfPs!2A4wdDxKaNnaBzm9Eg zCGeDf15(krI+BaUb9RLy>qn#p=prUBh>xc=qv^3$zu29o-O?%l%HC4agXj@SEvy+b zh$wO)<>O`;m9rP1{3E_VO*jR8iy50TV%d+9@~vq)^2EYQ3BlVxgSx(*A+QukOsT(g zcrsn?#_*`)9B6&*?R+M(X9o=u!Bb5Q8q2 zVe}p9JO&{j##l!%U=+imp5T$K{>=dq65(iTb5WH0V3q1PKB}eSx6_4($o278dNt8t zx13LjMOP;l-K4qt7|(95CzG6E3pz8(=%&PIYD(x7)HcMwY}%UYF#P56ff{CJ3v!0dsci_Hgg^M)?LpPTAR z&|a-CZ@LX}bJ8(moXFTAY?|hRJl4 zjqnWZRjCUoVCi0#D3n)ni;p^6=X$TNiO9_k|*xIM! zT@Wo*Y?`WrQaZNJOwH;~cH%-qJ*rq?J!vB@)v@yWs0LUK*MiQ>>~h3lSr^mqL_S(7 z1*j1j9u1qNrH5U=e7vem?>ZKkOTN{ST>-YVNXql0!c4DE9?1nu@W>*@G^jTfMmASJ zO0bP~U1niDH`PSKacpFh*5J(fPVLEdU|g-BC5|$VmF5H_*B57KL}5gs5Fi|9(NzM0 zQ7ABTsX8b^2w}*+KcEp3@9{oc`5o(Vo-OaF70^==vD6k?|G4n+=}VyGX`5~M*k(#xkQEB8rI-czl?Z6`1H_t-lTGrFnZx0_%(_g}RG~zME~Q=t2URRT zDZLOZjj{E!)FLKDpt?2CzFvncT3ggi=z|)LMGQ{@J?;K@gR`p);9$04lzF*987DB3 zla{$O-%y^meXa?W468QbV)O4=YAAsXW1A+$jbfWE<8Ev9*LEeS_KzOTH-DEjav$`+ z&Q49`F?b4A`9l7J^>_7++aae55Yz8AHkwGyx>PqJ(>eJ8)29rQeTl<3YE{0KY4foc zMO6s5?m7fffeb!R6zIf6e3diKQ`(YBGib-`4|8#}l#o`D8CnNk-GH4^<7RbrblT5R zE}LZ<2Rb2SdR~U_$@DHhj{Tr-$n& z;AjsBM9KKZ+F;ZFc(;l2k^Arb^O%b!==|XcxG)-ekyUyNn3@5m)8xOaw(yp#s2g{y z1;2#_hi2gK+4WS~tlX}Io(f)-C?+1-F8&F=y!38z-2HW~2MF20K#rl2l*S?$%{GB- zch>zv-+30geHZOT0GqEd(YoZcTJe}2HqH2Uf!S#DeZ6A!oyVGQHn92|$IGWk@O$!R zE3kT8^jV?$k;9)vr@;!|b^{bN=f{YjZLdsXjojz+U$`bFR?lsp8p;IzWv(`F1G1El z-Y1TV-s6s-2#FuBfJ6KpAb@rId)?uBbbnv{?#a#jzNpcL3EOQ?RB@?8phFNi5`j6H zGLuFx0AqetQ(+%&SM=X=IVfK7r!oa`{x&|*C3>>&rOqk-*f8yZs4u|X0-lX=9eg*9bg(s^I$v(djxOC9mutgfuEJ@ z*mtAM*K7m0_5Oq&hxMGcR!XLxvnZ|pUu@vIezaIQ?RD4)JTrOE{e7-Z10#j^iu2#> z?5D|^$Bz5$?2er@uM9=LI)_KPGh2mXnXD=Vz7kCS;7HWdUF+eF9nXH(H zpZ+KN=$$KnF)^WkH5L6~q{}26+y##IT-JEWkNfm5`d`2P@bC`9PGTdBFQiIy$lX=>2578ev({hDVbfq0xq@@ws`9 z`=k5^&>Gc8_aU-@|7hxqwWs^+8(`N~B*6D=&Ck(fw^^tIV{^}Tc`unSaX~t0IVZw# z4EG9dU@%Hm>075=`9T5mUJq^;M2(Zso{^(3$t*se+IABZCx)BSO&%L3t-74NKXL*K zV@byydwrXVsp-RNK94fCGUU8qOlr)3s&Tvt44kzomco}0f6Rdp#nT ziOe$EMNZ@J-jwB1Vrec>6GrJQ4Ov)WKolOD9!GZwePkc{iZcRX2QJ?^wR7f|u$|boS>Z`Oc z8{_V;p6YXAd`P^1KVZ+3n!5MAsCE-o>E14AdyGncRBpxnwq>(eN)JZinH?j2NmcZ+ zfUzQ7ZPWy;0%PnELA6USA>Hm*Pq!dX=N#t;y2Ai%J4Q{-)`-PT`Bp@ln6^I+T2OQPxd=#*@wC$k70QeiNe zrwiG@x1^j25^q_ibuH@o6w#KK*RR!9**+;dqDCOAfO(K~g|V*Ct#`aA(Fe)=Q;xq} zW(~|PInEvB;=Q%1v)kNOpPd0}$SM+uUHr@5q}3?QLWKvgG?ijI)k@uVEB2(2zWzu& z{IpVastS7Q057HURqV+;7`-cN?Ub8uKt3K3MQ}Yyppbl;dgYJkEttajUG`ZNJw>RU|G+s<7j{xV+w_on$e z>3Bmj_nMMR=_?f;b^>iV+SF!IqC$YU$_ZuNJ_y`Hi5){Fga&Somx^Ww#U_cqSD_^P zbx2Mjs|WhAzEIk$)JT)k%5%+~UZlK=x{8S|ia!cIP+X=DcWLQct_! ziGv0OAC<4Hu6}Q~}{w5lF>V!!a zo~G0EQ?t}e`2{mObi7cS)h@N5yUa*fB~Wv@Mtk=XQG2XxZqak8hMYX&OzpP@THi{q zx%SS!j9AikN~X87^Y)4R`-R{FB7Nu!&Y<(Ez*j@MESirjF6{)LS*8<2g-)m0-A~u2 z+M^f4XCHMz{#&$YGF^_|S{^ig5HY)hBO5QTxe z>GK(F4FqKm!Fm^Dtj*>ixXzx%l-%Dr4@-3`7-7yeSvTXjs5(Z^en+Bp`OhsqK=9D+ zda5^Plsmn@)sCPxrBY9Xvgu|4u0WhNDkw%IbD|Nj4)ZJu(I>Ua+Li2}Om6CeJr4?jxncr}HB37P;xwoQLSwXDzKZtK#lVIUh$Fol`#f zt;AJ!c2xWWy&AkruYUKafKoC^)G%M@A-*8oO>AcMv|dd+r)bR5|ep{Ai>aRii88{x725OSov_icW~D@ z6lQe{9>(tZ79eX~-ToxUN+dMA@vv>)oK=O#S z?@8jVw;s<{lzNved8cvfKxX)YM=Fe9KLSDy&XW7VI#y3xQN&t8G{tKind(=+0CZvy`4eAi$NgeP2<{%zB%RLGrJDq zU)S?;Vx**i=ed>~LR$=(r8>lt08#g z6ci$a^t2e|0XCCCByz@kFN1AEil>p(3XgVW*u4kSlUamHQSWXv%KkN?H43j%Ti?!R zAtcJLx*Za>i44CRGL(`S@lVPK-dql{?*7@LKa*um0Pi1MShU?!t!cxY! zaZ1ZB9m1tkY{`O(Tgp{#L}-b^o_G4T!~|DYS*lJMTPRGWxIZWHxWn1@yKhifPH_UH zIp)2XJT3(HZ%IOW>CMjV!2$E{5~A6XLA9`g$wqQQI%9fppfJ=v&y}VxLPRmp5i8sX zFPDChm0CH95*I71r{Z9CeZRKow=hhL&iUvKDAUg=yMIy=OHdwR zi3-r*^kAnNai`rC2juVW_Pk`Lr{}*`pd(jfW5>tw<{jr<;jca_%6>GB_~4|Pl3LYh zaA>dlT40w)hA!AW%R+fpdvvDj>}*euDoV2B?tVo@hAuutY%7u=)`W2@VhN)X}aG>h9xh;64mu|!>mfl?Hj;K+*Hjds~r%SRy3jeg^ zE9mF^?)cGUKzLQ>DeLzp0}euRm_lX7dYpZZ0?zekD>3 z+(qPwUs@`4&*IJ~=8>m9z{>AD*)uB&al3}=oC*w^R^FfuSyF!kY{TO--Exr}r;M&rTmnz5Yl7$#dJ!->Y7CfK3|szvWQ)l(po2 zxB9qr*}E=Y-k5!Z_37#6=`nTU{sb6+S$et=+*Hl>s66(b@%g>teD`74@+xZe(fZqO z*Y9^h`|szOZf*|`!*J|;+d4_^)^WBQm)9cmZYc^AerL7__Jp4w92`6k$y~h;4aBk7 z_)h+C|M=$e`svg2qXc{ZqfiWz)!ldwk(MFB)U7z6qVr?MtIebsCsVq$IHLNj`CU^s);goaoX6>NSv`x@&6ZxvZNTWDA@t(GaASy~q zO-!8<3W~N_QySYOioH_qZA+Rdf@AyA}{`|?Zydw201SGrWA{O$Z$6xrB{!lChZc%)e zrkcZ5&5S{`8J3kpbiE|)3zyiRbv2TwuEkZAb`MBcZsLB|rB=)IajY2fa>{)g+nQMR zriSC8aQU%O9}2D(l9M<(tTuVUvU%?dd;AgkbDz9A_(L6|aN6v>8=VP#%lYB7PneFgW@zw9dy@|0H zO^wyB;E29Np4x<89!)fZIy&)iS_C)0Ry4@>@8tvx;^C=;cw`h{A8ezqRu6qM3Dhel z>BXUG!Jv9t5A99}KQ2a~2%Sh?^YltggeMbvY*;|>;^aGpn$xbfcNXYYDhRzMJd@xX ziYcQOx*D@uWZVhlcYh*Jiv#2o+$!OH0YF*F^=Hw{$+dBV)R@*}B0D9?4!bxTUjY#;;mjT`V}5HN`2w$^=mR zlxIcxXHpru_0$tyur*Is6m}Q8e8Egd9f6A=S#V%mf1f^ez1&^WpMIjc7{{*2GcW;&c$kC~}VL3tk9_fXx>pe~wpa%i7W5Rib%X zq4`Psc6OMQC3e?O(agf3V7d$U_ajW)v&iE(oN5)WQ>~KBd8_ShFEm|JpUSvJw1+=d zMjIMoKwDG^AP8Wz%z2wQq!Sg-X98)Of>_l5vS|Ykbm$(ZEJf0Dlpl_kk=J&&uYuS&gZ8y|jM+0ZAo#D%b zqi4W+R}X#fzOy@>nF#MY+f_v_FTk_1`n(h69WbT7J_eu%|8~+xT)nTKZr(j@;@tat zpK*PC`hnVZQnBPZRe3*bdk^>|6Q6GNy$=^^Pw#i1?#peLn7<>pZgY8GUb*zYXcB_2 zMgT3X3muCy+xt!L`$QmlZG61yd>rq*zJ}idP~4=-@S)twyYv2k0;`t-mG=J=NMB#R z0Ya+=(1uyP%>+7X-hU_Hw;!Ljdo!^9%Q@{sf8$mTx7$b-@A~%#^QQ~*j`pg8_2m6R zuhu4hzn{ITt?{}a)h8esXlg}TJ~nt&X&3m;9{<{IN9KAtK9~}*@Mp}OYG?KzC7hOD zZ{t0vOEQWmKiqT}>a}>{w)l(Np4>U-~#(=YDEi?keO;n{mOrrLUzQk~V9pq9<1n z#+`~kYtJn5JZ)zh;v^y<{1Y+*8S~U#Xlqc&o$3k*gzVd-2eD8NTB%(VQmUsgqYok7 zlD?b_YJG?J!R zs!W^lb<^pwmsZPwVTXsu-Jid90*P_AP2GEcsQCTx++t8Cs|AixdcMjm@(3J z{gNRxz-F%A+znlbz#@r*z|LSsCm-!HC$`eqnA@J8sc3qCh8H>5-0NaXI+L2x$d)>X zE3Uf5EzDy4(Gbq4i83cH?PeSss+0)HGYU2E!GfUe;A*lcD}ml5Op*>(tHKn~r`vLH zO3Y?w?mzEGNEe^BD^4T-tH}^E&N2flPiMpwnigR6{iY+u3W&+dtVTD&$-7LNQ46R^ zbL7I2v?E_751>~I&_5ucJb_zfM_3RWecig$!k9 za2Hb}VMtbf;a34OxdP9-AcUa2C}-s-(yyY|Hj5S3ZwZl8wO)xH@gq1vmHV1EO{wAR zwTZ8owF3XtEHDZU|CM06n2|R$@k*@hl1EGo?^yh+FO~#5<)y@AsBVM+esV~_pENp6qB=0AQPAll)C*t8zpC`u8s^bwO7Inx44a`Lm%jor*e@ni-*YQBEZ zBfFF=h5A)^!`V2QNLUiJ#dtfg(2RH{`1uIXQS zvV~aJ&Wp*A4a*nBGB0O>0oS-Rf75l+$0QY*@mB<)(6xVSO0mLvO=7UXhND6-56B29Bv1^+m!Y~Iz+smNFiC#(EI?dh$h_>nQ9 zMvjG%p?mA_dsNQNz3Tr>Ja1p`>)u&=J#0=z*zWrSvhU|k`Gl7N_CFVwsjDj;?|;Fz z-<^Vh3A&`;D}i+CRw)QxXwt-C~>2Wzd89@pgC??G-) zMUvH-D1tG534i+8qP=+QRXNf}QT-!vmAKJT;^_NVb!$CVeUKX-C^&c^RrGmT^5Fy1kJzLBjWHP*sZ1WxW|A_{T9uX8 zC*U$ihKh$xrsh5z z53eF&0Xrq=vH7`$_y#6Cd(2b#~*lnPKu-E44Jk% z66nFosl_XbhlW@fN7<*YI!9a$eIJbVN@6Zl%t@K49}i8f4`Ub|Es-NzsfnJ4pO$Qh zD9MjP41^s$wend}banRnHedpG-F)BDXcPtkPssAhxf8YA!~_Y0ONfGp#?{GHB^@vlCleIAIu;MNGIZW zzZRlm3Eq^Fq@89b3@>&Nz_(8sK0e0o-u(4>xzQE=-QDW(-plf%Q~UG zM%pU5me_ORNELARxZC&j^ zqwzQm?oDiMoV)l{UJsI`OPBGsQAwpzw+v!^`&MN!i~NTsSlNNLjQKFw;j@4D9ym#x z=ne0un9cJumy}B4U&%kXu1_2@E6w~-q)}jmr=P6`laNZv$YloSn^FU9aJT5Ia-X`s zNzuZ1$G%KOGX)Cd;T#_tnHuMFd5$kcipvLtjZcpXG53oz5?h-SU(+g~-cAlsi>vjC zAt?mS9ZP56HKx~R+xMtr|9--RFR zn;6EwW+c-0GQMO+{a5?1UVj9V6burkYD6^RxP#)-!L3EXOQ`cW@#QIz$8De7otdfDpV`?8RwOAKDC2O!=?3Hrr zk^~=@hv06UxE5_U)wOP(zxnu?O!0eK<(_8LaUlLwUCyYRZkI>it z>r$Dz_;FYh1=VDBoq4}A!QeX*q?4(2sOKwx&1kl)YWX!=6$M|t{r(-ydl>B>yIMF_ zkSp6jn01x>Yn;-O;zb2<15AHx#6ny@G3W6wk_jp{wzje*CRyp%Mg=n>RjseYZT(-q z0k`ZoQNK`7vE(JJf#P`~UudL-?(Jn+Pl^_?f5??2E>nx9dLXvasAz$ zUT+xHI-M(@aOlJG76+Ksp6YQV1-yPU~(>k%5+o(PAX2K>LfUMx3 z1)H1OKh0Rk@CxkW?5Pz83io6lz4R3hGiPq&BT)&{jyBH(?Br*FRx)#Ta$;a??*kI% zVpBE|!zrA0pVIDAkN1^w>JULgp7Io%RHJYXaY^uV9&x#bFF7~}742gn;VT$=y~;Ib zVMASh&)+9kz^sj21iLIlOiR!%Y*wghX=-~oxvYGMemXaM()T{UZ%)%Hm|a{}98i5# zaJCSy!-mPq-x5rMo8QV8h=$i~)MKPpNH6+{*b0-00kz@S%X6aR^%q$q9n_`09vwdw zti;%FI$qJ`J#XsOqp5o0UG&2cYV^2DbsX4+oxt$lvO*|6NQS7VTKZzXO_y$+3BAx^ z<*kzpwKbp(VaGjs+4lXWf;n%G_9zzadE|DPDG)C$GZU}IM!C&Z15mV|3#r9rh;pP@ zoKN8`AsJD}E3Vms-j9A@MH^dbcEJ)mdaA~Y1nRF$dxor1O_n&>?=A+Fre^qwTNBZS zjQ1Mmq*7&vu(ZM;vWIF?rBJ!U8bTR2E-e z`Wuueu^HooA^vt6^Ut0|S%Dmiyr;%L7bkiM;;P&cXUF2B9LfB@NRb5J`M{7av3l}# zp9D8GVLFZpZ-HWnIy+r0Vkovg;ju~~ufD$E_rHJeS4~`=E>>PmtiBZdJjSV*Coa-g zq5u&g$=N)*^`M>xDKS)gVA{eaqo{FJGX8{|><1qfBuGaZ?LWQ%HF~ zRK4O@97a51HGPW|R@!dL4W#T9&kFp;|})DVKGobXO! z6C@(hkVoajkv2|D2!C*@f(sHChIJ2lFi~V#;uE5-K=P>HmEw|uk;P_n@_7S|J|=IE z{{T|}o6xBC$k3y&PQbYMOq@RrIDUTqo+K}pt6pSoJ~pI+AxkPx5rt#qx=zm5JA#>>O$X#z& zcm=wmaAQzmx3o4C#3c#1-=})lLB5Sd0%Zv*^!})9yngj5LeWzvue={G9*?n4eZ!H|lm&5)HQL~wt;h+`27BO`hlxGZ!nc71@Cr7prALU=^ ziXC77vKA+C7}L7Bf3u=jJ`EtlKjYI6(eqZ~Crf+%Joe1Px8O-=HBjT7V7@I0o6EdB)c92W^i!mnM(roW7|6x0|H z*=n`JV8TWkdBWGqj0F}1svNjvhOBijv@NYQd&39?M%lnc({T*vPTm2 z3F}EE3h{)wfT_meBr*YQb#enae?q;_U{9tZkd_#T3jFdGhyh`R8R9Iy*I$`#b3$FC z;d&!meGmJ{Il#q}NU_OWxtg6rL$!kbUFn*{kLgi03*{vYMhiOAxg;uCVGma*L%nH5 zip=?3D;JK0lW#)@zxTP#DWi!>qI4;YY^PVPw2VZ}*x?jgt-ppnE|@pH#60t$zO~ey zzTiy+kI4FoA&kr?;l?iHY)-U~H8^&!J>8tn;R59=jCmIR-l-oMuUVt7R{XPfm>JJVC(H{EVXtFjQx4Uj9ds)u zZAa%hS-pfQU7irl*@6&7e*Su>tNWB(QcO54y!Ojbx;ZZF;>`6j;rpL$BurAFQ;b^c zzWjCCj4i4B<+6+?PCFe7uyQ$}iXTSl^wpK?w*lAKZ!h4MqLl%zpf zR@SgAXbkJ`ocJ1?*w^_FC?(YM-OCZk!XX&_(ZT$oiP748to=o=sNz6@zB^8ZKWVz{s-cqk?^OIF9$`-H7BTXk-u~cXVCRV! zG*cbqhP#jFh2--#`o#kq)h7^IJzw%%)bUCG%0qZ-s|znl%I%tNqUjgMeRydhPMh{0 zIomJewQ}EAR$P89Xt}I`-WT!~xF68}tcWIf$vLpS*M9X`hJ(S#B+X0-f&0bKC#jeE zzh(@G5?2U#b_LFIrLKq{BJ0XfKzr@3|B5$h3;5L*uc2p)-v(WyuWFK`T(38Ooh0Lj zmb$0yBIZuM=zlGK=|Q~@J0vp>$te~WJ7sG075Xz5GS$m-8l+Q2=lkm8Dg5Rq7p?ls z+J>DIu$QBNV0%kTdsgMHb_6u1U&Uy_LKz?ZbShST0TwalxFQ!x5S{xX^VgqVLSl%& zBMvsbrdpV}G9hYvH{WPm>&ub7XYJ7S1XxFVklRJzn|33jX}mez_eRRV!PF&2aGD_v^LI2N`*NLq*Kr zWSV9>Uz@8>InQ&=C@8e&?Rhh`EvKDuS#0&>97T}m@kHRd?>r6>nu0;%;+D!?is7!w z%|Viu$6NAaVg*TfK4O@>!C441`2>V0EcCJJhBpr#w$0&q$d1xBg~-hokhEkY7*Zd~ z$Js_Ky@DN_yUqd%WKiGHZSjbU_qws3w_!5l~k61S~Sq zEl2QhIlcshk-db~EW(V%Ur7=beS2~}y>*|&kT2V;hauWB zsk;j+(E~rioXxT_Wuw=&4w0jRJ?w(;)n- zh=0-ctM}z;q{y*s%j}l$AQ7ZgdV*4B{}e(f%7AXmGs*G$Ckm+Jzx3??4?vsm z-h947GhER*JT`Hw&KkAp@PMVkI>A$(6P1fgH7^%s$~Ea43Q^a&Vhi-V=by}1^KBuK zeB>Wa5UlclnX_68^ZEfrDi>PXco@-o)!oSEx7f&ktsGwQl0UQTutd9R(zh_Al6hC#o1 z+J@8eeIF%AEK9qs5RgKD9e0AJ3h~Heguv>B2#^qiJYVJ&W2nWV4oQU+h=zp}Cn6rg zuODh7(Wt~&_S)Y_TumZtYdD#_8GCrEI!l1_(X8%*f16fXC_66xZFQruDOpMQSH!oP zrEj~=;BP@|aMb*E-)ZJDP$H}tjB9T%rQ|_gtn`CGMo79E?T-)+HL5wTDk#oP!Qu-{ zxWxT{Db1#YWzzbZed_Zu<3vrWZ&=GT^#f+2*n3Iv zLv5cv&!Eg*{z^F|JgFR7$je|l8dxih!4E!@f9*C6Ns#&&JWz10Ic`-NrI}&NXINIj zD^w~kakq(sD?cVa`+qgIB4Zw$oBa)Gc&vSk**Yu;LuB&|Ks~W3yjTjM?%Kth-&aMg zNc*?1dMreVWs2qai}mELOUqnsrCFndd?Et$caCjR65O>fgD5}*ghtf1 zUKjhbv)!$V{R9XTX<(!TIcR7X2+c&bb8u^uj8YZSc@0li_!Wp~PUoppPN2gUts!2l zWW}aO26=0m#|*76BY}W*vRPSQ84aC}rxhp9I8eRON^!zzC{u{lE$wO*r;1 zPw;Gw;&n3BEol&C52x8h)xhHQr3&ZLF^K)$W62)3uK=?h^7)cs$ z+3j#h1Al)k)sqxzpupB$coJm+9?Ueuf8}|h9tU0Kv9HosIUiwmPUujNN%@o3x1PA) zk%o^j+Fj|8z$85zwp20NV%93f$JJGZAl{69H@4RP1}$3bPZQPJnjX>;<5E1k7x!_tO z`|Qub(rY!M6&Y1x5fxGr*0560FxQp0|4+qhy-)$5QK_YYmfU|xQIxv( zZYsF#@Yfm9jQJvm^o57?1wcF{=(^wU0+hb@8|m_I|Hr8cFGpKXS?uXmK{R%i`-g~8 z??0`y*Unlq%p+%v61(t(-yKJ}N=%S{>>D%7WE&Cwr!^BkhX;3!bJc$a9jPx|d?UbNwdfF4)RHNMEX8uIVI_&jl}U~twE?qY>s$LM3_3j6ZJ-c}O?gdu12 z_8T63#R>lz&Uu$P;^XbRcvZHoreRT?$$sl=f*BfBv%Mt-bu zQ8YjdJSVK-p92MY=m<6;dH7tPYf};Sdjf2^#-D{H!S4L27E!J*6UdQzv7gg(_v$Ow z55w_lzki*2+2}qiGV7tKHq>eOxtpt{;ngM)OdeXcXNaSr`{r3#JGa860a1#t}*jOrUj^4rI$u%(;#Vl`j?_5_$|??jxo zNNZ}&FMff^;l8jE7GJ)Wr2NI&J3aqS@ONXfAzT32q(Cgiw~5sIAo!B3;Kz*zCTZEl zr=m|6_#0W;o?@xSVRWyBtlEALg15~vs9(kEkbLrA4bmXxj};^DQ~GjE6mZZ{lP{&S zvb?N2rYrwlent-bs<~*NIXL{oioZkETvo?dP=IkTA&sq|x#q%IrH69X1AGEg&v;(@ zr)gWYL%1AFDLkqD8plC>HoW*v`HXNyto#LBO-{$#0{mH*)&TGAPZEx46YSz3ljW~v za0pve-kU^GQkbr~}Ku~^{I?a(=IM-+hHO03?dbQk7-qt>C{wkkM8m-8{u zO-&{kRnZo%&$46n(01Sste#M7D9a;heQu&Z_c;v;76*`i0DF zr7qa|?>KX0loDC!IS{(l$SQddAXD{>3*m*U=;?%TmFejTg^@+P7?^#Y$>` zNow@4=U6O#xGYRtul{Xxq@R@>aZjUxJ_Fb~uY7|pCoMhE3%Xf%AU8XL_O-aFF-qxY z*E6kH$?2ED?*2X(zXl||F6KJUh6^%n>{fm6|58jH-cd~HI*?)gW~}l%8rfDHwT$X6 zjEtnL7|>@R0QY%SfxhYGF%-VBrHuLE{V@=G5eA}dfHNcpBVM{%|I%rykx1up^3qv2 z*onj`Du{OE*)2}_*GS@i;_T%eb758*-M{Nu=~bH0Cl}3KCXS9Y-nB!2>#AII{tNQ)QT)5TZJY75;_VUH zbeg=p6XFrv;d$n;!&ykp6U>b{_l8O=TBDS@=j~2Gdk)S=4YQu6N4v+&@V&=`d?Kgo zCV^=3!Z_m8qt|_(oHadc`s*(5qfby%FLSd0#$RGXns>9BcRc{l?dakD=pjz(j8*zC zYuC9$m%f8~qRYd+|5dNcK>-T(e2H2BQA^#B7gx~l$e`bv5C1fSPpE@Wrl*cdXUv9v zKOmWc1N;8j=S#-qUuEWBZ2_8_v4a2S;6{Z(_x`Ir=sP6oI?rS(7o7p8d}l+%R9*+i zsm$k(_V+lCOvO-6SQt^?OTrlDM4k_HzuF9}2jg+0B86rm>yUq+#e95f9@GLBjg@Q+ z>iQan@$Q>WR_gGE$>EtUPLr+E2=-<5gY-QPuEn!3!63;HdOjys96?PX%U?x)nG}p6 za4oZy<%<>w9eb|Ri>OEP!thv{x}hZUp-)QU=AbigSE};jYHE7mM3JOy?=q#t*1X|7l5aTuZ85N#yOP(}mm-~u;DzuM$Z6Ya zG?$3!=bK&Aqw{_*67n#r3Pxak=i51Ucr)QiakQtB+M?YIq{69ychNFrc%;NmdcRnf7rrmR{@RBa>>i$y6 zmM&Y{1~|kfWaf~u;=G=H+SzI4lGlgRi$V=Mfbwk4@khxa5M&@3+EUZ#goUc#Q9X60#?b0TXx%zu;u0IsKD5c&H5ev@YEzESH+1SAKIE1SuzF^ zG_pQ`;F6F_ey6l1a=Mq5%%cB?kEuXGeK`P|M)y@yGLKLde2Of?g>~i9wSVRO zW*Ko2Pie{^&#dwpTc-FCO-D9vOp+Ah%`4rNC@o#l>{BcD9jg@5Z-fyFMg2nTNZ1Dq zGVTG%g0qz{{^r_V4MFZ=PoE3M^@1l~CNvlJUSJfJXOjI39MihcU|UJjQyKmI8iUE7&!+NF*exugLOIu7iw+ z79Gnfy|J(K>2q#AtA`0r2>ICZiNxPk++$V))!T>y&|%N^bVvF>BAQ~T7y$|2v=;8G zcMdp*ZCkAoEFQhDi!%|eO~)CfEomyS;x`aK2_p`cFx*Id`hAL+tTNO~QgIy~eVI0feVLBaMQuPowI zq3l$jmHX>DuA!NebFGgyoV!V#FIoyG*)i0bbNJ-sTEh~4CaCu@zZic-qsRvu$n;u# zdrqSL1Nt5;xzs0*`}?>uJ@J^^#_|tc6k7OI89rHkU5(V^Z;N$&pkDtj(*Nf9H2?pC zRtl63+uGW?rWH|T`P*rxyJ^&yL{|e&k>(G-0Hl4*U9Zb}0aL@}PatoLI?(|LwAF{t zA7*j9&Mu&&HFor?JIfu{35);pVe|Hg-rvl&v(9ehkWDRc=le|*PJjZAPxp$&JB7`p zTW`-BLjxmWO}^#8)9Iz^HWnF@h7=}Oj|cYwAkYVGkExwGN;gwS;H#lOVg4n9Mq)UC zcMC?uh3G~#?Lh@MZj`r~rKXk^Za4CAJc z%*NmAPHQT7Ed_$!YaZ}HvE}q0M>h_0QaJL8WPkly<;<+l@R#2gN})fuZARW=IGuuh z);(&rHA$c9No>MdK?HJ&KGg_ydy$LZt0tyTkccF)+LbNa4qaKa+f}{TUQZ;Qf$y!` zN-e3Kav{dPr_Yo>t+t)?fFvqC>yW^5HTc41p_OWQ)~?F0M|a1p()x53*3v3{{Eu>) zVZhs1F&p=Q)p%*SPU-rsKw@u+Og|aC+ROb-)IO?K?&to~u4C%^FZd6)K2UHvXRB;)MR2uaqbXcS`) z-&eTIjDD(;q@=#aEF{zeoB0>L{LGITRQu_XJj5=S_|bbjeYlm80d;&skIrs5n(6@td1c&dk`cnCi9Ne1})*Q0{iT1Z{Od8GUitQYO~z zSaXR1wXikS+1%Tsh+f<2b_OGjF?Tqc+RS4zTYGz-K(~j}Q8K~Y~ zv;eloqdRYm?i-DpPu2I_B>m=hCl^q)qtinv@sFGT^M;e@t)p6&p#E13mh3XfYX-4*lY8_MMfES7Z+L1X~oBR!`0KWbpX(WGSB8 z-Fe#o);7iRjA2H5ze_v19Fk*DQ-(0^^ATgy*J6F=fhE8k8Ss)hMdq0YqH*ppLACp< zy(jgrJw7JlQ>0!;YnIL}v|X{xi1JP4`hn(~dKu z%i!6{Rcao$?)-&IcwQKC|C=KP5c6Ays`Nz<7z5n~u{ zRuW2QzGoRiO;)Y4(hr~77M~xM&bWg$hp0Qa=M7F9Qg>a;26S=7lKX@VyU-jx+%yPH zDM3`PT8+yMwij$Gtj11jr@yUzG5^K(- zAeJc*6n}|#1WYJzY<5$kXb>2TaP^6|@%=yP3hgmSGEW>xDxYf_b9bmhm~{@IsoFl2 zcx)eELD;;Ab&>t#n1dSMnI-8N84>L8M4?$dtQ<@sw~`7sNVI9SJ*Kst_3Kv>THTC& z;oj*@=tY$h-doHgNt%A^T*s~t=6?eHYn@*ktseR1U6}6QbarSuFR>)KDm!pvVOJ#C zSGo%GIOQpO&$F$gAF8`&S%mxF<*gp=Y_H(S zuW`3SACZz7Y1iB9HHcHFri-(1n?1$=eO4$S%hBMChqm&n`Sleb$VfEKtX6MOT3e5AL4lEd~VkxX1UZ@4z@ zyUFyW-Zl!l5qtMdXFGX-w3E%GC(PClB6i_`C7mFC$Z z6E@hXKEeQ1-j7+us))_m>Nhk1j3;R)=NC5RsCG7^*wS;d?6$0O`|{%A@TR&H(u74m zLeqIRWpU+jy$KWbI5B+=igkp_c=Q{thAf^osWeqvDk>csLax0>!k7l7;#At|AOIIa z)yowotI_+tMQ1O$w*T*dTnKL~F&{|UCAi@afHxYxk>|zmP&GApzwVLGF`xBuQw|Yy z|HWD}=-0>d^J^ZC*|@pyUQl-JW-`(jcZ?#Ke-44UGP$a+ZUj>Ca=a8AQDQrXu*FZR z+T-7`ZSR5ZRQ1+9Wi3n*MDytGNsh`8ve$j|NKaG;kJU%$ldOjEs!;Q$Qo@2ypwLbh#*&R{q^W{`0-h)m``3zDq|p_dCJ&JNbW8 zN^d8RZYP13YXZ72fRxJf=mgwH!M`|ytnU9a!jjytkxb&;-tI^T_YsK(9D3yY{{jeH zr2vns#(#O=3>YEioqU!)(~&*{e1Vq`O~270fR!QIzD{Id9(Y!0HVs_Y^LAeTLS4R` zo}>6w^MLKhzTp}b_+?lIz;BytuordALTA)fJZy0G2}6 zA;78XIR80db%Mf*6$4!g6gEq-aSEtS)R+KbKwjS-g7H6v02}N6{=TYdFBWF~bC&=K{~W7$11xg9kF`0{8pEV8g_+b>wAYE9Z!V9fAb~CkKJTzRDP*Hd__!?1bdb`^elD>FKG|0 zMopLKku6L7KP?VlkI?v;{9apQwC!<^ehJSwS2Gv>;*W|BMQg2Xp&4MZSaO$VbA`|u zQ0Q=*+RnjQg0zcE@WPp?3Za&(On-7%-B)Jt3m&4dNcwNau$9fkv3}WJjm!isefKcM zCPseapsxg(*m_7B0UVPIBX%D`4*dhSv@@%5gbjuRd!usD@x%#Xf$dkt@AmVJtqyV*_gIL{X9crZdMwuUKemD zcMK{}X72|)*Q!14Pf3&o1BwH0zkalS-a<0k7Xb4$~o z^YjkpjO`KX?AH_))Bhy+fKt?R;ir z)hruu6wuV=Cy*$oohZ*&+a3kSMX`&Dde~S|v8O5|YSwu>|FL_sU9cpB=8ZZ2`RDLk zLD9H<=k?0pzy3(h7B~$n#Og%6?&Ig*?5AJK7Bn8G&r)+BW7_J^k%LumxsezE>%X38 zaeMvnUwG%zwPOY4JkM zmvtVxJNxsy`if_q8d#0+wVo?$y;WoX?1i>)@#DGX&Aj3b@SpxijiVtw?geT^a`^5q zxhLs0h8-29(4(FuN7ac`XdA&C>^!E8F&yV@5G+Tw}Rb8ylmln;0t-WpOR8O)3DKc`^&Ga`kjA$8`IW zKdyNc4R=B_1pQCSxw!iAeLTvt9S9)OX+aY{k5KMY5MJpv7d%m^hKFwdlO*1l`o8e>V&D zc#)O%XMGb|DtHucMJe7xis@U;%C59xby>GzDlt#}=E2{$bQc)*QX~$=u637H8tk1- z#vKJ)>5`(hn19YkMizevoX30ZZu=Rb;%a^TN{dP5T7Y=F)yWk$j{D8FDHOpouKbE? zU>2=Rl%+WnlA|+3Pw8k8*`ru7K`PxpaL9}|6k*#K@~!=?9tD}qxJlgjfQ++7*|-&g zFOpSx5B9`s7*eh;m>v{5o2gK)k=h?!r!@MVoB9ScSdK}s#M}NmY{=9z&!3ew2M&Ag_ z_$<8|A8k`OZ38kk5r>m&L1tT6L0VNHBttG)u}HKY%n}=hS5Urf3#@0pj(>317&>#@ zCWPnzLlFVqaEvu4z$gwh+#U$JeFEowI)GI_h5=xh_b^27g75tM>>FqM;XTn+~cDfyOyQae1dj-q)q{b z<3-yl(HaUg+_8Gop&0aAES~B9I8sODzgsZ?n0T1<=(y|J;9<`Jm>UNJi!@91)5)Rb z8sO(2UF99M06+Ks&(!^&?*K&c_U{<_ZREo-lN5l4Dot6rKW|EhF?u!CTxHd?0FKy| zziCZNffvh7fWsWvfSLlvngZ4^nS5W}plrG~#pc(=fS=?NfZfMNnE>)xlr9k9W{w(k z?CJdne%$fzLWkL74al%%4IeFCR&gUYZmBdgCbIMXdG5NX(g=GbL6_^575o-w z+(F4iFd}QW17#S9E<8ktNI!;Q^W&%atQ&!u%CLrS$7+zS`hTKeUDqt3q>%7va1>8e zQHuNMLN3vOvJA#Ap3=LmU+qXMmxZG<=uU(}U*snr*eeZz(L^)s^2bgIC036jMLpVm zg>hzO;S&s-gR(M1{4(@+zqm=Y8{Uk)W%nrsgUIu{$MK@0!EDgwj+WiMl4g~d-%AQJ ziuSCtIq@keK`A8kVEyBvew{;}a2n?xy`g)A$jLh?$lc*nGCw9_|-?Q)+Hv2t(UMuRJ@>7cdBck_dhY`Ifrwxaas*K}OBYL7n6f}lB zg7(R?3w+4 zpE9^ucfIU)Yo|WP{1Th5Ubp=4hi;uv0vQYOzsB+K$PwZ8iQC!|_FsI@41Cy?qoWlB zGbp~0ei*jC{hFj-fx<54I8+h8P7~vbRT>@VGVa9q>3N>fL4}s`g)~WC8;@+nWQO!i zR2>UfsNpSN@}xS1C`3L=j7mzcj7nJD2sS$2J0Y?{Ujmo^5sgGvh|4JCfOnR3$jR%U zh1khof*w&&9j-Eq67ass3NUVHHA)qt>*maQFOkMYrQBbhp?J=z4XOFi)`PfR%`4C8dq+4jljTJSF__~y5E`^4Y<Hi<-aXY^U(m)C9{AY!?u`JE%LSwDNXzNSw;%~wnO-gyxmIkPXhA+A5?d<) z5$AvmkJ{lLs4*RJc{xii@ZL`T(91O`fhXGLNiTDjCYA6r7m7UF6K!7}?F%)BjUr-3 z3|D(Ug=AIm%1gB;fif(YcbmT(aQ~tdsG?T1 zy>I!WQgrioYf5*rMSL;WAS~yTeeoP$aT$`zG+prJ5cn&cJB=9|@p1aM{r;K4l1?(X zNL=pS$4#Cc4a*I_qLlXnX_kLrQ#pOI{?okZf(_zVW)V}Nk@b$YuA#D5d10lwXWP<5fzW3Z~r2 zDUwL|x;khg{@9m&SFK8y&b|Qw9)H0i%+BXw_K$M}ZN!%TqwDgA91kxnJwLO@H_+D19n; za$o>_E0cuxpQN^BVEH{6(8>Fof?^lHzWo<`3p5u{kmEUHm%z>4JCp|sP(NX<0oJIX z>zVv}^N0Q5K!EM%^Q%7^5X%B#`1*W?!+sRHm#JlOK44;60POf9llH#219D=0EI*cwA0c2OLi?{z?3B_K;MvoTQ2Z^QWsheu_ zMh}xKw;Pch#%_<jfoe>^Cl)X){*Qg*e5Y!BpU$LRSKsUT6`5D}kacE=tIQr&GoinJt<# zE&^eC%h$0}Cs9f+B$MfAX=#>{B$&43+nLhXpO6f|ExZ2GQc}cAj-hW00iFED&Tfca zW7_zB*Qh@Br20AdXT(R|uZm%{1geuokD9q>l9h%VtS`POKY6|Sr`-14i#obWI$M@N z&Qj)X*=;_mx}X07`iHq%DD;G9Qvgq+cwHz7s3kr%%6$^_!qv*X8yQO(0wcJT{M$OT z%f2NjtXU3*c^{$B3KxL&F(2DWNtAXTz?NoJ!c39mf?#rE2pZe{_Hjcf%zi%(fw z))k+=jw-Y-?YocZe2<|6cj5czjzZd%!^EuadT3Snkx}&e4pkrdy;RDTC-8{z{ql?6 z`0?62*Wa1No2eU%UGjoto}~powf_v^fFWbNg?{4q=fW${-YAUC%?>+jxY}kE+PeWl z_*+xbthCaOSOcu0f|K8YYukElWQuC2|RILJgMjIk7yQd@Bezg=H_|!EXgup~2 z)EwVoFg^=ZvG@+JK>V~%{WzoaF2{n|N*PcJ=Y%J-(icnsc%Bh323C$^7wEfm~EGyMr5F)BnKUScyRUhN6MF! zI+IP9!hww6hiHtF z%s1N&bv8ARWyGgZ*d!B9NI%_dLTbLp|g% z$KDvx^%{I;McysKx`1b^@ae$Eby4w+cuSSE_&8;$Lu{xk&`Zl%5s$Rxcp@z@6Fr}! z`<}TVB60jD{ZE>o{DlI<4U2_KTY1Z3QAN9PU71M^vHpZvEIHEao9($q5)|F_C09b{ z=_o4Ws@I);gW)0cqrv7ZtzpGQvVLGwlgT+meNQ0!jYdRsY&lh;GjP~yxG+&4J`&oh*gw&~i1 z$qSIlMLF(eR~Z@1at8Ut3Jcn0Gt{V}Q^ zyW6hmRNv@^ijHfYn1Hbrh)O2Few zsJuMI%#z4B>1TWOJmGnzalb__`uYL9wP^laoB4<;tJw1zVKTl*@LYC6h`;LT*Md$) z91kw)JNIdHjS`S6l3fRTZONYZ4a}=8Q{Sa=>EOxuc-*&?OI=nTBtt*hO_fH{@%Sc$ zjK!a_9#*2~Y^J&m2^f?}WWREJ_lQblLw31^PIa%y z@8mJ)^bxcszTz3W^$4eJe`gh@1Uh|UkqnJ(9B`yl$3Ci_ z!B+?&W!W<1jm;!al#h~o=|x2CUT~Z`FCfn9#g#KW(aW5>MC^@{90G3WP5zT?o?oj9%cuh%=x#i*NA`$;n>XL3B|y-Kzb z2Sk`(vhf8&t>Op+p&t`#vxxdEY~{#{q|ntAn;H#a%g;j#35TN>9}9nMd~cb>RZ5gx zm6{f|g}+ykLQdgVoe<40G6a_n_^Z1qqpDJ%VWknV)K(G8SO1FKN|dcijYm0Z_+xfC z^2zSjdL=U?U~GBGF1dcn%i!d*=iBMzC^aAD@ur*Y8E0Xtm?)nrdG%CW<>c_;4^eSX zw#rL1^ed`GBN+!5Wb&J7KbJnbuza4Cr>jGg`P~w-@1?9P7M*0roq5$wGKUkn+1k|P zGmW)VngX5{OY1vhhr86%>Zm|JkG1SmnRco8X%h`NmZiRvP{xVu>)~TGKJVZYbP?H~ zs9mUx%V-UUE#j&++TL2R}68VZ~3{tZaE1l zjYoIdB_}Mf-zK&N%EjcN7}x>=+k_!H?#H&@me^{$YZpFj{w#h~V)Nkz(`L?1^%2bb zY}hbwUsp~JW`E}W$~Bv7Upd1Fto)4fuxP+uxJr9ASsB(Kt}lFsXrx7y=Sq6H?z!fA zNQrsv9qYFKOD=6K`~aN#ay}p}L9@N!uONh9g!;}>;yg_}U0eyfb#IJGrKImki>417EFIZK~STqpb z^c-Lnb=_vSeh17ScXyY+Tnc-9{`b(F!TXYYsB$KE>&hrW3vIh`GDReKIzBEAvZxY8=>g*sq0m{EAq$`#JJQnS~Cf4B0KKEBGO z*VtLQt)p{87St@yvVReG5{1`x$)ZK#?SNOD>PmNQuEEB!Ir~Di+(WY8X0v*t28EU< zkMqXZtlnqP3DVgOdq?9YaWd#VUXpw8e)R|Xu;rVj9Z+Q9;HAecFIs%R)ki|+QN>we z4aJ*nn9K3qw(8@c?N|T2@2F7!@NenvOP$<4pNSYLAO0mmKUe9Y|cCdlBXAnYzz(hRAfmx^*ySP2?n2MOz3`AyR9pQx&?F2 z)1@h2{Q_n-Yc1$=umu@eF1>xy$}tAXJ`dWKl{93`#T0feykz8X!zJK%5UgfzXcWO3 za@q@2*=DSh%;ReRnAj#yRf%h}&0|xgq)v!{$7XMH@qB}4RkbRqjEp14b6@3!a8Eyu z-Gb?{6_42FEE_eHq+ECU@Fk3Hg2*t85#J46_qr=fkOfC|N-BJ+pnk2Y@xibhd0PAi z{RL~pDA`{+ee{_(310colbn?2Co^P05+hMM6k!w+@LoGEbs@YZCwII&0*OYWii5fj zhJ#I<&#apCJ2%WK&I5Nen3W-0ImP?(Fv8Dk_iV4(s|P%~EMjEL1#8g2LniBm-#KkH zX6xunqNO>DY`%9+EgI+IM6N61rbB)=Y=^{^^sRodsW&4afR^&afa#G-fDO{0yjdz2_w`-tzc?X-)RcQV9Te; zBqZ}3nt6zgGCg$vrFYb3zSCH_xai3OJ{=#$U~ZVvsc!V|Ed^_-j!uC==@;vvR-Sp7 zDkLOfgGOGJ!``%JenX5W{ca=wQmmACd&5vg8|3CnJD79ow<8@NrI{;cDV2iHGgJ6MZ$oZ7mfP9mI$54*qv48U-uSp0ni$b z-+vjoQyp7*35LvN(m2QpwhcVv`jQrDn@hTIAeGiii$h<{fZZHLsQ2(UG?LNxcYk?b zgZNgCX0CWS+rhy>Lt>aOSB63q(rqcFqa$_h*HSVW{qO6}tQNWmx}7K34C>317ISdR z{t(hvswGT?ttqW0o?k3fRETHc(YWs|pN72CH3h5Wrr<(~OAdLh+Z3~tpcL{ZZv*G6@ytREjGhuhC*$}>QKgi;8l#pM(aHEb+KOX) zo>pN_y7L>gYt=sQ5lM}o7S;+%EtZn zrqTxM8%5*~doY$a)HoULAOwO39W14ZeTQaEG!`t1&mTiq4(onD5{x)|<7(k5CcCUh zhi;-bkrUd#q?4Y^*E5`nmH0`c43EXwBU0J7@W}>S14h3+<710llTnXk9ydBkNrJ4v zx^(Oet`(1LK^+x5hz$o;<|!ZX_>z~YOXKwCGGH8o@1a+tEXR;Nq4XX$GmPv2r}1!j zoP8^k@RG~eGOeB|D}}(m@;5C0J;{8IuYJk&kP8_p^wqY<*oayv;hwk1dd4aYo1I_M#-5J#$fboy;O?$CB%N9;2A4MZ0Vu%UdNh8R)>Hc{y;@- z4?4`pJ)srNl3xb-=+9iTWy`zBn9{XWbv<>0rH{3O5|Q-5X$X&RA3;JAjM)|NiI#*C zx*wAr;mWu6j1%R-nhb5x`uGrYwH7;7_}I1@ToAUM!U#L7W(lKu{5-tng*Ja; zsy73&mJKfKAk%p#z3%SZOOwQ=~=~6{%MsFO-!lPv_aztEz^yR+H-1$t9*>9C9osHYW$+oOtaeUv9mF#y|C&BpkcYkzvIB+md8?#xxsL*q<< zz|bflOG9`Hk8M-_b*z!FL`0qyQ#@O>WiCXU+F}%y*E3$i^TJsdfncC5Is#U|gt-58 zCI+;tF*TRK2Wlj|=-gJd-+K1;`NMBJP5+-R_uDQju6;zd=T}p~_cfBUr}+=JH8-s_ z{_|}sXGizTU6{wHS{_R7hWaZH=}c5UW%V*{^%7J17!!4xp2<5GLc_tq@%Q&%ypg;b z(Y#**zNZ`r*P#9Y$L^cq@PG}`pp5})^IKFW29?Z#dm$?P3rn=3W0`)79fQ&9b*mC(Fa3Eihx~p-V z>SD{O0zxnGrrz;R{yYZPX-(~0#+|^&U(PP_?iSHYb04tdhH=-KvECW*dx&~FO#km2 z#oE4f-0gXfA28TtP4vsZbOlsuyh%-z8r6GZ+?+z2a)Q$0T_MEI)>OI!2^kA`%*hts zO<>lHKDpUhPg@7}pO;Zy=QIDJG(NIbW6F`DsW z%vYiSk-EVpeTpjwVDf;Qk(g5s|DhY%^DH1uC!0fG&xcj)iIFtNXONY&ERUSphmw#Y z=HimIP4-l$UoC5v+3!DWJXFaVzKMN1yFLA6k4><(qySs9sne zuWt{rse~IR9*D)qhbr)ieL?6U-BP~PfaGk|8sS{}6~z)U`eYj5!*N$4yjBOo)c#F5 zi+m?}H*pWabgPKZ*OCKPQVIlu?{I7Nxa4Lw{v}5l5qjxbuyCzdz1?oi4)kj}3saMf zo{WA$LHl}3OOJ)6uIeWN+N{)6G_x#MOW{-sPcw6IipTK{n*0P73;26-&H#w?XTW6d zdr~NrRwH|xpBE%;h+cNhH+N3b;o%6C${k^Fw(|%wUZ; zBAa_PY_|hJ0v;@kDT1sqFON7Uw zgZW-UY-kj{Xeou#;HtbM6s0)=oPwET!%Becpmlyyck&l?NF17 zXqrSw%n$j-_JwgvmTYXo!)=A}-sB9m-(S&gl=GC53f>hywv7EroYcGt9hXq5E4$T7 z0_E$+-VLq5 zmf&s0OIw63wh+wLof9ZEQTTa2DNhB{1TP>FRQvx3pk4GwaJa1vdK7)_;*qS6X z=yKh3a?TlWSk%)Fx`AyS#e5iK(RhpV-d=9@^z@9J^_foI73@=U;xJT4!tIwzRcIsL z;YMcnpuOhVXkKxoGMy}!I5~zW5VlAq_aZ+;>DZ=CR!$0A8+WEsy$ggC*M3eI!TDRb z*UhaO4Wa1Jqa2X^g;$&M;(MN;$EGb?+tbm7!*Rz z!G}Z~HvXn+!?^*jA*uhnh77>*Q2_=VIGw1@HEI)(24W<9Z|1uvL|1Q3SIR&&NA0JL3Fn7CT{pr&V6q92VR@T2 zneePW++Sce196xjpb|vY9S5{BfxL~0_kzvhYU|B8`cd;nJSr%%-+8#-THOXnv8#c= z%*If{Dj?)Ol>(}f6VyV`Hce?|I=<6#rXR@y+d05&)#Mn+WF64h0onv+8L#_ujxyUc1H7K3kGfJeu5;QOus zjX4nVyd50_Vk;l_c2_5mG77qB z3ifZaWICHcZ@(Pi4SMBo<~Bf?@RpJq2#^Mhj{&w=`l*2X%7dVQ0|#^eM(3;xX=C%8 zX&bajZ?DCJQv{Ig(N>(i2s*mBM+HKGTZenpdy9IzodHhm5Y2c3J@#ulJZkfRla{Yj zw~t!>$E83zu7*dLjkioy%ZEHNHeUto<6B0*$*41`L1i^XcOXD;?(q9+Br$u{LuYjo zy)=X77lhBMoy_chb* z@umG#0rg7K5sTKr*K+v;u^EQ=IY>Q57Z_j=<~K z+hqaI;;ZlG+&%b>^&)o+7jUh|}!ofkf(QL@$ zk^eGcdA!3R&P|BOLXB)z_}@RN2~p81pWXPq2n`M1|fkRzWf}VGgt}E!HBjs<;b-5FxRL0c5)TZ6Oog)8UH?_pCFV>dA!fvVB%dSN)b@1&$ zDY3Sh+v>xb)YtCK!e2s_O9j&&(Fed_d{X;2*-5XSi(1n#*x9km(w&L+J*$Z9Qz<28 zka0g)i6XcD`8jr7?C)On*{e!-I${znxDi@+*;Yb~4q@NdoUwwLe}DQ267UR>^NNuT;gBQE*IqgV=KyNjb#q21>B-+*n@$$5{c#K;hPQI&}@hE(B z+oA~%)niNks0znwJbO2aSB;=019v_3#tKR;adx{T3h)4Y7WIn=!tXlB$w=iAPgPP( zF(nphlP4{j~$q8T0G0^Ny|NEBeSt!|H!TQA}PWxbFFWkZ2sk5V!e#bYacSFzJ>7)*$YQ=p$mSoodjcfn(YNHI1 z>qG8+Pq6-Fg_8vSd7-=j=W9Kk#t?xDO9L05dz-$$xrju!tpE8E8QHR#>Ds;?=PDUQ z*SsX*+I@6{kUj2wx)vwNALp~Ma1iI+f2Mt(cOT|hJ3#qr<>HW}`@Hk`t~L;Jo?Oq* z#5LlruOrXT-H%w7uFV(yc6Ig{ z=!3SNd#}Vv9x&W9V@{`kdEXtkX_#b%hu@gnHvj#?XDbeH-F_-()OSag51 zbS`5W=;hRXG{P-=d>GH5nLHlA))b6MM$c~F4;zYKzrS0a4f=PF9+R3aXU0;i1l{yQ z%m1U1`1hcw;{{0^w&v{9X0SpsD42Ta8}Xapr&RwC_FkA68>4gk6VeQ($ntr2_8BFZ zKbTn0^|jp+Z#Qc3HP2d|yZdM9M$Wab<%+A%(kH`_A<1Cs9UESxZB?m=HP!ci-y__d zI5`&{l2f5DN1)c|g~S`n%-A?~ZM(>@2-;S{2Or>#ZIq92iPeBcMfPJbAvL{+(aK_u zR)QLQ2PlOp$%y_YgNN{iA{f;a6>RR^r+!Y`G|2C%A)}miVsJ*pkI|gY?bg+}XEh({k4yvScnj;D);b}v;IT0j7sxp%pec|i#x zfuE;2SAA)}=Zo9thHuC>0LbMmc{PwVE(V(tu`4TVea9JNdp4^|{ce$!+ZfKep3bxA zJSky1CnaswYJPFwy2BrSWYl5u6G57zqp(l~+{bcMisU;kmePdZ7Ul6gfL`xnx~2=< zsO&b4cMTC02t?=9mA+7To4*>FpSNITUUOalAw3?q?`rbld)=5F@|N)G6SPJ zjh%(@c5Jc*$s3@~=J<4#G>Sh20pO@U%$I+J1&mrn@+zQzIpKUu=|@EjJSVMZj0}I0 zx>C4PVpuLF9Gg{u$F>F;vq7@BIE}~wEkhjys#)l)EPySv>PabdMLVwrp7rL+)V#7B z?Y2CM&Tx5)tGvjNF-#trF}<4j7SRtZDtTL&N&Zs&D3m*__fGZ?EBJvSYBZaLjL=w- zj9iuMv|K6z9_7&tW6>AJNr7dXu*&{uz9t-;e>Oz> z%+5|nuUeU#T{+1y#fKC>*6r{$Y430jPm--X|Cxb?^;`7s-l!gNjBAx6>p8?J&N5IX z>ebK~ZHkJKSaHgnvzQb=H!%BZ;ApmPW67h@n1>2sn|{`Y4xL&Hh4S(1374b{6yAe~JolGoFnRYBeG2tzG(OcfgrJ>U^Wz5eXB(uXobHxikYr0-y5UG) z7OpvM6Gt0}|cO2(k zw6Nzkch{~PjwBdNhi{mUr{me^;ZSj$YZEH83c;VI{dwQ<8 z>^L6P5m!j8NV$WKw0-h&Oqx70zJtGx(N+tSY`oH&lEKZA#>h=&EhTjF7Ee%>CTcXl zq*0>J_$MJE;6+r$v&4QRR@Q<|kuI}OkjO{XBxCGImKP1$@lYB1oq|8i^iTVE7qG3$ zKfcXWjef?u-Ns8sD5v$8li=8@)10KQ#s3SYVtV$(VJ)p9C@?Fc+$(*U93@6(A$EU* zA-INRx%5I`t-fHGUy8dwzjwPmEp-k)kavobWbiFhzD(`@v^QfG+1!1*e=pP(LUk=E zv!EPwwcJCH{Zle{x$j#24S&G)*NOjw>=Bn**BOS>9p5*c^R}ir%^9p@czU$$I# zimDJ0aLq-`;7MS4v2am1Jdn` z6{nY~Nic_Sd;v^MU0&36I?Y`fRtXGIE90eDIGb6(S6+Nwbu`?*RLc4?R!>USFtuzwB|D#>csevwr1l56&vxM62&UiqIG8UDZ<*tDrNYO zFyejtxA(W}GuNN?>k$X}8dlT5kDSR->~MEy4MyZA_C%#Bf+H0!VduHVqvp=hsP)ng zN6HW&!n5e$A?2uv(n!{ZqgiMxhnNCU?Kaus->&ZO*@;M+zCjwa!LycFMx5_TK0{(L zkIKZlVH0uIWxqUPidYGcSx5?yFMAhRB8I4~I41dpKOG$Km`RX40IBzPq~p^msVh#U z&4bn6$o$#kdbC3J;njT{64m4SloQ_1acErRZv!kizdJfQx;);p-9~}H(07?7BHHPf zf(|kG4Py$%XEQv&Sn_Rvuwc1K*2x4=Y7~`2Q_T%d6?OC(_gJ+vNHg+EvK)`$3Gn8N zeQo!nlKaBlhQVuRwqx?V$Mc=n(&kFS`u@?Rdya+@S7JlBe@25`hGTTG8x~3$N&Op_ zSTMfJn9SR_HOs%nXyaQ&bcGOns7`qX8&E%VcBGpynd?2Ke+%jrIA zeG3ldXd0l}6GYlO(fb>Z`wavlP`Jz|Q>}cWe9!L8?*svAqakOV+pZWPJ)#&a6*mQw-3N2n4Or zsE;WmMq@wnClr+#IftbM2YU}ksN7k}^iq#sUp!`13$A?<{*Hu1RQY9#$v!~fXo99! zVUYi6j}WIo)wza!NoQB7Vewwir&L`-;N<9|d#?JY8$VnC77_zh?{w{$*dXBxFW09> z23akLVl?dLvNt}gHfphkEIrV4{L$u5)>6)|Yy%YcwT~%3dI^u&Ju1^UIP5ld);FUc>kK-=#ll<~PxrS%-c3`&jjg`>%>@l6_J&zkB)$@@+%r22l-tZlBWlzCnrMlj5) znF_CMkTKsHGRmN%F(LT5OWXU?>i6qm`Rh;vRZ@+Ph{ql1$E+a?dXeHQ@~=xg+_fu) zotlZ*fT;qNMi7Wbuh}!vsmlr8r+HgctCK>Gj>3YowCwd!fZSKp8Cl9~A3zAoLD z7aRq$cfjsjPTA$&UZ+ojzm)CBgIY{CTLZlVukIrEWdZ_T*F1{7-s7!e$dyHEUe7Cr z40rJ^2m4V0jxR9I?0gp8nR8ZYF1z*hx?86Em08Par?zH>HfA$h2(U_gzsh|z}f z7bN%C_a}K>cQ+osea3%?=ECp3T3sxL8If#r?U*Ljmtq-44<+0bI0-m zeC{uaKFa2qOSof11>~5Gj@aRHPy70-s~2T&l+&$D89yvhC7T)R}8QQ8E{ zbS(4%rH5(TLJbnC%fbFq0s;QaQ%OwpbOKGbuMycW{2e$Rj=GQi@AhkHbI+llRj0$y zeN&W6DpHQwrKai}%v zJEOK5*Zj+7vSVKd{<81L1~;@DZcS_*SJES(+If+ASi&W9a}aZwK_ zr@v!9aZz7G`U9Q^4fqty#r5p~oj=rC;wQ@k$lK2!B;M6g&b8lWK_r?c|H{uWF(C&k zV_AMD>Pfy4c5<>IeQe)5IxXyi@bhm)xt!PXiGr7jhq>EZHLEo%R>$z!G?1FV3n~

    %=xhMKS~M;bvwZ(5`h^iagyJWp)2EYn+0c$ntsqX8`XB$g{-QWimX^0+i!bgf9CgS^6+;;%t-02$we6BIay|?N8yjP| zlmv;pwr@uW$|zci83WY)tD!)7xIBpUP6jk=BFF#dKvNKG3&C5Q>_bL#K1X~Y3^|J2 zqEqB5kPuAf=A(XL7-Y&_w-MZcFQ6Dss{Gm|xneP$?|i{5V^hStVdFglxvR*hO)}0v z&)Xmv0VkJ_5bb_6#zYn2TMf5nOnu=Is8>~8+=&|CkdjJR8PwfCrHpp+rBFkhzHz!ubVc55qnu4$>M9b$JrvW4=6jkS(lcrPu9t#k409=I0iQoAY zWwN*Sp&U1c4$8*>Ly}Z21s9H~)kRl4#2rcPIxbiGRc=%LHruh{i#x9eo`v%+~*d3d9}T5`F5fR zX2_x3M$;+?@Vs)2yLM6jwt*8c>+ATe3FE~RMY>w=`C1nXs!i256N*2~Na;MIUR-Ve z(KhpPRuVtEER=CdP2|f`^OsAvZ&1!8qofr`Ij;O$Hc~uf`q?VOeP8;%?A1>C_R%{^ zs8^m`{BrR5ZxwcY2V7eZ%_RpHhP*tP!1EM`>FeX;!swvO4a7{kiC)P``Oo9N;`1Pc zqF0wGFTFebV*64JlKAyqJD;OM@A~`p;LDrT-)x$>GC@~2r-%sUP%^ilLBzwObeEUzvn-_GoeSd*jK3LqP z-`C&Mo!-+cVxWli-R^tud-Q(GFNVA1?)bcJy~exp%tObZyPBc9;p*G7$$R`K7Y3d; zrL;@I=3%SjrRkWW_&?RLW1t=sEI0pnWlF>|;8U2#)5x&yg5@}?Ip&}KzZ%dCe!m_u zq`vn-02vm7982g zrU@HB-8!+>%d-u6%73ht+9Jfcsty}pxd+hs-|P*KJnTgvpP7o(rt%rTWunQ{ESjl~ z=}Ke#n?scoN* zH#kH(({E9~j&UI3db)2Y1--s9cXu6BAG@8rvhy&MG%QK(wbkZ<)g>oze|kTVM{w3j z3V*6ZLO8WmfL&BK!En2c1J=?}$+Nha%m{@4rU$7N%(B}{6a-8u>+Zbl7L;5uN6*-# zc{iBEr~BVu?(Q{Jp^`ZDF9kJ8(h*)=8nO8@6;y(kUpivrP+|l$(cjnT=czbH-x=PH z)QWPmz&U%DxR%(V%~f;M z^Ih)ZR7^ls?1a8%Iyr-4Y_0@jF(u&oIiIYn-nP6@DDLzW>J zVhDXu_~xS=kyZ(t?$w1fo($Oae5x}%LoKyeOJDqvuuVP7O4Y`VdBo!oANb7?|3?ul zs%;})l$_2Dj(&nSqy+{OvO7aA)Zg8e=Cv!^)Kq@>8g=4zxwm{5EGz8m7jW^2A-86x zoPceNJ8UB5tFRKhO3%-bO+ZsQ{b(lrLm0N|rw-KxsZkBq@y%z7(EB8Kuc@vX*c1F& zpNZ;y{K0Dla$^5RMl@=)%2ZCUF>UghxQmj;JZ^%qH8-Ly(W9s}9R@9RpsI601Ac!O zG%F#wLONGK+&4F=;QhZ0eR81$A>ADTmbh&ny&`1I*rzt9vD=VO9Jn8>o~QE>l&$pj zMJU3kS+E7-(OvINW`ZoH8yEOwgIfbHJph3|0bS+{d^3^pd0o4RD@45Pl8XhiXWez% zS);dY&X)M3v177UxJZM2` zB*u+#_le`1nO!q%o$oyk85@@VIxP45=}dxp`)N^~g!X3Xf_?-HjaEaVUyldw`lBqu zk}(pcr_qs*^dEJ+%Ak`tCAM6@0gqdCR{4RrYA|GMRW^ z_PodKKb@cZ+Bku7j*H!n9h3iWguIOXBoa;I6ITg4-sb3qXaxZeI*81_C?9EdFxp< zO*`H*+gvFXTeW9oh#pKL^SVKmhf?`j6GAEC=7Wk!yLoMahlPdT{Fz z5w5R?ZU^B<8rv#O+nelF)M6}_4%-@fDzPsg3Nd!{e{({QCJK?O`()C~_)V|}w18iE zM}Xy5_DYPuJnS-tC7%D-MOvcmIz4?M{@;n7j=6Z7SgmPV)6YtZ#J6}}KrSn5CL<#~ z+E4)_6ATlC8I|G{_*!{dTQ#UW%_@=#ieLqPJuDHO%K6EjZ{-?;Tu{EKYs&wa21~K) z%>9+m4T05bw8r1<2&b9D8^Sv7o|7?dCT-NI=mI$(013Sj)V)7L&O6Ro3Gxe|8jXQh zLX9Hlu#JtojSU&j=4mz^OZlZt{Kv{`&@#1JZ+%e512x;E9pQHcxj^*Kqu5bZY0Fgp_8Yz{li(8v-4xFJ*e6?K%UKo%0%ZUiw5$A zu?s!qb&Ydz7LnWm(s)Ak(B{VDa7qQA5Y)K!o@A1w@nm#Ug%`R{K48B;7BEdtDDaOZ_) z*nkDSZL{^D-M#k@__aYmiR}#!hw8tLzDevV#@64XrOG^>eCwt8tl5LR zx|RfPO>QOkLGBmV+IcG=J;5ed_55X{uNaZju$Jzkc0EdKI=JW+=`^UMl~3E47q}Um%=dWj5oG8ON808BH%F-N?TE8&UuF ztctm?klE>P(E1u5G}f->Jx)3xpJrU7_!C*Gt|g3Su(vNc&z=Vd!2#4 zPjgr3OTl`a{-2<(_-5jXZ^NH>Y~TK+AWc}2dmn#2agAgly3oOsh7`GajSoFgqcb(Z z?ufy*v(t^J2e(z*ZSD$U-hHW?gVnx1sqtz6a8go=Idw=}13+7094P4mj(+oP>}^M~ z9+IA%1%L|DSFPEuoXhJXI)#lt#M`HW3<|A3%2)6KkK zRml5&oG-A~Gt%mzWHzewAN~;8_a~IwJ}HWogY!M|C@m+0eN)YbPz}9MR2z?1WDncy6_gMEu3W@$vZOz?*{;H(O#u8$%`17pZVTaoe?T;Tr669JJPkR=N;QDFihbiuG;e z%tsRIetIgPkbPPGVEIR1?`BiPcGu?o1nnzmNn$45Y(@pDxIwB#4~x?=Y_mbb~K&AQ9`n4}Q*ymn`9kzUf>n(})%7uG zXL6ack>XLnyAO72Koakux*)H16mL3$rMl7WnBVhUc%~pnUl{b^o%gO*K5(DF&6CVP z2VPQG*bY}@DYtW?WCCoferx01=p8em-)pOZ8&FcVQ>7(97&qmNiKe@gzQFOYrKDCZ zW)@UP8$xEeiJPvAgSLPbHEQG&g35A8zT6&{ac26bD?7;r5wFYOqsWgAlV->wXeRV6`$|RMnEfI^e zw(yZrRxPT-CFaFN?5gP*TkL!;t|XmGEJ4gWJl;F6(vKMIrXtE!q1NAAUQ0yFPt?rp zj&}$6W-#=E)4GiF{K_l?`o~?Dct0SG=v<|N6`ZA&THmoi zk#3iTkHokN<9;p|p=yAzMHpppB-{MPdHFGM@?B@p<&Ao%G^|m8=>z_q-+iHVyD+R3{IHEiO=KxRXxD=8hwd@4ticpf{_zXr zvVnI;mrFCI(kS@0N2`>S8HPjVw|~AM?W}>^F^2-+i*2N;j;kH1&|eM8lzIAH&0ln_ zI#`_f#A|&S!dC-(^an^cvT6fVZi!Nb*0?c&Q;NGt&f{%#+4 z^j$49Olz*aMpmIVu!o`-!&IwMMv%jvyq798sRX>jI~lkzMQ*_*Z!4(CHr3ytqhPELAjk0)~^Y@$Bk`rf=^bf6w3a*6U+25An_zh%JPn1SbEe-Jbm&?daKX1BfyAfuZV^Wn^JS{Q8N zI4M$w&wP#c-3s;Pc~mJKa#!Zsk2n69MyozyLo%+0WeX8XoC143p9GkSe=EH z3`X>NcH!M!uc+y{H0&W2GJPk#`aq^MGw_ z_$AbUK>L_KhJJTuq0OhNGB~g`FtD{z9x)H)?E(}pDKG$w^KJ=vI^#t(;+g8Pt* zdqLfm6q?icWrR#n6q4ynW`sYhkbesXthb(Lu1plroS$bQqGB^R&p(;TDJCjMMMS@R zs$;j|ru_}I*w;Hk7Al_{og}4^{AhZqVYz5y-RtV&o%6Glpui5?32B;_E=Ub3*l>Sa zP1RAR(&+x=NEF@^X-#L>&+XXt-Nq2i2d5%Q+eG2C37~gyc5jPOq=pxv)z9fo)l$_3 z3QOccmx0wuTNOY@XQGg1uB=8il#>Fn<@K00>Fwxy zRoDP{FYKq-mQXys$486P8+>1oKi^h2=#Q{`BWIZ~>OS#lYl}@(%gJKbWN_$qCf>?bU3I$26a%$4(@|G_d83fiGx4e+T8@UWDM! z8L3{d4tOH|aR_ZPOl7jodrXsGKdE}>A*9&d{SV*WmJtJuQr}!CURF1iYU?DX6nP2M|-_7Z<9f=OsK?eDl_)fM;%)wKMjS6C+6$e zld7<3Jv$|^9;|~U!4+p^NXRKvSB;h$`4G3;+fn)|tneg))zcGET_eH1Q395JG%=2z z!_`PP3fw^U9$a7|#}2gPXR-$%(5tzL8gCdsPyd#P;qrgUmQ1MA^c!J&HoSDAI(M50 z>-h~>rJ-@0337-6Jvo`*d*6PJ+?A@OKli%zuu#p6=30}`tQNNW{tba}Hgm4Vay|$& zvhaHZTj*c(*u#INQ(!aVkmNhP@=u-0oL!ehW%g zCJhBwXjvw=lBk*`$|Y{E0$y)sUSh?ldAFnXg;5cW(QM)5D*KKtsWb1k{UTWVkOoPq zs!9F8QD$~ZHDSPIeR=B!ZFfP^0TIlfJ3HYT-lL?;qO^pSFi%ZAinLLuq`eE)l<4+N@R$Aqv;fIh-bd12El*315A0QU~L&Y-w z!I5lLRZah?4;nLxS)jjYsnKL5H^Hz8c4r{!uU4lr#5#8?hHT+&KLI1Dj?PaSND)wj zo(7U)Nt0ph8N;70f?y$TXsJ8s1EF)IQgIa=?;{pYK09Q|bS?4%G*et2=ymn9D)+t6k0&`cE z`g@B$&EZHAhqs>Fk{HDwCD?17Bfm~v&0o)F?NmKUDZl~-nn`CE!nnVDyH?nS=ZI%k z2pzo}{eyDlvw#$F?wA$$IC^IB74T$SUs?sP_1E_N>lOb~O8@&J_|hl!6}|K=F&CXv z?BB80Gy*Q-rQumq?7F(v{hC(K=ArEQLZ9;~uHzNF)=G!-UAi3O!|8*|KQ|q7v|H^9 zoLt0@WEg>d+F(Lf8{^Cgv3E5q7|0n&uU^zfz_{mQhobqdA*+r;`{UtE$@Bpj7I&Qz0g&LAAvSC>4LL)UvjlG9dnqHZN)Mp-hQi{h*<2Q>5s_BA{F3Bm!?8YZ&d! zTHeRJcokYRyAg6U=;_+@%f93FQ@@;21ME~_LF~JhTA4+o>XZmbpI<#LZ0b?0l-evw zeqrz_n@xZ7;a7O*N#Uyaro?1?(dicX=7uZpYk_|Hu${{T8y z*6zRNV{5)&qJqqP!_R3l?K%y5{d9NRruDc_&H1068uI>t*62h~w0BDjAcny_aF63Pl+2Ryc(3mLV|CI%pP;y; z3-bDl-{nwWJVB|!FJDKU@`j^~jG8zNBB&_2hyhVLrb(dQDo`&P-L#mF(FP5nefmqM zOQH>_*r+%?gyivmsR5B#_QFvSkaK7q(6t=*a5%hsq4f;Kv}8992G>R7cZ8=~$H7!I zof&7kd`{}hN)=NAOhpF7if)*CMf-?|s>PU+AsKHBoFP#h>I5~#7z46~uj^iQYNU+2 zKZF|aADu@_xB~SBmXp5nu*s>?f3C1IC?TRBL(&2J=Sz%m!SvbBYpP6uky=dexBJei&Zh83@y~Qx9u!(3p6LRIM)|}Zr zz1%*O_!&7Ac@Wgz$`ymJceO@?O$juv4B`|duh z8XDG%W&!0veZs#enS%bI5jp9_(cWtF$VJrj6jCQXESzj!4$0LEl>dP1`F$?Y{onyf z zRSM-MFOu3oX*lZc#!TfPkzM9WasR%n%jc7ebU5z*C~uJM{Uhq0g5Z_u_jvEvn^1)& zH8~9P8vVHG5>>Wwx9Ixc0+dHwkNnO2o|+r>Q-=`NwDY{TK&#!{yyK~LveSYLzApMW z9M$@)>-=}(R}MM}LjPxV*IA~Wn&CO^`2OmrwB5_(+}xLxjIV=*!qpD^ukp{e49_2a z>tp5ttC6dOq>2k+LALXFm{{E(3h1G%l?FcJkvlwmPX<Y06la)$DL6R)F1d!%Q-RC$FR zzUI}5Phda`(sO{2&6X@wj?@a)Uh6Xb3d;$EtZs}Ary&v17xR63N}p)dRUt;j+kbY7 zb|#i<`u+D7FjEG`cr0$$y=S-I#bYV)d%rD16u$lD$!M(w*wZYZmkF8rL5;(HoJHZG zP`s=!H2(3=1NLzw$kP^wJQPj}nWKQ%gfE2=fFv}XGuiCwHbsQVn5-W7ou^-~Yp0LP z-cQ^uVD`7_7U?w==`mtuzkahq?bl)$nP-+pLGa{}*I1hUQqwLZ@vr#9%(s^Wb%K;h zr)?B;?Vuhoc^uU2rDw zJ^S1*5})etKdHeM9$RSvewwA1iJC@353KfWU`;;};v$o$t_bJfG1@r-tbp z*5Uekp9e;Hc+q;!E1>whzJ?@y+avJe;LsX_a(3VYn6mVdzHn@t{Z6DJ1eeICvnKzV z3+Q~4t<+<Rv(52Hcz_s2CFsy_URtZG4cZzVtogHoUoJ#l+1{IDc%>fB*V4W?zb) zCVtY~uhS!E#khZmz?lo=(ECF589fXgMKu1d;-yNOckk$7_1ouJ)7$*u$B&VIqB-*$ z9=<+48OH00-B%yU7CDctQh7t!+xs4fSMHOk;IfK|dy3*b zkJL%275G{42`>gb|FX1G7_Y)ov3Hdg9pJzANw^2c`&^FAvWTb+lg>7ZsD>9Cg)1R} z&eN*D4<)qKvg6+AvsmHu^keKoAt7mfUfIkICVblS1`>+Tz7M#T5B0pEx~?m}EuibF z<3{Y7CtP>*F}-g8nt56&_}~#KJlwmH;%j@TtM&G&E~{jpOq<#uEMGJAs)R8l0XLrC zn^(8sUF!=G^BE?~f}4At{Tov z4)P7%%%QS}uk{CT!ec7vZ%K^X9I~LP9A6Ya9;>X5_I;XETKPeBW2QDbLrA%)+t6KO zb6s!nI3GR=9trL0sy>7thdZ4|cP`Q$skc~Et=5C8g-1+hC|{2yh?boHmidD`n0@GL zf+ybI&cNlg_?)I7GvD@kBM#N@=LlZ&PjJ>c!0`I2ol;Bn#Ie_2@hqumeN2&HZvm%s9lePfdKWIkY06FOjr5^SY z0aA*O9r=$Lw@e(%cL3Qvkw&rxDhxdxkydOFr8Dy*NXaTc4^VRs1x5s5g}*MqFHQWY zUYm-Wb=THkz7QK!jXj?>!js{%0Ni~AH09RrcY9_}zckiApULmpa*kf*EpW~R9|v_u z`u|MM0wqDhp0UlTN<9jm#ktp-Zc0mKr z;|{*tUBq5jjiYG87gHrTK#q%*zSErd_*dGWfem{yu;!%x14PyIoW{?Q`?!GpxR=>^ z@m^F@AvrS3W~3uugK8g$NkpWu^RsepWLK`Of2>#Ue=OVod$kyK4|SthpZ+XMT(mB) zce;}u8@6{W`Ilm|W`9m~q|KwQ==2m#9GHT$E|>A#nSS~C9@O#NZvQTU_1k>wMCT~3 z1U+kEoI5!cjVj9sL3q1l!sZ9TehAfru@kO%di|m4-o%C$_n=9kL#fG$M49F@pPa37 z0O_<*g5)?Z*H3z;XgNV}$LZpdktf}7?2$CyAk#%qyw|$xpYhd54Y?F`bpFk*k2rU3 z9mn^pInv;?c0O=wv`{h@*CTDU5tU`SkK{U1Mg*INFmez@tGK|--s|;G_}JrE^;Pa+ z+^t zetUhgPf9c=g+P9rf-+Xp)HbT<&xAu}LR&hs&pr)cQ}rdylcqa~EOX^kOBGKKz=#;N z@P6#|pl;Wz?DWQ}EZ4;cZw@9{`)vzmBaE_UMXf2Y|0)u}7}Z83;P&4dICj?#qf1~M zYn3*QbEqGjg|VZm88LU&RqLY)0m+9H!k1$M zo!0Z*8f5#|a_f}QrFo$qG_&iKS>k2pct@r~&RgK}g9!<5J*xp?MuUwFTeF$Apg_~p z#W5a$yQ32oI(K$-;Q0YN{s6<<+#ljsROpXOm z2QtGKBxt~4WU=m_n4ze7r~e3v+#>14Y=_#BIRvuWQ568??K zCyT})oR>^7*eU~hA!B#;S@HXIH55`eH}9OYc{!13U)9-MqOgWWcr?2V>ob{1gp_D< zpr%*v669$V^q2jVbUtGMg2wk{UPiEoA8PYtyGcj&{4Z9ow}ysFBO^=ddCzMtWXJ(} z6^|d6mz7y%Bs3$jbcpcY{k=oJ7&Gs6cRH>d4BCrwt!x^+G72`wBk*s=$^r)bdiF`6 zo3>Jv4Qfy_O8-GB8Sl~}wyf-pE+ey_Jx-^RdhDxbB=%G5B#-ry4~FGmOx%^HsPJ(| z?=^A}FwPN5zAb03uy>|3qmxHIOQhEVt=kgNtPYd1O;o=N*G);Gl|xMQRcr1Y9)4(f zBygw(L|wTCpSPC-hT%+*r#gV=HhWra%D*HG!r&1wpDyH-3B9@guHC(bRHyg2a2-B|0jj@{b)5rmeZ-Wu&pOtb-l>(za#YAN zzMtT7>kIo$HaFkCH^hAlJO<=pW5~iw=Q>V*_4hclqU8(+G8^YAgmF%j&BMsz>%cuO zTtbl;H`^NPkpSC(9_Am1Pq3vjL^s#0DxvAVxeN>oPRW8yw4N;y#o&fvJGkb?OAS?m zA*HLXYuB!H)#ulrmK@5lZ6@%8dC<(9D+}i}W7Yi)4ibg8lDu4~)0v6Y zf0c{shVN4Q_&EA8sEMtW6NL4mI6khQ`1}!<5`7eAqW!5a<`>=9J<@A|H((Cl(h&`X z9g%{S7h-0sLkd}`r+04tK9{>)iLFm3rB&2PlVK?C3 z^rqORX~h&d!G{na@)v}Lg1(8?n4ZE3&;#_hI{Eqh`Mz1c^3GYiRm>;C==GGjcH2^x z5mkQ%9Vw-;tho^>6$K&})@E%r1u~|P&%R5cX@$8D1w)1tG&fA+a*!RKxV8W;u9VZ) z%0zD<9@Q)$xbPiaiXtLwL7o)`xwE~ z$Bwt*#>sJcmk8m~tWRx#>i_DTop>}8qM=Z7<0SH-F$*vB03MUYk%S?}BN>P{q;NyJ^1A;vUS zEva}^i;9EO`ei{KhE|cUz|}8A_Y;hR3ueQ?p}~`bIK;=rWtuaA80GB*Q_9!c!K>oo zcfug`Y8X-k8T=50Rh4CXGT1pT!}&vGf;&mhc57FQmQy%3pUM9T#p{)hT(Ex;noAIDb@_s2j`ev*?bb2fAQ7%=yU8fbAzz@>z<_d)Ah*^b~RhIK%(q(0Zmv6RAFV|-# z%7cepUg>m!ehr1blE}**T(jQKudp%ra*^>4U8f8Y7*M~dmdS0MWfOiJ%QOW0A@(do zpY>4$XA%5=vGvwrP5$x!FDZ?TMv>U)-bO0z=+O+Nq^ER=(k+aTu7QMZ#vXux+0KA5O9S$v-xMr-&?v{AwL?nE3>^NhJdEFM067jADBVetZ-h6%IQe^@uumFyR;p;(wU`!1Mp#%k^n>I&9?I z?~9?pCl=k7#IFTInaR1#rkpJVcux3Z&zMVoSTAE9EtOx3K56gzBHVmg%+clh&hQl1 zV>JPl|H60S25*o3=p z!oF6mqZe8whFU*(IzA^yKQu;XiIkXny@p^Js1*2=+SyeP9gn~fOgbV!w4%xyjm*X0 zm+I6AT3+5)*1b-v3G9Y$Ht7~)q2)GQw?B}rtxh9fw?{+;I2tE7&Pe;B!ZN{Ox+}}Bpw)?pJw#v~6D#`-WhbezFo!&ShGnaXQ zSEHBk@5Az>50168Bn`!PE-CpLyQbsmdxzeAqmjJV2M^rqm8aj=J3;_hbOO=QCHG%_ zS^M;>(J}hXS`0<@h5U}zfD4NQh5~<_JF}K+P7QYTmz6r)CRQ1bbbH3A4e1psewqGV zR8GcA02BXwqDjJA+3%#I+oTG*W@6=**bJ4B1~r8yE*~_Xa<6oX9$3HE`3@TSUKXVN zW8*va`O%|YX0u^MX#8OvkpH$!`({{GcLy%vC{!8eCnHMtxo~p1?LS>!a5x>fhQc`S z5cNCsk-xq0_S5Es*k`q=YZpZ22??ob;ItpW-++?G?!4!RhiZh=ft^>Qibcy*+x@Ak zo>pQo`RbS%8z1C1ta{S#wBG3furDEz&VVNu5?Q(_=c^#~e}CY7+eC#(zyv00Z{`9m zc=w^lM!lM3xs5@&ctRN$DBQvY$hAjD# zsENpVDk8uquGQ}50&X#*3 znRkK1iQr`IR{Z$<>SO1$q9LH-Lqj#zix6tx;VD>IY{p!fMD_OE#IGTB-zk4`p1PDY ztiMGc`^YuVwyQ@+GqQOK;k6+>98+s9C!*2@7gBZG{NV6!EoJ2<<>vV2;(CvJ-_0-B zYG!(#{i-(nd=0k})>bnVYLod^0CTZ1^dEw89?uGHZ@Kp%49P10cKTh=Z&yD}vR~d; zdE3|^6g!EF2YBKUcor-05YPVsAG4Zr$EWY?4VnsLsgRzZ@9!AwV}9OJUGiO3Fbveqp7drgR3ORqw96(i=eV-<7l3rBGtX~XQ!-90bzv~U@ACR74WAg62pFpoa#aKrHqorhd?_p0X z14^BkLB!gi#=R@OOf{m>(iHqbwZ{`I;|^sqp}}oWKPUvHB`yT{O@TFeIU`lINj~s| z^?zno<6kmi?q>g5hHeRT+xyI+CcuNt<4`GwBx;KuEWH(a>KfCs0CNnBN;f5A&aCb= z8*0F*@3ERdcPGOlpI7E`{jkM8Wd=AAl}`wc;YQ06;Q(}!vS#ibhLsf+1wCLT|X;``~^`MzAGap59^+onfXhvGYSk_e2d zwy@Kp!`P$_jkiet)grtBOUunmvOKxT1XXk$<<|pcsU?aqK^QaG@aQ_Q$ zn*uDr1~FN&KH9grPl+7I3NhGF=iWiV7^Kcy1;02o@4x8%d{tmbl8)5?Wa>}FH^za`drdP-}6Ffoe{Q#vRk zt>Y!c`t)pruH@H{=4$`cxIBcyxpJ_dw<7caBXUa@6G@wvz7oZZyLAXVOWQedwkMxV z`1dQ6R%&vQajs1y41dAOk;E=s()3~IxMi-+=wuBqN7U?J6@x6OoHB_{hx;KWlE~60 zk3616a2mVu=zWQ$nq&aMu=$a_M8bowoJ<(0JkVEb=bTgm*pNe(Q64jwbUq4aRm~)n zy$Ei4epo&=;VYzw(Fj*A-6a0Y`kOFy)_eXjvxttke(B;k9vD#VOG5I8KY;o9(v$=4 zk(+gSFtadHM8u4R?YRFBC_drG#<=y; z05%|g2%hs!TVK25+iBkKeRW?7mL}dN9A-%-zc)Q1f1hCmzUkVxuW(@9e zTp|CwtMrgaxM0XehxOn6RIOVrw6tZEA_3RGGyaX;6>+Fw$;%H7muS}D!JjSSu3ogs z*lLbAh*aiTKpkN_G*Hl&3>Hq~#NxW{w6~sxV;W9L`};ib^}QyN*+TBn-J0_{Y~Kav zTLBSjtI9XU?k1w*54N%xB1ZE~{w>(vT(B>m5qm}J#@BX*bu4A85dMgbz2!-`nN)T# z>EFW;uZp30ZvjanOR}&p8p4nmU{&LL8YyZxe;ro1kLA&HvRbrR zURiYZaDLWKZ* z@Y!$2t`$!byls<6S()^RF`e&yS8u>^sH5kN!j{b%XF|Kgtdpl)J+&#-|$JjlcmphqYNhkQY-Ru~@ zw-@xOi;%-r{LeYuu9I=0?8=dG!OoxR79(4!Cc%vQaS7YB?}F-or)B~yd!F3u$ZAyB zj?#)k3b$<;)_UDYquSRQx)_xWQUWdoOfN z3S4v_Cmaq5yk5k{^uPVHnRw49Hj0ZFRe9`eQ0GIWV^C|Q)2;$A(&HKV6J!=hVBtz> z=*nqe1%D$2RI}T8idBuh?XT3@l#*&FhFP{gZaYdoJV^O*I&N2SV&Yh95$Rq z0qr0#VfR${zUB(9^TWRBdU<88%x5Pl5;R=LFOCufjTXDHt_a*#l}Wet*!5R_5{t=G zjxf@pq1JE_U~s9@@ffy=?`PlWVS?Th(H{G@XY=A)LV_a68Qcm;NB&EZxM}neUQFcAIhI9M^x~OF&wR;iaMQ9M%(Z3F==pKkmnHrL z0n6uZf@pxoaKYSr5~l03Q#Y&ZmGJXcr8UQcl&6A!7xvt&a`;xdLc=@5*HByoDCH

    KkcJ->2FF7sgo*ev9Fvm9@>GgO z{B80jgI92&ULIANtS@g)XKYtiR&X6TiBL3IMJb(1_s%>CW;p`gSMRA<8$G$K2u9Yx(mvGWQ%uxN7Ed7Ot8kn#*hS+@3V} zfB*A~9X#9jdkmy89O5ED;&2kl39r20A9~k{9>F%|Y(w)*&3xC8$TDo#r5Pb>v$fCQ zcP|n3ld9Dyjpz%UWq|D;+0TrqV$0b}OD~!oqC#)GPS3}+G%{PSjWwBH5~CeglpzMB z)w#w@48q!ER3WiT=A}dI_ZT4btl&QFZnu2d`W@kT6tb|sfXB^>+cBWt_3VB~k4V-~ zaL;bGS`nIIfY!8qX~wqe`sna?${6>E;3x}G-wxN+uB4Y&MLL`x@k-TjohQ9~JrR}b zN<{vV^$@z(L5tHRAADS!fSSd(|$!)Sjlj#xnvtfB}`1;8m;K?P$+gWZYAh z-}b<@Rya}WNE=_s6PKjujyp0nC-8r4PFJe`SDpF4Cv=z_#?w1BIFVnSVZ$``|N6{q z((danfaoKqt?Qa)k;%E4H->|Eb zY@X}z^@f(Q&NHg0jU>h_s3MDRp?xAHf~5ir6H!Glo&KT{q-wO=5528fO8hvxT)r7& znYVfvPaU50(BP`Q{2$-3!5=?+zhP?vIi|@OnFsD6x?SDCEUo}W(3UvcN_-OSt>je3 zN-gT%j>)1g-?Bdnp_Xh;MUYZ*2{bUXX-u|+c_sMzu}Lh`ENeTy_LM58g4~ask3jCyjI<$+TWB)OGpSfh8!`zPkqW|KT_-WH^jAeyITb-NnGLdqi(F6 zd6tRg?I34*#23{lKv4#`9}EPVOfF54l?>{JISXLT%0|CJIDVM2n!H+M^>1$WpDR4v z!kZpPx5O2r9iMfqcA3{=+53xsx5t?sbQL?CKFlsD| z0#rGTnHoYqXs28hx^T9+xA($rUlzO}EK>5pwdQG_uv?G0aajyqb7(xG;0G5q`0| z5Q-Q;0tb>559rB|>G70hMycPe<<&n|PmwaK3pdQiW4>-21~^q<-st^Wy`@Zo5u^+8 zG;ySLdonKzQ}dDW>C>ATgG==3Ns04wR2t(Qt;XFz{e~X!tokP%AQ2%QW$1tjH^CX9>K#VsdI(ZYbdB|g*i=uGU&Le0WdIl$;zT8ys9Jb<^wtPTZt0U zB~y{DW12UbZM&9p zSU(fBM4AbX7fG^}LBz*jt51pndm0$xdvLH%|VUvARM$ zx`O&seR*W#KShW<|L^6r*4BSM?7l&TYh{ta;6z>ALzc?>HDBI6du}PKl7h5V%<~zA z*@j;jrvKHEQoh*@w0{@;?^GKnV|{%2!E_pT{(ZWG_uY^;4#fXFqS&E(-fyj+Rfx+F+qqE^hp23yI2yf)S}7 zzx^<|wG?Hn1q5Ip%05W`Q$Bu5U!yi`#!vrXvYOyLas6^xslE;w^~QHKQ*#p?sNnWD zkmlXPJbA+sVy~KUs$EX=om;wrI%)tpQDbOEMFmnseekK+?yCBOZ}FmHtbOI2eLb#H z066p$B`Rc_Dj>dg6YDMkZ^-2OO6Hf;(O1|)_b2oKQ2Ey}%`V%5sRTG#*C71vahd`* z*9O$%#9L&IfA|90-m<@kbu*JA5)mMQ#G*da2&+25rc2jhwwOB_4rEm7k!A{iwu`!n zELvyZHD2)~lo|}Z>p8mr^tSVdGTpnNUUp>fNPHE4t6-Hwl;i%Ra1y9ytrfTzwJa(< ziPhN-U1<^*emwI6sv1<%BC3t#BTnjfh1vnrO5z?tV!?=6&tcfT@jS11hChxl&0AXB zq()_w(CBq`<1XGRLl4iyc%P2#Vdm~CiODw^6T&Z?E`E&oH$0hqH7SJo=!YbEAtvdG zBp$#vOX9ZH=EgMiVSSXoj~Y?4@zboP!hZSfPBA&SkPmN6*0*>VD>=S`)u#|_#JSjI zJUauz&nG2mtJ4F|#W6e#)1cu}f;CiCcQf=Cf*~&;8X%^Dm|P2S%0GayI9J}F;YoyG zQL95}Adr$rVSv~qaEpYuvf`H03RBFN$+xENDPW##@r(s=z z8?+f|901R-MSfI5OASU(*s7kc?2Lx*OIhW)!<6@`XGJT)ZKIGQu9VI31SGzUDA+1x zyLx`BC_fGx|2}p3B~jRV+l;wy*wrF}jN`pTOlcAM3$n1SmWKma{i3{ZCy3hTIq>!o zO0M^*twCTSIgdtT%S^(KrwBWk=yTxuY+=WrA5Oi$fuCyF3;CVJI1P-A-*G6Oy=6m zz<`4K-Hf2GPK7m=TO{OZ{S05n^Uj3_^pG_#FD{O}pNHOaX>*ivacJZsk*+^NZ+^Oy z!aJ$^{OoFN=^0DNd)HyaB<%fxQo5@I`I~p@{(r1`QLs&KIUmCcH1+O88V@vnTU`0V zl1v1%?+I8Va+xeEx(H5B8^ekutucqDga&s$xF_Yt^y+$a&@?e`YIrKoCmv9Ge-`Uu zGt;Bo`|n>s*HX4^_<1@Yr4L`*bv@r_ev{c!MVT?OW!hkU*;rkNnuADNEU91wWSS?5 z><_FCqSXO@xOuk>bxL8dYoZ0D3G0x+2|hD|)_ftuZTvo?QIfWYR+oJOu>ZPp#WNjG)gt?xAF? zC}eB`qVCVzu}n6XJNXVU=j;R#gcdC252%kF0)*rwO)Dyp{~X6zx?Pln7yS|*0Ekg; znE{F;PJ}rIw_m*?N{6(h#F?L2r#C;2s66i)?GN=Y}2o(y!FZmQ1I-oJ>uHFO`8vgPJ#RtDA-xgWCc1*M^;qrXKEGi1!|UHE%9A1I8;Ozthe_h`m6M%&S{uc$Vf zmX(7p`*65}6x`l9XXwGmk{Mg`d+s!V&XiqLncjpd3dvudkgfNZUEo#eRJ~jj55RO- zv~kT($%pY%OXBjB)2&f831IO}G6iKaap!($lE+Etfs7Zc zTl2yWQk&#`!w#QD=4k&NIIv{d63hjO%5dN@y*kbQ3g|enAzvxNH{rZiR63QKiUX{E z0y7)8b8MIQadH50iH>SbdYyz>a2gHv0r5~)kfkBYnTul54DLO;#tY|**_`gVog+!( zrOJRVeW_DpPFT~BAEyX#p5EczN{0jwIA{J{HORMklK|!rwE#1&*XitM!DUBX|Gck9vSvdNWN9pii!qN3L0{Xqz>2}UJXemvNnlI24~^G5p&p4#9FAbC{D@UoWJN_q zc1$+o2a^sGr^5LcNX_J(OTe?Yd$%=g5U)p3Nq|QE>B$L)s)w)yb?Z924ZJ3d3-H%3 zJ#UUS_;x0nb>9pWLt;2iMF_|5|*QIRj$=i_ChEWXCkXIcFF$(AcT zAYfDl)o&D!-|nY9LhqUrO%$|3e0{W0BeQ@TMqr9cWgp3@{9IJ0C)rTfN(h9?7=N$4 zmxnQL<07k(K_sQ6GrJIJI>1!z=FR+XH3Sc(rPfVWC-k7!rEE1vhcPY!Kr6QjneV?) zbYmp^WG!A+NNKs3&6a)=*aflpNbq=kzk-=ehL ze65|%^|tz?m6&}Bkuzz5o7cXO(7-oqG-xuQuVsV+R8LP&v?gXiSWmmWMVC>2!s(sq zR_a%p9FguzCxhw8R-?gC{-}xU=gQ6iV^`nyJlorwvV@tZQ02W8mUm@JGEMi74UCE% z;@_ZVoZ$77Z&z}*E%l#-VEg=XX7of>3NcP6=e!LuUxK_jbprRlj-f#<63f}H93cxX)KL#B(y1Gc{BVZ$fynS>Op z!07<$*>*4OC}yuc0h7y-3)U!5w?55!9xVwr_r)IQK^7SYa%Y?fLIO~4?S94H29sk< z7{5-hvSgI>4*2cWYz1ws^EG%{N?3z+JgsEeW>4ifyhC?AC(tc?8sGNx#MO()$%3^P z1uh(Uhi*nHl)oe`tHTm=ltSw!Hx(KCsbFNpU~)bO&KG`&(VYs{WIhPekkZUOK9n0Q zHi2EtvwAIC_R*x_mFxYE3b4b%1K~|e(KK~E)e`M=fI<|AFa`woK3?oP!F$+PC*q1X z?#b2HJ;GotukQLSBe1giX~M3|_rBt`uJ;Hn^pL!r&Vz-faK+{{xQ~_lALGUC(3Fl8 zW%ZgW85s>qVIxw}Xe%?Z@|bf4AJuO8Ad26fm^(>?c#wvTJX)F-@##tGT<3Al&B}JcK1*wEHFA6Du_@6Hvnf7D zTB2XW9iibXon7JX!CoFZ-~0L=_*It4)eGpCw@_h6$`O!1-K&#b$ zFIH^*+H7Kd9=Z}FVC8pgu1{NH8RaiSN9_I!$e8Bnrq@?T}hNzb{`X{lcjXVt} zxT{hc^Vj2+ti5(24ql##qPj%N&;R+NxxKjk{KjWgDS3dsJpQuA#Nhg^B|4E`pePQw zj=5lj0$4K=DvjRXbj3F*adCr=hh|oa4YUs&lZ<~d_$8wLOih+x43hgf(MpUlY(eT8 zyx(ouK_XSfe;NNP%~VWth(iAND($~q>7r3=$Ym?kdG_c#1jRYQrP;%7LYNXo zZ1C7Lv+Z5BQw7OW`lYK8^FWA+5gSlHTtt1zo7z5GE*y0_+L3Hv^!ZEiN7(f=k`kY1 z9UI4QfXE8!ioTPLA32423Wl-7PSkUT*rQCth@-8njNr}tyI2s}t}-{~?|NySfj_U* zOK1jByejoc!}U&NQQ=Bqu|XF>Z^BjG%TD;E2R^vgUG%_=v<3h{_q)!2S9m<5%#K-x zU{d}VuY9X=GluhyPJ$~^wZUk1LpOy|pt9eNBk=ak^kg(k_Qdc&f0`+l;T4a9ymv0W z^M&C%G}G?^Me>0)Q^Uu&23kf3^8#9xytfwF?#}1KPkLv;!mdq6&c5KGANV=+A<%8$ zZA9JdFwlJ;2yxc!cZrcXrY^}wyXB39v=T;{qD5<6%F_U^0r-H^$^)BJESPJg55L^p z*UKp|iu9wEvO4zN;?|BFPpCW>$*|C^t38S9WR`k;{Kn>v{AGpT-W|tDTBkXC z=zw&iv&H>XbV{EVjF5iBz+!^imOT56LUhKI89w{JLc5IX#&7`urPu%}BYt7<@Gv$# zGa~c=J=Z<%n^efLTlcRHStXZsi#iFFL`d;NLKKG=uJ!~(gxv)^D}ZWe%gr7OK`C&* z14noK6T-4zM+=my&gqD7ZbH3w>t=mR?gSm+J82k@oAYuA& z9P=XtISSSJG8Na{+|=aLaF6o&Ez%Kdw;wJ98OqeVUMh|_okmS{@ii@qB!eyi`nPgG zT^odvw{Iun+ETu z6nI7AG_EKEHp2xTavEK7{@ExpkHm-#!?Sb<5|q8Bu$!~PPab10jpJJKOr04LTPV$( zJQ9CPhg4I2W&fJA!^o3(wxYeiaJ{(p!gkT0kI90FN`~|!0gBfdVozV-CJK$iM)qL6 zq0l{eAo2Z43Jympje9X<^+JcKvxN&P%F5T5_-3zz+kob2O>XV|k-d@d%eB4b5DVao zDH)&&SIRQZc7sih|MNlcF=%;#x|2406AMo)65Lg_{cgD3>ZI`B}}jb8_0bV@Po&4@V4Z z_B0(ZjQvWSZeDBnI}o4Ln?k$wXlC1x<6D3aY5lV%6}7h-#RS@gRWEL@%6r(!fD@<- z7Fhu@QG+WNvnQ57{$gDrJs+a|8nI)QMjS#gtX3$Mh!w0(NidY@(oRxw!%MP?pSxX3UA`>RhK-YMbvGJFHdtL};~JfYbo~yQEUb z0C;7tr6{rM4*}y>u3Ve`1yWZ2GE5pD(VSJwbx>fG7`-$Nbq#~5j0UwXgL-nVFct(t zz+nO{OzB^>lhLmdJ3ZE=sLuNEgiTk%n{$q-#DUHkF6-eTJY-LI8rsvhHdd;&au3iH zAq|icLTg7hlvmxoeeW|*CB{;~%TI@a61p2IZ#FR7mR%y?;F_lMHZWLOj{KsjTI93H zsN*ERmKr& z5{`9A+fG_1KZ|{OeV|!-(kHDJ-z7Q%kSuw3ezan zQ$axCbSl0WhDbiK?=WXrlD6wE81Coul>nDWyhp?Uo8A(-X)6}%lR(Amm6NuL* zW>%C}&6s@Z{V?B4)2ZjDC}JUDw2*j4sh1+e#wxYs}jmLb-c0?MBu^*<6lW@U2nHQZd5GwoXG{4jJh zy2YN~hN%z+KCCgGc`BdXe0s}b8J7~iem%KUADP!u)i%;Z1}}@M)K>eQ<*=N6YVa6F zg2|5P3|H(5z1iP;VR~4;^aXHug(rl0No@PlJ_ihWVqY>AJRy_I&CN}y4E%Lk&@K<7 z20DkmU;B?$lt9c7zD@55af{bePT)Hh&R^ZwU87!w;PaK1lPMo%ZQG@D9SJ3zHZO5) z{}Gc$4acNDKentXHg&8&F_6oYuENPE^KC!a_EMmRm*RiL#p{+IaKFt9w~r-k9-(^VGhv{jCMpr*k#ka2CuL_$woV^5|LlhW@K; z?IUKtKK70{4ANqNhvMPCiTP@#9~SgYe2+0YNyd!T3Fc&WW9gtHXCgS8OA-LhvK065 z8JqBD&-{;LWERf%2 z?Ihe-^k((4!F{CRDcft+?-B-}ok)(N%g1JaE3#`CGBm6!tT=zjk=%+9j-Pxus50Bz zXPs{wnB>8bJNgJAgMR~bE?g@c864;zh6`&Rjs<*WT6jXQXYN{o64s7am?xJim~|ap&`rEb)CIrQLP1JsU-s7TMjXzUWwu#I2?l&wbVPREXRRn?d_Q}DVB!C@cDBuG^O+{2bWcnm!&9^oQFus zU-0zJvwl|T%T_Sp-ud()DwE+rc*Fx%)>iwly=pE%x#;GAuoZTFZSRT0htj5VgpQy# z_nM@McCR$uqN`%stN@`?OYYo`N!N=H?3vYy$A5y9xjMq}0m@t>d!MQ=)*MAmed{^} z2>OVF=0qnYHu=7SEac`BoZ;EtrJ!5yT+o8C3&oE z5NRe0z@bLZH{771_omoPRKFPdT_ zum{L@g@RX)U{8>!nbhg=oG{_=SYWS=!1Hlj?OmVFNO}>nU`ZTaw$Q0(mh2%Z#~~pt zz5ac9h3i`EYOfhC>i5DE)XNo|8A`3K!)5+<5(iLX<^%lG+`aOxvz6X zfEJf37|?Y(BAZW*=+z zn3QPxT=gE)Bwcj)ZA7d5oc?HY1*FlT8xWp>XoM3H-cZ!gEz%qi*c@VfH= z-@5E-_I?*bO^mijy17|xvV*ifw^c>z_MTU4A&wfiJvdv>S&s$r<<+`$3i76xJ?o%z!yW;jY?)F0vNrm(tWk&3lTK- zd}P$)bZhvBkNL7XK#dx!O9gtYQ{zB@OO{@4mAINdRsOgB)c4HoY46Dds3U7J%%Hbw zwe!S-6BHuAkcf)e99oao&J&4H4%&RS?39d}%;E6;aX7K7LT;eoYyMW%VbeCTB|b#c zdd;YYR9Nu35h)bGmt{o4z?8;dLQ7}z{-C+}wDz*pv8G;Bqmf>@`-REu)bETD7pO(q ztA&-DOM))+aL=(vYOK5wcOVD8m*xmVGVJVoc@c2VZI8z=9AB4%kLIj9s+<(LQo=*< z%OKBYxg8NK_~Q3n=u9?qcw3iC8y&`IF<(+tD~a|wrl-D-@S+U*&|EI=h9qPUK}jj0 zgyQXR5d_6Oz1hgI)e}^Dm}yhic)FX@jM~FD6JqO`UOK+%oh#I9f9RJHj5f_EV=QgG zpJ+6%?Q<^nFA^0<)!|%Sq$I>|zPhfGnEI+ze*D*~(Y2sOP?T}_WKuuq_%q42LgUIK z5*29uk*`=#9rxGf-llFJOEj`yl{hrttkBA%5kiPNsn1;A*9dS#LB|76Vju zDu=Jl)B2z_1%6$3(RHt=n(9>UKgiK19=bb#X+T4YqT zu)}6HA5;i~F(PwFQah{g6mW#?mGiACD(tyVm7k0=oj>^WJHJuc%RPN)h|me-W%wk4wLw>f!5VcI><+n-UeQV+v+VsP_A~&x6tHH#WaaurHf=>+E&qhlH${k*>(NhR+udtMvzW)xv+wi|Hr{S--s-12> z#2r#3o6lUVe0%ymoRnPUs3fIxd2Ng=n*FHO^3z1bCYPi#XPr_>Ye&M` zc5;sQdi1Be#$B*fxfM&1KuRLuWG2;D;rJ_MQDbLMlKYB%_xEw%-5CxQ8+8ydS)wj1 zv#YOzC0%YQ)Bb$Pyxtzxyq#AM@Y{1xGF|pQ8qMqZppNGYS-^FWC`CZk}F?0AWmekp`e|Lu`D- z?{PKSQ-9>CZr>$J<5J_9FH8UmD{;E7IzG-79XsAT+iR8_F~ns03rz0$4xwuLUb>|& z8N4Gi^5~<#pT|M7ofN9$^lCaaGp$F4A{DD~`61w~AV0&YY!+J(Tu{+`it8LN{Q(^y!RE%RV;LR$R#Pt|3sM5Jr2R zT$?8uNQ)=rEjG0?1d;yCW81C3TcdqM^+#tdPDy`>UjT1S z{02GfLRR8#N7Vd4ry4KtGRXV|00?t~RxchH$>W221bJc>8L1G6BVsRr6#8KBBhFn& z5h$DKz303j^Fz~Y$jd1~n}Oe0Dz;5zWWw6$aDFPc()9;)U@08GXX@11+1}oMX-9Zg z0btG$ze9qygKG_O?p9!7#iti5`ewZ2)0k4?h_**9f#NNBjhOmcu^p_L$37DIjnt}9 z3Vr@t6Q<1BZi6rmbJ$~c4%BR~xgvuC~Ctb9g;b8+RE>-)G0*!L_PomN&-=^~I&H4gxPq%zJT_0vR7z64ji z5g0xR^u(**<%&jIc(=hlhpzll{bhq}HKGFbib_i0DWg0SAW-{` z<6XnVB-_rmLPGev(RxQ5^8Ws^1HK&TmM0YfV)uJ{bm4aacY;OC zNZiv{r_kEpF6P+;Iw{$*8uD8LgZLb@w$sfaGwza}>mj&q+-e3c@}WFNYsRX zV3-vrz*;=W%pr#D1b^`>st$-DnW@)d+-d9c~Y6rY!%IxWhT#LwSO1MN! z);&Q`i@oU>oKh+rlT9CKjdt?cs|ltV^Gb~ z3R5LX9$jCn)ZOEP$G|?vQP5QHfL9sO1Z?GQD+a>=qOlU?8J`Xb$Tc;7r38t}-L0=d zDFJc=zWGF(-BsZ}_v#X=CqazZ9 zj(Z*C(UXqGZG_oo^B|)V`u8*|d)|RE6tV6$GvHo49>0LE{s`N2_VhA*nZWstolivn zE*Oo5`&nU~EP`L6^JMRS)5P9a2@NgWBoIgmoMoHMK!O|C%)%aPVTonn#MZ*Z#AyQM zXVbNNaU&Z5MhdEo{^wJ!E}I^M#Dl)H98Tg5@Trby#SGc^B&i&n!5R%A)-{lwZl6qg zC*+=DOiDZ}R1dhqFl45>im4i=^@G;KKT^g!)CbHhAr|(|m;pm|pId~OguVsOrAE{c zngn|U%~nX)ioYw-hn&Q?DgrgHaV|FabL|i$$cG0*#QJ`Lyup%aC$EXWqb@AJfeh7%|R208nz%UggO#rm3se4l#0Bs9w>Ml*#X<&y(RdO?RK;Eloa0 zU-^-J?5o@MDc)NhPoeYckUZ;#X>n1+qP%0^9*sU7PegZ=su%# z!pxpMSYuLysq@X^AJkPOkEgm%lS=D1p9h^Ek37QBrVL4s%mXhMW>z*`2HB^_1m4mD z4UNiXPD5=%Z7zZGspswmvndG;;p#r)%lFCUtyOt9US$F5n7$!k^VGFaz&uQ;|BR1W{7J%#Z zCGO{%89dsZth!12QSSTyi*;_h2Bud$SJ!esjyG|Ns?4_^?2ILTCqjN%vs1^Gy z(d%Dc_rha}{092MxlNU45B_nFyozh<=xXncvmG@=%KABx4D@LG-iC6&*;qnsJt5i1 zggJ1m4!|cjs}OYepr&E7?UWeI@?LpZ?gkfevuq=s5qiMt(=$6c{0=$yUT3#hO+4z= zO3o=^ZrrjGDxXRqbcioi>!Ww~y@8zC#+~r{n%)jW0vn#k^%4BV-#Sw4fUL6KFLeVf z<X% z^Pr;^<%Hyy72rXGg$bp^NKs*-S94$?X4?WG>B0EpkKWnKT&5UdQvo$R4g_?nre>vq$Q>?6`M6KMZsH|267K&OUGEtVSJ=M&>KP>%EkvS> zF6xXZ(PearE{5nWh~9f=v@rVULG&(qFF_at34&1~i0E~q?|F{>KKt13d;H&TYkgkF zeXZ*{uk-$$W(D3c36=Pr-e@nA!`+m05*ym-qrF}F!4=chfWx{&7j0l|MvP7S z>hZ}*3X->SIi(LYWC<+99J-KJkYR9wE^j2R{;&mKpKONQ-c2m?yD#|q1&j~Po?k4@ z*O5I&-2WT7zdkvcUk$kr4CpY;88%Fhj0LSR_4MPwS!O>?WI9qm4I+kA(%$yxmiys9 z2#0}C-EmgW@t-^6g>oA?V*8z5H;NSg028}`^@om*pQ+g#nobhR|FL-}@rRky@xEjz zuYHH5oV@nPF@lmLBX_ZzT8=?uUA*BxwxXJ|Qf8*XH(nvV*Yr(sB&j)=D0(>Gz{|&x zipj+kj6`yVGZV|p8c@AYB=`>RN#xgAN64S30>-M3e4dsHY1TMd_$&oF`v^+rX6@dx zPLruAhVw0>xu%ssDBj9f_@SBkXMHH6h9JyUl|q1bpTUQWAt?JRkTzgCjFu}G2B zCGNrW{dQw_%>8hkEd}}*j4Z4%*=iTi8PK5AryZt`pmxd*ddftg5}M_38PG@i6~~ee zm$)f1$qT0EYOgB2 zdg@gswkc=bL+psP8>eSqWpVxB#7oXO_i|(0>NfRlX2fApv+n8cy+56jWua~zcU{J2 z6vQCKSU*BLKwGiBK^-z?06;5$?Y=OoGw!?m@eMcHh zpteyKyR>1BvqMFo%kdjyuT~M+r zSq1M{WVlKx+_jbEwKY2&++Hma(%V}XB-He7JmH|>!izyBmR(0Nhqr3()tMYE;8{Es z)=tcnCNJ4{ire{+GP7Z{>w)Sn8_P+8$Wokl(riWUGNQUD%liJ`vPqV)@5oA_$4UtQ5 zx}IMvA}mZC4==CGLBha?ZUIGC0ebC!rT|H zO^*!PDChmYZrzfPxn|0Cn5^cD``dhYTSQ>>L%-$9C4WCX9C_te^kgB7Of49L8 z8b`k_DIaNTm>P(qX1dh~bY%V}w<79BhU1D=EEC+$vgbd}nRS`geZdH*wYw-Q5)QVR z3cQ%8X%>DDi~h;|Sm9|VKI)fqae(6h@8+ozJ!@9;*X2b;&krTSN@go*3Q-6KCYFbQ zwzu}kEXo$FruEXYpmwqGTCoLFo@Zc4s6bP{j=8?QyE`~I6;XHOd%JzvC;$r1vw^*_ zp`u&q_|%%{mR;(^xSXL69}`h+GoyiQcMCGmuy3vZoCwS>5w=@|{`6dN5MO31YNk7| zG7OUCwQXrE=MED%C2RYptPS5wCbFD#>aR?s?fcG|vcJe%c{80-pSVZ!FcedijICt1 z>i>gqcUV^}h7nfs2o*kFYd>gU3T7|=B`naDBaK6{6rZQ#OW)D^J6ih~>O&_1Xdj_? zvUM!@Ko_+=QhvN1C(U#t$mDISBmXi?dVT;jPYL4+5 zsg{D24_7=ld&I%xSD(818|AtXYlU(N(}?~d-u1V8_NLX!oYTO^0vqswfomZQlagijccOO{i*@BpHyaLPERK(6sFe9SlF2Jx7Lr`#h%+8k(S!15Tn-`=Bc-MT;>Evb zU4)OiaymG@OgO-?E@D@!cfI7)K9I!!3a2EBXuR3~C1od++Ijq8VR9&=pN7LSWB4=d z6c`4eBT5F^9Do`}zh4@*jA8FAuO+6n=Or0yJ<4Ya!|AxZZtUvq7Ms)5EO5?rw7oh? z5Yk-d8xa9Mf7Le{r)yyA(fNj)GL=0BONaLRgv5E-fN$j?>0w1v-g0OB8^+1`%pJ_5 z?zm`#kH|^1SZ9;^ur;07lBZn27pehTMZLxa0&GI&X6seJPgwcBM#klW^?BUG8a$Ns zUE;%j4nSfdZKfs}&y3|AEJJZWW@jy6B3~rDIL0BW^lT$yjm&}<&B6ykjH%Qk^Jw_fgUZ{K6H;;~JT;Ax=hJ^cgRqN1bE4CPS0 z6;lp(j0phd>F`2l;egU61xiVZVE;Ig3eyY+xb*1dxgrL0*_-XbZq%YytnO(%yH+{s z+~pFq2Q)aY20Ni<~yhZARLTvw0{h=Oo`#ELRWMsSO;4U$+@rPr5sKYUE= zo2AIDlcm^ZOoO$7#vwZu#Jkf9LDdG!eo*@KQsCF#@9Z zc;D}eU&mNi$SNy<+}4(s$JN!s%4TrQ>BY=- zcA;N>2_D)O1+CnP)}W>PxH5ljY-d5sX)7koWR$zpCl**+CTC6w6>%J#QV3646ERJ+gB@ZD(-_+J^aYrQ%}?Dr}C8 zZCd-nj*u~UKsgsf4XiB9R#6^XN@{JL7fa_n{hkKu6N>j{%yKsHp);xDrTlWe&h~>p{=YV}iS-O}6Z_t?w0v z4tOdn<06%P$!#sx$8A0UD8Y^>(AYnUsfy#wZO7qxFGE*G#GnVPbFe_r$-$}m&a*S{ z^2{^Oa5OX{SM606?8|a=qJ6%cgpwTys68#bOza#1FTE^!%$UZZn^h*tf&C|f{5#Q$ zflmhyFp`z-;c#s0GVo-5(|G>q`{kEA>_{8?8voz_T4DTmmvM!8vw6>ZYoMJqQ(VB-K{(#{|1$rs zZfG)pLA6IcZpG^dt7YL}G`K3upK-;PL(e)S_84&Sszi`~?{@R?2bHZE7~7r~iMNiT zJAdXLPss8KS^7rW`TA|2_=hlWX)Ko_VU5m~5o6yTTag_qS{pd08;MddMH3Xhe!?(- z*C$1~ywEA^78wBbA|r2-Ap)Qj2q5tm`r6#D^o?g#<7ZXVkh_fs46iA56nQJMh=t<0 zabx*?^bfkDI+dv!qT?nN8p|Be=wTIWN@f`;yipoUZ5yY)i^;itf2x{Uu32imFT)H= zvMot8aIo90ao^V?S3Ceaf`*(*-LvV()%A>-scFXb?TnGtFEU0eGWAnHgqAikRtGL_ zbvipnrPij*o;;bxw*JRB96|C`3kbM@-DLyybHd+iP$1muj9XRf>FG z{ZYDLf$aSV7SeHjb-Ckh|0*6Yc}c={0Evn;x1bym zebYZ$ooY6gsiY(hvC*Ovk*utEgThbN`0My6JzHFY`xN+<0C=7tC!T^ZS5u>0EJ>qe z_5MH>{XP_5ZBKF8xbEM93WR=5g@lDvfvG>|Q5-w@;+9ccG~`0gU)tq7I^H#V|NB{C zNu(W7dJqZ=IsT;V`zK}rT;}MQDcF3U!=U)OZ_~XU)fuAh})M+rk9E=KDnbbf^kD+WUV)CRAHmE-lcoxvunFQc4~ER~6|qQkA`XyOp;vLHLd{n<5=WkO1lQJ{SHsnZ!YtD! zp&zCFlAd|)j{&7=rpf7%3LU>71cGA}&})2Xue;D8u)aTDrYTco@|gGm7~N{?Cgi4L zZLKk@=cmiw)uL6ZLJ;1@`792>Tqxw>V`a+%gTv)_)+-YgQ5uUPCN35SBk61#?-c7U zW8MG6I%;g<-@T3WClVG%sH!S_eg2RR+L))#Y-awJ9gM`WAQ5A&(SF7$dP<-Y3trBJ zMN+Ou-BJ7^1Am*5mYazj>iGVF}&@f+^pYv*_)^5hl8=tyz621mP8yite9+(li_Y z@E6>>#IAAgKK)O{aNbJeqK{q1d*|u(lrGu4PV)k~D;Z4{&O8f<}aIPVh$#kD}>H;QNG3bklr>SH;tQ1hAvL%Yw zQ%aXv5xX*9F6uC8NL8$AHi(RG9PJEfeW@{_^azxafx;Zfny#X5{JUSze!>e}7e=9? zJ9W{^c9xXXNk1}wM5*wKC_y!xvPrIYXw7Z5@`CN1gA!z-f3hT(lQiYTNZ{Z>+n6*I zpD}E0{SbUMkWO!9&(5!^qFue3AR-2dak3)FXF$-&YgDSeVgv#ZJ9N&*=|{@J^Q{SO zhRFteDJkG(NJLbf2Q{5V&C-qHKR&^_3a#-U8PhxMlj5`A{s(*iPVLK54$S zRV>_u%jPxaAWT>)S~yo%rEU4D1o}ggZC4&WD=o_MjNJQ0CL}GuNx;bzD10i?JpSoN z`Ot08^5M9sFbFdG;QvK%3E;qN$)@v6Oxw3uSM&kP_tvP%DODYmuH zvjEsxu6*mnTp?V#{^YGc3|ItDJv(28++SR;Vu?kU{v5v1i890W`+2I$AP|5!4)3+g z`=jb_`^u6$7avn8tZ%oB?IM-oWrqji!}OI#9_&C?0@~Vt>{5f^2;U}l>9Fzh7fQ-0 z^_*eEOjb+Zz*T>;VUz(+0@Sl1eeA~bHKVwg4^HDy=ZrV6>hvW2@N`m1A_0p${cHRw zPNGW8y1F_wR&8$uPNi~w-Ud&h<`$)<&Udn~y2#oQ0Z1X%IdlBfvwyzMc|9y(Xz7oO zRn|84*xcTZbk^;=cP|^|c=o);MwNyb2Qc3TVGlKzvJ;hY!@|(Ak<0 z=ughBQdZp8j5%O9zv~RRlzv4^yo(-~O;pkQjI#tvfw{tyPrj7rhA`NQR`=0%W303T z`Ixs*6AM*mz6^;23XNWy;MvU=@$Y60C`ses!gLV4fxxqaovL$axO-bfYF1iQ&d^_M zFsEGZ0jI+3cc!fjDX?^xLsBfaV#!zBnUFREB~I3+7mm9#x=MHS#nCbThrk@3PJV~d zQNYs0*P>=S+ryVMmAVM8W_vvLnNoX`H;fn8t#z83t(?%`R!_-3+k=Wc%dlxjYr(Xw z^9w4_IYJ>2l^(ivGwW*WGPT8k$H4=?d>G~)@wrtqv#J~mNRv(lAxSELIKCkg0l%`K z|H=r2s4onn@KsGxLA>Gnu~ZsBiTB^4C0Ky8izJU7`gr~>_4OE6#;H`9&2ym8plN7t zp#NCgk*F~p(|Qn;GXnjP;RiSmm}^WN_^L0m{&IN17KpL19sT$Mp%RXjwU!}LeK7nt z%}?d^a0h6<)~Vm$wP@vp1l-x$l)gSa-+|@$k_iiiftDle84p6(8hqs&880L^$38exq6V7Z-T-`{Ba56TqAvHV_lpCceJ_?Ra z2kg-~IVfL_db6T?EsZpl=6}@nn0?fk zb()y1(P&kUqT=_5>leJYIuwB_(6MZOuC^5Yh0fsJ=m1y^^WL8rE=9ER-A^eQrhVUw zj!mDNEkRBZCXxiK*Gl}30-s)Wjeq(Yy~G44rd=ggLU;#!%`Ec zC5fK~0xf{FbHi?_ArG){I~8PqWBXHLkOdWc)b`?aBQ{;i&*5|#3KTAxsn>r zGRD_iuW@p-_AiCR)>A#5zDSbltfaF{lR)+>Eb8fx=SVyjhVTrY0)Dy(RO|D93V6TY zt8)&g?M%9#YBtDn7f<1N=Mm4SrTXp(VEwV`KbL2>auu@GkNvG3We=z*$xEV)#qB5? z`&N*5z9**_>^k204?re{evX&Rz|J4pd+C)`QXr|K82s;gk0*WuS^g!LW-dkLfHp37 zt}ZXZ&lM6D)|Ob)@AVt?4nQP!M%i`?Pm(g|AUWt}3-|7kS)gy>d)i>_?&zocnY`>bD#X@;>(j)9yz#jSAH61So zK-s)i(1{UB>STuX4B+BFabj3=#>c&^M63;HmmfUu#b5BgF6R+vt^5-y4ac7bsW)y2 z>BkI}*j8U{<7$~ussdDQA~5Ue*DENBl8!aZ(U3@N<~jjS&5Ec#77mO3WKx=ekXfEf zPwW4UKsyK&m2a3Trynq}a3=AwpL@$Zntn|4+(TPcOA9QKTv)bCTaC?OcGMRy>wM$Q zxMZk?%cAubBYk(>5TPB`SV076VMyB_(Q*y9phJN6fCm*{MwPM|g#CypPo=2qYpeE5 z+HG1x0w0|u6A?(jlb6^Mv^|fPq+;JTKaVRnwXn#zw6x0dvT>d_j*M_*dbZ3z5EUCc zAkPP!;|DeHjT>f^l_81Kz7~yHS}iQHZEmiZWeUvhU!KmlUjH4xy|~$#-JXKV3{x(~ z#R9Dvew3RCLZRD8f9Cctb3f4&Z@nC6Y(KU?xADeUR3V9{m;ZrxZGM%?z3}j$VB8|0 zG3qU(`N+rj9c;m*n_9MAwo+3JaeO7;@XY`$2Q%NcC|(qp=@!IbQAByArF(+|vcm*u zspW0I+UUdoo3#KQGI zzsx@lb(3Mb_Z{BAOq>;`Tsr&JG3F4q$7ldCuIsb;VLFnukQ zWD(pe$fjYqC_ZS zcT|XX8_JKoX5kc#^fnYtbSReciEw<39YyiLp z4{~3K2EFHG{^R@JZIGW%qcBJoOXY!bh7A;tqVdLD-!pepQb#DVOSzL05@mVmFy=Fg zhG@cF5F0mHW&QFEHt&fiYF-8n9^Q9NKkYPgOk}Vv!RFijh66NDU9|wZKNOUUc!*#9 zP)Dax+pnM}qnKi7I_y0XbK9MC~=(Q`dZqgu5nL{n-|Z*3bI*L-$)G8`XO9?e9@OW8%oUY~<5V zjR@c%N(t(!mX*|;DM|X;c%H@)L=%2gD%HS=t1%dqHNvFOypqG)q~ui*qg>iPE!y{S z$%~K|rC}Y_O1qBgCo|73&E|1CJz8624xP*HOcMSZyKJJr>tNiw@Q=1~ z&UvhwL;c=%ypf#3HeWBQq@h$2yt-n_HMy%_rV3+Wq-2ZXAERzk>bNd{!!kz0*jLCK zAx0o1b5U?oNrA#?Sx-+8{;PLb%(ihnQ-Fl>q29K*Lw!k_v)MkPf0SCyL;*CSr~%=b z_eN$$fP{&QI;c2AbCzIh{los?C+BFCMNf@s22T5VH}coQo3A5A^Gf zsl!9*yNEJPv*6C4tL4YN0^@PQZY+-@yWEJL*fXu;&LKD5k;qHt`+pB`KDU_o6v^eKoAu$E33h5$LWX{#@1J6jO^f-h z`v*WNY7l4{M9N>R5jNUz@p$py@fDVkhb0~VC$h7>*pKaln8lI#uS)m7tjBk^ z%|C4^i0k?9&q85DT4IGegSJb~b24;SGK;!iZ!mC%bfg>oYaCuTows8P4ROpd#}F$9 z+0O6hG&XThEPjnVQiR%GWSxCcuJ)7MdXSohq~{?n9(%6pm}*PLq8&N6AN~9I?)_9_ zFTOV5%~tVs)|enZR@(}SJ+)hF>7*#7Sp#DY9ygzRg07BFLho-Pl@BH zA809YZ;lvmBR_&@W&o*bV86m`fUk~RU!=JL89R2jv?OKkSW{7N%p8Bd;xvVCB9K}7 z3OcNUp|?7tKis|6BnN3zcVn4voXaSAr5=gmw0eR!S3}+i;Zmh<)A@tC&$;l$Hz?N2XXkyXAjF4<%DzQT*h*IbXIMpqcd4 zGl4Cb7j&5%E9mUntzcn+xU~pj2$f5u49vX`5RnB@vkFuggVY>@%BdO`eVE_O3L>v# z(%t!-L7>%_RWYx27=p;^YImI|RBaJK*6d;KQOK%hzh^f?FRfRkahMNaOr3z(WNyW` zzQ+F!RsuqTI`4fudj+LoRj)mKefv_x6|%zRBePG;g-Fv`BXOS4B>Y|;EtR#&PI4-# zgpXgYnA!%}0++rkyMv(FG22I~q;AG(=9407w(G?&yD?uZ&w8HxbEcCY9wAemiw+;P zwxqN%Flv|jl~r2t{DpVres%D_E+fZT5#iGp{kjWi|JH0OuXA; zUBt0WSa+;tfu1bawpO_$*b0@)9l{d;4mIyDz_L$Aap18wW$*}A5`cs*?5#E!!44ES@`r)5=uNO5%KfI$|S#4s-`4^NeFn#o{EIgEr}6~_FG!-=b< z6QbVvwzR^F(aZMA6%+aZB3M@k9bzzg6YbDROJ~7Ko)PBu*0aigO(lxyZTJW)tA|I4 z-fUnuKd8uP{O^KMs>HG)0ZQ|9??6yc&?;eRpJ)xMa0%V~5C?x2< z%ps>v*E%~2A4+A5xxSh=6C59%>aEMP^C>#NWt#4ho;vl)-x>x`g@X8T;!wixO(dJ( zfD~DlF{tVeE~RoG%6CVUAc#pE_-t)J1Xxs7Mw!_ z!&q(>6R%v~Gm87T+Ov?O){!WNvTo&YpuSgqjpTti-@Tu@YdEH1(#|>zaw#??!C4 zt!@RsZ}aB8YH(m!f0euBB|QP%cJTdY?GHNrbkq@gjSlCZ9R z=z`h2-VI~v9L}+;x?Ar&?am5-S{vw#J;t{b8b@!!lke~EtF^dkCKU+q3tjZF zY{t^eAT5unay*G4i0Iiz$!8ESco~ga{_-LJFiTRC`+R9;vGFq=QOfF<8w}F|QlocGG=m&VsBnAv2H)$OBb5KM2~Tb$`xeUJ=@{w0|&f zJcVNehf>pJV5z(PsEe zL@CFj*sw?qv^01o7HM4dY+?9Mt6PYlAHo{q7(b*!Bl&{*x}C&l4qcOIqy$iTk(&;q z+0`HwTb+HU_*mWQhbX9Ti%ABBO3PBkW@vO}vyKhNptxVMf*g6^8gv)zJ`^RDjl2+Q zDu&8|uTXXlRjLO7KiL!7W!JNszQ+aIZ-j3WeD2^&sb;Cn0JEsg?>!g+vvC=@|(TPLkt za5Qe9BJoODpNKIe9-fG+7s+oEOqjUvK(nP3N(FF=L-jcA2=K;(*WWK z`}J$_zEk2b&yc$crf8!J(wD+0UO)uAucYHo5eSD1Xh{Dy#;C~qp)SJ~#;Lp#uu}V` zNQ-j{!Gzg8A9w0pajwZr!^Y&ojHwNv-o9eYGD4b+%4fYdXR`$%cbne5wPW{JX7}@0 z<527*U;7+`mcAnP332!~Nld?*Tkl*Xh1Rd>W0{!@(k znGVp&m>-Xl54jvSL+$PF^Fxx9a_yvdVfSv*Wn)eG=hgptnew0e@8iA4kIsyi4G^<* zKhv?CAJNf45R&(VwfSH@+?QfCPo#Iw=nH<5FsIZ7D}ttz=E#ZZ2%n}y6hTpUwBgdd zYieT?Kv}|kIWuCHAJ9A+YlgIP9U z80UhzHx|;(=bkT`Ic?Z%6~5M{&ukw^mlhbx@lw)JK5;u-%EY3xJCS9qBSMC)({*oT z3MR`=RkHwVUKO5}c#76q;-u6FZfKuQT!NhrC$(4IdI#yfRiIyIaB!zr%x4?l_d!_! zy4}@fvon)U5@Hr=ER@7R4^2urEM5eZ!f@E)Or>@deBMK)8#YSg${9Dlm<`reN)Y}a z0g3$)DUH*1Gi^Hm(h%;OqKZKA$tfm2hAcaFeLHsckP>D#3oli9LV$>nW4itqn48t$ z5nZ;_Y{USye59z>PMKoC#@5HDq3#G8L#@AtbvSQ=nKNbN*auW4p9&j18matQtYKY2Yjbwy^)u>ptMBq( z08_+bHdj_sdm@BtV@C82d!3heKW#k zH3O4e?RZ6+I)pThE|0;vm?G)jD}6n}>WvoQr%EAGE;$-#gIyh1*IKIt@;xfDA7_D$ z-!d|!$8`0og>R^Ohc4}rOx^Z#AOj-uEHo|LxJ=lwzq(mpC7B~2y#1sY0>N6m(bbrI zAYs3Ofe)Jwr!Ulc^odRB}HTdDdbq#BnD!$TldfK(j6gYUGidjL6wXR75@N28O zs4|^{kIy44ZY_NIF!0~XwdfTS{W8@dH zrq*4rPM4hnrdQ2ZjCgBfT2oyv#&iD)$}GsU6gU#rX})TtX#w>KPyD-$nN_Vt`F4Vr zR#s}AdH9^^9CkNv&@mL1BEv23ILo-zMe)G>YU-!W6)MKiF!an*?Y&(E%e{I^s$X-9 zJDzw5-82B)<&K)yXm>A#LO8mf)C;Gz!HWx zx^gEosfB$YnkVdB*cRd90tpEDH+U#(CT1jvSqZtkw53Uqs^M~a*diYp1y=GZ8a;*+ zvYRvf_^S+|V9JpH3rfsImSd;40+TkO9E*rxKJ%Ee1##Cl6jRZ4d}yz+rSsyxl=d}e@q234|}eyw=&1u zo6i}UQ2(iY_jUdxegD5Y_}|Cdjd|e6b>hd1e?=|5Yy-^o4H}2T@{pX2cny7iNi?pZ z%qTMH!=Tz~?wvWNk$YX*L3muXY1Z;~p;&fd64I6W4wm7xM9#I^|5lo2bz~69*wY7; z77tPDS4bPk$J3!ARDHn)OX-vNk-cE`mn7PVsF;D%sHcG}uKH-2okqsf!Tu9lM$HRx zL@Zh4gA^5WfyGHdyMwVoJ=Gk64u{mGb7usUMkBZJ=$Ea=nY%;?W@p33B+bU;Y%@@% zMt#RfuX@~*N~gAagS|*!A307EHP$)tfnCA9I7;G)0QZ@V?%auL{7_?ua(2$;?cf7E z$Jxh>Z`lobXm|;MQ2UQk1=3s)Q3&ia&96CY7<)t7gYS=hc7YL!_(9@GT_vG)8|i?8 z38Fmkgen{gNMM1M1Z1%`mM@dNF14^A_PM_i4G!AP;cA0KB__JxY@Oc>j-R+q4^zg0 z3}5(>P$jB_Kcf@zjt%BijR(AOK7377(9oAY4?8$buGo)8N>YQyqSQb|m8e;bL-7PS zw_*|!NmpdBbbzR>+>`OH0fUxnvWh^zgu!q<`7|hko0$>*EYiRjpUOhj8fbIQSqNYG z98aQL^#BrI$qM4oo)jo@H9r|)7~V-?rwlIybwl{RMo{4pX1PD2a(`Ti%VL2VU^lP) z_Xmep(=dgm8Z{&}AQ=Uu)3P$j8tq|89wi@#UoUXaOpNTD>@?;-(*HQuM%+mW!zug? zdcW%8BgPe3cvI~6+dVTk#2QiQP(rH=BLIflL@JXI0~gTi?YUFN%oY)`NV%hl&dSCn zq)qgsDDIXuQ6Pk!ScD(K(-)>vbmrRhm6>5b{CfO|s zr`D{KS_FWm1D;CO;x+<_xGV{(bF*W7ww$UvNE&rxwfbtv+?Whm-b|})ko!FN=~+QV z?G~B~F&vGM4kueoS&$sz-&cZ$pxwqD zr;SPp;3JS9R0|Z|sY`@&u*7*-#tET5Q2m~Laa{@`?{IE~wvf>&O>_QHfil^8ccMYR z&fMMDpYc0ZF)GhqpfPrufp;fF&_j%u#H#m;&Dja|X@nLueB(N(*!r}n()>nG+ zdkB`_Wa6*CMDmL3l61y*x*VvXc(&*6c0=wS`Out(**hE6aJm?;!GYYt3iujOn{75PEaKJa|TAr$a2%7f{X~c6Y&jC+hXD zDpkBU^}tLb#a>Jf+)&9m>Nt`EP0MI`ACxwz5tZEt5S#Xz9>44orL_dg@T=>7%neIp z(BAu{6LFDBVyV?0N)3grw`+X*tF1#xNpZB^@ojxl!<>%RxhAq4oxh1-Fi3g1muAIT z)Kbl^V^Qn17XN2=b4E`sG--(5*2NB z#{Qw{jL%`mh4dN=S9Mb`qO*7;kVo$Af%iMJWfaWbBtGn{U|vrneOv)EdVJ7~(Z&OR zUbZU2{%F`gnWyDX)GNmdt2@xOdFsHDlS1hw@h z9|3LZe!W-^5H7E+3x`=T{hx0q_l@B^Ai3hbIE^9I*Xb5gs>8*`1GAUGOU}2G*tVJ{ zXT@pZkM;TxlxG0at((n#nBc9&NgeQ58`w2&G`==tYv=iy?UM{wD&MO$;B4sF-c~6T z8ue%nwS0APb>jXauf@3hXrZMvdmZj#PtZ6XH><>?jaL-#Z7^G+zl-m*WS+49vx>3r zYk~8(sa2Ry+3$zx2_ba+eP-5rJ!f)NIOiNT?wGIv=XmRi9*cd8JlOf ziJ!zo_3PIMDKey4grmam$uu)mURz(L>+3@oyGG?~ebZb`WzHjB^)UbTtaNXO>}ps; zBVnN_?^cxm_EIM@A&~~IdwIkKBWZZ_BHFmx2y`;ZCr*KdtNwk#vb_@Ny=Ojz+=uE{ z*A(Pe*Kdi@2yGQWEf5D!hu)McmDG!A>6W~LZ12_}0u#Gu(ajvz_$cUFSzeF=!@(rZ)D6~WlXbzAdCL>dU6GNrkkblnhV?LipXM+?{mp)=ob*T= zSuf$!IC`91znbsB|3)ZYiye>5l9g3l3QlY*R3~Te{OZv@W>U(2Mdd}u+=pm-Ew7Ia zo$9HjHAxLl#*X~NR`e+Y=nv6UTXMORb^=pD&<^VO#`-bWx*wB8=4f7>ef?}?nuJqTsLIoa5$FA14njLP)-nv}+x8JaLpv4$3*3W-PD>IjQ zJ+-*M?*@Hz+-G{ z{4F2}ZZ!6vQTO(KP8TQm|C@FH+v7>^GWT+pc|Jli!CRUfLT-G29%sL_8>k(SA$r)u zb+j)iGdk1U8qoFcn-J5>kfgSrt1`G$wC5bNw5Wr+ql8W*GbD6}m7X?$=xAMi_+_%g z{-9>)X@s+6lZ40JmyH}+;!AElStTC)O~iFbMM`*2^n=XjKOvD(IV3>j1KnD+-O6p7 zpI1U2p>&($_AokHAWN@Aq8mPPu$5(PK_x7V>80Muvk zcO|`vcbEJA=!1eovBiVm_A=Ezj86%s;~aB!l9LMotEvdCes6@{d^|j$AI3^?*{ZlBf`cs9J&aCt^fVcBBME#>1zSp{t z{Ffiza^^~YY95DvS%Id%Sk!)5dKwVes+RWu()KHWeu}52A}&1%3?oP;`+x#K>+Qg9 z3`ErRsQM$a(?4kcp}dpvrKQZJyhz!uE~3<+OZ~7}o6Cdq&2x8$cup{GQi&gDr2DYP z3vd&Gc_@oiCqo;wID2-8gI`Ve>yfaf85<{O-dD7~v0q)QQ|DU&nT|x$icbiepTCtQ zpNHDONN!Dx6gNS3!#xXKf+cUi+y8oSg?kYT7&0sE@Y}liRdqZ( z_cd3jzWSI3Qip@Eys!z9;AW@x4TjP9^*YiF^nO^8mQL}_KKJQ@ zVB4qIl(mB_+_BFO8ts~i2*BPp2&B(Lad|JZ9NY`96uXfDDTh@A{bvDE;03A31H8X# zblXqBiK_=tevlsatW%42T@`((UwQiAb|vS$Z4xz{)@@NWKoj``U4^R}IoMR&qsXT| zjuPe@&`(#%DCJYvwOGf}2U`KIjc3kFe_DgZR$GL#(kGzl&CND8pi?bp>=mR^J)jK_ zj~EG{AfbEbW39Mt+w)LQA8psM23Kh%!TH7KP05%5A1|uCDPGC2jgPj6X<7=oqtenW zs=NtD^mHm41g!EvI`U~-i^MIix;1xW!=2iKG56!~KP zPpquj?QNKomFq<)HP$`@5=JS&L*c+$z5PcE2e+r&ySKsj zXJ{_aw9V~$Ywv!@-SPd6%Y7ou#jIz!mJzEH`-lYubti<=v7m3gyGhqKH$kYrK=zzt z)HS|p;-HZL1{MD#C~fskGp%pCA^qp7&j@TRo2qIeJ7U;e6`o_)db2wvoBeZyB6Icr z0BcDnRZM6Qp6=kQX9g*D}vk(6_a`UFr8oXpH5 zs?d2QQ6Ok`ql(}cK1nuE^3t1gW==kx|DY}H6x(BoCGB`Q$O5&f}tba1}O|4H(g_Nus1v^ zG@CG~hN7=ub(26UcU-rn^O1VP2NTJvvjgsp!)bs5Hc%(OP$dB_QWiAW9c@ZQoqF_M z1&&lmh<#236pv+_m68In;eaWCwE9HJOzS%=2ESazG<%a8+8Z1ySh9~TOk{#E>oG~I zc^NJ6a#vkKM8Iz*ofYe0rjeI|q@?NVhgEkJwv>trv9L5$eEw@_&2y>I#DhsF_U2?` zzLDe7zW0j)|HE~rtz{K&llu3iD1`x)dJ>7UfQsv82c~BZCLir{2{ct(*6{Q$#~2tC zl?7&k{ZTfFHlUW+NJp}ll_r}iXJizs=mW$T%|~-krGF^jeCtpgUfQJ#_O{8t3pjP__%BJprm|p0%GqE$thmE&hZKXnZmd#<$oyAPPmGN;DL#59V4e zhEcmSI4z(7>bAE@etlv4fAWknJ~_`m&@0x}#6x_ZbH9Q`AoZ8%4aj#uPqJX(CSGBu zLHd5aArfx`c7G0=XXC0v{D+v=YnkH;(6ORzj|ChKR>MAaj;s!20x+AszlgkE4c?|_ zZEB7_=gj-+Vb09X7M3UMJ=O zoUB$g{C^00%b+&HE?N{TZoz5M;50}H6f4@`?oQEQ#oZl(7biFr_u>vkiiJ|V1%ebS zP^?h2z|D8gcjufrGw0rad6P_L@=mgzz4uystsndOVeRsDt4kfubw?{+)ji>7@7-DA z-9(;A*YMc6U_|n-F{gos$YdTu`Zn4n-$VL)O|h*+QFQ9Rn=z?J|J5(Itq>8mXz}IA zrPf*j>z<9rhm9v>=uJOQEqB7}MW}TrynL3mK%sMbpY|%(0FkljZ3b*+mqo>Is4XZ! zW0sppunAQD&c+Fv<&u0%Tn)az-7k^~eJsZlx_exJy}G|@k|LlVda^c=M#5ouak&^L zi`wK08mdv*qfe>Y7ykpe8vbv%6!7Wrv%X3Syl3p1Tcc$$+zPuY0WE{)c zWg{nzrLXA5I%m1K_1oWmu+~sp=SuKr6c^{U37sqEXc6xNix1F%9W3TW0pK~ zn=YQC9>nSE@axZ%%1`}18o3Rk!l8+a&zGPGQgyZWcXUv2owKwZ<_-QG@5iJW!Dg!; zX3wRho7_#-g~Zf4U6Tf~$~Nn0q{`$_>9EH))7kO=v0e1;Vgg5I&>r;p9$_Z7x33?E z3_M+4@JT&fUO+pRsAlCspgBbwI5D>}X_d)4ZCJXJEk3!ZJw7)K|Wlhns_0 z9dnlY_8cRTIb_ z$8H4Ooq34zaI+EPWgF9^dl2WmKxbe$2>&kkOSGsO`2ORbGhRauH}^{z8EKZS8NPad zLoKYT-6Jpf@sF*Z9;N5ItWlTM*#&LPXs-y^CzVr>?0Wz$ZHAl@8x&i~#t#e6;6heg zg`IV{0(<*pOI;doaH^Tq{?c5&15<+0BkKA5=ddfJEAh2QvBEC+LVKE=QiDMn zKieyvl!wU;u+z5UE>LCo`M&o%wZC&c5eb0Jp>tzjHh0TKZ7GGXap3mx9>s{UCD0)L zQiI|6WdET|fc2TTd@@0sIZAV68Rci$y}IO(vP_u;#2k=Zbx0ME>S?siRe{6AiI-M! zmQ2<(DVB%kLCt_3mNR8Fj_3tVHMCzaQ)c7q9c6Wq`04>tFBO%^N*+QEUE)X`N`aG* z44IGD&PRPIhsi7CI07t2hH^k2eA#1jGozz!hV_lygUb2pDB;vEAhb1k+lM7T2J4*B zW)RwBZNUNA3F~lubzNmTuS(OOrXwiJ2iELt5~a)CDWPuLo7>irczI)W{jy_ z(Qyblo~=~8B7zDu$gkHqpH&Z-fLcC$C0T3rckz?IO%-HDVyAkI%>}>;7L`Ygm#!G4 zOb4%A4HDz+zFun1dP@k&tdP2#(BtwGs0e_MzPE2PSB4$#zLqSs+2awzpdEscH>KDb zc{!{u1#T##@j8c;ioeIqxM|`t;P?OoA%FYyVDyzb3&~^w;-9iU6%=;OizB{|nuU`@=J4vusaDZ(m=MOFd6Zj{-~@;E<|s{?AMH z>)^fH*Z0aR>QDCrkJ*f&cd*2iMn)=U)d>sA=2t_G3|pTn-6TPl=5qni9M1dtyriWp zTL(1y#LH5f>wXEw-$j4x1}Y0N&i-Fc^ndkVQB+*2pZh zn58k8Eal}Y*p;J3-m-$p2~;rfQchxDdQp4Xnukm8^gI_!5kyZxE?(GYVi`2BkwK>B ze9*BG@1nmh`BUm!siL`=fq*W?FMi4P;vDJUSjJ7@VsmnND1jy?6T$=>v?zz1R~xQP zG!N%i#$Lw^6n<5ipLy3XJb(2~lihJ7!1(JF7ZMp`#G#I!)anxaqCl78a~TjcgymyH zmUp_{uDd2ye!nG=yK>H?_2yCug25m&1_`Tt!Djb6#B?v{tit*fjMg-k6_WYlfrhIu z)cUT)sf^+2jg7VMJAJ)HCAAb~yL@<)B8JwNN2fQL%B8B@sjmS_N`x!^i#_;WTp6| z1dHZ=--$cm?fTSQ^_I{9zAylo_1Ci|9ClmC^q$C%Z!d!q?ZA0`;v}y~r%C~fd66FbwKcdi=4psN4JK-6%fEv$ zRCxXFRDl02N_9HpY$oCSB5xsBlv~s=?y?o+{cNVP$_K7d%Ua7U9g?G|SB?5-l)YYQFeK!QDg{d&d#&i7As&;(# z8a6r*oPJ2LQ!ZWZ9p8ivR>D~#N~&_u82b21jK+$N_ICGfDtl%CRBsC%aIKN8^maf6 zvaX_1WS#f3RiGi)Tf0H#IX|2!)L6j@3m6a`=0W+yRKV*POqdcaUZKosS2~!66-1^4 zh+@5}+JUiyB2w4-L)o&XZtFk*q(pA>v^ZkDym|Y)Pc|ckm%K3X!5Dg!pH2A~(D!#8 z{Z}d6e_*4C+F)T&Zs%*Ptn1 z9#O{2V==_`+6hP}4t5qnxtymSE65-;u2hzvt9!DQT@y5(Kc7c4e`d^HGWOCiqE8M= zMU*-DB37v?`TKT^)2T42Wc{aIa`JG+p*6Nd@|Tes2`p)}F4^s%frqU>fBsDE&kXb< zLmvLL{|!gbEMd}?j98<7xc*xf>=7*8tNbQ#kQz+e-(|?o@U9_w##2PEuW{y>jwddH z1{3B6?r4rVm6gQ9j8g0jJXLIHF}B+a8?3kqTr6>fJ^Ni zth=Faub9_q-88xG&?B^8A`LX-Mp%K-(aEaU6aWD4@H;YyjnQ~J40iv}-+(e5zQ)x< zwmUl~!P=eYbGdppgn`ql%k4#$Sk3u=(K^>Aw^AqIiw>GtI}!mtf4;A3M}4;kwptfC zDJ5D0=XA$tpi8avFLz84NN%O)J<-1JPNIxZc5T>YHH4nPyR(4muZiOz`B!N8=2>#O z5<`qsw{r*tqCJH4RwaFV%j8t*>Cbl2<7K7CHl+k}YV;!gLqD%F1TTf333mi*Yogw# zL$$)Ol^N@eul&^~tC_mp?|<#n;;fmV>et4%U2WwR(l;U}`qqh;?-Tla6yt{e*&m6X z1c>Fa#5h{Bhp9vd8<@z{J2=2of5gJaR{uWkPEr5-ceXX`FR?hy`kroD5Nk#?hG(iY z$)>6EcWAwscd?p^=4-Iok~|iTgdop%gf2!joiy2(b}AG9_caRI;lf~$*1Km_#+To8%haV&*<%o|U56AqQU zjqC@JX}D2*uCAfC|1M5Lp6-w8pH@SkSU8?e?n4i+*A-mr|0a?98|#zmLbW^LDD&r{ zkXs|jpT^73r*~KH9xoUl&t?Xs3e+hrOr@zTEnMd58Eq|G zISU0R*4uO(<=)Q9;g{{4v3^(xZM@HL%R;FB`{Mv&GGtG7z!SGp)Wmc^BbVr^W&kQ2 zGs&`RBhuK3Q8LI+@;iz)4Aqc$w)uZZ(*A>CkCjz#aU|L^Nt_#B6MZr%W(OCC7)(D1zPt?8g@u@}bj3jmrRvro=n7|r&{iPPSx zWTB+lQjz+xM(D$Cz;y;y+4V_2FXSjdT}jq>gGRQoafN0G6+b2+qt!hin01GB8fFjO zs;;HXY^`b*EifBG&^m~sk$!|KCrR)w``JWwsWDm}SnO_OO@jWC?m=?%0uv2*VM+@Z!&EQ+q6%o5o;%$nl6IQpey!Y-ttH~?TlhGRQ0>%-qN)t)fNB%^ z`Fb1$8)dn@-)pWLp3ncHc+?qu0{N4-%xIXwWss>+6mo%Lk?ucSk}p`>uTpwplP02B z?x4gF=pyIg{5auj1<@Ln-bPu?_IV~I)V@xW428N4TZypwTL?FRIbU&G`eT&E5jKaV z&$W-39WV**TB3AWLThn==QsU7DlEA`tf>%7&eJDVkQPq=XfI zuy?@p6Dw(5*`W-|4r5Ns=fliZ07o|C9TX1DCq%xB<)Ne;14(R??V5bE2L%WEoU#^ z{DGsy5w0DXZ!!D(?0(2UBhz@3{uQbKE7XFatiP+veWf(?!J0?=JJyM|BZ5UZ^Go;02=OrLTMw z1bu<=tk-Mp?tLLYPPRLw{%LkXDGLCVOjJOA)Bb;s5H!66;y6X8H25GFxWoA^_C*?L zR{NQ@`v4P_v$yLrEl6%p)oUo}d9$Cx1r$+NhZ=DE^q9jhT6uN47|mMnu<%j@J2-!J zIqFCheMJq|Yg`90gKrKzZY!n!O&$D2bu#wt^|-)cAZA%NCxNY4X1xeKfNId9V`*je z?-Y&6>08b(`ng`1sFW^9*G>Y}x25@|KtBN$Y&q6Q6q$@Zhbw&TZ6ZS8@^We%W?w^hu=>!<%dj0}9>=%VnwJ$C43`(M-#8bWrAs~qxN;&zWz<%+uuajbaLg2yplBcA@gBRZA zmK|GtesdPfcr=?B_^*h6tqme9TbJpRJaUQ?zCnM@>}0NcUAMATrZiV zWpaDPZp0b+0n{8ToGtFv9Fp?V9196Lau2Q)JWU)tu?g-)Ws3hcKZMf|)wtPKGrjGt zWSeQ}!|aHL86y5Q-P4(#Z~scpIb0XlV{hR{BV+$^w7bRwxqrRpjK<{^)?B@r!4?Up zZN*cuuI}KKkpg#V_A1@maSqucg4Pf#uJWu<2G-05&znM)AqfFh2gg;Mz1H3uXfOk@ zmOO*kNg6a&b==Jc3o~_m9KtZqU6BJH$I`))Q2!(rABk^L*2cS@=3k(7N7|3xJDH+SAe&R8=8+@tnm{ss#06i z12*VOMn*uoTBSk{zz-C|WCwdE=uM<3r8@6!I?v~2Bp4$-_PxRz$KV_saw*0ZB_pzL zY=$@MJ(w;_!c(I(&dzG0@Rx`lx20%}?;j00x=kVFyZNUu8p$=3cl%Ed$fVA~JE^uiJdE-h3-TKA*~c=`BZ=-R;jc0>)+N#Vo!Yet!H zBvB7>4a2~n8s1fli6?~}!5~yy2LILXPn?qdIMp@nU z3#Z)%V<{QpUC{0>yS+K%yrY5D?_m~&S(hxxzWMHM^xSj-DTH+-dpTw5fOSD0mEGtW zGhoi!*qH4jR*AX_=|kcguGZAJ#O+a}4kNpbn3}I$KB_<~20;ppE;Q3+ZMJ=;lB{!g z@>mywoGdL=T#Onm;!9W9K+9rl*) zCu!_|p7`&>o4b@?o?VIURe~2oZ{E-9eZBrZae~ZdDA+apq(Nc+*splSlL!xXU3peF z#E{+z=DQZmr+#Do?#xJ!`f$}76CDk|$c)mco90gtD{OrD)zqeye#-IB*e%wBe0(qO zcfY}z*K(EF1HS>O;Y=FuG4VKj8aLhq>A!xaE%_<5ZFtkhI~TWDduezap)bDv0rxo= z(r|tt

    M2HKc^dVDE*bN}EFb6bj=E<&4OJg=HU?NUQf>EVOa)p`BvQQkjMteS4N| z=Hc);2Ax!8E>uTje*QxEGf4&8;vb|xz7+34#ygb|^!I#2<6B?S8vkzLG8+>G-1^bW zxCewt9&etN)oMk(&DW1)U}P-H&#(LP305O(G$iq64u4_IUPD7%jSUHUv$2B{t}B8O zHCRY{Wd+YK!0%UtDX_la!$7cY9b$Efi;QJ#Vi91bkrSV)S76KjnI>1aVe|R3S=cHw zg4N$(kuCO&KW{U@Hyi1cRt&$^P({#j5g%=xEE%6}p@CBOIypHDqwA3LdjKpbB_0zZ zigk4Lqe^vP4$Jf2Su2VYfI2Q1%!8%!F9qGOHgEdYZs2AxRMJl@xpvXf7O;x+smV+K zd)ThxOU!*X8E4+|%6-p_*r|G`zerGCa~TI3!~aGxr>&ee_?6mW;G%+J%P>c$uAiX(E>ne?q6{(5-Bji8;$B z@t0x{E?^qhXGoI+Srp-R>Mu=flJ2|4CtqMp{%XJ?@uz*{Ii$*4%#AvdJp;sNXJICWahh84pT(y3jV#LF(#=FG5Yve5v z0iytiEn1^@|8%T#E6OnK&g097YRWk~YWBK}J;5+srmfjr^sk^AP@?`zw#xR8*Jg7c zD><2fM{QAE{zR-N>)xzydY2}KTRL#jJzvThL>d>UYp8Ky0|ES$^Z@{7&#>z2&tY)E z-k5!2jXfx|Jfnn=N@hg56^dJNib@@oi$3i-JPANu#bPc)mLi`d@)D)iB}!6C%(wbs*dzHkXs-M$bSq9N~QZ9 z&hZJ25_;sA0EhggChbUgkz;ZjHvKG z0OsSe;YgWn5oH%0s6z&-dN?0E?%42YN6wiA_=H>)T}$}|^wY*Ho-1oGhKLxGZ`Iv> zB3ydEaw5&SB5VhEW{+Y#&ZD2+40O|u$>8^Reh{p5=+V>TI$Cn9e~l%|>3`?)TCMH1 z@P)Bc!Se`CTw*87#Y8nh>9-rYFPuAGbRZqujO+EG^H)K`rV=mAj7`>d_bX)qv(tO| za`Bw6vfU}N6#Ig$FyI|fA)qccnNlBdniUN3LF~uY=SR}m&P)-s!T%lC{tIzI4`bd} z-S@JS%MYv@vFtv2%3Z|OqlIs|!zgY|`|-gw0qE0T8P^n28^r@Vq7!nuGTWIFmg!TR zx<>IvpGCwq?qadL`^cx@Gp!4RkZO+!}})cSFISx9{*wO%1Y7^BYA=kk2xe ztI(ndl-)|J;?6Z=WyLl3_FSld^v*oFVRUj&3j&Ma^{n@zC&|TG8BQ?@12;@qYo@v~ zq*lsh)KOuv!*e;{Dop(@F$!c>IvK^KoYNg33vs_R^?-&0Ch$eed4o45DGr(^?23fP zmMr92A$>mOf(vsCGZ84e?6v2w2&U5+v7YI_^=s8PDX2g$5DuYRY0;{5c^vE{i@Wq3 z&y~AdxWmXI*H{V&W)Fsv)o+MzMt`y=q}VOF`rRNp%xMaiHM1gNp3kzDwJtB?W-5l zP`{j6?7kpE`nYkHC{E9iffkPD%5aD`nsli=1XP_{2<)~HU_v-L?Gf)ui&%l2Fc8M| zIxQ1O_{cOwE?#xMb=8?{lW|Hp#~OMY$b_pMV|=8WXT%g#CX3Rhz|`lGb-l)-6Qe$E zC6$PwKiTf?-_2PR89@$_Qe z*18vjw4x1F>+wbF+-#UQLEF5$owaPaGb;Abp;z{RrBlrxDrIkk7Q~KyR^9l@6Ss4X z>0@Ma!$hw1i)6R`Yv3c=6ruQ#ZQ8-0o?e6#yK=Q zOg_d5$foTTv`yS`wqP0)jg_A_^An?8L=X z43wuhaj0mr$J^mV<4oX&>$RAs;QF#!=E^DNL~Y`tSPR^&Yi+2NRZ5N{+oTE4pC$Ue zE&1RgH8!%5xpaWcNKKy-488^$qIHWkve&w1>Tu_5|HC19o_E^0oqRF$ zGLctpl@wcXX@`DISeABtE$B4u05vYJ?4XTSjzaPG*vxI4Rzgc9LGS6p7pxh?yd67A>R z4PugjXHk{e#CiGl-&srpMkekWIf$b({B-+Ju}#wzWxMFiIy_NMsgonBILY6>^oMp5 zpdHgI6CqeUe7AFE5ej>|rc8&n`F~b!D1_^OWKps{c-|Q%y^P0o${0#t;L9BR)40m- z=|xj4(dm@X>C<5htHox7^L&BJ^-c2B=QuaefEnjdpopzh7A~S$DvMSVa}ymm)s5PQ z4O&tBid&@qwZ1h%lNK@<(E zKcot`Kt;g}@(?VUs0t>qN;Wtdm&7eX2~V-fH<1>=??geZI=vvQe!_)8|NL!PC#Tq6 z{_s)8!jZNuvmKw)%0WMRa?t0#9UX%u)eNxqj>wyhYK0~^+?(OB)TYO^buCSTkORo3 z--Klt2cdVnj$Jc$vf$<(JNmfVVA^$Y^^$`_p|*77>yDdY1>*fpF27*+d#`Ls^+(?t zNd;0iz1d;JbbaGT{<;}Wb8xuC&_`%3L>o$OV19?WX3Ztyn{u|~ctynOqwVC4E79v^?V7cXloD?nKP8_F{5f#-9`qBiyLL}(W%|rcI-`> zayH;)`T4#>D@`Rk*`+5)JE~7j>*aSej~2yj$4j93Rk@SNTLDj6fFdYCl+E8x>@i|v z453Pdfe6m6aBrKObZqlK$iERFK5^N4OB|Ur-tb`7w$!ekM5e^!Xyh0fR}?q?QM072L}3_4V|_zsrn|#6fYc;#BMa`OZL> z74xHv7b4wK0j_t(%1FkdwGqIL#6Xtho+609OZ=;mvw z$FnU$JiLjj^2{b}6hvTcitX|IRZDmyplCE75yVo8E3>y z-nTvZAudL$;rtz_xdqHn*LPJ1zZk~)SNqT3>pOGYk)dcMV<+fm*6mI)F)@LQi;JYd z$_8U6?;1;HRV6|@EP@Uwv`vWZO!sAa6*p&&5+tsrC0a>ut-?V}YGdJWI6xwqC1UCKKINmXv+s3ORC^jItJK+6uGJd;Z4V1e)arzP6;{%6>ME zo!*ZJIjt-H^^({sEGHT+k%(sNa$@#naM;4dW$ASukKx+(WVv;Th*1i{w6>to4A`%ti} z2luqb`E?$&PLWW=^(&VgT{N{DcPqSeedfz- z^LT9A;QlZ_rz9f?r0q9*t+R0QN5}l4qMmzA-DthcPEud(5TR?BcFdA$j!DAO%H6MD z|35HiO_F*ze&Wr)9s+XdUmna4#26!t$m1i57m5y4ob6XhT(cz@#}c1 zc*Vf%>W`#LJuT=)22Yi#vaq;-74TO*VS%UeeWLSW$S|CFO`HLZq=NwMyQ8PC9wiVr@_X(lTyVU7!w2y-<0wF? zK;2aBa9Xmu1wU@RJ}FmDxS8|*s+kbuSSE4rbFY>6nV%Rg|D4ZG1Uzdo%llqm;xJYe z4E@T&mI3!_QHVuNc2d> zvEXsefqkFY#>r;=_~DLUaIZNLw<^FA(8R0tq1YQ|({t58FRTtehz^X6{cIMcCz57g z{WF}&vHGXvG3hH}Ah4WsI4&Y?uA8=a(XqaqRAtcQ0Gs2aXm2G#wT#`V&6lRSImiVp?Mv|P3`Y*L>>Wv^Ad6i#fG)QG2 z0;lK@el6w*qbX6C8-Q3@@9_PRk|=tzy$g9SJ~$PfnT|URxQbN_Q(o8L8sIPO3LGrU zkTKB4?pUdds{u+gxJ3G#M_gL?BxqA$Md@J8B%Dl1d0y|YwI(S-@Kg8tMC8Oh$bEfN zxm56XXt0ftVNdb$?}mL01i z?)Bmyn8NsN?YWNr1_(8%qvSR%E&8j)#&ODA+ag(I;@||udhZ^jwup|+_Lm=f3qx%b z9FP%5P~L^7?RvhM1pSmF9Zsqx%@=nYbdv5LE{s8&pF=lJqy;l9gIf!ij*xq;8KpHf ztqfSULVAV9JT-M50X}zUi?NNSU2l?EUb*`8%wKp~JsIvv?2TiFo?uYRozkF&6^SfN`#qY^Eu3jqFO@5M+ z2U1xc?-+n1KULv_?+C0olpQp!ydoHU-v~R{LZaNPQ(Grm&dwBbxQEu%SViM^h-VDu zltvFlT=>a7l|)iY@5g=KZv#HAGu|X7mtEJe4$7(CHjASXIK}<);LrFTAYsH7UJ0v#gT8_B0 zWzdy7v!JKPkDpx>r-z0>c%_>w#Hdpp>Vmzr;}xK+#4#;CEAEArp-cTC4P)=ec^IN0 z7}El+di?o`CNnNUwl?b6->GR?_a5xC;{xQ=!f`<1URE4#VGv|*yYzRcc!4Vi388TX zbf4rM(pmUOuPZ1hsM)+ehPhTzj%P8Hjk0%Dpf8T;r|inZiWO@Uel2TtfMwRH?~6-E zwlGCQsvo!iN|7$Ygrf*uh@P)bL4}f+g_Rb%nOi8{GB0G~r8aZVPW74$0{xsdhy2^b zAL-I2!BaAXakFdru)6AwgP#+F3`4MZ_c!LE&zrpW`P=c|e}82m?GjC3T^G&H2DiZW z9zC7kru4j}Oz{0%hhF%AL&}3D3?|8U?I4l7`F0gFIRl=ZIG?3A;AKq0tm|$YS2;#!P$9XhUC@H{ONA3zzUx2)Dqva+Ed!Tn^r5 z&rEhbO`m%m4-|hp`t2qf>Kq^`hneZDmBYr#?NcV7CrbRR}X| z)Nfy9XIamc%TcIxvvO&RFU=rZcl``}2HRy|#LcTy*Qsw?>dr%;IgL!p?b^37;4tJ6 zyanda!yIzo0Gl%>BjZ{#sJ!WLG6mFh4AB;h$xF0j76NFdv|{C=**NnEJDt|-lCZ&F zwAwgZ{G86(SFy57)J(L@lC1q~*5$u3fy%sVwy-gyqv2|cmE6iZ=pK~pRHQ~&V0a`< zU%@FBFWtNLzW*b2=4dW+;LAFFrwX=DSMRM@z#JriP9aU)1kSF=f^SC=L&H_VrR77) zu8jvtRO3YBXi$AEpwscsYKN0nT-Uaf_Ia0&!~Av0YsdeBzzxZIQRQX!pU-!vqL?ax zWwJ}`V1i10Uxl$TpuIN-MeU-dle4q7EwsVgiTq7z+iQk;4c?-}qraIiQ7){n)wT`g z^<2d<^yQMjoZHhR0_oa*Jdj9w{e7=vqDJaVBd@0%e5$2lNeQr$+;H}phX7ApPD-Qo zXg^5=-&`J|G`?C;E?ZU6b5zceF4EexzG8_Xp^ z*`c?!ff56MUJm>zAqoB!$@p*6AQ&35qY$zKF1kga_EgRlME4XzFBPQzR%`Ta5xL$3 z6hxsqY?rm40l|1vcLTY2%eJQmOh+!|6)w9ujSpgXjC7+0?EU#&-CK69;S+FS-DC&+EDtdo02Gs4B9_8anEhRH+AO{CP{ zX@ck(o(wL`ewLJ&jFff`KRZ)MG!R!r?gAUTg_OpHOB3FB5xyg&0u(?+6rh1H+@^}c zl{(3x^>|F6(jlPPFCT1~;m9cMWbyOLvzR8B1tlBRR`L`%DV+t0qfDD+?n7hp%+TROkH(hmxu-3ZEY82apjUm~YDVcZUUdLgWZW}zaBMo& zQXTutvVQ-703XXJY!8huz?_?0Hxw7a(49G*vP2ZDtVis-{$Bf z6eN6addkUq@>mQ-NMlfutisoqITZY0Hf14dgRvZ?w8?-iA`sA906Nhht&P11gQ2)q zXOvTB9j$waPN@}ID(xGK500~mJTmt2XYx#zcm&d)jbEtywiDp%1F6Q^h47_}8&7(V z|CDdHr4isnA`_$HECAC(1$qRjUqQyKGn5u#$aEqNLMv^2ZC#KAkl)m>_c5;sy*K~wX`v8{Q@5fvl{&rG7Ov#eQxM4i39caG$OhC>Q}^F9 z;rPIfjz|2gmJ}}z>s8u;BE?rl;s;d-ySf#dSaf0LgpAhe4z87l?;osZTZP^8J5Vn1 z0vmTLqA;B3Sbt6J6@Uft#Y!TK8nV{SCDP2nQSu-dSOB=bB!RxgYO3w8e%v$){uSi7 z$nw1HV6I%n7a4NvC(&*Xs(XX$?xcfMBQ$O-t9tJwl&9!L@mjW4M}$UG%L#rrif$K8 zXiJD;G;-^M6J{9yOYvmBp+x2xz*I0Nt{g6OG34&!vy@BESX3wf%*Rq40dX<+o%eAh z=d{PMB=)7nXR0)4#7=OW-L{4#mh;d1^ti_=&dT66y@u!UGd3o3N;9p(D`Wi(n+J~s zm1cX*ay6Wrm$)O1u;ARdd-m%wmO0L&LYWKEqPTn5DOzz@mRqxR>KWWm&?Y6h_$Wdq zc4&PYJP~X#5$ixg~)uNWmncs9lKZxcS(GA%oRuBoTfa3R zGy$C{+m0uamfHA{v__ub7m7I9CmlqLV_Na8T#l;He(uOc@T%!_N!y{SZp=`r6TM@t zJrO__mpGMauUh>?tCe4AJ$RB|RcAVcFo7MI`F`biDa!GO`%hfL;qQ(}H63SXnlF~B zlt&i&uHpoZ^Q`4C#e$j|F(ahfUPVo5&32ACVMc-dfxqU9R|#4CjrB|IQ>86btfn!a z5tY+1a?9JsIR?XMKaHI%xn=jhjO;Qa&?-7dc^f~k@n z8QOmoN}V)}A^rCYI*=i@edeFe_zC6OmL>-S+RW?qaTgq3{v`B`702GZncIDjvRM24 z66lEJ1b;TEt+61c>UX9=DqmP^RSU7Rqpmz|=Q33|h8_FF#BwXBPT16n=c~~mQ6GT@ z$@+Diww)J~cb8rlgAXLm9X&E{Dd%nG8={4Uskeweuf_c`Om_X=<@X;7JM}+g_PO^9 z-;LmF6ixM5c-^~S&KG>pQuOe<@$PTXYDe(u?d`4bO{u9cUeW#9zU2Ln8Od$hnVSvC zQ-j}-r`6?KN``SB_T%gitM4W}ZX9iq!kf@PLLwdSzM3K@?Vhrieh!GIzuQA>e3#RPv$T79Z}^^z&4Kq;Lr-r}E?7{eO~TvMbek!V2czIq z?-019*ofj)#1$49b=`H0;98lxRo6GTIbx&`((MwvDuwfbzcx*|zhw{B;I5n?y${Uq zF}(ST*dq{FtZT}Z>?kyya1p`x)%a+{RKhRV0{2!eT&jmKk-351%)%*ors(j8$1R&+ zBhPh`+5+3mgW9cYTJ{A!1zg%8b(+T$%Ftv-_fpe|5`LPJ42bT<-rhjVC;IAlqx38hy{>DyR z`-5njlv>N44?!hN(N*cXVOj;E<3Sr zrWLcd%j-%xc;B=iZK_m8njEkZDPyI)y~6S1O=pF{g7OQxH9?-jCF zyq&I+*OGL2(<$!SbCEoSnzIc}o1EG+NA#G0J*i_}Xv}{_5+osjplXTJEuuZbrm(UL zhXT>(n9&g3wTXx^0mD_jP9YBbl%^*1Xn3@rh;hQWizAG)bi3GP&iJoBV5<#XAM(Xg z5#1yT{JD;qUrii99}_OU)sH+zjqy~=DYRVbkCiIKaYQ#$3rM9$nlbI8ztc`%4Cpl9^Y;YfucAmP)R8I;8)68XpoZfvNA|J0z%NjX$ylf;S__A z!wgLz<}9Y)K7Su$8SYZ<8G8f%_U0xKPqg(Nee!*SLYY^_wS}FXSys+=mcZODqzd+U z{XiSn>m}P`37Dc@&P31E%|Cup#q^afG^4gEV(*U8-*Or|Xi39Wn}6?c2ca!}0e5b- z&MsGI7mAQ=zXfBW!D-PS3+P3z{;6|6&Gz7EBBG={NG$2HCfsLmqtX>LL|^+#UBhzi zo{Qz;^Kgg_sP-iF#M}gYVfKe<(CD|Qk_*E^LC2Cuj<`fZ~7GLBKgAkLRCn3?moat zZiVYzMGwRMcX18%HT=_+CFdLm`Z31zY{mJduFgrzlr z*BM)rnJ?S)nWEU_h^1}nk4?I2iE+?wP-OY&|0K%|IL$9hse_MA6A_NkcSxn1>5YHW zr~kg5{=*-Xd-sX_!S&s~fd$ijmwSTJJ=@Mz=rv1yn{WR`!GB=)KNE^jXDG6MVc|&^ z8SE{bu0T7wY*7*{>gnAwv#y*J1b2GaD45{$+#4|VjruQpWx#gzH;{a^>#W;a-FF>J zloh$=vhu#XD`lBiz5Cwptbf}Ts5B8UTsU>=9X9QaKX>6~ zr9a;%U0^4Yc`ehQe5&0vE^_E`{vh<2D9CrxJC(_o-jo=83V}&m`JpL311}{TNqW7) zek}}0?u0U+`7s@YO~uXC3n~~4J9&pe;uX`NWZbwZS-de+RN+i^mR3HoY%j?-!@S{E z{OQu+O$57!{KtJzja%hGJh#ItUL{D5f^q->=BA6gDy|=J67QPVbKQ8#pzoexj>}*= z!mT(QE%^biN}5h<)+GF9_I;T2W>}trbDU1ObYrruh@{x_sm_oW6Ls`T>w?P>=Yb$Hb5UtL$O!tm18h4>F_Eb4@=nmm2+UvmIHF z$}>{l(O!n^?tXaoPE}>|pWYCqk|p9Qwfvj0)5$9}9bmh$uABf~W|U#=$HjK!`;OK6 z0MgQSXWC!MC=3d^HKf@};v5?8R(jp@BTdr3txH!F4E*VG!sAq9z*d#fZ1|q{`(hfj z@5^;lB;+%)FHGOIilXP3S7?fedYaK$o{35{>R({}A~M!8$4MFJY;K3{$#IC~%0IKJ z61#!Yho&?^e>kVol2a4UWr$b9Dt-zAYK|T2hxx1Gd%y|YCatDSK>V%u-;}s4(WXZE zLKa1f6qBNiI0Fkm!3bh+^4%~D9o*HS!Pb@6K3)ntb zpO|PGmTHyO>_f~6{%ayY)qpr6ItO35gV<_PildgFEBn zcF~l~4hh846WG=1Uo!C$ekfhMXi7=tj`-+C8m4=EYvvJyB{g1no6`XRs-+_2Q0{=1 zZlP0O=vDi>jnBYu@goCHvm0RFlu=n6rVhdCZ6PQ>^q1afZFm&ryP8UM0IP1@L7j(TRN# z>S$2NV3!Kyd`iCxpVM>Mgh&(6vCB-&L7EzTt_Obn0^DY5O0-O8R;qCeON(ifj)laN zqX^bthk*#&@7!LVgah-{IG0@-_W-}j_Fn=TL;iTe_2_)qa+z;GDirJBHK&R&9-GO6tbWzvl`)ELYJJaiTuI+!` zdV6rYXC--C=Fzgd@=?W9JplZGoiH40}CvX9^Lm}#uAqvfp_0EJZ#*r zolnMV1!xveB-M?a6N0?rbK}Qz?}LUd;@;bl$Ged@gA#e+QNO#}w#VB+ zMYrh!$@_oW&1)}5yoO!ug^nbz6D1pfneJH^)ddZ=l6PH_>FMdsw~N3$-Ge4-;SB&- z9U4~|7mp044Y%$um;DzpFY&Ijsc*88WQ`yqM&39{et3V#d7U`X{jq|4xSbyJHmN|& z^1AOQc+*Pa6zUBe<<->{4#1@QUM^mmOJ0~uUb;wL_JuaBK3lFhvloA5??maKrSYiY z=FydS5VsxoupMV#D`y}W(sn=J*76;@aaMD2K;dx^z4iNRza;Q2p?mgy!Gkk| z*7f}_cuqU-1;<7+@m&;F)ld0*tX4DrFoP&Q(`DyA{rmZ0W6gJ)9^v$PbC2VS_(G~9 zdJv5`xnd+~P2Q~E`%rVVREMBww&^l+ZU}XHEamA@*{{K_A9UcgB{H7ghmWqsD}IVN z7`$zw$*PbvH+W*s1bOQvi$~TPh?~Hsrf-l+9)TN;hy5nY4$_?w=$}YCIwE*;nv3msTEM_*4Vshl)p8aZ*;Db)Q1%s17D= zMQc>5c5GLM%Iwo{chB?I*J-|7oxvwRi$A9uZGUXD&G1kF(h)L=AykuBy&wGS7zGTu!mjpF})~Y)W9t?Z;t6(2L!> z6~yvXi9+7$*1d}{OxiqA&)L@7{Y(yS*)kbs!DGN?R4~E9%AX}73m_5}jd%T3;*HNJ zFW&Lhi26EN@@Z1^>2W7UrdOd3cDaVUc^sK4sAJJ%-Y&x(ZSXH!uXb!)lJG*rTZI67 ziUa8b;ui5WGuRJKuFQ?iPy+>73hA8Y)X<;7O%hyAU)R6sQ{(Kaz5ZHCtzpBF7jg6^ zw27z+8qNLm{kZ)^kof(z+)EQ`@?COv(tcAbMgls4K?!UWCs`x0G|Y4p&K&MKJtDWP zc$1yqO0$s5D4NNFyOnw7|eshY3GG zUI)h%E-ETMpOImwIx_5D<7G2mT{^y@#R}Gp{?){9Bbz+{-+dt>$VV3wF;!9nA;^K} z<^BOZiML`_0rAMqr?TQG&T7K)7u~Igd~4R&Qr_pX&?U_@%aNkmw~8*y%6hWNNbEDg zO88Mjiddqt;~{ZR_@?KQ=d?8~#YIKu?FCUrgdA{i&9eU~+QN?5 zl<}OyKvm(b~uaC8H>AsD3R}R@T0Alj>83 z6BlaQr4jed(#t8a1qB^lJsWMo`SAB6!*%mR)odlZ=W6+l^O+=*=U?OqWL;gWIc4mL z2|9V7Jux*RPt~=E-%d3w;}PU@rMg>4nmoVT+KSku(yt79!K~RG@=X%Fr&TU|!7({}gBrF_X#tO^60KrL zs4hLfT+P6w(G5#eLCnk!Nf@d*l#OkPh+1X1~1nPMc68R^^E zZ*6T^e(PPhPBrDXuiYx{9Oyu-7sAKL=nVSQXDCLg>K~)A^kOUp?IH{qe=kS&MdI7f zR!XDCH9Hfs>IpgM)1l^|7Vh*IKtpcLvvn731*R6l#=N|7`Jt*?u_xG6Gs{y%f?u;2;6#VvAF)3o3IG^qLRFPHxXz}u|i z`Cl>ntuZg%Ox5{abx}XWEMLVWCK7r4_vji)+m$7NodD9!I^0h=+_xUywj$wy%d-RL zVFmADr83TU54LocZ%XR7Q{cCwS^i}b02$-QF|PZutovDj7#exlV>7-UC=mP0I@pj2 zV927&i1_8A2Xz2R>rtq~mvLC;HNvX(qNcpGMgqWQ-=)*c%gFaWYXBB*Bg-P6O}?xT zlgI+7W-9C9UzXqEu2IUeBk&gf+i$6F2HWli@3#CeQ9*Yb?;ke!GLOI3wd~u0mX2dR zHrgEo{sYc3SefsAOdNpm)3{dtgrMd#fVaBeHGV|iVSGTx8@{M-89l}H#YivE}|=~vegf~`^qz+7h5~PFJb4N zhMRXO{LWS8_Ok;{d0aBsd2p{3P zzAm($|IxUI-t7pCv^KQYDQ!#Bc+{Wbf{M zLSqUsUYXG~cYo~j`8ih^C9iM-+0fkA2!RUAy)73#5t;Fnz)8?%e*Hs7C=y|fVnJOta^K;t?j|f-OQV%CvHL(VA z!0wEjBr$FtDczm02B%@N_27?;fk22=baVjT*8h**uKir7wIJt_j? z)HpBU`sHHfU#*DnuD!KgT93MdW!2)Wy?#LFN2P36EesBsC45z${@l?#7i-r}%dx@= z*O!QzZx(QNyeh5RlBPW_P6FY)w(@!v5U{$L>YW9hQaXJabdA7pS}2;0jvSqxuJM_z ztfv55$n3AN?L~rZ(8uUENnn!obW_wh%ZssS+VYj+kK2@_oph*9Y~JR!N1gv{uOfFv>r35g|vW!0Cf#ZJDzBsldLIND8D z4^|yr$5{Ku<%LnPR2wW%Kj6!k&O-rD7M%vt5fJfW z>sU8{nmrK9)6TBrTsg|nWA#jz7o|`22|?v60)vQOHCmfC`7GK3vun`-on!p%KN=oG z)uFWWPY}nyAAMG$AFo#+zl!*S@GKP|$4WI=1TxUV7c{pDD}me|Rb{bYSvsZMycd)# zo%vBKj?y9)M7kA3WP@l0R*x6Ixia5xGJsugKd{Qk_p*V2we>co@kH^{dNwMZpS}s( zs!@J~LPO|Rv`{LrQ4eAils?FR6x7MWH8tG~sDo$?^$oVKb7RrZ_8d?_Mkn`8R}1+Q z%`O5i%fhHY!l6Wp$-1bk8!`0nI2JFcR?gBdImdD1_N%L=!kjD!%}reduwaT}H&Qc0y(1Gh6I z(21F_imZhwXxYKG5ZXWLsSPO%1^V(4146Ng9Cd`R=;Z!HkaCwhMem^YN7?F6_4+fT zI-JHL51Y&nSwJxvi714*VCsAqww|~57#a%Wt!^X_qji|b!>UTEfkI)gHO?k#MKGWWXFpI6~xBk_CI5>Q;_iDPY@4bKAYw@kf z)7E5qD5<&d8)>+_kS9zF2vp$iAw=m{h(S?~SNpDx%4qU4$+*%rKSxbUZ7WXdRTLhF za)DAfVZn=z!2Beq?O2@<^g(q@%ZV}UsUMm`q*nyoK8j<@m+7YmEmJr5l^3^5<8=-m zoPZkWNc>_!;(qCJk=o|a_r`bXR4mSWVVw$d1we~Y^5v@@B-nzCP7+e?Cf?sqAko|I zYPU8*DKGuh#`t#bKeDk;Uc&iodz6S-)dz_%Nc)rFK=MH=3SepS_W&v~DiPQ1L9%c| zBfjU;C%3UU+ry+lIlH?S?r;_6a0R%g+6Et}B>nEh65SrIwt9Z$mgBkAbf$4K_W7C$f9$MF!V5WU^ZBMsp>ng9dhSaL;-31Co6N(MUYslo+ z_DHGc^e)b!qC6`*_-Z^>9@D6G@0J;#{Y6Jxkf@MM>BXF)NXz&diBY!{eJg56tR{_4_D(~haUZ?P0|!@YREQd5|Z z%Y}h|q)23i@_LrB^Oh~yC51X7P*E{TA|Z(l@dSc}{35ToIn%oAx-c^E-8;c*K}AJ# z0bk`c7>z0fzoo8Jz!^2L;h%`0?(9TmDV{C*7fT@7?#|=c1w_BpP68>hg+2C%_jE@2 zcd^QTvzi`9FSZm08O$~?;$)&apw%e;!XB)QXTB+ooNh9E5Ol@Pe7%~+SA4MWm!2!V z`7ud*?}ouYDyT1Jw3BsuRk4CC265$497?5aHCwu?c|u3atv_gLsL+AaHPX0B1`IC8R{}LH_K(+ z;oOW?zfq_<|M!sr3jIv)BbdyJ7y1fqP6bVl*ZBu+@Tb}5KPHsG$6P`9o)K9b zA)@=ID&3naXo$M;Ku#7+UvU3R)zCOhyTn*axiT$uHoNqfnUJx}o>Xc)qdP$?8$2z1 zDez~QnDYu|A~>}vy~$ptqSbg}WrFTmf#n}RZ9YBc0H)K*`rJx) z%sNj3#dxOp^qI?y#2v>w2I z0sGq3qrxtsRthwvQks<6!>KU3a}lfs9~TkN7-VxcHSO5<$cpXQeR>yjumhmZbhA3< zN|5~gPA3fA(kCAy-zw2VKYQv&ROrC-n9Z1Ygv?e8ldWGkbAUlyO1i$4#=l>?6S09j zUm6!214R*Pdtt+u^GR*AE1)!Kc-9`#hlVExT0utMxB2V9ZUy59%%zj>>zA4JWA1ix zj{7y!s8o2;KkiK$1C;-| zmdlpIMa$lwK;ZG}W!k?gvDXj#{JP=2E7qF+jfP`d%;ti_yC5oA0uA>FSRXINb}+B3Ruhjh2IY_M00y zq7O>+DqcUL=&y>iDJ2wkI%SHcCR_5fg0&Y{OqiaFtIw#TqJd(bn$x&PF}~}N06a(A z4bR!e5YDO{PI2g8@1B~7pUjn{X%Ke=(AG3NtDW||`+>7QfK9s0k!SKfU@^>Qb9@{_J!UuT2Sg>TWvi-{`&?&7ns=mOreMOg5`6P1&cu_ z3=>pElunsv?23q6Y}-0%Ax~n4`3ifjZ3MP>6VX;iR7^b)&BKU(SBWXR78vmS=8iTL z&nmw=2clWL5sOu$H7twB7k~{RY{ygx3o7bH6rELB6_4P)pDLcEEelnNeG=l8ImlR~ zWbb&WTaknj>6)|;RxM2Zbo{tmapYFNaIw&ZnYC>`UFWYr*@}(c@~Xxwr1;-*TX3QnR=GozqT?WbfQpjj__t=I9O3 zob*p7FWxt*GJMae5)pM;>kgKG|C;y2qN==V_OtVHRpmuJ8{Xb>6Uxk--f(BWZ%X}O z(V6(yPRUg0Yag1FVo+yEzC9I#rw3`x+|O0l;smI)HK%aHmio_3OMTiOd_-mqa*AQ( zeD52FV-SUKn5fRghap5{hNq|c!~;|~-Fd(;lbe|fJ_Qz^8I2@GWC#^lQYUJbn7!PJ zdPKWZ0>JDIr|*45TtO#9zYANoJu z`fqvoZ6TGZ!^YjREy>60lpR)-)%1I7Kf(2i!OA&el7);vIuA3w67E2hrvl%_SqZUznV2%s#KJZr4YW=jRUXk3)OB7#4IxGcg42HqBX%xHevRS|Kc96 z;{4YD5^$nO1Hcjg2Y_rkj(=5XIJ_>pd_5daSr@JAK{8&0qwl+AJ^93M3~-lz_-r=}q&#N<6R!}w^rJJI>*us-4A+B+Cgc5lccV(=-(8dau8K{y{f7FPud z-w6gT9F?LaH%r4FOQ63?gUYd(sW!Y{yU{5gb zDMOz4?gRC4+N6f&!C9W9s=$!IfEx8;=n`;5cvDW@TKIo?6#bwt^f+_;W?3Ia9Vdf{K>@l+rvblL_w{tx`7QZSZ)no{>`*N<^T7=*LymD9Q~wh5L_7=1ude>Qw@Pq93eWvrueIqhM6CS{&M%4)iG^=`*f62@d<*P!Tbj04aF z4eb{RGNKTAAy1JEaKWz0W|EJK`^^L^=2SjW@T8s&i&KK~@w-nii?6;!{7;Op2OI=| zAYT{$XB)`O@t;)z>=7U73}ld?x&n{`9LUFy34018&RIdzh8~MZ1%$1vevJ{yKLLCV z^;IBs{pqkMQd8h+6KP1rdYA$f@w%9WTA0(!Umd$>%BCto1?qAT~m-}OIX_CFa@y^$MUx9{0En_A>-sx>DwnAs84E~fH1>fjQ5 z%Q@Nn6)KQ5!ev6zxKh(L=(X^dKgF87EmeQt+4vr*mssLn(L4TMF3#!2zFtrN)_&04 zBXT~9uR&!HeVM=_hE0BJB7V3@rO?Y~!L!(Igp6Q2o~yoOor0%%4mT)2PLPzm3QR(k zw!hw+y|#Psa(Hh;fle`^Kf)6f;8h=tc5GjNjf!U>o0=VO6KpTM0s?QSd`VwZK_NT5AzOV1)cBMDTen z4*>yr1k@#g(+PsApuQFlA1n#eE1n);N4EgB36h0mnmBjN278gAQ_#_di3PpWNn2HxFtON-q&~EI0;}2n{3DqmFFNj22i@|Ag}f$OSPFFq&}lpe(Xm$379d<#QNE2ZO4J*fh_SXm4vQlc43cn`%~tr0wo z-MY9RB#Q+`VT~7xMz?ctb^JP+L_{6$d_A}#!G_P>sw;_Yte$=eh zHkIHNAp%r%rkn-0Y|6&M^9kEpVdFxwK*Wb3;yfj&2fs(=Y(E7m)3=IT1_V0CJ4eAF zytGv{w{qK!2YqxS zRyM31$U7uwlH68S{+QK0(Fkh-b*{;DgvS-}@OcQ-vw|lVP{ZS7P+v*?{lOpi;z)#W z51lpgTPj&sMLVi|yh{M;8TQ}cz^)zzVGIs?Cowws1|U;~_3 zh=37$+CuPIbi4*;JSYY=oS80+{0SZ0F5sDBh%N$wKZmD6H1G2w$DzrSFOiYSEZzWj zj>N@6k$l|k8-a<|+FI+SUd`cdrFrkdZcmTiN3r(Rn1A!nf`{fXk69~2b}Iwu<%WDF zXz}c=(&g=l83OU|4(k^MBBOOyVmOr8O^J8A>7Ea;Zl&AcavYoGlac3nebDA!IlZ=( z;7VvrPni00H}iCO_M^+@;DxckVrmYebbs|ZJ`qv0)})?Fq;Q9@s?p{I*OyY_+uTre z*z?h(vGDyt#RS?NZ3V-{ju(UDm|38pw?C^R zH9p!riOGPP!K{s6rt&JY59xKa2BgBuBE9wkJIA6-xmh$rUY5d!AXT%re0kNCt+cF` zo8JcG%z;2~z(5gMP?MCugQ$dtkbuH3Zna+FOWEr(A#xAk)mGs%ey!G*&W08f zDEw5#{Wir*0%7u)9@akZv`*x7a>xvbr`et5rGq?UzarkoCw4C80;j|{})B3-GzwM^DO{7V5-ptqc9@%eEi-+W2 z{8s_f)LDU~@1&--FQ8q_`%;ha>8=M`mm*maq^qgtQ{3_X^27drX0EpT3*cfTSD(HI zIo_Q8dqUd9N~}$YZ{aE{I7?J0 z2JM{Huo;yoBZPtRjQXOJgV;#vu-kn~Q#l}*JGA`Ehq+6x#I+MNAWz|CaeXxpU5(J7 zkq1;lv{eRow&$2cL+K~uQS$OUaeIa39~@g&I?ih|0hAp(pEb+S4LkVoe05Rqde z-iL-)-Bb0}0lYQ>mhlE4dJiP4x_DL}>fLUJ{mL zsLjk-M`h?obhoQAs^z7)RecO(sCdjh#NczPhr51LT0(KeK z@AP~clOipCR3}y1&tOMpoOd>Kc!f)&gq}YdngV#0wL*NojGK+oA?=wLSXT2!+ko5PzS83 zT%U6ypb{$md@>k&(N-fkFv_X6N4%6ZF`TCs1CE9Hf%F&1kr~g@iMiVhRW=nfWlIai z1!6k%t+KTQ8u#b$DdBp;n|n2!z`l(S?UL3{l0|iD!o;?qHm=meOj3VOouu?Q`w+prHvZiP}5X|G4hhGn?2ih&%S0#{R^F0 z1q?1ge>?*Qcu@-va*~#gnNkhsk#qK|5_}2Ya^2 z0Rw1Dk(huKrV2S>OF&IkLzlLcm;R4VmVQnVQ-_`LR<2EwDQ!&XlV zVh>Y$++X~@A~E3*^M|I2yMU&Qh=w-A=r!17m_fHiuhg0>pcozoc1otuHz3L)eU>^s zHRU`U?e{_1jksp>5zq_hKLmBaQKV3XC)Fu48PB67JiKNMeFwdR=$F^_unH``{$g59 z0LunwY6^bW+SWAXRFQAK?jk3YcT4gf7Tz*YTE2AuV)VGL+#5$NS*f!fj7PP9>!oC1 zv*j26(k{J8todSM$NkTlVN!DS(7T$QN<#5g z`$;|NOj+mQCl!_4Ecok5GMqtj>7Qy-6LX!cQ2C^~R~&H*zc2KePDa6DjQzfcH5W7j zF7ee?zT#;G*0R}TL28r$1+R5n@gFkqllvc&_#f-Ho$G@D)05!+g~Ox!6 zfW}%7&=4nH?(>%osT@mgq%2>yUZT|RmNfxd_j_A=`v;^?DDHkHF0v2lWNN*cEPqIL zxK2ij(bGoW`}#{K$;IWZH)wz<7_c?9QHZ+l0pxt^$pG6U((}5}pNPbPn<&7Z`#(M| z!0h`4;Pl-ATFG;25$F)v%J859UIk#txQ)>%8OR@48-I5U#A;+8c27@F)AGGNNZZ)= z9BFe}e!O4yxCCN<)@?%;+EL?l%K`B0|4htCoAiF;0a4af_kVIRV&o2yG9QqBdb|Ai zkkWSdSKH8S60ins6qhyb0Cm`Zz29@wt?s=}^+2J6ymRrhKW~wD;WKYnx9>SL+f^g> zVC7*oPqQ~)cQ~c*(6SyYDuEPtfr+FyxPlA#ZC61g%`1Q)zl3ygA$?{@x3PiJH4-b4 zDt6Pq!`Q?pCfCwPG5)Y&E3=AdvoD^$?Fgss2(T&@?=~VoJ){Y(BN)?T?<(uAKMQzf zR_YK0SZEQ>)pmE%bkMk)4fH_;OI`)rl()F+r;L1;6qT^i7xlRN{TFBWJNf^p(J6la zQrrI4|JM<@>mqNoi1y= z*|FRG)cdCX;byna%``={C$?1NJy&hb_1)9E(KtU>K|3Msd_w?6#k98it0||~Yn_&c z$b_d^_J!o90TrfUuF8&~x8+!jxifZ}%VC`h7}e}ya0~Lgu=2lX0o-k?UE#%cK=+-(ejA4}7c~yz)+(r1o6Wyt6>bde#9W4uGxsrU&43=n&NtMHO z18?#Y?HaiD;8)t2z-6GFL1C5T@~^maKDE^2-kyGeHajVx1i@~1XmzMqc$`n@AF8yS6YdUOJIsiIleX3_& zaiq}R&q7cj+qb8I!L0NwwTKw>qoOX?Of~js``Jb?G$UnZez2XpQY3<~vT&@#I6d}XiuXu^VF@&DnFL2PP5Gy9(D}b+d;jdEHF;7SDoX83Oum;f5 z3A&7XCN6Kc>Z^8zb+nVeWkjjssydxd?RKS04@iuJ7r}{|W8%9I@U#GE+SyG+bQZ^* zM8#zWG>FAO`Gcm*;jPi?BtbC1Oj!le2nUY0`g+-!AG*#x{n|H61Nw=ww3=9~6$#df zpq0*HjdC)z&V1Wi1u|5dkapE@Rwtq=%FzL}I>_u=ZtQIX3OhTyIi+UOT)>L;`Z50v zb9Z@^LTODBZ^EH6hv76-*I3C`2Uev^fp0%$;sjx`a@Jf-&p2pQoOXj}Cfb&iAI@%* z_@Z3*+imOrd2j0DQ`^DM1-Ry5tT+*oFiHVy+?*1kzF8EEnU*O%tb=^g!QVnW z;o>Di%@aqjwiGi>gyMuRAjzwP(J?0&6wOvYfG(luJv~4*ZlNf=HDe$0_w3)e7w@PZ zrD~_H2w8gVqPT#DXG9hGiaEpABcT*5mr^YrEZT)EeKmV#>nElKZ1gjIgVLi zrssAmTq{~Z)|@8Ptvs=}QaS~_vpiZS!o%F`)YbW#5knuFao-%GYcJ?3<5) zN~)OvBp~QC$RXs6j)}L1M%{k%#lUgsyY>=)M(xOB?_4Lk=IBUN8L)VKLs#r zM96g;&`xadKP+qkt|Uyn)|Efmw})+Q;-6hk(QIsH7P^-o#buGcueR$Uhoz}hm_zIJ zCd^@}vH$VD4HIa1nFm}!y*(x_r(usb#)tQP@<$uY>wmJ3PsttXR|Bmi$>n2z93EfP zt!Es59Wi!XkGVu%3cWlqBPIN8xWrK)-q(@2N)!;XVr;vHwF%#z+LSc_Zt?>Wt6&t6 z_r;#@ZJK}q(0LQP?%xGqAkYf4)xaDu4fuxx**WE>-3HMfl=$vWCD(yoqAQf;1+k+l zN$(L%$%tUglwQaA;OCSgXY`UM^j3mb?SW{>o~PPhf7?;S9OXs62+vnp0&r*ABuS5KOR129A9(PH3Psp z&CdUj>3uM3jmP(#a&D(@lgYl}Z{Ua@F>nI=z{>Oy96%o;dDv}R3nM>DNZGTt6%?#< zrl*>|tiLo`aG#&@v9n*($P)3qyV?i5(V1~vZPnq;;UlGd zECN}VW{6$KdNiApgP#2;{gW5ic=IRwZ}Q_2a9~2dWYqU8>T@c*ws{BYTxFuJpKxAN zWxCyW1pA*_`PZg@28?4=wKhVopXMRX>+$q>w#rvSDhtkowL=?E0FV1U^)0D=1MnNl zbE>;`?`2V=$Ia>1iy`38OV_IDVqU-(s#J?(KYf~7q}rUTR*rmrmE=&^6aR8iP-1(h zR}8XcXybAUJbwm;k}md&1h|o-i+Kl!ORqH|bGgHMQm5@dUhdg;=I3uKIa}97D_S2q z@cfSMcAfOi>bwjjRP38@cXtOb+aCJj+kp2SWUXw71P;r<nlE?og*Z>u3d4l3k{FL_L~HK$zX=I`YIB&5c|ehL-F(;8Ryrt^MlBA z1UP;>owBCqabAd>-QL$)l~I~vY34B16Bc}t9)&H+${2zdUw6^&+6hgV=(6jZa0j22 zjh$$`b6(mOSuoORI-Hp^c@{UbPuvB0N=MIY@|ueMu29j z=Hvnve!pXQ8c3{~{w6_(g%*b|+C@T~t%jIh$ZJ5NUzY(l>NlBtuWWy?cS!v;&2@n%YV3S!z};I9?=hvk!i zwkcL&D1UH>wHs!~%mdSX>k;M!R*Wdzb^a5*TFX72^Hpjs_i1NPq6L}Q*LgUPa{w@| z;-LLtIH8~a+t(j$(8k*7J&DeJG|)h2djLT!PWBYp)d%yWMk4(5wRToh)flE>L>byr z^d{3Bh!vu^#-yoPW340iww_=Uk(!|sv|ZbckIUgm3{m3c-9rh{D2Ec9x{7>H0tJx= zHv-)brK?x{v$pvdZXR`BZL3G=IuzVQ`D&J-X&t)lkx!mcCt<8~(oy1xP7<$6Cfkk9 zxfv$Qs%q6_KZNOMN9#RJZ{iG#k*hva41qS5u~~M|3OP{?N*BMk)Z`%%K*#Zl5 z5l8FUOuG#&OtVj<%b|BeHZ{B0lhX{|G)WIxYnGB;JfVYh{JLljRJ%1(*1K1^pUU`g zpwEw;5TTQX(OvqvGbH-BSDB@S`R8*&VM7-~|}XCa;%U&sK6_Vw*g1MK$>Yc~iej@V++erbBTN zovbSO6Q2Qx^Ay|`$gYU`eV0?@91_$Ac;jbt)Cd(nySOA`?JjmtD3uoNsw-uy87jS! z8|80yq?Fx|h3M_jX$%W@iM@bz!E5s>dr++4{G`S48@|hl!V&DQsB=4XiU}H<-4Y)w zelr;;8J^u2jTew%EL#ZFr^SVPBGxTNtEo>8=hR zPgriAN_)`ZrzLeJJ3Jxi2#pW5;V(@KfkT_V%(rDMY*o!Ji9_X7Da8HOx*>&T;A!UJ zH?XY6wJ5gMWAZG|*}vY4rCiZ^w|)|W{QCM^vWkU+W^?jWX6cDQvAzu zrFn|bE6&v&?>Ac;v5Ug;$WE%rUmRtv92dk^l<+$r`hw7uigDI$AL&U$7p$a4cA=TcTqw=*?cO_ zazmHLE}YVe{?RVR6Wi&1C$t|8XiC=@w&;FlE|tLTQc<%|^}T}6lI}e#50P5`$e$*y z@ekDeMknruTe9y^`^$`6d5q71f0e`Nh9HVz!?nRnYR|owDdq3ggQ`B0K9Ad}k#48Z z)a_*!Q1H>giK(@JcYp#)QFk6@WhBPXV8KXHS7JS#1@tQy2a%k0Lxoh<4wz2$Z&xTr zKGi^uFGu0`T;93>gI3;k&Qf;MNLe$zhSRR^AXJKGQc{1I^Yr$e6l8y;|Mdw$ol^^HN{?(vBAXpV z1SVESB>rSsu=f8_DQsBrccm*RouxfIiDe71rs(Vn%oK-}a95?$qL;}_Z!%?YB)G(e zav?f#Wvp^iBb-L_7}N*|CezekTM|^gvfciZ$$#lrsqj=!DP~e|Pqh?b`B|P%PpNIJMBC7CG!rqPUQ}O&`_8N?<`rBN{Hy|TM#cOfrIzZgYvR@ znPeN@&bG$HHWJCEh6txl4K>fD$X>y0{Q@fKWMo!7cd$K@%mPr82%(}?2*~NskQd+u z?58YXfY%Dc{-&quI=g!?O=0uxN5_6S%?2I(klWYPcmLXJU*slsVutDNf!XEdbu38t zuLMuaa@dfNwWghYr;H(w(*wu?rlzMygqji7qk7*H)dsqYxcIj|3l1@FGDkJ!vM*XJ zFZtebHW_qa@R~GMjxuaRX%om~`p3`tP0PrZnmC1pz4-ZxEt0ET8_X4>&Fm#+Qx9gF z-Zwt0>1WXAhzt!?&{5W`X@#3Q#(&EH$GXMI2z_GrLI(ddKa(<)&5lYpLX72r=Zcl5 zy+%vZ9P;N!3z#9HlcG6!P4lJ1YxGoIRmCpZh3PQ1HZr6daHaibi}_w|$H*jGca)jY>X{mo?u+YL_~cFcNr#16e}G2BLdhQC?PN z%&pn$<|Fkx+-}9R);=GJxSed45c+n?ouTzF6Vg0Y9U0m-rEd*Cn$gyYd=z6>Y~vo< zI@KBdkSP7_+sSj*m#7r^5aBKL0UrsgO~vWT3K&o5SY(nJJa2GU+o1M+uFKjHZCC@h za@tot5@ZY;rvA^#{PQ?W@W+e09*335@*dkT(Zdj|=aijz4>UjvX=_jxwRmH3kJu^n zs)M?_<W+6FT7LZ{819Mwe{{WfIGcai{%`Lh z6s2a2qH4veO=Iu9H?g&(W=hS98m&<)Myaj#7St+LK~Y<%)~F)1Mp~-Ax6kwZ_xn9L z@`r;%lKZ}MT=)BZUe|fP_P6J(+#)YQdy_?W50(COO%(!x1k3Q9Li#^BKw)0TM;)eL zofM1Oyr`IMlkMGQxHH6WANgXtV6_RA(>PH4N8hc}(f$9ZxPG(k96bFXvfECZ30dpN zf1>Z|IMtRQo9;P&(W6!|<0-98H{OUGQ_PCmodqB+ds7~W5Z5n?+WE)S1;A+?OE=PH zKE>sVQRfR(ni!jBi>9q}THI*zDArfbMFhZChnWW=^r9oGZ`i57=4F&Wu^y#n%iXx4 zCj;^BDdf3FZ^0fu*TDOugMi z=IysuysW5XhtZd=s@KomZhg8w@{Lvzc6Baq6T|u>nS2TJkkH9gnX8rx8g}0(|5N#e zwf;*}swc9;xye2Ux0h@$O!W%&1&AN!CRy{vd{`xn86x(PP2Qnqr;&E>l7m_bNAv4iHiX5*RFeWdtXQpFtrdzci!YyjdQB| z9^og$@aFm6vu&&4(=phN5t>(Sq48C0XQm3N%cp`QH4bf%&D0byAf*&zlL~umrQu`V z%UfAhD0iT(hiJ%d$z@~}OmLR$x(#xZQ~HX>a%T__3ljL@w*!?#S4<-kiFMjIz+lDt zw&+z?P89g@!n8Gn19FG`+cu1dAzM%|2po)I=1=OME`JNSUHWPi0Ob!@yE_PU?FpC} zX7C3)P}S`&5`23sLzJ6hY;a>TDZ#WY%8^;{I4#_NCb0Hqlj5#`@9ggRGH`Dxly|r& z;uh*kd?%8G+$ng#oSUn*AASF`5a{^m{R4}*#|rF5pGD$LZmTT6`T}N849eK2mo;Yi zYI!R?@43Z6?VNgvqbmDHutd@Q9gjV#HtrumLQDaQI%LA-#&ZP_WHK8ylFvwhd|oE4 zSpGh0>U@T=YESY8qdeykY^Y+B`PnF+P*U_4m!f`iUZE1(=i06=3qH1A_QA@FR`9Iw zXgqGIrLQmi@8Xp#iX{PGZXb9cjSyQYz6I6JXg#T)-^wxra#o`&=Z8tS5hK6OInSuOe1KDv2Alsj@q z1XPo)dA=6EENKY2DJ%IX3l^W-0QcSljCGKeZsF8Ua-U~u*33uZFs9l?kGBM0ES{u} zJp2dfHKgRUU%sgI97ZB#X~AJrh`#3H!w**qEfNnAqYAipSO11W*TT1+{+sFmdQ*`} zw~x{9(D|LmDPz}mb}f^3#lfX85cbIm-QWJp(A7Y|405-j=hwVenS#+p(cz!1t0OK) zzmPAZQGUwB_{b~rtK+9p3!#w<{HV_LOYEI}LF|)2{NI}O0ntuWPSwCe^lrrk(78Ek z`1|qI`cICIe{)U_=Kn|WjbGl-mQq{^Vewr4o^h4<=ZCCb1qioP z8qOfzu%3fy-ufPcgYe&7-ZE&!r)80w{^U+w{E*KAQj5QR35W;z)WQ0XW_>nk@GnzN zraMEk5=P{VCz!;hE$2{`)}zV_%ycc2=U+Qx>uxgg{QP7s zW9I4U>Z|xZ`Wt1Odl+LfsVc=Edn20AT!kBZuTvLTOK~tlN?FEfGQJKX%G@?v0ER|t zlgKDHU!biUPQ=ib5c68tn_dENHQ(xuaX47~x{)B)I#h`1*Cz?3K7U<-Ov|wv6XI__7Onx7=>arLcZc1nZa;~b^8_AO;RkI7#Yi_A5< zf8=m37ZKRIjlc(B&b!VoOXqz?cd(C@#xm>WUoILJ$YUwb{NL)7nobxbm}z(CQxas8 zgqZOf4v!^Ly-Wx1;@a}>3(Tfb)EL*^5a2hRvwmV6t*8+LA_eblA5>AWD^Dsh%-6ua zkcgwzkgCgD`>UO0fEncUl89DTz*SaPNP-_m9#{?A7P`qMrz0Q`AJ^1YLq*`6o)v@; zx5p~dThL0ae}3LIIQG`(R4R`sI`fg_3}AVdvu(?sVSK<-0nHlv-tER@O(JwTcP$`l)t12SDR?TgGjbXRT~lW zHXjcGbyH_$l^a$;R*R)#ZESq$Wmy`&LdoF_qRC6!yR$c=2$RsFN%RGZdJ9{Qx04+v z9FpG$8S^rP*1XqkxNjEb@FL+Z#fhV@xtsM{>SNdwBUpvFT)!rmed(^g5S=fSxJGlG zg($C9p|c9Qaw1yU*nW1+Em;@2+YfHJJCG%6-)Y;WJ*#*o}0l9k<) z11QOp8U3!}%o)QXv4VjTcS-{!lm0NI8&iwJpFua$@?*aAZ&#aLoH=CkHRyEjH;?0; zq7t}N%AeWJ>2FMuSXn?CNE<(IiSjpCl<3oF84l`mn@XFJdV(f(tmQDXLv=+xmeM-< z(6(oREeytbTvd;Bg(^v2XEo>E)hk$OvS^2|8lVHf8LrYgx@vcfY)mt(7od~ebAu_O z$tc2YigYr9$&~L(dD&4Cs8a$EHPXy*gM`j0vfv5_Z*Myqdx?Kn3k9f$oNk_I?T&H<%Zh4?Rq7ZUhla1L*gGBtQR4nbMS|Kap-QVseE_#)TP{$LREpwv&R-n zr=QI<9Pp=T?ks&{O-dsAQhn-55t(nU=vtP}ybYXVH*g_(Sp1SoSMS90&oS#HN8d0v z6*{=|q}%M)$PlR%`5nW13$gxa$(1=Wa^rW9K-V2RaZ0+6nEf=vybVJTM3Uh7(Iehr zo-lEGPHV+U4YIQY7lgJNY?~r1RuYh zjMfQbEU!FSUD#7}O^*w#DYRd3gQtq}gdY?tx>VD~1Q8`uOs~C!I=hkt27%+P%^AP% z;xzL<&^J<;&96KKe-z9M2Q?89bt5Dc@Xr^)(bgaHHL3V^KRE8b@bHL(HyhvG zB~6yh)ge@0+Rn(xBD|^CZSKunL1O}**5({(sXM6POjplR5A0*(db;%{baHCa>P<~n zQgFip>6c+0KI&T>W0cfj&>flNM~MmpyfkfTAO(s6e|7@00Z2S4*jaLKxKW%HYKk}n zn_Bw2x6gwC;H-69_%q$R#Ip3P&-gqfAg-Lyk9kY^?E+W~NMz8NQlz>f3!0Hf3w`e? zb_>rJoj#nE-p9SJcdr!Zjl-?k`eK-iK*O(Nwd0y!cQN(q`+4W-5b_YtjI(iWX1`_I z(5rc5P&B+al3|?&H)6e6RBk+9)`G;G9L?K8F#$u3M4brxhdT!W%#94BK|jz4tK(Cg zE_A*w75rd!PA;uLcEKuir)x^KLu@k9h5v2YUh9}7$C$yCXh3@V!Q@08nr=di&c&x@ z=+j^?BHFzLyV{GO8Zm3Tv5 z-1o5eJC13sZ?q&cLsC}m4o$QTl0ky>`MT<0+cVEjyF+eM6TIP&xWTOAMBNR7E`^wg zV)UttSKYm?79f#k>aiAs`Ry6c&;|>!nb}McI2u(EzT93BM@!0Jz5F>W{K$A(&|Zx! zdS>5dju%N_`ZDK>P#qzVZdo=lB2=0$GUjb94~CY{yVFgjjB-Bx`*ku)XG-z%CS!5K z2$I7SY@aUdUw&`m))?y%hgy7&C(4T<~hiQi{g zo*uuZ&TdBBe55DVPQjHsHL8kbxE00)vVG?ao0WQXf;eK{0a5*y8^t^SRoZVv-h6cu zCY$DZ!Q8Ot^3(_aJnt{}LpirUxwouUd-dLWhEw2OP|TP8SdCqoiE#K-i$HpGrfDRF3k649pxSkH?JY8g$65y2%qb=kRTJ9 z!XW9+V2YfJJjP-3q?V!$lQDGi{x@8DH7ob0qMvr6J4jWMvrcS9k9CvYEZN7?_GtHn zB*DDV`P{B*?cGv+ok4E;P_e?h%mGJWg4s1(9&*1I^(P?TGr1Z?%zqCiC-;iG^;X58 zh#G$=NB=fmW0RHxwN^`E6L%@09QW+~C3z}_VCPFGl>WiMzpU4@ES7_lW*v z9sTQr021Q7yJ6!9SBJ&sY0wiwj`um&taBnu%ES57AKX6E!?|X8Ie){Eay>xm8%eQ$9!K;}q_UowU5yArY zlNx)g3+ep+G=4x$)K48p^uh+ErfQpRl$re57+fX;Nxb;r2R0Z+bgb=k;k(R;8jt5* z4|&1yM@N&@Xp{jE>uthjl2t%TmgvdfDpvAMEy+)w9u#l)4U@amrT?M7)W)r0zgdzu zjy*#?>xfACb3(xfZILwB^sxuGe)SV`3=4J!4lB=z*k5KQdHE8@&L?}w*_gBA(L42q}sGIllGI#A)CxwJlAt1^) za?PNSLQ&WQdW&~r|6ebHHlzKQ{>Pil;vVkhB3dL89WLf2+VH8%iL40@THQu%2Jm1A z1VT4dMf_^3@DHKl)1;4NA!w{3J{*Tt*Kl*GIX>U_yG3S__I52fZmod3@nz8QOANbh zZSH~Pf!ci1EwupLHf!7c29ym}3)&SJ^Zl5R%zgbQGc^y`H_vv)pV0MJBsu39=#~K! zcSkN_KO{4ccj+AZLEv*%k`}5xUC6-pHiI9h{;)hW#HHSE-N(8%F;%s_RdUeA{ft?26FRU^;3ye@G$^|R$c|DT#CKW7!iLG3IS zFD%Bz8DGjmzRDRZ!^M!Ix2N>F=!L{Ie?R-zc)G0RUYI92>ACgm2(KJkF3#418N;;l zPjW#|7#zP)R6o5NG~JjEwSTC}3eCH@dsFT0;_Z{OIC#8K{S;$YPP!yld^-_A=KfWL zV#Jf1#-Vaxo{C>oV(kscUOI%@MfMB0j=s4Cf2sA~e&pj8R&CHdjuos!u#6~)6sS|m zT7=k+XCR$*qb<)>3=w}|hDT~M%Nlz$iawC1aVs~EDE4kBNEQUG>J7YgN~Rz$Z={bS zfJu3fnJj5mvj+}4(=#yOOa%JCMzh3L-CAMK5cWw@D59tpPeg+A8 z#lb4>cutbvG{O>~EUS`=b%;*hjBz%@bXJiR!7KSY zJcEop->IWnpd?I&rI?5=I->Yjxr|BL(5FhfaMp#NmuO;o@bd9L^}H(WhWnA^Hszek`y9nrN z-f-)BnjlwwW`!(6tol`YHUuc2oPx`kKl6}_iMdZC!PguIUiz9IiKX1zM%6$uFB9)rN&SfcAn zSwnI=2mytKTCZ+&mztw{MuARe7`K6Q4_}-QV&X%uNL)G9&}mk=KE(g|q-PoddhF}J zzAS~Fz+vOegT4B&0*|5smD6hft-|&7s={?Dq2V4J+%DZud-pE$F02-Eay)nTq(LF* z@ceEpMs`6KtxTy$_H2H>cFo-CTm6$n;Ljy(SihYPoR=?QKKAzXq9(_()C7P|P*?qg z%;g}mtbp2ftPOFLzWMG96CvK~%zNv6KHLMIlhGZ2>{j}rDmk*KV$I+0K?FAsNo7ia z63;!T_KJ9#!7UG3QOEjFx+#F~AbE%7@2y^PP@U!7?3jpXdpllwUC@EjpfA?w<7;OR zB79?)5dmdw`v^3+!HogN^gH8Ij}hzQRJwbN?$YZarPevj)O?oq;rjaOyLZ$JDT@d8 ziq>KFbjPhgxJ#GfJ1=23U+~QU%x9>tE0x7z3?w6FPLAG%9yj)?y_Tkom`^*FT3e8k zQyEblFPg6#M2+`GclG5h|IlY!jZ1y@68;MBbayhd7m4m;U&&+dDLE>$}Wtuf%$~ zI5g*{wJJM%SzC+1Wr`}i;ABzfb<5GtyIKc+um z&R8kvK}2@41gRPcbY6L+C4^z2t|83z$#=$#UYr8Uy7Agff+zp~^$zuz?jaAI&v4Ur zcf1-dn3sUu{#aS=S4>x9o8{r|bE3#k8)^Ic{_sdsIO$ff0k}>|GR}H<% zX}`^53(aEaaeK<`K{3hu^f;)8JpH!nuJ0E4gzE2Du?qf?nTc#(Q-82z+TAS~n!3XZ zsPBb-&t&5a&V15X-?t@y;%jT<03(|jcVhf9ZQ4st4|q?YrcjR@4G!Je+8`ue8 z68qt}@fBlk#-y)ZA=jLCm>40U!su!J%xza{Nvv7#DJF<2IgK8a*neb;XD;`A_d~{_ zMSKrO@4`%G-6}no^7v3gY;nrp)m4b!zXbP2j-0f$A@y{vDXbl$q?qxcvCO4XoLVPd z%bIm#AR%LiqId$ghQ3NNQVI@k;|F^Wz3B)jE-ZZ5vEsT!_rT3nHu9F&#h&zC7Xd|r60K@^dPI7HwWroC&j}9FyD8B<3nf@qqB*CI$ zeLy>UEb}v9%uQG5;OvFp!TJ^5m0J;^=-pb=IDD=D{CmK-2>)x-rX&jsXsa}cM?m(N z2H#c9&?M|oRA*~89n%%@ToDo<)@FO(VwUI!Y$E>HhGEUrruJ-;kYgT~fR!JGJB+Ds8^>;w$XkmwAFGb4(-L~Hqos%dT!SPGT6+Z10Y zb|K89Wj~sGaPy`}!Z$h+ozo2ykZq4G8DLW_wz=Nxf-(mh$9J_8g(0pFY59r$Nn z8FByr*z5XKCw~7pYPtNafx|AID`<=J!^o+QkR9EhxV@|FS^V#zphTp$4(RmGeTq=A zR$i_rO>_r7m+IA|q@P!BXID$5e|w|Q^K*6dr>OD@a#6t*1fmf(_O&sA3@J*cAIZCm zGfJ3I-Xle)UJ8~--lFrH(fVeRt>>UxRxVitu15Bs~t~0M-5gB1n>A z>o<4aB(=2p$`64etuyjHC0S6cNkn*2$6^w&5MvSPolfVTi0xB+r)c-WfE6^nweuhx^+IqpIpKTN;fDA!2)Chs`gH}- z5S}rpUY7h`;iDHTpHQhf!Y$BjdVYv$cm{)cV#r_;<1fh`4;A4&e1A3kvH3&?`sbcd z@~Oj)AQ*fXCW&`LEPi{Fe3x!C@W~C%$GF%aE?e2OhQh?#LKK{Yy7c#gC<1>C`a5PL z-`A$aX6<~P=} zgE~mZj)Un<0(&T-1p1Uz@Wu$RWKx#}m52P+V6&q@geD&e@`(6p5z7PdT<@aFpv9c} zH?O)LHrZXgt%qO>_vOnkAo zdI1X=c=fz+Za9dbuF{IW9dwsEQ#?K6k!eIOI)}rQ!k}}~$rL7$RNi{Z$t6nMIqp~;BTKMr=}J>J>zL09=3J!wWq>(?!R4A(x*Gv5a$4c8@n(g zm8Vl886-(|p|}F4My=&lp%PvFUFGsW;@^GPp+b<*RXEE{PeNw&V0~vZT6?T8bK^SALT?om3yZIB5=S=>ujs8qcs$0!L4PuINJs|vRj zzdKN*B;(*jvk@e9?^u^hJJuuUbrVvGAg@>6(7G((TTH>W4b}X+*R-*Myh^LIzLX&P z>9eX3nCK@dQ(Ir~e!y(2?=qRc&P{^2{Pua<&Px1aYS}{vjriZ6Xk=x0!1z-CJ579W zqV(!za};_4PF{+O1Dj?A5s3JS6U;TL#k+Xb)E(C&sj<8eJ72K-JT^AT#!?#tFZSeZ zl1Yi|?pneHjPfVN3K7Clp>P2QNBeH{L~q^a2#orL=k5KKGOCgo43)jOfTe%i2SzoL z<_1jF+h-4=64BxDf^&6ikQuWCYxgz3T%CSQd>Q6@B&@NX%%%QuxJw?eMOX&iF)3wR z15dE$=6M*06FwJs5DzvPm%Bp|b2*FspN;T;3&Y6l^G}J&C%1vTTp;FNt2p9E_0(x0 zfP;DWyKeow?!O$aYix^!w475L`9BSmEwHHcF6w#A(V*`1i)mK{8{>3d?sVSfbkTO5 zPXM?XRl?*$|5s2H^Pi@+=_J2{Q*(@vi2C!z=zTgXo}2aS%R$6umtxg;BD*rX_rt`T z%F(8`Pd3$+I?aEA8BUvS|87KRT@gdZFElUgw9SGX%%`Oq(RTG7p7{gIY=?3l)WUG zw`bvvw4N<#o7db5yp>ng*0(Y-JHJY=Go~?iCO@Mu5OC6;=x=E${XAA2;Z6buryp?( zg(nMjIaUCwAOZb$gaSre91(lQ?nf^{8EvZ2qN&V~=msM++1k{c2Ih=+R;hC^Eq^AY z9#-@%O|-n1qvbvJVV_*sJ3jUC5+>0Fmo(RMRxJIDA5gA15Bo9J(f2?ch}@pIrXA>`)l}^+HGC= z&0-rvON1Cf_Z45D@BUEHA2m~w6r{Ia8&rYDgoL`(P3?h|3f3jFxEKoeE)k((&(5M^ z!su^AiDVyY9TL(iG3qJeqSTNHmd`I^9>q`Lm^;@38e~=`LIP?nGDG%$?E@ax_Xo+x z7G`8Nnm9WWNw~@iB;(~02TU}UUprq=v70qcLq|9>C{W;A;~-L-ThP>k%A0*d6-lGt z+SO%Z?3*f?C1_nBhq;iN7NoqwyMzB| z6TmxAwR-_LP91`2_jc4BroPTj?TU#2MjTQy(zVwX+ZDMt4Xm!a72nAz*fm(zxhU1= z`xJ+wC!`sh9=+~{iyJK45(llNe*0wkEq4Ro5D+nZxrc=T{Q>2K^><4VWyscfOEI%5l~I*YHFLfXqW}FDZ2>1ym?M57Q@- zOeV3^tc{tPpD4%<7LguE&rZXp5K7U+$<MEa(Rh7Rb%q()IIVWe*&PJbM-~mJiHPLm zN{Mxv1(U_Utnm&-h#&H9LZF@187-%dX>htjPJg+f3~P}iWB~4d>ox&#JiQ^)k6C?# zP`GiKf=#doA(9@XeimL7$@#3L&E)x4PMEUUOQe1#URi=slG&L|ypevoAkyo>A*s+t zg0E_uBhMh>@WV|WIt(*Fz=MoPel@E&UCT|N+{n@)aapch!DCv*9VHhiU(-n5<&#r< z+oz+)`FBI@F6|!t-egV9UYkv52gx%RdItt63cYSLIurug3D{6Rtgs6eEl+hmOHpn9 zAWjPkxx&GPrD%0OgcoJnw@HjCzg@liTsa2`pTca49EQb~5wWi(`3_K8@N7`Mepr*i z4(C=!E{khELkQ?a&$H}oOlEyBwh%Z`Ms%*wAR8&D8Rq?Q$8xmtf;Ad6_Ai`|6}7an zD9l@&CRjbafHh!OEq>mxW*+FmH2-*9UGT%axV-OJ;ob4I%^gTEpU(L`3Cu2qUPq|_ z<56or=VavQIDP}x_o=_vltwM(U+H4sHB|s#A7HXN{PP8XdtC>ctDL`4IX_=`$JwuP zIjhop%?i0jeGLKj^@ovrc3g=4rmO0S$PL;bTl#fVPuKh8?riDFr8u!(9FrE_aa!Iu zSEoDuDSX23^!#d;+A-5J{+^!G@o$6Y6rVfv zWS>s?FO!z;TtLSge&bA9znutF*W%&x)!gcu({2c}_AYgM8t;4jYkIC4W%F0fHTwt3 z{FXm?mg+;^io8$c5}VS~dB>U}f;;-U5*!M?!RMLF#5NE4p&_dF{PHhRen5pA7n}W{ z#a7=}wWy;w?1+g}P@b?}Fi$Czz6$eR?)NL9RR=z6)sz0T@Pbc0>n{(>JES^g{J*_6 z@MIFtcnK=!V*pXUdD3o^&!|Hhm*Gyv@IJFn)fU9$0-`J>vdIawh}ZSCf7FI)Er43` z>z0jXBFy3}@PXOeh@4-i+udeCY5i!k+Ffe=D+2;Hqsr`7~&Ek|5*l=8ut0kkv;=}#>8;Og#?{fAHuHwAD%SQHw#YDd! zKFf;=e}>yqbyzyf6mMHty?L%%ID+8|KrRM^;&Iq(YR=*MNy~Av3{8!H2dctb0LHAO zqGC3OLixH!3(a0A;=PlHx9Y}69WOsF^qgC~SnCRI=L8MhtX0c@E;-rYt|ipO%dAc8CSM`(-iZIP`63ioFpiw0EOcH6?bDX=#h zWeEl`Z_i5cH+v&CC-0T6ps`X@@D5S1uqjKzQdUxlwEquWUh%6@x`|#ANQGn<5{E2r|7OJZ1j`;rcutwO%RM*;-;+Jn^1ViN!6z%yN*Nm?YX(g z7DMPpiGd`%2wjtJ^%Qg%a<+;^Pbprkp3cF1kEJG{FP~ZUZBI8`0>hY9Jy`qVx&>(M zl50X0Aj2O2J0yM|{=Z>J*Bg+p=Pf~TQH2u-d;ft2u~9qcBjNNT!BtGwOR zu{*ZrU8&!9k}Ao#k3M3hGNCT{L+6S=*U0p=J2<25?vM;1iZO2x^Mfl0t-9j=2zJ7g zHGoGNLVKcItqr(2celRWF>#;7?qJQw-r@QjZ#?h~*Y@-jD4n-0T>7!_y?23)^kt%+ z?{a<@URi9HF7KmAjVi!BxsY9Xq@ZBuu-dJZviFG5V|oDHHlKeK(BY6;H?4Y8xOETS ztp5BTCzH5XjWqQ2eZ|JgVcEI42rOd#AS6+L{malLpwfbLCLTe9_eG59V5KV^IKK|r z;{e9@VxW&wuS)tk$CZ%Y>{f(Mbyl^($rO9zZ`@$HHt}>1X6JnlO#LzLoFH%P_8Ot> zzldwaR^>nGwqXPa&r&`eGm84P0x$-R9{l{Xun>t|@Rvb}omj5@9+4&beO>-%fr@{P z#rQGw9~R^KF7aPP3&6lSy;_1?yuV*1w%Qk&w||whA|54y-?{6YexI{G2QD|d{wJs} zw$J>O-uzfk65({N_3t)H4y*q^vjI;XdOt;Gkn3&^NZL6mv>(mi;a}(cxAFUePN!#7 z@Z0h#PjUx7>bLJ@Y#v7$1w_G8$0B$vt~FuH8ZE3|!^E_!TD~ay@0|ww7CC;^4S!H{ zRiIx8683aqq@M{Zvgh%b$Bw_}`KYZM%_v-&ns)}Oq9F2=yVvbc|8h)Qyy>Ml(`P1b zS4&&Pit+J@jE`kUNb|#}IBVLjasKbIf|P^Wa!e^iF zi`8y7%v*k#RxS@Ee6H@tbY#ciMUoWZiUzh@lE+mwS-REitO_kNg7}MUV4=^RM#7d% z8hx`Q_FDxMN}nXIRfd4Z-UW391uH43>IW#}*Cv#NlWYs8%|c27yg6m<`tsaqacf#z zYGL%8d0PG$|Fg2b%^Rq^1Zpp@)Hi$+>MWkmJVMeXAF*WL2ezxP9^WeWnn(B(z*<!2F57@dn=yA-=6XfsLEFhzN?Dd+e|zzSu=6VtRUpn@Kd# z46WQ*xu6PnZChw~Gpn{s$hONZN%$|JSxFaWu*smOCWn(QRW8Wn9+N4Ao7c~9if`%Q zyg*UG!C!#j#hS7aeA2qyj85rxu3S}1nT_nuye0+VqiAG4Ek>k9_=&TeX9Ydk#*!z> zx0ZDbTp;2sSXnlty+ZGe@hbvRmoGtP7z9DFg5k0U^E=<r$5&u{L3CAF%v}&ZDC$i8fQ|vJgz(mmNdWr$xqQR zkXg8C*bGD5*vY^JPWF!>bX+5W>{I88Tbx2-rA&9Im3N< z3+(lYj%Lb>qYzAFR;MU8dDNu5C*ugjD;#4yaqCaEmk?G$2BR(EvZ>!XZEr-bIpC8h z@R+HoDT`%;^_m}YMgI4SBmVWF)`9NXTJK#~d6jp!tiBaF(}todgy;=Ur5mD7yH5d@ z0Q^um9NvrdlWmz0S}`iSN^Q8VKDv&gIMtItL@`>XeIg)gyQ>y;U}*02=X)Kz_b<6gP;K(hR}JBtvr~$_=rx+U%Xd!4(pNi8 zR@@w%ksZFNcBLReH|Z)-mtM8E4;VjgYU88PQjat{+fiZv00}B*lKBy9Azx@-0rk;?5N-=f{^i#4@tIrvT|LHZJm(C?um&r+1 zD#uT~cN|c1?eF7$aI*L^;;3@|-l3|rBE`rnk|zY1sQDX&f?S(T;rK6PX~^)Rg}p#7 zr%}0PTCRm1U1?D<{y1}s_;9ZIF%b;Iscl${6j9!**Fs>XNOJe=iJzosaOISLrIDtMGdGpmEE^lgT(y~^fck1}_1?GukNJn#2 zw^mt~!pD);7e=WfD(A!%f!jZA!o=yuMf%7yRF1Ti#nbPE8=Iu5*{m%Ly$fr%mG&n{ zl5u&CgK@4|l<#s6Qs0%^3mY%c!iOD-^!HISV)nj(4s1U}alszu=#o$D(aSkp*7D-mUMY_6DLF^Y&i~_wc{0IV6`WFt-TK7N|M?yyNW|sku3GPfd{~ zH7EEErI&$!5xAwz(tsv7A9_OnB+3~x&!_UldT0<6klcW8bba?oO+X|igvg@EYx4Lp z{>S#89iXHy=aM6NOYz~i$Ss&Pi$k9qLmxCZ)-M=L&ATBc+!}gqak8w@_>4!4{ z&PzkH!F?~1{jgN`CQC^*MPT|^QWsNTKI;b@ysVl5Za6#t#FB~T0W==r8>0_-uq{rb z=NEUgB6g@r_S=^wHW8Y_5J*xDMPQwJ zlJ^1@_OijMZl2u*OivgfFu2?*f^8!N!=_0DffhD{hP&*z6rO&|06m+2w0_+0|VV>9ORJ51jux#8npK||3T)_w3 zk~CurB24zm?1pmRtpsvr57`$qzz8M&d!(Tp2wZ6D%k%tEDc=lL)0&uqHxBdJmiW^S zZUc;o3k&5&Pvq%HnY&61;3-M=YF}+(X(~W)6>%ka1j88 zV0<4C_(XPejc>mMU>nz2ir4hpD4-~Z?o1XA;jgYUb4R20N9*hB9WRy_{sAPwi=R72 zia()B6Di*SnW*ph=P1`xFT3JXg=@C^c{cD48B3>i>tir>3Q-~lw$!1 zeLTFnhSPRL?R60SzTQu0afWXmJbZcqFy>YMZE*eDxXx*Oa)p0-gvSDrq$ORNkxD*XPp8=<;V@Wc`D%?`40j=r(|l8@2-JO?b^fZof`Yntyhpg1jY zujKCD_1DHxap=XnW8l18gIiP_nH?3q#3Vk9o-*7yfzNsN5;$$UBhGg#ofL11d0sxf zKfZmPK-mLiTAc%&mb3phhrqeJxP~l?U9J5Dx;@GN1#||%4)yfE0HGPm0HllK>U66h zA;&uCf2YKqCWA%#l=;4M>XC|BT5x@|P_ne9-hVzSIi-gjeZ=E=Vx6d9 znNPPdoVY(TW1BYJH|nI^nN26=pHr~LdjoYBdb1=MpZ!wM$Tv?j$(r-8dGvt32zULX zFPD=l+7IgRV?BvF#9BX=OFKKcw5CdfI9TG2s6+Y$7ZTy1ya3Mo3oN<03_OS?#TJ^e zQ`*p?9rfFYcrB?HK?;D9(k)1A#y#Y^1ZMs!mfkWMQ+vM{d**rQ4=jSaGwrG9pu6em zCK2hXxq{W3xrINQNJOMLo z6c1*d-G8^XC{L{^SkSu4=W=#V>q;lG(wi)s(BJF#+<%454{X~>tVldh%j0Mc+RKb< z>}V_>e>Xi zqoN6-{K#z*O%md#&niwtrC^a{B7&xJwTB6+vFfQ(@o@8{g)c@+=(67#kYHfy@1fC# z0HR3&u6M!qor+~~pH?VmH}AmV=!@=J^BM)ub6gAJaIO|{Znusf5CYw&u3Qz+)nd`w z_+YU2Jppy;SrE9q*0%JREVjGZMB1ZN{JFHIE(TiR)AoblQw<{NFS&aAXU0s%6;qPJ z!R}mSxD?2$Ut^}T;FkG-ne$b}c7@4HT_GTrzNOmAf~cBJUyeU$maUEzI&3Hk_~pMV z+vmpQFiOCk?zYg&8NV4ID)<65jN|taA6N79d0$iGZH4Z8oE&~HVMC3bMF&^amfwZK zJ1m6G2Nzb)sZqON{6iCKZj^3q5F8kaykWZvJ2j}xY*J5)R7|UTMl6oJHOwtDRC-9u zmG^Wf4gGIdA#}B^sajWaq`=&_BbORtr&DIh(rujgk+rh8J#^~wY~KdezSO%p>>cee z039rYP1g?$7f|5JF}~#$V>-7m#=mTtZ!_-!Ziakf=fn~LNgd~BarZo)`xtK4i~Fz8 zbiQ)cwDqt0JIG#HEig#1svmv223t1g{1`Pl#~uh z=@bcpg$1QcN?4kudjW~18>CaZ@7dq~-kCeIGs?Jg&Y8pbed~FjkHf)@Nmyp#qIWOY zHp_DgI3VLq?ze69?H6Ze_Q{Q>&kypI#IFw%nX`5qZ{IBkO+ARi-23#~?!LdF&SLr= zSY6$iQ*dT%+MK(I?v~ySCJzu5TXv)(%Jmv&Qyd(qt#oFTbABpZR=_T&Kul!uH1}gz zXuFFYmuIJMw~F<^)2|uHEG2$~^P&se4&?=a**jyrY=z!1C6sKKGl|78<$d=`A*=H} zMtF@~^w(fww`VATy`no6E~Z@A(n@xumwPL48 z-gBR8O`>qIg4*|-W?$LZZB)?Y1g(8^%b~)#LdtXE?(8;p87!TQWl}mi+S-;(-aPyy z;xfdes)E5@H9m5(CEwlo_$@w`7wowW*324~7aZM+6VUIH#}4G%)qFGHVjVD3qw^!Z z!GsLJWAyOyaM<}dZ-__Da|&o;h8gKKb-}EEBd~PJYKjd?S^wI!SX%zVT)EXNCi&!wR3ERbkE7fy9{b(2bE%g1yd5Lb0>u*Jmxo1H&;{l z#T%pe2nT-bTI6m$8#lfFZt8nIWcq+4YHj@pdgviHy+aQ1OUo*57J+SeIdx$pOFrJE1D6a3&v&;Py3 zwg=>&NW|~?xhKE)VTxX#ZwHRaF_4b9KR(Oi3H;tKU(#RqzXhoPIZfLm0EBtT6G0B3V91R<#@g=dAEy?PY=NWM8qD_7 z?8}z=w)=xEzz6bt+LW6q&Dd*p&-C#I#qg_mzx~2GY637U<8I#n{dnH?pnrFQv`I!< z2LR71MRwfwc=?FGat+`DG6BDAkrg0MDgr2FkN=S2AHPq!KxAx$PMAdFH)k0;wCkXu zPeEMEK5KWXa^yh1sLDxOQ+1Bkb=sq-!yaA@H&9^^D?ZXyk> z0qkZ^K?-s>h=c;Q9fxyw@9k$Th(GkST><~E4_N%X-&202wVHp@oNO#IFzg}hWr_R* znpu9oZH^J@A;{x6>Th23f@8gNu6c$}JgW2|uD*$RJC^m-$DdXdrcZ0|(Gr7(nny8s zka?XYIKJVsytB1Ta~5l$o4$Sho^E-5h$DoFhO{*ZC=2nIsXi|9rmd9=xp&HV(3nY-!`{Ph19J*gh*{XbVU<0f zP>EwJC{%`HToTUFaegz0s|FiAZ~5Lhlr}^rVhnhXrh9DrVq%GHvVg@MJp>jy_c2Q^ zzxliuJDn@0r2Ejv(76p9m)#2EO!Z|ezH=pf{ zQhOCXH~(a_pT*Q@FDTQ@@+TAgJsh>su*y%Gq23e=SQ@JOX4e)WV8MD0q6zvn#0kA(h&u*lr~P(ULM(R}MIboa9jU2+aH* zdIC`|@*Mc$USIvYhe`D*Z; zevQF1ll$h4H*M?QwxWItOTD_~CSbeNi6PP~LT(zX@B&kyXYZc26Re@DY5% zFqsa{Bo=vMo%P~dptj%y#C_WH;dzLVI1>?roPoJwCuvuUpD&0`y@4 zecleDzk3g?0*>U|lNpMO%HJ&p%&E=Q4U0~LJRV_?3E0Ht!EDWIwM=U7ig!i8Q^!YT z`VuRbfa^9*pwC=2N|ZSYSdu2!*yN45Y^DT~*|sY7nql6WTHj1b5pXl%8l4hjZ(RAChuD+j$zradmN2<8aMf`km#C`b1y8G*so&n^#-=}-$lfxw z*J9{=xG60Kd?~=MFc+n1+Owhz!op|M{u-yRAASR=bXzVDXm%{5mScBeZ$jSK1~&8& z6A+;DBx1PnhszR^Z27$vRMx7-(^49oGL(`GaTesGXbiLFZT2as zH%L;4Uokt=zJ8K3%HyHiko;y*Pf!Exz zbeibK+IfD>u3II-0btqXvMpazu_{VEt6j*5>@pQWyEnN|jUs++L5k`srC*rQJc-{y zWlapi>bW%Ds#yZ6WQjGR1QeH9>ojB6p65WAo2I|0ifr8! ztc+%+KMuz9Kh0dm_*se!k4U>|G=|(h$wOBFq;_BL+Ri^BVkwk~>a(l;lBy>SRzK=61By%07DM$_Ln6 z2i+p+(SR#+8~M8Qp=&~HZ{iWc+V9_7L)X4!fyls_Mz&*SW@g`ikqn>xj{qJ3fp9Rr zokMaD?%_bX0$kKJ@)F!WJk!)$s5Y~y8wM?mMiY1H? zoVA6^$Lb6`7xJf}GAi(Aea~9NUF_w^Gv2@ViN%diMD=GXJ;Ulm7)C@hQm8qjSQ7Sb zSYzA~#bofBW2En3U=lHYNk=0J^Q#`@WLRJQF8(XyIbgM?K7q#IGktD92uoq~YA{&l z`bsD2adn&n;^M`jDdaJo+qMYX(3f3)zV?q#5?5p6RViR3aC&h7I1`3F<)%?p*L29V z2@ql?^Y+TMH*wJAvYE@T1u#%M9%yc%MA-f1dgagDh_IJU-M3b>wf@kDGRMp8r#7Pq z*Ryhn>iE)rOIh3Kr1HgK{E!RVEZjh!@L+gdW55Az60M0+N(Q|8hM5AE&$GVPx-gL` z=ZMCcJJ`XWGbN?;%gUG19UbaxU3_V9A}cB>g=5e|8q)%BQ2K|TQ?YRTs0^Jz#);T4vvroq%yN1vu$`28bHm~E0F(D zB|3^muQUXuAM|VvF2U*=Rw{}U+o_63!KAhn98UW94Fjd?7KRC78+PF$U`UNW+(d;I zrhrtWjD%qXacn9Dn7FZ_lK|G zLVw;h&aSk^Czj&l{$A{*awtNmEq<5lPggQKeEzlg97@XnN|&{u(2kJD$VeM5M=B3z z;d5e_e{nAd%@CC5?1!}X%54;)E%Q6fv*Dc1+Ln78vvas+Hoe>%IIIu!;<)V^kczZx zHBhkwNCj+8_F>>7F_lhSOe63g0d;4p!ST!1OgXHLQfMlbzh;AAqjCvX0pV@$Sl8(= zo;gtBVq1>h)H?kx5iDsuJzo7pFV@odK7VI!jQK6uX?V%B0wx0Ve6z-jPg&XFfGoCj zDlJ!`Oi$VIcxSbF)7@s?y?06QWX?0Yb2E^G_lG1YIuUl6ooS3iNny@!RCprYLshHiJWc z_oZ~vp)`)gWn7$j5}y5=?=># zWq9!+45517xZjsT3AmtBfn)q6HDMC9rQp&~wer0tub1d0iydkkq~wm}p)?&gjtBi# zmN0{;KWUwCAR3FR9*8lG8jSx`mDLJKXH|Z79{Z8clBs^~Jix*^gKe@re3qu*=#5rz zI_>0T_*3gA{BKp%Ie&pOzkF=CZSYGeG`Dq7=K$~8OhcXcoj#z%j`!Ht^n>PQvWog=WI_`_fF9d*nwnEUBf}$ zJc`5yBf;#&HGq!6H=DeZIBGdX@dsdVhEGtu+~T7A4;)Oz3pjc{#RDzR?3iExbbzEC zEY#SJA|X2na{7SfzK(*Fbu`g3bUN|=x`sY%eEF$LqiZZO;O^H5n2GUYe-G&t<> zg52e6q!?b_H^bf)9V1}~KzDNyfC>Q4#`=KO|1lmwu?sNm^;_7}7F+g9bSyi`2Y7T^ z37;qP01>(>P{Zz)RR(sFWLG6W7ay~Jhy&<1DT?9<;@U2&zX76_1UCit>Z&e;UT)8+usH3)ToRUD@{^?_H|v3 z;C9ZgI3B`KRx)xO(V&@9M<9{Ve&P5IyKQ z10*Lr%I@tVE+5U&%$2i+=&|Hv)s4`Kt9uxjP$7qGayY>hY7FKfZ;W-{aDEobVzVm% ze;T>1APACw^36S4J@XuDr?FQ0tg_;D_fJAXYeij8ekyo6<@>d3DIruI8D|%ql|}u5 zHC5w5REnA3D}vN5&n)RF37^gkm%TzE6n}5bwIcToOkM^p_In}q27yw{;p>>o&4^1N zg1h=+U#3=MA#2(hg#hOn?sUpi2QfbLs%XKYf_)b&)s@}%a#wl&H^uKpzF@?8rEl&F znS`owc9!z$3vxLtv*2;aW`}VZ`O-=emg?f!FQf&!^KwIvRFVvuLIbM>xV{Egy>WFeo8t563I$JW*Mm|d~UiFjN z5tHaFGo=ty~l+V!8rA;rXN;#p$8m~=Q zE6{nnq4b+}V}>4uLHg0Oy($yq=xV*0cz9XSI^#Tp(Pfp1Nk~?z4CDJz$7R9GUDpd; zSR#SU+xgv{%wf4p6L*D%!czuyQ`E1eLLwaU2eh2<=r6up zS_{wA%Fats3MWbkR;qcT!FJ_p3$@^I)#Wnn3860{O)nP|#{WFsz#!)5X>4j{#_R3M zw}+*UG_vLz>LRpNl32bTH93!cXDR1lPu&sFt@Paa0EcrdQHz8n zCI>fUfanYNJ2{kz%b|NspjZ4L4LQjBT>t9)ZX*@Jx65fe9vPs+Td8V7Ee=Wkt-_9< z(!`gv>3EN(JO0$!g-sRGpU<`d8icm}8a}nKUb!a`h#22HKLwM>ulyvI^!@kPMiO4_ zXI%|LXHFkoX zst@Aft>UrC@@Lp|lAk@!yRQ1KFNH{8TOZtWCvU#Q-``%+i@2;v-$gziBSq`St6jjw z-yE&;W$&6STLOJEr`R2j8>B{s{%!?x`J%4=9yzNV7GA!qd_c4{^(_NMMc|R*yf5~g zIp4J5sOT2t0|0_S7G z_f91T>W_5C4}rQ4`FRYoq&8~0xfbFP{3uz*H`ZqXUcYT{g>0+gMa&94+pil_%>FAh zyrCuIh7r6jB+2)gS<%r_wcphmpSQmlXITCuP=GUd817(Ap+z=;`i4)YMdxWm;-7!v zY~_O%k($S5r7Bi|!mI};oO-A$C%m6XL8;c9x+#(b?$pI_7Dq`S!t)y zn}PH!a5$#wCgVFbOtbNT#$H+G33Jyll8Nd8viHV+3{bxjto4c(K=_54JG#?2l=;B| zd%#v~K3;Zlb0f3KvrOjqA<7}v+e15y-&ly)lCHKw6S5N-v@KV;QoMuz*3~(xDlO3J zttY4O^Xr$Fs^BU|YipQUpogWeBN`EF&Y}e={YK^XhuD*1diW=V15p{qMj_Fr zA%j|XzGsQqK0^$P#c3z$Jw|Zm2b5k;PGom=hZKgzcKbUvi5O{1b;q$e>8R| zR{*p6zw3LpPf_bd#KkQyZvh--ZftBgr0>SO=eUImlO>D+NXl@A5PIp{vq40Zsep8F-mkE))yj2l^7uv@bK14e95CM>v%jWr3KKPc_#I*?60oiP)4E zI@BQ4PHQFu0_s9hk>pHjbEHY64mD8d>^?wete}(3V8ziY7kj^x!K}23Mpn05a8d2x zl)=D@qCE1m&`z6}&ui6S{?J%j*m}vk*Up=($#>cNG(J%4=31^fM`G%4*QdXUz zze)HT^|hJ)rLcVV$Q{I1)rhYOGi`BkqloZ&Rc1p&KKr}OaeKoh1=hfUYAE>4jEGkb ztBAX?jr3+$ebDe#HMPw5^d6cdK35PFR9?&*Cf^QsQQkic*m1gkuM5Cem^3(4H_iTR zLYVH+=2*>%=w=Zc-D<|uv|=7Fg!xq%3R%5P!IV5)hKM93ALC5%g%~}QF zsQJ2cs(9%fPgL`PiMmRtp2K{dU4|wrYC9)Kfo5NndSy=gYAH-W%ybSOD{#0}H_@;T z-#UfxpZxiu>kv*^!!lqwq012t%nb19v!^5aGIHoYl|dIHBgB6rr$1hnw$(U5DL~+a zk+@ek?~DYe)hDlqe)a^gmrl&>;aCR%G71{pfuwz+Mg4fUlkUe`K+*%WgFXW?1bXoY zfE+SqE4gQYL^R89AaizLK*GHoE9({5Ugz^Cln!GBNcb&$`YL+u_wHNi9#;v1M1qms zF6rxJY0$Y_%1864^xEcBW{Vsj3Eqz`IjAa5JPJaX~r=93r-uPuZ z&aWZwM+r=YkzFpYS!?7l;=geR#y#?&=T;OyWbsa7XP*rRR0_*Jw?JETSHJD107&+M z?h!WA+(4?a&uTcz!`9>7kN<9RKQl->)vIk>cJ#K8)|*4a^FbUeQ&q9Pci3~Y(7fN8 z5DFQ8{olb4oc#n|aU+H8D<^hvv~OI?MU_G<*xF_gE19{8zf~{(`XAZwaKbP57Fl2$kZ4&miB6sF!-*Nl0>1O!(ZG zIRN&MfYvc)ho(s>mOiE|MJMUk01Bmuvb7ma=wAmTUENRuhU##LGeiXM&KwgQ%36(u ziTT1`9n*^w@6L+BrQGLlX+babmWw&aO~wtmU7 zR{vcq1^ysd+40=^6#Mr6Qez~;I>D4NW=DrT*)g9^Q5qMm9P{SCyFYJX_B zxH=LoqHM9*on!s1p;508;s%(&8Wt2_P|3PTmTk#X7QCVj+ z$4{yVE6~5=k2-7ioP!XM4M`aQMJ}bp!p0-s`7=+4afJUm^5=uLma1+-ZTrRPw>QJ_3um_i<_fRM6xjAI`kv2kE9^tiXFCsfApKCN?N zSD*JZ=DAuler}|yV|2>klQ)HyQs<-{6ZDGX%kMD5&(>_|&nO{V?q#0Yd@5#MA zq>Y4~#DDU4INf%9X-urGTH-niefb%^rZGgB%4B|mZ7RU8a4W0z67_Okc&NmFt3V_3 ze8BOgXl7MLVc{64bUs_sFT(R#E}G zY(6lfJh530v$5pl-=4)S<99#3<{Cb*I)jokg@nP;svN-pI7G{y9hXTYZ%?&XK0PW4 z7k7hLfnr4MV@AGBtjTJAf#Q$1$yEHy3+baa{E4{5_LO2V>7qEv0zi&^whbib$piU- zldB)1!$opv&I;}0@@2AJ^Lr1blCxG(w&W7=_fgSgv5n2b$t-9MojFtpgqh8Ac*%Db zCd98JdwW9$!Q{dpqpD+$_~jOxu}vk=GX&TzgX-Uy!u?b|L9-eMl*9b-A;5Nj@zp-m zQ6rOv2@|72h2h!LW-tQu1VfL^ysC;txpcECcS@;?`1Rk7!a{2ya7y5qx4VVjfx!z_ z&>jMk&NU|j!Y>HWW!Drp2+d1DBf@EXUN-FbX{01|3GzN%!oWEAMbR;RRnMK0#OC+F z)fEVJFp4D`d%SJr-1E4vbei6gHTtpRt+(&nfEIo7%#&d6^++K=>KM3>WDo9{Ts9%M zSdC3h6M~$>an>D$Zh_TS*ufQ2EQr(rK&MS^0p;YYEq`GC(6a@g11$rQlxYA(J^ktN z;uAVDW(1z}kV^w3GlToZEE-_*B?|-zxR?bZ57L^tQUchZy#qQ_g!E0f1!*RqkrfWG zV~ZO+VD%4>=ON|1QvWM&{%cXm5`6wc4UA`~of~rOGOqol9uPnga%%dx7u0&QTQbKuH5nag*Zk79CJD9a-_QH^D8P=M}}BUuOF!i4P=`9CRW{*>8~pCI1cPNS~y*jK0_%*uXGsoYk&u#P-67&nQ^-oq3cMUP=aLbv7&9y{3yM{{Uq7dc(;`Oi! zVJS3)&*|q@3wRbNQ>^ajK4g@+%~bZ1^OICZu}sjxx^2=lBDyxB0~8#{H9oM{m4^Am zeL5tg_2qd>BZmm7%mJ^4l%QLM(7GH7d|* zcUNJUW(`alQkFPjQ`n>QPsWkm!q!|i_b*@5(?uN3ng+Lkl1i9bP)TW_o+<$Fy{9NW zy>6NM-Ot%6TJ+O&G-JUAyEC9z@)IKR`TTzW#h3s%m2MzTYul&Mg7NOK(B3K2fZ4B~?a^L6m-ZiCOa@-hkLv5bwnzt>RSL_;*mLVDe6_@rRVT4ak#A z>Ahd>BYy3aMMrz&I5l5Wz*!4r7n)&T>crFYxu2A(Pki&yTx<9$+xF|CvyBhLp!)f5|Zn0R9&kt;{R-c5?T_<+1?c{Ga6lxM7AY$?9Qj>N~R zvZ;zpe)ckJC$ZRw1js4SlnDnXSfKJF`rR91l~h9hm;^_%wKRUF{e{t~;>WNWD(hG( z&ocq5*X{Ca2mf-SBD@Tshc&vWB-QFD_j7cptMbyPTx8AQ=2W+B-`al%e^?#3nX7dg zovFXfA@EfyKkx7DwHQMf!ur_V>eQ$Jdbwebj!MEaZ^*^5;a>Xm=1>Z4daWnR&sv~ z$-jc29|1E9I4DVZo=&YhP4*Lx zzaY#yKY%9+$xKPgtj@Co791yfa!FQ&>MNl3teYRx%XDuIX(wx)RN_?uVF83aJ}WJ`D$`{}h1KJC)gg*U8udkBc%^d5)k7g=?cc5WJ4kXL3L>@z=y2}doz zh;4bH{XDt_IrQ6XK;DX@porx+AxhQ0Hq17Z>A4#VMPf%@|2&5pE_)l|sM==~I(^`; zRLzS1^CRkBSJyKW>Yyt7gtqzSX+h+lOyzNbcqKPsep*#ARP;L-3w=V`xO4IiaNyxv zlA|oe)6WqmBDH9hK0U7GX!6dGD)E98z!hj2 z(4sG$LAE5efT?|b5U?#E9g(3?1U!rCv}gTt;H|&ZBe1mW2`JD3<=-%X>*)g;3WrF& zS|6~{d2HgX?ED&ml2A0P<%0-F$YSSsBPCZ`!& z(vR2VMlK!N+5b`s?VQ{0FX~$lob-)cdtCdZQ>}PEE!knE%{Bpq^i0}lT z+B^$9R0b}R(ps!MrQZ2;l9=4@>MsMTi$hpl-33zk;CYO^C%ah5y2<7iAfW)>{J2wI zdEpvT+&BkxdT|-Wka6Bg41zD$mIrc_EPF~Ug=ABzWvN-mSzpcnC1B#%`YG$n(B8R^AA#Fj;a#J~ z#^hRLIQ)zMG$lzX`S&F>VxfS)u>%|a+ejQUyu30E#)D(EOkFKvtZCpX>%CE;fRBTNc`>UF3{V&4>J^0$!4KF&~z(zm%NPzooTf+-dOmCe_}vu}DQ;GN>r!w#k(n=n0YNEC~5)k*;N1Rue- zd~uM<)5`*3?fj;V6n3WxhYxV27H*rm>T2H1+BjV1visolRG7_xXit zgh1@r%%;A4A(n(dePv8voHRUI6Z*sD&GB~NduU9{{QT1p7QRqBa~o#i8c6=0xONI! z1naYogN)1t&wzi9T4H?1O{G?OJDrkg65klXr&0j*x?oD1)|Lo~C0QBIp- zOHDBj6(`pk6@!tL@lEm2l%c}=^fy8hgLXT9{HjbSh;d~VD4BQGCpRunOG{?F0M+mP z2J-SCGHv%r7B-D9xeDhW8b_1Fx$m9d%y&Rb@d(|X8F->FK|mHEqG%kXHsyni$IiW- zF6+le)?XdsS0>;EUZpN{r1&<;`zE#kqV6Ux${u(Zy?lTbH@18eG~3R2|NUZE!uCwecoOl7!{5k;N{=sV!eZX(358U$@pK_2i) zlqa_^Jt#=!&qK*`uVU1VZcbHgcX#Ved5rQb`x2;A5$9TP#-)P6?@~GWjMPO@=V%-I zRZDew+>0Hnxyynh`@s&%EklQSjnv(%^jNun~iBpHY-_{i=awh`VZl<@hoknApg?MLJd#h7zw^ zGDqJ@2fT9zWcO#SBt-)$Kv$bOlEBHM;8j5ubV2BLL?Yk_)>?D`j{b(oo>52qVpHa{ zz=u*jPcnMrK(TMn^TAJ3{|W4sCt@|U3W)pf7bUCmZVr!0gX<(jg2 zE!!){9e+tO()a7X|I_vy7!3>9=ZHGWE zVL%f!PycvgiYD#4f`U(H#3Kzfe?KGrrYeBwT1IXfm+9R3VL2ugQySQQi<`JTo}&T? zsrQGGQRNL`~#qr9<;W{PKPOjo4S3j@zY3RqjQvkkR`={o|{?b&hu( zju*h#^5flIJP;Cl(J_Gy!m1nN53x^CDD*v*%9DGirqEF$j?hqWKME5GP{g-ieexS<38b0g=kiV*4)M_mTeboF6YGVU$9+L@p_uOkszWgeqyR0x zq}S)7RL6FnA6Iwhm2De7zQiZUyho(uznAh>>P8EA{i@uOS{w~mYq3BIGn&w689k%F4~ivAIu!wCT=LBtOa zI{=G(4qxed(CLDKE;{1m@?oxW@h*qJiTbhR-RJR>y>VXGJ7~u6pVG=Fb1?05J4D^Zy-QSMiUkI*jYBr_nDT*!Z(rQGAhHb>_3? zzdt^EtC7E=*e%^YELA=ptnxGq4gbE_k0tx_M^2hJ+@)I|lcJv%-GDVJ&c&NoAgRzP zQvpi@pOH-QMQH`BKO$4t7N5Y7E}HFCUw18UdR@i`B~oI3-jn`_IAy2msJHpgP%F*z zMJ(lS;RlDb)i4Xht_>q6oP}7v(_A=}Wm9+hooTLSXof2Xy0<<{LCXunTPj>FZ&eP8 zh`4WQY)`*Mg~sQVcH(YU8G6j~l_9=lW07rspN67La`oqtMg$%fAO(1_85!c(#agdU z6@siRPq%wpDyhVJ4`0hEL(0GDX(*=`4~K1(8d`2J=1szBS8uo9&v9oGVTD!cTP-D3 z=^bcmG!B^iQkT7dljtK~ndbL&CMikf&_r#RQyU~QW6{%V0Z55&`oX7)7ffHvdam) zmT7lYj*MuIcc9jH^QbI-$xm66S*ph*@>e9(&@=CYN5NFFBiw1;Y86I$fK#nHxQdM% z0{#xe)S4G)w8Nqk`O&P~fGB2?5Q)y52F1<1;3!~@9Uk6YQ2Ud%AmBGu1juN5Z#;76 z-qyU;a5NMpsHhm~q}Q$ZUFBj!_lmudh-7H0E~BvtJA6<^={4roG-=rr=h{v--0?p) zc{8CU{O*4Sn=6I^hE)}ZF=&F;%v;rNuPIb?VL{-~4OO+?iCT=NGez4i9Y@Ux*2ux+Fia&Y zDbSl&;X7u?u%Wj~x-^aj3fu{Qk;vn2e|mrM18N&EO8Yk9VS+Ytl_3vy#;%Pn zVlkO##pNk$q@E{~N_dUo%FDP&SJhNaPEY&?-gv?V3iFnnM!q8mMmuyBr};E!We zBw;W}1@h03A6pv5BC(X=P?bpTI9SzmPH41n!mw7`lTA5Vfm8E+v=9zIA+s8tl00a_ z#kpg{3Sy`cKV^uhO>O>4SI$5zb#NB2E8_4-nXK$Q*S&G-Tw@o8q1W08A{J?+3{D9H zPdab}ByAjW;7PKgpG;4#qedvpyQRXo<=60uu<;z&s(6C8-6@*TpUX4)5J}Mn{7S;g z`~sFwdKpz>M;t2W!en@uUTpX8_l6k%79>jvDwn80u^|uZUJUhD2g|e2(dNZk=%alG z0(<2D0=pfs)#bB-&WNTfaoH$xAmG0x4%GTCI|WzAk&&ZEEhNl)uIzn5(o#SW29~=a zbG7e|uWf;{{oNu^2&evdCv~?P3CJ-6rWZ5q{JF{U@0N~Mg@aCEulrjw;kyjWM_H1G zVL=VtkR!mRi+t0me(?f`h+Zie&z(}+YE+43sgIGZm)MQY^CMzEY~y&R=WYYqjv(%zDwGX0RRqUXs6x#0 zJ`1tT#PZULhhPay&I>*NmCcAJ%gAIAHq*#@Ay3GJ;e_=h$%I1|r(DOad;@ZN@4MVO z4Y7=~k87N2ZgVGbcYoYkk`(dxw+*@-opT5FW^C?zPbF^e&s=^SRpw$0jgilM?~`LI zz_6x->$nMu&yK(FT=wsM$A{CiNa&2l!>e6Nc$-N!J{#{sVwNhJW1Et8-vfbcmbK4KMCQ|K3}FU&4DFYy_{YIB};iVORS zMc`vYf9=s|^7`KGAn%q!l8ACCLlQDQk-IbR<@>{lD8H1DDDcYZ$ZH9FNZFXFh90fF zwkTOh@+o{YDHlvb#Od-DW0kVi`|F@#>Qu(0i@f1|IL7uNB}dA?3Ook;CYE##rb8kZ zqOn2yr%531YuPBJ;*>k@mof^q1Ei_T5a&`*KA-k0KF{n7x5ux)OhOHD{Iul?$lr1K z{B=o=b6a2Ff+Z+^p=-sekIcJ!_eCCsb&s8p zI&X4XWUdjE{E<=eJeisE+e^80!U;8To4wx2l()z2(O~dbwVXh6>F5{A0z-d1ZB;~j z$#`{!9XnL}6wP89V@XxR5@^m1>GK=|nb%z?vrJ!Xy{@m=8ws165|)F*7vJ_etq(Eo zNna!z;~gPJtLsUyl6YILv?cF|<&Dd(eXzmexks(0mD5{8=VB7fh7K=38jbDadH0Nq~pz|>7{q0bGE>Ao>c_2o z)zLzRo}1BuHM;exJ^x}X(RygXo=08x9sduDc_D4<+{>i7=2Cp(9r>wEbqitAl7=(4 zq?M*@jUwIhF+DcENW(Yz34x6g?3Cc#CQj0^V^V~T&^I+7E2ch*1-}DFgI`=}4w&{( zAm0O5$Bi|b6`A8qP2yuaV-)gZ>hcA|>c<6A$K5Tl|@?GUql5dpEb z_aD2&mE#^K&<7y&5r%m)6!R{XULuU&wf)44TsMu5v54&vFC()Oi?9?{68|24;-frt zB-J*Y;6Q#M(IBdU!5fA&vr@Ca}9N zZwp^KQEdxrI}tv_rZJp1n4j_(_hdZUzPDL z0qc970q3vULVnyfKAxRQKXN}TwgIjx@E@|9^w&HvX7qmvkGxV36kDhDf(*-Z9Sg7l z?_2l-4D+t5)de=6u*?ZRy}nC$7?b{d6*7K8P4MqlWEPh80XXQZ1JXtx2+kU>WR3Zj zr%r%#zuup>6?kYsqH}LHEledsk5)KOliDS7wZeP#H0AaQ{}wgM+qIzNLE2*E+P|f2pVh2uLgay&xESuI(jvFG|zvMl0d{jYP{M8 zA~=aQxfoh*GbPgVZH_s=&xobbw5mJ{pSjzA{`Blr(Ll?jnOra@tTukNCYotC$oe_n4h91O`~TJEN*D(HmZj#yEyAG>zjThecQjk38vDV z>Pb6jZ=)*~355SKX@n03yGT2?l__N{+Ew|(!J*^8Q@X_R;ekA z{^A8qjwN(0-EczIfh@u(6rJzb7Q$$lN(~8zj5F01lrv0Q`9o>jYohzjygR&eq!G8y zMOmGc7!aidUfo4bV!&}_j~2h}gjbQVn7KiW$vP@RJ->D}%SSWkU&5Pt-D9 z+a(tyu|a7CIdf9N2WpV zLLioa5cT+r>RmP-b|R&!adlSydw#g!&F`*BRVI-e!8cP=H_nUHlzh-o(BRl=sM+6$ zRFl;FC`5Fx$Gs$9-zAsL!=B>{QHg<9A+#%wbm>D(N=yV`KAp?q)tRPf)OT+!1hliK z5a=sA{$k}rgwVMxY|Ci1s*1C4raE zcFvUvk)Q4@b{ZOsCg05r`ijZE{H}>$IdS)FoZAl-C3j9qEB<)yRqnQ50UQMX#TE0w z*Ad*Qw^Z+7m0@VZkaq@SJlnNW_M7#N9U)=j%#2z8r<4oI**mMQJ(tVbptGv_p-n{! z&ht(v{$*ejkr2Z~W;QPrqoQ$NfCZLQY=|AG&MdK$`}o@_uU}w5N-=1uVsyU2aqL^f z-npA0IeTO6-$^w&3M&DJN_ta+5ATXr&4V^^WCLod+8{& zruWc1<#=^3X|%@8NygMJq<#%Z%qpeMC4*O)epmGT3y`0#6M*&zB-VWlW6p}P`u37Z zne9bgL$jZbX*_!m+4GkM2Uva9)nw->5SxqDLuP*acVwM9UyTc(iuQ>|pC1jg4p*nS z>T2s;avyM03x%2qNT5)sv;#L^=bG+~uW6%kd zt7ziQmEWaD!czUvc?Oe{!ILo^f5!pM?_mkNDvU>T8w)9lN1eO#HH{sIi!b>{%-Yfw zHz}A&DouU_?`-l})-*QP$-E>7o2i7Ta9wkIJcPwI{?-}H%WVNT8b&Y03^8(l@v^_d z`)PQyYh(pw9L_G}-8>>Nxcq8`^eAW)w&YGAO|KIbowJoykMjvoRT;YDS zzKad|Vvhsr0mfk536EVtS8x50CntAtAuPV@>i^JnmSIi6-{Kz~A}~Tiax~JRbdCn8 zO#~z)Mu&uSN{sFpEzKw;r4f*jl9m<)>5>@D9lv|;^Z&oOJiOoy8+*piIp1@>=kwVP zx~)YIkFK=QtEEBb4>K1wi)+;VodJ4&bH9J)aPz(PCW++FB10k?Vs#T4^iTV4$RJDtqL)+uFX0F+#<%k$thk!hDgAv1%XWf_S%l zE-m63ZmQ1hB~=ffu8#S)ue;Xo+{#dyvARGzY-;A6rn1qc041()R%Q|+9ZA$=)@nc` zg+D8lQ|!Z5;?z0$N59E|YjgWNqNnqpCsWSV-3e^k|B%R2myxXOt=v1C&~RmP8f3$OC}ue}Zlo{M6z zuBAEU7#c}!(w*z!t=fwev6Go5X0+iYkgievlNR>43=JP>U(C+qlmLymRX~S2OH^g5 zhX2@^JSG%L`!+pL;}(CZ0%AEAR|NZX5K{3J{yv!7g|f%+w+#zk4aQoFW9WnnOckM$ z2_Ep5t58$ydRW3al&FPCaBz1n?+qu({D zSm#&bq~WW+zj*zBljgH3b{bK=Y6a|8hqv38m)noL&^&QzN=(MNpriNCgZ^gf)J~{4t(U_1IrA#jL#@%lSEOMuSCA{S+Ax= znB-t!r-btPScew?jJ1C5VVAyjmD zk<7}ff;ylS7)h;+1VXAK;(#iI})9p={eEweYx!uJ7HSV@3l;5SeNEf{u{1Kha)BF{aC3ZZI$;ihW)5keo? zF_L)r@$7jAu>EmAai~J|ol2`W;YaM}pYmkUvp$dX;K91ijyI+W11UVE+!P>mD`?ox za6I?|pK$^Lrj}>Mqze#BE+o)_lzXZ@T5qt=u;XO{jqLCVp;RLfae}IX8`#~~&^CWT zY{~w`#dfO$jzm%t?T>a(0~|mhL|&AS^hOKVlL|5$W&E+P@R^Ii#Zj)~U&`x@zJw`! zpLkr)GyEZkKV$gh1IaXq*j2YgBpO93Jqz^DNMlB)JrK9UsN8 ztl~AkqEAHeF?h>EUsrM82`FL<{uRnj*eh=KZSBB>AAE1JtEeectGcVLrmQ;Z;J zF{vqXVMZ$RzphazPdHi&F3%!kSSt^>W22M-mF|aJAAfK)1Ck{Hi%_QL|IYrr?SBzV z9Y7&D9){p7aWNip-(`J;MIH=)%N_iNFN4YN@I)LNfO=;InBzWLZex`aDkLMUnm?|D zf|n%QUpk0VUELboqHEL9X?nowZe#-k!%<`Ht)Taf4vxkz}=y85>~Fk$>xz?wfv1Paf-E`VR!fN?02)hay>x|1LE;I) zQ4hoquqoXOsR9uj?6fwjE2MDCnS*_%^i)lVEWz;`4LmVcz7(y4liRdk3Fclm6>N}2 z^Du7GvZ-1rLrfV!>et3u98jpBt}YajUVt|rQ~vZfrOYEh)`fYj1~KOgk&aL4C(n6= zb@LDhtWk?nmg5hHLmKbMlS5{eV+832Q|rF-jSZ6O0@G-} z%PqH!{T?WpaD*8)J3LFI`33?(A=NjZrQ5y6RcEps!IR+bsy%sKwX^-51IicK5IflB zR7Di^JOyUh^#M3Xn9FmeOgp*cz^Z3?iaE9am4tDkDyvhk%m+^{sj^@G_kvR%QmO$Byg^o9qKNXVOD5tr6!S5 zyg}+ql}VIDR=U~I(ojw!A>MotEz(dTipOK-8^?75gsBkGBV`w(p(?9XLr+kzJicJG zzEY~{@Ia;$={Me9X|o1HHk(|13HODgP*9x+%Mj69WI^N`=@pYEr!N(c$G2|(ofhN! zoiRCu7_DAe$H=&eEr1ka1>ugRg$>UG45*mNK(?5P@?hLSb65x$m)8ymXGBwdU)W;7 zg7v8i%F{&eR|m^yzTMAprz_c9y39rM3p;roE|l=>sI|{LF>Tqrz4S-J8&P3~EG$Bt z^^FBh3ACA8qOX*;%acjpHRsBU+KW+x&N z{cpX5#iHcCt9ckaFfL*y0>%wXx`ST53Q(U~+z=71h`!ri%dZvpSU4#q%difDTbJzq zXry8GiQO`Nn2JTI{4n*)(qItxG+Z~?@}s%EB^J%b&q@l{^SAIiUS)PRP>x45K)NuP zF3Xh&B?t-owe@)j4rUaW5R(45d-?WM@Je}$lWx>QC0>`cuPaNWFZFXjnmly#08doc&;^ zwP<|uVBn?peTD4){pEe&!R^}dOl4$3=GE!Jf}GFmh1Oup&rqmd176J{e9e{sD^Xf+ z*Q+~Ej}e$L9Bx$oG;2iW4L+r=E)WQZx1#V55sO>am7mP!BBI~a7$kgdP@a7DBZpS) zuZD!HCmk~#Lr9)zQ!(6UeYW;TXU=$`MznVim;CkKZMH!|!sglfO6_9A2yg!aQ(r3| z^7jGo!wAvivQTz`G@?X%7;xT?qXeM@77Z#F^?D)dP>qQL$vA7^<_a};UJ+I%XiHH3 zjGgZ3nXtC(2>cOQiHJV$4BxEdu^--OeT+J&Q3uNG=+#*X2|b@E<*qfA%^NE_Y0|Au zNDA>f%x_9yFs**PzO`1+6b@Q5hLaMp%9m$VMePapn1JNU5#@1$WU-o*!uno}EORrU zWRc{#T{erVGEeDTA^Fco*k8VFb)>Y^$!l^RbUNMo%T!t{)^tePbJ|*Z=u)N$MpPtk zY-2)~O}<*63N9%v)bYT0i?Z$kkSV~xQI*Eqo=88GP~E}eLx?q9g)Czn{pVnfE)D+^ zAOELHyh&?gI&-DLsq0gIF+Q}Iv1IR#LHG0Qc_#|c(G1MQtLUI4WIV6G5Jdx!i#_Q(mSDVy$X7Dk6 z3S*MR+0uLWs2n7`ZxFrzQtfPb%Q}<|HKM3wvhqXC^^KV@-m4`yPIMOd{ zNCx|i4caazq%@i+Rfok($$jejwIE@IAHATI*S!@W=p&ZP$T%B$@*z5uD_F(qGs34w zzpPR*N<{#wEd-aE6Q<-EWr{9Nc?;yA37F61ktEi7S-1fXBb zfZ+6fOvx-Pmk_IoG1<$~EOX&;eB{toGt3RL1h3v)UM-ExS_={<(J{d4;sj!*>~w{p zLrIj>IaA5B#X8)vltO3A?(*e3)bgZ5M@+>Rm2fe2?EAWREo}#U_#LRij{x7p8JW7> z-&TeOj>gKZR0jr0>PuDo&kBi_!?}}XtdIRt>t{-ZBgpk&TQX!cL@LpKPb#u29SUQG`osc`$u)0BtodtnnmfK=CQkqcKPS7(R^BcSB^iD8cE zT>Y(5vy+3qnI@_{RktYWN3RMaGGb)c6HBahJT8fq4I=>p)U8Z(71r=pK6TQ0-*%{q zBK_F(t=>jCX)NpIfReSNrSBkzzc(zsbT;7B>8aqzf}0UQ`O7tDz7u5y4t~!x=U?$| z9>-G7=1UQ$(JB{h#-PhT8(s@G_p6eQR|n0j9llaN{^I>n$6t76!OHP6xR~!HHXAv@ z7y5XLP}O+)P&z5l{Oij_Tm%1CJ~3-KYxl4A)%9pFe23M*@EWyW<6Xv zRYi8`ddpax6M|B+ex49pclN4LP&rJ$fp@en?SlwQ|B+ymD3v*Wqv*DY)H=K*^CMOs z1>0^UX1HE1pH*vuL?(6^>Bh!Y758u*vgw-#(*SkHHT6p&vV1haxNUgjvMz*FSGax_ zOsR?_5Mu5vn-O)ZnRI2$GhU@L0h87sXN|}xXcl2j=t~FI??OE7kWEg>QL43n`RYp- zzM~6C4ZEvnQ@=cn2B;a53}60z-{Fibw4Yt5tLZ=mE*H=6Acu)9S}XqeF3a4W);GJX z2L2n$2>Q)&S0-_`+gd!(*==aRRPqnrHKJsF;{Blk4cwtO1`BrOuD0xcb~1F43QSKJ-5Gy!h~$?HQkl%h>SEoWdhf9$mtXFr+P;RWi5z zq52CvW?7#l>Ue5HkAOJLLABtH(Zg>D|fHX6L zP;HzjOef3mu}8r4M+bg94OV5b;Mv&j!6juT)^6tXsLnMBzOsW&B^qPz1kO0?Wu`9a z4{n-v6_BZ7#71UHah@G4GjO>j+f7@=Y-!}k?QhQ8Xk?>+%chmp7smbtvp1P796|jD z9R7pH80!c4xi4lnWN;JH%mdoBM+@my=YHqLc(XGduKYOzC0%ww!fn69V`I_w#AKtj zPssDTe>Zo&NzD!De}VY5!&S2vsFKD61_lQ0_mi61rMa^k#g%%(R^o=P-X3}ae%xWC zps!-@0anUiXrVM1sP;2*Vy{%$_G{`tV(&zm6hf>H>ANreP18$8HivOqQGw=VG;8e% z!SKEYh1!PW1#(Cs&v%VQBj@q7ST!gD^DcHom0#XFv03wl*RwEP`Dy;^=O^F3e2fUy zd)wcrhdHQ9hz&_2;&&}PNsD)NvVdW?qExL^9riCChuvs!0o zy8~q?mwxKuI#-nh#QeY))7lvm#jxHXo+59r3__2%1Kqq8(Wf?qZa%W7N5dz=;k$Kw zvtaA#PwS3fDxfdb0}hS`2b=5{r?B5!-mvJl@o_epS>I%Khu;R1-HuDH(KN<`!?;8m z_hkAxT{jpI5TFALHe8nqhnCPXvkIs2?D{b(S~pk5ZKncsxVW;02Jsnh7lc38IDkf< zByn!q3qQ4#G$Qr)W-L;!SkZwRJItXQh%G$33XS;SVpUE|8L9R{)3bKI;ROh1G+l$o zId2=^)lz=%iN@aHUKoH#a0N?@2?b`;^+x%%coPU;JnYL(KdGiSWt2Z*;w zdt`7z`~(emMVz<)+0SO)E6O!>J6QY-iy==Cwpu+57E9f!6fdO1QBC#(b>qdx?PX|x zRA%h`?&?U;-;kEZYM5xmw8pNQG0&P6@ToD~&|rAMwTA zvJF;PT{fG(_O@E7&$EsFOWs1leH3Gmw?BYhPI#Em>*#W~Tupyw-}m7XB;s3Z4boR4Us?fzVOk?C{Cy$!%so_7XeYKILXdT$csc0j zL%F8;f0S$7o=l$=2aOXLKb`j$j8ZioglHVUg&$JkJ1-~kyKMe0ZI<|j1u(c-J9Lol z=(>y>I(ghCK}z-B6#Cr=Mf#~i7dv(hm}LE|)wZfSH=AHG^3lIXjJ^dKi@oqD3t>>R z%uY;!m0FLw(~_D1iK;%R!?<0GD`-<%0csfh+{+bW%ONDhnYx6BQSO%~Huz8Qq8ZS6 z`ej3yNKRE>*nzDZ+4eb-eNkErQ^;c=%rmI5F~a0?B&Rnc%^?1*z=gOly?9Bd+@4QY zd~utc4&gGK9y&w+Rz|No} z8Ktr>#;T~VBb9AdlSEOSaao&jxblQ z=wEsKOVuq}0fUvf6vm5^i3*JaVG22uF(&X#s=2!S`1{BvPt`JB47Fzi0A&p_5JV#p zjUzli+&fJ1^U|Tykbqrcb5V3IZt4iQUcb9@+ds_XZ_3MdGVuC6!7xj{KRw1M-6@ej zo>zmcmAxEXUhTY`-c^(@ULREsQA0(l7?HszzpkpUE%#;}9IqdPCZ0i3^rvO}#oPu+ z_^*81l}jsdb+aEqQ|XqAilc{2P9T1% z?X$pNP32qT^ube)j}5m^5lDC@9Q6@7T$eL$0}VhOWUt}d9@JX1YiIb{ z?GgaZIMBuvVD6z93NZYN#j2Dh6xUFO)2eEJS?~<1)qB0A$O;inR?Re2V$*n)(D!Cc z=C7&8jX=56`_Q9UL1i$Q=xx(1=OiS(B<)NhpqFwh7ZIyNnNm{y*mmGBahChSoYg6bDc`%{^;g>MDGH`tIr@hMD@wWAB_qZNA*v{SiJLyDLGVF=?c_92N zMPgc=6i6<%lkM%OqhNBU35!7gU{!=v7Gm?SrIb_-V_wbp-0rpq_g80=vTA^9DX$8N z4!QbjlSJ^;wn#O@xybJDhTgMs^nv=-e7{`u#?+LgUbk4T0d&5JAur8;PZ|ssfv}cd zEjEu1Zz@t8^h$GgfKujmo6g=gmGgFM#+R>TIV~=+0G##*f_`iB4gW(6dQVR&))Y-Mn9E%?WO9n9w3(I&k0OuE5|#%#r)Et zg!J^fGw=V&OPA1g)cn5c;22b!caIEXr5KG2k2g>Qu^wB4z z3d`+NAJ?Qj90zsB{|@{uZhysWSDBsH&;50tbo6w$vzt-Z4Y~U|L~oma(Q` zo!T@Yb+7t*gY+0KX6rG;5aJyoZ9B#!hhvQml?3eQehLs&QurX1wD?o1oNn>_Zu=6= zzE)W9rR`AZA{26e(>Gpr?k&MTER?Gnv)>Coj^24l>hg-sTd>Iw~k{MQDtpQS*+j(1ws{YuRC3ok2?(y}Hi9YMaW zZ?X~5rDRA}0kNheOr)5QuqY|1n$?+<92f2tvCT&#`(x>Anv^kif&TI#PCdaXiX>Lw zFKyX033ATs_}Z+AOYY?-Pp=sMcF)*Yr(00In4fGpskVEq$-XTI_GL=3bZ5jM@+Kxh zB_ZBB16QP52mWqh=VAd%T!Ke*=oK1>)~69Luy4d#}jn|>1L$ok=z*3#Ixic zcgcb*;g#U0gJTz^d8Y<`denSuH_hLb_Upp5t*$`&QFvbT$jxL&N-9Af>x|32eD)99 zf>0Ar?W0yz$&$%x<8%#((YDsX!6>~1br-%rp&8B-wHNnTN|{xFyk|3=xo|@`uY5MK zZ@OB!&lOJ(QoUe(^@Jh6!{_?`W^8U%+Qc@7chgfme>|b|-}d3{!PU;`#g0FEts_*5 zKmclOLPc4gPTK^|`PsC8c}q@UT*W)-m>YmAew(jir?jkAGi*N!-ccnTR7S!HK_C|4 zcB0$erzv~4MssnPC#=#DBvca;W&k0@Z>f~_c}V+x0g|84MV~jnz~wAU0b!AFSe>4^ z0}}6(lQGvA6nna`>wwRSAYS9jzugi|>P|D`HzL#*6_;na0}UkL#~$rvUk}FqnG~M- zVk72}=qZK$i6_RW&Cz((mtDA{Kp0>bt$DcOF6Bb+$lxFNzTSQ6#O5#v<>9+GzIe9% z@9O5lGJzz&-Pc>J_JBBTsuIs=aVei~JY$%=E;qdd(IXwpF0u%n3q7KkaykiI?w`$` zuT~LJ1fzp3e(5pe0QxdXmdvS#AdeCu=w$ zpZ7F}c3Q2jL`G)KgA|yqkM=sUd8>JW3?YLP*YAyJh1A#@b0U_#yextQdAI=Wah*7|qwQa-Lad+(LgkTxYrGsSuLrq*yrbiB_IK)lE zzr1PkH2EMwc0_#;K%^gVwvz@2U%A=Gh@$*`eL*v{5Yed+9dgQu0oC!565c}EngbRK zNT0W;(dFR6$dV$ItIlb$DQ;@Jp`nE6QcYQh6)ey?3}WTah-ssWWRQXMHPCkvsGwRo zX9SY5H^<|zNv_c+(d>$c;c>#7+u@)~{-EuQz-`$(G-%B1ZaAnVp&wO=#(!NIptldZ zE}nKBKSgVcx&j#E`~n6z#z{7W?l;WtHo9(`@6XLHp9P_DV9Q+83?|DLJ7z?B$rPN3DkjaF!{y5yWQ+s`HO`bCe(K27g(wa z*69~lOj3})&`<~k`JGl$R1yyyEvK|#3DmbnX=k#^MIFIUHG}ofvj~{=<6D^1b~R{m zC}X%^c=K?Vhz3y9qgP@PnSdi#Br-(&sw@_V0d4$MB~}h*fs5rfG;uz#lx8J*AZfdIlB}0z3v9Jdz!nwEFx#X$|^)!#I0d_L+V?2pL`Y3HtiueEKA)6snfB`^x350btwB7uU%sGSb6uJ`A+7gR=H zoPJYEU&(;z+Q7Vrru8y~P2YKWuYBwDeEwH$e)Baf+8!jV=REuGGptAmBCV^^@GSQ8 zHSzd)czMAR^#sfBg=<$T+B%dVrs)8Y)fbz-?S}Tdt)c=`e#^!FMU)HppGNIiEyLW2 znpV;lOVfdnRR0YBEvVSfpj(((-%#VFQ@bX!QDSrl2@A;dc_e7+z%3=;gry28lOycZ zaQfAhy2#fe{zb*tDm(`!YJ!R`{qwNbtRG0#A%u;Pc1J5#QMq@h!HnB#tEsa)&(czq zBO6|dO7G)RFU(NNFY0ScVdQIDNmUFXv8+tV%);f1Db~i7>@@Pssk08{k zRL)_uf8h0<_RYl~(D~n!7opUPXKTl&6O{&=24yRFkQ!F>W`wBuhQNt%2 zXguD*-2_MN=u0My_?DnS{4Ue$Gq?SY=B7+u<&Dm_Pv+hoZoGFcRjpp`t*WbW_dX23 z@*W=k$dduv6EXwp>h_eX$+%QSsO-14YCmyYRLxcJ2j>2>W{CL~1Dhc>*iBBZuf6{i}3T_d(tOY(x&2jb>@qc*mp$6 zs0hVql_WcGj={A6vz{)ToV>{I^kbkh__=+Sakt*RJ!+HhqvI)Fy{j-zbZ7!EX=G1^ zHxj)0z`Q+C3-Vbn8E+3k@DRiBO(+!r3_y?;jHq217F(IdE5%J=yqqKmF5$yD5UGr( z23uXYGHw(FR{b#9r7>sE!4%Dk;ufYzm1$ZtQOYuB6)K{^o1_@Fz!|Gu-1yfnEtMEs zR#rCh35Fy~TDtxmrhsdx#q0KzOdj;igxP}qolR>(5m4(p8Tg@*2k$I{B!-q|MO~SI zQk9%c=HMPAtUW4UUNkoGh0yilh{%@?xatZ|5$cl?Li6(TK!5xLIZ0QH^mCI@J^|-P z_+DP)UzyuLvOSzVamj0wO8P7k#OvHM*RytVH{wQK^rmC*Z<$>eW%>OYMlc z=4bO>xhVK)(m-v6Q`;-XSQUKXLYo@kQMoOa@hqO`W)lWH7+wLhlH>gGhg;Zd5RPx4 zUmc+|l8%tMx{dsQ!(Ww}yWeIvF%O&IKBTE#moM)B{wL%;DCN4so3GxRUbC3Wo(RkS z2S#%HAogNBes|GmcHP)@kG@j#fd0zAs>r`WFCYIqJv}``=Y#)9P|&sgZqPRWZHX+O z@R6TC_3Fs_WslIk<#ET|kE;jX*2DVND$4poi+I?}^R$y?6Lk$;{p#@Jf2Sm?3IP~> zvsybJ1nDk{gH<}#&k4E`0DQmGiy7{Xg3rBSGt5g|^sX3X#&`?aC@z|8I$Iy1c4@1F z#GQCS^|5mDHAvmI^Sy?kt;2hX>QSMAA0!Fq{q9g=e35?mVA8hf9-j4jCDQ4$-X6VR zH$vBFRWn)#3Kh|{lIGwd$F=zGR90WY^7Scd&nGmP<^JONxwpz$o$TP#$L`CpYKoOo zdmPng-x96#c6M=-f!n4`?#PV6Ry%Z0nkxmrmz4$d3pfbpF|ijX7$?s)SKv(KXID1p zuMRzdof0Rf2so*ipjT^r(JlGQ%gcG;;vb^!c1*+Ys{F053 z6#D1Z!m3wYv2f|%`G(IjR^t%Sl9^V?`}Lom3|SCKK>H!EUS&#-?qw6>*kVVo93h9k zPT3iN+PzMxnsZM`%H2zWj3Auu`NH~5nY6gr``m434myR8oP$XiwEs;<%MW>JtU4$m-lycPY$sF^2Tv{8Ha|#)|o(b8iH&@#&Ob z-u#R=^^ttQQ?0j{@;a2=&n?kP%q~-ccAA3@_wUd015ZZVHc^LsohD-% zmaS5JF^K5c{nqDG(tq5WO02lm1cbP8uh-Uq!G>5?-cOb*yN&d+tHp-4Z+@gh!2soT zY7>;>-_B8yCAXNkwZVV2X@afXUi53j+&Yv~Cf8!ov&LX_;OLRg0XvOh3D0JyIpo5L z9MnJ7j}*HspScq;7FE`$o*xjBrxhKlgaOGRqii{8PZ-yTS=WG=VI+(U8$Sxxsrd>Q zc%)PJ6xM7JPt^cE6QM+xGx@u+a(a^WLr%X^)g#u6=LK`{DQmgo>byTO#O=LD)3>k z+^+zu(kwe+6vl+Lp-{aUzx5v}wlRPOsQ%RU`Ar=I)anXWnYDexktEoT+P9r1 zP3oDb(8=9d99eoy>%Z8)@o&jU80t`pG}Ilfpn$Rio7)^l0SUVDq@FryV3PGF6R1s_ zoRYy@2H=NLk>;hNgZjU#rDg|}SHkKv-qY|2$0$v?C&Fn=dSRBk0Ytv|O4$wHl-D<1 zRvZ`4kB(deyAe9mIMEfSx3Y>|3&u|+tRx^^GaMzQq;8M&_`>a>w^v@nA#5_20+*6C z3pSP2R1&4u%s3)kP&SlfAz;GKkN-me*0r*XZNt1UMO~Hd5C`p~ z!jyU!OF7ee@?+als{f+{LSmT=rXJkBwK^ zK)C_E_*XpV%TUdh9X1B)3Zz0r8HW-l61`(3kae`yUZVxgp~!t%P7xYzfg!+UyBZ!R#2o1(XqcDjRug`6-FTvE6Bh?;j9YXt>`)HH(i*>0df6K z2c_^o^0bW16#EZsZQ=lY3=t90Y?3E%r0eLCOFPU8w~nIz#3NN^sw1_AouWGUcb&PC zW1uxbXCi_!l?z$zN~JU3>wcc9tiGwqsjsQ5pkJ!%f-O}*k$x>$8z3c%a(arXyJm59 zHM2eQ$HycUK2ggpRlVO(qs3cD;b!_XA}4;nSH6-YZ<#D zDfBs&;WJS-Rxa8LYm-+#(Y32=k z*72?4cW3#H8RhLIb31QJ3=%e{?11Y>pM5}yf%Aap^`3@MFd2DS6jP5;kwB7C+wjK* zG0#3C5YBE9n_zC+vpaDDE~%&T6}+J>1FVd#|5!Qo{@DW*KF_{Sa*m%+g32BC8j%Zu zB1!a=8dY@^5(Rt9l=`WsmI5MeF)*~iP!ZRZ$=r~t#*99S8C`050C(%t6`M(ooC~tB zH(Jc1`F|Tij4G|o3MHds1+6knd`xJ)x0*Z3)6D+JOaP~VUw% zJuJEy{g*3&zbe4ZBl-qo32oJ}`yj<(a?IFr5FAlOQCX|RAGgC8!3fJf;z;*wJ8*Ea zFd+RPNlul*QqV4%v*L-aD64JOF-7IznYWaQq3L&at(O|Z!z3$#7axch1(9$_`uV|p zhabwk;pi8yF~F)_Xf`=25r2Y5bhO7jIE*`D_Pg8bN;-aaTT`-W8Q_ejyd+FKsUj-# zDjozVc%u#+E$QnK~77Ol`kHhDV2KP=dxyA}!vFqx92gmwx^vMMvpP%T!6uMLEKg%3;WUy3FO@FQA_EmYnwX$yo#-verjJ>p25|jthuK z=rX%gfnq`h&r>MV$go&2F)=VeErSHY+?Y&UuPc|F*_Cc$ie=Yk0ADSLzz}dZQIcHs z>*pu6F`W|_Iv8niB2jd!tmvyiNonztPws~hOgSzkDCvi}o(ckCyx-Jzci#dTPJU{R zVEppADIRdSoprgDz1)-XRp?H5*S_!MB8k@Rk`N9XzIoHWo~%K7oUFlzb|YS^Y zfPACr9i9#J#N|C_^ws#qAP|xMDkd5^+k*v&Hn$Qg|NUE_A7D$WSWv?_^5e5cH{cuO z8-&MN&2YNg$a>(_{;UMAf{6V_u$D={wAr;=S%U4Xy^Q379Doq6Y94`GKKYxC-fasr z;a5|meLp?8G9tJXW>GMk)!pPu+&WiS&p#AriJ=>iMgY|EeRmKF$1UWB@g6#*Tg=2P zktK!TItJ;?K#DiMBDu=RaQ?0&zMck;0I=}DN|eI7iXIKPq@-e>s2&3V z;PR4n;_!8$xe()zFGU=3AH^kN>f?uCr65`#)jiT;0We2pwRK}QJyH(CW#2!rHPBPS zv8l?6@kI&?u#{t=_V0douZsd;5dhp=ZDiRW%`pc9s~>B1znDmwTQ=M{Qg?zlu%W%d z%sRW04(4HCa7fW%)~oL=*7YIcPx-M`@aP9&@0Ug;JSaz#EMWz5e}5Hq4GgfC+|PHQ zRyv+>QHj{<5i;8fLf?Vx%ek>Jd2I!dmXwzGj(X}``Z&VqF{++tt(8TrAOsuj(NT98 zj3yK^$He6QR=*Vf_UnQVDlXz>7n_hixv0LJ4v;N2N$Dm7h7acak*m>Z+)c_f3muym zR?$o{exwQZ;Nx-|iL76*;RFfb5+(Hq-P9#nLc;4n|a1yfk?-rjZ~>NKi=?q~sw+H{1L6d0If{o)BGJ zrfLZTF}Ko6%XQGf?N{j}A|$6$rs@v`ICFpan)z^#Kq12F69}ikn!5;tCOHGYJnGp- zHZ6vOo#Cg5!1X%6TnUavF;cRR76V^j0a$BrF)$j)^D_gyzjaessH;KBab`vtpU527 z%<8Bofu^4<6>yeQlZPa6Gkwj3Fv6>h^9ElFkAnircyB%Cf$u;AGUHIHD-NQs9mh6uBy1?@3;ckcd+0q zN*bL4>v)mQgCKcToNaf zU>0U5f|i>WL@jL3rKSm~j~)z*0u#krR4sQIQbb$9K*6mwNxJgiipw);8f|FH%MGwq zbuqT+GALDngS(kOG(vNp^6GoIn_-ROC{`iS3Nv9cXo;#iR~S<<>9U-7Z0gU0o;phh>FOQS3U9kB`rI&#y#eO_Z4Hj0m{`(6i&6 zTO+0Z5F2_b(?1BdjZk9Bz$_@52wsSOWT^lVm`c9Ihzi*`A3=9gsD2!&H-RiHA_lE2 zeu=)aF95-GpjcDC@n4kh&aeP9OQ-a{&vwJboXE&Zl0&9{=wOUC*mARp##KZhi8X5) z4>vy{(tblZ3hYY>l}Yx7Kl_aQ84&vmIFbs?`ICF-zo{a7HNg@u_8V>W=|ZDYNT#Pd z(8|0AU;I+w_5SMJc{9eZ2ZYT7*Oi~2pV4z#SJLaC{q}tEu=D!hp-UlwrsX|oAXYDP zS1-}foB%Y-HFn?+T4M32QpOL>GmJ`n#}7Kc2i_hF+Q5ruzotCUXwUZ-U*xwwK>5(D_45by?}J5`UHGW` zqf=O8aO53uTcRiWW=^;S<#&ZVxU_X3-w^xf>RvO(sNQTpSjh}xR zCP7H;Hj00G`anb^p_{{{nHgYLX;_i}d`Zx9eb8ohUY8MY^M}!3rt4<73k`tJZ~1%q zNj`rrdkBl)&Ab*|oS*(!=*HaU0fp!{?ziHOW(sy~@VbZ}_mR7NS&Kl^6EEzv{T4Pd z%mVXw+f3PAT-j@PF43U67JIKM`%mthV{s|&AMRWNuO0nut9){?yl&YOzMxUT3@4cb z+KyFj9nz$^xo7kH`;>l}KeolBO?SK3h#>6=)r&87@7H(g>S-q`nQC(C&8Ch`GPJ{P zq2YcdZ+@CN(bJ2yuiXNr-&D!C9b4i%FO8Y&KLe{EY-UC8SS&EN=>eZHyktt zlP=85>j)<6=*yFG zA80~9lGo>YEiQkvGqQ&%IgWb^X=U}L52Q?Mj#}wFCYIexlrLxnDJwPS@7L9&rt8T3 zkzFn=N0vuFi;AWIaF)Q+myl+mshDzw!QUF7_=m3d>C&6Ne-2QpCTWV5PR>a7@71Gx z;jd{h$g}J!YZozheyAV6e>(aCQ}QWS?~&$DyZm#|PRE6-c4#C`vytafwty=W ztFQs3Grb-CpCt|(2BV~vK$hlmg2F#p^}7e}Tl?q~woooH%3gQht>O*IFeD^(Adjod z)sytB?4-~@)lCnn5}l~5;UT0U*YCmn6f>+yYOFS4TQ0VY93f1BlOFSKO~NObEIKKW zV)?{Uy9RtFK-t%VS5VMJuyGBn?9|6TRvfb%+=fvlvyKwN|}0^20G74uhBgFu2j; zYq{yVE=2!(*hp+hOLPcUHYJo&-|^%ph9mIZyH{?tI}mj)vPydax(L#&W5O(nx9+bE zde;OVBe$)>smoGes1@n9_lH9YGp-Gv1mMg}v_{0SVG#x5Z0x(()ZLnNg$|{0ST9S~ z;e!2~=o^ezhm_~;ue~fi=k$*1Ut(MjgjF)4;j&SPp$@M$ylAW=W&x&C>u1Qiy5te2 zet;b4n;Zf`3ZSopfF6In=|(ND!A+7Z?4hx_GvyZimCoFSQ0R>3zT0?krpDiHNYI^(5hXANhT`{^rW|r^xA?Xw8emdth3y*Yf+8}78c@b< z83*PrgcVeuI>#nOPy#Ad>BT0`BW2b-rgR*`tWs@*O+S8R-AW#zU3q+;$y6e zCz!NeiVosgERrjdQt?Dd;8|fXsdyMEOC>j{kQ)~_cSt5RQYVD*A`HKZ9h0!YSzHIA zk08Y+N{Z6p>z3;amMb5jF0Tye>1L+ZOUVkS!4?31UY6vbgG_ zun@qqc%?7oX%bdyC(uugS7HTvo&v%Q?h6Cs?-37xqVf0KAOGZDGOlb%bbm+GtU)AD z03x$2`D=>I?$dfBPuh(Z)AgPf3ru)?h5GYf8joJmKG!~#}j?Gh&3ff8&0Ps;CL?4XEgR5?zWXcz;z?d;12Czmjtw5pb53R z#;ZGzUrO#bJjgxJ-oD>t$`9@A`ab%Y4qsLz+a({lc4<-!F1!R6P(^ zH_+g@hs3b&5_FBWgItj3U-Xs9-fkZT-Cv`hd_6oo9DTJTX7B-oUTxewcJ4k(BC|%I z{bd{j{XqO^Ksn=O2#G%cfc842qemM-IKfoyzi=LmBr9ls9cK3>+GqcOl||EA`F(~o zYC5lW6iK8{mk$HIpwI_y+CvGDjfTZN>}^EKoPMkylh{RPS}8Oi_xZfzs4<}X!9<_$ z_MPiN(YqtO_jq=9@|Iy3VUy?c08~X67U)zWE}Z|apXR~PZdaCj{@{&Ao2ax8(4_`x z&jYYF=fs!XPY3bIv^3X!O#IM$K+^Q?U&bm)pY_|fYsD!q-P~tKt$u|lwvBguTCq0p z^y}a{YEjh25vl=QzTlI!`d2jvgT8>7v5dt# zbi`(LeEZ*oNfW1x{?mM7kI~G^c65=He>q}P)1v(J)Mpg&<^+T{Hon*3n7D=~>G$AM zK?7kM(BxWjZ7Coi?<8ll{TBVEpxRbD5N9U*DKErQ49;%4mjxHQM_x*wO{0@!#~tJJ z`MkOMTstwKYT+zf_V-^il7~a>$RCd9zQWTC7+FdfHc*>eln9pgxxrS@f${sh)ay6q zezeCtZOy2sdEtSQ7AlCesDq$`Hj(S`d6>Y5d8TkuOzLucaxzS6;$8dQp7I(+u#ymD z|5gA)vYq-z8qYkQ34WSDk+RK_3={W;!DeXepW`P9;}F+oWp7~AOUp)+vwyqamRR&Z)F0_F7@ zDqdOmW!O!25u^tJVr2e+3VcE4_s@augO7{Q z?9WeKNN}4E=d>uNbDRjq#@Vb?NN37F_ManH~v-)Z3I@Dgcs~Tq6DQe=PTfxaPeVDXTss7DbDeH1*kB6Sz}yr_9i{LF6m>4MeKV+GAz@fYWq zSRHLXLDLs5AYqV@-eGc{yFyQQr*em@*KVrO2rDI|a+lds2f)RpmE8@Q0ro|60@--s zs=SF209y(LN_;M~%B5B;sSvk6%>I`*B|yOMZAkvkw?=m?C94tSM2rF;N~{bfWO|HS zjqR+_M1jRgn8IFG__^j;jmjfquxOdG27#?Ts6?<5Ao422Z%{=^Ll?ReE$olf_%6PY z>JBBbsQR)YX_U~0dfHOYjK}Jl1~~qnH2bPWnqzqd3hZ`V&{V{qI5q-`ZV)q*17Yf1 zX~|LeMo=Rw;`p5N%ApYYDKakNrv@LmOV*>eIt|-RnKTGUcd27kpDD-EVnvb?VdJ+D zGVMUY%+qkrWcMck{LjeB*HB%s`b*-sF@}D1G^BXCKU>_#Cs#J;C7YZUTiHZMy~o|4 zQ2X+d)I#P@Ay*X>p}k|A{eZCY9qzr5*X~gvKqhO!dWnC)NSQCxEdIU07DUXDf_JY! zm)Z$`1wiS!Naeyx4KKe+4?i1z##Y9ST?3@{zXDfN$YWZFU@HnJC=|VbF;*CGxVRtQ&JdUgN0(mQyh zPmXwzMfYWeWy;fL!o@6o2BHW(5#pUz3#esjsxV6?v;I-&W00~{kidI&0w>JqhU95x zFp#a7l$%M3Nb~iaB2ddOgY=z_3YMarsDcHnDi@1U)k3XWh~jx&Y;a!)0E&&#ai z!6lR(93WA}zEU;7pkO~YnbJ(M9+tT=@~f@RX3p2{M=j{Cp*!E*)+1)Oa*ZK4oNih( zW~6Io+>#+XRvaLez_|GZ?Ipj7d^meP9R2#^9)k0O>mBVrzkYl08cGT1qkcGt=Acss zT9vi?2Q6K{t9|$h&1L)hs#b;Gb6RkK?j+&kIOjIHi;f;*Nw&4jkH=-9|6)S_l`39v-EQIjlz>IcQs7Q4 zZUzLLjRS|7%lTpa?othivVzr(!v-KuPVlW~4=AYiBM)CF*5&rMRi@drt50JR)2 zEeBlOJBC>O@6TYwp69|;`0~F?I-&k2P@Av@MBJuPCPo77T36N zeAp%6aC*WAbO9mm?<8KF14Y|*qvL835M^EK7F@n)9HwN?(mxAA?6A`2p8K!<2W0m$ zcHLffbsaLXE^JYtygK7wgeV`J?Q(v{Iey^Me&3ArlSSj_>IH;+5Y z?*)piX8u7ZIKj~S2GekDh ze`uUP9MlnY9Wd;{pzlR0m8BUpX)xejMJbHs5Z9M*P4xEN|4#H_ziNrMo4z+8h$#xVyJeuzC)CvO8y2R=)C+r^9CR6?f7+S zn{)^h*-Z|?+PTp6QjDXyd8Pq}-CuK% zI0!i}Qy^gos>FWAyI(i~?YsZ2{itk-V8&rqT;JltX8s*9`mq}{<+3Esn4Br=YyDbF zFDDW2tG$R}D>@mWm|sMn>-?AhRu=W;b`X@!y`8%|0%MeA%ff33Uo?(fAk<$ZH^Jww z*~uA*6ZWvTLxib*1A2{4))POo3@C|6aRlOvvQ!~1GC$~i%J z#tqo$W_sOJ5^omr2WQFZl+ljmx=~~d;Fv^}(Ub_ZUQ8A|=x!L@BYS|c$$rdN=OC!Y z@&exuWSmeMC1CV0tASIeB6Y?T^4`^Rq-9{;5ddE45a5wHb_N?eo-)0J`@N$`2sX$2 za~o6?)bbRhUF@wNMXCPH#LrG3)3n(~=R}&4rP$|jl<|hyEJ^dm;d@yceYMJ92E7Az zDv%n%2U-jyi@Yf7ovqSqgBpmih8_2FI}j8m-l}?VzpMu7sR7qfo4qH(>19JOX<&z8 zu?y#iPu^F{V&IJG);7x0nVns>D6~;>&M_L0F@hyzW@g-65}zgVrUH#Qa<=HXzH63h z0y5)GG#{BTwP*~;rYy~Hd4E2$BeIxvH^>oo9Iki?zjyKaN_It|5Z%Yt9Pz2t_CJv3> z_W%h^osuO?ml|q?_%@$!aCzT-u8#sE?CjKeb-9RoZK5Nm^q_Pp6q8Wex0UIZApL$g z-1CnQFDdq`c`@O**_%p+CqQ7zU;mK|0Z!xc*VoF4(X^^#i0&R_Y1lL53sNG18F|HtfRt-#-hlqPgM{1n z>U?+$Oekq#_A1lCfoy93^=DZq24psSd{lr73JT7h*x1{bIeqbvV)@T5mDaV z6W~(YyB~7_u;bM2!LPfSmVa?kzd!`URU6=7hhN{af~!}6R*Vkh55#b+?4Lq)rPd<> ze~~UC^i$Q7U!_SzXh1`@Qw^e<&)N=+zK*|^bn^wGEb0Q{)2KmmfMK|$Ps+)+3E$s% zj3b5sl!}9Rc?C7WAv6Z6pK zn0@xS?CSaWpx-&JhIXYoh`Lg?^trgjL@-Se5fAVv?$--Qw5bQ<(89|PpYVTnd|27- z+y#uyfq0UaKxM=k3ZMRY51tw)bcfk z@!`D#XCG%)Fj{#Ujg5Z}*EPz(oN}(#3Wyz({#Z~Rn!FFX)0H^!sEbuwhpdv+h8G)& z_Z7h}!lm92juN~~fM_R-&iy`ZnfoLvrZHiw0lm!g^HT@;uJ4ev7TCsR1cH7ekI2H~lb3&>Yhy9n#d(j>E!f zH(Pw)RK`8WV{q&gVxXwb0a2vIf(R(O6JiZ4M8ll5q)NA!eisCh{;Qg;kH_de0Il@) zDKu!Oc@JKz)*?-bDtd!Z&^sx4G@c%{#>B6!(#_-F81d+61!dsfqXwFO%~_8e`+)g^ z9vdMB0Z<7OH8Ck&miU-h1<@#dw1_1Ga@Iz~>7C|40!tGnhy58Ryh`+5nG&xYn;kbC zMw5*lA8i96R|lEC@u*=a`mwt|@|`v`rTkGOi=C2^i9)x`pq}{HyNnWp(IzyM9?p`e zjx~)7ce0{l^BooLn{w16toTBChh9BC9&R@bDoXnhoW-%w}78BaYBHK5PRA(Z7bt?jq>RW@4;2;#8y9GP>qcrAt34o*2l(PcWc4$sxdG~4G1h8VQBK7r3qWN)+4q5va&e zdl`YCQ^A98&AHi9gTyha$=Ygo!iXOX<^*38r2EmF)Uc}e-jXkqX$f8?p|RLbHWlQ|8z*Wz6e*Ds!56Kej(D*gMrdrMreGO|0bj{9xh6;| zUvO`w(?KR*=$Vy!t~SpAz>qlN88T98_^{$xnu0rMn5!E5ja#7;j8N{(JTf@bJ-rUk zoZo5L#1YDB@81f2>u5^L;VW|Hvn!{wfIU>S>9;cw<1(PDK7C2$DdIGcF@?@XLkT|O}+SM2pI~gR2PL{KwzwiM z4L+x6umv0e0q(wwuEa9L_2)g8EJccBCRKR#flA{UD~fszD*`Ma1!%~Eb|zbL19?ne z=y_&n+u|I2dcQ|7q~a>}_>+%kb4X4!#2xKCD-sU*g9|Tz+LQk74HC z!)G`P$YfUtxH0j*37J^TAs*<_y;K%|>dq4?M%Jm!68Nhahh^S=e|Ym9fX|j19g;Sh zsn)*LO3t3O$x29zx}4sI<;04XDTj5U^eCinWN4@qg z(9U`ErOYTJb7*=vjf6z#{pmZ=MsiSI$!Ao}f|hCS`Q!88B6o*7I;is67_RdsY1X;X zobp2ge30r7UDI3$#!@`c8ZYv9&AX;j!h4@|)bEMZ`0EjJ)8eUvw<2T}Qy>jdH5Yr+ zTvdF$#HS8UU+qZEOkBlsNwQKT&mK0&a}~bw1)tKb{MG3UjK6E=+KbraS zY;7Hlh(J%5 zNlImy6R}7OaUxZes$Pl#spxbFAL5#X2c9p>e^x2yHzP)OkCoN%@q>S(VR+pnKZ(lk z+Z2HfK(q{xW^q@Jho)Cdhw5vKJZ1E>mqU(b&uFdnf)mS&W!! zC|>cSu@(6so#%SOGFbbOkXUuQrh81C0^Pm z^1;+Wh#j)}%V+L~0`&>GgP{AZE|f@7*K#~(Fc?LP=pH|1f?|rW;p~C6w70tnRnp*! zw+DDryrxA@oy?rnQ$M7qp2_dDpS2%2mDnL`t|LBfsY2l2#P}R2!eEP7OkOVk-Ds!^ zN7+qyNv}3yMy#%W1cDX@fiy($r;QD|$+K-`9s$n=q{fo{xC##q4R;iVAd%??2B~<^ z?0Dzr4^_jV(SnYyJi3DE@T%dGrC7oRkHLYRkLnCCfW(wTSChFM_1`3c~EIvGrfrBQjvg*DX zhltW$B5rteS~*|(@8@9DqTh=kAjSMSN_a3(Op~w5IiZIv5L!el+!!YvskHlMp{9to zV;Z2uhP#4Zwtshxjjuj*;TyOvRx@{S)f;mLG7=KhOQ9-AfkEGFE(7q&o#Sg^nO>hE` z)*voDevlEz4grx0R9!&pFY94PB|$?eF)cxZ3#kJ#AwxDKL!PBF`mar*@YYTO-)Hx) za5zcQC6!S?T(54*PL+UC=5{6&I0z8sYq5Mf)b1>>Azw)uHgZsX~6wFZ9e0 z2amDOd~@X)o6Ft4T@)N&|j0xC~-8#o-36+kkZ9KQ9_@ zBpd(y37dR)9Nu1XW4CI3-5MAAOQz}4G^_07g?H-^TP{MwI%~Phn04cLM;2x*n?OeC zQ77JPOxjM!Ocnt*w~7%UBP;De*AzVn$RQKQ7r|<#etG%rxna2yYl*h@!pFg;aS0RI zTkAh7EhP~Wszs5;@K#mz+W9z%x4}#6i5e7??i`wDtb^GSd$ajTzo2>T?_B`So1mPY zfA?Z$XKBCB(}L*UG0pE^Gvwq6)jTw)&%3DVeFR~$rMvM|o^3pWh^M474$}kXYR0^c zD?JpbZE2)_seAtXTf)$EI?n;4Bo3?Ix=+Mc_G3xATpal$rw+Y&wDQ@el#wy366lhJ zX{d{tz*6_W{jOme6*AZPFFCm~tpK0{I_Wlsh6&j3X#|6~els z-7X0NQ8lQe8b0n2EvH<%i(wmWPGr`kn+Lsy->t2n=<~ z#H8;`l?b_c=~rWw#k&pAD&u_BRoRtQV4}_6Z>pZv0L7yy4H3 z&b@ig)Bi%OTM3Ee)YsyxKp>DcqXdZ9(mU(~C_+_qNw207E9>Oh!RS5#x|?4h)+8|Z z$*j9(On?S#DFCt6Z0xNrTuhrZF!iwn!fe^1QY{rB_Ci?ca_ z_=xq&N9QZc9T|f(cwD4mXsFIC0%|j{lFpM3wS(9;VeXEMTLt;$*?^!68C_x7#W!kyamm}2vfx^&3)i5kV(2uo$~cHf_QeJXtl>FcHxDnV5i$ZBC;Tohj4wtH znVzjiIcpQy4T&(@~RWq2D=_J_m>~z+#5EGc6It3{0N#EOE}M zOyZ^t`eto|^P8yw@A3ShuY zo62k5%0}Jfw8@`9W2De8X9b#{~V1{ z#V9wid@aGQJ6B*XxI~pxPI>VCSdJoiWtNscAINwXA1;QT5#!6mVygo=Uds|N1d`Cq ziZD_QAGA7n9ROyllbI&PH6S1@$m1d@%&GIsP%JyWC z#!h0IN8Cn&p})I_JN`Zcln}lNRg%6i!OKj=OCQk z%Wh}8n2cEgh>NqYH&sBEdLP^ATgk5TF(3!t3W-b|esenwj2`Dew%!FG$}^b-#CgQI zZI^UFUMwJvy9N^8M|U4S0eHk`iPD=o?t#<90QWL5pw?-WsXak#R=hnM)lE$ePaZ&IE@G$g4g-a%>OHI#yUQ$M<>1-t2RfX-Zr-fLp62MWiC&*x~;l~x!jH}{cyTDxy{2= zXd>QOq`)1GJ$YKI711rZ2dEA$3x;m{5WJMp(csXYY`xLV(;Ow;VG%>5?I!d}X8Y>~1CiWZ>*QUv1gknalwA%~S#1b! z-*}bymR(0dpT4TWqY;{Tuur^(Fm2W&GEO04q)U1g^3`D;=@JvQpLvhK{$fK}4?%+u z=%pULjd*h)-PNjUOEhD?ew>X>|6odOqlAR2I2S?5UT2t8R2&OrZWfps~%mf3g&r<4ZSqn$(XM^ zQ4(yRJJ1hS1Bu%BTIiy9 z=_MU+;Nc+d{ZFRW2l3omHLG}6cD81R6+Up3V-wwm*Ouv+~f(i7?SyuY8crh?0*e!j0`_@&AX^;U! zztG(tu8=YZ9Kj*Q^yUVM$NUOvGC@UQe9}jgFiLFe&zdV5mjEg~}gpUJ{ zSo1&HyQsSFj$#Rr%GbOj!+*c@X6PsA4*_q#$IcQgl(~6GS0R>Jq!lt9yJz-@(>cNX zy_U{5S*Lq*WG5Vh$+NzDR-TK?P;d;|bSur+fQgaD`;k(=^zceqq+@)%eu|c^WAvxT z8;76$vE9yTY8X=lz^K|$M%wPo2^f6w4>%8+PM5Ptv~^+!Of?^DL8B64(@MaAF#e(8)Q6K**u9o=S#MeE@kXc^*j zlJ-w!MM1-iqOvFw!n*k#hQS-_r%OpXMMod{+g-%}>unY?7R#H(z z6}hE8o+7{m$P{qcaf?jfU$cQ?j1W^CIzu^3;$vo{${clE1D}lFWfQ7!NC@F^pXks- zvP~ID7{DSl%=o48ci$=&6*E*m`YdeB5{`k zZ*Ph85p;Gw@t~D@lNTMKmfVlRs@QOX8t}qlgya!eL22fD;W=?}{ZO$dnY<5Nuj!PK z^8~c9QvJp^efP>D(Iw8G38i(Oe_8ObbwM6{Yjb&$pF=F~s8Lf=HOD#Eht5!o!`f7I zeK9BE$Ym7X%H!R51L%%sK7|)Lf25%6??%LhajIm5OT(y{u&Hj+fzl>0JOWZjl_EF~ zmM1Qb)3_l`y%{a*Ci+7}9EoB}yf38JyzU6Y&wP#Xw+~3dQee9gd=5P12mrOyjvfB_ zF(!gjwkYvU4p~||R;3c8#G8t(^LwHArjoy&f1+y;#}LK-Pv@}sZ`S&H*7|C|`ql0; z_Mk71c;#=;Cnlu34gq~Sp!W;J;dDSkIiRY4wYa!)TB#ww-3O%C?k{%$4E>k+51Zn+ zfeM(3f`6oF+#El-Z7NM*yJPioDjt}Pa7pPnJ9?mi0W$k@Kp}SqFhm8{yK}V`cxyP( ze%Igh`laBrWim1{T%0*pQ22-!sAzzE{h%UbyMj{wc=B12{3##>xcoPy81lO;^CPgI zg^vbeV}k%8VV^bNP>R>hPxN7vc%FG}m-Tkj{bmyhjCf32iU>h-l8s% z4d)HG>)HXl9^TYpU{P4{V4(p>jCK3g=Dmdzmf&6-?lFK>0tXau5$c2YT;}r@N|O{W zibU3H8pqAuIiCX356f4F1Gm7{J+AZXbTO8%PXgK-!$dmZI;#O|60&$Ua%}FaAFr(r z0_VxB|MiYJtfdxS{lN7ijjD^IPfd^B)xY}rz@g*1pI5x2 z8;?X~1?mIFT#U;;Ul(*L;5rr@W!MP$iJJ546kA-=-VeGV4*f&yvY+_1*flSY`8agU z=fhsh;#?4s>vFr#7@yU{d}CHeYd~Bn8PGr0#rgkq`(A(#+^OA2qZgCB<;;Vk3k$Uv z&SwdoKDrY-QP;zz*JXilrzg%Yr{`Aiy$TtBB&-SSKBSSkG=amr*$VehRA7@$4EIHa z;i-v45d%||UYp6ec;GlJ25T;OH}i!JOO~n)ij*8Q^X1#j?}#5wxzi!2v3 z`wv3+MyHM58_px9FHC6IeOuUh7L?8}d(cs6?XqWu+|uxSGNJiQV=cE$ONa-~@QO~2 zfySPirIiH}OH55@HJr%NhM@>U-+-(mmGp#AJa>rJjlDRz7bLSH;m3eF+XqWUHm z35YIV7;1pf`~J~vYl}JNQaniaTAgVE<-X)EN_cK{14}bnUt8XdNOyV!-28p~@aO0p zQ&iF;Q@x({?a6@U%X9kCd=hpjXmeS69KICAg6K{Rm56~5c&idTS65LI^K++|G}MY| zN$;$`5jhlB?c}|6py*Sdj`yHCqmJV z7CWe5Ll>?R&aJwNGy4y@S_m=MV%U1e7sRKqT-E$?v@_e2`P{L($_Q+bQnpqh2m9s1 z(D?X6XhSoQ3-2ua=_}mI(z3?*ftUD$S|>YT&rCr(E6>~I8}AoyW?l9=w=a9Om80Gl z?>hWEz_1?JsMGD9s3FCLuK&Mr>Xf6O+1#AJf>r1@zcEoOODP=_F-;qfF>v06tGt{< zf82)gk(`awaXeQc#(?a^kmdW#F==-nIoFPzzk`AFU4)UMTs$b@#&0=7rc&NA7PasX z870l{E$Cm{GQ5L4b~W#nH7O!)$5$%U$6IL{piDM3*xp?#c+8+|oE!;_LR)_Hq`R|Ys z^M3xMKxe^kf=(;p`F$Fgo|mc#1grFx&e)Z2B$McmW!&r*48O?TiMELJK zE?2PqG%B(og&Op5$uq6>6$6o$ar14JZ|~QcKmPqH>{rTf?ZxF8v(IH|`_T@lMvqyg zmsE}0b^I(atnuU8G0DX}U)kFE9kxGm!-`=)|7wIDYlI%0h19c$UIWs=d|TkxGDdLq50GOTD^ddDlRs;CS635# zUIDMz{Qp4(AF^LaM}W<_LId2A41u00Q(~#qCN#zjayA_{*L@v>sj^R_)l{6mG@2K-l^mr zvIVzw#cN)h8(`P%xa?tY75gnSPK61y3cY~e+#i$M`}~>zvt^Q+$YfKv`Vv9>=i%*L z{>-z3)muQfB2jqzz#31~e}lqQFm!h)WcMue_RPJ0s|Wv|#w`T2`8aT5=XOG2yxw9pn9ewz_)-%tp@FBQm16kI+tS$ z{Tt|W{P6eB`aHWFTJc}R*1l%_7X8e`b^R@&;?2gN)?44(dfdk3$_4xFhVS|Z;9oY3 z+acVxzI6HX&E?P84cpaXD4F|*!;hj@?>C2!3flAW4}y>&kcY4D>B{_Q=Hd3`mX3m7 zbm8^aLiwvp+`gxu?5r%sTm%D=fVc^dF@hl+jN@K?IYTGSndLqkRJ`tbkVjLg7=z}-#9 zPgWCu1ZAwhBBLCNRREahdNzT({(H?6a|-SjA;=bz&D z_o?`=j;*(uo!yZAXe^An{cFv3Rn`S`ZL?j0ZtLBBG1jmCti`XM>nes^R)wwuHy-dv ze;=-fG+pm>jZpvFpTGTB8YnBZxVL)#*~F$X?DoQ1`9}x&@5_R%Hj2F=fKJ~G8eC7e zz9`$E*gk&Yfi=wEHmZ=BDV9Gp1u1-LZB=+3tnPkWjju?bI5QMX`djqZ+Ovw^{L=eA zSXCt_$r#ozuc#i%q88YSY8uUVC-hvY@QRkN!+#N^WEsZ~c(Fu6msnWvpgkNjwQ6FL z#5O2hzKW)^8x;Z}YQ#KQ2QhigZ6fJ%W57<1{r)G_9fJwwqA0Ur1&^0hcSx*gq%q%6 zqSWs-R^bHSYlOzk&-fq9^G*(WXZMI!pP$YhEBy$#O4=_vI3Q$M?b%3WFYP*;>RqE3 zg;JyT-ln}%Tvy;~qp7(p^wW`K!E>DRgr=nQ7VDI`X~|yIB!FOg7K^)avVPY5ku-xZ z+gKpNM&1THA&A&NlXzD?Cf(EdFJyHavfaPQF2rgJH-#x z*CbbN?zsf57guD1Rs3dR37}Gtn6k9Y5qkoT@LU~3QAy(GKU&rq$J^^l zH*)&lqml8w!xAZb(#$y5lg6@YAfHvLgVDxKauacC83fTADz7<7e zu2<^3A?9Xpq4o2VBv%;>SS6F%)s=tSLbltv5sB$`zg;jIqvg0@CPchvW}sG1p1k|Q6=`m6ZtcM-YQ5KijkWeM zXjF@tyKjfpxKp#atNG3kBqx)XdBU@CRd1vZ8EM4O{0`b9N#Q4plv4S-TrK+yxdb-_ zomA{Qy;>iZm^janj~5HqvRl=M=oCru_ho17_kQLJd5{Sdo2q%MJ@T=Vy_Ri%3aG^<9lqRy)m;*&%w@rKVQC65n2roRBbC7=% z4B?8^eEoHM-`UvEeN|ai2qaeD7{MqkccHBr3nPgYAq&Wo#wU+$go2}tef|R#Arkng z9z{Yq^I#;!WMR1dx+fg;Dc`V!m_;!ic?wCmc`ZnZf4v;FyfFgn&x(aOp2_4IIRa&3<-!Tvqyzq&D^fGLc(xq%7 zh>})b{+#0C2H|B1gJ&tSgQ}D8v26i6!i#)&`zxDs+PHtGr4(!`D1zHmrBsA$pG>Hc z&)OOHSm`Va{7gXTymzrax13H=DUcYrZxRC~L{^ zE-0UK#_vWQ{u@4#Jy0;OmrP=lx7}QJ+m`;hr!qFmicWcyu%vWJ6mU$j|4AuQ+QFOG z4#5F`9=>){DM^kGg3`e8guO`pVC0PjT9f96vw7a1@fmz)Kh&QgA~nmLU1pc>iZ*hn z5SaWYSMw&~7!RZ=fNg8v>K`4J`*6RpQbQCU?jh3X$rA0!z4_~9fC@oc8g&D-1FPm; zYg@aI#j;+&p7>x5gU@70x+^X)bL`i!t4S(6(X5`;>kf|ql7o+AUH{_$Oe<1Y-(C<) zuY~+GSp$4!Bf8jDg6}*HP_qtY4LQ%;+IUjXeSN9;p6gGr!VOs$2yhYzrB`_DLIL{d zu%%c)$3D0fcu;fsv~%Q;^<1yw>zUvB6(4`=mP8zT|IhQzPHXlR@NImkeyqarlWW`h za4H{?LflC`TXmC12lhqt?=}yFEQ~FGs3`O;-Bh;D!#6y;aP#wIWoako^V1dj&m#Cv z;jB5Oj38{7tvN7PEs$GPVe2A_OWRX%-kbM8KREUiOedd4Fy@2#kABTbam$w;NqR@l z<*+bO$}H1%N8!tlcDjFd4Wf%J&d!LGh!5D5gJt;IHTK3gInfcGj35lO=vf1P$2$3^ z&RaN>M#+8fX_q}Wc-IWw`V2C0fjxV_>o2%|@`-_>arX2p?SjRLaPlwXpTXmU*9kXw z8l`k-iP!%u#D55tO@aUsf6tXw4ty69Q=)CCH=i@HH8)A@m6wQvBg=C6bI-?oA9(RB ztL`Q;$W@f&FvF*%1hd*Mt8?12Ro+9$N}@XMGqzdSarR#4|IU;j!Vk&}dBvWuZFO(k zfNnRXSd6&<9~x_>4uv?R(_yO*@oqn%(au-SCN&&tl1*ft01D`0+tS zW|e%L?}Xs(;%5apF0e#x+THyahC#t>cmw3ogg>`BDvkpLvDyCaRCzyz=Fqmb#}y;q zuUth;;L)9RWO7!gl@(lv7sR!>LNhTc$B{B%q?*h5WqX$#?wqZXPLh>P{Lwokz%xW4 zP7?%sP9%0Wl4HAN`D-{MOiBK*9UCnR^)*?QBY9R{qu(tiar%wp;Y#1^%xO(`QL}!fgoZu=D1TZmWAF#w<@j5r7xzAjGGtLdo6}x zbEafl!&8<@+*l4es{@io0{aNov06wAQC9j9u>^{8^X3_IX9|$_6F%`-^Ur~uH~&T+ z7S?9yEc#;0w0ClSYUyCH_ND?+G?0F$pAENn?-F3l#+XaErx&eQa5~!8?v_E=^5@J z;eHzQa>q9F$S{2S? z2yOU^k1|xuC2Yaof=7zr^Rp*6d&%45*jZuq1~ z*aNU5U)_HsbS1MwV+!QZl&og@9r-8wi+gj+ckj~wwqlj$JdkHUtu=6q%XNN8?wdE_tTiS`CeIr5S(y47yc+bKox%GLCL|55_%G_mL^vu0f0Tk z1n>qWC1tJV409h#@{X!g%*D zHn8=`#FYjrZEfv!7#r^50tuD1~_5(WU876bpFzwkNTeSMi zKl9`1HK&{RvG(T7^=Kmy3}JISCmjbLEwnm5e2`P@(B#uG1kj&{$>&#py@I_<>*#%b zuHVdrE6MZa$GW(n=ts)9X1`(lv4GE8YHo$3&h;cit9dQrdB>t)OTediZZJk0Jlr`X zG(ko362g_$MZgJRRJ*A7b;OVygz$5rgPUd{4B$IY0!QtFW20Kib#%nbez2i3rjxzK zRcuXj+QXsZM^!aryWj274Od)S-RRl2=@G2H;9o#a=+lHR$fqekpv3|>jHnCgiwcUI;;Wf z0UnAcF`c9eGk0J8U#ETHZQKg_-f2ewLXpBy>X@b4?q$zU{x!;MjX8yidks8V@-;@3 zBE#$Cpvlma7>81a)%XO351Sl9$J^Z#5j?@w?29a5CfjFBSWT5N zk}SEPN;cje4O;30gNRsZ$SK1j3GzF48p-@0R(+XLqvo{P-3U$5yqGw%%H!Bq zokD&Jru|uij%?GAtd^H87z$aE@BW(P-n%|9!S^xdTYP8;^lc&YRi7G5p{?vlK}zr;8w6QESQ=?{GeE5Yop65A{cWBb%dJ zc2Y+8;ouMD=D9k(Q?qAb3ty*D5M9=tc)`(pgT)*oG;t(x07QgZXnn;`_r1p5XRX<6 zvEQu@_PJ)6A%P2CppHeB;n5%KZlW~I9iGg>C8c`$1jyP;CLIAG18QyqzvgljMoMrn zjoR}yqNX`b`f+X+9$twmmV~4)3{tgKyWi|!hvGonyxA{Uekhp}+;FJ<0CW`c4FMYe z=1~Y^ZEGupW z`GrfkZ>hZ;vz)uF*{NK1G#1ndUK+o73px5_NAX@ZGRnfv*aYJtns*4o!(ivIA|#xm zv1a<>wx@{+>TwXN<4$!IL~tZ!pv9AR3Us2;UPg}~u`fw#HqxRtJ9FxuJy94RXP+iLwK<9?fPoG#l>-@_ZzDmb z(CG)>TG-UHFYDd^`T2o4I5-eR9#nrg3Lk-k)YYhYR74GDS6GW+bxdwhP8H28FLytP zk~Tlc(M@xqYf1>5VnA=}DS9SECMjt`%y0xk^eheBL@W#<7BXAgqS!SmG$N~rKzK3Y zKHfhCCr`BlKnH2w5C{5{H&`I0#nt@4`3#dGd#NR!^5P`e|JLu#pEiBLyJC`3OBSdd3a}G3Bi9|PulSl=|iOTpv&xY1!Dxx1F0c&Lop&6RZNEwK2H*Fb=f?F5U z4RrdJh6cU}#ceOk`eB(Ke`aJ;Y%_QF-P+pX`*{**<;*&ykC@AC{?SlcT=>-5TE5M| z55zKLZ>@z53=Xy`cao;ua)@|`x5u27JbD7%pDf(p9OO~5-A|$Kv@MZr_DARr3pBNO zG^>Mbq{ot2MgefOcV>~NB0nmo_4q0zOwLW3+vMMq*8w-Pae1~5AYFd9Zu>mXqOEUFsJyOnZ_gEhO|=~p6BFy3;lit{(5oc&A96U3 zXZ5O2@#;SS$SJ!$T~%03y4?xAj*tbf-fj#P^d77_oNumP<<{TkhI*?V|Li(xRk)Rx zzCEn@C!{bR2Kq;Bad0s84~RRlNuupWf1=0y`3Vn z-jtB9tJQ`CRO)?Oc4#W;eB$Cm&|4qBaEs9G7iv+uXGS1qF9lhPI{H$ZRtet@8wPYx zWyAriHk{9Av49wq^({eb|6}JLvUdvt_;%Y&$E1Y`oS-F~LL-zB*5 zicRW|&(`h~=Iwi(o)0?KM2NTz;nk$UT7!_9N4rlh5-=aT+K&EH_`~c#(YFizLVmz| zG@&jHLOZzKg$0=M*7(W@zI=Z0LU^#CmO-9CxJW!-E5H1UPqSb~TSqp&4dGGcyrc`K z%CWXkVs>_)SP9(!eTI|4*|Hl}Cj}CV2RHA@@*IPXldJN0fc|{_M>e%2pO=D95({Gl zaehm1It4+No{YQkZ0%>^@hefcoNL`3#N;?x&!-#dkdIf z)Edmk>2rg|UgbE~{>OMH9+q_~f;uZb;GJDE1zkE?$eE|h^EL(fcUb#AZH&41tBzEz zm9w9XetAns^Z*D9YFoCRtSvkm6>Aj|6>7ZM2r}G5?8J}El096q+C-F3{p@zb5<>dv z=_z+H81e+r{`!JASgHT(-zZU8`68FTBkhK&XrPZS+{Z!3YgTUdYf{e_)0s3f)$AoaYT!R&s&LJ?!P zvBp^X{~F^v0F2kYx!omSYXZqSMEFRHBqfY6qxuCFnoQH4G5Y8GK%C%&NPu=n84&ND zIr8(prC`{h>}tSqt>4O=fn{DYV}SEm_n_w|KDBPQ4pnYD4mju2+Hu5di(R(@^~jvE zv@gk*|8)jjq$NKT9MAqbX7F0@G|T5-)0;GDemDeE^{{n?KWzEX1r@W;3X1IZ$kHc8 z(|cb@iqiOG`B~@4%Q8a4Q0bk|IQ1e=BMCg_=dRvbSLq_e$W^I@UCU?z^V%(KJmrMG ztXWH!7y&8J@xK?6LYO~n4|YJ2Xmal@!*R2*-fL(g8ym4hD~D$W$b(AMWOk9j%>+SC z5Uz>oSvtGQqrtCo7O)5E*HN-49Q)Oafu%T&1Ttv5zTd11>xtAh_LcN${he{9r^Yky z9O?E=pKOZjZO}VeC^##pC7GUOp#7E ze~eVkYw@|Co-JMB;UR$R%#mNNJMz+uZ(7+?V!-5>^U;y)hzSg(5xjd_{J^8ZG0h{n z>eoq2!GC1cuHM0==68Sobbhp<)IU}uad&fn|6o~-pu3;%?m;!%GG}|mt3l%|VRNPT zW(Q#-PD1uOU_vZ-AeNdA9Zop&^w@!RlYlxU3vMNuVIwP@^Jd(%NFL2FbHdsCy-irS^b zUZsSnmRLb;Z6#ERJxeKSl%i_%z5SlwbKdv7{>pKVoI6L(_qx8<_rLS3h;t(vLRzht-vy^LPmzW%vUu}VowT^?4=wloWz88E?%beDX$uiLBr z$Z#s*W9Z5g{N&cSIqm_C>{6?56z>9V&Hr!MW1h1MID=s!UMDPJ=d6%qqJ=*dgk4M`A( zZ_%aH(8BDwfyAuA%248``!HMNR$USc_{(bOgA_G2_sTrgQtS#KE!)!7Hn_e z*Ni9+jk~U0B%84F#Tn-keM8z*Y%Y5YXuGjPq0wm33`gFVND?;w-e*nT7}|6_pmup> zAhcG}lv@oS1}3~s!yHrI_hsU>f2qt;-;If1g~|r{%5_BWQg8j-u#~B<5xNMYkv9q2 z8{?GNg9|K5l#NO8y}1e;`2BXe3c$VQG^Y9I*RZa^rZ~+vxb*8`-fat zgVE4S`7VPms^Kl>tzB$+SxkA@mf+Dx@I(csPRZovQDc#>a;!SsCcEXZR_;E&RTsk5 zy;R@#=K5&)h@G;KK-kY|PgQY8jX@B6nHyTu;GP+6dPn3tqKfbkzp>$(_Q2JKaS2YZ z?(Bh5d^MIMDP_8jN<|sMdgSSk09N6xb}wP*sJUPsotP*k3a9eMT#L6TBfG1mpY_m2 z0kTSpOkIIHX$4A|CjJmNLObL5G`>-ICtKbAso`>v;QHahu@q6Ed^o0=kDuE1&>H|| zrwMqJvc^6ik770w)1xsOY6=8%+1_fq2p@zo=!)UpXd z)wrhq`~)eacv;3&G3S>zzj+gB*!U8`_pL0GmZZtXHnavq5?uX@-?LO7m4E9g%g}xJ zkS9ENyCz#uAD7AJX#4j-$@8w`@sCdq?&&frk8$FIL)){2X=%M!GJMXhfn@YDHMR1+ zp21g{L$&Mpmgd);kz={D0XgL*W$WqvcW0M=o;-gUmn|#UL+(97BGMN;a^}KLu76h+ zAGGKj%fmdZT3ic|d(!SJLE}Syf3sy+R(vQw2!-SU%InsA;*r^Lo$*!2PuR4&;i+C? zy~;TR8Nr@me!+`Uf!oso{{mKyEbY(E1iHLAFm+ge3mr1TP*Y#;eG5mfc4d;nY+Fd6 zMRhRJz|NYt(v$gkjRMkIoElLB0PCUdg)2 z%afHrK5Bk_0V@pgFx}pXaJxo8QZ*n zaTFlGOV79HC$>iEYp+~Ys(K79r&~J--T&IARF&70&l>?^Aw;1bG=hb?67yID`Cx_m zuOVB5*(7cvCOeH1&dVkVQghCNee5LGAAiC?;9S`sC?f|Z{xQeNk*Y`CE zoL@`-L{v_T4Clpz=_tEe>ghpJMbq6(TK!aJ)2Fs0t^0O?o6S`?P_5i&4yYe=ye)24 zl6q4Ue)wKWlJcta3oZJPey^b#?XB2}f&gv`9_NqLNsb$4nX|CP|t#^O@ZV<4h zb)Y9m`iw8^gMH-5Y--BS@F&oCbZ;tAB_5(tRdy^Y;q7ekrxW8LYq+bWk|YUEgD4Zl zz)_L$bReq)#6>l~XuN>kqNR30uOaA%Jw%(jXnZUH&kNVP*f*tuCTMVQ_ua3PrySih zb}wJ4s`I6hb&W1UY5Z8=_^2gd1gm4=qKgN?Iw&ZhPw$|Jm6@TbN7<8IbRsQrnC3v2 z-%K-jyF}i)b}4FVuOaGfx~ajua-2&y-+ZMz)^YYzdmj3VxOsO(qLs1!^LU>_f|7=x zoh43^&rh}D0*qRRTF-#?rmrh$*4IGuGw93yK=2?xD$Y`qc%b`y<&_{y6fn{=zDNJG z&hfux7tg!h+GzLdBH1CyzAG6MbgzsL6_}MYKenq=DJK2Z{W79Y35c{ zBqFogR*eN47%WUpFUV*Kdf@5#c-GD1b6eKq^46TuuT2?wQR#0I(bMJ=&ae71eC|BA z^U#51izJ|Xf@C3-X^OF^7@>@pkh!*2>-@*na)hefH>P4LJ#B8TlXwA_;x8IZ@`3!m zAl8EN${YiOToMh)XRyj!W|@M%VWh!MJ6_^V!d~xpl(%QI{6OO37EAf-FNpgZI^~nh z?M|}XYLxGtWVMU^>IWMFTar+R04Mwo{x-&fuVV;P%}90xI=u z1V_AH*Mr=+{kJd*RN0GDln z!O-?Ao)_NwN`DqAQr4Mch_JSvncNKUCln|-&X^hyHXH6Za=fo<&XJKJ+i|QwKn0bQ z#U2zQ-^ooEyQFtk)<)jk^`!r^j_OvPA^ekg$+`%P$*!Q9(dhTn;{A3K@LT38ca#`J zinnSCXOwLcKHf;dHvmv=X;B@})89|>5ZtnR*`e%TQ6XMAudh{X@!;(FjzOi9v5wwt+nMBLbSPQwK{R$LUoV~?@r7&=B zm~^jrMLIwl+Y;sRSUwOOXQ<^&22h*B2>os!|GsI`!M9MlXlU9l+}KfSlP$rK$Vy9n zsC~!0;R^T0!LR9*_S1afe?$L5U6n4Yh5FR-toIPJR;%n%Hv<@c4h$$I5N;XE8_~e- zkqjoG76va(nO9uoD0bwNAs>nOwNw@;TtfucFr^e%?!Tc-r4g_)MtAw%t%sNNIaV$c ziM)C6<`CDmaRXS>5Lw^<&BZScGFtdx-+mF44LY^<%E4+eLa2u$%kW7}G4!LTh}}!R zRii|#SeNolC!Key-AB#L>Z0k*hA~C@D8d+mWdKeOFu!>5W0xEofOFBX@F=CDIT3CGov{(#LC1cy-s_=s+)6Ks|#!9~e%29UhP zW2QTkD)1(P2P3^Z{dUBv2hW9Q{(Autae@92C>_NiMT_sw`u&TNM8C&D;wOI=cw#M6 zQo896H}a(FUQyJNyhdatHQ&)%Sv$tgN;N)^fk9{5s*kV zkPe6j1f7U;K1j>m4j}9!#}S^KkV73&ExyG3YpzI5HmIfOuKhdMOLOm1=a25(1{8$&b z2b2DquatmbiW2JJkyn{71g$67(|80fx~EuevmE@neV|0n1u@zYX}=tHx`sRdoT%$` zYWHp&nhOZ;xV@A8WyZjQ&g!mG?*dV;$vSc1yU#ldux(Q|=Y`+M=sPckVV+W!?39Z4 z{5WD)=42X@V+z&V(K!5)%e<1|OdHp!!-q_#J{gh<>@-JE@aH83-jfBHXGpO?RljT2 zLR+4SnkoEUUldEYA&TBP&4K^>s7YJl7@`JjOU zj{ih=we^1Pl$O>N4NNq+!|JBy=LBtJgn3{OT;O8Amo|v6Bzgr}zJP&XFl-La?js(J zv%F=}PZ->2ET6D??`@6vAAX%e5`fGVDGQ9D1UFj)f)_zYm$H^d^5hHZmpeZArq))A ze6eosuB-RR`pz6|5Op!QkTxEoC8v2LCs#cFa=sw{FEj$^xO%P^1ri@?4U+Id1#8{x6 zN|m2Rd&*7kH+Tg4H=1(OBst@N(jp-k_wD=YLlbtKjUblt@Qml13_Ef1_e zww(VU^7Ai%q&^(~`4rH20ZnikAY`p-NpA+YeC#;^aE>|0DF3kwyCzkX_lhWhi~W0W z&GB+p#@ zu_t<}oNVu1$o|8nZr1LRS@-7tSX%B>K-<`Rn??0>;xJ$I1p)T}v&$nv4a){vQ$!7DZAOVP#rN3_(t*`>wP(Py6I`QbfrtEeHEwpN z;G*yL?<^RzoSZ=8D7f+d+Q@!-m1|#__}5fA38jh)1_*jfWsO|?lyYL)>$ra!Ox9p6 z$wtlV9g!&8WFY3&l=-c0wa0)Frag0ut7t8t#64SRXX`z4E4*#yvf zVJZGhAPe!VQ#xaux^PcL9O53xN4E}BiSpgX=}|z^QLgSBlFw*&9N8*sRZfC~z9LBqFB=qb{Q*1}0J7-VJ(|5GoKqcPk-^s)KO-Dm81}x4@=5 zhh8aadpkAN0Uw1(YlTDCtI;3zpu^oVhY_aKAf`f1FA7GEN8lawAjMWUm-9@wD}l#| zT339o)NgU=reDybC{+vpHRq1PE5F0vpQR#-nq5JeRfE+lu`;}K8j_Av$*v|uL23T1g|kVZl!UPq6|<|j1`8;pLv z>t0|7GczbB*HtrGTKJ<*V+K{k!Tgta#TgE66-p?v6=*U7S6qa6mPlFnG%+eW&D51d znR-1!gUdpVgI_|Dikg=~tZ$eyLZl-C*1<1&(1BW+w$dc--2ly4U8W+m6F$`SSM5gJ z-F`9t>uDT+(zCu|)r3%5$~b3;=|p{dc&PuLA7L?%TF}WdIiVMht_7jY)Mz_+b~)h# z^l?D7bFy||XQt2R&mm8~%H6?qcHHdzP-FbusE>jGLhL0R2H|6I&W2^c0xw(H@KHk0pSo}gcAwD^ zm^kS#`RdDJjlyypYOe*7W@6+e(wUYpah)@MZRTY0df_y_)pjNUC>dp*RrPCk*QiZk zQHk9tP<*hT&$5bD-r*tDJznKL@3HQ3m-Tz!88wr^^GZA&~jaRRdR(D3NlK)0#-i3YnP+*ZdOGyzSPzr{W(xyQiAeL(N z=F+@1W_VIrjy?V0vbLg#zNuP3x--qTB(=xi3Id zW4RZp9~cC$Zt4bGXm^lCTp5H*5`dIHl|7*s6Nk9O$E)UQ_O}7l7Yv>=GHxEr_}XBd zjc|X3QCy~?2%I(+Gi|c5OoGF#J!SQuScqapsJF`BKY9yH?8qmwXR+tbBI}y3ywsv* z88tC*>4rl}Tt~`PbWTrxCZ?8e{@z*=1{!-Q*HmOex_X?Ps$6b793OY8x|~pt7j@L+=SGfBoMmyorkTm1OkO;i1-5Nnlo568gO!I+oNjz4*zrU_XA?L^6%%vFaX zM;_nIsnDE)G5hi|qZd6dcj2Gy-&s3~mMI3wSHG>vY4~o>TJFWJ-ud9_Z0Bt54PHJN zq{@sJAujHFXE7(vE3V{ZFg<^LBqS@4ZGad#vhuXeGWQ4xs6a>Ty-)r221|99;CIaM zET)tSj+fq&2IbB6zq-9s=3*N_ylI^KyJWug$MDw7E2%zSX4>h?W-^UD^~GU|{KZEz ztF#a;TSicak&0R|%Pv$xa4U>yYdElVvRt`Tx7CRzuwKUr$*sr*l3p!#?Q3)Yc2M;K zot>Lm(BDba>M&9;9D;)V$+16H#-O)Aa|r*&Gmz$0|47@F>CN)77HjdW0l_oRgE`ri zhN>G}?R^}+gZP8F!?3}yzv@<^pQ9G`cK?3UO=Ffga}I?KUo&7ZfJng99ipGxCPFUv zqBJNes3SS_AQy%q4vF{m?mf_`rzB@c3+a@7LEK5$JZjnw*~YKrIV2wTTZa@9R;y_1 z|A0c4Pnw42T;Iy5_9HCEn`$oAhtP%jOgDV_Blp$d>cySX0uopEJk6G@UsAR@63Gx# zR=L>P`F&jMclnOWWDQStLMg`%e{HCy!!K;}!^^*PM*RZS-elf!drX7*DEtDi#8OAi z539NTinBuT0Rw#HqLB=BIckfRmewYVvraF%nhtvHUdRRGi#U8ni3c+kT|Y(xZI@Nr z19bPbCK6n(7>?+QuV0*-R1s2VjPw3j8e)d)Vm2{iMN>v#$wYL#n%iw84&Q}>{JQ=P zM$P83#LG8^=rbvgpZ>|;F_VDGA+>PKhH>kf#V936x7)ZA^l|1l5%CZV^~Y`tcv{uB zP?}UrD}<33v^LuOvNvn>cmJ@C9&Hs`PUDdjex5m9h3{N1yjWZcEv&a(LG@w@@mj96 z4F}{|a49+N&Zes0)A^XyjD@*3O-dUvt(o-5D4cQ3>?{bo?v)}^GoXc0+qx$c#ZqVr zb)Kk$biS($ai(c=?RTthe2L$8P47MAucy_xdDo@sR=QH|%_y}E<0*^bbgkyQS?0ch zsPO(B$n#uBGjboc5c`<(+m;9E61VzH#pRcnoI2)rPv4>L1&(mYcWx}+mM6|yIA;dU zU1&;)UC*P|5MS;Rs1khf-G`eotEyF5 zR&~*>Ig>9%%pa{MCF_x~(WjF?w2JT@@2|Pbdo$SDPigPAgeA#A^IH7GEV<3xVK=_; zvq>xD{<#0cJ60{CV^6-nVu^l&4yT?ZvL zdpY8{eheao!Dx{(@fZl5AJDjEVshF$vcG-JSKQIB(e%xoSJnqijCkZhOC1Jh?l8aK zwK&@S=Fm+0xp~+Oew-rcPqAs`2HRe6gb8Y`3#TM?y`S3A@k;|$AMN4;~`o8_SvtLXI(7qc20*A zi=Df3|Kt^xeb#?dcwg^bsS9#*Dlm~AwRSbl%7o+~+g-?5iD-N~xOd`xTtCM&70sZ6 zF{>RNj88|d%4~WzcsEuKNcCK3U=lr#zdHVYROV0 z8*NYTWrbrjx_K#%SN*jLmvcG;??pa85t$|TrZ*Y(i8xNrW7`i&?$-Kl6bt{~*?NA= zw(Bf`OFfJ~NKLm&&)236F1`7d2HJt*JAA!%wSPG%GtcJfMLtd5Yz)72*T|yVM0f2i z!^a0S&{mf0!?izyZnBrCrKG;aYNA7^Ruh3WPugDsGpGnI`ttIm9AptPW16PES`KhEp*`Ms{IV+B-3+}{he z&GX7uO3Ez+%<_DJrs;TUe9)Env-eFof9HU4T%9C1Ze%Zj^f(RVuYUK$_d2I~or|-a z9|HoPF;(j#BZkE`u$irly@vG6R*mIdsujh@^75i)3XJVe^N+j+t08*F3A24EZPWKE_D}jgA)t zeRSju2KEyFEK`U|^wA9Iz^F(_-@t2`H!%%?W5yk9EUYOe>+nQ!{f23x4KLP_yZ>E| zA-ZD4HZB3eGNW%{4>k(*%aQeGwlI7tB}FYMk$GD2<1dZ!ZDHBD0|HB(be+4eZ+E@r zupd#F#Yt!np)C(K!)c1;QPx3<4S!99-cEq7kY5;5-4*_sSuWMoFvx(Z81=R3b)$bbNNz8nuSoL1T7HWGHTBbHkH3LGR(gY1sn7Vp;e;lM}R!?pxR! z*v$7sh(rl?D1JR%U5?U{_hOi2l@^@rGFcz0-b2iLy}=x1wCJuD{r1Dw`YcO7HqP{T zAkUZQ1y=IiSPN%tY*93%rezW*N~lu1Ho`t59W^t_2t3@vq1gq55sw!Jx5e|f4h zwy3DdNEFXRoE==sa)7CxOqNW)Yxa9P8*jB}squQCn2gd5G;V&DkQ@1iRM!9} zjeB_98+qA}com=bsqHC?Bds0fg1#2I8OI&CN&{wT?lvN2@B|0CjxItpqBoC|cT^ZpHWO1~PN+N0GRonT(u$ za-@1jKNPU0_s>Lp;QfmEy)u@WjU7W+G$qh6K4#ah@4CQ@;1N$skBqf$GSE8>b@B!l z4<&vqe@fpwdenV1gRRPOp$|QoxP$I&3$SU~%6Y3A@RLI-rTg>jam^)(@(zWpmr@eh zsCj=8ZGMj#B18k#`0vXy%gjj=fi{hdl40cj`pZ6G)2yFdow>4#aH>1%JX`cp7)9N` z=X15+?TcDKz_Z6>rh(dL2Y%o*fXtFB5ip;EH^8k2G%1U^^SF}A23Pk+-VFUD9*g&S zH&c4^7@EF>#H7$FRey?&GJSI`xxD)})IL$9&%D4_@Bam(X&e9RO<1Note#RB|Gr}DeT@v`vXCg!w|e@kcG-xs5p zR_y$D{%pKeX;2E}MT4Q$T_DD-6^~`(nn|taN(-#opbV3o7w@wrOj9Rz-KQ}cKaF(C z!|PM^H0UcgV(s9*%*8TN?dI+VAd#}9S8CH|8B^49Niq zje^o=sybQ6JAk6APp=8FR<|$%(y*?$s;(9t)q6p8N{t{iXBo zNV%`iPhqcSLl#@$-13EmFzW7*Wk@g0-A^|d&FbiMd*k>z{UK6Se@n-;sOi2N1+79S z*G$<|gg_NGeVhN24)IH_FWizULQeDDm}0@lK^A}fWJb$$PU$!=j>g@LifXxM)RxH} z`G%p~ReI5(A^X*y-q+RE=pk?Jw&Bne#wDofcvA0sD%s9=tH{>mQBAC0sI0Jz) zGs7t`RC(a(C1mLhF$*h5FNX-2VU)@ANluD`c`j=!X)z*#c%N*+E6VIF9Drd z_GC?QH`er&{zXc@t(cq3(5|rHto`wC5E$K|f4vs%mBoxMjn1ER%T&Zjcxr{wxt~Oq zpG-#7n@@Z9_)i!oQCbgWo5&R+Yo)CoS6`?a8qOl+eVQ@GyR%uco1pbr+&ya5p4hK` zGUe9I2imq5ADVhY?HYv?XMa2;-XC*OixJeS#6G$_THQ8lWNb&CF-9+-aPrSP>m?3# z458}s{x*eQTem^d!Db!V8NxJ3hPtA1G1aErT*|TKHk_k`Jxsc!QIC~QLP(CPx%s`! z;;Qs~HoG7Ow{m)=H+$rb>AD7Zvt&u0vHJ^~=EZlDBuNQ{zu{y1HsS-l_J{G0|3$Ys zT)G)$X$-5$tip2nf)>h|fjrg=pJW$|lUY?R*5VSRYxK6rwv%|=!>XR4K`(LV{f}}j zZcO&XCxLR2@yZ73)t!##tg_5tQi!Gd4F#VLZd7{LGvDJ({hMs%D_e{z2;%5xOARm% zFVWYq-kQy#Dw#Z0CdX5YZn6@wv^Nq#;mBgtX~?!JykJ7?C=00k6E~0Z=ydsQl}!gZ znw(Z#JB*066G_~t`EVd|_vo>3&6Jh+&^d@vuk=tCxz&4xjsB5zwHQ@>=*YkI{9x7)a#%$g;uk}dS|ZUvZr*$C)tZ| znJU?*9)@zU9M@%ENO6b+*sS+UWFewoE$9xM<+OCfFl9>!8lC;X$YxlX_JOW^B#8HM z#PpK%Qd>r47vz)O;qJTaawQYY^ina9My5UBjC|F@2Ab;|w?8>&lJ~0uxi{d*oj(N9 zwR2vQXHYj6i2L+d;>Ed(9suBO1NIL8Y=?Gw(jVq;V^*GF$J6sX4kuqD(n%4jW1Ar{aqYnB-i^d|1kf*`LzR7_i{msWXX;m6Qa8EGLQ_n)hgXB3gX9H8T@tRytGeH z*yG;}U%Q?jL|MW;s`g&!-E;>w{-TjJg36xn0xBSHhpm zx=CnEb+M#vpc>a|Z`){mF>NFAtpTH)RGgwL_kaunV6M6g;~v}JX``BiR`?rR>6Ee! zq=|cSj3dXCpU!f#k9@zasFb_L0_}KntwpYVkfsFg%Ggd3L>)6OT=ACghp`oKT-pA) zo)>!C&}u@wWJzU>o~xF}kk%McecR<7XX1=M-a20;c90lXf$w0j0Ik&fmfT1Y|9EXQ)jL`!%%p#@Q@xw(O$!BE;Pq7B z!LrvGEj7Yg@^tE$Z28)r4r&ax@}W67zA&dvT6M73e$aK@E<|A~S+QBT;RS7mNtyl_ zrSU4>2G$3vt5)Que^iyLo0iHPharQxqqC_Z6AkF|kEgN%C21Uy4Zc<{(Nm416|M3m zPp07?82;kzXdX+8S?i6^0<);prr_b$LW#i|^MRVeO;NUooB0!K%*`}HQ1SAWK6+mn zsS@7QB;Ea|r$w@yO~GPib~a)2p0dD5)X_nbm;|(P%wPN|wSmg_3VvosvQkiczK4bKd2kuQ)z~Lq4wt3aZ-S%}yU zk7aD0;d!R9cSW)%eVTio+){M(H1n_Pj;dSEY$^C;JH`9Nm2m{5M5WPJZthEW-yU2x zwla7V_Q=(tGa(f#gSYs`SQH?JEao?CmS`Z);OzlIIHLyU!EZU&_Sss*t{Y7ssAT6p z*{}MQ*c1hWuBWOewLk8{4l5Ub_VgJujLn2f1}m8$k%C3sq{hAH?JLiz!pig%VV^uO zbA2Zo{8djFiwE&IWOO9a{`3%Co(mn>Pop0!G z__KfXEUR`FqR0g84}qbFfCSZU8#`O$q-(2%L)1e6$~qY++{J-p6M*Q;__M(-w367-e(ztY>V6YO`kLjVV!_MnJw33V z*SW^`je0wbMBR&XjAa;!tQxdMW)IvXy#|}}Rr_8endRdXyWxyC?XdU?^QJ(X=MH#8 zji;e0LpsV|P6#eX3z>xP$_-VV=e9gD=Y`&Owk5!VXAq({3!LQVXY{#G_UUKS0w0ph zxUvpa_`lP``M~+G^R1JIhb4bK*H*+DXMDc(#50BOL^T3?Oum4Y^@ zN(SRZ^pln+7_F2h6+`V!n|((dFL1W|Kd5Z#l-*?5k0Hr_X78LzGdJdva8&$&&3-{m zlV&>NiG(?#1TwGNrG0}5h?g%zUcx7T<=kMAl8{KN%dO=9qVN)~&^?RQ=-d&i8E}@( zngS_HvA^IlVnOcE1qWcTRhANR|0T%l%NH@zlXiImuI)GUXgPDBOYm5 z*LNpCPEc6V-hK_7*8EAd>P2p^o|=e*4bFV)$7&siy+lk4?dW|=d9Ujzkby`Qxd@vi z{S#Tn`jAuCXYYECfDNnJjb_Q>4W;-_@C8chhd_Us8&t4!0m=LE6jKUdMsdBGCjz8RvJbOg%BYs>AYdw(|aV zJlMD*OU=varP@|yN`ErxkckQNb7Bj2;gh5F@BCD<;!cJ#HS1`?3Q9*E;i$tP0belZ z+PY^zHo>BzCPC7p=~`+m=$k#uUS^&Ga9S3nw9XkD21YGtyaLPSSX-;MxI!dCO77uaP&+xmi;@az$|hc4XJSJNQB2Tn zmEQna<8rJj$$(sr(mUOZ9ACc)LUr$OFLOZ(-n?E!>a4(Nx{WNV%`y97Z?FpNLTu41 z{a3SFEFlGkC6i}fyPa`E1yA)femY%()#y}g!6WJ)1YV|ux{zp{49E3tlHauNc(Gr< z7)eL8^)b!-V)D6qdvX{)#Y;?#Rh5-lg``K@GL9m4ISApI_UPg(G<9G)wDRgtFKBF0 z5mqFc;X0X^S5euighmaog;V%A(L$-UmJwBw1d36kQi`Uy4t%C^vWS0VGYZ(d)gGw8 zb{PqH^r_7Y(pFkMkdcoZu@`6U`(8W-i$+ML`J(%JKUQDi%ayVibR-s~8(c7}QX^zz zyGv5u|q9iNZ) zDRCDrj`d!S6f~$;&WO94Z+7TWz}CNNWAsQy>~GzhyJdR%Ki1op#;x&zCliBinF2vq znT(M+2`j`wxNj<|^jC;#ZkZ)QEQ>zt%V*~sow$mJzI$s($IE>0)k)cWuz~M4RwbxW zczHgbn&zi=_KeS8lmv_NO9jpv$y1vJZaF1XCGW4KLbRCCo9k`Dx6l4sf3B2rx?6Y~ zP_AmcuydN*9z4#3vhP`r`y&kLiORkm@qveIA^od|;b+UM*Mfc!*G@gcL(Q^g=*nuj z2SVSW2?U-J7xl!Ybx802Zw@W%4X-Bq6*XxW&VI~56M_M6&KQZ&Al})+7w-}yP%gJA zPpehK{?fBto1c!NzEQ&V+2W?ghlw?|a&uRnD0%O#zsd5WCQhd_RV|8XT-oXUtaX{< z`(?@F)?u4lTjJ3I`d0_oc}|8#m`fkA`R&?_pd;w3HwJ?3x_4pwzcu=w9^6Hc1pQYizYnLI^}p z^kTnE)$c}?VihE~?~NmFa*N_pKbdW8ZPj3_D$V#y07pAtWf=-5sv#<*VKi9d?}*}y z77)*u$#(a}qV*o)%p-{8-)=oC&XP!QMSgkR_AtY_S*JgdBP$~4#T-~QucWAB2gz2UoHjFHax z`%gp`+lf%eY4uh4B9@IEZc{J*i?g7Ggh!_(L2%rrih2qpIh?w2$nKsIxLztq@k@2G z<*cP1Rz~Z2cK%`ny!%r=xMtZ4#XM{r-ry2V>E(KBU+#7{L%v{Ol$@cNPk?mN68}o` zO3lhe$LUmED^E2B23}@1%M_jT2=kFon5?OeyYSGc>7mK1a-GxVu~Ta8vc_NY*yNaJ zMsn|ac0?Zun9b_7YY`vd7Ozjhqo$v@qo<@7$GL__bb38Pdu0QaD>D^A6`YM}N>0z# zjoZv;)u?N!%w*WF`iLOO++PqlELAOHhTLgzxr-%nu<|W+tHy z^mfQ{^PAwF3VL5AYQBd}sH^4x<|fZN9;mi4F)^Vn1fn?{z`QJ=hS2O0Gkv$}nntIJ+@)LHr%bcu3n_1M-Qyk_8&g~=zN z!QI31Z?~v@AZfOe4?R|@`$XM5q`e!nCr8zKsK4o~^-c9%wvAPJxySHQZGjhM^V%}Y zenH%ez651%2$cmyHAm|xsxk*+S53j0v!0QyvO9hl=m#oQd zpO+&p1xpo?*2{Ik9_BtDzXrS-meL=A! z9&_8++KR33b-;EN`Tdb%9IHcOxdCqn4ogS}8#@2Cu70f99HrkOz=y&a(Lbkl={nuy zfEh?!^ySeVxp+rcde7?iZ=F_|#!0uqEF|?qH27;tqtmRv{2HUHBrEkdh}sO+ zl)juih0|x~O+u?P+shRm;#a&aP$D_xn2GCUdN#Ej(UuractZezR!YwJC&Cro#f@ni zL-;UC^kC2xSf47UkFuEt0tyea^;6d_T=n%TVhwZ_QB1zv6A}{QV2(qGj^{BQ-aWKA z`TO>`W#cVD)}L5o!yfMjlxeC2S$0zm2cL`{hV6M|L8iorvw~<)ckPW}Y10T~-H|*i zm#^>B6o~*E%A6O+Jyyc^3@XhSJMa69Ary4%woD&Z(JXQ}(9ihQYCq4kUv{r!$%wbM z5V$&RX&tg3Z`b5eEf}5pH+dHSWE@5mi7^-ITsB(vO6`Tz%vn)CotX@(q-yWo(;c=Ca&(yFFMp;JL0^#LD-8WL{V&}Ju977o(UEp zxu^?>(p2H$X%Q6cX^`fOuiPq(OiTms18m0q^Rb(SDwmw16mv}DDlKo$P$W>n`20m) zN96ch_d=pI2Q8}<2Odn0o$ylQjQU(QC|ZFoB~Ynea1WK~k7Bz0XE*D^NhB>#5a56a z98x)K1sK>T=eS9w?bbaqpiG(t?g#T>hc@eR9{@V_vuXFnwiTJTM@IlfIVJpe={c1W zSQ`es*!rLkhan#hu@BqUt=hj^fdJHDp}hCEo(%wQ_3Ui*S@^jx?|jb^&~Yy+&HYN= z8$8Gc1WQiO4xA1T4*}+4-#HdjSM>t`SI%+M9{2YQ+pzL%T8zE)EM(Z>Heeoa2kc45 z=ic%5?fJce!;`hbv$d_Qt${}e?~g*mcb7k%8!FBz&qGS&^QSEg>~L&pj!$`ZvUHBW zq+7UfD@Z-@S6ujyxc_jhe+!=%tpG=QgM}zh&_X1DuQ>(?+{fqFB+iatsz2V@#4q09W+!9yVj2M1GS07d)oTqP(s>zAGl zP(cf)CMScpL*_#U#2T&j>ux1pdJD`<9=5KkG|mQ012}Ux^kSEpcV%&tS58f+woUuv z^DExDuslCM|JmvIvs0j>5(?Z2ui3z}5Hwi`*{n$*d_^XN2UU`N?6Pk8Pu+aH%C4e0 zcvQk4oE`IYPKWSdDtI)u4S4jHll8Wj#!o9Pn~1+sTCUu(*6vTfO4wm$NB%Kn=#8m6 z5)^GH^`0~MkIG|Mzm>>qy{@6Fc-HA%W zy(BCJvBOSd(QjU^ma5A!YwSpiqIXcR zNb1HgJ*=`elrhsDoMeq0)<#}z2p~SWV|$&DUKdO+d)Fs4aP`l-*|sI&nHjvFO_s^? z5S}=RRclm@(#l+3RR25r?pkZ{N>=Gt+p@2c^G9PKC|r(itRdLp3PSvZ-Zr^t-D^QF4iNgOz1O}}1AF|D$)1UByF+#uPdN`=kvm3tl z85`@E3GUKxPj$crerTk`J4WY}GskP+U#3`!493r$wLGqXEm)i~ZCPiaA z=;Vd3Lq>GQjBw1=D z=A0cZt6u`=#qT{?F)b5ZP~T&Y*)Ck0D^@|r#I7V<~w`+Lo4X2X5y zmRgkM7q1{YY&zYok18%~FEh;l-lUMaka$63^fiWb_4ehaiY}X6N`*9CwkGE5(M4iL z>b#4^$X~nwV?L^4-|HW*K4-rj2aUmf3t};r7n*7AuwYbUUKI~9qPSohQ%6J^$jEKZXeK%^no$5L0O6i3Gcu4v&;B(^ zR0yOeAE45qO$&*Gj3!(u>G`>0#vYOomq|+-=k($GKf+OL|Kp(trEqnw2ZaLQk64{F zc%iEVUGZ3sp}L4W@$btSn=8RYtUt-{A)Yh+bp~25n&gLzdz_1f`&PmEd@9T-h5VgM z#LHO6?((9xc(kJRTkhR78n+mcQ;MY6&eU zf>pQHmw?*u+33I1fAE1dDcXPGLn=In3ua7yXi-i?~Mw!b}QTZ%R2!PdB4liBBB zic`_6s^Ou-L*=<;wGA@YG}o1i;o`KrYb9kF-+dJ5qk7b|nDQ0Fb|YyI06WfWzXb zR<5PI9=y?;!^~J?xr6z7-)Qu_uu~vDL-Bdz`v?vP7JA{5nvJo)L!GmRSA2MKL$%S7 z(K!M#z{Xrxo+}RflkpyX*sXU8KDGRM*P9uuB%+a?>g9}0HLico?^?>J|Hk{h!ha{i zDr@?H&fpnnAz5kb58=bH5(o%ZBS2Jp3PiZaD{-m^4ypmin~jYhJe$8~p2toAxcuzv z*>M*zoptUR1W3(O=O!zWGWOPm3+M8Lv!6p}KiR_<+0TBYoB`g3r^8i%JQ2tVKIsk} z0Jxm)^8zEVNEZMCln{jQwXE>UurnYAZqtS@&`v!&$LgrADhxFP;cU?LQ(1EGIUW1F z6?FcH`v8(BKmV#!$RJRRe3{j{49L?b0ZYdrV2}89oj z{}6Q+KvBNY8mB{P6zN<_K)MkS=@My>1{YZxq(MMhKqTE|7X)F6rG=$Ix?DoKLrM_o z5>W29|9fZdj5E&Y;Cz0t?|Gkde$RPYz3y9|VrzIJMX#FkiH^D3M~lIa^AsN$qIIl) zzACPCBKumR=4TUHGwAidK=D!L{q4s#9wb$?zdpjDyRuO>I8elE@Ap-5&wbdQurCv^ z9Ib~EVCMLqkWarNn9+jFNyo1f!Kpa|=y8YZGNA~PSHdYzsiaG?+%!cAqQUK!OHZ_2 z1&vf4lDa6^MS7_iXTI~aSh@CBli+scOD3~Yf{=X@n4@X9v$lB%+lbiR$GR zr03P>Y1BU`$U{GW#Z)uxeR2LUNL+G@NSY(NCk(dg^;R-$=WO-UiA%lSi;>|fSkO9W zB}@F$cbhEv)M_{Lncw{nI8Uc#o+X_x^wH&Py>@5&Ng?i+Z5%I4z-5`dxwqCSlZ8_6 zQX!C}=ArMjC&YMtAu^U{W*6t#y{eO6SX!`VUdbuG=NzVlrtJ|ChsP)u+f8LlR@0V2 zD$yGXWKm7j-f$3UK3b%&1SOj?9C2>fq!89P>cBb{uyo{@=$NSX&U^WSBbpt9k)08D z9sy<}8>+B^V;MX}_!-J7 z`D(Ivu2t~kx0+Wh)!`yr3YA0?*`Fg2^mY+TIR2FUBATkxuZZcF$L3AVds z*`?8imSvgIeV}dMXwU423Q%6OPc4xn(U;)Y-f!tQHYWKH1eoT3^JP{0*KelPd_L5| znPio{e0-x)gW&h5RDgI6d}S)CZ9@}Z0e(&X1kD-09%e_kv9}_`*`Q6G3XkdO0Q>-H zsx|O4_t{_MiU>E;C1k}YI`r>`!M?sK2Z8U5WfD6Fv!5L0lf~iubi%3`7o{%f0HM+CB;Z8iotZ5Iqb(|#lG5Fu)uyk;kQ@6D z4^%fQ+mr}Tr@~a5+u>x3b`(5p6=9^Eo`Yj#!eV+Kr&i)%yT+e?(74*cZjD}!*OV&G zCO!%0EZdj=4trY1Tmq>=QWKrR%_qvRf9=<11vK9PCfT%Gc~APy5_t&kdnDiZY>{ac zm3YbBqTK!(hH`P=DQ#W;7^^$<_xQFI-a96BMOXeJsWd^OAiu94Aq`yJe|nB^EzS&` z{%ZO999{r=k|tpQg91PL?*XuSpViT+dJ2!;c!8XD`A|o6O6+}*d0#~D$cRIY*Ttrf zf)%-?_D2V$Ut6WVj^d7ZO?MaVE4?B*65^&Hh=7}0#Xm>yd3!3w4U%^3ZmXxo;Dm2y zIU5hC@T=|V`|OjR`-52qj-h3yxeq4|GOaam)6=OW>;DOkyLsB6eZc_e3%fliRsc58 zVN)ISb3?~)A~fn1Cey@ywXJz;(xH`a7A56d5~qB^ttvXm!1*4`Vl_$YtExcA5?V8K zbtCH9c{FsbQ`jo}HyWF>l+dIev_l74khT z5mld^#Q(XmB|6Wjs!QC8kY8RmI9x1-2gmWJNU}JGQUO zx32>ihn7!g<<4QpK(-SQ)Ud>Ck5%xVm$9Cgzkn2s0-Qr2Wh>|p{=dY0RQQQ>_({6b zpLCq~pV)^3vKW+XP6x1oUB6S9JQ~*kL^CCLtE{paqWB3v5D1(6o7K>|spGMhX(f#$ zVDAI6Cca*60g+fhb`>@k0=TBYj{+{R8vi!!I?#ss@$Z)uAxpn(E&%OI+kuVlC;)b# zx;zWn6tE2fdKQ0wul)NB1Wt@fo?ZYdSgh>F=cnGwc>f&CCe^O}b|*`LZ0ltpxbxYY z<8)yzpODROtA;H+(OzpLRu6ToUK0t=Z&v=Qydk@_hV4Fg-UdpgHsd*W`SM-o?c=6j z+Tatzu*LGv*c_0QY!%^8k;3SRuXPCD7=b@u1!}GTZQq_PtUQ2|HTXT>@IQ9Zx}0{yt-2IyL{C>iZs51XywEp(ccMg3FsyF3K=M+&0jJ1cc|)WnH#wo zVx&Zq5@7t%Tg=*=>1l%0@d&%TBCaLAy49kD9me>|#AH$57&?wTB-QvQ) zLaRsCk7NnXF4noop<8p{G=06VPy5*| zPOq&@4OAYd<2&e>Yc2Um+r*4qu-0PN=v@~l9&rny*8`RLrMBQ2qs1=}5*k&;f*0`% zhp47(YMrP3j@si$!`%RIM2_YR!*gsjepRz4{?&#<ikNu{e=VNuf8W_eaGz6EN!YXI}e}n@L+tN@+!T;dhT z5{sl%mxq%i91=K<-tGx}RQM&xS5wpX&(!;!sUd&Ox68IJ^@P5Oh?Bx$nJVn|G-*Ui z4f~Sro3R3oFj#CxMVM@!vo)v*n&t5|Et=n~7JyVsOgfVfpCXIQgthVOv_HSXNp)TCXS?$x zT}N22kf13o7cak#>Mh?f?QN&3TG<$*HvcE2(Btbp^j7GKXy0E)Ow+ks%XM9`E!_a4 zUUu6yV4t~gY(20FQCtsV)j}~63NhQ=#$Sl9=3&IL#GoiK@$Dyya+4h#2u;;O;Y?M{ z!e1>pe?kYyFDg$79%QwfiKm08L{Id~VBpm1r(UUd9DihpdHaZ8H2;*VAoKuYG-q?x zDzzodaj2-oc631rgvy+FdG@-ixwRKzo~W=HiwYf%J2)t!Ob2ZiF9(qH-xk9yt2C`Pe8HzvW{~(PR|Bd`@Gx`__J7BKeNF`j-pU z%EPz+SSd*K38;sZx1SH3X{g&B4?+fDu{Zh+hwRz@mE3g*@AlDhZi{JAklB1f7Qk} z5H)J znkJnUHiaEv_b^tj6=GQ%aPFP(OXIunY>cX*W~ZT z@VyK$GBE*=Gmh6amdE$+e&P;DRND!Om@itw$V$&WLEig~YO3{}kl^Q@^4S<@fK;Sw z!N+?r5RL!`?SiYQYzu9Et#Qk!x-v^bv8>Y?Gf5vh7Z9?3Zg$ZvZO_d!#CEbgV;KXk zopW>K;k0z+kD*crtppJz{xa`(yzhz=$g+Yy05X9RXF)?otVb<1NX3P<+?3IF%S@rc;-N%^Bs}J0Se(i$NOzEslGqj0~WoBBLJ~$n<9k> zJsu2kYw!T};an@N*{e@3pNFx1%`$u+CvAnT=)fC{#3#o7H8FCgMsAXlgLN|O(`64Y z-X&J0V#uvcffMlMdxuj%_geViPw~p1oRuJ;*arYl@}FY=EBIf} z0=L$|kB>DqX?~&#o7#-6X2OlDZy&V%R0C3}dns=ZDU~o1GRvq0+l! z?JsPu{}$)X#iw*GmRsIq_FRxnjeU&RvmO~qIIyN{EV=ky5a07!VO8k8^gZ6R4ob*q zP&MpE^S9gen;YuTo5v-?UM#?yl$$=vp}D9{t}5Y-3laR?DQwo1uS2&N_O+41uKKsn z43U5QfiGk7R-+D$&E+c^C$9-YlH4?1-eD)H=O*g@fRWP%-7sIs!}~lARtks3)bg+1 zaV-9!FZIO+ztlY8<%2B24W!`@Wn6+TJo=};B0iBMg6txxhjyP@RXyHwe0$&6(n7qL z{M3A1U1TQ!X3iRZRzfsrjBwYrK@CGR2VUMG=+X7&V}(8PA&>PeM3Q1gRv*mZ(5M z{6uh|FFt2?aAsM0z;_CFKTkqD*tN7&XFGL?DVQS|Tk8`7<+QX&40TG80SysHJn5$K z^cf&DzuNE4M{93XEmYbh9(oc_;~_7d#jtrNl43Z2b_-$N?cqav8lyQsr&B3T}jGl;P#F=eIJx^rYNZ4`h%U_2#J zy?0;qO%mn}ug}!(zOGf<76R6zJNUS`M1}s8$eiz`J;hRBVNaTjfRwaUOZ#~k=^b8L z`9?^NK0KX*Md9_Kf&LHV0o`K@awHg7TV*N9X;jfE#vAy3ci)a;@Q80iG|J@ncfz3! zNB5Mbez*7!Eis$5B*huS60x#--?+c6hP`mrb^&~>;4psFyi@}2oj+l{p!TKIA?sr$#U{x z`38t2t6UyvGs;S%rf{_k(IYJ}v=q!TAAA*kMwe7sC;wPp%?D_KOq;rgGyAmjH;r7J z#)~s($XkC~;@{jg|0rV1d_Q$@qa#?-I59I`ww9_Ut&}m6r*@|&DW2{m=(oJ9kN%$y zHz~NNtoF>=(#^p4rfIbWDPl^u#^l}y3M3R4YDN=)BP=tTW#3W=(q`o@VCvrw3e#}`ohuYJ!98`xX~qIhCZ zePph!Y94Mv=Rnip`g={KWt#QqrQ=xl7%J!Y87@rw!;q$rrbYAti<-7R;fGF z&}4lD$pt!AMxEXcYGUGB(SyIEw9RZ(1;LTjb3}#hK($oMABxM)3JLbd+0$y-RG4zJ z7bCbOWfQBL{KBN=+Rx z2fX?IoZG6et%+B2fau-)r*Y@*efYVDB2h4))w>;j7{wOaD_~R8*7g@rhh~6g`x>$` zp@M%7Xeq473j}J(e+q6C7DF7e!iVRcy~QDMsq{4k8{~VzT#C;1o3_AeUTiltE@->` z+nVYZ2U);%sjgQ%f&KTcv5CXjc_@$@*bhj#SfKvIP=>Fuc~0#yM25v}28uU&exzhm z4E^67!aP+J4q|9;3KNZIEp87RS8aIUI;K$PAP`5vdTkU0(o0~1yjo(ExrjO#ROXu!m z=<$6R(z@7HIJ4`2=i?KPgU*o7-kgH|b{@!#hlpq*{X(NwR<=fGuK;J25m~C54{}!L zVVP$Gt*$D2`=ES`f&p0q(TBGQKe&IUaS5n$*1h}po@~4Z)Fr`nNMD6L4Lb%FL zmK_xv|2;7SHg!I-bBT{38l3oGPgZ|WGeZWtXwSl6M9TRd?(>T=b-D>|kE|B-ipEWG z$(9Dq2+^I4OvZ3)1=?mqxEn>f>rnT3Ifpp)MmCl~vLbK~H(jZDt%Y|uT|F7fC8m#8 ziBA}-BDky>$ml+F@srFGK&g|Ib+_CI!~$tA*(UW!?I^P3XhdHcnh0c88yEUh$*VM( zilA(0xsLJhy-BA8W^>4+ESoG$Ce+5h(k3)>`)E7Z@lIN{LA1MYFq+pGp04soZnEh* zj$nv(v=p)Tn2{Yqm-RB%bxOkRVVvxZ_vUzlEH@+O>)Dv3j`(`*UUT?DU{4^l2 zpb9lZ8=)n0h+uaDAuxlpG$!4UAVJVl`#KyYfye7C3lJSygHnYIcKc*bbU4*-4K!_P z!mKM<&YmoNgheT~2+ol3N%vINaDHxoh+%!DdLu;DcK7G&!Ml{zFc`;k!;bX9!e5$_ zGQV)gf+Z-GcY;@@TrQB73S8$1j!Bj+W=4{=DvQLU>0}GY2IQU>cw`S@foEX84 zeN=wCa*Lo{g$I$n_*BOj}h74`coArd<>>i1Ho3rLksmH9*&iWY;ahvPql>eMpbEfxlp`S+1&u6?0mW2{ zG?vJRI=4GU6i!MEyGhk@v}QPUgA=;B( zZ#ODUE7Vnmwlk0!X`o1J6CK+{A*5CF$gq(%K|mD|vHfY%7>F|g+U8D>-1u}VQ4R`? zR^B3D*OIF3q_-9jIsP8QFwn!x_DZU_`0>Bfrx$LcUr(p1!Z(>#_O7$D)vpb=0Br?& zK6BPXF&5g6PvyHCVqzlwIQaBu!~S2>1({YUy{O$OIZmGklpkMyw%+!e+N>{;D^~=2 zEbwr5niJDjE;Ph)DDBbd>K? z8(9FiU+>ocJLOMCmDoD4xc;`nwk+k^y3SNi97Cs03ovOqr>a)rxdO&wByXmEH>|u* zbv?@)Ngyej0l57yaU_=!yb94CtOs0JbOuYYTmi!}SbXb_p66As?M?4>?g{o5?~L&7 zYqt(GcHZt>z5pWHRSL(jLHEQ9tF)~%T$y&?8gGujb#LD500!lrHeqML%l!LG`0LFv zwmqg=ci+R&TzmsP(wzneowd)nxmrOpRBzy9L z{qWAPmYclF!#sZ!EyLjd*8sH2v(N*%qu$Fg5AW7|nbeJNgBnjBr61pJ2-ep?Q(TP< zm5%>ugLW22{t*R{E0rE7k^iqd###c9zN7iaAKC*aq=Tk+h+L`)KUk!7i|ehpglx+2?@HI zK52-q2b4$WzJd5UoPwAys%aRNY3Kz#4kZg`N0hLx?nV@C6=k&bTUcD4m}t7JIx|G| zEpf)9fp?t^oUD%n`sI5UEXBp8f3R2dR?Hd`w@%>tQS<1hIlME6Vlc+!PLTy2QTTF= z;8>_Qk>_f}l!olQeHXDlWqgO|5w(u4M`(`6lgQ5zvz3w-W%*$tYj_dbZO;x5ME{pPchqn8`9!vSICGwPpOPfu1cqyXe5p$C2 zkA39pZ@W)@c^gSu&QbaZpNIuWZ#5tAmTWU{%wx-_q`e|}Wtvjudtc)M3wG0FHb$T9 z=|@e=om4K1(o%zf&;C|MbiyEc=)J#AK@%#?F5!L@Xajx>UV)9M|5 zpG0dGTZiYJHUkGQePhEf?KHI14=QlG2%&*?Cu2@xbBe)rwy&pxrICDJHPeVZ9!C!* zOqHXitw$b-iYlWi@VaZBA3jQ0hQ-jU-jk1uFU$}fUtG1*0^>4uKGxQZ1DI0A7I6qs z9L^iNZZKJ42JGec;i;tPfaliullJ=R9#Zks6q`8DWpMCT9Yz!z-=uH!@W-t-$=;Xj zV8(wi&BA~%pJ;~ti2e4!{fvHvuukFWj4@HlSW=wHpsYD0-Ity> z%1zAW+2b?inNK{S7iRmduI&>{-V?e$Ksvibliq7PN5^>ykB3PJ!}7wswMTS`?Wg>; zL8bF4a87Rf4xI}0bm#2SH}#8!j^sDq4d3bO~sFAdDP1O#D7D$PzV0 zTav35PG9tfuF6asuC7K_?s@q*3?e`=gkd`^fWOsfsOg}aq$38Ake#8x>w7ibCcn~p zl3Q67wqp?}1Win#M{ zC*#Anb3+e1SZx3Hea{K5JCH?Af}QCT4y%Qc`T})dPT}yWoPCYCab~^yk85RZQVL0UfUgL&bTV6$s3DNR zaUL2&+NDdr(}OdpWI&$R;R5AJFo0W?15%RaxRHcc?;MiYkr!$=j2N z!QH89;GJy;-@Z7ckm!wcewVgRkC>@>Py0?1r}h28{ADEDWhAzYU{CL=mi^}15xKh^ z-wQOPrKI!^*PV0xrm?5KKxJbWrv2YpmC^=S;d*XV@p`Xz;qg#VlE&{lmJ{3Uj(KL(62!UHL z=jG6o;cx4;b9>(aHY6csH_H9|Xg{R2@oKkBxcTSjgWG=xU;k{u*(Qk(Zf(kz6jC1n zB#N-X6xN>1>$5WY=DhZ(`x<~Tu?z~f8Mh2T7LPXp*ZBz`WWGIWaa-9ujBu%yyB9Kl ztNC&g7!IxA1rF-i;N`hw17o0zo(a2^x~5MizAMzT0p{M%MWh>3top$_za3V?)OTQb$ z89|b$)-Z9QuaKERx}QrUDT|i%wUS-FBW^@vPl0bnmSJI&mK)iIBhrM|6Xk+Tq0fZ# zQ$;ybaK9xUigyHQsWYiUV{Z4oBA=HAw0_57>3@|})s3%B`4gXY78*5a6>X6%LPR8P zC0gBxFSg45u#8_+=zbZse|cma;j?+-5ZhXNZIQr4RxTP3t{6lZ5yu z9v|AL3p83n8UlPg*68!XBRcj;irB?Ri_-ClrKO~cm?pIJ)96*GBCLqLt?Byt%y+z! zIdM6G0JuxlD|VAEuRGPe5ww?(-WTQu3#)i{3=TCOS9^cq{;7BLFetj4_~=OaoU7$& zY+x&&lf)dMfh&v6b+LL|2~#(XZ&FpNtTDO_GG#Kry$u50L*j~V*#~NA84k(r8OJ3! znwHV13a#a{M#j_YJ4F;O)+M9TVqB!Dqb54`Uvg0TaKbccbbzClwS|>){E0bblH(vg z29Nkr%5<8!c~%^GV!IA@@@= zjQEkJ_c_6$=vFj22rK0uk6 ztF+D!h6q*CO^IsJq_hMWCwY~Z*|QbayNK+HkSF=_1|)Vd(}*?3R|6Ob+LW3@L=q3g>cL^>*VUm-P3-k86Saa?FO)FuJ$F9&phfMG*^ z6ft;@HAG!IAtCnEPKqGH12x4A&W3*32t19ie(}^Shkhn-Tegy%wKc{$l3YMG2FNd3|1B zoKXC$rTt5FA(@YJ#9+ekAVQTUF=M=iaWR2GHLQWEPF5Pn{B8WNebzJlweiOX%|SD0 zAxVTCE1`X)jdn*HyU&+9$v!pt+22S<)+F5Se9UM4X6>kM^`s_DG=`!n#DSAX)ThBh zU_0mJF%uJ$?bWd~a6%_)zsiQy3O0B3bPe7ePVraWoevwmKm;#0ZM(VY#tbrdX-(M= zq(LpvuPWjTebO^929T;dzBDQeBzL!Y`Xyp?<6Cr00;(8aIP6I+>lW?bp(7C}f6Wq+ zQLE`wh2+bNDwHGDgu&LpSp=%32Q7ROM&f=V#fT0saSu2TvS-n(0*peFff?}3{i?`B zkYnD|)I9G3Bx^$8vf?3mhmMhBa?>^MiIe^-V_PzzmxsV$zZpB!*PB29Qxhz5SYKa{ zMe(qxWp2nmmYO>*1kgr&w#yDI^Dt#%mJ|N(&$mxijX&ODPxpT@wwE!y3TvcTj{&@> z>1_JN%F+9Po1vTrB#ICIii`tDWMnw|@_mfKd^EMzGnu`Ll`T{|HtA zK!1ktftA<1OR*Z0&j?@)hyyrBvz(wU*t5Vc+7X2l4Aw$$5q^6Sj%D<*76B}Zh~*>! z8C*O8@cj5V*yo-C?}boAV9^Hv##jP80;3_zC)nD=d0Yb&G3??Zthb>5@xC_@HAstP z1PRZCegyI|SHZtgF8h2F!YVx6)_uRK5TI-wW2ZiWY(aB?6=DluGk<%AhlF~`<}cbq zXttu*ZdL*FOVfhq*Dy!N^`(P1(h;976F$veM1}O-s$P-Uq2bs5Yvr{gmTh~65Kl?q z67uY3?$cj}2*7SZE-Hx%26i_+qPvR&ECv|{zOh*V7;>ir05dZI{Nn)YmB6v`pL==z zC~h4&92V#B>{__>u#0xIKjP`+I2BV%jXg(bxZb}qIWAx|hF_~qxf^K<>uEU`a)?@nZKo*}1A=HCp^*HXAp}6hxzyHpR8cD>J zO>UpG{Kz=7#!mmQldP`;rRPBhpwu)GmD%raq!u|N$GrIdBQavo%*V=)e+~_{!)}gpT+McCM_OQ=Q#i9!S%I+O2@%X1nJ}r z8?#s~3G6>NFS_!jvGVfeBX2=;1b zFwZuhWc+yY=16_{>jWt^+{g{)nVoAziC!uo z#~T#1ShFF{fl%k;$)pu7ZtOVC*SU}7py?VRF9YtFte22#rM0x1v8aCIO8>YJI3Yn% zVe+wbyuKp7WV*-&Qh^qBr{k&IN1Nh5^O1)$H(q$lC+7GZjBpn7fELre(tT;PXeioa z24IV%9(O*(Q*~noQjHj=Q{z%lu~ZUAc6Dy(W(M(MP-h1v?yCq8H;pN|n!VYSrN9Kv zzfwk8Z+(J}5YEA-DZ_zM(`1#mtD$$veIL+=YrB+^E5?Vw{j7^oXHs=D~@f05vH$j&3eoePAmw22RU|+%R2p!?<}}w8!R) z$%fn+DS@YtUMrTJhY54?#|>SvlPGNDA4bHKMK0aPuxsm1eq44Nc)_!;Q*2qB?&7d> z^#h?g+h$rJ%S$I(&7fTYQpnLSsy#1!3Qv(gbJFtip}|eJoEnpeXHj&TisUwCyXxo> z?BbZSa^+^<-UD;Ub=tqk12cZ^Iofat(EPz8Ng;p~yoRQeL_xKu>?M=i*Ps9Uu`g(0 z4uwMD>e-0vc1*w)zq3|?Ib_P=o#g;W6#B^kClqFOA)*BF;n6aMXiCc?5+?8Ms_s(Q zGe{yc)%9-cb2K4WhEE|X(MB}V6-bB)oeyV)r1v8f+R`H%^I3AYn;_cKb>@O5w?DF= z&&a=yMExEfxgT$Lk#N_D%4)yT{v6NIlieoGB14w)TtDfwXj zI3j>c1lAtmArAHajecPL`a27NX(%~f0xPh>@V^Tw1_ICP?!I*NXY{~@^39o<=O5wQ z&D-0{{_qVz&A(P1C)(Za7$&tEi}$`Ff6idQ#blH)FGa0ppL?)<)?FhoKpOD^PW}bhii!q^@nFwE4OWxt;a(^{nxe%=Fk13yC$pfmm%!FK_l{*T~Gnb3LS;cr>sNLTn58Ba_Q2 zyT1Nqs%$&QrQ^r3^Yf3jkXbun^Ag>+cnw@rTPrGlN`);1h|x6UkDuS{R=l-5u2ovD_oSkp} zyK);gmy}`^{uuat05`+Ne^=|tC;JK5Erky5y(E2a@_F$^U z{ZZTNm2#W^?i7BZaeb9ZCp9+JI?(9%XQkFil688{r3k_Iw-K9F_(4Nt?=wS^!HrSr z0w?T$_gZisb|it=4?#L`ZjhnQP7Hsd2sLu`DNpLX`tXxp2gOe_pxU_%C`);s*D8|w z+KKU%kxqm!X|0gnGcyhT$A>^OeYB!_?_y%52v9%p)YeEYM^41)0xL2 zT?)$qW~%dK7%yLwm*W}f@zM7nX74)5ODr2wSp7~AG@?Eu#8Of`>4Q#b(#{jfJl}9k zm`FHEh0<`KQ&Xfg`rqzZ|M;nMs5pkUkM8dyu9J1>t5?<4XnFag^B{0Cl=W}*$3niT zLss%}(RA^$iPSN zRL|PZyS$!G5)3~#@nYF-$9>kAu3-qJBT6mQE}Z!8oQh0lP&BgpdC&k(Mg8lpSjyW3 z&8-N>wQ4UoD@p)InzDa?%wM0sw-d(>+LZM}86rmhW7UqDmAsa#VU78`E~qEs={sw^ z^*d9>sw%!YP}&K@O~v|%L+O`UjA)7{#5@#VZk^H=+cFHbkG%NwNZENDKERsj8i&CX zm4IQx#5#XpO<+-*-&ArNk*0c!PfZyyl$7=2T|BTCKheXb1OxII%R7jQ)|{&IPmoEJ z=t{5GN>^9)xua?nW1OKT?B28_$sk*N7AI=^sU4gW}G01>h!clNCkvoa#2c za4}*yzMC7-V!7@zk@=>*mWw}CQ_7f4Iy!^Q{B-H_3pX~|&z3xTMLQCgyFud;_TQ3-UAVM(^GS6S%^Wc+cJVLtS|Ni=}<(I1q*My9Mh!dSJAYo(~OE=IA(=7 zgsFNaQI&nF{H-AcF(&qk^lp@LbU^8@BA*o<$T7B7CHbL`hOFGz>Ym^w)fk46n9q^| zNc2lEP33NW1xp`MZL)>Too7JjM!<2YJCEO5n|g%P5K@6U>Oi5p=2*Js*o(FhMd|g^ z0JRbqU(CdW6h?WNrbg#r)`&*%`d@wN;OF)edG3+DI_ovD;x@xZMP`#P)q+Z%J^izXG`Q-Nf9UwXmvobYaS*4wX?cCs@&hV?fuVE(x zsf)Vl5@A)c(yGRgfWy`N+4R?pnh70ToqWY4UR(q664iHKpA9dr== z^fAa`4yyOS+ROwN6Z@Dga{%@rY!oTtE7V3MDcj^LIs|YzzOp#yl2Vua*c9&1f7*DW-+GP?{GRAFp_lUGXr`5D#_EJ+ zE~(|9Z@}^m$?w~1z_D)xl!$*(N*%tr_^DbWDB8gyJZJBQCN1F29H`nnRYcH$U?S6mJ+2;(tPHBAJ1 z#CMKq1pETFsqIE@Uq5{v)o@740XA$t=yN&#A#K*-vqB~t^k{QOzFQf=E zT?9>|<)|A5FKtYS7q50h7Y*@q_OV3eQM9q_(yMsN@@;Z4eIh#buVbMQtCcs#ljjvz zD{+&@b3Ts*wtL(gFLCmK=uLoJ@G6;xxMC+lqkVz~Ey10Qo+U2it{dE$A*GGEzN}vS z8YHjdESxK*77MgNMXa4BEauRsnGwk*07Hla#;C|ni@z)@L}#_fscA(LC@tuAzow7M z7KIl;;)|OLf=xK}WvNR}b6OfEz+x~0)t>OP!pEnkZ5xL1#o( zbK(1*M-B8~@6_5%TeLP$@}x1_Aq+NE@7^EHVZt)dF8dUn(dCwwR`%lFkH)eWL+hJgC+$guIcB0-D@XTu+d;uY97LeG_kGjNAaUVcH=nT`}C5KB$~ zQZ0yYj+fALpsTQSC454&jo?imG)WHJqlCR~Po148Z3=R`TwXYH`TVW)9@o(Y!wh_wC>5Wp|0hyE6@ZQHK&1m`18@)9^e zdOTZ}Wpb%c?_(@f4ILh3Hi;nrgz9757pT1XrD(X7Q4lU3ir zQ*zAi{v7BqNy!n2>iwS8$A;|yd2&Y zmG%{8I@GxG{blwB2H(xgB-6pcc8;R9m0f%$B5zIB`x*1OhK|CI7P zq{r^)Gk4X3iJ%rNIL++J?}xhWYwr&DDF2}22;fiqjNei|O+98!W8O_;TK(-WIV)yt z#9Q;@$>zSU*bOkND$v0@^5IcXwFt7nrP7_lF)%ZFD@*u|S0~#H{n^RErNg4(DcF6~J%lV!(iXYn^Haevq5(8nhzS^AK9<&{b2F>l$+41;i z#*V~LzI(Ie8#s5J^)cj$CBe4Z>|Y{J&#Z~1IbWeaEOWE-61@`rbP*=1F{EV(Elh*M z8KPDzApoG~*LW8e#NTG|N;n-gvh8a!EW5o34XVhh_3|L9cqtA|-57Kd+u18j*M~U2 zT%O5MGxOgqbf?f|YINaGV;Hl?EfMA2BIC>gajIMCc#D&2H)(3~E9+MHHGLx#tE%~D zhclTR7N~q0W~u@_?6l-(*M624Oc z(;DHB6on5LG1X=O%jF&i9_F?1+Drd_U|sRZE7n~q-OyD(0R|y`^{F_W0q*JPdDmVp zr!Zr6BxA8yOpHJ7n2;{1E+okXX815HnXt^VK$$zwfw?74yrxs7N#@;s5GfhN)P#F( z#9`Tw1LpdS&%@5;$Odz!Ely&R6Bc_g z%!+dTMhg;?G&mCuMfy*xQdnivjQmvsCrwQ_hh%%l51L2r@pBsqEvY2o#!iFy?=tX7 z;LO)spIXlZ=uH%6Xjg#=c)g$l>GH7r1J?x=)wIGQ!bE8PX;{T9EFkRrT%i{KrhhY^ zUwdsgf@h)#raN3N5M%U~H1Tj1f6wdJb)}X?ypguvgkYzR!y1TlW51VWcYjDw&}|BX zb|I)nY#agI$+&;l;)>V8w{K2gnPmVI8Bajjpe%K&78c~g8mzB!cs@0Ik3T6xW-zXx zLd)|Lg?YgyG%N~@K~(uCqd4?Ey2y+*ej>95`pU|z-7Jgw!NP~SQxJ|%%(JuA&4(!d z1ezuOPVo>o zS~P-W`FdI7;*vFXCBQ)Z-{@_SOm|=>Fhm1Jbi!9(Z!hYAE?uun@tHH?=m9V|O1YU$ zdHnwu@ze7L+rQ<`OXtG3K1=yei-82|KSQ^5|DEI)?HAtx2+=E2p*1ONulSfl@^W`u z>9!u2zU%`dxYOJ76`MZ|;nz@i{*HAIhCQ@!5=CO2JWyJ8(wKperp zQy^Hx?BAKKQr2Mge`Ln5z&W zo*_;WFp>eEB;Xm8at2JXFTm`?i4ec*J0j*{*d1X;MM~QNdHKDmfIQkxc>sq4lsf1H zY<|r3Ja}#WwJj_ovVKr6s~RjJj>lYBkj1Wkzvpp5-9rC!TBiOq`1$}lOkR_OGU5mo zBJf_#{-Z=cyUwGgx^_;h{~_zGqnhyJfB(^`Fd9T+j1;6(+RT0lTTIz&N!<8$vhzwf=5KR6s1XY7pgj@Rq;d^{>$HIff{B5+u0r5u_Q=y3?HAntyI2XzOHG1289vI>5=%1bj^*AzNtxgf`6crL>=RfSg@JI%=7rJ zEtS|Y{T%sNoDqsu(B7gYg_%ziLpq~j>B{vIoe3x?nZN@{fi#GbQw2v37kVpsHk z>~V&TM@c=A)D)E%gHVm9Z$hF!y>EN_dMV?@B)1=V*~96b=j)MpC8S0q`lq$-(Monw zc~9eaH2{cZcrdg}u;3G&5YM0`5DC z@Aq}Nyc~R%67ru+#^Z_yb}(%gX2vS4Z&rLfdQar7v1G(1j7XM=#&JFIBnn;thM|QS zm|Xr!RL@=-1d(07+wY%5!q0=lOZ8Ia+S|q=X2Ayj`f<@`C9oHh;R2rKjL*tmu5yGX z;}>byu<-&2}%5N8Usm5K?4sC5Qruo-*Ow(0ul=a-jL6=2imA#k{4hD=4fj z>H6?`WMom!EK6y)pU>%Is%EZXZ?(q~aSoiZ3jgp8Aq^6iJ*tGt;QVbr{WGK64fB^e z#|Dv>f1NC__F828cGbVwn^oMzp(!#X60~v-V2NIEVfeUxmiuDgeViz5H7IAsn)O#z$YFYEjy75WB^1gTDKE9~WA4X&m)qC(lJ%JnIq(5s(Z@wQtVjj!cu;tKMIV z1eKq4eve4vWoYBYXqHf%)+YRoyc*o~)=VBG=?{esW~X2GvgNFonqFDH$2cfFkCk z1jiJXay1NKL?})2Oo`XpUM-a?wPlS4249lKlv|?)gs8w;^FAws+f0STbETz2m{C8c zyG;xgOZNK5*@SFRclA;nbLZ_p&anLBn&7S7#$2FB$Q|jA?g6)aV2!M-l< zPlx5@46H^2J!JD+T$Y-hE|$n&Hstf)Lh|0_uPq^}M8T*I^@~iSML!|oNSmD#f;VK^ zLE+vjc{1oqvHrgVe=)>{p|TD@a83SXpuar({J%$GcMh8Z|CIP|=32ThsxUJSmcIc1 z_~L%9ucPj6KZTvijc@(+W6a9G)V*oEI|yskxU323S-Ww&`-Qq&I+zXH9yD0`bj$R?q_S~zyPC2LM{Sl z>)c%Ad`TSM3s8BxBcq&N)9bUGoN^KN@24p?7VITV&-{=q&Y<*S86y*s!T?+{k2kw{9AEVTE{;bulXaDpG_kpL#?CW5t91Ir2i2znuSHUC-++jf+(SqpvY%N zvjfM-T|S1};BshJ75vLV4V^IzPY5jDtn`v&B#)40j2|98XUq4DD}zOwnhbRKO&qOu z5j1fgjDNA0%+o2|-$GJo%A;4a;tULkP{I#>YCSAhEIuTuT04 zk;~~E@fN))W6j`xC8z>R*rUSQk)#{s=eE_k0Cy9XsVm^Kt z@foYchVyx}#w=xONUlx(&`|h%>(no#4=g8h?J;PCHx;;!)B_(pKd)*i3el!u&omo1 z#D7{1fL7Zs1t11eFAijV*Rv1^wnzkYc#M+WBLgciKWl10hFCI)QD9PIsh25VGw8gQ z0@Ig-Ytn3Rb;;7n>)Sc9rxp}(O?5B}cZkdIer}mL0w-iAZ^?%_Y`Z?-d}{2p;I}V9 zC;`X$Cj3%O{>zZxN)=yK)59MkI0~i)vs`apwU*bv`piVB`V3{tcrZs=({BY+R4(bj zDJpbT#w}ctBD0}j-IjSK4jRL$fJ$3dFV(L8ou1xQqos);Na+&g*$?{>;ja>S$o)+| zP!pAU?Jp}H8#Gg5O~bU>fz94K!n&tru>R&xblU^e*LG= zKrttIS!r3j0rwi@k*gOeEi_P$?#M8HbnAo+MJi&=u{h^caUipmp4nvq{aCq!F(mYVBm(ymhWEjs&vYML2TMAoTuY-~VYM%P1p#cL>= zur#FjB5QaTh};h7a-BXnW`P=xBe2TE_naTW$wU~>xb=eJ!8u|xR zzC<_wivsEEtygrkPaB?{_tGA!U9N>17p$3h#6Dgs9I=B)ZK7`VWqbU&HZEiUwN$hUP}n)?eXpDy|A&EU2w zE1gRV{CE6;OcpF7Cw)GBJw4I=HD*6P+5W4Q9i>)ONGT5DZ3J~#JdrV z%RkZwB87o3DBu~Yt8$jzt(DU@{^TBo!CY$5*3)Pt6fToY(WN0tuNM(b&6o@K4jnVz zrhOv>Y{X_2j!#HJcL3uEqY2LlwO5;@6_r73yeZnB+s2bL$*z*p9z7tsGRNgReVToP z0#RiQlTU(KV&JK&8$!)#Grjo6zU#<>!XWRH_joE2!op=kp>33KJ7S9W8+Zm8X69dd z)fkJrBJFdk_LtG!cVFb3Z9})7yshFV%5YUrNumN#Q+WPxcd#}$G|Uvj44T0~BXew9 zM-M6H2A^F@(&>R0H38<2fF8-8pCn0!j}RN_X)t?r23@tOc4!@_s*^jhfhGj5ro>Wy zb|rF2@L>n}VJqPy;7uRD911E0EYz347p5=t96^}s`mn5WsXh-Rtt2XJ z;so;=_b5@(V;%Q#W}&)kyKsdu?P5Z=yhtiSJ#+YAvpr<@khf1&m_#jkb8Zmcha zDOqFLO2#ID0x&)+NTzS>rrlgc*Nx1otU9^YWt>~Z!WEn{4yjDTbu{qjEqx(8@e9KUMHrRciS*(@wzs`h`lUJ zrQ7C@G;SnnK-s6MZrW+<_LQ!OXwbx?5!;w-LUyrAfT(HZJKPYj82<_$D-HIFjz|i57%=C4Ctv zoi58CKU(WzOKTo(PIhFC7Mxx&F8WT}2Z1n^RcbBLH8f=vH#Agihu!kuaVzA1GL5UV z5A`+A^vGL?&C^i_Q_&zhr)Qi(O<+{t!j@voo4uBrT{=ijjY#b^Z+nm{@Rb!t4Xlo(mcLo>G zeVSN)$a1a7$E$@{%zcharlIofb23YNhEo8Ix>-Ya$ zMgRALntwZjW0*kkzycWVcHM1+ZX}^TIVBI{JY9!R1S^paR)D`}e_UjqL|C$=#>8l7 z+frmn-b%G3OaGaoVFy+hOsueFas70G-e6M}6{(MmX!25!>KW!Z2~2NYn|$$d^bIwp z;kM&I#|BZ=Wf-1iHb}DZWEw+MTZMjFB(IIO2^esEI!=$@ph*b!(q(#1nOU=+c?(_K zJ4|^x>IrEba-HF0x?JagJzd|Vnd#_I{FK{Z1`44MXi&`2(0fCQO_Z(jn=Wv1VZLS5 zpoa_B5 zoiR@@3Yo}un+DZj|LHkBXJShODyKpZRPWhy_`g-GoPRM0hVx{!zB?4mtb8g8L7R=A z;Sl^`R}X+%X*4$2CS<-%Z`GXz)WJQ~97OYaJI+!!kNNTS>fN88^`}uk(-m<$y7=>F zE~xBv6&$3o2IG=$ILQH$7aFCr&EW%S78Z&t{{0oQ@}U|J zhgEI5cLTx947NE4XGT-mfo=}aXr65W;|D=W^hc7eV;Lai7gSQc`z5nIA9wlm1Q zb~UHbx66WUxisKMBlvapDBY43jh1%FDlHB2FzM$MqiWbfn<2!QCtF5==T~R0@EPXh z1OrV4h274zu4w@MR;X1eX~;&eDm-2?^)ZY5NVQ~GB39u(U`0OHH{T) z!0<2_2JS=i)0(#UEW!!P>`bbuUi*os;z!1@H58m=k77=LjiIORFGTa1@PE{M!_*}x zv|`|cm^iLH$SkekRSdy19dPdruzE>BqNBtF!$<5v|QbR6g>GIB|j@B1c2`0+M{Jn+raH+ z3w}Vc%5RagIa;Ilhyw7&94*a{SjSaR3^|dw?bDDBEWx;BbV>VpIvmooQi6mxhF-cP ztxuH$6@~iHslfpjE%D8{C2p9BMZq(d(K>FK+%aD6wyX&S-I~8J$V@^IH6T^|DquQv zTI&im{N!~EJjoik>Aly*4-wghi9NBuX*@?4oUb-=6JYb8vDD+ysvII)F3z)H&OV-; zTu57Ww&M!~KFe6L8gXFi?sP8Us3WT}Hp^u9OxMJRTJD*~cvVR3+Hd;*7P~)ndrtvt z|Hs+!zg6#|!IGb~J8tGmM^?6@4C~niRZoSL6_v&B(adZ1lkKcnQ&~#85*3*KNOFqV zxENWB_n_IJw9kIpUkys2nwsJ<1aD*USiwLwCPM;Q|IUe09A7k(Be1PnZ1C@B`*_>A z?_O6t#Gj~3S)0YWt?Ye9P&79Xu`o>`SD1OIlVItY`j+{Z<|eLC6h(~5Q%gsp9!T_t zu1btBlL8_>34$ScBkPSZbKh)yNBhOV(Eh}&! zhc~7S4>kNonf>Sh{z34>nRb!F2Mo2Rr3{zwyuf<a7iNoVKE2U8Y%a*`g36 zZy{WlX;>fyBu3_5y2jnAlvmAIx+Fu@OwvF&X#xcHX|yFsL_aTKIS)EqsT22nwHij0 zburhnY%|hoe!?KGr?A}!jq;5GWY@d{gkRm5M<$@XbvP|};!IMy|6r~~=BZg*S2)6T zms180?3t*uG6)^kS54r~OIcI^LbJoy{Lby)I`K4P|$bm#7nW3(p`V zWZrBiu-s8tx=f2;vq`ds*(NP93i|=8JC`VKUfZ_)`sg#cuc7zgN|iR%{iTr~83eCC zEA8DgOaHg~9K-K_K4UgJoXdchKugNp4e-7QrWis*Tq&+deJ-sYTyir*?Fh} zJ~dfKRxnKSiqJAk8CTpvkz%`X*lfsnks@_E*!crj_kO#KEH6)5_vPi+m}Yl9<+Oxo z+R~L#-A_l1G5jjZ{_Rn(kE}UBMxebAkE@IJF-a2h?qqJQ-T`!#sGf)ThTS-XC5lj; zf!^zJdP(zYP{pzTmBNgnqqajV4`nL-YkMTrP0Q|Rrz|MW!B99wtCkojn)w6dTT}}$ z{2pO132bqB)Q_ooGi`H|emQrPZ=TDtkB2AZzWt~fpJxf`1HMTrDdZ6ilOW2(7D$HY z2(aR*Ii_kuO3zMzyStj#%2Vl`%nZvs| z|Ar>tU6e?S&hNm4v|{wR)MDLGZSz970fGL?@Y=n9+(N(Yf33-V!z^-g+ADb9|F4_! z{c0C_xzF+E-$%C%rPqsL!Zu`Py!H(PpNpPLFS?Wi0Qg4{eoR5CoWpE9T^SyuXJD8z zgxnQ609@bAvVU7ldWv>Q+UE(>Z!fd@sB$u_NuvOg-WJ=F546=IuMnb)pw-Wu_6+p* z_rLph9oXe+`^ItUc-4@L9u5$|u__tKUBX)#d8Vn$QnuWvkQw!e-adiX@*wfDJ&bb{ zWjb|qNUXU;@a&0!*WDM_vEt1*2`bCB-FE6B^^XRNY_KQfSHp^*t$#e-+PFMgLFZAo zBrTWC1%>X79Y2Tu+$F@0;1Y@-d49X$Qv&vvvdOWm-t=6U^TGeUKDN0;ChHu+3bSSf zFK4otcdVuiu|}&O6=|{{c-n;7x?*cd%K_-9g!Z-x9*{MNcPiW7BY&y6iz|j63plx& zU7R0i3Aanyr#+GtMv1CffPdU_-&DuHSUzZfKn{xNL4OojD6|LyJ5X$`Hzl)?=8V=+ z#V1u#)=Bmy6Diu!XsQnY1T_|nS2S*UpfYTo?u!sJg?dn$(kjgh7ky*r1&>V-Z=YDz z?_%DA!+7UK9x+<}6>5Ej;apEmqH%fsgG5g<@D|ER?hPz5dqI^(gIwKt@px=i9UU9}%zEAFL*J@TRnL5kAYit5iet$TbAB)9VUB3h3Ephf zyrv;FP|Hr4P!%C;g9yNmgwtlqg^z4oGIej``|{j=Rw8+)9j~odR~Yo&>q(T02AwP5p?n3c#sGu zw*c^t#>saEN5ZP*jn= zRcQxwWRx@3OW|Bjkl>~5VB&_!a00ecbWpS~Wkcuf_b3d_!TAV=7(@fL zzgZt-^r|kN@$x9jnz&W@5P2pNb|i;)paNo;TdY_W@v+f%KwDQ(m&vn{AemCVKe@7E zYr?xk^3Ce0-%QC^>nlDfWq!hx3NLi#%mLk)B98W z#XVUZlRpi+!3eM_u9O1*M~#yI`{%urKhMN}TNmHWU1`u!O|sFn{xD&*PS>lQzOBjF zy{Mf$7^GeFvLh4mV2$tcWQ4*g4`oZCfybemL^-LbYoA9vKY7eE6(DuC*)o?_R&fiJ zJH7rAK5$>%_#UMFilGs?@pT}y#ihe_3E{P?1((JW^PIEduKM_HHOqigS{f3M1kIf&k_NfD^^RW9x{;+?rZ)!AdQiCQRkg0o zXP>q{&BRx);g^Kp{C-J6H-NiZ<&Vqqvt&DrXe&=|k40rb#B!*$a>)lZ{o!hwz)ddr z?9ydFIg!RWeJb<2YJwFjjq>0>rXguose^Z+0x4{XSmWLj>4Z!cV_3+biQZ~HU9mktj-=b%e_{DE0U3>Q^EGm5IRB&Zgy!v(bTOy+=Iog{x zNYfvut}FN{8^!#TRW}soch{v0DIo3bn9qtIzRkiJ2R;PD(_54JVL;>zPk%N<;NUqShXuvmIYB5mdqnPY`k8$ZFGJDid0m4ik_Db?ClgD}=^xm)qYwO_c?0dt2KBjS+D{RFe_~+WxC^eiQR!2j|y2 zqmGlL)ShIKFi$(X>jGg6SZ1yk4tSnJeln(H{zz%P04pQSP_CSRWNiJA-#VTlqBr zN}w#Pyj3IypTFv34@12;eZf&3ScDG3PA|K|Yz(C$IZ((aPuU|08D7;{F9eyuU0xzoNynHjOP4gNmU0T2J!Gi>{4dfQR* z$U@%^lHzXJ-q!yiu{k6jn5gXk1r4J)j8XfkVVOk(1ey3AhhSR`1>)$s;0=mT0N4a& zgqG1T!HQxNGl^;8WVo>e_KPm;j@t& z>rN7e-l<0KP@COSgZ(@tEBcMN+dJ7muk4Nq1HHY-mRX`>0o|}?QfoH8fUQb zsj+Df_~gUcgVIzi7^_XHvROp0w{7j&2^1GVVlv;R)snhP%0VvF;_?B0{7tU2)rr!T z;SiT~qom1f!xQR;dVVN)8W8Zw(TQAxP+`#(G4L0vO7cYkW`?mdh7x0rBzgT=*@Pp41rK?E}TK@aZSvpknwKy? zPG>G(`<=Y@pWoqcA!Z%_|Jy+O?UF2PXDTi|Enz3?SwX<`hh@J-ALbzIN?WmO$ftX< z?S>!mv`P2ksaL~$QM7HRB0#JS>t>-Z>TTr0IiA-zZBtTLbo!8@(jnE2bF*>YDz((4 zM;dk|#{tkB)uUgYsiRvA@A^AiM+E5yz!~xHSe0IGO_6X5uW#*iOv+xJaTJbphG@lc zY@@937_%G>2K)Kr>#f3tH)pBKEQe8@e(5K!AN&Y=$YFuS#kVQBchBelWYIqANPp|Q zcwX@YFZ^L|9o6(os0w}Ry5r$e)k225= z_^Ru%FO=skw9DzNW+xa1AZlE4u9O?xQZE9`igJbX&F8a&Xw;(1X}H_Wx_|_M4BpXC z8uo-}#UHhOXo~_I@N+}u+>89?r(U_JZJ{-vZg}cZ^q`L)pJ-uW2|v-uo*U;~XWFJe zjF1dT;?@Bb`Lu=5^&COx7PR0t)^Tuz-tcMDr@-!*Q`ncRX8b$T*E^wy`)+DY9)&-r z)50ALjU}2 z#3Umf+K1Fko>@Gchgi(AqW$UVuxd)g)7m$8{#e+7q-IB)flaobj((rc5kx zUeDG9|2iq-q>WQ-sz6=4kJ#z2cU?ro4e{1lqz-u@5HALhkx{%FmCUGd*ny#=>`K=a z`!cry-MUwv6HMr+FmR<2TNn5%4?cu|{E#hwyEE755wx}lTE>|vcp#4;uusUs3s{t3 zTwTPV5`k?lADXj|M`9;1S|S$%Gi>s*AUwhODaRLT4#XwBirizK>DR?$AAqg7-}pd!nP-aqqlP!sROw(WwVsp{G|*upojv-uVnuIXn$0ps=3kzZ6q0 zr+q#nw!Rk~A*;F@9O_mIYFCV@`>+facNU@gL!5mn!>@n8lmMf#x9DUqXgazOqv=Q6 z{1I&SBH6xDEq_b@V6N}~Yt#s{u-BU0>9idJMQkmnD^g$EBEiW%BP!u7_E%X zzuvH3)IXI9Ol=_Ozk@Bwr(=@4r!V&`_gBLDNKOpe-^i^m+28-lm_c;B9#{uJu)*b9xa_g8Gr}w57J9XT9Im$yDe;J&sL_ZwwU~cwb>9Cb z{f*aN-vpAxT~!7@F05+eC`4lynUcFsGjP)$q`Dy{dT?inTQy)kvAYzX3^peckHUbfIE^Bw`r>0DpfEVHSGu zSn-F(KUZ@L;YZU$xzo~-5W}L7-;*k%^@JqY>xaN35freb9DA|(0h88Mzg@Ys)<~qK zLl=MX5M5ME&=KCrXI98Ou8lhfdB+a5p;T{@Rbd`Ny$n52S*|^EI()#J=lM43b0YP( zl@O_ljJ5VAW$-jwX0OyXNpP^SPUp)?;Ol`rQ+^yNgv>gVCOJ^p50ybA$qR*iGX;EP zOdnt=jI0=ZBkh2liR!*O^|^5DesaqL$#6Za))>?Dkcd#Q59w%n_`M+UsGWhZ@07>Z z2!RKD_VUliuKD-+u1b+H0KIZ#iu|0~z$zmJlE#`|X@uQ|JZ}DI7Mp8}e{V~as`$Ds zh(ByyuVX9p3Kj>aqWE_?ZF?E}OjXtJ^4wBaD?>;~_{^2qR*Vfcmh|Z488*^ldq$rN zi+7ZQetz`9^CLjQyh#PWCfrJlM9`$~9Wia3S@c*in&==h4dno%KQOT@x;k5G!A$D8 zyPi#Bv_==V4Fdk}&!H3`&fp}DKbO0c@!JU7q`C)S?NUk!4A=X}Z6CAa>FDS{=v~)? zrrfiHWMFpWqrFDTkR-`e@Dy}F7)y=AM$ekc(Wsd5)@IG!a@fDc zmr|W1f0Lpq9l$IQGyv0U!5a<+O)tB$;KIh?F5@{q_TmE-9IV!F(2@?0*Ks@(0ceCR z?bPBOo2N7WkH1$(S<{|Uc|r}2oP}3MYi>(T6p?P$OE8Q1_NEulo^vN2u9{kom)fzC zpD}J9UIurWKyFsZdi>A4DN3dTB=d4qgI2}D$9VhUs!AYG9|QON16@TVoQ{`Qa{#6s z7ln~q!zJ=3hLZSboe2}0@xIt<*Ve+9&Ph426YGn}+i2V0FFvb{@^Zoamtb07W3VRY z*^q5d4C0}bfU&DdT*s}E&uc?2uNt9s#^2_*-KiuH|BtI721I4a+>_MI$> zwV*ZDJ)RIKVqvUh-^=L%5^bF2b!3j%X;y-~WDiG}IBBYrUQx{^VYU+t+1QKwawQy* zg0MCGWEJa>=78PFyR&sZu-tds5cXR!b375#HXLjY#1AJ1ePhKsgb?`QSY<6`h2CG} znQQ*)x6OB1?9GS%n*Z0ve~sZK5PbKYzkbgjmMiz0-+#J%{_g1f$n?|Mvrqp4vF@_4 zkM|Y+&IewFoy7beviwJBQIdar@NZKy?f+PMJF@Fmq6O__c5pvGDRUp10!_&%?(e=2 zfDrpWtY`zu_YLGikP1JxqHSq7%74!Yr95s``lt???(CEWV6W5b@#8K&m45;Nqik0q ztssK~qfb3?g`)iy1#u~)*O_d`uY-|HrS?!?FfVrRes2U}=B_ z%(z~aH#x>;+Qo6TLrj7Fl%ti&i23v~`&%=6aAGZPUlQHtHX5L^BlOL{81CpZq8z?o zDe~%f-|H2-5gdNp3#nz5^(Z#hlzI;4_&!2Ag>sFB6`X9p(Nor+H1+<2V-NP>n*3hu zgj5d;;_DlSbJ;-L`a+*0vG<7HQmvm|-y9#i?^TuA1w2W`8++&FV>%RFPE3@M+&d6- zCC@<}(PEaHTEz$YVulaJOA~To09ecNX~1;*cD8rB{3hs@?6%LY-(RptI0BI|)IKDI zAAR6Y`WcwH%42Nv0LH;<)Vu_$IVyCghQ0lgj&-am&C^k5yQ&>2nkK0SRq;!5dU{tllPBEHmtWF7- zG&;h-?c#B@N)zsa@1ZepPUxj>Lr7piA#L+UusT5E*I+J~^TR_I)qI-u^mTIY_X7fy zM!&i^zhN3SCFW?%khsbRoKH3tlo7hsW*nd@!!=yRm~17=WeAXafYejl6@bXlzCFLW z$<>^hrB@wC&jtthPi=KpIknd{?q7JeRkM?fNg{hSc^>ReWG629V@^~RjqmIZ@#e-o zSL{n(vBRUdxF5W?L(&W%Xa!G7vW0i&qO!)MAc*(7QxN!oKoNhBt7Gurb1vr2vNk@& z!ZBNCdN6KEkU-*IpOqik1jN%0r)3qfb=zJ{kUxP8=&CLvexbweIzI|Hi+j5>ba_&E z8rCHfvX#0fEqgxwWo6!nedFvp0=fMS5l=ba_H@zk&xPmvbMsi*vcu>?7LL z%;baS8C~|Q5nM8|d41MYLAj4tGj-Fwl^`;@)#NpxUDlGv=VE>RebY95tUOxN0qh)D zf>MfZocrULBv^w3h2WC)fMDc&qwE`j<}oZgLk)WYk}{UnNRSrt^QM$c$yUeJ#Qc7z zS<773+lxjKZ~LXETE7X_?gskbuYe|Yl-74QE0|^S5H0(~@dA_%;f1vmG`o&}DV_^X zc+?I_+CD^WkM|XFCxp8#`8GToUA5Bt@`I{hJx$Z!Jwf$|lkw}3J+y>g2s(p?#~4pV z8jd6d%I0US`i5h%_6^YivV5B*g$obc)!>AB9H)RkeQMIBf}3O0Wf!hXqTBvwzjfd5 z@iOkh(m!JlYB9fC1$;weii*;56T{+fbx7MSYRoSN9`8bms`!eworP0@XOV!`g(N}c zUCdz3AHOP}7g-NMmA)s9KW;1!x`HZQUP8tGtqvl*s=6kMV^)81ySz7o;9@H(@aa>6 zXrf%S`Re2;HCe*D)RI$)K~(&7A6TfdBlz8G$qNV=Oo{Q?h_PQd+YW?YH1O#ceD&Pj zI_R3u@p^O8eRTBJuiD3#zm!ovjH3P>c{>JzIEI;IdDAxTzq%8ED6}hjE%*E5G&TId zo$A##P_Jg#Bt|PWm}C~Y2~)3>xwbxTo1s`8Zi5wUzz2gI%~-= zw*LGs-_HxI2nGzhd?=4bFOa@h#KLla{v+e7rWRj3AsgV0rS0tpa#W*ob@8`P4U=3lIqDtGz;3Evo@#UKL zw3g-H#d)SvUCg8PIt@@I0T^|3;IhY1$i2D}BhJLs&(=vS5&G>IvebV}r|W$ui?f`y z+m$tQreoCF&GtRz3ZwCQ9CAK+ufMju$4CYpwvkEPm(BC<-7FG^t(&gxyCw4&#=b*- z$mR3ZNleiEolFphgIL4c61J;h*?!zdQaZhh5p7;aVi=Q=Bu@e1_cxh)meSn(yj$1B z+^1{QC&|liw#=R_7>eRv9|^zo-Obrja|i}F>4kxTc4H{dq3(Y>F}%x97|_$Z(~MHY z!UOT;+V1Xdx3zBJafwX~O!9Ac$X}*2#Lx`}r1=X&s(iQ7;Wxy7kGJf=yu$y)V?FoY z7q&MN8(MCG(_2yy7_3$|6UAmUz)OBytHoj3HtDO?;wJpW#|2&&0j&XyAkHo zG^P?%^QL?I!98rUe|e>U&C&Vp7z5?J|E=aF*PxqC=DT|vxX0U|<@XFXSpDDcOJf*6 z9KY<3^wW^W3F0S}wSE8VlN^;hfB^ep*Y}@j=@F{uE00nuqQ#^tpUS;kni+IuMzHgq8 zrDE-F4A=)pXOiWA!}-WeQOHJZey0Hog9O$lO7CA zhW9D+27odeGJmkEItz$HRInLchE=8)l}yykm5jn7h}{mA-l{T_S>Pq|k9X&3D3O?xHqg##SA z{)KNwVI`Vt%Pe-BJf;X)z?uv+ECc`f^~S64AKFHN)5<#B9P=u>ng;fu$; zlS62jNsbf?KuPL#MnE)H|EnWsi}F;}CG7{we7A~3noZ?dHsyVchppiQ(VCU7t#LY3 z1(K}^))|lCY|N8aG9*O8dYi6*7qJ_zP2YaHyy-PhL$M084}SatABrA)Sn;|z%YWY9 z`T=XOrcmFgHfv8xZ3lfZ)dWn!JX>E(TwH%dE4@EbLiOM}xMU8j25)R?!vnZ1wJJ=q zZu<-8XIE#~yha}+C8oF#-U_C`RVhHu$hI#FsSc**{$v^5#zq3mi_6P74j-PxAor!fsOd-~$L@GWsZKFlh`E3@HPu1? z^npTNf`FZBNUM`6C2*gVaT$B87!Y`@8yJ_PuZ#;D(W1#h6f#n!^jP1lDo{*BB8Afv z0g(le`leczy2yqi>(#Y;X8ej@!M?iST23|_)5-AW)xpAIPRM4pTc-ZJZ{?0!A{Y2e z>fdq%-s6-3z$|ORaIAhg&s*42izlr?Bhn*>fz;*dl-HC69NPEJghJxkFG z=H{{oh$}1h{l?}@6!}x!(SM3Z%dcYENt@-y2msIua4E%ygRyMZ$cjzUg@yghIUxgP zMk_N_FT|hgCLY92ddU*6nayI+rTE)pb@dU)#ZY5)_PrIl$K>7Mu z%=4adEX~6Q+;7X6l4__CWEInaj{7tc<%dBVzw^bsI*hQAdfqbZb}QQwvz7hJ#kh2G zoT>xd|K4*T|FfGNEO>pUekpLa;E;cNAAv~{9>*XSElw~J?cHMj5Jz2vMki*E2|Ws0 z3!2eW>B1xl$0a`<$MAO^)Q@5qfQ$cerSJ7;Y1y4WrZo6vwlWMJ&Nh=xS1mpIrRyMP z7{s*qw3+$rxaNkHe^+;<@p0UOJz1C^Sy*Y^?LF}sLu;r%%hbv12?e+mr&SW0oQ2{;hce4YlgF`4 z0Kms$cdiF9);2I_O^Wb`(45@uviymT>)`70=k#z@Y7zx*3BpparmF0zb+~pk=tHTE zKmq*22X0}`bzBN2^r5^+vl1_~59D)Ipyp=wqi@GIo;{y{&0{~cCr|)Nud+=RA4&Ph z&!Vzru`e|UwR!bXn9249>mT*8s1pSh5)&CnS9wW^Q5Vf){3pfbfg=GzdCloxdVecl zkw2a{`Qz$p!uDukmR9Two57p)MCoc00==Q8IgbnGA$$AT5j2D%YX+{Wn(H+@>AXI_ zbS0zj(Q{mVUJ$?)$tMg#qN1#S9OlfLj48h`7(*LseE}?6@rtqF0OnmQ!k_Opcb2SU%(zp**OL?OuWI7vRcy4DM>b-#%p7e zoboXJkbX9mDKp;6$jQdWr1QkXn+F(E$s?OcqVWSSh8|ZedA$iB7R$nx-WudCS-xih zZXtZNXJTmNGDEb)6>4v@{Sn|EZu7Z-s>gVMEbmEVv^Et$bH$0>20P)eSu6;J?1)_u zoxI&Cp8UuNcr}yG_Pf`YPB?;XdPeyPFW3g=m@|j&O%-U|t`*3mp%E09r^4lYIqUJ1 zr?TYX2)fL1Cgf+FKJf-!?tv{3528mR5xyBIZ)e4O8!WpdBI@mDP&m`f2W&07R$YIl z=wrY~{_uc=Mve)Ux=|uHoel5b%Zs4@Oxmct507~HIe>3PK>Tb*BtD#In3}%+xIpYE zHaU50Y+OuyM>!l*rSH?iK`Vub9sLbeR2ygRM*aP5MXW zLXH1TC_nPSxDgLEw8Ga%nekXA36ksxXP*H4CHCe$B#4+vA6juhjMFqBVD#i?wX`^b zXRH7uTRPyOkr8=Cc?ShBiaf4Enk^Dfj^9jO&p_~zdYMs##EvH12dF>#y_suMRkAcA z*7_^vcry@<`+Bw)ZKUCIj9WIhXZ5Q{i~I9556I|AIytMv!{XMUrRMV2FZwi)N`2oS z^CnbMF&YTRH_Qu#zjSA@u@mgcMY+zAa1M4#?$?Wa9VuWU3*s)O;Z^fJM2P(=D#!NF zb^)nz3)bUEs4t1w|NQ$tw&AG|>RH1p(JJleG&+`T?O%U|&hdZ^A`l_cC}fsCp`Lz% zA=b zpb#EJ@igX>pb#ZdL==5w!3SY_DRL=te=6~|@;4iQa~nD?Lgdz#ArJ!s2nDO>S)r1~ zE}>@{<{bu|hvcUh4e+8l&{HDG(0Ci()MKe}000a-p@0Fr&)$;)a`c77eI~d+^X>sk zUc)tiejh-C%s;XYGn=CI5ro|kwhTo@CH!b;j8JV$r(LoxlRI`k_ZPd|M7gn8jAgjUU4^rPXovPqa$NTFW=S3<^_NQ z0E#pq>HQ1KmEIk;@;?}5$Wg@ay}Pxx=RB^b6?j5EP~|XUAa_`R{llAs!<(y#Tj>x0 zcbwmDJDh-j2!zY0e1%h-vCjq z*LQLKKpJzJJ3PE^j`&nt1JAU^sM2MLf z*oIc{f2%0aEvhB*BPC6DgH^c^jQ`dn!kuwe8l6|fBuwzxudPhL=+hDE}gSc67<)`vQBk4LcXI*wb#ZxRN1R8m7-HWj16OBBb7!*@Jio+EFB0$kiP3~Ad2}t|NGBNj=G4=$EB%-YOY^9(+r$QbkFaN zzCa8i%Lor5^_miV@U8TrSfoZiv>Fqc4(wF;T}|N<+yt!0-nZ0TKxCt-6n{}N4qzRYD zwSwcjb9v%FwYB>~46@e~1wnCz>J0XKF>^9!Ostp{Rau+hWO{2qpI#1Uussj{!BP%f zVED6lu*>jxs+p=HO|oIrVMn3MQsWc0$f=VuWn6*?17R^A92+i#D(IeBrz&VtaP`3f z0$EI;kfu`g431B1YqfcF(Y)*ENcHqVXePaUV|iwrS_aEe^D9JW41fhl+VjJ7AK}TRn>A&KaQl1 zqr_``)b97b$5(tOp-`~Q2Ws%Qua4DlY6yE*CWR&qVu}sn{N$Jdo!KEE_`|?)jU+gC zq63<3z7t1I@n;SbuV#=oc1c<{vbbmpP;p4L@+fMx=jZ3k5aY?T{M)G%#!QhMnEERtH+S#}C+Y0{&UB`Y~L}h$}XkzDF95 zti+hE@Rt({QexAJQ?jy4)amJvKz+?sab2ci_dpxx_UxPr?o8E>`Tvlisrsj}WH^oB z^AttK!aPq{-K+0`lJzKb6v2_MU2WN#I+0*h>EYPI*s%4^Aje>ayyrNqz^d|dznWIl z&(D~$?1?f&yVMb1ODm!xX@-dP>pdokZS#TYc|zd0MP zwT-UK?qWU|O>;H0Ph2WA`36VXmW(ORX3&N%!>fgcgPvEJ;s&G|j1{=htAA#KGreP~ z4S;sUNY97u zAH`y_44_p&?teaW->%2B?>8@jtadbm`U$u}y>}V(1Khj-2luOb8Zwfgu$HUm45GVJ!w5hlAbE&_v4P(FZm$A% z1V{=(3F%k6oHeyo+ni!dd+F_XuXa|Onjbbxg%Sc;LFGRft)yn~j654GOf5Vt<_o{& zD1&XSm%;Jf7F8ngtE@1j#A?X(GSe|)EM?kAk_hGcUpNhR>cZE0$VW_pZ3rs z|4I!QFQ*^bRJsS_@kSUkuHB@`LH(orS#**(o+^LUO$+Ll=E64*pzkLmp1uIK!U|YNBC@h>4YeU}a^SXc;1mG^}Y5 zq>0}O&`l3sz63EnhwyR>PFGixfGi1r7LTTBStGUWOPG@~qT1#b&vNO1EQhwWsWSRk z&!QD6KbT^X6J&S@xs*HYN%J)plFzd;{cN8jb{!NZp<%DN~zLLz0txSGp>XpW8ml8)+ zE*k&(9?roV1(kzUvB{HBmp{gP@f?&v=RZq-pB=ii@N!vpPbD{o9;yybpM8+rsNGQC z2JuF9RPIfl-J2wt{LISnrSr&8Oht#6z4WsCI=6Q1q`GDysUz`ue&b3|)gE4|-9g*u zP=UkdC!~xSI#Y{_7v9NBS}v~O*mr%7;}S3EUvYTan3|bYnSTG`^#xWki#KcfMoLoy z)Z3q2GM5GPFjAAB<~6#c91HxFbsT6JlOBDMWBhRWTM`nh5G8zWJoa6Fuypa`1zPo* z`z<@y--f{v=J6#ENV>UJpb7!V2V;oQV$F>nGT1U>t4@;UGf-n_l6_XHb zpi3?EABn7jK!}PuG9QHF2vG{dt4pb%Lii6w37=&MzIg^35$To-%{EK5$D$CV;MWWo z@)N9oH8YjLK5r@})^gC{X8SW{@tNpIC2y(oa^T^d^OLnj;FcOp;V^1USDFFi3v*s6 zU#%>T_>4$jt#a31c$7Y07SvNQS>Zis+gw*k*(RyXDEI96U(l+^Sfk6pTLoHzUPG*S zf~eS7n>?`ysvGXS<-&v$NoP=Zg`k0$FxhA@VScE;+Q33#JA{B6Q4uUh{0Yq@UCsgJ zC$JJhCVms$mR51#X;nb`lgGf7L)BEzYx>_)8yU0JK|`ONCw;=XA^01yjs;g-&hJeBk+1-s1G8hxt@+iu%VluO_ANQ-toE8}I^fT}o_al>J46TU@ZV!@WAQAl zqkt>YK;*+`Rq-iJdamDRVd(oX8Tq5v;P{GN3@D*&lH?vSBjcj)6d}G6QxL5|P|i?^ zx`6vbpCeft<=CiL1;swDLMfUjtbH7&PSab~wCy!~0|F{biX)Efcw}mNo*LSG{ft!u z5QAN{L21W;Va{FSKX@Pn`1FCupf%k?+|ijyt7b**z`E?TFIHR(%02AMf7gp7LbHmb z1R<=#sv%ob^uJjjV#Otxy{d<1rF3lAT(6*KJE@qWC0R6hMT5MveY3pA*)NGSF?k@6 zcGdfCJ|!|lFD@8kRZ}vE(iG)>Itapn0QKSN`qTS_$Lk|x7?zH=>2eg0XpKtCTwQH* z*g_p0?W(&R|0KEjlvmLXJ(GUa7!q%JwqB7KmRc~2Zgm9}XPrLeI| z3~qPT87%(9$DV>)>JqBJ_V}dRLlrGO^A-CQZS*=B4ENm|dRD@6t1(z)EODA4)+YfD z(){mHWsLg9X&lo+;sG7C{_pnKr+?`T{ybx`8tJRT*WX7(ez3TYz3Jco771^19y88z zEGGGA_OR5jItdzYwf>0573HXCJO*Y1uX9jPpt0xX@ zS+C|ER(Q)?`fDrbRz?OaEAKA6PDQq_7i~)I(deGoA<}YhO$$6Y(yy2>_!CjO+aJ74 zrjc|%6<&w=E)6Ds4?UR2a7PPg7myS=S|^ES<#E1$D2-0mP@REqTb$@Fx-D*-(Xp z!?z})WiLR6+xjJ#ylZY#vH06VTs|d3r)pCfo-Y+y?#K0Ntn~Eha2fqhfJYk^qge+k z%&Ib>Lv=t3khBdCP>yg>dBnz%OZnGrM)D#kH+pNO)2LdqghNr?XJ(Dk!}87IWb<2a zHkKeTqA3YuQ<}LI534fCoM2CUQf6Qc=@lX#h3%JC_%Y^xE`GwPQ8Yswn>_eytJu6F z@vw!KkIH0TId)19Urbj$i%a-eFT9i6uNKurDyXZQRVlR`XjMGd-fXL?p$=a$B!UvC z8~BKx4~ZQZe5zhv_B#yT&CBNJt*zGWsL37^+nto#gs2{_etSYkj)%?4euQmRaqxaw zLzL;&gapKZE;^**`d2rTlrOZf68jYgaRwbl2^FJQTV~~~saBO^R8(B3Tk+@n)l74^ z1qfT`M|IiHi26gc1dNf@ysH_4Q4y5TQjSupYPQ-$DgvktsHG^O0ImtQ@laYoSW%=$ zg4!JVLs-zTeqH8!oMOD31WzEUWK;!pQ6O6g4dK8o&jZ_ja%tj$P$a?>C3H#aJ4PTM zTa?G;IYrG$06hW{j%=qna9$w9gj)>uekPLi^0#IjY4SGBsY|&qWKP7Gp5(nfjJKXU zh_{=KuF0pI=umLV9lI>_2Hs{ME6(eom`OoWC6c%_gZ-&uL75A=$bt;43}=4Nk2K^_+Y`?zQCTsc+<@l?9SQc%q^dVrcxiXO+grI94IvN9`^oUH)m zvxrl{S_4GuISYLbl-ur8rF=k?bKynXvyvQViga{l#8@smX5rp^OCZMuSFPuS* zOO%)8YL!DjHdZx#{nU7TkqB*v24bFh+?8$CBpp2~noVXzqZ7XpN<5d!iW5?kL;@KN%a%&=ksC;=tJaR>gM zH<=!SOv->bngeF~oGvWIOLe~z(qCiv_yNaa^mn8XW+0^%46ZB8{1 zLFnV)CZ&3+K$8Y}(@ocJ<~H$V`tQf~kCIz5K4ly2U+ zD>c*zOL8L}g3!or77m9O9*T*H&DI@u7`!oo6TKJXM2P)CsaKGG(v}dE*a-jZ$I>8H z99od&%Dvz&SPwf)H*kCiooe3qmEq(^_r@YkU=+|Sr;NWsDIITmkc>8mto8eFpCnsCYs(IibW2I*v!;Fld7jSPMo9{xw@Nh*t*NF?+Obc^We-P^ zl#LB+33lg`0cR)nxRx=<-n4p(GU)jtT2aI_U|KEx z75q~w2*O#9NiJ1mBJYO<8V0n1LP1(9B+hRaTZc zffxvSBq0WE_%>JZuVz+@;GMWDY{h*_XNG^U55%QT>+s}ow^Ml7HX(SX+Oqq*lizZ{ zRsC?O@1_#3V}#Fa)f`rD!a~>gB-H~~3QFUYg(lIe{~CqtohZEsgi3;l>rwZ)jqv3i0N0%CWD8)w(*fwVOTc0b=<{p%p}??mZh5Zn;vI!`peKVH;Lc9G znrjHz_6ykt^c%^W^Y2(zPEJlPE-sg{!_0xd?l`yaf!JLA#8)$brRi!tLVC|+VzJ@H z1jFi4^cmoP;w=R<|H0Ec&LDT5|0V#^Jq$jIV0mt7nfTf`1S6b}6$${0@j;&BcYjto zprNZL>jk8m>7BoK`u^Fxww(VG^X{*;CYjq9_X^j=gn?fl2b`A%+NSwxS~n#o0>-~H zpNWISukdayRQr9U&)O#7v$`RFQmWcs{*NN!9zUp0yfs^St^%$J)iSI`VJT-ZN~zQ^ zlRs6oON5Jgi?E6eW-VlMXm6UU{sMgFIm_0vk4uSB@G6w4whguR+l{%+B@RepQ=o&9`T3I z689F;01=-bbh!8Ui|xFq^suqm?7fApF&u3!8rAkcHJQ*vS(MO%)-Y<(5?KG>#%e4Q zM4dzaZ8m}h!QqD=L4Q*(f~a~#!zYs=*x-mKjUZzAOKNVQP#?tj!LvF-DsqAo63WL` zt_Q_YCigtgB^1OCi}>VOo%lz0+FFlwC`zB3)f!&gl!kKDs~WEYP~&GaTTM+TJ9a?E zcSaJELhy`>u=~SOVlSp>14(xxH+MhZ*(7nVDZ<&k^?T1(v@_=C%3$EFnqnPiy3kIm zX$VL@LJtp@2L($86O1$_Y@3pw_hKh0wIMl&z_v7W_GY2|6a?L9JIwk}Bog>IcUxPNE;(d&_!iBdna*AmOTLO?=a;FKD$^tB(rrNLYJ3KvXp%=N6Tp`DF|dC5@Sp35p-}l>h*SznLpfUBhfvh6^+9z( zjk8@DEIv|zlvCBu+lu3z^A;?Jhs2yrO~Q*8r)cOJq5!nSF|uomyO)J5Z%|Mi;bK-H zHueTk_}rUyEk^6HQj|bN$9si$V09O7Y37r$&_RMIy05(}5}my(#YSPUj~yLG)({m{ zcbLxBPY$G-504faU1~^WqmEF4!W1JHsfma@IlS(3iKgVV%^5gp8Un4BW^E;yJ&#qw zdf7d!>}A8aG&>q*VI3?14>*3zt|4*mM+P-g*={ISN_KVxQBoy?l}07$NzLIhQKXa8 z)1*PIgoJo#al#9EjEXDUzj&6p2_(S?Dcs0gvdrkydoO&tBp z?iwed$vEOP)n)@%tKWjNgSVa4E2Qe$0wpC*B2y9k5kQPb~W;|w7z$O0uy8~73Nak;NH6d+)HV|U-6VYI2du9Y>X~0hVR299zeTGJ7t)&lm7?0QheS~#2%8zOGwGcOsb zV`5BPIfv>a=A#u#V#TJUj6jWTADccDt1gMA$4WN!n19r9n5S)BFX=T?w2O2U+1ti| z!BX>n=#GH36|cYgsiS@yZ`(}f3B1tv8$u0`Qgf9 zj#imA28FPHlB;u?Qtfl_ja>U1{&%xjU8YjEa3oti7Hhcde7AlV2=GN z5%3!0@6!Xkq*05%MfdM;?GquV4PN6dE51uotG^Q{b;LK=S^kZ5ovmI*1F-dE%}3wb zytYq^gV%9bS^)!b9-wJq?r2-H&n!tmEvv8g0JAazbVta&!l*au>yNuTFrf?lZ8<0r=UAdX~%j;snXvdZ6CB zgTde3!`-F~Z2vn4z;1o#aQ=)YYg=lXw*VMKEr475j`be(IB27AaT_4!+_iCl;TC|C zD#z?G2mzk8zv8!ceK+UXc|0EY4R8i50w!ygn+=wmUlTXK8mD#Qs;(D?Wqn5A~xYZh!f7tlq){*TBopP3l_zk)-24z?(h5a&rWKW`6S4E$BM{9$0O0TN@z8 z;FCoty^WL!JZ03mbe>=^`=25smg7Lbg?Lax9}_KPWCmV{Ey)I@j2sn+q;T3;cfvEu zsDNaNOrJD;PH5s<)*i_574h=5+={>!jzLoyvSX;Rw8yBaZ>*A3=Ybu<^bc6)g4_ z9#i;N$y!}|sYV?rPPxQ*W6n+BF5dm3z-W7V2#*pz>bn}Df<#exfB!FftmVz{%y*QO zSmD|8g4E{)lXRdA7pi=ya7rRgW!WysSq);vpz zk#D1lOT7ovxKxfeBP7HNV^n$geOi9?JHL!qFqDGekVop#Pp+ic`BmAAn5FTfDICiB zP9M)S>M3piWPb8db3aD__+AYnRa8Xz4L>E}O3C`wNPY>jPD)|2SQA_r!iyAt#z}fz z&b!O=iMZaI7OcdBqQeU0i_60C#g3$X*6bZdj}r*lZumDeWMoMQ+IrIDqABiZM(|b8 z==h-{zNqQJF4pRbM#gM5P2)uU8;! z$)dR%B|;@wIjtc)O|5iL0%3RDuvt?LLD7bj6Q4~+-L=i%Em4=@*-~v-tk86zzc!xC zp$t)ji&jT+z^EL49XKAW^MkF-*EnDL9Rv-I=Soo?0jG5rb)mh{u(xA1EXD?L0Z$%F zl(Hu-_$&*mR%;tqkn6uOJS#$>>?Alh44w8bLy~lz(fkrWa$*cfb`7*^@ML))?+w~( zzJp0QQL}S%#YQ76JYQ(&R~rqR5s~m7ZK4um#enHp zG5(ak$K7*;R=lM-$1l_Lh}eL@Jj0ijpP<`ReJe56KQE`6Q+B-Zp%X0#SC6OyQ@ExG zKd2F4Bx>1&c7!w&%jcCY2 zq&IzUEQiRX)=$@9G47&f7vFxIQEziU>ZS8VZ2u+$=&FJ#>_Dwe-@kNalFO(2=<3Za!}NgKpeQA^pCw8ejnF8LA`BrZ%(VJY3N&hhtlN{Ct z>)F+=x~6;64ne!<7jg^$blu`i^1S7BMDQg*-a1Q&iMs}NZgf}RMCZlsj~kY?9=QY@ zRhHnsp&`#pin~fu?)KlrV_p2fv;I%_ae6Du^DcfTzP?)bEuuW#@7RcDIPhz~zSLdm zIQxEi#v=X88E-r1c=Yn@_7CvFZfl;GbU;l#ESyhpc{U)>+p&7@FhJM&cK7!3HE@Rj z;=a!BkXshOu;2WLo=<=NCsZ>Sm>}{4d=ZZ)ZtC}HBDw-M`T=%a*VUiV$30hne!z1Z z{SKR0E+%nmcG1_D6U!a<4?2aL^MU!O?>ADu(gk0c|NH{I^SU`7mh0{eB|@*u-QYax z;MYpDz2u&ox37--yTMZolWBciGb0<2BhuQ<{CqL7X zyQB3Jsy;TDKBnvNi@0o(D-HC}25l1R;IblS1Z8^gOgRKg@0AbR zd`lYS;NGfp=7w!+`3sOhgWyniq7U#XSZO%<=PfyLT!az_jq0-=%)j|`v{19xeYmr? z5&n#~7Rh}IWW(-$k@j#>V?z(}?8sXnHE# zK*+wArpkrh)P%X`N{Ze7d4KU`BcwQqC1Z0yxm$nL2{$Z5opz}T3;j7(TCx2{>N8h! zScZSb{$=yhBj{i*8QHP_5-Zi25iKtL(gCyHW4~&yho`}{PKM9dUdc#XSXe;aC377a z!<0{q;sT3JUxdnQ@n;TxK)+&d*)>_gpVrp0^~a-dk~8udW&fSOGU&tV$*bM$J=p)z=CGcbdxkyQQ6N?Up_OIZ*C96_7Qz^0Aj#=b$lt-$R;{`Gnh zzC?QoK7$yMH2DO37-poq1f<%06*-zbVG4jlQ0cD-O4MZ$C=k!A2;;S%m3@0kT zwenQ9Ct)SykT|^=W)(>k)=MD3ha3;K(4oU>K-LAw%E-xeTzY102QWuCeJMNx5};5d z7f^OS2L_gH*P2~~`xk06 z1;5VFry$wK@G`aoAhIfaUvM57J{HqfnfA>wNEB3wB)49hvqfNwG(8c`%}S_m3%rlO zu;Dh=C!+1j8n1U^EIa?&QdhAurqUsHRwJV%L)x}3eee|FKoZ9ga-Nrm%Q{Vqeqh+0 zPN#s_#%4)1Bg)LFnnsz@Qx^edR9D2(NQ405CvAz)Fj0_k+bi z)xor-y(b;65%Lc<5ulURSmRy#xBAC!qJNG2))o5j`&I2wPcSN}Faix~YWt!Oi5EzP zzR?eI*Pq37S!A=eB~N{b6TK%p`TPI&T;=wpWFD>tpQP0GT%Z5`UQWhh@kqD%E=~Ak ze<|kpd$yR{T34{;CBvkwoQqu0ZNQSB@CzILo2!4HWyZIE1j*`}!$tcoEP{5m;p5xW zJDsig1VRHrB`^Hj86c15wWDA_He3q|`^b8JJ3V|?cY3DWVQI*x1Lb&P-7q4OJLG?J zG(bskCY!GtoL5$CyP%CE?~{L46n}lOm05+{zw}wU6ghFI48euJ9V{=O=q4-6DR3KVUyCe4rm`v`u95~Mxx9#~+e0}0~`;f7>_Id8w$^Lbq zxA4_XPHD$M`(Dleeh4uku0EX^864|)Ix84Y@MA18Fe~L;9Zw;& z%!i+Na=9E+DCDqo>a%p_LM*)IdmQjn2+Xp;o~XthR=hiG<{@{&zHons&K>P_j&^I>^A1DAhk?K%DMBt$-M z^lz7_I*Y8I`5en0MN+IM$&V%tNG4&j*?VV%WHOjaE{z}fqL@(+V%L7h_J)~X(R3&1ED$GP%_fk9Y>d2LXr_E2;&4bF>)FGL^I6o&gMqLzI~rb@)0xG_ zGr>SmHWKu3CdmA0Ke0T_)ak_K(P;7p!OsmbDK)Qi+6a1O5Bso@0$353aDwD9%v>IM z)%wOQn!kY@G*N7CR8slzK{os_pmdEqwnSQMxQN;Ct9Y1UXS=Wo)GgJG4YlQj$9?}< zHy#M)^OZSlTUXbXQNi(;6(gIA`R8$cb@lgeqtdic(q`7LO}p?oEkinqn{*| zZZJoEu~D}n(`D)CgNU3o7I?DXYb9u{Wm<8uy?JOx9R`CAxq=(r!T0ayo9$)p_{uz3 zh(+@+zjA{)Bh=#1?l2g+C`L`}IKHki*je(#?1;X}w%3wq=G%2B#rM{qYOOKc3JJ3+ z!{VClW(T&0S!>IC+I(e}_YKYNyF{`ae+0F@$zjJrIyz~W2nr`Xuiew{igzbN1iX56 zarI9a(!|xJ*`zQpVl4K1|TLEtuQHi=q(g%`}^N%KD1TbH#xz!HKFxBo#b zEh`&zxi6OTz!~2wGMg?8Go6_cE%mM+J>_@-*3$a$4b~{y_3uaX;ib1^EErnzz5Re8 zLMUbLJAxJ@HAE(#I!G;pZ-OGM{II7Hx%vuLLMOCW+{oKORvX5gWYxMPqHP)UL>Yv3 z-f%I9^pDJDYW9m}(LT~PG>nv&C%*>;re)FmRt7I|tUXx}IH81;DV{HkxP`d=*xlVo zw5(Os@P^udxI7dTXg>M3!%O*I_nyFzjumL2pQ+m6aJm~`o|!Jp)-$y3z&7i}*oWUy zi!S}aiL}kws)y1-?2KS&9hF2crC0uYhT8dUhs?`m;l65@4v1o`tgMVo@KtK8y=i+h zOUSu@*Yk{>>@&H5pdgV3An23c-nvZibo7V4`7>eLw3y*xt^0+M)k~x8%G7j!S1)If zNA9vcfoG4TRg9g41>N?*RneYWDdbgefEh>G=V&cs-e4dt>g8_rKk1mZj%|_Ow3p3Y zFP+MdP0C`Xmt1WViI10~U-(Bykx{ojf5!3ZaKL71F2KS&4N^BUI^8gQEIm;^-PWWs zn4e$kQ1b=)^j-3*d3DFZ#anO72Y%OKyZN_X@nLeeURU4pH(q_}x%4}qzomCuvoSf+ zz4`pO>rwdYW49x+o4&-_iQ~s@Mm;yBA=mj=E}b_U18YZ2*S@6R#R9IMjW4+Ud-?i$ zlk=@vrOD0_hRS&tlf93xTTRwSX^IffkvDs-magsI#m`&KWgTE;C$&` zNvF3t=833_A}lBNC~O^oj(?cX6;6RD^^fyEl6pEY?!zVtgp69emK`^r`oY7q-Rm z7ksD?0afjOnV7U!m%hoXACEfAr1|6w%YKh7sfCi3c~j^;GOrYJSN-`fO$yb?s}{P2 zBxV^d_O;QqoZt8CT5yL>%?0LT?12vZGc=_22W1uZJi2+`erc{TOi~kuPnb?t;63Y3 z5gD>2+JF?GZLtyw)sPjOx2(9;M5OgSV|M4<*xfo8Uno?Kb^ez9K22pqZDmZQ9q9`X zU6Bz-eqLG5O~xVS5G2y>eY>^9!8DP+KTtlAzDJWuMn-fN`)Yg0nvO=}{qqv+_gq%C zor+~{<$S_k@n5CpSyI`JkzX(Nowz=bS{ORs!}=i*?wT|`ua>i{LU9x|ip+lfX*mQJ zJWN7qPO=6Nn9Onod+2%%6{c-JtRr=VJUmy8n_|8N8IB26H9KTMpGGQw@qHt>ykT-o zy8&XQ$ULg>AVhE?$ni&}<-tb>kfeT%{v`nj(ig>-KRIW*2mPXjWIxl48p4=PXhGkb zxHhQ}52p`T ztH_AdST`!%hXPW^5KDvu+Ct*iG<#V21J*sVUiH1)QmZKt*d9SinSxA?7KaG+OS^+E z*vT|mR1@-y%bs}aMYlDmQ9OFQcf1{^XLhmkeOR|0?Z&KA-bN6Ge86r0=$JR9WO=rZ4r`U*syS(3|fV~W?8wz#}nyftr=2rT&+V9umZ)WhkNbVdhb_H z_OrzvB*zF2+x~i-F1idG2R@wyDir$N;bUj@FV1%wrB53&_ctzOr*a)*;%S-tgQSk1 zM@u#!$=R|r=>F9P?$8dQq4XZl?GWmTS-$U3)P7Qm{feK8$|EbN%&=fdxHe=gdvhXu zbDfDB2h}I5+^j3M@r9@^KmE!&x3`S5Q&o2RiPT54b&tLTQ&{`82v7^G zU%1N9=#OKO+_KdbwBNDyb90Jb+CXe(Qk2LO(`PPYLMkPPMl2{adXdoEvSe?5!W;h9 zyEaU$Mju(E;)Sg|C5Qcs7;d67I=%e@s@2ui32bqTrmv4N``hJ-EU(W6hF&hFy8&DC zTAuE9{h_WdOBkY9{>NgL)>A%z!s%zA(|YsTz3!#IE4Ip|>^1;`ZE3tbCLl9=w@!hz zVYGRlMOND0(M{NEG}7^PP!MgP?CWkVP1~|WmVB%!n)K0=k2TP#ETOOeq~9FfTHgMt z-IE4zSARZ6IPAJO^Y!Dy>1K3aI06i2I3^y`p|<5K&9?fHTc5LCR^{#etp%)wFn zhd*Lmbuc+$(4KkC2%ceNOf5F&D)Ft>K8>2;p|=a&lo;tlqI5PD>KEt=8by3@;S>*X zC5V_DTO0Zl583S4vW&{0tE_Vdo$#6L*l6X6#n;&gQ@Yx|#UcgM)^FW!gHP&5!_<}S z^F}EMyx#moJ)NEwd3-G0WYnt98cVbqXjPY4y1J+NR{tT|fT_L~Wc4PfTD3c=d6eVr zp#B;|Cf#SPekz~#KCFj5Z9>KexL@8hJrMH~Yk5;?y0E=nzSrI~2hJsr&uP5Z=gBJZ z4wJcqLOtm6+eE9a5AoXT&j#dWHs!1<%BM?&Wp~_W2|mNvn_P$pro3QHiS-a~8?XJg z-=3_hC}zQ4-8610MZ6w?Aw;ceB(@fo$AB9eAFF@$9u2|TG7HCM&R^Y?uJ9E*b|Rt-d-Coj*SK0PNiZOg$)c~7vaHAce;Wp60Rr}=FN zX=5D`SNiJ8APd=@=i+ytng;Fyv%}O1Gb(GyVc5Gt_OA(O9|v;nvlgYdP4p*cG1tDh zj5hqVCllbz)dXovdKvX6Ze2Q>vKUXs@O|dW!{Tnd3TO#dqAj#!$S8s0xE+Ik&lDQG zrb_n_`iptvvw^W|_etIh^Xio$nBI?g0T#)JJ0tPw6OUhCAG07&_6M@hEQ5U{$AHho zYGj)zoHI?}wRT~;$)gs3k8o)Z^WkQ){30>?qE*QTfFzb#;MRRPzAPsLC>T9KA#E@& zqKU4q;7k9Ipr4`NDhfeHUsoeVga;y!m{s=oeGeXT;&?kd;R?sukvEFMseh=I#qZAK z86tUBVq5jdvGd9*)0A4DEjgJKSln1)vGs}y4h%vc3P(#Amo{asfP^B{#nGguGNn9m zJSe|RNg&=AWsRBe2<{4JEJ$Y*r`Il(cS;1?}{bH{-ZtFI{VR6yYAQxm*^8fK^qlP6izq)imewQKMp*eUow*mJT!Xb_o5X>R6k$UM9R+}jtP zZ3jyTTk~Ouyey49?KojVM07Zg3HOzNPjAwAtmSXnJvL8!O3RdDF_v_~AER17s=J2d ztMb!FEbFH{;)w45oL>>%V1DAf=3?Fw%#g=AJGT^IVd{kXQdB##{N>rLF$+;^hs$Mm z?S@oT)e%HfS!P6*Uo2xlG1hE4An#&kOa2(TPNxTfJfLu!9Sg}c3lg0L};A`lx z%7i?j(tOD1Mgc$DFqFH7B*Ey$N28exw`M-!7ativ*wR=FuyF|5AV&s@aukyE!{i@me$+a6%sU4<72KS=F^l2qmpqwvI53Z0 zM~Jg7$qz!(q$KNwiN4+3ljtPIjI^Gd7_X-v-HN<{a(YJm*rDNvu637Ny21T{TgnanK1JCLbZ{5GOl2CH?bZVRNT zQIYAIX{msv=H%XoWPx|s));}u(SH95s5TDHe_z?rnL{?%{Y_wvH_I|L^VE^DO{P8k z{#^rn?!4#_D*qOTEIbv_Un>8LukVg#`~TaH*=Uu7Qc8_P6;&%}soj`0YgDY(3ZXW& zYgddSYQ^kVZ8d7|T`R%26eUKfQBq>3sCx2y&bgm+KlgdglRrLx=X`SVdSCDBb&Z+2 zJKHPPN>JYQ$3dL-9wJq&pEMD3obz=uozqlMruj$fRX2P3O|wj2aS>l#H@G|B zWF4(;niW?TS24^14O!sWP%-N`MwhZmN;(=MWhrXd1zk&0C{wcEvKCI99n^|=YshWg zXLBtYpBrB|VHLMKH%GBPvAprTMQIq^^%BzUgLZ+F@ww1JO=Y>bDnV)AFAElHS9 z$zM#Og+AQkXWCQAI$km%5HnJ-jZ2G_ih$31hAsmVFbI44UfB*%z?+d=8*FmzC3j9@ znJihN8U8hTYX8&@$zBn+W@#-4Nuv7TXFaB&_vGtCG?4X4kz>HupBzFgltP2yUv73K zZiFVkw|i4k^$p*KB%mAU21#IfpNu?I^t{RaTz2AGINbf5XG^nL1!+`bDhC7Vuc&ck zoJ$DWffwlEuYZYmU(bU_S2*zWQ%!ebhP2EVpCS9va{Xg}D3>M5-DkML)}B$Y%|>jZ z;5k4+xf_4D5cGU@YlrY)`R_h~^!lJGIiA`>4bR9+!)dkia|DHXVdmKa=%aO~OYtNJ zW;1*{$y0>KU>#jHS(Wk20eelKDe|u6g_*!Y)a&27?PUGa)6+l##qm<0Y%nD?;X}F) z%~uKy`1=x9l$^{QcCt3Ooq@Z~(^I1l~3GS&90FR_Tyw}MrN^EHPO zPA(`dZxmu(t7T4F57+T+ef>wQ!Tgc0{QW1UUXK!r-uf-CC53lU2DUD_*!#br@Bab8 zVZXQEv1%c1{G8|2$0_)^Ns(tt1!)~zKAEzvfTU+(SIfkTX8i zWHIYKoU8WH_4;F%tyzhQKsB{^S#8}k-=jlE2lO31mUW#XzE(Da7AkQUq57>Ub+Y8sTytzwT+`(U% zTw*lwo{t)@78A#*6SySI-feJ^gVm_}R zdH7g%)%P8dZugU4+yg@dQgcCi4OzNW=t9y(GG(H^*L?9so{5UzI+C& zB3q5?lbl?y#WIljZ(GLCj}*_eC9UP>ae)eJjdHxl>iKt7)f@e1=9(|g0P7e zMfoF~&_%#lEg$4fY}{3_Xb83Wu;RkIEE98h|6_G}Rx123T1z}igcZN)&MsK^9i(SE zUrnerF#U%1apVVZ>zliU^x{(B6?gmX>n}hM zre9SR4%_#3pV@e7qm}No$tJ6#T*aHw5*7UV>}ab$ww&BdTFTFms~3C{l86B_0zLCL zi~aecLS6=&S2V1B{8%p}?B#mbj@<~X%@>;UHAc3!QX>Gq(S$&n&`!CP>AcfGaU!8{ zjTD(bu2yluH1Op;5F{5f^0BWer{YMdylD@Fn)0?NL3P?Fhn+o~Y&2S_zlYPk5=;fg z2>GO$&Mm+c6Q$}a1+RS0@2A8XpGbCPxM&904Ko&3V|;K$j}vMqo{V&l@Q0 zK8G#?EMa)5U4&QZlL+wXKY?JQI4v;JjZ=G<)+M)(AEF@6Fn=54i8_2nstG%tl^k2x zIwysV&;A+t^Hz&6)!9SSb|~^bP#luLJzp(8OUfL z)vZc&qGx~vhQyA2!IDw;7$FBp2~VPTv8!mQ1G0JvR7iHpUj3)y`R-K5M`DwQc<3a` zjPiXe+htY`y&)T=#Lo%618vb&;6U)V`3Re@o5~~dKBug%c4mQb{y4;Un zFjQ774#4cisi%jp?3(J`)=m={(#TA+WRjqv@+49cw|SL9L(Y!&V-O9(_3?XCoA+2t z0^RGI5Z&h^vlI=^@d;&M5{9%tKkf7X$AJm%aEqo-24&0*R91?UGF^9$69fnp@;O&# zM@BWiSTXkC3k`8*-drdBtqIE=DC{)wk+Poslucn$cE<+@Z8kPyM8{zBwUs}=|5iTm z;Ngw7L!|NY!gv=#2+cU2Zm?^D=j-Gt{|iF|77KSR4Kyto`5ihW{Ht|J^$tQohhf z3#K#eif#s)**=zlZP{*o*SMpi(l~Q_&5kb)0%hTm#GgpMX;*hJy(ajO zGRV+a-l7N7<;{nuzBXrHE!nO>-z91E;HAR(X;-~1gc#s`!qN&AN339$uV_wTLA96C z5N}3%JGhV!D^vBGAADjJ?vY#0UPS@d9W{#eR)CeyrFlCitj2n7gb;tzrK(z+IDMHJ z-#lz0rAyC~Ll<9h*}J+;1_dqWxEQkw(nB6XS}CR0>i4Kds{tqOW^;B( zVZQpepGeP^o6#@&!0EIi4hZc>f-OUy=YI}XBZeHagFFUO=ghTU*kUo?`^7#8*rmW_ z42(IwkB@Q<17*l{*bh2IMn7Ha_Eu!^36)km`Ozvx>hMUenZt%L&idsO~4lH4HB(Bt;7Czt)N-4zK`>2=7Sp`24&`U2S7Fc9>6x z|3>`W%aF6*``(B#3P=C?_eyNJOupb~-AjS1kWL zW0LiAt*LCe^#Ln)h>pl8Fe-O6V20aPoW5x@1*_cSWdxzG)l^kfHD0Y?LC2`3rRnB^ z=?vAwdkkNX*+%uiL$}oplL1C;cT*xPCl#d@VJJq++2i%~_5DSJxr-s))-DfRFPQZc zu=JpPYv#i0UX1z;_{op#s_xH_v;hKp@6n%-i$C5dk$h?-TcTnH*wYDCj8S$W3E^W2!f%{hPxv4n#eR(O)e zsHG@x>*pFc zX(YKF+KSjgrDD-7SHiP*_y@jSVNIxL)oei@p=@Sl6taq17VLk8=4b2oNe$Lome!%U zJ*kst(wIsV6{2A1Ps~@eb218@3-q557n;C4dgr@L-ddpOm>`eN=Gdt|T3ZHQLK`v& zSq6eJK(ZD?xhzR}@FuqeMx!_j6s_DO{>5ORoMQfI`le_hvdPUAdDYmm1n+x|T77^c zDg`oWX^(_mBR?w(rUlNW1rzCR3Rg7Ey(n?%ePL!KEbMtne3eMrsKL9?7);8+ZD7nLlyG( z==A3D<#FSbLU-`x$qs6ZF)_550|=T@AS#eQaZx60@L@lNI#&(};jDZ|yLOR7-dz8v z_K8H{(*MR96qF2ZI=YM+&mN-wju>5}* z<^O`!yj@G(fhL9Jeso?Xpw{c2t9(K{*w6j1|FK-#yVlwDbjcunLr{vP{j@2$!cUYH zY_lO29e^!y+@+lN6>qh3WCfFM@ZD2F_#)#8!5>oJ160!K;E~ehE)L~!nr{SHqxI6q z9xgC=)+;KQrcgUb5RJZOCn-3Oq=g9ZvW81IHF6=}5Sl1*3akGlYSQsf0*fGJyKpnx ze8+6cwmK$fPHBe1KoGw*eM+8~eFE2=GVvl*$9$PC2fr{b(0aIn2dyUR_DG4GT1anP z#YfmoIGyTxsYH0ZB#dr1&fxX9fYNW?+OoB9vG-dQ7wDIwDEr4w83(>X@=|toVC(Z; zqn>ZHQhm@FVw>B&QW{}Ka5X2@!oxuUD_d&-p^ZZHC9q69-~|KF>M@EenzwSGLNILs zU}9oh$Iy-dCw7Z=G^je*!FfMkkR7=j!VS3Uiud}r2!@X{kG@usO*?_NO`rYv(pCLg zvTkifFo++v{bbxNd$W8snMa8cj=hqWW2E{@5Ck02rRB6wvrWNr4(M8&!aXW!D>`L# z3ehd|OkYqI8II-j%Tf_itQY}M2DCkI3%TXUO>a>XM_d1iM7aJd7Yw9-3gqnN6PzTx z*KlP)vO}5dL5bnarA4*F_*obZ-}e&CCQD~{zwi0`VJgpnHfCyJr;B&q^%eGAb z52sk|8$*}lZeVBq*i{n**w!crvC>+F+Y7&q~59zIB=b zMae7EC>}6=KImqZN*#;PlxwVLtf-GkHwu{)3g?J=l%P=kYSYQgzQG?iFi zp<8o{Rl$dV-*CzfY-34UZfu1?ewb3(?5A%c!+I#~xr{|QtsL9P#orCb}oZ)%8 zxXH$;oTq=@MLMsxc6}@~7%*K7EB6%Sef63)>-0BtLnM|RqqNnPtd)>5+#m^2Q{MU1c zoE=W&*x=#U)@J8R2};p)a3L8#(__9?^QiXam(d5!Gl}?xIG3pRM?eRnF^is0!TQk! zd6~rC;P|`j*RMm|$?2ifw%Zn^l51j06yJEtO6fHEAPjWK=#!RV*y{hY-CQOK>9?^l zD`9K~GW%Ebh<&4i+6kJL$9%YTB^WCN2XbyfARnhSCYnbNpXxC$(65yN4{_eq2W{1~ zcJ9bmL@S`%*Ov0D;8;0@o?q0obVOMOop4PnHEh2RXdDveb9UKKH zU5*s|8F@zHjVmk9ok);qeXHImqmE>G${{m9XktkG@QOwXGV`haOVrF}9_v4iCl+0v z=jvZ~tYKn|E}{c;xs=#XKhj>JT~e72($4+p@6KZdQDYCB0vNwIQ7Q*{`D=^nO_?|A zvk>yo@|UmY&qFUSrf`mjn?$AKDT)E>;&;I6USO(0y+ZD$^4V@q%`!zmvhj($Vc+Zp z=;?J1ZS6-E-s%3NoUwKGw66A&k#!KIH$c zjF-qOL3w;=6zhY0vq|0y&1tszJcoJfaWS^$9&tCU`(H`do`%GLUatRY9 z5*Ts1RsH>77Y0aIkJ$_5q?V7tNFw^9nu}tX8&OIg(-ld<4IiE zos!m@Y9J9@|7e*aZh>Ru0CIiVWddcH2C{zs1?icNfdL`8nK7qYv^+58TslrMLV9>% zBrAq6Ok2mm%D-S016*%2o$!j0ixWY-`QZ4p@wUxl9=3EpCSubH&8>XR9cliQMsE*> zFbCQ@UT;wW4mYOGHJ>Qmqktt&8QhB2HQex#fcaEzsT{pH4zCucYd0}0Z8knEnJa}< zGC1smBQ-GZ*L3(ZnW0Y;${^z*he3x47dwqwIdR*6TYK?XQ{0qmRr;kSTy)hvl_IC! zx?;kKHR+1fVlCHB0D+ln0y9S+XmayECg;@uq|Dxrx*@ecFn-A)5vTWmwc;=Jafv(w_k$bY_9&QZ5tlTPpgL7cL>t@O8Y(e*_iND+D1!0%{;z}X9 zEMKZctWWp%y%0z@?)JdMM1Z!jVu3!KVU5zwsJimGVSLY*+6m&b#^Ye}z^(Tgwg-M5 zge{?@&a`TZ_~c|{PE1fqL)hL%QSFG}(V>K;!~lHPUy0(su)eYvgO{yd+X)h ziLJP{K{_!$7&FtV>g3{>qT9}K)p|pdS?P629}m5(xIg(biWxG<20^?;{o%ZLCa%ei z??BF-P{rg+s;Y70qJAIw#SxN?AP!;w2<f|T03b)Q&MmIR>Mx$ z4SeQ_I4oM~V#hmBF%Q2{JMunDP){GXIu(K+e~A{EejRpspQOHs9f3Q}n6Yzm!%e!m z`b-VE{QNA@LOq10=QR%`Iy<}GN)B~73c&o`h$yz{P6tk9LhX$L6@|#K)?1wc6d3>Gm3ppmdKHy zN_!G|ud*fM?A)BWZ^+AmazwSzl&KFTsDWSIV1)V5_j$}-FANQ(!%1B03zEB}tPngr z#KV4{5(-{l1dfB1()f>;nk%0=38eH<8^S%MvY5@a=8Bx}3&URJe2g5HY9xv(cI^B( z(l@QTd*7D-pC7%<3@Pyezm=-7BYJVZRyFqDzPW+Zm*OVfelQBMxa;ycBPCcJ`Jf9q zC(kc`&t$A8^ENAAu3vOt5(+NP{$_@qpCw=JW*T4qn5d!jj2(1e931kdNt{?el-ihd z*vYo_!TY*Y-2q_+STOCRi7V$6?^5uQba+9~HpRyD-ygis-tV`2gZMWc{T0Qv$Ps(D=QLm&kwv2;-!8&^8h)!fiy2^Uny9R z(Hn7U6a6b-1ym_>>>q9c#}w7r6#1yxkYet_JYZ8t zJNZ{0xX1m9%Fgz?Nc+SY3sR@T*S#VK2)~-(HQI-wwg5(p^GP`6PhG4<{zS4j89iwt zDUFT8@TSMU7V6lDk}9$oBn_A>nI{MThKUFnsOH@#l7jzT0ZR_%xS8eJ=SA}Qu|oK=ap1s_;hH9IRH1a4$TGM*4j339#2> z-!}e0IBv8SrKauaZ(ts+nJS0=j@jib8ShO6=a=gdoiZ-w+R;z@#ti8tR8&}c=zIi6 z`{xupq7R|sr>CaRw>$ydr8#)S+py2uQNKZij$B>tf)n*nqXmh@E z4sk>n(Z|(knQhpZXNnQ%n*sk?(0s<+utNV2(?O=(fN|oWM-sqK%2s> z>&y9P3Rw(QcfeblH~1m_$dYc$nwXS#cT};y1J)!~DZe6~ySl3X;1+$!lJwm6iE_77 z(0$d1#Q%Kmu@a=|vxZqr+wM+~vW>JQbHv;cUdB*kjCJP(rV7d-Bk&gD^{ygTs%E zuqu5P4FDu=SWVcl(QF|nn$*0HPAt3ykY^-4pIv@^`HSdS@b_$oKp=1x<0h7Eo>RV` zdvmgcWt%URl<$`rb~QN1ZO)5^T3yu(`HZ0-^B03LD0)5wUJx?lSS6Qg-;yj$<$n{H zD%y`{8HW^(sKLwC05WXI13q>eeQS6Em1j5q)9Z5$GrzMeAHzYXxereM^lLBAcyxE< zQKoPgMN>d%T3VyD<`rCS%@)Mik1Mhkt;rT|&0A=6g}t_}XA?uAWJrx81B?#e*O56i^~bF)j9 zHTep&Y;kTmy56stM^hm|lBNUF#OAw9KDPwa0N{I1)a_$)2)R{k!w8eg7pW|C{Nq~6 zz#&~YMRW@g%RJ4vB zbu=G+{lB)I&tgU0+pRq)jUB=aQ-1zpy6IeY z{&O2K@tfB2{1~r>>CrDox+-mli}dVBwh?^1X_x)B98>S95K9DTJ0DA3}Jokp9KeR=|-a#4I zoCPN%?@!g8XcbIZ$lAK|rF>ITj4G-srR=s4(tW8M)7Nm*`qx%Jcy??&8U3Y@`qNKN zLh|A6>4wgtnNrtMc17fOFeaUIjP#5xT)@^ZN#aQ~x=glSn-3hFnR zT`IMDo`RanZYaqUQtXGsfv()nKA%({P~37BMvg$E%xgqaR2huyUPay(2!X7e3DY6} z?Q%dKzsej6qaDI3jx-U^Nxb5vhwJM*7l+#nrWTnoXlN=2M5K?;UNF6+5No^P!vwMW z2Ux@ZR+1i8^VRebfO;e-sG$?dkvg+}^!INUiE_Fq71%)k9G;oFU$k6@jJiaPmF@Es zAbln$gGglQ3iCpBDllkEeSDlzP1?xrYR^J5fu3)s><60GF<*Ss&)S{9j-79qiALG* zWVM&xRmPWP$9hiGW~ZRhluDBOPi~ge{o@Wq`8;U0^QeEH;c&QumAfDkqX25ZbI-eS zPV0P;Iz{P-?6He7*$4GQHDXJ@$<*Ir6?kz*O$^FtY*xP5-z=fT zjQn+Le;vuEcE01b+%%J=vfLF4P2N-G6yKbxc>1}+-PkKN{OZv)qR!cgV+Y1&krsr zFDaV@?sSTmmW1jv=K$SDb9;fB)F}ITMh!p6KrRh`bTn6z`@H9a#78la=-mWaSPfCW z#E}+gAJlTQp0G$UtUmVyWlEkXLV`#MM-@*fvo%;RC1kT<`R3%%yOAFrJhVwO@bm-} zKV>2PsZh{GzITBNEs+YFw2PO92qJZg6KS*3%ltA9=PnOs$;*FFx{gduJ(>yMJT@Ei z3`z?w_jZ09ddQymAq-qKDGnbwK_5MX+wc9@=ssav>0G%@xzkh;G$AsRPOnVl*1m0Z zvA7r`EB3*Hs2GIdbs#VwEQ>A6`o_u0$@sDJjt~S|FEzF6zMCJxc$Ip2vtB6Jb&E;> znD@tfo1#u$R#Ah;aoFPtB;i8*#>!MoD@KAP5qG*^GRBBLIy=S}LXJXe!?w%2H4SKf z{|}T~Uix?c&ReQ*mNd~9NRT0_R3})HHIiXqE#%kr8L}DQLF~BUXf)#2`NB(^X1DBj zT8Iau-rGAJCpa9+NbsS0c-;X^m2Ioz9DRAJo*``cmsNcw`P9>YS9QG|VHVmD8`~lK z3K_4f1*(t6QW6zf=)4@@vC`^-l6NAClz`y}K$zspK6@Mj%k4?t`xZ)wJDWVOb1tjh zQ|(uGDEarpeTn*9+pHL1W0RC}Q?ew!de&{+h!QF@wc+dEVi^E86i6teX57mQ&!H`x z&t=Cf-3pHvyjgPK-MSDQdAKiSQry_|aS`9-*6#MK86A#h@j^;ToOlts`V<$?sc|vA zw1w~CR0>qoOz-MmG+|Ns&2AyqH9qn^p(s7Jp4@lugnb4(c5?1A&HEH-%B~2inY`CZ zy{fikpJw_iC|Vc_iHyGb_MT{;5#q(TfZ88JN>|uhV!B3nZV&t=#xn))sq?Yw{u3u^ zm|lWrS5qVXT7-&5cpce>loscjFn4jj8z$I#-ol!`@A(w*lB+66oL}>kZ_7!3xXby; z$xdlOn9U3;2EOy|8C~P>MJ|-u1TOMXV?DfOOdAh=Q8)7l;4khjC#izn@{^Lfhn5oV zTfBA<^_D81Wxd-#5wnYmQ|k=AqMuN2lD{L|uuuHOs~1o}%Moexr$|bYk(VhnquZf0{u?KCqOqS7K0*j`n{`5x=M65!RZ%}NMT|(F!}C9S zpK#bDz=F{UR`b;Y6zzw2hWy*Mv=nx38U8%1Env-!*M9kg@~Cc$oZ5~S)L-4!Um|xN zjKZxjT`q0+A4V)V-FW>|V=Ou+rhVD{nW?Q!#P2^L6S}KK4N{TYz7WB1I6{5!=;|e* zK?15~7~k~nXmM=A-KWCYHJVWa&L+kx`Ez}}!|j9A8J#O&@9+Mn38VLWDmcao_}4#I zv4|q4gD9e67*Q(9;pyHNpQ!*bY!3Is8WRcg^dzbwVc>7nXzQ1zhg5J$$9xhW_ejAUa!ZC6~ zh6vFghd+FTz565~k417<`qEawO-FyxZ57)(CTSa#DsjR4-pKd2s$f#KD-WymVjz#r z(Q$|%q9|X9?I6CUriRc&@C8fyOb^1lyTf(~535RXLHuLrJ-Pl!?aU=m`FAP*^qzs| zJ_M!aX5~L$8*-8-$jo4y*_czIV7w;JG4czwdl`+n#&6pIKL`rTQnYYgELI zEkBvlhCPQZuNSN;_`>_WX@3sR&USW6mzCY0cZb>3JYbW*zvJBs|2=#BfvmBjV$&?n zU+XD&^_xC+H$nhxTY;_JKDut}{3t)LNs@Hetm0}oVds^N0Z)XkeuXAAvjK!HCLYAV zFEuvSc}Dfq24+|naP;!s<9bSqxJ zxOCFnW-=6$(pGGl`EWa{P{W&S8&tQEdt`-G4EO7A4Jr;GRRkKG&yXUW&cRqH@mO9e z#6qwz;O!`A!$p(!wq?P9E}1t+s|bdPzxu8o*#jXXfX(K@4 zqf~#N70<0}-PII$;+WVA?|bPk>lFA6v(B;Dj9?g{xVrDbB(F(=v&?hM6h1YwV+dUs z&%ko*7IJ#i-(ptx^6XDM8fB*cir&#&Ba17=CsEFy+63LIi>4VHqwKrZTbQt#ZR&vC z{e8c7>*lQtKCse#;^ZTh4Ss4W$d`uB+?nH$FEjm9ibRDM?`7_&nZ1;Z{Ed;XYMRSJ zf{kdddN=s%2)2aGe+YjFW}wEcfXoC9fKQA~vmRZOjHaG9ZwG?C@=uF8!CKKdO~XL) zoo=J!;A-+JyGKTq#1*E)QPZVPglBw~+3veC*X69_sy00T8aVf2h>VXo@5H zHnewHLCTi79x;=Tqs!s$)a(dTWVp|%;L4cCHGX^foren<^}SmQX(#Cz3*E2i#~4f&|B zAU4>&$`Tt|M^ElAE*m;GG^+SEG$P{tC&1~yisOIGHnXz542LqZud_`53ow3Xwmvsd zRH(wgau=jh3rYYANGaMSqIUb{EyZ<0zU1L>j48naQrOAIa0_B&nM|B3zr#~Etb_rQ zfh<>AYhrRMT+^z%IxRv#V0`n5K9>5o;BcQGrW%5u^}dq)QPHVXLWQH>BIi4 zYMz1Lxjk|O;A6$q{)AxXOdu?MQ!i&+-rO+N8SNLFpoQFKPjhY*qE=F%GSn})UL>Nn zwgRLn-cuWq2?I#&_1fK3de~VwInR>6F$lp%&_+SLYW@`jp__byRWlI0CbCtX}U$!n>ohr0tpz@M8I`q)Oi6>^kQY5vpJIB6!e=? zlyThD-PMsV?gZX)8;P#qtH1h-GM=fv4ec`R937wf5k87rVsw! zGceG7WdTXbv_^cDBrk`Zw=BAoxfQT4GR@R-zM@vOqsxneBXbFc%ukX}S7**XH(W`IP zF6e_9*`(_mwp1Q8%YJ2;U*f;9f_vL)HaNQO+%K%Yg-_v`Z;zBWwZ(`%a<+K&Jv8rjg)*qF7rZvXJTDk#dgEyt;8X-si(=1`8tKI=+!t2mK}!*QGs z4Uv47P2YFMv|=NAL;<1Q>i-#_m+ATRd;j+=rHs~#A5VS?+0enR{_yvIm@4FYS=%Ml zGhnr5iUff7JQK=*SrS(y6cxM(3mx%Ktbv=R&&6@gnWpMe_8LHRu{v$VbiG2MRErSK zMZNH3BTi^4st}!brLd_jVg>Ijeux`g{(6&*u1Ule`!7rNR}&K-{g!8i(xuodo19gCN=Iv&_RiCu#^Ylnc#n)3Q6K~@;P`9``J#-~c`ex2}6lKX+q%8?UbZ9V58jPrGFrn>&C+F02n z-vZDS_#;%AXB!^1!pUdm2=f0zK?Z*gPU!#n&iLROjkepe&-9Z~Ni`!69n-Ag#VnCn zy?#9)(BJ`tiAEhC>KbAX zscP(r!r3QiUByS7xKcHarr>onF-c4tT(hv(OBB@keT3!%15K3@@2yt4Rh>D4*1ve+ zbkTedA7eTG)zUF^;Ngd-e=ItPzzu?F=to^pRc|FlzFIPP>j1BX%L#^E=@68>8`D}| zCo5U1!u`o!gT8_*%N%5L=e-fmIj9YKNXboTa_e>{ECqRpsHJCKxrQkd60bvR32gWR z=1t%)g95y3{`j9-$2L<5!t4)basmaPnx-y5wIYinu-qTZQ-xmA^ioh<-cK?)IWz}{ z8iAxGbaV)XyqvAEuJ6nRBlGtJUJ1ag&{>sg0ner#x5y8nE=>Fokx$Pxj&_0w%ybL6_cl0PG8*E))5|EgPeSE=AlqzfU8|qpcL|sK6#UKS4e%}C3{qFAKuAyvi*bI4p?T7 zc6w%1nogva3oOE@RpFqK#b7LuPBYp!Ix2!i?9n?UNmjHjDK6L(245|X6X!O3VWtRn zN89key0)HR61IW#YSDd`*y6@6jDx@r!Y-d*PDq@e3>6&X6M@u}RyZ*M-HJZVDnMM5 zC-WMfVSI)y8vmX4uFQ%p&+g>c66>wF7fEKFLQG@lw_qPCxtzgUCk*6)i zX%e)EBKhNg?FWrK4s2%(5jBTag8w;%( zKTcmg=ktCa?0q4z#lPAXY$J zTSteLe(Ae-31bb_bR%}3z;RP#us^3TY>HW&yq^k>)>>tnRm}a4pO3j>xclO>pB#xw zo<1T8R>Jk2paOWiH1EjH%nx2eUPCKE7lIId+?7=P@;gZRFxVD`E-@?}it+giB} zix-IVrznVN=uv4#sq<8d&~itU-H&h0cLg^F8y7<+%nEPCYp?w_rTBRxXDl={KATi- z%H&ZoFTeb~TaTqcKe>{t_bRpE(Wi-pb7swlP3PPyQW)T;;ZB{}Z^dbWH*(n77N87N ztH8w2U*~@V34>*d7c)6xPe^(cI_k9H6`PMwfr=6b4h}q&Ji))5H%X6y+=nI=y)^Q9 zm-2!dmcZg;oX(eo7y0N&U2jOGuO2N26O~$cI0uboW_R2vDfk?q}(7X8Pie$M(L{Vz>yd`N-6w(K1y9tR6Hf$XpdQ{K5xW4cL^9aB-;`dik|7hC~j@0qapYcly6wlJ7c8s2Qn5{E5+Wg8t=bbjo3!V5q zi3j3I-fv{q8(J!g>YiUMY34dsxAe$*Pu70y_%(5H^+YfEiMS14EHgkFxuPPjD z!(Ly=C2m~Thm{@D@+dkc4&BXc^;ODJ%Ta9~AExjavU*5NKvUSotq^)6WbJUBs6Bos z=-R~0&3m%yoF`bo)nFUw_1!C}&E!V1(&hsBLbK1?wMsm;{``lB__m+fKyIs8bWr{L zt^HoAleS`YZkSw!C<~`Oqkx|q{u>!sR0l`C`%6imw3?VbdsY5kB1x<5&O#J=kt7b< z1Dc^a;BTKQnW7!Bl z3|~AP{mE_L672Bi?h_f_aP>%D==BwzEB!PtOa=P#&=ynYXRHjhwO5^Z=LVs4g&tF8%$^XS?K{uZ4F2cPH@;)8R=Gij+Db~!a^La(a` zI4{RykC)CSw-255W@oaBEee83fWdFXRN>s$ZOt>=LCg;vXfe`kD`@F@-I~$x?ba(2 zL$u~_2qmFyp=)q#p(3rnum5pYCA5&9I{e3%{r{wsiXZ>KH~bY7V)*oJVaTy@m#OMs;N`mubd#MF843~ z1BcUIQHi~-{hoL94KKekL?I-veGD20r+x2uRSG1ME~LXpYdtwonqiFD=o;HvQ6Cx` zj&BrwV$U=-zoJKf&||_&*WkFt@Q+j*mQP3Lnn6ODwLLf@xXG-E9yWXLxV^@(yMemv z%GvLwU9A6;-#j8!zIIDbaw-$eQm35OncehxHy~I0Jaf(|=@xCGrGD1z)z^_^N^m7v z^3C#(>eTAQcKcpk(+O;V$<2&TIzh)3y9*5zJW5C+!6gd@T$8boW(~P{deh+wEQ{WTmmQ|p3&1nE`0Qw`B_-l2l?bUqMN2v zk0}3*UE2(v1ZOA3r?oM@N$6U>iV4jeo|+q5?qI>lM`qpejTEJ|h9BQMO_sWAPaxp} z(Sb!M%OKY+B{yaQp)NeR7kxt;NmG2@VS{~uL}WIJs5)3!kyW=GM_A;*aSaEtiHM{@ zWA6!zB52_Zg4rHvO8?u}!X$>XnQ#+4J!FQH zd6-x>MMVY|I3l*0E8fP9*%8PeyiByrML&o71s(FJ*`}q#zJmQJJNpsty=|0T# z8=TL$;DscESFG+p=Z{BH^$Bv|G9+aWM(gu%V@o6pP1nQZv6U)-EtrP z1<_Slc&YnpnqEWWO?<9+r@xIsCAuZ*iySeOp>S7dT0Bd*$Mye{p$fsX=(MzjKCDKVD1ZjQUAl6vbT? z%}7>TaC!rDRh~1N(I;Cv$7>lgJ@ic3@1KO=6N@Fi=tk8|8rCIEjP7DsKj}C@*lm2v zdA_@i+i9NXqN)eB^4&%5PjyxEzO{r)+>yM3dJ8n1YpeQUZf_L2lxDaxECRd&rm;x| z`Ha(MIK~av5UUyoMG?u5-!EAT%3(aCDqM0XZK~`nlJ6?MzDtaan4FAO&odoufP zD~Z!gW(zI@cqd~CqViAhw5{G}xaRcFjK$|9s9F}thad}c)r0x)nD$<|POzZ@jd%?7xohv z4k2Fo{&VE(ho~D=qtT!=?Z}0P3QkwSCG}&d4dezpUjic-B~k(DV|!K->jO^?yREYN zP_5|2n@EV%OS7KQMJDm|%DtmuNnUr>6s%8T``kv5N_ck|A9KkHbd?b>@bdG}I9h@d zg+a*rIB)TIZUx&{C+7O>_WA2}o3YZIiPqqU09zw|e)cuR#|ZU${~7<)h@CM;kSK-^ zcK+wj*`GhY|u_D@mD234k2{vR+*0& ziA&|pGPE2BTKkD)FAV8@Wpc&z= zh9xj_&f*gr+CW>w&C`x)w9#@?7k?&hY)EdrYOf|%RAFxqyM{x&EllFMl|qvkanU)& za*{$EMx7Pf`0pwG(&~-_KX{%pC)e(w{HPW1U*+%LJ0S90X`4&1v8?7OOPY(I#4!(w z(U1!s!%-P=gF94D{K=ubyJF66xS6W=^;#%czD){CuWbK9X#0s6S89+2miM)dwTe2Ci5^q2CgCU>n zxt})I)S!uh*3ZQQtkl3F{)y(Pe1&F$#8AcT^UMC~A-0As3-c zXst|PU1S^Oms`-VFh)b}S$zi$L4^?Z?oKDlFBF%ukdQ%?Y0(^$kK6Xoj&Xu7z1fJrB1}P?VCyqH4Vy}hGLz@6fA zT`BJ8Nh;V+Z$^fWvv{=4Zd0AY4jB>B%~f$ILzz7ur>*0W=A(JHw`RGD=f7iclQcL( z51ra%*VwT!eOWN}_N1>hQSUQpK4|kuQKrdyq@wQZr~1F`@zfz0dtMd>2(+6ONj9O; zzFGoZKee<J_u(@-{Z9JKyK;T2!Fq(tw)(f*tNI2XB%-IF zhzR0fO69}v%w~pipTfV}3+jASg)y)Z{zhN9{7bp%Ir$6)gD5t;OMvt1ovWpV$L`A{ z{(!^nW{R6#A2mEKdFoo(>v&Sc+pF?$FBsw{0M$DpG93L-V_tr#n-7;ME8ch~Mgc$G z4QXGwB8UVchuVln#D1iG^&<`+_|6RB5ThUu-}-f25M@K(F_ zv)+a@!>)^wO&+jSQ&VURa(K*xKzPY#acc;Pd0SeOX8c;7hNxQt+9@S<@BK{K;V9~^ zt}YF|uR)LUfOpo;B@e%JEQ-H+_rx?CV1JGL79Mxa%>oD4IlFo_muE?#7Yw~ph_k?T z^AP(VP7jbSIx!y=&OV-)FB~rCk?tBR8tyV<%fL7YB7^ME`CF@ES??^k84MxGHO7sG zF^Y3^DHcR;*w4=wk6PzwT3=-VHT#7vM-&F_!H8lX>Js(m`!|OzRf6@`sKg9(NN)qU z9u&VD&QRHXCsH*vY9OLlA8l3t)1lEjIjW9VVXW&?Ap?3S&9^}G!8mAYNTpCyx|3I- zG}+5~hnvrX{p8faWF^7N8RPzxIJCB(f0eG%Xq6B|u;T9Gj-&?Y&6yOWRl_arT46k9 zuJNf+cLPPzVmef+#AVKzYH$eLg8aLo@ z%Y!>*SC5}BP6#w4YA_Ul`ZBiGeVaZct2WZ`@QRgblGN~k?g9FyfluyM#pSUq3`sN( z`Lw;`ljTkb{H}Wd&-aHu%rc4ZcR$M^=XCB%#FbZ3xc({VihC0yZqFX z^BTDYhEfMtb21n`v*|Ev3tiJX>?%@TEZ~lza)wVkn-4WiH#y(x8ak!S+y!+*bw!qF zUMH+^HKk{BSiGDMlFx+yOQTX?s_c&t63au6#7|~0_J!Jpxkau2lxMcQ@h5?u8IuQ) z=XtDl^sbv@dl z3|yLnR%EMWP7e-#{R;fqAo$#($pn>lPdjPl#}9$<_{WK{`h2c|ELyTJD3ZkYGk^zC=1^l<4lL4tbFTGn1&+M$Y(ycKF<8OkXm$k)+nF z-FAG8tQrnDPlWI{jfMDip9-aobH$|DXI_D@QL&)VqI6vBNEqBu7lA+&he3XF5Y*$P z;7B;5K&*zL-bEJhJ+ipgjL+d$w_(NJpg;fo*QZtOMk5WcrSfmd8#W#(`cx=N>~Q(y z{A?cG!;6%JmQ!m$y6Pfv5Cb|#A05Yh3KrcmLS{8t*Ejk=1f-PqF#=G?n4ffwgY^T+ zm(f_Y@fc+L@EkAd9WG`;Qt<{VzGrAHfP;s_fmK7xgc-LpGmK&=xQlyLR9RX;Nq1!% z&@mLAroOD$9TzKI-#4qwDt_RTUW0)V#jrH?=v+(#HAoN+@)51`_QlDV-dRX%N-S&H z^*r)fADMe{%u87r*k%s;a^|yrgRh#8R`~HYhiwD8{;I^k?z=>kvht{pA3uC3RY-o! z;Mpu?uYbp*pkJYKZ8DH#**BSC0ieajkQH^V(+NSFEvFMGh9wTnkPs68c8p+*!bMXi z5gu!MW3o~;D5*WUso+=XR+&B=X_RC)YxX47cdxM}u_#nwalz!(mIEloQ@?g@;Bp=% z&L&DypXHsOsO)T4gdazbh!=~9*Qx>t|KB&E*7a{8J3$MZwnvRt9u2F9GmqM4<<9p1 zJKO&|)%Nc^*VCO6btdg7((p6XJb1I_NMZSKPU`&vZ_97K^vz{4f_ck^Y3ROA=zdY? z-=gzuv^IH>eIcW7lt+*_i>rS1(Rb#=U|Gp}8b9ZP7`P<#iU391ns|#hQ@{&RqTJxM zYB{K21{Y=!zK@hY*k`z@1xb!P%c%bkBHo)NDpubv6M)nE>%_Nd=W>`Xjn~l~Wooe< ze;}aFoRra(MY6h^MTa=`h*M6}E}L&OEcEy|F4oytdR%UOjo#<-Vm6!jiaXL%GlcWH z{h>%lIDrlc2Frp0OSb^)Yjr}oySh=2#p;+$9d2JST`;_Y~t!$ zDbwwi%#w6Q?N}7qWpojr!lMQ?#qCw^dtcuq=*A7NAd54l-)mpcWHC^6o)U+B7$0X8 zsPkbT4^O{iHm4d$D~vpR@NLd!Y-nm|j-z9p8esB{n-B7CPRKVC7({b~%geB%A45cR zkiGjmLP*`&5y4pEV)z&fTn70WoDHJUa0{tP4|J;=NFI|Ct7hEt?@FQnqnoIdzS&^7 zz5i;dQyeU@*n3&y8WQ@p z%(tY)LwpZAPAAyk9xAMC@h#Ju`%KS@##Tgl-XgmyxZwC`0NTeFuFFtE?>lzpb7`en zz%8GaJ=JJC&*S{0W%uE^E z+fSWdy!~9w@l5l=Wg}f;otez0E9;XL!-RWjx6`hm@Wfs(2!0qNV>m|nI0qPAq`1Z} z7nkn6cXhLdz-3BI82&(SGYTPWOT%Ve`+gXB(mA-^y8ik|){dscbT~%Aw6}m5@UW<& zv@XEJH2x~GK&)^)y%u=9LY2Ke>vbcYI;MCaDSxS)rk`#&ejr%E8*IA~^iBobh3mOA z)H8%9HW1z@r%2y)fs71W-2v|RnhebU-B%gqi|uD3hw+G}N&p@hh?aqM_Yf14yibki z^h5de5#HH=BOCaW15;;0!^^8eKn0PZOT)eZ$i0D9cwj?ED0@$F(SW@=(4EJ3jBYUo zsqZGWoVJ`&e9Hpz_6*qtb!cEgB$KEDV3qlNg6JDKKX6M?E=KOtEv`OyP9gX%pMKOf+Gi^zs3 z^49&)k;$tzK^KFXsNeEEwA^3Oaq<&^&KY-HzTghWzpJ8o(_&Sehy z9>IUIND8^1bFv~5O0no`TYYI&={Y=lIy)NjckI;@N~G}doDx*TD{EF^EqE^4^|TPv z+4AnlD#^Fc;!a<~nsO-bspR1|E7l|Da*01*m&=oPl5Q)FT>lqq-u&%6AMtGUc=A?O z_xU53s>6UB_sS!O;)e2_4nVw}aeU&s#Dvg5r|e?!Aeg|5yHCWh7x4C2Sk#Dtm{^Rl z6pKvc64PnS{T_I(G7tAPiT>S@Z=7(D0tdxtH$+jrq5!r>ai7vLNQyj)!zaAFA_HiJ z`y_3B7JT>G>D>si?<(IX@z}=4B6sBTC`Gf-rb%n6aEM{kgg)6{h=fVLX8U?Lay>nQ zNF1uA5`EsvMO;j<33@i#c*tgRcRRCdcpjVm&|c<7=Pn{I*G$wKZE6rJ0QMJ!ezLsL znaeb7X|C$K_V@+MTJ-uzwrY@Bg~*edHWEhT4llN#XNldfwU~ZKf+N5Xirdweu;R^V zOiw?$ene^ShcOv-@J|XUY)UkEOTCi2dJZ(gY@!DJ{RMZIQe3;c+2Ij%W3y8D4lpnr zq1f@PT-zS5DJygB83|EiY%0UaA?mtV?s`;j|3rE6$mlF6EWDHR+IJIzZW@3LH0N-D z$2~UoOX(4pw$NKf>D_YfsBN)@T}=+}HgIv^GwOt{z(t?M6_rtP$*{QnZKLZo^Oj2~PpDCS z#BAP2geJcUl$0hKb!1F}Sa7<1MXxEIi6vc;2pSx<<=JUt6XG8^`&zRy*WQImCdaFA!QIQFumL#u#HDhm_GoNDLLoPI?Y z>VB-S`?R2SHX&K4<$chm4KEPZk5mbd5iBQ7=4C1Zu_);h5f%$50;PX}<6^;4>lddc z!ChqQm4E# zZ%`&vbc8pvdTL<iujbYoG1$)!3jkX^@h9z2Yx^d&{y;7LT0v{$lXzRng*qCe}E6i~YV&FmQSpldi6 zOsUeayHCBGj65U00pxyts5@R;h#zV3Ihi@zfeWP4QkkwlX^vP#F<@U#u=6GBD@$6< z(s3|vrIZ)WJ=w4rS%j^PpaB$V4TCnhm!^-GSX%`E2y{$k^j77ISO{j#0hu&XIApCy z*A1|X+BnVpl{LgP+E(!G;%UpL*g=O!lllj&e`Vbx^Cq(iC^)p9jV{`}hkxIx$Z8T|;3SVEZ^GZojymKf__s1Lzeb>!& zVm<>U^LjiNdQiC`(T%3;NLOOlT1li-wQt7sAe!#l^m1w~#aR#URlb~s(!&YteGUnv zZY|Y8s&rkys!rO<$)CM*_it=*kY{_h^FmtpM$WtvySnxW zclFtmJz*56T(a@F-qnVVE@rY!POQ$dyWk<|(w)-{S(}jIiA{$suI_FN-{hRO9N}-2 zb$?9hUhM%&7}-0CnQrJ5Atu;Ee}FZntEBt*V_AXULalDgl&#{n zzZ+!>l&a9ONG(}U2^ehM-u~0Uf70>T__u9B5MyU*>wWZEmkeZo4 z;^cm*=Z9)5ha_*s;HG!vAWxY;OguBkGG={$w&YzUT0bQ>zY+`;pxgT2eqN|`M(~+N zQ1^h%3M1|#RH_Irc$1P*3d>VQf(6nWqNTpwtLKD_Tg(~2OZ0f_Q#}1(VDHDY(Y*I) z0S5>hyc2zQPmGUau+dY7rd6kd9R;jcyT1~^6R*M{gup3Vy(JUR^}#qIAs*xa0P!nv zHm~@TL3gNAfG`xaJ^LelE*oDMXr=nopS?Q^LmOoL9r?`VYAEa0(`K#Cj|2C(xOqA| zsS0TFYYSnl1aStV3;FgyBCu=uQBZ{e=v*8A!<`)IMVT5GzFE@L5XxGwfU?Sf8#5cy zMOmLN6NzIgRPA>MC`V${mKbVuuj3CDU?sITg5g4NlsF^tyVO?&A)Y|2Jpk+jIuLsw zH`R=d_donLqQ`>kzj~}Q6_#~wn%u*_BSbqW)KEep!SHxvJ-9s>nF9Qv;p^yxZIBBb zb8w^6@R(a^ap1Hj1j0Ly5wFqN&$j532~Vy^12qVGK>9|8i$wTPf!Mw^0snp4>d|1X zR9?Dp+SEjLKruVVbEAF2j>?Bc4al-FfKLM(R1{sP2`avbWETaBZNwjXWej!s=WC3{ z5`@6W!Vc8odk`2LwutmCKdvhWJ`Mp4qTuQjP)Qm{Qmd0M=LMt1)3;&(hC^@6P)6Qy z4JrB}Yf(~A0H4dsl_qr?xL!wYRCr%Xs|{SC7PJ@TVF5+8C-JgO$B>23_}Y1SM7jG* zC!eQc@IH8um-HVXO_A3`6xmTdfJC+&1>}I*MTf#;N+}ue44H)$>3ZI+P*inOYG+Mp zPK(uW(e`@=@IA&G9m)BgUP5}E+?he+mb10PV+ssIk$T{gI@%Un=d+3k*NsVmg{ z-1WlWGt;{|`yqIS=8vj$iG_TKXK!8(^e}zr`xN#RJU~efj}1e zuhGPn2gVEGKdws*Ep}XyW|m4#Nf+7g%nDjya+da>B$IXL^~qal!z%_b!HQLw6r$P*~*LVz6gl|y=|p+%$M=xkGI->)m1%R=DRd9 zR%^+wrStv8pmB^__IiNwe@t-Ab*2%1z7dVtOzBuR&+69(W5EZeMP_9VO{(SL===}~ zK~^c2Zbv&_KFnGa+xNL30Y39c*u8sArQ9Dr4v{K!@P{8O0XBGP)QXBP`l@!VC=0uU z28^Rrn0nJVrv8Ww@6NIcQJbU!5r~)55FZP7$;hEAZ~+$s!rIV7-Awn*Qe>U7J82#A z(Wa-L29WL;L6ez$EqVmCVUcl3E?d@Hr*C(_o|}v_3A9waMr`Emjicg+k_m-giN@~ec5pYK_mLX zaKWrFy62KiIx=s7#bj_Q2%o&aw`IX1$4U|_Aoi<_?y0PYP^3S`ZXaZs5@ivP-5!)VUQ& zT+{%bZB2MW+ffX(%xnVFKdu)QDlPVGN(e~R>o}^Ka5ekN;1IQ*a#n;?x)?}$coHZ^ zcliBYiWOZcD?G&!mYWU7LxZ_5U)35)Pnx#eQ^T2>V$gt*+}ggZQP0$Di;F;|j0{rT zdPeN_*VD6N$)t}@AT+|=nd2?=h8bS#ivgpKLie&{a39{o-UuLuY`T={O%#xHZ$L#B z-!V0xEMvH0aJIQ$RSeyo^$YybTArIN6z~sQL`f?Muu5hW4i3W#6vL|w%<$WTdY9+T1|hiJhoHl=HsJ* z>nX2;W#|*3Vg>mR@D{}WfB*iKGOf#d{yWJZ27}M)2X*cuHhDZ`>;pEv2q ztKvL&S7*+m^QEWuW*FHmswQ8ZedC-A+J8-(lU`^Dry;sd=X|w_Yp=~F1k_zLJzk>7 zgtWiRnIxuiu={!H2x<0pb-&y_mw@E;Rlx$?agr$blTi6Z#kK~;BhChoVCRv^83e^snwBC zFD{xRPnkQ0t9Y@`dT&EDn0?XZ1=alu3A&oZ3U>!Wz1SEnkjj5`UgMk7LGP-ab;pk z^RD3p8l8`Mzq9>nMEpfVzFByBNdWp+NMDM>e_!MdM25EKmRUz?NEu0BSKi zbH6DA?ww4JM$v`cCtsqe_n;u(Pa>&h z+dVO0$O%}SsCsfhtNy#=^z`(LLaDe=j^nk?e@_)^=?OSH7K6ejD2I>ofxCV(eF#tiWM>8X17Hc|EOcuV76fn>-J z7Z|Wu@hD_ddEw7UwED@?PUzY3!p{VpweN(f4u9}D%{712dNl1;McDZq}=>f;9g( zrATFUD)e+pGN)cYVfS+C{Lkl0X?y++atCd7WQl+=`k;OD&;#?-86DGUl)^eDXf!@Do*^|ypbNH-BrwzrQjAu^z$Z-I!V z1ea@~vMd6wd;>@kF8N1Ag&RvPK~s2(NY^U`Y*&dx3NR|+Wwv*cIub?r_L6)0ULa#y zW%(JwA<;Sy8Stk&6ACaqckZHN!$lz$7*xXqmIQw60T`!UrDv5)>G~q)C_>nbQ`+t9 zy-mv~6EROo9QMOzZr6T&-{rc2#nNXC-@<8exqY>I3RF&-&PoY)>8jay#X!0-qI69`qG*<= z!_xb9FQgViK&Wi;7|_c41QYtZO^IK}pUH2D>TO4L+~W1CnLJi;or<*Y z>n3&+v+M&Z_o&ZouJYU$Xp(Fh{nU?rE_hd&1vmr%ElXgo`-cYYmY^2YPBEKcEd|#{KpIS2OIYz`A>Dd|D{VJ{P>16n&($3P_FB2JZ)h$YLD6hl z4jzS-ddNs0X2WNf1@khM@}OPV_76dsR3E7V&2?OduV->6#ipzzj82;>LwK^(4gOdF zbWr&FdGhaHsixbdV?|a|caEK{NsCdN(nr2xu}!3rVy~FwlO~&(ufS5YI(n~)8RXN@L!8W6mQR?IWh2J%W#b{ zkYZB%!|`f4({})2aJ*?+QILdsR?5@`0AsR60-Gv^W3mr&QcQSwU|=U#`MgF}bh0!< zgf2xS3ccFybep%|+Uuy$W&(|x=&9MyAIEOA;Ba;oX15|K#FnXuaOLvHAd;>rBMXw_ zn;x7Y7v67x^_b+=)GGi(zq$C{^PQ-{%2b45lws*A^mBU#f<7r>-S z%${H8=>bufu*Ff4?w5+RXu`*x{BwL#qvzoTPh@@&~tQvidn}I0lt7%Qc!T7j8+=A9LrJU=Xw!&cxd^bx;rOE z^8)0)8P3rx8W`lAQW@s~y^9~}fF`Fsz7B{y3x0F2YSKh+$7bU5sv5@+XED?A=q6AU zn}e{9C(fs9x8XsLG5I!=PNMVca0nN^B)WR*tU@$-%QpDRyM*Y^ujUO^dD=l#bBr*K zfF0Rr{A&Qbf?U9@8Du{8*{$3DL#34$oppP=;`Rd!*oQuEV*W`9m1kIwOP8QQ9V=L? zzC;Ir<$s_>0D^)yV99Sl{ufQx6V^Zk`Wai(=Z`aElAF>?GF<)P4i1iaP-fD$iu?6T zrWE~yiT1sFzn11~y5r;{_f;_LaFKgU%L1XS=E2C{^#GxnsZR@eA;7o z(sN!s<(ron>n82~t=c{LI%s>Cc=kK7?R2K?6c>7g8x0uovHkTdRpnQ5qDte`GT%}C zrAN&_C#@b)SqTbC3G>cJcq)J-;++Jag#pE=mJ*_M{;}eJ_3V zWKaEUFIsIs_xv`d|DpVJ@ai?Y0LuSpH@ix#zyDk!po)Hm8?JtEN8PuIdA>~W{DqR~ zm(0^r^b@vMy_Xek#SuAe{eD8Nz3tCSKX1s2cLW_U8bbEr-%IOjCi_;!5k*v%=!%T8 z8~rCGJX`5jpTM=8&b8^phTli=~`tN*`M*|m#ZdRuKvi!)(@ z^5og(Puui8->Lr9%7$4Un_Sh@!Ow#s6H=u5^Q!#n?9Z$7k=;U2=$g!{KjTGe2duAt zLu3|S>8yO9@BQDI8}8w5XQ<_UX8~SWNsVNV2&?v8UWRlPcE&E_2+SvOfcR{Ws4{LD zC-epm#3ZwGPJB&4CiEQi}+8t8t3H>Y}ws42RS{B50|UeYrgNOCEiX?R4c zfR;z)a(G{dr>uyB0U=B)a2o;vKw*#=-DUX7OGYc%(6i742LJrw>=dbd-SykavUiQ* zndzi>a6BuIH4+r^WXVjXR4U#tIdNYtoXFSZvkU#ctW7pImGsVbfdzG>89ida)j0Qx zsjJ!>`KKox4keEV#ABx5-$4$x(oFyw?eaF+P$5wP*>2xaC<+GQ{$&6F`UB|(W_i96UN{MM-RYos%6rkYsidqBd(gHM^@8;Ges$mv0Nuq=lb|G?@#X}7` zalFVs$Rd0#3Z10(CN5s}GB#D4NxuQY=X>VDE5TIvw(Lj0CPv7ry!N?SsfADbkZX10 zZ@!BkH%)YBfYpsq&rwMee55rzzskX=kPKi+&D zVnCUwzKHaG^BxHA>e|k>YignbJuSEkNh|8r)&9ME@`sYuoX7NLJbZ{AD_d!{95~JM zWHq5GYO|yzEN0!+Z|p!}(q!b-LY8_K3|_*8%vI3#q%IBPgPMrqC&Xa|49oM4DU_w~ zv132w7bbeY|3p+^)qNVF{o_RudoxmCFF!B z*HsbCu?W0q_;7{Qz1P~5e#9>NHeurU?D$QhYRj5sF|oCb0Q)lg`tsYy!{- z6d`F4FSe(WYJ%c*P97?3AnkJLq|cO329|M!LFzbg%)7NtA`UX<+tq1_>tik*C0!xY z9?y55Dwp}+i_J;0&?|v27P@MDTq_xV-b5$Bs$=gD3#&%S+$1O>*@QWm@@0-U=TEn6 zGHaZff%c}2+1!^(^fS6Nr2$N*Exk!|zWuoZx@Uce81 zyFki3b1ryq_2TF#O5W#vkj$ z-{`}3j+TE#Q*i7dMV+UP38l;&gCajPdQ%X$_}MSXvtJaYo?2+g$ufWF#(2p!+)0L8 zrA5^gu)89n{^z_Sko>xO4qiFsUAdy-c6@&}&#t#xJD5l)o@3Kxq3vbLMbb;w`$HrY zt2smWdLmpgXNQl@4&B-g-2gn1(hn@3onQAe`ae&Y#(TVm0^*5P${t5Pb93vJHXa8y z0o2*bIP$X!lL;qGzt_dkESt@51~9I?vu$k=7R|aEeX1uU=q}sBWyrhg$wp0CA4dm! zX8S}3E?7)t8uasb4%qFq8&;|BEV0N4Q*-W;Z08qbM z)%iT*JKgSWWCo0=sNgyJ_4_X=>)=EXl@z$Kp&_%O)UQta;g~hA%IlJ{KzVw!g!D6i z=?WEuMp_hd&FgS>Y4-1rv17{2yW+?Q^ctEXoguMBa#%#>VLgP=H+a)UwUU!q$1kHB zqaS7>^T~hKA#jb9`B(r|mTsvDx6!oGuv(*WxTi*)RF*Tf9YmleYWB?wc_abH2n8c*xoq%$)paL^% z-CqA(Y@l(eMju>6jQy3&5of_4A?45E8_`%%>U5|l&hTo7WY8QObn&Hj1U^}gRq>$O zheHP~q)8^me<$)VmD1S9{cfI-H4K^lj(wqm?L|@EZ`GEu<18IF;QDTlbR70~tC_gg zqM{-^H<*hgg~h0$arc{>g1CM;%3(opQ3t+;ZT9=&c^fue@SWCU4-7Zfw{Cy|j`3Kd zh}-IHgCNr5mQfP}ytPN~=lIYr3m!~*nIr==p#5chBwN{;>}+ILXS)-@faQ(BFskC} z`3BQvikO+NU*Oa5{UUkehllfMj=H+5@kD#26k-6|rU4nu_xkcsI^WWP%P_V?Af_~f zTHsbPbQ8<QX2K0+8mR?X<~n|`@1%W#92Mx(lV{t__mp!-^P?mpM%1=V4j&3cgn z-COMYmeIV3i$mWyAeGa|^|?g7XW{9bYS$q7?MisIo84cjz|fdm3@V?xXa8_s`sInt zvbyGL>?7xi@V>8^tQTMCp5qL@7~O%KemDnu3n5JI;(d~Uao?n?InUazo_4`nI}b$8aBE2c}0qaxnPh-D$PU* zV<;Zlp7N`DK1txu_fqVnw~EiLweQ<}s~+V3$COY&WHWKe%G?wfNaoP+BzmGT49*CQ zseVIbu)37bb~cev<1y5koc7rc4~rxAg7uwqa?qN2~N_Q>LLFBmA9IZB;Mzh!^n$kU+tHr31NijSsqn$t^K8MAJRJqh_#I zauKt(lt7FW{U|VN`26K1kEN)j#c}~HQ81!*#`A*DWTluKYKg0zctez!Hoc5lMri+7>G?;IXej(I z+;j=1==^B#g2NN%JTWbPG5+T_2W(HiaXNpPp|DvYA7~B!?Ja+I{?g*h zD?;IJb%1t?*!%FDhSYhoqVwcj)lI>v{-5G(_n)i(dEU1(GUeV*K_#Mq|L-pTC;Yuj z3RCUc63;00@;TWDH-8T3C^WR9@5cB!z|`+lOr`LxlxNEZlb4q%VsarsWy^ti&`x{h zobGK}I3+vzsa*2$N|pSYuRp(OyWOB3($JZ2?fpy;Ol zgX%jib}Wkj7A_WFJNotvr#MnS_sSO++IZ+|zHr(6{3-6w?qaQBf(@Lb42@#!ndH~ONDzO1{wMg{?sdu=2xM(P`JkK3k*lrbJtycnzclMgpY>XrRqBF|&_W7>csL3r zmdu}@gcM_eyC?xV4woKe3@-W2H2F?ds=3b8_QrQwQv_ov$QS8JX~~EJPfo*a>d0B& z6F$z#xkRsgEEg!{eRXp0+c;GjF|jpX5(cy*Czpsr^X?fRxspqjaN8{;k6ZTCM3ejX zwizQn&JK}=8KkgF=yXAqp|m8rz@6#3O>eX^Q$dO*3vvezL~^6CZ#b-0g-9-X_jdv8OsT$%Mx1b?X1G4 z+TD`}vr9rIW@T@oiVFUSWU7FBvk{;hkY3eZ(qJsC{R99DOLrrueLW24x;!0VtkK7L znM|;NOY{&8S`kl(=!2Fv`SM;3mx=~l4Y^bUYEa*v(k)alK6JQsQ{pMwODh|QB(mlh zBE56U1+~zXhzK^VqZCeR!o#Gd-0EtmRE8A&JD!*nDtZX3bsV?R&`)>eW`_s`x^Vb*i*CsaQO&~34)Ace^ASwIL3sM-Qz<}GPt+HkKM`n( zEs)g^29UZV62_n)F3v&&&Fp-icB)eMidZDQhDLoU)!029MAl5XAvbGm&2{&p?Q*QD3XzFvgfsc- zA$7<>zUtY3>REpIXjHGBPo$!CVH9c!x*0<8|P$w z?!zd{%7(w=vjWyu{8agd!xZ^m?9%vn;GJv?|77>wH0}tZe@>BP=+C%<6v`0k#XCx5 zwKMZSXRc^3F0(Sw+q4oZ9Xx8YR7pDQP8;eGdaRbVP z_g`b;#yyq{S*x^OZXdz`w61Aa_N{gv5Ix6Ldi(U19+RszLTv0y6?HZxh9(1|r|`fX zixnXxcAJ>lKZJw;8hLBDS2G58be>WD1rsz2bQKh; z$GvzJ7~ao$FpXq49iFNDF2l{{fU5$Ug=>X*1i(LqGmKr31FWF;_ zjp)n9eUqZf1_<++Zm-tUiNGuaj7N&_VXpIOl8VY~ElIDZPJVCF(xVOi?!<{F0;W3q zmjOyJHh)9R7gMKq+Y87^cP(ZIh?gJig9QBY=l8Eop|sR|u?ut1j-l8^WBt2+%-f}N z6pbor#$6_nxb0`9XDVarULoL9!NNz(p9{Qm^GX2%TqEQ^-DHBGFDgrq%bK_07-pVf|hnbWTl$R2>9wwKyw{S?alo z8irgZ%C4{6^LI*mCR-JZ?$C^}lM@lSEfCB-%HIRk{K%ymqa&CD1u-*detUaIAceyz zrMUSo#jW;@@PW&1J<$TY8t23L(YyQM@2-{Bhau_fhC z%5CCKpQvl%0U_^5A>UGV7&_@~9a7F|>t>&O z!bXXEAY^IH^jegTLOA@6qa!B2Z^=}=uujb0(3Tb|q*rk%MigmqqmDcShSjzr{H={< z@6Oo_Q(Z;WZw5*hXmm?Fz<7A?Nh-$&^z;6|JcZCbyV>7@tLWtC`!;K@Kxu z_%`rtv_ic7V#FU5(=sYYnhCVn^;@1ZQSI;dpUZteL&sRdeV!JMJoVxMEuMq9$;rtn zSC#Drf5r6=_kVGQ{^Wf1cf9C)U`b(8Lyxj?^M3}+TYr6R)Qj+xIFSt%4XE$7&gT3t zNXgLYPfifI;oslQM{TEv>c=(eP2GxW&od_q$1Z+(b=WPL^-DYYF$I~?R~r{}HRrds$DsDJX8@Uhj0X2sJV-z=`s8 z{Q*))kU_KkaJ5D{zJy#Q-N&u3i=vEBwr0@uP~s?CN>M5 zwVzLV4!TLuy>*W(op|LkhY<`Wl+Nmy@~+epT;26Vdi(FKHyIuG;vx@AoNmhBk&*GO ziOMUDa&>QSwczc0$1`A`#In-5BSghQD9DoPQ~}3dlKs9!Qvsed9W&F}`*0Zz_z2#z zSzvvcXKBc*K@g=w1ymGfgxz`xGQiRycsyOYAizUa zEig#)fdBa6=cZxHAUj&c_KKfIEgkE=Vwc0yo3bc-IF4@-NI0^ca~Di#Q5AL#N!@LxrhnGCZcw#E;_v*G=Ga=`+z=dP7UOrI4gMIR?i+9&c1SO$pRYn&@+LHW7BS z1|>O@e*`OK4g-sC#}eINDH;+oGc)H_=N#XDnfq#$aIi(5zZXTz|5wk*|FKhRgH+Q_ zoSjzD@UUPiukuZF*(&x5Rn0>W4*|XUM+Wi)W7AFVD}!E-z69+4tJ>NkGjt)4I*I(s z-Yfmdg9((^X>@zPeOzHcaRYMeTVX1&6lb?ER-#4U3ekK1<1QM=%Y00%Cp9(IH0h&D zUZLCXl_`p)YU^JPPq|#Sp%B~e-7sEC__Cg(WF%UEX2<%lc?^2a**H7_@G(SUy^i?g zzO;Q?(1(_=k0rOlb^M=`*pp{{2UqK@nU-b`vM-6JM(UPv+(L*pG-A`VD&DrV9DNi_ z#7+oi>RcyX=Zxzik1)}=RA8nrr-u%%RvvuP;cNKy8(wi$L)WDD^RURWLU=%sQlit( zx^Ym#vZZ1Oqb-s}sy4JwU_|~p%)%62vZ<7_=2eFz6mATm8(!5=DMBwy49lbh zUf&mM?nE2z8HN8prk5&KC!? zC5p}pn8^PSu36R74-o6TF29~oeNQ5F@K)&k9Fq;{bSbz_J=TSL@Lp%ibAw;qJjvAo zd{t&;CT=Vog-}}P|6%GqgPLl??e9>8pp*oB5NU?cMCqX_O$%P`+tqa8={~D1l?a4xi znbB9-3I>-MPZ62(<)sTFf1RT$2@4Myx97W>&E{udAX7g1GIw3vRL`Wi+c1HC#BJzq zLgaa$n`n9WNFw^~{FCGCALleZg0AAnzfmBUFK3e-G+pEgPUjUSd#q=j5;1|I&S22J z?$(C-o!U8>lXe=hk0a!)UO7Ve-PWssY3qzkrdWE9z2@Vr9ydSwm1vWHa1a5|4{4+!s9cxJW zczFm+rg^XT`ZT3A&`c^h!@ZMA9MraWF~8_PbnG`YmUR-Y?QpYuooX|8%7@X_n-S+c zLXdf3|4L;<#)@p=PimdiPs{B40T%$ta;*;njFPzEK@;Fv%RY(B_VRE%Lwt?@kW^<4 zXlBl~clbgJ>dvy>yo{GVnw~QJzirKoA*=iUZELDh>oc?6*?pSE%PnWuhBp)Kj#i@h zUf|YTf4n>_d_h655DsiO8iq#)xteR>CIzPig9>rwsh!Vt*o%7vQ+3KvWTb|wA1o~_ zTu#?&wx)|w3lYjvyu-sxl6!KiB$z}c^^C^ih^Dfi57~l1gpXpf+LXj{Tu*HOgpkQ8 z4Orf(q)=Ek{8861Mg*dhWBzL{i93H^yxW`M+i655F2lpV~(uxL|cwNn^~ zOeyBS*eQ)z*f=}v69`T2Blj#C5sj$!Zj@5D-HGmAFgHWV>D&3gbu94Dzny9`QfIvj_-onjy8dnG_rJ%1r0kVkPl=)*{zdziXn2*G1(LMabeEhB6z;2Yp!M#X zi&zHKg6C7OR#MCg2%1rS+U>^=R|9O7&ZRgFuHU8A0&oEu1mz-C^C`WE3#+EuQqBw|~n`rjHhnWomG&63N^;kMSG z{B73a$(o>O+oU**c2R?d3jEB!Te%D2(Tq3|*bkShD ze#;ieVNQdVQ%SZO`N|*;q~h1LH8Y>-;PO{;sQImMW|m|VB5tK78|=l>W5(<+ z^xHBOZ7M${yZ61;bKY~&-+FMH`LPEth{H{Pd!zmpUuwxjRm#Y#^A_2F?dg}Of!)T` zbXs0d&(JY5XpG#dGpSW)VwJ)c7$k~3?!{Evhk7B~l(}vDdh(n}o-TSN6OY%~LDA+$fRr(NJRMd24TT{LT zp#z#G?BbdRI%Uu2V-3<6KnY2WhVJyv6Z4rYAg5bzt4NfR176z=80*#W>y_l=gQt~M z++RV3NQC4xQow0E#NUhGI#%S5*-RZeG%~&e?=?CU<`vTR+cJ<8@^{Nw(jw(+vD2ko z-2tQP*nYv?GF?gQLF2oMg0fZax8X-eNB4!G|LJgGHP(1VC_^_BT(dN)eCv&TrQc{K zqtmqwpDw7;Lp}{^Rpj7a$_r{ws33I>Rf9?3h#*stxHafDN6+cnq(s2}rNGs}TK5ZA z{cR7!Uz3w{j)UvQ+*Y{hxyNIkEb=^7-*~+r2_09)sVlS@L-wafs6c=%=xz_0DG3N? z?T-v!#zB0lc)N=qs5i`9HCQkgNT+}d70H# z1&^nN;&hK~4ZfV(u+uuPjUPr7PMR@ybADUWl8gy7ssxf_WGt^aQUUKiRT%)BY&oCb zBMSn$+$7f|Y^?Z#*TU)Iq4A>oHIchzym!{Tc;0;Kx3I9v&mkj|e9}fP<8&|}9(Z0C zc)nA&NDZn8yx1awt@{DrCvI~E+LG518jikmbA*efh) zrfbd4%-Hk@{NJ8EboFmY06XX{l&R4Q(5zU`-`^ir_-%ZQxOV&*11#(@!F4EaXkXc3 zvOWCep@M+V2*3z;r0#^CTpPzfG;do0`5tq?wOkU`W$u9JqrXi(+P_ucH^OH8*RX8h z$P}w7^1&5xBx1Xg+u)x&Tc48a|D95*&oWyIzKpBz-?=`%0@iS1&{@mXFTGZupYQc# z4*ok!`Q{XPys!1=`ryi`v6E}%#8a}@;g$Ph!cd@6KC3Dy8>q=Znih8&Q|eP_{ke|M zHu)x^cVjjGXluG%PBm7v?D_9C0p@jn>7~V>XRE+txc*2r?f=lbhfzCIUi>egvk|?T zvNkWG9OYy})hYN(f4+>;3iql^Mbwj+O7YZp) z`WK9La&r5;X0i@4eNE8^6-*!k7g6EcNqSYF^vXPua&kOYrQu0}2$qviaOh1?22t8N zR@~e5QKnM9VW!}XW%Ek?*iT@+iRN#)sakgK2WGgNuIOn6Gw2eMG}e1EY4V4CN6&mH z2`CZdw1Z(f59wT*D785#F2a;)f}+8{MX%l^a&WTUP9%u(eFp&|6H0N3pZvFAoPQEo zjYUQYIi2cMjP|Eu%w&5kgdzkS+Mwz!8N;dqz=NusisFk4^GpK;$&shF%b+EIQZTx?&^NS$ril&pMtrQXP_MGkh@ z7Ez?qGcNJhrQ#MkU_Ad@vx!7{9MhM%z~s@5{Hj^{ATJQ|&`A%i6iLKMxXUh;UjGmZ zG!VZ}l)a?FiE__>^7)nmcpf^XVc@pXHEa`>lLA(*USvn*Di4FNb@Phoh2F%gA$Q0H z+X!FpTiRUa@-9Pgx|_bDq7T6m>ERfRn5ZrdCwz@m4z%#k88h0bO>DXdPny~e3=>sl znmWQc#oh2y={vg7J3rMRs;%6h8~Yp@EJ&)vgX2Vwe>OUvcrrp~M*60#Q{t@U!a{r# zqpbf@XMT3_N!TtJ5>}(DA1eVntX-`cp>@{qR=2Qzhq??Y#AP*I)r-%gY^7eu=K#pf zOhFt}MdRE~Rw~4aPgM>r|5-hbwSyq_RR?7R977R!2ZtgH7B-kC1#}`44|#%QoJvao zP3f6rFp$7`a|5HdX{l-&6{2md`Lnhk#djuH?1kQB%?k_SNa1peg1BdD73E*_2tC;Wkul_Z6 zlyLbAh8E4ZNb;tZfa@<$hfMhOuE7j3aq;!!zQi)VjzafRE1dqeI@d*|MNeu|Q%H+M zlXUr!3JTvY%LTippKPGGtd$WM9Y8 zjl2*rMiQpNBK4}Lk@1NO^TsZ#Hvq&&LVr!o&~+^t3ULibuIxsn!X60Mec?j5N^tE{Q-0H8hmG ziy&tp{_*i@{C_rQHjp2~mF-G(_Qkg2#iS!q8-UJcEdt4racC`oT9PIEGUUxTd! z0Q-3yuy-s5j3f73rUN;xXL?=}w!rECnn$^oJX0`N8}XML*WMCfQfr-Y!0FFx%cJAJ zZpT-y1EPR|rr>J--qk)HgScjS{?mK4PagQ2ys4?F_0PlBKl$R#o7XN4q94~*4^O`y zPiEPGuf|*DO}p1NlR>QH|EQ!pj)9Lset!T>^xC9zzSkNkmf;WJMmK`&${W_y9eu`n zWR5D)X#*(P1B5IINcPxO_W0VWb8X@82kb1^gKH1YaqHE^HQ0KHqlV@EEdq=-*Eo}o zp0PV{Y1i97Fz5E#>GLlRaO>oH*8`U!vmdF6mGM9O5U}~-8q_uZi@i1G?r?csMJP`b z2mto`ug|mPAQQ;*3Ou`JfPm6Q`#c)3^OTtE13Uc*pd(*P!cS%YKE(kBF#uY<=9_p9 znl}cBgIopNfNEvY|9JimJ-$f0AmGS4@Q72uTY2yl;F7!nqlwFMS7fxtKbouGG_8O$ zsZ_V*nzVfu&)R%2_!w9tE`T7Lrt4eotsRhi*06yaWLj6aT5jN$dSNfsr{3_!0qD*L z?&sq6uW4bP=%cT*0oNBWXJ418*Lg?7Lm0#S?>)d6-?*c`7XPm|9$=&$y^aC3IivM7 zV@E!@ZxwhLKBxUA0lP8$=}XsCv2@`AlSBQIa`A5NHz%`AnGt`#Tv7Mm+9q3#zTb55U)liW%p-98v($k2kylnwu_m{i_=5Hc;Ro>o-o<9aew`#U#*pMD*i2IW6$&IPePKy8?f= zlUD$*N;0>m%)ztOC8pm0Equi7V+`HR`X`285-FsGzsr^MM7~tLo0=yC#Z7WiOn*)> z2%F0O_cRTa+*h-8gQ6W-xCs~Q{7SX}fw6PaBi-Phu45#cO(e&&{#MaAEfHGDutsr% zRjm@V6XGZaWIMhf8ut_WP2KLl#4rO$I8kCq`dz0VEi(?V=bhCsSVF=LXnoQBr>5r* zXaW4Mu@?I6c1*|D)Wp~43knP(&*a3-3ES&NMogmz5|bc&L-tT(^S3I0v3aa!O>wap zZqD$ROT(+!ytMzQJa>2xTNFp&QXO_H=kOcvh-&vfSH_Qssw~fbO2NF5zQJ{SIj(+5 zvtx9)l!Jl|nAU>gLXv>FXyIl{SXHVgy^#}nA#4^BFk;bd8O9}^uOqiHiOONxNm{C| ze^$DbNFi;X8Dm6jDIecL!r+1xxW<{gq^N~y><~(OLii<9bQBqt&VVf+q@DNR^fnYY zyS^2R{bJaSzF#u2ynUB+L)+s)zgA65hg9}ZTJ__!1`LhuN?|V-7Tt?a?YClihTJ%3 zH64)fx}Ac3$wg+V8@BGV)!e}7#bSijr)V`|ZVD=HE5@VbjRD1KwW)Ig#@WOGGLfxY{c433NWe?a4 z!ZPGZN$Y*t_o~3~Cn8nSP#w7ZDvG;#(m%F4x#vxwoH-Feyy->|s)@lC+V+f7Kpgz`2tbm40)6y#=UWK-KA}chMe;c4SsFWSbx8v`H0rsnSVsqW z?X>!Vw)y}T&16GK0b=0+!`ko<5bR`oV;l4Dwc_L)A>JZ0Z(Q1zyOE<-dak4#H|=N# zZUd7B;jujw=U&3By%=~t|CAv>rb^3CqziD-azWu*d`qld^59Y4gt^PfT6mZo%}CU1 z7S1A0a>F=9vLs9x1reK*J$>StN1S}xwy=Mq-cUD0Dia^^;-25{ zC&!RB8*v_s3B&le_CH$$@>Y3wC6xoWt3ELu$Z&3Q-DT>MD0k5)X3Pm9&<_6=pu~5u z>Z-)rN_wj4_uDc*118C2?C{ZxmDB6m@lbXveY8l5$pit`2>R#B1T0Hh`vW{?08(JS5h>iVZR2?fxM_g}n zXhunMT&N2zO8F@fqw@?(gc9!wYS}{TmrNSo>9+#m#d5aJK(DAc)2kmwbp!qU_)KY| zZbQ4~YnvYqK~HDGhuLXW%W$HkHN#p&GsJJl!9NJ9;zBs{oc@t{kiIAb z453)xAZ|^Dj5%t7&_mTmJ!d*FY3TGkewdhB?cRBQf=Njd$E{b}+w*}}AL3c1eZKwI zqs3+ZHp~tQr|r7`>&vc}8M$6{ak>jl+lv1DJJd%96kY_QhWtF4yOzW-wL6B&S0}K7 zAVCl~uT-wLHR*E+QW0}Eo|_=}sK?01)Rd&U4>t|%xWud7ySS2 z3j6FJjDgU}GrP?NJ-utoV*#os58XNyzNz<647;0LMdVC(> z|F8Ax*yG=|gU0Ul{>}PB-IL0Dp|U3=65f9RTuc8ca>ujf&}gYEQZHM|8`z1!N9IUU+xCdkh#nuAVG`hTil{cQES zthiz4Go1#qqBmz{w@+66y61IRV9{{1bG z^>-?ZrUv~F3VmIAeEofLUGZESWGTogL7;=ve;uxqn?3_}{OMPKi+S@P`|4lvKQ7SM ziycSD-sOfwR~hjoM~{fsE8mlbY~NpD0v~#S9dhpyZ~dby($&>#Aso1%(`&ox9qN;l z{S~0jdd6Cjy3(`szQRvRa_7V~i-cR_pDeeg7_0Z=OUx;=hv!n<;~%SiJq2H{9*bio zoR5pN*B9P+U2Mf?KRQgLK3Jk@UF$b_m*Efs=qpJsO|N8LGwrzKwXMt20NtCFW4nehz)9RS zQ(b55yVDR2PVLvb7~K2%EB+F!fepI)mu>c_8E9^>US*y#YhWb;{;Xcp;0L3Bihajev-#LKUNWlWmblYZID71xJ5cgvd! zu#8wK?*)|0L6J5MR_}K|C&6dSJEO0}EUM@8$Y7Ry<3}d&B^HXN$0V^{q)08|1quT|X?^6KCuFag5WS)#PpY^`F1U=NeBuuc-6Ku4zTh7S^GM+lT&A z$2Naz>)PFXcJ~&&evO-CNf524cDYahO*6XrPv_aDQoxOv)5Ln6Kcz9&Hxys=I{?c4 zFRa}?veeufZ2zM3sJQpP#Ka=r+0w2b|I&`f{eB!0UZt-i`P=>BY%ehGfFX%48f~fnknS;zmQ4sA zW@M#kRx7A)6j5%b)%A`t7);_+eZrR~vi}SO<1nW*bwwcFFzC4QaC}!&5}BlB4MzQd zJ^>*aK-6-eE)HelryNiy2ry>aEmVrDz@f0R`8a4OF-6F7&;x>>ZV{1;y89P@1Sjf^ zAf*IcP`i5j5GC}6F-WqS1Jwa2^5Ll(3}>%Yh=SOwZ8{TX?@SwRxs33s&X+`Stb9R6 z_kGUx$Q0BoTahSNDRcN$PSx&U62k(9wzUh5L*;3YC4XXPEipWmkViy735hJh*l5_? z>m=bYMViyovnj$33f=!2-enV)R{YW}=i$iw3ysEBHIb0fL0`xf-USBo3`+@jQuK8~ zm9;b^D=vs9a=iD*uef;}JND1OKj_Mh=N0}Z5AQ9Kb$Dr;!TwGC!MmqB_9{mgJNtK5$aV!FEMb4ucp?`>+Yq(m>W* z``g%7l6Mi98*)#1!}6e1OF92uHW3gA(way7<%V0fQ)=_`e7T9E((*bAq`~-CaK?}H ziRJ@$7ENv<@gZ`o)Sy`A1ziB!eWhVA+)~lRL?S;kQ&8_Za@NQtBTYCzzS&nMwz= zxle_Omm|b1C-C4(gB`MtGnzH~$oj`4KHP3Nf5$1&sBH*b9{J?lBc&rU&zY$jj3ANl z`tc}qyql=Lmj2o2cl!Er3H4(~GtJLxJ@tqv_KVpw^q4UPPJG`+UVxd|1qID=ywd7BWr;FZw1VXD`$DFpqFcqiEMN33# zC%3kyc-3)7D$uiGR9LKJqu8DK9RcXEc+1JjW-6&vW0++NDQG+HPguFBkXAJXfuq(V*nNr!CLXrKyHYaaQMl#o+dD9qiw})!;g4G2y50&zygD?{Twq9OpW=Noo;2 z;UbwaP!0q>T%Uhwr2c*p94r{)FwY0xWrm2Ew=O%b*@!(WI}6=`v)9CJL<7Z*b$LiN z_^5gT_|3P@x6IMDKRM8q9()Cg%G|J*7O0Q7yA5Qdbnngd%XCX7Y%MHE5=5ld<1ngx zh9w4QCA)S=V)>S~3J9o9ZE?0#U3n?BjXDo&s2OJWJfmQ1hBu*k9E}h9e+uVmG?o^# z?t(wgW@YWZR#m_6P_NIs*LoFPIX#)kr)*F%QM?O*$|-gQDe)q)S}qhYHv}n{`SFX1 zFiy@Vq}8)N)mkbY1SAn)o-?)g=vPk&!i?L7HIU13+J^ZtmOT40Ya+?`^8@4IU06b4 zGd=X94niD>_AjGGlC=c^iyNyhJKTQ@H}(3UY)Y2}n5NL}C$o7VLG9o^`V(E-8rp=p z%UJ0&w?QZs`xg4{cIXXcs7qv_Xq*Ca%F2ukB#6GaBL=q}a1PqJbRr!u-gVd*Xt@LF zB!Sn&k&qHKQs;b+NrEu)t9B*zW~RBQC^4|w?%V*)F>$F<4`28%a7JPp1R@iF)r2_h zE}by!21JO~C#WHUeA#gD8~d=oiSOF)=1YM7OIn72WMTsIoUbmNCUn{;QNKH7DUFPN zZ+!YaS=V7_a?5k^!d>bzwXO}=Ovgik5S8~ETf%8O_S4oEtPAzGTwQ>@7wCuV`2j`K zvHA`}BEyv|N|G=-hg`a|QnxXjK^^Qt5Te9%7nBHQ@0Lt% z#obLi`qHAw6bWTGskpsx0orV$9U6>=l7#Pr?zwx)S+ha=co>{Z-^0MnP!_p)+X?#gB1o#TKMyA_O%K_XgDlLl!`X>nY!&y+z?OcJc1bV}-eN zNMxE++q^RJ3G3tLgLspZWs-P%&u4K~OUfVOSTn^hHd73wiKW0oP-Pc+xI8&IW3lc8 zxMD&xTk`xzC{5tu$7ecECD@KHEFWNcD&Ov5cN!hUGPRbqzU!wZD?92&`Y~Yp(!{t3 zC2?q(%p=*FI?RhEuNod4X*&S zZPrgrQ>xft>L+^Ih?i@t+2Iw{EvLPt(s%!{!M;hv>6sjVE#D)u7p0GYrB3pSraFtp zNUkd{A`nFSI^t9%x7jEm`u%TkO0L&QBBeqQ z!N^q(xtF$9x!7tQDiDeqbc?(U>~{LIr*-G5@ng1Hq<5)(4E9k`u`LXVSG(PX#Qzw? zM_TQCk*jeKaweBY04)eqx)!{Pi-{_z3m6PCp!zulQd#^AmMi#Fgm;_-MxcVEF}2>K z78`ZvWcLj!e)d#eI{jb37}Sh76^V{Eb6fxELYOxO*h+WfEH&RI|VKe zbNQoT!v|rmv~F&q$hY$vlI!JLN8f%2gFf=j;yx7a50mVR2cu z0BD$`(EIgM?op4qmaSLMBcMWPh7c)Ju}r-98mkOtXmQ-iG)K`~HAfyt(#sOxraZM? z^y-f=H6_rSH6U#bP640gze)egVJ*0eRB0QvkkUfr-D;)GM)2x#v6JQ>2#D7hx->nzG&$-yuIPz< z%*_q-rh#0I;lEO^=dX%vPs#LF5ZE=*sW!JWs*J&Z+<`8~?c~Qv!n0+}`E%vD;8*pC@xd=%`m+WOUa0xsbuy$@cUTj6x%X9``sG3Y^T3lph1UnW- z{P;gL-EXYRuVeQG#wA^i+gKD4ZwS~PCiu{46b7{Np)LT3{~n#r!XwANn`WDA_73+>sMKG1{^MOaVv((dcZAX#dhCKhP!d>9r4MTXeDu;& z&5YpZnV_1pokkN1$0s2ugjZ8FO zJxwgfVZf5{-G4#qjpf<-9IsT}od#owbV`bZqR}8WHrh%ChgGb00ZY99?E3vC!ALiM zOD+#NPZ&Md@FUwYWId`Xojn&E31-7&G>Ky82#m^g&f1yn#*vbht0~B|a10MfG4@+d zQ-2lnujf**5O5??D}#fL)%5L7OQ9|79n-BU=nFNMg;}iqAPO8zG}e+mxL(vhkn29m z36}Le!hbQO&|WK0r*B%X7!cC@Vt%xXwP5i=D zdQ90f|9FC={9Me~CTGXUk)u%0$Q=UGrm{WiVgOe`ue18i{x$xAq6wl zG2RWY_&q)tmaL{|9XTBn=NNxK=&KnAD2(wk-G`J8Vxy1*VT_L#n+WP17<}t^(ktwC zUW_fjh?$vo#cK>L^b0JAos`ZT#F;*nkJ7<;DCdtUXYPv}JdMX1mv);K>h?I5{o>V% zqJHWgWV5(_d1bvf?{D8{q2K{eGD^%S-?6<$a+2)bc7WAI<84r`{lmnxzIm#cUu2VH@|JbGhH*tGyrjQm69Qg74sr?|>vL zOAL;tV%|1A;e-}P{ye-`dwsW=)pZbO8?bWj9})A4W~=0U>iD=~b8Q#sYn9yd|2u-! z)^VhckX+x=tB8uZm>Fu>+C8SB8FHY>h!Ek-mBjOc8k?G*a)mxn#oGQmFO?xR3vogT zKVjG!rQMVP@v6(+4ptED;OTrzJF@R|dt%OdNQom7-m&&(R6(L^ZCZcBX~Px2^KWAb z#mifKTV`lIB47Pw#|;<58 z68F8pf16XX|2CW?08Mn|j?|-GBa>7svwViyR#CtU_kLlw#Z?BG7k;#mW|J<AQOe= zAN&cz6w}0l;DW}BTNUnQjwR*9zi|OdTZ{jg{>`^WdoF%kyqr6kFi~h;i2Nb@FJfta7%qIWnMg{_FhyJ;?hFlbB9z1qyyV`ZU9H{s=3(V2YzB)L*oHaTBAs(Vk<3tUDy}i);Q$5XUJ|k zh4lWU7-V=0O7We-mzo78MBSh(HJ5{Wn064yOEH^7dp1fqOc+Kg=&W_?gR}XtkACi| zwLR~n<7P)5au>T>x9mg3xKf}GJY6mKY1#cKx6kN@!*NAlygt*4>bPo8ESxJK9$E?B zW4)NTIP%IG6JlATdw{unWA!%lKlRApRl&4MI!(5Ayg&j6p*-7v{|`c7ukn6Icn*Fx z{09EXZIM`X*1hwCPqdHdd3_FScn@!1YP1^B}^*3Y`Mh6%XqtA?Q#J$wN6vD`lOXo?L4Xi91uN5 zOUK#Aby?tOOiG@@z$Pkd4Z10aw5*S{nfrlErf0?Di*pS>z4Shw#!a48J)hZfsgsFT z+PhW!->0w?G$o`sQx07yxcK@xwx=?^8Kw+SQhYZ&Xc}l{1tc;aZnFuop0g zcC31WV29&zF|Dk3fAEh<{V2mF;f?G%w&PSkv}ILb@4`|Dv?*P$h}sg(c9*i0P_I9f zm(5J$OR2|6@aIC$X%P%gH(xB^^9Ne~uFMZ?9?o=6PU3>Qn#E~>VTX6k+B>${A}PZX zj&{3N#~bn9wP~}f-}>+PHwdwFjpPS8uDG3VJ2W?+u8!$JQn|KfF{$Vi{No`Lg0#s8 zu_55bI>5yvIvZ;{&G-m`UBK9T&4atC9jjx69&yPfBnA4xx4{bI)KD~bXk7)vIUzZa zf8)al1k+v$7hZR}mBF8jVx^8}&Y*Z)n48`=|F8|`Bl=F=OyjeN@fp0-6w}#o(8$|6 zT^oC6rxELNu&G45OA0m5g(*7rVkuXUjSs(#K1R%m&{%{BTCHJI!<;HwsNQ#f@BAtX zH9Iz#4yBaME&vw^KbMV2fCP`y^G&VarRyQ{34rVrjQL4r-qR=$8WOu$`#rcbu)h*- z((LV}|KVpnFRQZ@Gw=4;RQ8}`s@3Vpy^F+y&A$bLiUJ~6$h)7O ziL5DAT_X)q(%JmG;Ti`Qq}!q5pV&x*#iz*_9RYL?*l%SeUUS{mZpTZi>On9q7DmrW zwr`oQhDxQ3k?j6rKS%gvQ(HWR5Ee_iE zh89HpMD?Qzzd(APblsY%wj8jqFwW zp1DW-`6gYWrmI|#4+%%=Z|NvwoTxF;&F`Pn93EeWBaPTYnsnA*Q<+*y-6%8JGMqY_ zbpJ1?;_#_q4?Dm#?{yBf#)h5(Z3CH;AE6f}577I*-hzScjs%+VH>a%G+u2JNvLG2R z-_ih0jrBc}z$;(Zl>m_SVs?|z5zAQ{&E=BpzaNjQ9=u-PqZxnt+wgxjfI|}PJ8^8c zl7;yOF%pGuEoN#5Sm+(->5<>5y$l5zFoLA#>U{k`S~(} z;(HNnSfMQS?EEt#vc#8gw!~+!MADvQB8->yVF(6X)xXqL>iq@_x?yNx^?a)Xi4OcEwE zkC5yuX!%XR1hR}##^%jIt@qTC$lGC*;s~Z>rS#%wc**xQxcuT#LzAf&Fg*_OfzNJ> zPlo5#YFQ?K9?g3$`0oGN|LXszFQX#xWTbP&JEmvsldpvEOLqgtkb8bHN;XklVm;m& zoZ(5oJH-@R*p_)oc#~@;4G|e;iO@10XS2BX3Wc5yR9$!bcuHqq_8gt8T^=&e4K$_? z{k{GDOWOM8*c188YUb6lNOZ(8wcwCVBG0UpR#8%%RuPI_Z|2#sl$$_Hr zSj=ECYnlbEDlxRB_RvZH0XC&SE`pcYdw}Z&XF?PANMpIFhbKSYCzmwj7Z^4ZNo>{q zpSh-h{~cmwjj*OCX~SthEEsRxhmVDTqJD$#yog%_WiP!3cYaoP_TMQTAQR$DXO$p! zf-8reuN_Ef3PsLUy;G;DL~F{N{atb{WEDQG$y6|Wnl>=yC}UriIJ`9cS|;%5-|4{4 zz-&hTY4u!Fc~ozt#|FeqhgNwtCdOuLpqpWreul!z-E8eZN&lqY~ zkhCro<8p>Q(ZFt!nooj3#DdkegOM-}I&U=<8P+%urT~0gTgzn;C#jCC9peab>yt~n zflz)ab|ERJMiYPVS3-I$0DKJ!+ z4ep9zk2!fLpgQq7hF(%%FaLUduv_E|{Pe zKR3rTq6;Nc*!W_@TN4|sW~M9%4NYK$ZYtcSc-B?ZS872?-`wOY(^+r>O}DxmUr>#) z;-KSsD0FLI%AW114m}kzDWZw)=H`>0m5(^vyHRQ`G{+D#vr3yRMdD>pQc|SbTd}%^ zqbwDA8!@Sy&q=}5g)j5f~enzN{ zWnu879ayrCQD3`edL2ubW>HI8XYG+mUds#;j^|`a$LmUB@U}%lU?ZI_5}thDv*nTS z8l~mni~>Ol+EJ=%4H267^{nxeL=`JLowB)X*i*R7fYva*EdfdSZHkqG#rI(T;_*hOax0iQIggg57f@fVQ z@h0?kJ8z<7fi()_;t|gCDk)9)R^NBZpySW|x49gcL%<%c2bSeqYF!-2aHwu#j#5&R zmQIF; z$tU+DRF#Q?14@TL6Ou9dqLKHBk;;7?GG%EQ@5#`;Xsl}$5dW5e6Dlh%epOUn@73NP zuG^`q0~fR>E<_HJc4KLu;0x^ES`cKVURLEe{k-us{4RXAP5<+~Men0O-wpt_cRnJb z$G#dk{nOCU#5?ZNoo;(+Ct?+xv&1^r)P_V72=fG1M+dnyRPXp?+}0EQHLS&4w^$nV zfjaK6JUR-DY*!1Kq}3T#%xw~-H)xT5r9Y{OBDhQ)WOb|E zZ^ppXD2ea*h_Dj~Mj??O+^y&lsyRjc&Cy`GoyzJCzu*TY56q5%$rI=-Vcx{N5g$d4 z7buvQ=N5e%RvFL6Nbk77K2$Qh?1>08pI8kP1gcD=mzPWck)Mun5%25>~dC%?|ef{W~g z0bv+2!o9hn`C|6jy}&zymx=;6OP)%I=;PZkKl*^xVyAJs<4pO0bfL`dBcM11M zRcUS+PY~Ai%NMbQ9y_#LvwD&NL{BVNn{-%5c#g5MM)WgY)eDyUNfKSUJj*=`s|;W!@$edmOl|DSAUbO z_xOiuSR5VFe{aA;2y+CN#Epvk5+{|WIFQFFk0wuxD9>RdnRdtO<=CgO$5281|Hrk6> z;O|l+n3x1I8}!%>EZ1t)Gb}W=nxo&C=xY5(q%TF_l~y#H8^9M#yi(-i`~@}0+T-_6 zf3N=#KkK`n8y=3FI+Sw_qdE{i|AR%qn|@XCzJHal>tN(1%qTpt&b-kdmr`i;Ijeg2 zwGio@*Yb|dH}DpdF6|qtCRy{+(P>L-Wait@wiLDPv1k>!l&&{7q0Kzn?(Yl^-{Pzc zjHdEDGsIZMi97g4**Bf57q5QZ3q0FA{Ytfbq8hjv=)J%Fd;6%Z5b_G5?S<87DOcSq zE23@hq|JR$X6N;GPB)S2!_R1BjfgSVr~-Sg5}AKs)HcuI-5JAA%cwnnzJ0Gps#89; zXeA;}kf~#SC3qRW^Ni!W<=2TAp57arYYgrT#ZkaEjh{5^W+i<=Ne`JAi!zdalOE-B zf?b1_9j+|(azKS@2k`FpT?C`#$=U-R#0U50mT91jU(_(Z@#FuuF8{wj15Qd-CuZ+k zqU0Mi*gA4;Q#)Be!UPuP(UeG}rOn0ZL56h?(|Z?h#gnXD)t@#bDl$ussHzbw0WDz! zJ0?=#yzEf5iSiXOExJg{8w!o#C~wv&r&2M~vDaKrDjXm8Uz9G$+s$J8o`Z+K(9Yj3 zNQeHWJXRuxssxs_?lfUPD9Ldo@VYDwbkm^(5t&McW0SLl`(NESA$#6#oUyk>ofpl? zvSP|2nRk1ovr`f{UN;pg-M+8m^kVEe&%3@?DvCR+zQ`1}N|QHSMAhKupSM7ud?kIP zT^Zj)S|~(EQ>rO)T|8p{24WRMz;CX~MP4pK_fd2-)9j{?sdqTsEWbQJSfk|lw$ zrda?l-0kJ(XSwEXY&R94@i`rr=+j)d;N~yz*n(gn8|FLHgRH+?X zRS{dwhT0S{tF09!jg{Jz8WlBa6G64Ll~Q}RW)Za1-n&MPs@nYC`TV}WbAIRK4-s-s z-g%#U@9TMA_whg=I_z!J^zLhDiuC{X6nGDeG=oA=n}A!qW#SKz*K+@AYcRcwZ5RN2 zIZLOlKM2y*=e2>-p%Q~m>c4{igrtghhb~r0=cs2+>`Iv&iSRNi{ynguN_nyt z+b2D1QH*Dm6@|(}uqiIwrA7?ficLZ@f0LD4(rCfJwUvTqNg)$SL;r?NIJdWJQWEQi zZ7V}2-hmW?6T&r5?XFwGUKu>FrMnd#WR1KAc2f`==A#7o#W-h3IP7oBk&17~&B6nJ zJQI4W<$mTF>HgH&o7St7Wjp1+X|kLRVgdC{fkEikAJ3gI+kR)mKYiQp>LKGWm|_|D zC|;iqhmNg8-Gkc=Hm~1Hr@8x5@7vR#??qz^kO+q8zzjCD&3F!mx-Zzz@9x{Wj({q$ z`}VF$Epj}{h~TwaRF5~CgCk5?vLHWDEGx9Q7R7ELFy5t{p$Vr$zS*mAai~|awGQ$D z{c-wLpde22DQ)Brsk5N4&G?x0$QoCwc}4lH(1Vj^lufn6iXtg$k1nqC{^jwa&bv{1Xw76WLSG_##;cg9D zZ}C+{KXeCnYR4~s6w*V==9`bZg+6hqo@-^)M5?m;rl@6HD{T2B+9Yf5*xe|$qf$G< z`aw~GK|Q+lZ=a`-F_P@Tg10RbZ@a++9+Dl&XFuiPOZ@n`B7@!FgF>x^h`5bhLx?TT zXW)62e=QHoQykVVSqjA5Z8t3oCE?L89En!j`s|^u4pASSfPrRb=B)g`52O?yq?1Y!?;bmvRqHWqRnCU z&kh#YKbemPd8GOq{Ou&v;!_i}BlEnp|G~Fu=BWL%z*yv$l!kS4#{A z4)RBEI=f7R7u}{N@Os6o?Qg`WJi_YqF$ycT~41h7L%7Zvd0aIR;fdm=||{%lE1 z=}kjxT>+dEKT=w7|7Yd~6@yp@Ui5Km8Yg%IMfT(5u3=$Z3AZtOw4mqbP)l}9u>Or+ zAIq9UQtY+nR7wxR0@>y#9Mt+>_Wl2cVju7MVY@#A z)HZe-zP>%{a&>ZY{Se*NUoqdcQdPEAQ*JZcE$P5`mrR0nWvEt0Uh#l!DSOnqv;~7l zBp-fTPs%i=HZ7o#0+kMlRhHC-its@gm<_QTXE`#()X?JB5*bfb%a?u<3&16XsY*l* zsy^z2b@Dntw#P2@3@RXTpYiv!Ro`;0b)yGO`tN2X3A3f%JU4erxz+f+RzSy*$hU(8 z%lyRNDO0u(MT*ZI{utRWt&e92)uiPT$hQbU<}oJAg7O#vtQagUzhq&wtY)sMslzrx ze&gTT-k-_e8v`9D`_CNEQ84~~|JV_ErUSc;D5u`od&$dF?(S*pzH&X@yp9ulE??u| zn6~2VKvE`jo~_||@sOIOvBf7DkOM3t#)qX=0)2xRDx}_|#Xkdg`mwWvj#UWvogWTi zr?5d3=x?^{#6NSel$S&bf@=x{<^a?Q{e9^wk6*)PY`^qJ_!z>a#tYh|X07`VPkzsO zg4g!Gc?clvo+?Q<^xymaFi-&}<^KRO*q)(jF?&PQ4;Q0K=IqCX%{b6+A%d(fbV9wUUZD$F>_(z97z zQjbjJp29wzMBLxLpzb-d2V0#Znk?YFw&2N{=BI8=>S&>+-QpjR>vv;?#$}*KbJ6@& z_yIRW;TF&d z9O+Y>%bbV-B^%wE+RL$}i@-Ida=W=dYWTL8-yB0-{L^a@pXGtXTSME`%BVv@ zh1m2-rx=yRs`J)C`p|C9{M-yj+FS%#t_KeDtPC4zG!*;nx+6Q+^=ku=rq4N8S^Trj z{EgfI`At>Zhi}B%jlP5!XRtBC9uBri8p@)SIpTZ5vDg8HY+-esh`CfO6^EpzxAMn8 z?TSDv(U*Sm*;uUA2IJL?g~Hn%?Bwm4?5{oE`Lh{@nu4;1zBYNqqL1w@^gf6(S1{C# zK|b6a02vlCS())~e->+zvClydD(JD6OL#-k(7Me{bwpm1RM<ia&_a`5MJVEO8#>G4Th$hxn})!h2d4qf4h%V5X& z)$s@CJCB;Ly3)U{C+LX1DLi0Zuc_%d8^7=vv35rA*rfl>Sijxfjc4m-))#9B8mrWc zrk~=JRaA)Ox#;_c^=LnWjz7bU(7qjWrxiV7Fu&VmWjd?u^)x&YTEnau%yYkrC<;Lu z9YN<3?MUJJz?wlbsUuHYGdRwXl=`=a|D!CfT_%Rau{3Ynbf@eQo|67*7xW-Z7Byr1 zXufa;h;`H3PxdFBZHwo1zd21-fEeQILs!Rm4& zQzK5q+-1R|O7eCII{s_BTW#Ab1~3_;EXPANCeI`38`s}2bZ_nZH8%vyJLrU*{MlJU zkbN%xs5jn?W^aGEwdtcWBsn8Q)ZU&earO5Q=lWdu(84VA&*U=W6tK`j0cH3erOVV= zCidv)Xj<0YZP)s-+QV6^_bBC=?~YT3`SH_PqkLxMr`8&!RTOHDhhxUbvb86Ejc1?5 zupY4Bz_R?D2iFA7E)WLB$va#QH>+|_6G5StnYEisH-WFjT<^Xk@}^sftL!ZPB9kbn z3>h4FMdH^&`oDzY{~vxYzK?6#k@>{+@Fl_cdhxZA-5FLT^t_OS@^-nNj@jRFx>BG2 zwdjD}t68s^hW=VL?WfhnKX`1iR;C*iIF-ULdiG2FOK21>lt4Pl0?#eQ*`HrB~7wWe92^o90iTiJGJ7KWRF zom}2W$6_`v)7lO4K~LnIcTC>6-pQ62fkM?tr>=jcozs+uuA} z&zAgm`!?#b<89+@o1`Enw+d^@bvCTAi_C`n*Bf5<#|d}XYPn6v!ggD{<6%!MUxg6~ zQiB8rO0*p<{mAdZGt%e8C!Eo~iBHy+_bsQ7Rx8Pin%@bmZ@1eN;9eg2E#RNW=-wO~ zCg*z)yTUx@|K3|kN;ya=QQN|LDcn&Zu(UmZ|U4Ko@?vxo#a$Zs9qdFnM}xV|5a#XbjuTnW)eClA zk}!B43AG*d=bl9lMhBYPv!bgWWM4$HHn8nLmu(sqqt>g)^y{irYmrL19zs*uAG%Tv zfz8x4jhVn3*XgFPUElOWkQ=MnSqT_gL1y)A;ajp-Ax|5YyEh_9+%TVwO_7_)cc7tqgvW5*6q9Pg#8b7O@hFNX=N~$&Ln5rm|rWzjd zw%dbFiFXpUFr|eN)d>~)crj|8;SV>7Bd{qD&Fc3bqD5vI<;C=>3#PcZxo7|QJyf?> z0Xj30TTi85jjN`gDs>BgIR7lxv+PM*y4uLak3b;$8@cGCb=K4Z{>KO1*}w9HNXBHbQ4xqv%D|S{11r^c_eanG+`@BaKzuipdV!(Aswkp$=NzWU4e zSYA2j@~x!m<=(wMUpIGm$U)U^YhZH=uH#Yb0k&iR_>?^)E3`zV39vBx@HHY#Dtqb< zT%N5j?|TIJeVEGN4LmanE7~v_YAhI#ovsDi(c@hS3}vLBuZa=MGCb;GjJWV}b?%tx6N|GHh#O4@Nhc%#G>BxN<)& ztErXHYtQgk=6HXWg&ul?p|wk;5e;Y3F8e3?ZcLHJInS!h;5_S?_}yTJPoNTI%rhL~CmrJSG}gsPscs9q2{S%Yt2 zW{4eBR#(2;YJPH@R8^*EM)4h2E}rt_Y;^sZk4p3}FH19TLlQ8rwdr81s@Ck$dO_dF z*@s;NRc7$o0kJ0oeBSRG;|d(skn@{bB4@?vYeAC;f41EcJ8St$q@eJ`jEfsT-n%gD#a zk@Kfz^QTket^cl$lmO5{+rLkjqiv_z^C#H=wrT#1#@q9o@$@ zSu5nimwsU#5O7{is-8Jt{hPm>ZaX@9x$sG-*U^?{m z?ARw1^X;td0m2&UPd^1g<_ujrb{Rc=@;6jZ)2I~N!M=GzQtRIqc5MHPkG zFd1;O1M5A99PURW&+3rwAG3c@(m*K9T7DhA0;3NVqQ4X6N>)i+WQIV*Hy=N4c<+oN%5QMWFi87X zYlSV+{*j*rLqrUDxR-Ih(W`F>INZ4CxY(bV&4!3trsaqBJf!Lu`|PXZ7$*!bQ$y2|68tTK(&s1yLIUHD#dL~Cd>7}r2g}^--i{YCmJp|_>Q6Ka zs?~yBBj+7_{)uYv!JyVVX0*}Hj7>d8uEFvk8?DHpRqMeSt9_Zl zS)vGXDHLt-#5O*-n3wuUYIZsc^}F}U(paD(WfB`3X{b(Ma(%VbLRl*tdMH97=5QMvEiaOAZIN+-?|c6(Xt(ii-;lakXo8J0z$!>Gd3D)-!M=JbVaHEswU!0G6pE-qN8rSN`dQ1iOW%BU`CviRmKMU{Bd_j zM+eYVanjT@4Ns3~WCv4~TJ^fC3{@Rh%NVR>fvW3btM@WT*JOL-xgMLDR7>!^FP6Su zz_sJxw(`sc9Y1!HNi}Xl5BDR-%=YPg038D1k{oyyeq)%UtWmB+fhUWyWD{Zj#{vQg z*N5NujgXz~qj;!Jk;Rnw_G;U?79|Yj#Q+5!ZA7UoR8L86G=C%Tt-sw!;bM0B&|21~ z$03Y5^T)sP8e6ZrxPQ<(T_)bS{B^c_^=m*qK8j2&c};eAcXvHYIMIaJN#@R;Vi>ki zNmBLh-JsKrLY3xFh8m4P(#L5XK- zu0hR_xHc3gTO;E#`;3@(82NKRflUk|Fk&sAX!cE0D}Qq>-wE)m!L4^k3UJd|Q`Sty zPq!u4XS4*J6ou24O=fQg8rc+JtC;&?iM^vV>giF5PF{>Jqa)cd5GVtT_yKql|ESIX zcyC#5Covi|4ck~;R2Lpb=hQh_?c~h9HVl^4c-y{poDxdj zc@Y!i@krvTn}aQJCy}k?s6!ot5gC>f+#x>NvrEijGio4_xxbcWMC>ufK?L)&O>6n| zX|BhzdViRHkmR^lq-M!I=$~kFYjwh5z5k*r<(~B{XE9U^Ag8&C3Lm&_I!;1V*yY-K^ATQ$&y1h0L~48mos#ZA36^Y*`t54B=my# z3!t}hzamI0Kb`k|I^Q0;+*UokfAx!S7TtGqt2I#Q@HcIl>RDy5yIbGUzSN}$$B?gg zR#3>Dao;nOwifE(`Shi$9isD@p^KTe%kisI3cJ5Aw&+jL((3;=N3jmsoLcNPVqfZm zaqt{SR4Md-d;c&LvE;o0L?~O0Ja#HUH+g+_+%yvq5FQArpjJ26ng7>T;y}e`#l(g@ z5Fa|d#wmmCmtsCHn@L5K%k;RK$qIrNOOc>Mw7FL2^kp^509WR zOU!krwA(*EM~L86;YXWlb`!*SZ2pvU~fkcba8bAi5crETqeS-7Mx=eOuwVg!A#2F8HR~A6{j;ZBsCsGJHS~A@<`if zbyq`foz=e5R1i&d8f4p-Uy}`<+n;6ftbPG)2R(oj+ddBy!HaqY1fBmKFgEb#{&B)t6WVJ7igin>oAy9ZhD|2cFJ1eFlqobIF>0}R(t_- zz7Sl(#i;e;onSDSF{dZY=_$^DSE?${wwXT>HpS6WCsz8xioEK*oC0KU{XV7HC?+CB z8)E#g=i;7Uq5gQD=_utL&P?nB>vmG93FI2#oQR~dQDtJM6E~<8eckUikYpTwuGy{2Vy(-r!Fk)WL z1@4N+rJ6=S)b%@4NKJ@zg54cG$d`%BFRv)`u@A0^gTDstD>E6$AqMpj0f-E&SC^R) z4^`2MEjp<$TgjzTQ9s$*X4-5y#Dty)NEb;O;w3|jeTYr69__9gX<)S`r zpc_USYF(5lPD`v~j7(y&TWgNOH%`v=@ZI22diTC*%ky5lSWrMvZvT_Hvb++swN^qx zQ``f5ERWy;f395Fo~`lc+!)87j!C35>l46cB35cPZM8s0NqHuQlBmvCj-I~otOu=B zy*zMwelqL7wlz-wHt1Am!tzE#Q{d(1;TDFK{!{SO4V9xg0(nb*Zg!@&XZ#bTf`~ceaV1 zxKD{*xz$r#S9`$-MYdQ=Fv$EU5$NM%WXsv1^7DJGaU^*28=35P@5dR`hBPgoZQjl zt5fc_0BD_Ly0e_GZyi{C8*lw>wNa_$bbAt7m55#M8Of+J8IF1Vkcsrm$a}L9A1fBn z`hgX^^x|o3*&|IDzs3w7bi9=Zx()!SpnOT1NvwfEcSNn_p}MC+CFBj8H|@zayYqEu zp4hFC4sEO-U@ci5yvsb!K(kOmqAgvl%w2xp?cN$cT1OckY`8gyCcoz4AT3^3XqK^i zjnUD;R%0WrM|^@S+kg>2yOH|K_-TwKfJ6&99tBQZ6Py^I(wBxFg`5CGeINLwe2l;V zCjqqHZRbD}xa#GtkkwB==|i@AUThPr9U%nn_~Y}Kkp1kIs(D=U=?>>K{kQ$AT-)y5 z)%|k@F)8=QSRAUGa{Z^Xr`c8?42_%KmT8-#^ z!qdH%Db1B)B^CUP>I@|ktjyX()J}HMxeMW}80!pODx#Nrx_%M(8Q|MOuoBaZ(6@dLbw|<#M>>G^-fbBw$Y$Yd;a9(ECxFYsn6fb7WNOxS5KoBp z7!eHE%<#J_4EO%Py}QD%>1$YH;>$Cdw0P`1CE?Uh$R(;=4PHOnwz;E;zg|w7N99i< z=v7S&+oA28Y&6(QBN2l%I3~{EZLi(>5{@-+85Z%8+sj2Y(7qe%w4W4VE@WEljElQq zuj0RZ%WL@MMKA!g*F}6;wC;)a$;waBV4mxS;di*qBO{*PW&n{B@8Skm@4ZrVrf)2& zT`MW?ix5jPVa)LucgYbZpO~SQ0J+LAhjNw|Y#O?ju5Yja_VV?z zM6S(szf0LJC@V2qh!{3|@q?JdS8WzAO+!?K%Hj`E2Te^d)ai+DXGv9s7Fk7#DCOVv zcYjrUJ0@W)SeS|IxE@bSaV!{D^sjgIJy0-*?Z_rwTzB`wI9Q70*7(wa{V=Q=u* zpL-aY<^HoNqpIX~It}=d&6XF{BHH2}YU-z#mZ^-d*HCoF<;V<{RDUstPPYMrtC^Z9 z)|M@EW3f!YW=h_TeVR+S^-i>?9k>NGI=l=UEA7GO-Spz6LjTb$!W>juhMn z$%XqH+9P)2SRtLnsGE(G2thF(R)h276fd|<{6N}=uT3UuhAaGDPthaUvSV^uHD$QA z!xH>hKe}7A#A=?uK?pN-5NQKQDA#dt#?yD`w5mw>ie$P5|mO<&j*w6 z4MR}!ika?xorR~?Q9r7&GH58mt`Y{(D2sP1xS1=`&+p1f?<5C-mKsbZelZw$KIsHu z$a22;xI11eTh|)UG2Zw>+4oFq#0;?_LpvB{SHFQ9(8s!<4~!pwj`#kYBMX%wZm=oy zwo$SZhZ*!2ZlWKpw2@+%M z3UpPZ?N0#p^c{W0BiYq+(1Iiyz}LJ=H%77oHvCjQZD$64x6%DG;{oTXNc3N>uTNR`{3f# z!0+wmH6_$$8`DyV-QxULEw>(<87rHeN84S5$N8s7|8FwgM$Gpw$ypzAs%O$-@1wKx zU(9#6#>HLp(^Jq3%lw*}&H7Ff2@*g=mfR{f_>xzQjf{3b=5Hk0(a0-M5s5aOQTNg^ zRvvX*WDZl~7wPgWq$~ubMu%O|9Hh?P!3!yJGKhX+d6uPPk;ebss^&XF5D_X;MOjr^ zEV_VStnc%DBxdJ)IlPKjaItKICGl>>j zbb^8`1!~`g`ks9cvFe-&>teSrAtm*WCPqnFnt~zqp$f)orgCUw#=ZuI#KzK+5?w|F zHsQt*N*K&yDFy|&v_h!v*v{x5`ZycCXf$yHluTCohx0YJHA<_WUxI~5rsO#(NU&rn z*#&{o!z8@CU#``Ru3{8jtNPllN4>qq1Rz4r_BvEBgJ}uz^yLJ~g2o#EZ@4K-i#%uK zW|DTqPg^AJFxsMv?5oJX)Byk7!sXA6Y@far>=@FyZ|43i1PKnze&wgylpyg$n>s^% zs-7qqu}8Y-LhuO1;(JjMp4z#u7;C5V@cN-0^4&^2GXJ6zP_9f0vDg7(e+@=nW5ei- zY@vT%x*~`KCyBmy$Ti1EPAGr50X~6E{TawqNwDaSEpJxF*UiOV#kOjyb*?jo$c?2 zKp#@=(NJ$bhSH?kG-!hhXHUhp6WEvYURUT7yDHb){6|rC(nuYXJ?3ZuZ~L{I8RAc+ z8hr%bcj_c{GX2ow)>{6$?TpCRQA)?Rk0|@C(>cU5CghvddieOzuUkWrEJIQm3eG<7 zUANN7Cl()MM>E`EP`gD0?$kSJRm);?_V3fnLmWk$=TrY*3qk!o zya2t+&}z{EX@Fx`$0Lzdim@IRaZR~+9o8H{BC0jv0|}NTovdsksc;fR-1DWfCL5Z4 z@&srDyJWr?okV5kR|ex27bt3_vP1vhH3#^?*pYIFjl5)4URHaiLhH@@*#`AWICh%G zVZ9;V%_p+G27I0<_^1Na0|<++T*6C6J%B?fmJTna0rP!9-K%GbVX%zGOPCKtf9u76 zdtfsl0?;cM_$1}(6*3fj6;fAtorzw3NpoBNMS1Mgo;sUt`DI3WGd0)E?WR&j9%=I0 z&o5;z7Su7a$oAsVv?i}59p9#{-olyc8u`UMrX$V?`Rba6hKc%qD)uGdz=rjDjQ^84 zT$J06$)Ey_>EqW>Nl$T3A@ZR7ObPhS)hta%j-J%tiu$%hf*G0EuLfa5Lo**=NvU8W zg(a!p`2(%5Vmg*d023CWEAo}IV6A*Atp+SfRa4NZ zAJJux^c-1Om>I%5ZY{j~G=J<(atb;7=RIq?yA=gAss|*3cbfOw4-XFsG-BYT zla05R8w8=ed&t=|;U%DFpa)MtI6r&#jPS7tV)r*=-v;XkXv$kpHwo11*0oGzD*$PB zqhDBCTiYmndr5%b0dGcd6kZXcF5n{u5eUv(fYhD)axaPiMF$Sn5=8G!E?4zStkA$M zKr>mf-CS&I*n^^*`eCx=SNOttKHi5W%Ajw5u08U`qho?u>il3R1UTb+5=wD*fxwjn z^ixYcch@A-9|dgu=IZ97>;KI<-C;iCDKKq!;XhjX=nxS9K6h|fZrmzABjA{`PZxXY zi$9>qqH6vDlt^c1(HDE++%paIcQOQZTUD*@%k9;Y59YnC@8=Av^@3Pw zCHQ1~plD15NtsNa2tzT*c2P4e z)m`fg2!s4aCl!JYxrpMn_hrpWfO+ZKd2dhL+jg%VNe$^Fc5HP^A9-BYer@5JHWsQJ_A<>(9R8*<`!F?Gf&b0lYJD5WJ` z_{Ogip3TM_!50ky=tO-rR85Vvcf82Dep-oWB8W0>soV9Ikd_S1GQi>ecBh}Zv|G1` zd1a)j2#dQ9?s)wy$HY(stg-meW+eB1lt+y#jdVcR5l1|g0l9>Oj7jfGcn5XOqLDoo{gD!go z2|bbQ;;8rX3nkZbC5#{Gq?BTjBV#we&OU!nISo^e!s6nlURg&sZz&o|m1x*7)63Kp zy`dyIwDIBpI77N1B9O?O;_FNO``|kc(-^u368zK4j>|2l<6E*0rx%}|27Hd%B07Br z>}%vkl+-gSeO<+0lRE9-qDHX!ReF+u+G> z7n(aHl~4#mB2Co_maUgs^TenM3~u2S9+Z~#WA)g2Bz?k1F_X1Q+tqDlmV=g9e-bKtPMNj=VGWI`2x`y+#iA@hno0&Fd|252(MYDzjPo>wJ(vn%M+ z7t#A^ooEWpsIhxq<}mJ!XtWdqU{zMS&(w6S_;DhkCIyOY;ouJ`&6Z+6r%qe1!EN#D zoy^xI6a<#q@dbSv0_keG%X2quaQgg^2VcO}e|0!`Mr6g|v%2Gl!FOy6YrF=#1*J#N zGT6VWYw{yYd@b!M(;Q?7k^GjC?$)umPf?ym3>oC3hGZbA5iMw#Q&D!|N3 zAN=bcFldjH_#NQp&z0H^l=e>v3kASCaOXwyulF&7s#oW?J~jWTm{(qsAqXPwwEP_= z`~mK~0re`0WO^v6SytoAV0SI!Xvw48+bUrX2w5~LN z0>F?j2&)3DbB;p%GGWF~8Qywy)EIN8RbJwiv&sS1`EBsO-K)#prn7roe-eVv{t@~0 zndbZ_kpQ+Q+WrpfX|9CPi2DJ4gPUsoVD?G2I{&W<>se@Exj?W{>@PFDJ?@NBJzoT7 zTo>AfwyU!?62DE;x2FKwSybF_+kyLx5SS8>&%TqFo?Sl>|1emOSi4Do)26KWX^!d- z`D6Qr7lW;wzgg&TDa$R9dg2W$7rP->FG(o4_ChH@@&LFQFlM~iCCHvQ+5R`DXL~mH z)>f$!mO9)QKe%l}E)GTV>zY?@*NkP~=3Xv{ugAO3PT3XvO{jS6G^`V3PD=Jd?ogw6 zd73wYGs|i_iJ zx>|jFxmvNPxa||4u^4500H`ip12^BuKkZ>%$@Yw;Qnu!(3~bV`<)iCz`*$__3`bbZ z074MwaqG8#QVO$t=lsVX1)_qe<_D^lqh9=qdSy3Z@NdVh{DezFm^5Ag~g+ zy>0~VbFyE{toV~hDjoX=ldbJ#z5EPTHdXO36PGEz7Lyh6(3ZWjitjE`((|!!t`5{9 z-}?G@Am8du(wGEiRFHn@&18aBfg~ctr16~P(~XfYMT=Zby#;38Pu^XO@zB3)1CJb% z^I&S<+3P0jl~TN}rlx01CmvOg&rNpYp2r2M*%OCh?nxHQMGf7mHL_R^m3c%}&h1HO z3DA(PlY2k6r7t35>u-^W>Og&=zvb&FDpKldPxZm!NqYmz#O`pRkq9ISX1mGoP0{oF zyRR${E!V^ty&9rTbxbH^YWTOa*85MshU22>P#Q_H0)FGEt<19CT_4|iM@x~I_e=o} zf~wz@A9O0m+If5mTe><$NZNVWZb>}D<=)K7lh~1|Kj{;?-gy&|&0vRgm^f0j&TXLk zSwJceN6?LVQ9Ic}1t}Ytgb?ASBD612)pkXrFh^NjbOf!S3tycvqqixtgfuS;o9qvz zS+%qV6J=uJPKDu0Qda6gSS2{iruJ@fmRraw0Dw@k5$Kc zI20(xFH7*h!b+jVt>9?J$BFp&)$eKqlPsv;cIwYbvnJ!!?Ktee5V;!YZGfuB)TC?8 z8{;+hX9ltaHSz+5=}SwZ>ME1Nt&*N-xEAKWOFkAgMJU;NXg4iZ|@+g zSv}Te|D+D`@x$n<#ug>t`1e|81lv?agSW)`=gQrPnIkbWi9ccySx*}{p4_GqTGL`K z9=0ZVn2~7eCXk+FGF2h zE>&7+gOWn-2+1A!Jc=c`#Xhi zhlj>at=h(X%WAVo``B#_HSj>gJTEWg>4yolW?lm>QzT_T5d7N4=Z~=3#G^r_+rR7H zx`C`q9m=Y#y8G_qn3F%5xupq<`m z;-!I+mxiKss7P7BItFDj-uI2C!e1)m4iyT=taV4E%k)1iu2fcrHWzE|Yghf?Y*L<*vnpSq>(A&`5y561J_{@Vcxko?on;+7tap*(<}5g zNGeq5?jk@UIqBa8<`bg&g)o{NK-UC3f2?wVhd%!M{zg}7VNL*{Fo%OmP6=;3R$@{$d$ZEQ&Pm{j+f(jR*1H2ZC7(Zx(RKXHEO56BH42OqAcKW;r! zP%Qt~#)O10^bS=x_WWb|H@j!YQ+Vjs7~(r7 zj&e*)I#DR+wS*mGN;f~<@99@xY5hiiq?+^ON5uYiWYo!u00%9Nz6(AVlthF06^W{O z!8&*%a$p>9;GgW}_s$mfgot&Dsl%X&@($e}x0Lh3MydASW^Ao={(8DukZOgVVhQB0 z@w1>h)I^o7Wa&{Xb$LnDxS20KQBBt$PDI~SK15b4Pz0gMrsZs=C&oXemg|W{93Hmn zP4h2D53dlJqxhOaN&E#C*p8kmVX8cP47_n4^kGS+;$*2dWp?7$CM-HkzudZYINyA_aVFF2rP5I=X9v2Q_LPss4q1HOZ3j5hp6|LV;{9T<%AX^jhV ztOVy;7IV^Evlfly6cTqwKB9&)N&kJxWcq7MW4V4_CkZ1N{WY5PR-9+%YsN1+(iK+r z&}*LzgvO}OYQIR?l&X(NkK~q!Qf5&iZcBi;d+aJR>c%J;-pjwFH|mY~ ztT15^4y`TU5_{%k0Vh((FW=&K(uqbhf}wWnvs-j5{DuO3n1m9ohyb@uAH|_ zMLCm&c=?J%NwP=>MRdgTw;KCcj@acXGD>CT90Yq{Z&!PbC*aev7)I?1Ev>oFz503j z@M~UZMz)uBz_}E8myV~PLPWTNOzBwn}gG5@O4=$|5rp zzkS3xC5BVbzv@=AA5=K9Reg;A04Lt`qSQd&4JLjPPf2_s%gQlPfdw=5I{Lo8E_l;* zx@wa4i+v@fn17`ue`fA-^wBlq2jA$F+Or=<2cud(mibn_P)>c(`ZVU`kKP8daCVvN zplj@zIigCXa)rMt%bLAv1wx!LN-m$FW<1)uYlEEA=O?=R>%0Cvi@Q%;pf#xh5mpl6 z7G&_Bl_HxA#ZAKEPuFm_P)=&##aP-t)24--k{C7*qwrMYg^rSPZ`!FuuK~ks; z(ELFHggg07PKzlq4#cz0NT{!o&e+%(q;TekcYdubt-~);00vXGCf;eiHTLe_JNe42 zI~d{g9KPbvN*PmuHLJ&#pZRxBxj@%`S{o?50oG7B6@_|ddp2HjmHxzT(_2*W_9oex!?&@P2(zifycDVqSEq%wY5!Y^d@0e#y;U z^mIwOsXVCo!^00L;_0-xnx1by`lR zmx(h+`gt{@W8I3c^MuQL8>&lQa>rnbOI^WsYpu@@PJ+}3SfJXnirUfn$;jI=X|Z9rWJ6t+MQ;yTeo zAg-yQh--KwqtxCo7?8E}83`wY}`f4NRWjV7(rnEfr_EI`@ z_pEhy`htVg;%t6Qe?md5&OtFg*z~?$nbPH>`2rhYj?CFlN^f5I(|;#q2mLk>n5J9K zSMRhfclhDZ!4HoDm6A}-cQ+rrX}r4Fy&|N+Kr-A0RMcERyu6F(jIYIW1A#5K1+u4! z?6(w_kT?^N`sa9{3dY>OYoCt210j4Aq8UII6l-CkOGsF=>!0~n$?d2F?tZjg#q|Co z_zlPI?U(zuAmuJp%jr6qLl$Ws`*rehRrWjg{2rY95chju_Va&5T;+{<8A&|>OYe5E zCl=ggwbtqV0Z%2}uTy6v;-YJ;bnH@Yb@HAH!z4(`nl-SLZgaX|!OgxY-B}9@mgWo| z2->fLMge5|cwcE50_H7{7pE0Yi6e1De1CmRi4Y`e|K{O3vG7Eny6!7P>YAg^W(W1O zOpVS;+6-GAM`orKhn*2jGYZ%6s+T8pgURgttmMEI!IJf4c%$NO@AH5cG-P7}k~Cz0 z;*K%5j4d)KM8Dt#1n9Y8&;)~$4~$&6MdnygSFh;=`c${Td-G;x-VA<9K4sY3cHK(8 z*S=B$E#9@@0L=?p$V-;bPx7Ddp3+jKk$dQMIHvg0#@km%Vcm_RXX+Vo%|J$>Qc7yx zv!GhqTl2YO4*69jw?G*gUkA&;RR(`m8QN{e;WcB3wXnTH$1iNmu3x4yt@KQ?ifT$+ zU*79~t<2Fnu(`HIOF_J^am-VY6yP=Riy0*YQ^Vo>0%dHAmd}MGBgUCUvV0! z@2&;;DOu3mktt%n<5pOid8oXTkXJZ=Z}jX3j_~JjyNVL1cJ)#s#ry6~{s)&tP>bw{ zdXj=TrV#!9RN8Hr;ZDW7cnW&1yMB9!dI2Im>T)|~Uj5I^;vJ&AgmijZ3~O{S4`$MCBz0^i&|!w z@=K6KPsf>x=BKnGQ7#45)^tDMbTrRBJUAkmoZrr9MO$PH@K5&f*cT}75B4aIjWw1- z59}ldfl98Pc`XY)=#Ny8<_n)WKD=}DJg;fi35kBhSSV)uR`2~7IYM#iuXJr_In5QaQ*%QJ@GWus5*%2t`hTLdkMv#jy(F6$OS` zuzW{fdNF!8?`LtDr4&ZWV2eqBx92+ZfLzyL2l%sZZBCVOp1NU6T!oPazha%WT8bm9mh=i@K2XnI5b?!c3BR} z+{S47gH-10B$>kGUo(X2S7*5wJozj{t-8!J615kIge4D!p^|qkI{%{H9icd5zJzx~ zDRsQ7o|1!^^p$wqu!o#U+i^sh7n-G~ieVz$n_c?!X-BDf^5d;uO~Jg6pDzlixO^|Z;<)1XA~~9& z>m0tCL^Ucq?Po(LOI`-coh@-`}^)Dz{)S*_M07n4aoZUn;sFy(ENP>B)uY7C$XImqR_lxN1o$vA!Me&S8<`9o}#kKWCKkuomXV?F*> zB!gP_tvIG{KSCYBPJWnORa&rW->*U!P%TR01?^q5SRKS0$$p_qWb~Z=MI;Ct7k*P_ zs!@!XV&YEvIyg3Kw$a)qm+rf(=QksxB1JXF{Z+X~kHp`Ci<^jOWW9Zxjbo^PF#T&p z@c`GgXJa9;)W7?>o-T3q@eSKA%N@LrbQco(^a(;<_xk&)j4{Pgh(52bRr2$G&-A2t z_rZR25kmNC#NlS0h=Ie?aC|yidDD($BRpMA#t8!wLcNevqQBm6O!k1L5(P3dlAc}! zvnG37|CF%I8V7zJompN-$%-1?;O$Xp=BCJdS3IJx%6>aLvWefY*!$X|=i9V9>3yKo z(v1e3Hx2wR%K+8Fyl>SFt>(?>O`z^c!QonTPNer%jZqqSvQdPXi8$>8Stcd6J0;4x z=}>!zq9dW@$6AocC|9@g>CD9CuNsgo?&~j%t|>Fnvb){SLRSylF}K-Mq;#=gPnVX^ z#V}QF$lYgX?ZwX4kN>^9=wgXc=8xF(WMhd}YrNlEZrd{!d45AE?1g+=IdLWVb9>Tq zQ^526AA=M#kBuPV*|g~*=GP(^C3=++HH6xw5S7uam$IvU<=$KjQn_M%*ERHo++I!7 z)@dHhVs$C5qa-s{)+caz4dFc z?@;Y|-Pu13rhe@2k$z0>yN+TOQ|$@k<5?LidQ>QZBX1ubf3333*3fkpD+-btN_74o zhAJtar5`i&ZI26#3vjn8xcXigX+3pK=@ZguWQ<%y->ggezDRI)YneJemRsG*TcT*+NB`gds>H!6;eO>BPcKh0{M$()BU=1$_D7FgX@B}6CzMKG`IF46^k zk1tvD{W9#4SpqsS&P13GJYbzAi^XO>0^C+)5{WGx4ZuRAzosjX z=Z_4)x2aO^$*ZbVjE&^^K(-`C=!+_W2ebM>fcm; zD4NA9GM5mtW0=CzQda8G?IZoVGH{m+p{4gNW5m)1#s{C(t1`;=uklCSLjHcMp;_9wmOT{`xFkVEy_U->{8Bl# zp`)YW!DeFvVe|at`83hn_ri}HM15}rfp%?!Cmu00 zUxuesJp9|;+Wer@>@oq}p1g_S!x=C`To;=>n0P|ZbslOxF`FpDE_}&?G18M=#cg*U z0*F-)Q||7Hz(Wg|?eCQLr%R&eOWV(%9kH-6A2szWf`X4n^XPUab3EgXzOz5S0CsTn z;g`F|H^7eVF#a+T9#Iz~?>gyzG{z>3=}29^3{B_QPwxj5W~W~OlxB{%wFNHUd--!C$aIO^_Nmj)$%r? z|L<(aR(n(e+l0{n5KXr}`+0pWpS-i)7*T;MMni#fN7chWTB$e?9v^PT*HD6W-d^kG zd(C8M;<~Jnk;B(bCJ9pV82#~z*NX+t%+FhNjZDg|c*BEEzukjJ(#%Yn%)sIBEu9C_ zeKdlz{uZ_U=Uqo7Wsbp@W;;}82RHE2cC6IlSD0k9`?%l^eHYhs*eKq2r)0onzB)&S znkCnrGyt(N1(CDhzJdEV0~6$cg%_xZi)wK&Zi_-%N>8OvDWCfB__qrG6hB`RvY1@Y zWFJNYhb5U5+P~bA1{wTLx)R#5QEHf>#z*{ji+DAw9^AK~8&ph|%o-f16jTw>;WH?J ziItM%8Y0R!2x!fLx~d6N60=f_=8eFUeA!1lnqEi6aIwX2ef}!t8GL+@Doi+5@TIrC@wNBYWIlSlwissfE5rZAQ@yeJd&#`_kSiJ*eAEII z37F|gRE&kvSiPS09M{G8qes*Ai6(8@^R;p6dT(@XJZ+Km& z$6l`1U@)>Y+LjSEOfI*#^y_w&R=--zC=cX4_C+>^hw$&Zs}(*a7-~J-G&7W5Jl2}| zv>mRSJ6}OM^_KtMgeN7vp5LDkX^U~j^wO6=YzR3M+}^(eVR>A&vNcB$i#0}02xvC4 z=F8a?_kJpq(1uPiTwO(DN)7Gx=uoY_0$$ICio9(^&YCdJXh5tXoNp?{51+IBLwJV1 z>TA%SiG;uT>{W_6uzByK2A*b0DmO_f>F0Gg$r7>NDxLKfm0jE;6C_f4 zEj%=%mrF_aqZsM#v`b9{o?k84NMbY%2@SX%+%xc3er=2BLP$)ur>HE;v`Bg8vj0y( zbGk9CGsBG|GpSd+{troCZWovDY#V0ksP3mvN;ErHsg)k2PsrNP*9=5K&;EMj3Q3f) z;ga>OaZ@XXan>oi*qEy9Y>`y_6%NII@{u;0zW?qh;#_WJ*MN&IOC$An)lK&rafA~0yu3(%$92um_!A7q ze?yo+R_zFduJz3D*%!Lt-jR7KoH(lFgnZJZc$4f;#8qjOsqbst&Na$);1X)oU@C{D;)ZmFk zrYZrdPepBQYei%qJS~O@3}K5m*A2lG3q!!C)|#kW{SA#k%^#V}RBX20%lX zj8WmW;N698|1)L!z#mDcUz6Il-Q0twzS~}1&~*#d`4yYFhA)DwpQ)_8ztFZ z1GLh!08KS`kq7`>K=kHq(Uy~cYk6S+#o~N2>5MhJW2f_YygJuw0NOwP)zikq{J*7K zzanw(QZWat??j7)m>U)1^yRnf>BIi^vegUxqv>5QumBo$ zak~E>>++I5*}RrZy})^~$9YM=?AS|ipY0%^B!Zl1PquS20TPLym%{M~;C%=TSC=%L zpW34Bz;dvyxt<-3sT+Q90))6+T&^S4Q?_gV0tZ305T_pu2{#6BfYHN@tYp*~ON zx{WIH-?}7xCf=vs2^bE#e4D@`&;r2WzF9cs9N-!|4u0u}9V3djBItt`K60L|Uj{l{ zt~s4ca<1CB0#vq;vzjA(N6u57Rj_-&`=I4}4$@44{Sw>HRXy9z=5;AV08S5bSn;R> zmU$KUnn8;quWz_EZ)dH)Szac8hl7DN@z<6YtNX5C;nf=zu1u z$&$=#T&rq>*)WyT%`vI&g#c;UdtQ|f65qI<8^QH8zb?XGyi=n=RC)0Eff=<@GisvP zX&jQJ&BoKbzD+gjZrOCbJ%4yOCxvUM6k-aU`_782!W=e_U%CGI>Y3KZ1T6;|ho9GO zC0x~kCB4u0<$LZxLL&6Bc3fjRyze``+tcINCloERS2e~|7)$T|AQsXF|NPabH}mj? zJSs0zW4Z@96NHvpV_goJ-|0_x&3o!eRiRYV(s9NwFy)ks=?`3M8VvZd|6us(;H=ir zE0LKOB9MZfS?4Gl-go|Qe2a}jKQi)^8ap|>yAGTFY}rfu29?go-9lNeHt{G8WmjyJ zG-_n9xk^4u3zGGD4(6h7l9h#)c{#yiEOenhVPo8DX(_GxNS~dx30dr5HVnl#+so6_ z_OZ~OZEiJ4-v6pl<2tyf2S3~-cvn4H1Ia{E5LCvXaQ6fE;J7;x&gj@}^L|Ki&Eg1^ z(b!;7J*)MwoLKk-qSaQ@k$ngKMN9&ztnQ>#@>;1&0n1~@MQ2bz8R^4SOV-`T#SPbO z-_#>n5Q`uB;#iClLFx`x&Rpak7qrNydOv@ap}fRC>||?Qsy`^MAcPH)1}_jXpFS}_ zvU@0dbP~A;LQ_gNI&P|CEL|M!P1O22(nPL31#W_+k3DJ|zG~N5$TZhzm0aA@mM(&emnVVP4A6sp|z7QW~AKJs26a%)B zFzn)pFjq+#u|Zy1JI(@SA{lpw>?O#^+en8reKLJem{jjNYMP3quMq0&$LpE@oq;TK zzvkAcSj}Uta!myVY_zh<*(N=4f&Ch>V%QZ*9O~xyPbLF}on5PYs-7n=BOE;2M z#Bck~$PKpsO3iDl#qU^53it3_tBwU?EiJ}3+h%lwj*#jstQm2=$)k6FX(&I{qugq2 zEmVQQi^wjXQ^ulPe$wp&$;qx1J}q++5iQ$CFC>)EC!H;$5pE9&)>(We;6zZA-)P6n zHGAH-0V23;R4;@jTgvh{i-?!c=h~=w1*zl2wabby9!kc?S0Ut#pPClMsqh|Qc6b#X{I+@@SzN4%-b4%EFTwS;3?Xt0Zu8c zu4M8>()-K(h+8y^xR~yU!pOq-Z(bF`Durg(*d~j}Z7EZY)VOjs~o0^nT53#2#z&t_yE$60I~V+!$AiVP4GfYX4d< zcJ#YiFYb_wEdKY1%psnK)BAx|8G3p!s~>GKAb4xabx;#mVSKyi_8UQH1e2zjKf=wo z4rl%B9{J7R$&!QnFVI(+uxa{lfAQRTIqrYx5XS7Z_iTv<^dR2p1?uZ1<)ZEUp!(uB zkZX3CTK2tT>w735LT^WIh5k_w`$OyQ-^+Qv$a%g2WJCj+i-PliX+MMJ_HzLa%J^`= z5E4l9Tzd!*Mw)%Mr-AWQ^c?Uh!2;ybA;6XjbE)UZMcSfGcS4U^Nfds6<+=Q&+P3|e zAl>;7(7g8(|7KiPvdhh;Z!3Og{`~Orl1?R|IbV9|0bVFje*%wJl#NFNl+0o%uz9 zu7>zGV#fWnf?XQh0HIB&cw7kJ zJh1mM>A~?|_4gY_nJ?%ScDuI!T|Rk!so-hsJlh7>PQ3^{1vD#%0PX4g=;4Si-ZSGN z&{>6CN>`e2h`d)xiieZiCtW3)zd5r7{MceH=}}>TxaBYKVc+b!OJZU)A*V zys>}VYKe(&_wo?@Lf8C4kNm=pF1g2-jyZy6RoUmqsR6zU|E5lyj}H%X7L9HP%%buh zhMjY=#ZYkgFCUCP4j)Vn0;`~Kb@lz71#yyQ5Ggh-rCdnFkTc6%b zbR?BA&mbLl@g~uQ?d)?oXc7^G#S%SiU;IS=pLfiTJ9>BN-Ek(|MjRBn*TB4zBCqmE z2b!llzMMKxQR9p|fBy8fdrh0lqzCuZHLOoJ^@a?*yw2hUX>}adH z2Q2T(`ew&v$i_}gVeSDMoPW_a*Mc*Xz#e(78R@50t)hk5vt?scONAM*INl$Mrp*@6 z6K7y&xwUo^%z<;sA^dyR>dGvv;xg`Oq6OSsNNNdv5TB}jh2ec`Eqmq^ zo>h-8|0GQ#F(tw|L`@>n)BBdmk9yHVW#U?C2uI@bdV5tQnX--~ zjVer18jc`hOu^Yyi-#wcq3iss^?yx*>Ls81WpC5iIcWBJcoR<%((LnXU~pe_xOY2w zbnGzl9+U1sWsd#K_Gjg^O9jEIq?!CQ4XUclPDg=8RT#6AKuP({#oEp9Wc!;Z`tz*s zXf7{4WI}N{u+4i<#gHV@Vkk$xI@*&>sXi|rB@V9jMj)U?4JkY&*J>r{92ceMi+aSTu(3Cq1ZV22h5=}l=OVmpX{L@ZF ziw@59ae)w@Z1GODKlgV`#P-EXZ^I0u2PIH4MK5Ms22>d0o-@3kp3O-|2e=MhzuQyJ zbw3GoVz~a%ytL?^{(f?-o>Ze+tb$}&;dSMr77sCj@v%)?V`CFaF~3Jqjn2}mY5uH= z>BezB@@{`T(r8RUtNI6qi`{-6cGOwv=z4IX=jV~`BmkK5pm2t ztTTy+<6J(PhNSlUppo+uNWFc@!J_aKl>c8z7Jfa*oTU_*eQtcK^pihxF->WPz3uUL znWXB}zNZ(G#pQg%^M#%K@HQ8@V=1ge69;Y6X~n(1Mzk&dX_H}M)HQ2k42g`vezX|P zHp`L8w|)IvjTwi&Yl*I^@ESB~$Frteik!4o2RBI8bQmaf}nj1uO@ zbr#Vl6_)>^J6YRG{c?rk`EeN=p4wZ_KGU}O~Tu8vJlI}1ACZ|Fk9?h*l|31LZ16dtr3@M0h`-P7zvtK_F>+UcJC{&KEDqk`i{4pl$#e1$<+IA= z!C3e;J|3~#Ti8fciU$0EuWQg`s5Mu!f;UFxdj<)FFSB6?FkM%#Nnyh~$<+wgGWJPY zt};eX>DSEfi2bvePpySv>P|t;HWR_%cf?*rT_e8@zCN)PYL+2){f2!7KJHh{Y+N3q zW0c=yNmhtBp~z@WsVi;l*&%Vy*{QDxm7c=o^Z^YV`WU5?L}z$+r;{I}!jWD0qvPQpV zz}Avh!n*l4ux1CCMIq4e(6jXqv2#KHyxhZ_5sfE_7rUGt%heaRL<7Mco2`hVKR;Bp zPmb`htvjLCbeBc{zow^tDwZ>V{JrS1PjzqLS@GrO+da^z6ENYMi|w6g2e$OvfFUO^ z*k6!z?EQAMZWg}>cv^?9Sxd&8y(Bh)A>)j$!itpFXo*ClMwftLfMA{ znM41^zJG*>&)z3(+xBg`IG<=)9zLgO#V;dHPk?X&kALE!zXfV-!v-gU2QLZ32b=CE z+wtBbnL8C_V@cwwC?_X|B!g~$=*oP(q<=z zXuvhxW-Mpu-#^D$9D(b)z!?Bup);MErX?gGy&#_q%e?ytT1AlEKM_!u_#aR>;6`=v z=NQo19Oa$|yFQEHyD0g&Rr19Z@I&&vIOCGban93~p7Z>2K0Xnq$Pq~C9wJy}9Z=9$ z1$;`c%-WWWMuS{ZY0ZECnz%UVJjclorgF?5y3IGtjv-=CcEaXQ=99j^2R1z+29LZ#aKl z947#~C!k@yV53)zj^+FUG=;wxM`t@$v~z?0{q{SpzVJEeXZf<+&X;)A^UhZ|?mA zKH{v|=E3|-%=u_o&+7NTdz}4&A^kS1n#2nK^$(3U9j`m*9}c$~0j)`D#zyC^Q`pP% zBF?{E%f9F}#W<(_)V%gQ1nI?@-U;sFaDMl6Ew2H&DUy472c-W;OfkMr=JHYE#)^~~ zp9Y5TDFjfOHY97Z_hk~7lV2)tmYTvJy_R*nL8A8F_{N9N@9Lj6QwPVVRhm{~$SUXl zNka+-VBi{DTV91YbRcfgzdD>)9rG7DvZMM=_nZrJo08NQp6fs{z1lpZZbnV4w* zVdi~9GYqEX-2PyrxCWmo0!gQPVGKVK`9oC_y7ir83~+7%8K%tG$IZp|#8WLfSGNR_ zpFaK)_$o;}bvKd&JfbknuDTs;^gv3Nyi$tV%)np|CC=i<`MXPp(&{v7F;{OcpJ1h35j%3I8_W`ujB9g?^P@M&o9;Md>H-l?sv?C z3VL~#$QTQ$>ZGBZJVHQjyRq18rRmOTFywyY^G8BCgO%m*kt?-Ej0_VlJ(*GfU(4kQ z^@r}h8GOUjNp>=h*paPAZc^d6TM?6ez0NpL31w1Mo_JbzrUn(RFrao%1U3#9bA=q#p2Y_9OlXM zd1HBD` zhrB=AkNKH-dOk3;$d=Y)W0y#TaQP`e`#@QZe%V^{JSF=}FJ+*>B!#C;OISl|?Pj+L z3y!m^@2bmwo%q$A&l6iDB} z;`FAfbj@dV(yd%Qyr21rB!nZ>XE`a@LBzzZL7I3ADF;F3GqEL%n}pD z{`-8dTg~M9pkR3RIGR?ob9ZX^_bsz(JmtP}S~>;0WsYTivnjiAKz^k`TT2~Wnqomn z_$zjV3ws?%f#oWdLiT^MKDJ`6yF&rJ*W((dp*~U3U^~ztL#qC`&X%fY+`265gErS} z?VVK$5{408&FJ3t3acy(zG17u^Y~R4mRAL~mWZqH!xu1P{!&oMcZ=#7+Ci@o0iJ{#F2+xd&n~Jis}n*3pAZS={TEt=zp-` z&R&%SjL$_+j*A>~AErv4-;*l@RuPL%p@h2a!v_a5%!EsA zXy+oWyUg1Up#{7bP=T2>WW0aN>Y*&hS;>L9g3WuZ)7#TZF}!Am3)EB&u@sw{eWunKMsnAXFF@jh42SWMhecZk9Oxfw0|J$JHpQ+h*Oo zCx~SGArC(sTH7>z6HNWaO2|j8rN`Tw^6H4?CP)c{y9I*$_VCZnHH`Nlvr``HzEy?6 z$+ZRzscOYpxVR}zTyd0m3UP2qCU2GA`1>Q}8n%);`IUFXlFa8==HVworUUI}^n`%M znz>L>$Sf3{qaW;&In!GI@dKW_u8!zZQ8Ye^%erl{!%+hpqgTqf4g$}z5H=%>wb-xF z+Gic%B0Hl{4mc*W3UT!9APo8EK6vYM9e zj;CfW$nE068n2}Nm~s!ub+WsMq)UP)XrNl|5Fu0edmkQYchn}BiJ#uW z6I#s5ynj7?EOsxdz-Y=m5Eyf)zy?Qq+b=X2#^E_BrHwii$oH6MaAxktMD28p*aRKC z$%pnu_4o*AteNp1tLY#P5YkKH+?JomVwARS{Lr&sz;MojEdPk%n(gX^lzB zFVyj$d%l`V~LG1Sz&kB5Z?SXlPzOABK)UM^Z z7J2kZgATDT$;gVZ@W6 zO2XnIFI)b)LI}h_Q7-HQuBAP6wCyFC7^&QiVIfQE@pY|3bO5e#(JVB}5@iqfig(O)hAk+Nrrkq2L-9N0V*A>!6BKUO!iK3{!lHShJXc zOiR}TQm}FRy*(ExF;76)^N1_iZzWC*CPS(6>A?VjADSUGJ~j(gST)YN68GF8q7b&= zpjS}gnZJ7$s&1ckprxji@=|06%NrM7KV8}1O{Ff_u*qsaAK`CMwVpKQk;L@~^N5l6 z-_qxC7Wte`kG-&mhno8`b9yJvbd6`mGu9$(IVU}${tZaSt0)qES?V`p)S8WkwjTZl z47#Ha;#>@UkxFWXW|Ux(A88~zxS`O^o9ZPUL-2QM`hxDTCNsciGf=qll?VTjCM59J zBPR#H_ukT~n=ilX5#e-T?xt}S2zEseRQIV=#vtF|$jGBc1MRzfoZ#FUk7^aQY4g}4 zy_a!&-wt5!Ns&Bb9@J55A&CrtJ)U5m(|44rVl{T9t*hK1V$!(jxfKRuP(~cB z?12zCLF9%oIHWOIQ^HKpkU_VAAkSlsiXg5p7d@$Njl@$31oqJtWtHHwC)XcLKap!#ZD0sN_Vm*l?aFH6kmp1xW{a13>#g6A9 zscFSTH#@6O41qwZoZZ+!%W;H*?PT; zqlwp8iVX2}DarCSHGVgjuPVZzu0v1kuizW3Yamro$364qgx`@b-kL0F-J*JkH_s}7MXgV{H zB#%P)6Rg_qke;UHPF|Gt2C<9F9`q-C?qsG&vqbz-Ap=!L-Q~zp7c2|9O##Tp*UN{% zD;<==5Qec4?<1pY_7uXg^^3$rE{90ZR4itLU~4%u>?4w(Mx&?lf|~=}F+bcd z?H>HQw!bRmw>#MLe0JnB(iL1)B*uMBqEG%7)k~pNw)Hk|I3Z1vkJh7Xt})SecmdZl z1;&_;RQ1Za43%HIPRVF*vPZy360UsQ657zyOhQF@$jjMvE>I8$GYbvUS-IKbzM=RV zDboy%v>?`tML1?)YuZ#S~ukDhKkZG zujzFwN}$LquE=g4lz%ASo$tOgBy~mp zF-(WMi4>XK?tfdnLc|O)GrY0K*fS^DHKD`=l^o|H3d~rW8mB8C4wz5!V0B}pR+adg z)axxzjJH~|%QHo@Y(VT-ffTz#0_4~Fa|ya--`4hkVBOSmLx|}%ku2UjM8ataH+|r0 zX11K!Q~l(mHFf!R*1>UZP-4|w+rP#n#Rk_C(c?&`Cvtv^E6>9AzkIXtvpJ0fif2vN zx5_MT?|)43l%^(wFE>U|88z!}pd4CGrAD8f9ii@mvx5j!+FMPOIqx{GAV8Gd9t_$% zaLHZ6BRCN{4DfhLaZpYU{>qON#7!bZd__p5JqXXznBEoFK$9+T!%2HpDEGtO?aqjkoqolm zh2M^CC-`+oWr+Wpyt~bX-vzNO^YyUv;kQf7WS3_7(73JOmH&+2;cDUkmx)7(vr zeRN<4cd!SmKUCy3xls^G6oq8|ZnDg>fEHO%l_&_^jl}PIjqqIsM@-?>{P&s^@7T7q zK9+WFFVb~`cd7QIy%iZZD!}XF6Fp^Fe;pR(`^((!7_1aB&brVZ@unCrBG7yW-q&k0 zcra@fQzK$HZ6cBfFQmVi@0BXU^@^2Gu>oayWX(fn`4pAu+q9c zr)UmSGieVncM}j0fOkBQ(+cp8%(C#|R}s_J3Q&0Pz;m~b*s%#9yV$BYV>L;pH&K}s zP?Bf(5J}cTUggU8iz-wp%-7Xa@MW;LK5aLM;0!ku3xFM%4j%3+=rS2+G~M!YUbG#s zUJK}aIOmo$>~4x}v!zvkI$dc>xUbLD6OD;C^OLagBfk=n{`wATJSR$N;UgxRi2;K} zB#;Q+P?^&i6?^@Z!?ZoTw>K~#I>W*>f_R~W$2V7ua^_D(U2WBP@?p>=8vN0W3&e}9 zbTMS#QYOx2#(C=+`!!}?wa+OoYnFhrr>z7DX^*3|JHOa>i;U9rVCQLBWr*gwBcPppzWG`4WXEG&A0$JxnQLz$lf*KB*re5GS z5BB!<#w*OS)U>Rve3%K=T0E3>P5-`q(=@kP)y^7(v-QJ`&?afd5~5rFYaVr1sl4am z{KSHlt`}&@_;7Jey)EjNQ80@{FUe3uv{apk>mXjLth535(th1a8I2hY>upaPAlWY^ z46?At7*>c?o05TkrWwcl$YgQV`DqWAPdlj@aK1%hSzfks7E1p&hML92ZB&w8l^;x9 zvwk^xzwik2t?s^RPz*K;$L2geq&M3wUQWc!&YxOPj#=g zk<*@~=<8Bk=516|X)_bbqCXoVrd!7pGo!F=xesrcV>4*Hb=AjE;0>zSfkfb)vSd-c zUI3DK%I9F2Fo50qHd_Mc_zLtw5;F+DqBMJqX25m5zSp38l6>HptPKNUBdAdm^rHnI z)i+h>iD3dt^D+7gw=<*(?HWG>jFA6Epc#sQGIpwg|@2fInQ)XWQtFNDCrz~>TGhk%wp;si1Mx8W&u2NlVI*3JO$me#kYaI-2Y@M14 zkT$6*y>?M?SR__K3SEdEOkhndEEpK%Rx;u&SUwnxBS^lF)`tfZJ@d~Dnm&-dzFS{v z^YhmfaS5RTgN?TJE2ElvTZnV*U>24YRd3S8d8U+v^}al-(1IK)9UY;SZsjqPTO=lq z4(Su6vo|dwECmDZ#J4gj!_uKW;WEkY!OAYJ)ON{K@}A_Db2@5nSOzjtqq9VO=GGXgAXbm8IlPRh90wWK_g1X8D8H*#^xjGL+G2ayvI`Z;dLxCp!GT=LmOqoVGBy;cv9) z2`JQZ*E|?J&9Ozs6?6hUVl-H`75h8;Z0u4r9}^3%rqJ1l1+c0cU_e-WFdGy2tzmDb zIFpZXfMC%(Lyv{2qcS29S_I0pf+AtrGcTfLE8`w>;OyN*93LO#o37#R))f}2>h;es z8Qgfc?d!T&o`D_AWShi>82Ifw!-+lpIh_>Yn)`uFBiN6v8NN+{o%4;(wzMs_)mBs5 zTzn0t!j_$?b+$(}`B`9*pMywMW3Qp2hNx$OGuwcx%=7NR_T06zgxeD?Xt*%jiF4TU zUqTabGdw>{SWb2BWO@@sZ1w|M(fs#A?uG+1XV-dgSzv??H>^i;7+I!f@*|s9DIXMR zX)YnEbnt^{RelTnp&PavBk4>54odow?SdXp$dD3%Oz#{)iv|g760FY_ftrmrmF6_$ zXN2syPGG&>W!Ldj)rs5yR-00s{cp1xRY9!%we^9lXO6eh)!dLrH+QUBiu*K`B?pb% z9?(Q-yrP7R6k;rq68j#{wcd-^yozUORSn5Aw#jv{cK0^-q)tGg?5%4x+#HLbq(wKu zSpjb2ZHYaRKa|bZL;`o`ZCh*e?v_c$Z#YU74!Up&IyUljl}FrYNA$P8R;ENElk6C3 zKV@YFKxviLD|7`r6d!!cJU{)&$th~xvUbW>7<|+|JfQBn2k369Pw*@cPKdm}YPaXz zlJwg!_XL@U?VBmBt~gIAx!7JcK4?jHhIi&>Xl6=r)en#IMtvBR&*d4hFE)jrEjT=b zNjpsZ@CnIdtzTIRH_2vi#Kje`=!ct2f(^*!?ckWnw!HKJotxo?UrTv67E2(2NkwIf zPb>b>!gKRg1#?$BO%%>j;>8z*%HN2f$eM#@+IQ$L(piH*U1i(i08TpdQ>n`Ur2XCZ zS*z$lM~5$g*l$yn78T_8s^MJV@v(TDG}ZKk(uX~$(&6t#cY8*jTy>EmFH+z&kZuiK zew0^F(1Xd+%R14e8M@R;u4um(F{lS>0dA;Tjv`+i{~ zbqEFD1Ar#EJbdEx#A~PBkKN5QYy56eCHuQaPd{WEN{doFw&FA7auL>fKtl$R8=jd} zoaGMq8o`yEaWA??LGwf+lkXlf<@`&e?Y5ZiexT2owtjK*ICJav-r-90wX#mBVj}Mr zCe74pC?kXCHD!U2mTbxS4UFVCFXZHmt>=0vra4F}#jxbO)x$C=Yfi;gYBDC^$)U8n z^^U4Fi~DfT;NUIdaudK(J=h?5xJCcpV(ZuPCE*h&D*x}ppU`i8TS;diIlOnI z(z7pSobX(csvt^(mt1$qxHl5ociXaFjTR#ap`woWUU?al7DIok$DbY`SXC~Biu&=S z=}HS7!H!5sAPwhCD_jJxV6%k_0;0W#7sG3q_}--<#aT=k@7EE&%2rEfWve6IF%7r{ zoc?57*9w;)#us;wQisd;hP}gY+@O@vJH-43?ToYf{`va4hGZRG>vjhw0JD@(QzNDx z+o(LUh!5?=t4cZEt21;m0UIpYd9!qRBw1z&F()k6&z8G5JPFr#Qz5FGfI$TXzDfFthpb8q4u(aQgPXaZYV|p$1WJxgNG2mOa z#Zay9Iyx(`%1`dX=)&zxi#<>(G|2Vj3|BYci}}5QF*UKs`HmjjPC!dh?;g+o8y}Iq ziKL_?mF6%-gg4?teXFo+%0iHWIZLe!4c}I`JOO+}lML0ua*fZEHEs=Tn?;u2Nr-Tr zh4Z$5V;-UTI+NGuanr*A&(ONL7dUl`L{k|{&h4XCoC}BHe!3NVtY_V{`Tn-A6Oiso zEp7gcyX5}16?)2>t)F)ai`B@deaqTChEfn~B>d1;XZbST>;Z%JG2pI4GrKkT)clV! z-Fz#&NI_SkuCX!a#@Y3O)b*fm2w4IG>gpB2faQu=(s;A3|5zEv{Opj#yw8M9pR;-O zVG*(6#G9Lw9bK|5GSGp0#GUe~@L4H;niui@B5c+&o=^#;R%486YWRI*%BMo5nc~+O$ORr|9I8CW zk$R{r-8QXnv6@hqL)75Wk07E?erE^eo^1uOChpcW2g>^qtqrHQ8?#p%Q_*){8>K_Z!}@ z=_iZ5R<-&L3V!Vm=Hp9~-8Mf9nMQgi?6Y6=W$tF5dX=VzUW|<*b*}e1Ov~bArZR1{ z`_AX4bFF5)o(d+%&}=}lP5D?~m&e11KszoLsyu=M{1G36x#ffBAva&BZ_OLAfvHxj zKejSLbkoLz*fyc?HwLoZK`gqldrfzQinQ(bw*8ocr0%Lvz6_dcM<5Kuy=7`OuO5_r zL&iQTTz0+;!%X{LqvJ!SzprH&7ZKBH4wx4!4{AE|l7=u)GrVIgLS-9qa=LSnp$bc+ zq5;zqa43tKDGm^wZ;t>UtGx*8p(+VY-ToI?)YXS9F}IzJ-+l~# zpt2f+s;EHBjU1m*Qzk>E;0z?NA38OScU_ou1vP3@o!VNydyX-4wtv3gD#*4~VPi0$RN?uW_Q#)IsAGK}rs=sseLtTb+Y^0s! zLwb|=;8Re6NXgc4+;U2GTtMJ(M(~(hUJ0IY0FkF%g8XCCCe4v(tyF+WRoV#+JjDu# zdGGe&-ev;PKsf+=m)I)2tu&I0dNkVWR6B-9vw{yJ1S6Aj1T^Q*#%t=YC0eA81cG>< zPYD)$QCZXADi#js?f9%)6@%e@^eODo?yUU|RLKKws0Bvx^wO~2fwAt?r3ScFaJsoa z3p4R&Dsl)2GE;CT;T6klI!KQ_6=P{gUJqn$S8kwd} z5?5s9O0H7SM6h~{@`~1=#24hE21BI%mUg`0k9{a&>>C`hFlQ8bGE)J9Tx zM0dB6S^b>ntjjfu@94F*{BmY{gbLO&{_RjOr1>bqMUdCV%>xLkzd;YD6`Z_Nyq_!O z2K2AD(ov3xCF5G`=^VdWsq)dIH*oschHPx?x?24o4_^=F-6NjpPYhwI>-OV!eZxOy)bien)#$?4O z$Xl9Ys@B}htOf9t;J1&EY7q=GQ<130=s%#Z%{5jojiQ_!m2P>9>>4u3;`q~z2Bb@h zbJop7sb;4yxaEzLKOXW&4rm>BI;r~Tspm$AUIcRyqm1U^bGJK1j1@&k72&U3a#8js zM$ni~V1}qz@)DCRJjU2SY#VWvfwGWot`iw#8d$%Qsu!z9o=`C@tK)0)6UW}A1e=qC z2y+oc{f^PPY+}iJl+UcfuL)3-0y9YC?6@r_L2MDDUDV%9Z;W*9Jkl1ub7x=*S@!g` zJPfYl!yYVKcO|iIeV?S!JYA(QY(U|AtG-YXdt(3a@NlQPKtX-UtZ4mwkjsYlFMN9U z$o7W+?f3xfghY%`%{Sz*{2TYqo8q7dRD%MCvmlg}3c~+vd#XaL1jV@O>$LM~(O%(Z zA~jk*`xZG%Mg-gYCUL$qhKv@nIA4nKaK{^bk z7^|Q7ix9nxj_JauAKJ_)G&Nb!MK6!MF)3Xq9r`uAB)!c~ij{Fa9^)lUjPuBkMWq|- zA2SJjZKiW)TLpL3@u_qGR=2q6)S2qt9e&bddx4g`>`{!vkjF=DJ zQ_>Zy$I!3})f!sU!|5VC)UBx3->}rFcfi$sVaj~Crl9q7sZW3LG5xMm^e7s|k}iW1 z@tKg+*&E98Zn}(vUA&~wL@QqYMOFv3N2I*ppMcyPpde@yTXR7AIN`ikewQy-o6iumncTs9U{cRyMM`PqeGLv0Bwz=oPsAQf2PzzHaDqe3FM*(_!L)POI zy$Dv!ovx=MLLa*1r|q|0%^9rd?QcADO&kElXij`XvW1Z_X?s-2qUKsFhv~7&shF`K zo!$O!5-T)T6Z5T^Ga-&Fk)ySUowj1OTA1wqOV7skwx+DL&H3hg)|(D0#`>q@?rv@x zf<;XBtsjkSuV8CmYypmD!V5HWfe`FKK9T>bcfA_|hv1MD4+(NNGBP52>sl8tXDw)e z_^gRTq2!L_wqGgLe4}!apnFCM58-vzSSREVjO6pJ~=l*4Hy* zOfn68J1A7wD?iBxO1SE9`7x&B-K1pYDI70qb-0Kt_I;P!D~tc{@(nzGu{P}{#hDo0 zy)RuiK=l>5sc#@d1y$dOvC<%cKO;YKNhW8ROlW>YdlOR#(#YbGd7_gMPdW#XnV2~xL^t`!!z-LP*MK3u{2pggOxupIP94)LhhAul=4hgYl_Xkqhp&oo)-zoL~fTQ{Mds&ukpvg-!*{Q-5OYkui(Mknjqq z*6k&wJy?<)eqzmv-DxdUCDFbDtrr{)Dxr{C9Hr{sDMY(_yX zGDbx@EOggMN{BG3Hdbw6yK}^W=Q}pDiP{))$QG+E(7&ha0ZBQr^$1ieZ zzxOJt?>&558r2+DaJcHPTzp9D2QCRu#`FYQj;Y+fy{5*mBN~UTo5xUTR@8Q;xe}n5 zs=v)Lq=OUsC1v984{5e)cYgU8n=b4gL8Cqa1OF8n8O)JlqgOVlz-Xa2+F|iu<(7qa zyhb{|Wve)VhH?-bB*z2f$*5KBF)C6rk{hrm4UXi3F#=TjV4kyYZ&1<-Ku(HP5s2wl zXpI|idvNH0 z7!2!Sb92voBE@fIHVhfx3v_P<&TcS`sQvs#T7dHzvYQ&K61!mt3x@}~_*y143J*8k z;fXl(L2Brt{>0b%UMVhkTIRB=V;LH3Hnkoaa<1r$urEhto>hO0S(ev2khnG;YKMG# z`~@cb$vEZe=hqGOCnpDY9|RmOCWyZLcd|d(-O$w57VHslZ$lgGKp(bZcKFkE6!K|d z8!0CeJrNU-rX<&|07QIO06(CX*2BnQD*aP z25K>tCLUb_6tALNTUiKGfsm#TGn;VFKm;Tvp*ai%kfuO1&J`)qU<3Ov(s^#(SpqMR za2|Z~AsTcWhD=4_M8y3ka{Cn`hu1erujuY-J?36QNgR+P8jg4JpsY}=ectVzBm(BW zqagk!0>(IhmQ^5rJ*F&EhQatz2`M`o1EyCMlr6U3dSg(mZcxj}k>#?>1UATBV|};$ zF0OHI4yc-^MlyUAa+wl^i?D{fQx&5J7ZNK0Ol|V{qeu zDuVKySXnvL{B~OtwX^o@3Z1W%ejCJ3`>O9f>y8EAz>IX^fBpXX8}O@;?2X6Wtr&I+ zhjGOSh?~}E%eb}T#Qj-#+5+WiYtf$<#cph=erYNl_aB1Yi0gP3cCbgX)E*sx=&2SS zV5g%wrr$kcYb}1a^b2%n>r>`^%=U5FWF*k4QG8JQl~z*~a#&Z-Y+Dda0i&K7jro0F!7uoms3+-Qi#pbJ z)Q3%rRGi2Ac_yiqA(tqxJuQb*92D_9y`p|~1*)71U0T}m0xe|-V>UQu?n z?&nP=RPgZV@a#@a!u{kz9$WZpm_1k<&BDju^wcy+fI^_@L6nLLhGm+E>Vd=ia9g>cew}nw9e{) zrFOv-#>Rfl<|1h^2>$_hmdnYZp($ZlL_ND#oOS9=H~;=8m#i#Z_gSEBEQnLhKRc;7 z7%;f2w<)o!Jv@$cWCHsCOj3S^SJr?r!xbiVM%0)&sSW)N!C7mxyqz2OPh`o|*9GPaSUd2~=o^Mktb`6M1F{aHo zXHVkqV`iM7T@ps5_PYjlSuZk}nM>-}(^CXuu2MzwD?*K%snLgfsCn1z3hk7z^yLi? zq`OWD5^D;?B+C=yDnk<6A}0;(-c!+MquHpLYTOmrO!F{@QHI=>`K>~)r4UPxtAgtwE)~Io!!eW+04)&rGLBr65_7L1ypJ z|JW7%YRan&)3d0#I3?V=t{8Q6HA(b6q%%maNg#aA=oTsPF8QPedEmeIN&D#*zM}sH zHP{-)Wc8T+S*v3N6BMm~h2k+8NW2TCAsD|0y%+z>4FEM^u}GWGrF#wU>?0n*rN;D% zu`~_7daN$GV`HmKG!E}rT&*{N88jud2h)_D-|-GiZ!3avSD`B``1H>afsnd5o88^? z=bEq*5LoD#lz932-g~mvjKAN-BA`O){W@|@*3rRFCya*NP*Bk1bE&|!1#hXu_10z? zc$FGoy4yDqcy=vv_;a=if(qj7N|KzZVluQcPZ!O`=g`^lDe;n8Idl2W)f+u(kjIn1 zWBSQDq%tH(7}3H)u%c2j{HgyFYxLM5>FY=0s|}bnurX(TdYNYJ)V>+x64{r#Fpm4A z(w}n-Du6Qh+T>q7nd$707wd@^>qG({5vQ<3Jis0xaZ$cWJOUp|JbzE@O(@YanS{(jM6UL;> zw>{hUq*0toP?_9t=^X{>V)Ko?d0+G0^Rn-Z(l9->dG&kf9L?<6d-S&aPwGmg`E2UB z$X`(n`U$j)@MrFfCT~J<7~Q=f-YW!1 zebu(GBO+d8pWEOxstGUQ)kdjgYh}|fLo>KV>%Wf9{_rKWN1Y2u4wpWEjPCYAj*y|( zr|7wFG?!VJGb+u@;BGLe_3`&Z4loU=U5FQt3|E4}?{<(KHey1JCFL?`+>98~dV*zkj6&VX#?bb|RgIHCwZnZ|tpHJlWg+ayyzBXE#!*jdgY5zDLJ(Vc$z>`rB zL;z+>okGmtCx^SyUPzA8;u6 zFhXS*QIwPAcwp};RbP*g_uD1t6~{!NjK7c2+o+2`d2gob`DaaMXB)Y>J-8UZ9lZ=F znblKYdmN;3$$MGdYcyUYd}2>1DX(p2qZis#mw#>~1mo3%Jyo$ec>7qYxv??i?`nU& z)Z@e_@8aTakJI;%w1-PE+_IbPr@O_cM3I?E-%V22*sFrxl;NTX7QayRCa#b3x>|&q%)vVQ<-e)DtTNT283*O9+ zqlqa4h81ORKGJ!#^+sxWCX038&zNr*FH@Qq<&(E+&Lg<@rZ{h`+HOUyIkH+9LOmNkomFkEunv6-ycpJ2!mwn&bD$Wdcs+eE#(D~+_Do{M%4ZLy zhRC`H!bK(#=J6)_#yI&UnCz)_CI$nOf4;0;?qxZ>_kG0Mg%5^3Jn{hII+V>53dI2> zK?klFFLJ82J{v0s(fT@M{VNy3Hb*KDt(h(-sPXOmIC8jSv%I6KD3S%^xjq?KQ&$b{ zD$-P}9+;V(G4rwMlF)iOCOWD)T6%D&qh!@b_U26Ww=UTcD$S>?T(4FexF+yq>#ae3 z5;f`K@E9=n^n_QCxBuT&fbq65k)nOExAgvT&DQYwsu?~oG1%jf3vKp1&skSVLU~%b zh_T4WPxN|41daPd&lh8(wTN`FUwt2_yyD&o@+D(15yoj0j0+6E)R&%rInZbD@X{d> zNYYH5b&bwUjXDZlsQFw`)7B}QX(BPVvy=E4zuaZgFh$Rb;p@Q;39wpsYiz3axQWC? z)lN0VLOSueZ;K%6I#Og^Bt4+R@{g^Uvu87E9Zh6P5o!?X{jV1a;wBRH&42kGxRFyk zjIIv@2t8OL7bP5lc-*-to5Th0cjp)1p=douYlzYHBR?v`innn`WT=}JuVE+Kb-z*t%9kPsk1dyr^Q4*9k8TR&aW)*0n0lx;QnntC3575%<%jG0%m#tgs3v^H45$}(rJkPrn5^C z_?~w#i@V+L;Botlm%RZYQ>U*0^b3)ta(TC%W?}Kuzf0M`OTqTtmj>tj^WpzD9zRa6 zy}ksdv}w=2d*{yaS*vISDv4AN1~Vjd4D8P$?n4D@=@)lwyP=pKO-0^C?k*m+j2H$C zw3g{7$&VFseJ**ma$eI#Tbh!uqUKQXWW_}-ag8`G(uwqA*(3IHjV^f3QeM=`P?n~s zOFvm)zDY4&ULwlwcf;e%9)dvdb{Nfmz{x{scKN-e?p(yIq3D~6fp_MvvA;^^?ngx1 z{=HM_C!G|P3+2(-zu!Mi2Bg}@ZIfCI_8bDsXO%3;dwi1RbF7s=aM9gS_dQ`OBm*4t zO*eIhJxwy|w9`25HvpC?kuv~Zpdm`m-9@=8#UP_Br5;iKY|7bTDTZ6OVVRZ?{J^Ht zmyC`R9yaiVPxsw)7;8Ug-&ViFM{Gjo!@j+AZhXds6H7dy%wb+8qCO$4^YcZ-Uw<%& zhJJ~gz0WEhu2Pr{-#35eK_6a~D-<4?8o(yWjZjomZwTUtX$*<{%Sy^_Hh*kA#$jw~ ziX26up3Dc5Z%Rb|{Yt>cD+#~#L6iTkr6yvviPrF6B`C5Q8BI5rQ`VYV zPVXSP)T$k9&)Q1^3xi-4qUM$szxEsAOuWA%7k=i%ipEwd`UPdxfc>iov2n_ zTRH4JMHx~*pL+i7RZj6n=j5cP`IIjSY@COErOS%ri_>PSA3W@Hs%LG&7^hNU*N0`{ zIR@0+DTX4l?f8qZ(B}PurRDowRuJY)0JVnySW)h1W@-MhLS(oA8&tL@&F*f{U}5pW z)x0Gf!GduLvF}=yXE3AZ$Rl|oN=26`?J2J700BR9eM4jS&B@WBQa*IGfxQH8K;Qc3 z_i)KX^@5i2#aQA|+0gswY1v)CShN*t6qmf7I+euAQM+EoCVz{hX3wzXstOg!TOo`c zp|xJqw|;60#icCR3)kTtqtcQioaaRkHLb-*x>U?4$BEih_Id8`l zte^&uMSOj1sDilW!UK4(IZ}LPG@weH7a4a3Hd!LWDJAuZ`SKOM8R|O$@;66Z^GeFg zhuwhAB~}P4^r66Qq+(Ls+`|0XyS+URNR@|b2Yeh3f34u<`a#NNDeP(7R9XTAnRUVKxTvf4kHG*l|Rcol7p!o3 zeaLJ*NkePvd9UTa-rbXgU4Zy?@(Q4lDqP-z@6~V|Wv?hpTQ27N8e2GG|4DJSj>-;R zwisp7c&vYNwy9AjA~1k=sG_Jl0)zq*-*v znnEkltyrAO)yB~wla-q#83pZoyn(VyhpBnM&>I|Y(R)-HU^2fyjt~Puo}+85XvhuJ zlm{G!HBf<|5rYGiz!tTZG&A<<1nP53v|c}o`KC-C7p%+W-kcKc$cmgJcQ^~LvT5I4 zW5jN+wjZ50lf#Upgi3E$(;N9^FeeP^&Vy3A>EQ5!lSiYQ5VY%YbEey+rM>%){KXf1 z_)1FISWMy4!<)ztUZ&GP+jmNPI8Z*fNy?zLsqLi2k;CeJ9bb}A4x(Ed-sNHtDU~4! zukq#lfmycO^)n|))r(?y#(UH%8M}M&-6GB<0o)WG9XCLLd5!v9kNq?MM)j(Aat!XK zngMGvMR>R>AHCBrnr@NWyt0^R_ zJbPS>XI$O0?vzYG(`ILLjVkBtJ#jGDu4qh52Y*A7DexrS;VsM&G`X6L3kO;6(AId32XsS%xWvf6LnFdM<`l6C)u(%bD4jzM%ELI*gt}biExRIpjDRtY0%lKH#Su{5_ zhyYon%*dtGf~7?Go#936Y)qG(>SxK;r|=^a{jp-{g4Sg!xC4(M|3B%`XXh73N9i&0 zA1e6yjy&uj<3a9#z>2rz7RVo=TGNJ%zKYUuy*^bZc}pMa!$7XWI9ZkIc;eRH-q7H` zI%sQq$H2tjm0AoHAs%R&*LI4CP73pW&qVPl~?XaTu~jlGIyC0m=aj z4hc~((6Sm9v-(Ys0~h!@wMtEjj|$@SQdNh08vN)=ck%Kq?agIOuQFLxslk28vy@nF z`m+#w?l7cO%||4Kt1{xwojZs^pnv`_3d{q=+*jNWi#%JTsiB$w?8_^OYDBU!};sQ+16Hc<^2$^poS42_%d$qA5c5j@BjI|z7($axpKJaGk|=o zC*f7WG>W)vh4?!PTH_P?`EiV|$ZzUwRo9)(i^E+iOr!ne1AhMj%Bmf=qHjpx%27_! z-6=uxgrJ(6@hv%AIXkL|gAXwIP(HuJ?@a>9++DT$lg^tQjdyPAVx8#|zl9-~3?@6l z8;YvCJU=^es{a~MG_`q6$Md_a{C{sO_OE|$*u|tYE5>r454j|NA&#}QY7@ix)*oAE zfbIP9@qExnsqTu?wa}e40KM7vYoTb>%)+8=%X}AB;MclkzVKUQ;WtsakblN{va9fG z^gME}5hH)8aM$B>!S#0j89I3TQ_C0qzwT}Fp;PJ?oDKe$Pm6!7{R;Zu42}C2XSY@< z(AoKp&4cS#V5|rhxec1I$fsZu3Wf>rU0-+u-EgHi1J_Uw<4!uXM)kg zjbbJQ!^mZKq?*$ei{SKkq+yMcCsm7Gxz;-bovNTtNusgg6>Fv|T-ob#R^@t4C8ukq z5210wpjL3m;SZA^?&3*agBiqh0~ZrM2H&;D4yY|$50k&*aooAln@c+cW5Z`j&EFF@ zD4ddw{17vl9V89`!5)o^2`Ge1^1x!%XrFn$R}2QNV2!7hs993@eNAxd ztragcyf;N2^pmDhW}d^y?+HW$jc*A$+1m_!DWmIam!O8!amaGMPXDZ_!XvxbH3&cQ zh`ksU*ths%%88ypu8M%Gt}GRAU6Z;Fy#<{LjYS1y8M`2oK}xngnQG4vDtypD>4`pT zz5?#CXwxjRw_ROV0r1dHPnUedaHnRi5Sq7BTtVQSdiO%EN@OGt&uf^nN~|{12*X=m zj<3JoDi%U*6pOpVF)o;!8%tbYG{JOF1rf3OXu*l@=Hot;xFA^%2m90rj!I(msb8#w zfx|nn9q(26^+d+beN?R!{DDY)rF>gVM9_yVWaOFGYx9$Fw`Q@i;mVfZ<8hTJHGq)* zYp`4=W8TE4K6^`oAvg~>P=0dYQZ}i8JWg!i+t08FEjtYL_MUBS{viRicYl%Po0sM? z7JyYNRV(I9q`WF^Xa3xrw>y0~24s-8#_9&xd8@#{iUWCv@((miaB2SzH1hOT2ejyZRh5yf`3EuGLvBN>jhqs(#Bg4f#yBo-uhHFDy{)SpB@JvP<&=m5fA?kEfRK z^ub3FeuD%WYUT=xozBbMwf6JD<^H>M8CzyBhRzyiQ=R^9v_VkKPL+>)-oef*#JqfC zW6tnwUTa+)>}-2XLCvS$cuu}Cz;N9LmZ)9SqvrjHJ{i12k(kZ@C>QIjUeNR82`1uE zonMoaAZ%<#tSe?>E-NKfrqz#{qAPfr0?zNvo2j}ZPR&f`SA+as4$NEhw%!u+Z0HA_ zk;zQL25^6-!oh-Ws;R(0(7LhNTr1Q5-X8&^;(F^NdQVkZ@yCJ%;}zLK!1>5o%liT{ zKSo9d3^+b*kwj!}`UEuq_rvs9HA6#@R#Vmc4WWt%7nklBi&#E!_{>NF7T8}LtH#hA zPq`Ws;usA)#+2(mROI49ur)~_F2f(&=|#B-B~J5N6XYFK6(Y4*ajl{cTj;o*IL!lI zp{=sJ!_EZPZQp(XasRxcw*G~0W4XaZlepl)@ZA=xEw6+1(}VmFhX<1ddaKD$R}fC)1*XLPL&mRBZ!(JT3sUKjsl0qIxbF#7V> zUvW##X1q$H*}!1XYD-Qkv|_`08xeZ8GKut&$#Kh{`0K-F07?ia)(e+>y$M5$P%VC0I2(qUXQ6WbjW_11iup-JSx1P^+PZ7eyfeo#K zLax!g zjuG!GqFNJ9uAD(jMdich2EJQ0>04XW)VdKy8Pma@?_5l0W_PyP-Us`{2Z5aoIP5?F z55Q~goSmH|Qi6fSX^2S2BW7RiXU*+rL`U8V(Beou2mB7ieNFTH;YVOgB=zz@D*w+s z(QF5}4CaViB9$H@tN8BU3}7S?=#(4-$i(TE3$}#;si=-e`-w0A{cy}b z{~CS&56^?&JPUtw7ybfAI_?smgFkIv@dltX%4lDtZd?415=>_ULFE_ zwa_Kz(52nWi`|#I0OrsZ;PU{mk7F9CO}5}4CFikcP@q^3I0G=&#Lmre|6h#7C8u1* ze;{PQanS~7&n00OM}VUO$T^7>OZyUA8%f9L#jnx-nAWSStAGpr!Np+yzror0qdFbA zPnRDtdzerZaTnNrKHL7^HGFyG`0|M8e^}~{b`ReCudzhD9+y+@=Tr5eTlH<7tS4n9 zN2k+Wj;G&s6n^Q*A@Yx4ftP0sm%ybw2x>nLS_=qWIGaBP{{Gx{;JEs})1zN07Jq^3 z84XN`RUU|3MyIU7TM19;mVwl={J~+1g`+Bdnoa)w=;tRb`y_w&q96PVSvU@Pd0O)F z2DJTecKctgg+E&PFGBotZ7(!={+4n6E_<}PbKLz~7XEKRE|7SMiI@82EU?c77~!M; z1)u-XzQ5_5f17@JK7Bb<`ESVaJmkTIW@zrczbOg-h(<(y^PBm9UK?2itRC{OZLwdn zwFg_g96R}(e^6$0&Sv)We+j7jjBKtpwyAy2+|qpHKp2OvlKHih%*c~WuV(YL?_QA{ z=x&$}A`m#}s3wy0aBx^|6V`#nWSdFPi>Zy`jUwWbXzbJM?RwMn#H|V4V{(O3_32Ag zUql2`Re0x2o{5r08XJf|eH2yX<)BAPE)aFCzrvneG7zqIZw`H#{rGz2Mr`wOjd)Eg zE%axee+xPXj%lQU**ny0lWX|XKjtIv2(`=Q|Ki)DPrnAVAsZP zYg0Yd~5d((bVi7kUu1h z1;)ktMcZ=eD{?;^&bU+@UfS;BZC#tOr~CU^-W9dS_t)lvW@ppy3lymoh0&*GTt)Su z#FTD4>FTEB`yJcz9;Ta$-G{!{FOM-`c%}ayW`&H2)nU|9xp6%eoXQBfnl^v%J+XEw z$2)%i%y!4Sp?&_5&g1qA633Mb&)vo?u{C4cFSVl=@uO=GHNzTiP(pvK4XRH%G7%uA zKl?gAuXq~2W}+m6KXObhMnf7HZ<|2hIl;V*G}Hyftk-P>v%GZgDN0=NCM(ZziMF1y807x&jo%rXL!`OL+o#t9aQ z+6j}V;eixO6wA}%)mD_j>+yEj##FI1v9)6LggMFWzUSh9%5(ZVq&H-_?$Elzp;R3- znu_3c3lZ~I;3C2JaGQM*;ue(?d3+8EwORZmquK#A!Y@xx>`s8RV|3IO8Un`@;OO>nv#!cXc3Y-#fqk zteoTTK(A<6nhA4UT5fCODmlB&L>b|`CO9_%A}|V*OG}yNczM`sUtY4Dwy1Ytmu<~S>Lg5G$V+~NK?`Zi}i7(>J2$* z?o7t{kDNGqfkZSA*z_7hBPYa%-PD|?8Zt$?yj%tEnMA-iSlCZm+6Y>h@(T7=T9+C) z=RmYr6HP8eSA!}{W9;r+O{*C#>e(iD#5>OVv)o>r$>Y}M zde`S!6ge-BnY5<0q)HZ}aL#!XU=YyM;+&Oz5s$(JS8ejAY*g9y@&vW>8reAcGZbB%j4(NwGt0)vNaKFyc)b)MC120YZB zzh+fqAM%*fjFF@_rh5J|qLy-*jk@*G@S#wEEPig?n*lSpX=rvF%gv8q*HiZ4l@b{a zRUrpzY}YNfo!E%wuZhc|xnGjx*FF^EXr3Y2q2XYvbUm*@oPk+X5+){nIIWC9_rVd) zS~iy>m~O5$ie`Wu?o=`VM^x@7#%N&JwjpugIT-ip!?TB1W6O66)hL1 zTi#zriNXm0Vf=FaA*XEa$F-f&(4(4{>(Qa>M5O|;2$26}O&9bNkQ>B1$}bZei=2Qg zQmbUbwm+e4lW67uj$Tdl2TU;#mG%p3 zOh!**@=vHh{(w~h5ZpgFtDAK@o8LX3Cl0{!>*NIwo6ghQ0xC$$lRm&@F=grwV5-l@ z9-O{^5V#*_`R{bP{UXcdqs)r6W9t=A@PFQgyuAow5A_4_H4o^*>hUlB zt3hxMHSU1xv3WJ!^h;J%&`l?Ywf5l*WBD~%f<^b<#3`jt{&b_z<{wjbFV(df0owee zK|8PIH&Rg$i@n#(|A>_>v5d<r;o!t>lYC;P`~J+^e75Z5tEFrY9#Z2e0px_gKRr zE@Fl!BO~}XrGdYpTsOjQ6ef?b(?<=MZM5QE6(NsFK49LGTcFjHt|&s8tSKK-l79r- zOeX7(+~QAoqec!_epLE|OIn8PEf2#h(=i&5K~e3OFH^MbR1C{xo9Otw-86e+8~InWEUmV)f{e_Cxm3x4x?B=V>kcXh&W&(dJ%e_Vw=P$pD#n@oDI>*B2vRXQ551dx z)iuV#go8nX>a(ukDt1HaPnuyBqA-owhTdW)SRA3cv8u|kSkRsgI+rcLU5brZ4>Q3l zj@0S|%+y&nII=;F?Id%V`d5wTQc;qHE;A-c8aalf@nX`10t*dKOEiLSw1B;(P>)ew z$?)3t=M6q~n7B+qfefos?~1W8EfWe;B$lRU1Kj6$Bf?N$a#F;4A+RtqM)dc-?-6}8 zu|kSzk%mi)y;|ku&4p%9$Zy^>uN|5V&myq`LuK@{8qhqTk0P-@X!;9x$n-DXnyAPc z)W(7#V(%eTV>279V;CsA*Bx8!E`(M&mb))@ox$3Qlv4CzPn|1Y$`t#AC?QA1pC!uL zFY(rM93MC2T|W!+@VqVpJZSR^apRH6t&#Gyz)Y>?DogR<{falK;#qnIL5AhOYjM9E zii_W(EdOlxg;49jbp*wt4?iYM%4cX#ctz`Je0kq&M9z$RtP6j74>~Uu(=V$9zYc}6 zMj?87sx4~j>c}d$X>XN;{CGjW;!I*HHJPeW!lw|{gJ`;S(Q+);Volto_8}b z^vV#lM!R8cGWAY>a}{KN){Gi zkfcifP?TGh1i{Gkkh9;DC8`OkHG@J7C?P;khMUe*45+R^VpmhI)?@~@-*`GSvGHf; zX>;6UtRPo|spoBFkIiq|8og8x!P_w+PNejFhoQ#erypDeCDOg0$?Dh|G8`DbX0n$w zBJJG{s_VB#b=7Q8ynEBlq8zU^o0v7(QJZ<}^gOFLTQhr*9I?~pcm~J?cL5Jb^~i?Z zUH-=*-Sf3?flu~MX^l-&3afc5Py~$IS4oXbVA)shhc0{a-7VKZ~O_GRZ4!-IU}sPVG*p+^6Af) zpD7u$gk8bM*=nos_OL{Ri=rUZ#otCHOOR$Txu2qitJRiwqTg{o7L;)Ti$y$3P|20f z{E=Dv{VN?07so>8m*R=-AZ-z&@(rIMm}XBEKKE|($G9r7jv(#r52uX$uVz_Fw3^3U zUs`9A7pLq190$TTNlX9E{oy;UC!5jc7fC7nQP$`y$io!%ejGLu?0u)ZfpmfkXMhaDNH-{z@4pO!=%X@vd1$otp#5U2J=E5A8TgHt z9Y97y3<(aSiE4z@4PStWnipgSyu$8=?#Dei z`!QWe_=le5D)km$A0nZ{^Bq0pN}n1$G0lmFMwP6_qn-$#7qRJu2^ASnQLc7zXqdC zZbqAsuHCpa@ynzPYtQqgu{`#*^s6+uB)YgoP3NGXV8%zDjF0xy*tJlu6EC!8qfm>B zkzg5rVOJDNmxt4_aG_R z*Fjc3ukY2oScu3{y!p;hx6Lz}aSGau2@kXeg0)#PKis+2_g z&xHhZ)E;;gqFOD-1*K{TDq^i5;fE=5Sy3pbJDcKgufjz!1T%5iW0dE(^b;|&grH&T zCzQOguN+d2PNoc}B}sR%D>Rd~-`T0k(PA+AFwv`VyV01&jLmDnxDy@jX?XM z(^trL9JJLatYUYb%#oBk?l5!j31yoH^wCmY*77NmfuIJ(bfE8Tch+Y*>zP1d7*6@l zA(4-Zci!^6&CW1G383_st^Is&8=I4jphQtzuhNyPNVm4&$VaM&(f|$naqM< z+(zx+?`Ui1$^Y;j!RKF^aZsuXI3T^iq=bhLfR)TiF6Nq{!iz_+pI>RZMT_U>&OCE8 z`DzcsI@2Y7D##&b`W(C^-$B@0om6aa&O5Xb6od%nLZpPtkb)QR%DY;{<3yuIB6Ksf zRU3_J@cLz7z5P}FyH-=NE2K56jr1M4l7rF1LVz{(96MZ`&68|jW0PPUi(#UCmIXlY zYN5qgCz47Ie3DnfyN4t;O3)|XrRHD+uE*!o*mV)C0b{PgwXs*=SLldLU6#xw2#pG_ zxF0#eRht#0al^!4Y{9je79Yt2BXC1sV@B43RIcS_@nxCBi%Gho-hkgYeNHY4lj-~Z z=Ug=2-n|j;GxK61H}~)NyGb*}PN!n;6T5)Du}n{040p01q$V6V6(+d$*-aC=V>1El zwT~A&gz3qr`W6ba4AMj!Fxlczah})BhN}0nc(O=fq=xX-5Ul-}MiKwLD^>=ghi3Xo zS^tNt?~Z2c0soFz(JBcwS}S6=_TDo^&Dx{3ioI8@8VwDKQnhz$ud1p&Y8FA2(AuLm zp+yzN@B04U_q^x4N6zsF=j7hpoBKS^XFc=}*y)J9CcxbgD-AuqsHRR1yO+O?8nuWo zD=!=$L>J=CP<75wAtH)5wUjvOdEe3QxrTYWIt?CYAtR378Fnye-55(>n5rMWxT8~v z!sVu7v~I#;;8kT(GDXcY$`}Hu!6?NjQmJCJt))4W;I2?saJ$d^e$}@SVikxMK{9p@ z0^wf!*j{g-@#FjV94%>tal`!Hd|zmDLr`cuoBBj4J7ao$GYy3G_tD^#B)79zV`SeWS<-${rMhG7ccAX z?ry4usa;)RwpPpF6Z)8h>K`in?N6jLpN+7w{OZi_e5{!lVA*M&wMISAsKdAj9xKH+ zSGpF#Y3|oQRP5c}U2?e)7LkOP*h)$F(sQ|g&lbq)(zEzpj~XU~edKG@rdDY>`mH$^ zR(JP$YS&#j9X!Qb(Fj75jjWZ)Q87&w)%3^2OhtZ{=?z%U*Yw>!%@(7LtsXO?Ba-jd z?C4-BuUhii4C`)b7ym4Zp^{OepwH&!lhErL8On%9CuST9{(q3c{?mbL#v;(o%`Nmd zuu@ica|PfO=s_0#I3voT>e`Mo7f{pTsEjTtgZ$~BF1TyQ>ZD~x{3&3*bn&JHU9VC+ z1}F-(z&Y;$iLeQY+@J>E+^3ghz#d2z;)oY=yS6(xexJRD>C0a%S3)30r!p(=J{r&g zu)BK2DnjF;EbJgqav%`lD7Tv^gO}Xlt8n@btou9&vHWQqtZ|6&{1{0ZE~zs;!6LHCxQ8O^ZT%jdILiJf7~b$Qln4k5kEe_BAUk!_iN0-Phr_yufc@hgAOk5QV=0264S& zYdzcZ+4W!#tQp@M@qBi;oIg*v@S3t-nxdI#RQi&%EtEneM#SWTwNX+MfMBj)wLiTA zMf@B&RRh_GR9@WcxcTUoGq4<>>;tEf|Kd^Fl4vkT(Rs&^_ZuTWBrO!h@@ocs|?|Nss4!PYXmY8g#DODgaFaj z+ww+;z7r#-Lw`zi*D0m;BQ)?+ft%oRm=w98MKuCTSl-BcS^KE0_#mNrC`0n22cJI6 zVGIRJifSOPVP1+KZw!GARSPnUWxzR?cxjAx} zVciU*wv#{5Ktuw?xpFag7txYkUdR>!E3EpA5*AU!u-+c2xS?ZHR$S(ioBIB?Sdmyy zcINX*$9JHmCHuQC3NeBr4=0Ea^*O$%-}LwWspcx1xcw%|)mKrK9lG|`I2qUc=O3t= zD;^Zmv(p9I_)3V8I@rbh_G4MU$i<>by!CdAYr+n#$lcLGVKBHpCKwzslA@ZC4g{qwR z2=D}`Hda#qGLlpN?WU4Ze5K->Ax=RF!XvQ{vFdO7TWVATP3+faa`c)P5+h9eVza-M z>ih6yR=pRzsec=EkAlOIR*4A7(*MTm_>HR32oE6)@iWDVoz|Jl;K`^IL4izyz0wWy z(D5XSm8JMTJFQihX8M7(eiSmTy4t?JCN?=6j#k&Y$e83q+_W2XslX!I7S_@#BV)5; zFzS+JW6th$PN&MGOeT?afdCFZFnc*!B{x`nXZ{V0m@h(D$6?nrA51feA zNWutbhx!7DYUC3Kv9X!Yd%wc>>Sx5Lg%I%&5Z}4c;z_aTY+6k=n!d47cW)OzvZ0xb z>e%)jEfN2bL9|TY{zLZXgr(ZP0CI<70iR=8`2tse5aK5UXO5>FtaR6}U&- zjGa*0hr2N!8_oAdUs(KZ+BPs3!**|4p_?*Tzc>-|?D5f6s6wtyuN`lx7-3X#rS(*>gc_ZwGMJZn0XB{;G+O}0L{tSULp{%DNC zwgr>o=VTyyVmuc9{yo%@J_6F*GOGE_=&qXoh{NQm2C~0OYQsSxh8|U)sm|M1Z65kO zq4{>t!wH?1lAXIEOlLGOLS>z8yvwWj@;e2UW~0PV4lkjyd>bf~Q6232`oltf*w_Mo z;fZkb-<8*|AKn*&5W`50p=j;Q;@jF%32(g#8WGCwbgpAWO_Uc+83F@B1K<1T(}!^` zrZ_7h#Ek^e1^Dt4X}O@^h(Lw`@4B4Q)Rs^4b93*Dj2Qm0Qa1k#zuXY%Y1(b6aW4gE zu7M;LS1!G%qcF-PI%_|z49AIwHeizjWr)p_k~g+VONGzeR8*9?1V@Y|Mk>Y$NIWKL z$h3QUmpU{a9)chwf;yx?XAO;h@SdmDs6)Z*w1@TO~=_bAQE7@77~nxhh7lxe~t@o z(2$qGcrz0G$L)Xm^a<}D%Cq)im_OtiQ!k_p+tk`vs?U3xPhDmGcuw=y->MttCuhs) z^cyV?h$F_(EEFQw1<`W)VnX3!g0FGz_v6mv$Jao1=uUNGo>-k{*v{jteB&9`oeeXL09GXe;3n@T}@<#cLmApsCtJ_JnN*8H{rbUWIhU7 z`8oLddZ+fY>*@D;yEEX$=yPT1bquUAT-?}}e1f{JefKLjT1GP~FM+A@e=%XbP>zBA zev+CCqt~xRB!!BkA|}kwe|%cnwqQ~*rh&Ts5aqHdKawR9P_IQpV%tg)_f)Pf?B$=XroRzq7M_$O=fabIU53x^J$LKJGTJ}j zn8$W~&i#}8t>M^><|~Q0$dh*S=Lm!gM`B^?{i0|^R!n(|QKbb^?Yl{)$6Xl3jRJg6 zhWCJ6L>Q9|yzw>?=tGu}tamdiBUf^! zp@tKpc#0<#=7uADNb_OMN=Ku>2L(5nWy;KW`ZV;OSR4;;_0u+wZG<>8#ztfk#lD*3 zV51RbyJ<&(z6~n4x4=AEkO?cy%;sV3DZZs6=ILY9_{5NeGDFct$+ovEVQT^DK8V7Dr=|D+Gsug@hyv z2tlpS@7!)+P2eegC=n~fTqUM*+t$F>gw%l*7BEpn7ME>)cOdlxTRE+W8WI&Ngvamk zrB`l!T;)EOBqbqJ;m1c{5HQTRaFa9?1g1g=iNtS8W|b5C6s@4u_x0)VpC*7)ladiY zGr#1F(Y!(#6hwdZk%Ylvoa>3Vw!{j#ot^-J8Vmz#d*V9N9z9W zXuAE>k13&KkA@7&$_F|(4V}zo<+)Ef;;dN&0w*@tRa*i}@ zC@Wv1;(YBAp3S#W!1j8YnZE^L*=_I=-s&!5|V?8 zVP<79s}ZEDI2(duKz8mY8~IK@GltZKcJg%*A!5$Ilv8_Hkho&#UwBjRdG!$nOV zR&>pd@vxQA^rkQfJ~>~ofb%J5Xll*AhoG98&d+Q?`84XsJyPtA>q-`cR~d)#+&d3b zF%HAEcUV^?QpaLP=0A6RjU8mFugH$8;!Bf|kjO4^&7#kyw{yzkL^sv@(mfKqjkKsq z(+1e}+;#7Up-6AxOlWLYLeJA2bpz&pTZ^R}FR^S!g=ab2C2>S}j@gWFlH`YdRvJ>7 zB+hZOE_KLhv*{vd9hF(6kv#=56hl{u`+BnEAZ8sbuI7_6;vqaMy)c5}NZ`3;4}d>i zDPeOz7EZf2@L5_byUQZV{CzR3xibq}=aT`|nO1(EW4GQhyK}!3qF}nCvjR|o}iDmliPuW`L zeg?#Wg0-IxG3>Yw^IP#HtTZt1GVpp~4N=uTTM2!U7q>%>j{R&7MhJTUk&;P~qI&te z98JiVZbegU9Lf;{IubS=WNi6fq8CWl8uanUlb(WJ!!N#y%kDiTFFPshNW-pT}6 z+7rJhT+Gpic{k^lmM!Z!`@%^JPJ?fgYA@y`h0?1LIUed-=)rn(WedLd^{aP0)1PgvK!p9 z^{r~o^fkh~MMS*kB^aTM78x*aMyeGbHrLsJo>ylb*8J(kshsF7KSX!oS=BWj+{gNV zs$A2>pIL$CpDAa2|7=%)%Eb)|-L+?_)(x5YOj-Hz&{6&{GuV#i zj(lhu1@%TtA0XZ`aP$TyN#^yxq+$HmoUv|>r1v}!$qK-`W5HAP3#X%jz{=vwrOeoN z0GkcJzbEKD%-6V!$3FwStyiq~53uFA6rg-p^b4Nd!`pkdE3aHPUs-v-k*=97hjV8eTla^Dmp*jr7%EkXdH*tEcQ6A zV}B`_n#t|>k6Iijh0Lu|)b}x6e@?*5#K&z^eA4i%^WI|ROSEZ&X}fuW@&ySVwEcLs z(ArRQ;p(O_Zp2~|%0Wb-tVMMGy@Y`(Mhv-)akXFC)-v0QkxG)<0JgmFpua|Q*Oh-~ zV>KGIwew>)sJ70-XG2v+$>#43%q&hD`VKbxkUp53A~j6;6?u~r9wh_Y zA^?Rhy}%wlFnrp1GhvEXDIzSHJx~nI#u`}-fzF?&9TNJon3MK3>~ zhvC|zI*e@Y5NOfNeW{$ z{gK&^&zRz?Svk1I+K*2DJyW%yuF<9{0@W`t^|p5W-@Q98UAF~A2&Cy1qb>jBYZiYp zNs$(L0o|UTKC$xcXPVq$)8M()qxkIwG*hKGN|m6B2IWywL5rRR0?_WzQ9Jj6m^5U=HU>N8byl1_PN!_q?~A-t1=MA_j6tA zJ!Qn5r~$YT2?`vD0&gI8AvQHPr0(mD>)-6Nqh`v@R3Yz!d`B7FSm~C`^{cPeCN&Ba zrGBvV$kuxuRPv^!*5%E~kCU*WAYTJzXstOh*5h9H4}D^`Oz8NCc0+{Jw=Clw{Dq4U z`5-~7hxF_WxU0y;I0X8hD#?EKE@yXK$c?y+Y0jHfiSH7f-uFwo4k!-sY_Qwft;bkV zZ(@4Uz3*#m@iVIETUt0+1lhwC$;6(ox}4fjyY3e5sDq5EnM7fYz4k{Z-ddGLy1kXu^%(a%(f(L`d8UwB#R2SB?6q+)LtWL3?6JICm>zyS{RJ z1Q%keZJ;OUJ}ZuK;%WYwHReL1g}^c@v!lI1e8n9%4c}zCvh)*>Sg;HbVB+a3IwWAL zcjx4sIFeI=TEnX^5rn94*WPhY<0ewFFo?>0g=rwiTF@~4G3(oD%#2*mp`Xs}<#1HF z4XbhOckA@E&!shDh$&3;6?ZR0-KpS@S!;8dox-*}oc(wU`qKGH;SaZUis8PZTn`U7 zk0OkVw+RxUQ#~7m#gIY~IlgxcsQX~msZT!TejEKmAqkW|aOC>osa+kmSx}R|M=~)E z)D`j3f>*qR+E%*~=OV>LB(gXoU4t2R=(ISNN*EA#4C2nem~?F2nv8uH`@ml-HZ#MU zv41`{x5nKblg*GlLC!OOSSU6!5d9gGO zzxCWKG15|do^F`6-&i?fdr^zr1ve}szUL?WkSD=j-w1R&nH~%h?1`pheBD*i*M^R8 z7UUzlJ=ccckh-njX9o4UAjkeu1&|&@3-~Tby;+WU;5n@9> z?Z~W5d>g%>W${og{x?&On-PK+Rad3UO^S~a(5fa{u7RM zf4l~RK*?VfBsbO0MFvE?WNU7zkcP8T3l*@bz?~WO`Z>iBIr>20y+S9eF+OC7(AVQ} zY_hmG3J4kDZ}SRRj%HW|`gU(@t4zpA&WssfdXLS8%k(W!1ji?LKw3$joGBFpjdIa( z7Hx#uyUplp+$G_pnHn+6@RyBkGOyNZx8`3z?2|0M#Uj_;Yf zD9QE+zSdTWSs#j(ULBADOz9gFtJ7<&k@D(*(y`v`!XMH9w+66WT{CtK(^erpwkl1rQQ0Ne|*m28lX(SIGzS%@}88eyL)@NSJ$N!c=sz1Xet*Xpn}f$-B|t3MyE|L~%!OQbX) zqrt0YI8T1pmu8POe)+%3`ukc=1TdXfN+SvpcXA!yHg!68T9fAAe@(foly7yvJ$ z8mkwY8U3Dw#L8C$mcs~rb$>bV))Ru3=13{9P)o27n^(7(U94;0V~Iw6UM^xzq!@|~ zL=^Zq{KYU5jR(1=(LN$BqKAEMfJ=*rYrhnVL(?-T3z{56^&+D{rkze4UMeUOFJ+&y ze~-$js$EFb8(3b(&K20T&_`w7sj{Wyqw%3;M+hoHeU!ZjMG|;btv+vpV@1Q#&wdId>#x}}_Lj2)z zJrbJ`d*^GrbjDfMW@16jc8daOLlN4^d_A7y#rp>Tmnvmb^~bGYeddQCG*XNuuc3)h z$fU!^?Hz$exvqHy{8MYS%)PJBSfas74Jm|8u@xKm#?3}0uuzh{`Ebage72bpB+g;u zRlI=l>S${a}}nQrDT(6k6?=ka%L~LyY@uB9Fu26A0d3!DTS3UQ~NJAZ+om zPyhut=dvqj2c&eEr;^b9CY67^LZJjhDR{U{2Qm=kC4Xn4?K zn0wd6GDs?#pGH)G75cDvhAFkJ`?1qQFkUFQsg zuPw|+GlA^bdQ)Ggxyi^>%5O!}eR_R|>_Zb7x77QuS>NL3KEBq!?HWWFtIpH+v6r4c z5@d0UK)d=UkU3=f&B@)CPML&MjPwbao=R62l^KE|tJ;JBp`;NzZ+sz`$kx(7qAl?S zC4{6MA{L`#H*Cxyb%d{TQrT=k%);t40vGF53I{7@XRV!Pr^JqjgYKHpF)cRzjH>2& zonA-&XpX#aUoBJ1!TzSb%94* zYmD6)4D?WgY4%PnHG@3PgW2_DK~!}Q*%ak}ruZ5gAnzKOujPKiMm(uArSf5T5dWsi zSYuXLy6F5*c?bZot;@*ZHt6RDyr0k-sW#<&+j-Wvd298{A;y-3+YRthgrh|lIuDVio^Mu9lMu7bzM0; z2X6L0%h6mwnNRlL&&X`_4z{bbrv+6RPuRphVyaH{_Vf&tx1RGqndj26fM#>{m!a(M zRt_QgImB6uMV)68evl_CzvBE<%ng$Co%Op-9J>+kkRO-5CS=Bw)gGH1JK+7&J;QTf z+6gM}{V(IuYfb#?dliz?^IT}jY_SOZYFA`V1p09vc~4oE6p0-;&{pDp8i|R$>X%U> zl+_TuGBuj4K2zLX<+cw$+AuDQr|7n3>8C*2L!)~f=@x$6QkgvJv$biht%uL(IbS=^ zy5~qv`CCfl@2{mYweKn0WaPAcnM=FSP~PO6_Y=?7ViVDAQ6*@Smpe(ikMjl}vgF7AqvS5u+lD$k7~h_9M1?1vL~)?~O(`$9mhl4wH8P5;GsM zqqh}Bt-!{2XD}P7z@5*GBW>s|5GYMsb0}y={B?=1qJPuD-~K*2CTl(urC$F%R)mEF zfr}kEt2&fc2$$nKzOsbX`ce_2_|i~8$`=R!7yS9egJ^_##CkOfE zcxPrz*H1seOzG@h67%JgAm|Z zw*jf{^0hq)(D zdAIG`R^skkoer7EZ%B=u0`%o`Al#4T*}6#n9sAuDJfP#20R8)sfAQnG6UfcYy%tr| zS^AA%``}JP|5GjlqxgLw7VsGvXyI(CQ63;#I{*A_6f*OKYu!?Y4!WH!s+YlD5|Uboxkss zRv=3UuGQ=&RhtQ(p{v&)4`G)}gLJ^|cfhDsD|>Z1rVvVe%}hV*VOa1wo200x9S#1G z-f>i1N_l=wGMgFrdHuRRWzwFe^((`q8l#s6?bqVphHKz8~IpsGq=2;QkKWeKVw z_4Z0Xe=J)na0oEWxQ%=7LvF1ey~~xaRg?dn>{wk!*S17VIHBekIHj9CC5ZA>*WW4)>367nAF|F189IY?v;kP zI|1bQ3(DrcTz?tq|I0h0;k-r&s_}7Hwf|ZVpG}HT5 zTL!!-(b0M1o_^SD9#Yl3AhqyIY~xw};-TzZydEf`()lmnJ_`90wYi}Fv3)rIEh(A- zq)0DB#f3!tT!+sXx&juDk95J}<#!NN@Md$HbGYluIO^k%Dn$ZN#?!?c+WA~~d>6ih zx5kD2RlT1wy2hML$oqyb(q?6SVXJ_E79K(H7kk)zT;>fzkb|`KZg@=(s+zLRoyCg> zu5p4mkP@UeipY)xV^rcnNxPpfN>y>fsbc^Q{VEwk0wP!G<}U@oOKvDBVczo&pPv4? z+}dhi#kIVCA7#_L58?qKzD^pxL1ZL91b<~hFwV~Ftv=5_;=^~`gA+wXKcKd2jg~=Y ztB8dE>EESh0|gJWP_RE?SDguQWrGnl$tXj?H;Z#Bc@QzJW*o{SzafP({VbUoX3)Op zh_8{aAmau)$Zp={Jsu&p3>Ptphh(vY)tQH?$c&a|bE1frs)QjXI&jhubBjM7mZ%6Vd2(k_9}m=1vlCg zhfJw8{z1tEk4S=YQZ*aD=VksLrAqLYNb!A-z@!R%<%s!6i9@*#?d~YZ{o_+>QBWZY zmWOGZGOws~;VI#?%L;dwa3gENN}4Bshg3DQue_qZLo>Jj84_rXm^ zS4^|S>vNajG7*~M39Qn?#+b+}kiv;#nR#0g)V5gR(qLFUghakS5e7NlM!HC!ph%$0 zUlh^HCCe|->_{}koQ`}9p*&Zl5&eVEPftX|2=O!30#^;?fDxs7R~hiMmdi?Ywgm1g zmD4s*saSr3Ikb;b>Lf~7S_KA~8EW#Zb986!=N_eeTNwvvl-i*`C27sk$<#h6lgAgL ze4B6{0;D3;zA0$e-6Y#g4qhQ&A8JFTK@NfyFk`FVJx5a`D((5;5xpM7(HB#AHfuy34Te)HZ@0iwzA8O?_bc48&_&jUc>=K`Pri~!{3*4_?dU&aB-yzHV z%;sW&(2c-0!^$cBY}t=#27!TPDNp1MT;61iV_(hiB84}lb;{#cBQf)0U0Qs0hsjB8 zP4fv!`BvD&N&j3ZM>6{yWV)DlXO#_!RfZ}>SZX-%oPQ4idrhpMyR@*GnS6m(M=QTh z`__&J2M1B@R&G3pZA_juwKY28+2<#^ul-^mseE2pamI2p2koR>2&ZR4BdcpT<4Vs& zofzAZSW~aO00*lKyP3VTpzU+{4T~zO`ge>F9=0g$iB03oAo>^=ah>?`>~rC*iNkm< zU4EDHUS~$Nh>JT$X;PSs2^S7aW(b;9PBM&NFZkbIKAg|~?&Z}*c$n^D>AdLWMaQW+m!04X zOhg1|SyJAdiRG5E&j#m&?Bod6(o8nCRbZKu{9#kj+a_0y`Ei#$iq`CGecEb{HQp3s zmF?eKdkeBl5rmi1lF%;FP^VFzRou8 zIIJBV9kl|G6h}E(ndhB(7)5x;TH)K3*WDPNM8OH?2_yb z|CiMD?{qBu5&(TdU9WaJ4{myfUhEvCUkU$v(+RG`UAH2OmK%pj%wa&3@?W|uuyJL5 zef>2oa=sJ(E8d2rwv(a~cdaSCxE8Y4U&@9;t`1nhT^*YHPcN<(+W#Hw)Jjx-pSr}o zWov4V6bK`;3cql*KA*7+X&oJ=WO=qW{?>6{Eb#ykm+!w->-=@V`mZ&dv=Zl9+YZ?H z|G4fQ=Z79`j=Z3}QeW(cJ^MG%`5RZ;?SB3Y(GRl{?EC0wPW>NV7E1}vkeVgoxgzJZtmJD2w*}UqE^q2Htz!$ zA^d88QIzf0;>W^g|4zbLIL&m1R@0#W+gp4e((ePJOG`)$<@8KvwQ#M zJ8xdCFLnXC^_?5xGJoPXn4W$jS!gf;fxP_ujz*_PI_#<@AK#-Tj<$Dt!(ho5KHb#I?zkkR!tuycml>mMOT1VQn&=(aE|Yd zfI=uFiKTJ66EGTB2OT+eqOG3YVV3>-7eLpZ(Y<7AJKHu1Uo%+(E><#2ka)`e_n32@ zCReVrzrfM`{!~o_^x)-cN%F@BtZm1}A&ZWhYgdb#axw##my0hXo>2U zz(sierRcwntA7W;D3SkfIQ&$bfs|S9Y_8`;{&|mr+uj)d4Db$evB;x=w%f5W;QUO% z_U6CAi|}c^FmcJ%zm1)LAAH|i>ikCsJ*AF0vaCJSCY?D^2tH~EeAzRsa46!bP+)%8 z%B)7p=+#9)`Y$MA$ujHS!psIjw8WwIB~md0^l}~O)#l~O(6fv$a66X#`_(G` zhX-zYz3NB`=#uu<n1uJ?xk{qcZshS_L24%TF4)Zy?X-;sL(3uAlZ#jSV7L*n2`%f2>T+Y*3gxYxmXX~=ODLGtM$_FhzBR>>g~b+1od^>mUO)C- z_osxo{`t`;o1>=q9#RkY2Bo<)Ya*Yt_+5b1{drJ2Ux@6M4a8PJsuHd{20gY4OL?a3 zgH~V&2!pS4+{(I5HaN!yuk*{c7$JCsY1Uamt8dv zciu*75>J$5Gze3F{d#Lj9^e0-gTstcj!KEB_zB4)S2)c{P$t;suIIY*P;4tNNHE=D z(?_(_;ro7IwFWt+pu*izEPdRzT?gU*St6)eO%M!!n8v@K8)-1aL%mEs0)w-^W|Twb z(}YiCMc)Fsb+#V;XrgLWHBeVoRy2gwM}`F>xxwCDF`^UT`DHEzJl8%Ig=jF2fR~TJcWdk^|6mx;8v_z{$`f-~U8ZI>PTw$v z-Qyj-*z-V?2lM2}?PtCpN!~T52IY;P6wZxgiKIdeJBV^=LRPZ4E|N#mJWe>bn@RDcd>!8pgmsu%d9=C}UAj#jNm%k?T-1i*fHy3dj`4ZztLtLi`i5 zd;Rmky!7klm_i1ybjd?&#QS1pW$Sd}{zhu+TU&bLo_=gz+wl?Q)yCs7xvK(~2NC+a zzkhGHOas}ZZym?n)&H#kKU;k$F>HK-J%I+M1a%m&>mx5OH7GURk`ZF0(AlQZ`pv(` zqx7%}2pd@q_4aSzrGc%_|JmM7A4J75ed3x~I*1BZQ za`hemSs(1PpU|(an!4C_;xNOyb=Dj56llgmGs+(BvSH;4n2-=855k2H1Xos%1X=1R z{Un);`na>15nHw$g{k4dW>O_X?JVP_`ZR?a?s~XnN=lVB7CGsk!yFGz~cBoKy?W|%*Sg7`F=pGZNFZZ>J^SX4eME`wB z>N4s0Z8ftqcEJcl+O(Za_q^sh_&t0!<9bl9(CXRQ6j5LAxd{79+jupp`x&r)=SPQ> zH-Nj&11=hC<0w};7MiygY6FALUxpS8?>=tzzP$ZuR)XpFV&d%KMQ$yn$MdVc&N3v+ zU(4{XtxNBRDI|ejkK*YSJR#-if~_6|VjpN)iy(x6@S#4B5nlEZ1!l}5hw^)0!^WH+ zM353J$^SgMlQf5xk#Zyw4iw?yRBSTJ#M7WqsAV1p6iFazMg;Se&iDM&G}~NVAzyG> z=G)}Xgw};C5^N8)q*=$H9MA031rkb%hX_*thK4kn45+@6GURJ8e)k2j9^)C`;`ZaC z=SJA$^t<`fP4-RxXp#ts(`9i&qtn<|SnSu6q52ZT*?1?iOg|p^kWr~(G++K-+H(sO z>7n95s<0;Q#L8%L;xw0fF3uryATb2Y)vHhIRv%T>fFR<0H|r`+J3x-TYp{hM<;7_A zPTu|qTV4?6^>i2s*%L$989WP_P>vGxrG@weo~T|i!0JShqIJILY}X7{ymoClY!(FD zq{TAQYhN)Cm}^$wi1>Vmx_ItZr5H%{y$T=h)9ifPu9my01N*>1jxZw21^Ea8+Vs_s z%KjlcHic{{F+)S6(H zPIK5i``~2P9O&a|Hq?~O%$QHqwZ4gY{GhK*1wAr;W~}&7iynh@2H7a9eRr=N@DBZT zx?xgDBf`*Il$H#Czm+%3sz`teSqL;s%g)ZmY_{;GEQwn(cu?L(KG9LvA0}6C-kD=k zF9@O~djrp#@Lj!PM1P65q)Q+g3cW#)l#EWsUE6YM>tDM^0O(-EZjE-Yqb-S1RX5hGY$^`jwPX{UdFQ+^9#X9VVb+0ZjkQ&=0qu)AQe!zN&nO{t zM9yKs9mv3YqtmDs1{EXqsVV^l2KRu7VBUdAg4OuZFEdXiIZ?9G(%qoy^>uZsaa_ex zT&k>_nFf}iSCJ9(;COpGE4C#y`sdH1XL^+r{}e7~JzaA*ywg*1^7Bh`&TS>b&)#kO z?En1Q({+=Qk|cTr$&m#W4^4}-X5D9vado`GzU}QD%t=!NY6AmC zn$sI}y1FB8z;_b3i6S#n;A}*{JVI!eQzYjsZ;Gfq8W!+;(vHDE6em9j7Lr%y_*S>- zm*|6F`kV;<1_TI6p+=+)Mnm4A%qvUSn-!=EcbZLcy>=B1X*I7?P4%s+V^W`3RkTFW zkZa|vo7W2P54G(OY36!V^BY zQ*O+WH5o0pv_*9`($k~4tBp%5*-Y2x`*64se96A_A$<9ne{cDE&W5uNPv_s2cqzxg z&W>jDAs_EwM_UX@8$QQ#Kb{{4<8J-1>;ZSX*QHglc3TdegV{tB2g0h!3BcVQSnh6^ zPoH`1O(Eh1tK?EoZ1|tC0^`5U`Oot&oijN9eoK$IV-?Qy z>_}~S|Dye5^73XUh>J^*eE;|ud+;ksg=cK${L&Iq@A($?cj}Y1#Xqy=^vDIO|Rr#;wr&As|3ekIiv`PCKSO0{DZ|ppuUCRGU^lvk%8(jl`k}Z49F4A9~I2CAu3Kf#BUJ&OLmT zwjj-TRJ8LxPdnEw4D>FKQ{&5ZE6FuH%w`>`?Wonb4NU?yy*U-9t=>Wq6vU>@;+Cg8 zPmO8F8;Raad=uYz36GzZ9ChG}$1ft`6 zc?O>P>m(4tL&YDJA(0@#F7R6y2UN_YG0kq@C#2FB?ZX{DDj$VT$V&*C{&pO#o+V*~ zdK5RD@h&TxClIEi9vhUmp??EWZG0bee;AwT=~1KUe8g{jn7tQZw*G8WDlmea89)Bp zF8So195E54uYrV8xh_+V5Uvs16bz`GtKKuUU>(da3=397Ga$lMWOWZTfCah|Q-zl|8|? zeFpClAak6t@dG>4vD4x|n)^H_=MSo;e(M7eM*JttQ~RxR3<&>*EYj}IzFKT$#U$0@1o^dm-q=C(A>^19osADoD0ck^5 zP6#Zgp8-VzM@B(=;c4G)&uN*MNR(zD4{i;SgD_^`uUUoOnh6isHMDDH0&1GeiA5v< zN>e}0xuQ7Z9sxX=#=tl5V^ImtFS7&&LiTD$@~mlL9}0s;9m*?4V%qg`V+gcXo0`ld z-1LW9=O>Gw{pmwYdQ0GT_C92p{dO^B+UFnDemnNl*2HAP^YW5`(UB{g4KkvoqR>>C z>E8|c5!TTm*(s}Fau~$;Lf#>YUx>h#NH6{}07jq;juSjMa8jFI*zDl@4Cq-lAeOEi zMX6L``2;u_hj8S()G9nvMmA^1g^@y)PkMtiXtcOVNkF&1$xCSfXDea?hTs&vS}rCHC(QYjGomvivj)S7Z0f^F z?E>tycpe~Wr}QD~ib)4={Wo5HyuAXNbfMPYZW)d04+?3YrMgMDs30}(hPT9j;!?@? z4gURN5mH$qt%8+WY&|IuMin}TR9Ci{vnYiBS-QNKV1Ih~a}ZUp(_0ens)S*^34_{j zF$r;O&Ar8i{QMZSRh*OqkfZquOr<-#x0P%?jH~X#V6iy6?@`!>=-VI?q4xlDb+$U7 z>r(CL=xCX4bie-S!Ujc0w-L5TJ?K4d``|>XG_poNas~67Z(>sQiqP& z&nMUoJlWD`K6_(S`kp_qoQr)i@pT17 z^S(aGI~`Lb7E2Swjlq=dpO3_(IXJ(uvz%tBJ~JPF3;=k_+-NToqRkYvOhG+__>KOY z+{T=N%n~6iOHV_DZn@W?{IKbHmDI5ks0^yQxuzP&x-@kD?UL&K+Py{xf0@hH4}cO3!tYnK+GxKv&|Rs=PZ{!A7f{nqGU6(D`eo^Kv>JY5g}l{IGt1_;|77o;>C} zc%veub79T$I4WGa@qks@YhkV6Z@^sM{(fkfAj7|#08tL)t@R6pZE22OJr6%%PWq+r zmf`gOjZ#o`{Q5Z;iqDAdGut0+h<7E42SH6ptjlU-(3Kl-6QY~SBMCreAov`Nu~06v zxZ(y8vke6@L7G@um8kdjGCD-X8K%^9t3WJJg58tO)A0Tt3v5BZwQ*%NEZwtt9RkMu z`3<6p@l1)yKR&%zlwoGA(8?(5_d485RBH1KL=0;qh;71zex9lxZf%gxiK+25Y zN&Xn;F^_jEF-Uxx-75*w;qjNcxtcrZy(;4wFT!nC>!^mb+mxz48;zF>+6k?Q#aB4%t+vWz8UAG;wm_AP_TSVBye?E6+^8%wr?v6k$Ngt1LSA;h4X zjKYwFG#WG{N#6NB?|WVE^Lwx7dgqV(|M}zo+~;%7`JD3|uN3Mv`W8{oyTV<8csPIk zl8`O%vu8aMlX#Elq~Za|!7{o*Y3s6}Y^N`PElIf4ixtY24s2m;%h;$>5CsK>RZp5D zT9zZTnH`|ZYw@MXy!TTt0)5KQzNUr-eEi*wHmpBB@0ZC+%gud!wZ0JH#c$ZiXnM`+ zKdRAka$+eJ8ftbz{X`>i1>Tbv2c)uUfT!I(w%76&d#mAp6#maI#>IlX)J1S zdh!K@lCV`*GH`VAx2yIJ4E9Rhe_Vw@08ep;NAV&enVi8mLoEcn>&2#X3X`)6e z*iWRv&$$>`7drqAUp7lR)p$xL$o9w}dKg9c(4k`x#XK$NDp3J(-2d}a{)}5S-czHf zE*C#p^fiW5y>xzbw=qtoPHXvZ%JQFkcaNf%e+Mh*)VT(@VXrMvXn(&jK0`o`ql*3k zfj>8Fy>tk%|Fk11zv>wwHhvW@3_(~K?K;~M*OC$Q?=VmNxAsz(C1-xIimlsaw3HKW zhw)$hM6Xk4-=xGJ*yh^hooZndPyN+#RM8o-K?CIE7`1)ReVe5V0Hoy8vVN5Z-bOwzCQZP}K1O>0n9SKL?6l zaFeqN|Iirer@Q_m3SaceIv{jJJY7nmLSm6}wAjbO#40YCxzjAx-v;eO6kqE)8-GtI zqrC#i!t9FeVpfPYiGah6qp=L&`9Ho(&ylYfZA>RoM;8rtGyiinF`QDAj>zTM%Ks8H ztN+WkRF~Yr2A_1k>#_TLbnk?^OuO~lh&bNkEu0|BU2*c-XxDSTd-?nD_dKrsc)ih+ zif*z0^dXU*4UXimp9KNnu6s3S6oH-6n`&y};t0?+dNJ0#qEu%-d>L(egE`gYVRc^_ z=S7t1*CZftzt}GeaAP*DPc@Kh$$SQA421iuzFfK5!o&)`f5pM>+?F2<&?|X!c8gZs zWAx%1&Ahj#OU4+$%!O`02gs@76BUazYf%b^3>knk*w2M(d&HC?`vXhuppf;d#+2)Y^0CGICpX|WP0!Qc*kBfW9~A(Umg zA8&?Cuj$Z(^p=SJMf}hEC5@LOhl)Um67farVe6^q&s#>iW`H9xD9>Z!fkqwwJB7+h z^sl(kJ^ce_FpvptZEa3$-+sSTRgwgFy!+-QAZbO231qWM{TeT=#ko=8H1**_MX5y? zt)KLe56pP0kj0;f%!d6U;8kt4E7N`7)%M($dFr{D(C?))Rlr8k#uGaDQ!IQ1X4sqt@ zX}e;%s$PAWAWLH2CBtS=`@V$Yq7R8>8v{2lR9B%x6tnSZ$d@2g8}y1)K?UM+D}I0{ z$*-*5Z{DWFsljvh%$2;P#EUIY@JpLf_&~cQ=P+zsWaO=S+KMRZZepT7*YKZjz|0Zs zHJie)3GmAi^Hd$g>=PkQmZO=S$`18_LF} zK9Yw7MLzr3eKkD%849eD`>=MP%!ahcl`D+ z!^LwLY0a}pCfA_wZ>okm46 zy3$64WB9UUgD85f(X7_5Y%=Fuq+TxLqtX#Fw@jV$3Ak?F%TPy*UDpqPzuIJ&JikPb zSY1DB2lT|bQwF0o?~qABa|f-FeYg>i=p2uwF}0MI>n#%>WO6YD$wJ^;Wl<#8RG+f% zFjaOHW+8l8TFPSjRFBI3OP{7x9Unvs*eFL-kcRuVi{hi&z*Ez%LW=rjO_=~!o?Vq> zjzqKNXyDeM2m^x92PAs4pSjM7ap>rX$!~) ziJ}=Spt@bSBD>Kd@mxq%i91|7Uc)*j^6oCfmysUwr>$g=^W}z*=Myy>I_%!wE#;o{(E#_;4{N3BJ^;rPwG>HHQ)he@D}ppHp68waAv1b|htLlR zwe=&o<2R>%)%#oYg~KHa*Y&;Zrzp%r^Cd5U*UQ0>hN9H2Yd{9&(AaEcZ?+ILxi-~C z&G0mD1p>LxA;B-*=x-k(O~NcIk2><8JK}NSy}=rO`hjfd{B0bqS}877#Vob2 zFQa_6M)X}YTmcOXB9GkU2BBHG8&^PY?>P1~fx$v7Z&}{4EMCF!s$N7Hg>$`>f%Q)= z2G)~8$~hCv0A_HgM9>33lKJ?{9`0Eid&pOmQjSIKr&tIZuW@R*a-H$k760<MIyAi*qXaa~H@;K&{SQqskOr>qP5gk~6dAPBACxoK^*2e})X;RQ6se;`IQ1 zQGb9+PZdScQcJ^vvU}FJ@c87u^PF10cnVT8VF3Bgz2VbLQzF5HF=r_t<>@EJTF?u& zzuX#bDUfwdCHg+Vkf*^V>M}D70!aP{FuVl#s&tST+%}+GU zT%$7S|GJ@};h@I~`F$$rlMN?;ODF#2{yr|inWtsSzx3=?l9ax%f8oQ2s|>?Y1!;DF z?e*b9#Cnl$c)#=h;lIt$i>0NR(n$WEc*CtIN$3T!z%bjOB@wb+H?^guoUsdB0-Fi4 z-Yzccz)VfT_L``SftuN8M`!dK2ad;<6~{Vb=fFYV1unR#clv=40484JCKF13+rx@; z<;j3lo679m2OEpqLFh&wO}fICI}3oxMaQTK+1x)CB%(D&aIvN*d?~M=m4VZAoi6!U zKrEyHutmz-bAcl(v%{|rGFQQ$xtSP(XKj9av)`2!j74OWP+)r}rj%09 z5Jh5f*fUqEE+~O%-`7TKReqw-n>2a!v74ylA++65k*787PW`u`$?(o3xSwSOnq!CT=5g(HK zSah?o3GlelDX469L!8%Yn}%yHOLk70CRN}o9Ar@Rb^gi?-O$3K!e+&~(kqtEVeCl^ z(;!azI*2dYkXv+mNb1gPCL7qA3bQ4CtoyL_3R5bjOoAvV5A58(Hj8-FG`p{~%qoGx?o%wyI(F@p>w@J8#yqNweh7@6CONy7T+D zyX{4~D~H3xmqyyW-3mS)Aar-{^%XzcuYmkyza#|Gj(O+BFS1dU3Cvir8)s2+t)g&|kE+l*>(8Lm zJ*n_`hy~o*rsgXc@EN`(%19gAyjl);ln-bEhXD*(;a`LN*)VX{f)9(cOyU3&p@LFr zW*66hiAt7Y6)hVk9Z!fcbG=|JCo!iG@D?Chp;DR&IuOwaWz}l2UVcbQ&0$5GuS{Dj z%D<;@$SszZVsISE!E3eX7h>|!5mzCm&C*ff7=h#w3cn4%s4zz31A2e7e<^RAvuE|tTq!YZBbZk(q@=ApHGAWVhgpYB|{?xNgP z=vRmP7lZLePFQndaP|HI9O4;T@ZKZB^5fV0F&=(Tnl%JYwZrQreww86%u)U_+{f$# zrADF_m>hmDu8&H|yaoJ8mY8kY_I9;xboBCo!9t1h(gR55mC`!d=X*v23MNi4Ny?41 z8<|Fo!|WyvS>?dPHLCJLN7??6t0P+xCajd)?XJ|4)Ues6;1UEf)1S9bt%?3Bx+6j=<9Cf##PMt|= zE?oTyJBqxIE!-C+|8>L%?5)Vg=^LVcuCUc)9STFd}upmIpreF^ji zsq!9;BsC_SG#yl}sHJNRQGU=?DZ!T)g9$xkw232ryKXLs2KIZ0KQk6eb?N-58Sl~! zNd;~-NW+-nYN{|SaAH9beX80Ebj&Kw?wir3L z^nG*BF_$_&hZ`g)O}>xQdWX!rcr^&Cs%n@>4P2mI)Dg`(&l&C^E!69$@xAfhr?>s~%_SkxdCyIsgTQKwai}d}Pl#NZC?M?$ zy!GI9F`*k%2)10D8tzD&qFY1s&VPENFI$KP4#}<@{y5yy}R1Plu8h|J1{gc(U95POAZl$r56<>F35Vh%pv7P z)-`9FCz_D~k-_VN;|TfA+K1Q{V6c_TTws~Z{4=AJB|A7va7BC?^OGWr8ODEy zp=?8eB3Wu;mf?L}`}Db)lf#qW%Jj|6n1c^bv4Pk+LH(-bYi!(O^1_>n&_|>mX$Kh$ zK<9vbtb5&?1B7sQUsBqzvUi$Aes|DU%RD_NPa9}!DQ~oGT|I5Su3vCfm|Lv$q0aL; z2;i1PWDRhmMgT6V+PrwG<38GHcF`rcqF|i%Ag#+Er4r6-#C{?US%d+kIx$nx7iDOo z!b~qAsj|uRg)|fA8;-&wkYuSG=`zR2B9a5WXq^U9tyle?Z_%wWA@zlexdg;ypQ=i) zRkIP3eOLhus`V(1 ztouf3#!hjJL$`MYuvuMmdFet1>9Z&LIoU!Y56wC>|L4c#OzWS$Jy{4?=K}Xgjcc|) ze|+NcuU|hS7v@biR|cA=;iru;@<#p9H*L_8x?qXKMQ9etkk(z*qbe#152EnW6U2+x zIuuISJ{!rrOu8pk?i?dkXuen}%NVwP2DA*dVW`ui1D1!SH*R#wgJ|sBvxqLzuyJAvMBMYfXgJ++vYcgcQcl z1m>EW$_NT4PlA6<5tklBq4!<}kH+(<_$n)i&R}nOPme;)2iCbTW&j^UIlME($q5IK z5b#;wP1S{UN79Kz4_jNGB#W%}akL-v(@kDU2_XxMImAtmudS!5!ylUp4{8EVsew{= z-nEwVV2vaEzK^bxffr5r>#uGS5V2;x1SuU zfY;CieZk29OWG?du1mgm?s??-@VEqgT%mTK%8|TZYGzwuBFw)-6f%>JdC_;%d3kU8 zI2UbSIv+0<{FR2dWTXb>_sf;a2UzkO?Yx|4He_$&7qrNNgMdd8m0$^Zuo0`hrz!h1 zb?q=Pmhi%qHTm@9>aHxZ!EZWe^6&@a1zs7b${lkyxSQ~IC1V+Fi9tD0i0ghe4v8?q zbUU2LX_xIEVO27U%?cud(rsC3#-fy)@A}%XC+n)x#`SfNUEnt5 zruzc9Qm(Zp(z*KPlHn}OXm6Jkt-QQ60J|)37cGBRvW%s#5sRrr4a!fovYyB_u9~1}c zwgZ&&AEVVJdiIt|2!53kTs#+p?Cdhcj#o=Ilrwu@9RG~FOK;ycxa&VjzkK}nCxtW| zJaBa75upr5QL8i*mo!wv|G@1%t^OASGgw@%%ngStP4cP;qJIhEbJ@YU}F*P)0%3M}j2c#*G_rSWVAB zVB%jQk+swrkaOW|0i^C)7*BK;3dFAnfo8KlMq*woba$h}Dw|F3Cms9eg%*}Yf-xJ1 z!6k8^Sk(5l00FP)NiHTfdv6bb9VnB3W!O{qr?2S&P*+4oCU8B^j_2~f-%tBAsDuL_ zx01EOpyjH2I-<7R2FfmSBu|5~weCP`8UbvjF9Nwm?FQ3qPkA!!QWyFTL@@-#zy-?{ zp1gyMrqd}8Uj#eJs}cWC42L}gF7`H$o zn3@{s7jb7Xw+0wBl-2!w;;+n)u!n>;8jVl^9Ii1`lfocam@YaCDJHV zJy$#Z8_g%zI+_Q*mDs5+TLKBQIp9T`{F2duvi!Q3$;y=U?pnDjuntmlQX_T)bD;Z% zD~l+UC+UFp{_LI!e+2CW0_3uqP13U4w0HZ#3|$VQ=_-StDWdbJ|FR+)(6t(M#&WVMpXMT>2?kkI%yfJn;Nl zY>Id#x?qs$*PT7!dpDN{x9ql5+wxZF{>QukC>8v4ycn(D5r6)2Gg;?hT(8R>nKFaL zb-Se^(q0a+df~=V#c)^ot_epg=}tByG#6)pAZl}Bs5wqHYq+a6O#>uXaM8;OF1R9e z_p6~%hR+{$KRKd4MRJNM_u~|H7whyWmLHIU$#@3sHbk+iyx$n^JiCreMKA8se&;$y zpmO9=pKnH8x~EK~Og?dPf;*V5ztIoVa*}kCOTia7+eLd`d&HWct*a^{mKv>IZ{|e} zVk-~Z%W z)y%unmL6%TT+?JIbqP}rnyq2)?E|$2ZniNCBnkzw zu4*^+%yKjps6E*KyS^^h+}x}H(Uj)oaOi~H><;WqZ4J1o{6qV~ZpfHantndJ{G-^^ zf6-Oi$>ya_pA-VH*iYSx;5Q1a1B3W`i2?Fqx)&VNn6#*b*;2V7$u9nPyckgn$gRs| zE;sIfTEq*pq5D4g2Vr}BJ{3nM!Y)h&5?)j;yZ<^z-xsi437Nz z8S$64tNy9`qkqE{djUa?gAkCOgQ$$pmvN8^SYSG?v91EPy3n%&yym;Iw=Q}sI&bc_ zDf^iTCdQa~tNy&P)NK1gW|JWJf=-zIKHA3_-^c&J9Hhf*KA}P<>#FfOXJw6hR>30{ z$bnSig~#s{#D})`Hw=SZBx?{d2OjIIE9#~p>pFGTBa8SvyEY%h?2;m5{Ymo2T5S4( z^?DNEE6aM~zgD3RPLjhNy4je#T}BYMM;C-oGGT9hy*KPqsA4~^m??j50=J~f*#bvx zQxdZabOD< zV3*f03^S`Y=g6}#=MbN0SK$MJ44RG8hix|nu^9h%Y8Z^n4E+v`a9|ybof-QXa!(9H zoks?+fW=V4xkRQZbi&P3qZBh{9WIJ>X}mbx2~DC5W1Lf;J!Q1_p`MgkcjV1J;CS)h zh+ckN&Xn-~h21vyPRioHw1$p*$Un>eDxo;Y#6 zY)W64?9WuT6 zP-%rFOs~dd^-!MvITzu6rC|=aEYdXX>FF@~P5pw~i)3np)H$Q^Vc4y=T^U*x7)@BX zAQ`UP9*f==eTN4>H%G{%Rj(h?R4CQlCK#ZJ&OR_f<* zV|@g+73CcjJ?b$~k1s!uwvzLBgXZ#*@VRD>sMU~>eKoZ>tRGi%s!{fdY2!l7+27>% zXP72DKxuqFkN*7GzoaI0B{d5OCK4A+A4gnyyGzrap_9pz3s&ABqf}7ECWgXd9AE4! zM1UY1Gs=%n41|4ChvP6!;H74@8C#TA!hw_=4rCR6aoRd)ecfn;o&Z8fOz$XHU+y8_ z{r!W-WL%Pgwtw%AEiYcU2quO*m-y&cXBVq;U9a*ZdU`89$~^1hBsHv$xKW!M$`qw# zdA4B4)t{{+`n>lIE@iT0KBKd;#nOm%h;L=xGw}VF3XVOC^0oddmjKziVq|@6Sv@dp zrr379#K&ze&~0Jna-w_5{z}9>m0cd^GghKx?2&88FMd2{{S-83(v{mHOd~C<~THvCgGC2r}X7c+rz_d|h376Bv8% zL>!SDebEl|ZDVE-Hu$sp-_EL|RXQIKLpbW*Upn#=^t8#M{#jqwd2}uab-cUsM5G?f zJ&j)Z`R@nVia1QTK;qrrn2dj)*qVHWb|^Xz&0gv20IGt~7KRi)Ye%ZO8T+@G=w&ii zIiOpS&!-GmERF`|=}3LSMo=}qXx6ry;sm{-2hXu*4`habR&Ql9P8FCiE7Txm?CZY5 z_m)~Cp;mdivuZZ0N2ezp8;G(%^0s@Tp*;mPDU5t#AetvH^a$k2q+ms znU2))J2{;d1YT;7clelL{5j}I(B2pU7f*Yc`hIFIlIjVTaKgNeyDTbpa$NoI$+w%B ze@M=g-Mqo0;qANOeHA5>RMIfZ@XZ0YA?$>OiK7&{P>mEI0KT9d8Xddg4`P$NoX}fR zLtn`kUeGZ;A3kERoT9o&I_hsDwjwiG4dM6M>#CeM4GYAJ5w$Mcloyd~{*|`$gu8lk zNS=%<+l2D{^~EWo(^`zStwZF&$`&tB_$o8|#lf7eZ|XLyZb~Jb;0xRtOM#y>A*kZ< z9BZ$(8uHYX!CNl);XTprDgKhhuWK4%1DJuwDDa}{JppP@7cXWKfi8;UvWVu-$|K?{wpeJhQq&_-uP|9;EC;@h%ABR}aIMTD6*%@+T!&!@73&;d*$L}n@V7aPf zy+tFqESy8v`$f$Fd4-?&dliSA1Wi}b z;>^${S@@f$8sP_IB)pm1U%C_ukzAyBb#?uWDcerT(5-m=%0Z)Zyf@tkAoY%+F*Z2R zBv3=+(qKo>YPd{${3nDIMB%=nP_=G>kcS_W2Zm`cC}6uJkP;`kv!c!Mef4;kM7kv> zRfKs1=NO;;S%A#^Oyd$11O#c`X!@D!{^DP#mfAAI!GP3eG?dFTUr_D91=4b*1Ur^m zd%AHUx9kxzSJ@BUa~p>=Qu_7OsUH~p)7ALOl%#gR)J$zOtkOgXGBUW0qL zJ4Y)AP1hj2$I3@T4lr%-P}eK{L=j9~Q8eV6HkTTS1>#Y^YhDJ#;+A@>&&mz6$e;>p z3MKyaxDY8*iKW(n(!K*4?X{!{#j8lveK~(o4|;aChV7{BjE7X0Y@72hpdiZL=F4G( z)`j&T)TDI($sV1t20vSvUmWU}fU;5^6p@bi|B4JG#>D+)V5*aUq%lZoy$(*i!+{PQ!twM4*^ z1A{NKX|H9mSdN3p=bI`S3yy(hLkbj*DCh3T{mJ)(39&kZRX6VqCj9+ItOUb3lFN(B zp1Q(81#U7y`>w8{49a?C}Zl(ycl?=WxX{?4oXea`o2?0jxd4w0w`r7K^4 zP<;+8NtB12kWT*0?G^}qJes?AoIfXU@u6Yej+lY|-?@|Dn|9093@O7z12W2?F}=3C z^6c5EHjdweo?ATkRr8)yw7klsmgn*a!d`e4coxa1OodmjqY{580)49DOm&Eof$|EG zRsL9xEzhe?2p~tvD;JgRa&*@ZNMu}G+(*IORfYTe3DYCHAyVxaJBQ5zm1U*umSTkA z2Ti=|^teJD+P{ep9q0^m$U@1qaP8?q#kfyp-zZ*5l;^V_!Uulz$2RL$Y`-EG+vgf4 z^tt|w({WIYRI&~;s9s)LvXrC4TI9on7RX2ktmK+CyxJg9%mR>j_~*w0!x*#R`1SEx z$39|%e8)wvP-j!yCfqY%l0?~~kpBMqiH(kr>+K1Gf19%M#Gdn8cjw92@j!WYbHj@e zlBD4@UtJ<1E8~EiW}i)4_H8|xd#&k7?j{aaddt zPMXuOqB)8@4>bbWW%uM^vK~)6e>7a8Sct6sz8X} zPIN9w{wv`1==rlh9YS;qxJfTA1Zo}^gM!35pUo>x6wQV{Bo7;vX7)9j!qe0A3S04! zl7_YD9AJEeR=^o?xm%1&%P8_6^%(^fYKf1L91lBcf#NcLKZr{7$L~~CQ19ET2#*ERP#~T%cUnqU4c`? zx?)xsF9m=AgNQIFL~&HssiwS#90vu}H;Lwv)MpnS9NTCeyF@^fg8v8m@gKaZMjTv>V**fsx02ZVbvF51($BewDUZ3!o$(Exc!aEKT$f$ldtiYtJd?x z#Hwku`k`A3pm!lfqe16__Vjqe4-CdGibD{PH+$Axi(lFkl0vrO!^h!XIWfX$$;?tQ z?ynJY^s3d~X(FqW?owl%-jevM`EMd=&nsSS~nds)P8*nX3 zIfaHB7n;*!V*mR|*Z9essKX=|74sb#$kY6A?hOC}pxM6sW++|bxdR`WH!I(n?o~o+ zlZdi~MQC3k_Te2RpL-FSIbDGZ#5+k!%ZeKaOKc>a{~b%oQX-WC<1^xixU#}4j4&P+ z>mplWwqN(vGehrY)|2TdYJZyxHGNJwc#{5pu{hF=9B3e7pbwKtu#CPFzIL*+aq=6# z{I4B*_Vmf#a4_J-zyM+3#gF58jB7-UCf7W9Hj_dqns+%bd4>=zo;$YMt%%9LP*kZ8 zgE;cQ&lPaw6-Zt2Z-S^TvSdq1NoVrQc~|Y2UrPy`{Nf36R(g)T1oLon8k>%fkHz2l zakxMY`?MJDa@4I^lk^byys**tgK?n{RLGOudcdvI{`1~h$J=k_m# z{^%Kvw^3K&TA(blwjT}cQN>JCV*dTPPfYHbQ4Ql2zCL^~r~A|M&K7N6yZ_d`&f^St z%*go1A7j*=Pq*w&^5mBjLjk3~|AeN8h8?fX*;xYmU!VLc2|hWj9{ksHGQ0f`f3j|< zXLpzQYDZ7*>}mvn-9Q(j(y_uJ#Wp&WNp)p=;G>wyTqM4tX04F~`^*H1`@IvPTS-iG zoAYr-Lm$3$wae(%u;&=+z;aEnZjX9c8rSkGnipCE0tw2KZ19EdSgisD(W{$5MBdon1|3CLWfqVwWC{~|-Pjy`?smc0*cgwPK~Ze8I{qlC@1y2= zi5fH2e>J#^ytK4b-(*AbUSE)DUR%vDgVMP=tJaGwfXu4Wuh5Szn+h4`KbzjIO7QT^ z65lA&@=5gfl=eK{Ev#RGUo+8HFzD9Zq$JxBfOM$gci3?JHlaxE?F833KKr0_bf6nD zU~<9bdYzQwS_iIYvhKs??#jR2-CozFyN7Gp^7Vcld!$YKiPVs+Z!46)9hxA;06d<- zcjK4soInJ@+?^eC#I-k}C3W}Vo}O&rsk%aRp9EMGETik+{)QMw1(Y%sEGcr_+L|IV z;!IbtgdEMq;v}6$Z-qJP|6Ff>Iq zb0?>QS2;C$L1k!dy86su#}$jAz^eM7b(({m{1=15#&6iB9M~TZzK89_7SFE?-ukK? zuA)!Dm^@mJPcY-~a?$E6_FPrn7f_&$6k;}4JjeO#p9_z{hkU2_XG2pxYQGGX_%LPq zuO)MtsOcmdU3Gf*4mOp_)VpLqYoyQ$@zRl(Z@H~7`E&p9Fu_@*5BrOB^DbD)p;8}V zS(!`sadE#nptg3feDCiVBOdJE-fCX>qmq)~jmb3U%Ly?GCfnQFj;9y+Q@XEM6 zcm+<(iIg^$!)b)m5%o3k^$&fum^0ku>v%(1F=jGgDX`AEyw~N-tZ(S+2TNt~GD5DL z@nO->43>rYKiwt^?|+171H-qE*Y2$lxiLv^FQzVhppn8{=jj~YlveZ~pnYuJQ z2GbXB)=lOftC=8r=>uUlB-8y?q0BkTcbh*h_`Tq}_}jO4m9wSBzKzGs#!ttehz%lN zjkh%5d*CNFI_ldeb)gg6&`Y8tw>~{N0IvJykK&WL0H9fs56rBFBe1*Y0Otr)z)nj6 zA%0qWIJBF0Dd(&A|Oi^V*!Q zQ|+mAJ$>6oRjfGf1H&}vT#TSblqxQjD+@BONHAZb=j;K{WblkBW!UJnAFM8fB~*HeZb0)nXdTT>S3ot(ww zkMIINLW}vkFl`Y=1+^T5JsOCDh_1qmp5uhhP8@I)vRcX&_@TyDjo|L??xUz^PA|`E zIe)b>(fMJ^#iti3bBN3Cdbk~Me_3QRtzpR-VyNZ{4_kP0N*tj^>*NkZA z;~wQ@gL{V!ga7t#=iOxVK4jqWt80J%{QOyL-WCQERoq(H?V;~pEovq%DFrO}OGqID zZbeNGXAtx!wlZVio&~6ofCxS#POz0w)E{72!1?SVXL;wS19b^W3D_mrLt9BwxoBY${ck;ycqQVQ&dWUBKZGB00q7FSMlx>~1mlu6`f> z$Y@;bS>mfDrYu~7G#3Iu!;$8BK??$jnd2(kL$EpBbE>BlorNX4A*@YbxT)+A#fn$N z!nds3Feg!smpWdT!YkoY#9^?oVb;#?FQVvg9ePWfK}Xk@tg^$kk}}Z1YgXn@t1?7XI|(!1KI58lB`E z44Ts@^^xIS>C_TLO>~xlCHq4;X#YOK(uZkr{_(1sY#eJc1O#rDuE??_9E3HpJYg(5 zGBt4U($IOZlg*lkDf_zf=+p1EYKud}t4^nKqz#SXp@8dqLTot)!|3mcV;NP{A zf4`g}l_pF!Rj!*$D0WT(Ckcj?P=$a zK7__*bnb@|Ybc*AJ>+FKRslZp6>tSty3b@P=n45rqXoKMcdD%4OmJuVrjDha1FzrA4MCdyOk(B(@Te$D*nOgPf#nYa?#_sU}SEZTdfxkb0ya+14{VOKGCEP(0eid}( z!G|(DyWFeJV6YMD1O5VcgJ0EP;<2CvWWIa!@iS9NG7qFi|FHj*ui4M7VCbNpe_~GB z-|W|6e|7&&98I1&DjS0va&y9_a!O6ZN-#h_uzbgrCB9(~$#beM=gxdNvKvq%E?aOE zNX&)ND#cZn{+!;Dj%zTSe90Ok)F$}zM%uq41{nXhJJ!H8ffjv&EIs^@@Z^;wdhzIk z(YT{Pv}Enp?(|}7dAy=i7u?%B3s}lhm1C&ORS;C~D*pTz&UTh%vb#98j0bmM@aX;A zH7lQS%CJ3pI(UOrfQ_a;K*R5MgsS;`l)d;ZF)?1z4_8cfxyDAHKT=VagAVm{$2B(d zZko%u1b_=5_q}`C-Bq50AellVfdN&qFi{il1x+y6W9K3~cDKr;HL@qB_gU$@g+4v54K*;lb6cyP`l>8dwcnqh3;ZR+8(JP5B2Nk&o8zMiyb)2SFVn-YB6a!AFkgL~?-;Lu${Z?6W{dYNW+5S2_^lS`+||4&Hp%<6V5If8@-FwL;FvKc<$Eg{0k7My=9V zY#c*`JZ|Y1e)&Hgfd7^89Vmlkq;{u|&)c_M!tzVbX;_aG{5nUj12H10)-2sbdGZ7d z;ihGHGbt!kb+_u;7GITR^j^|_Tp zud%0JkfI8Dts1|AX7sn@h9Cu^LHJdx55vUD%&sCx4G|j~qkS0iIGP&Qs~?Kp^r?ev zTi^?pUVr1A(vKe_5+nJQ$}k`v7NFsXxc$aa@gC4eu8wOIhdDz}H;GCJM+FPQJr93H z{iALKHyj;F1-Z-(@9q6wp+%Ten_W%1121&b1lC~*rt&Ot6(>CL!SqXSq8=r-JtIVW zuj@oM(+KQ0V}6umV(SZpR16brU>*4&=2rlexYge?IfmjaEQaPl;Z!24glUzesku12 zH7LfH<4qT3ZgfD*DN+pz`QyLjglmXhh6G z?^S8%5f%jqkoieV`a&^8PDJzPdoCx)m%?fJ-mex=uuc;9K0xmNI3U-9_9{omy*Ref zPp)uSL-B(Jax}0;Rds_k8z{&GfVSYekEbblW2=m#dW`~Rq0hx5w#Mo_%yDriA@@#p zW}gkj!={(_x2}kt^j6GFCK#jz2n-A^>&N%rTis;go2G9Caa@ua0^FRF3d=D2FvMd= zvyx*Vvj~H<^zTB6u*5$*1hKFh zLj_dn_jQr!p9OALLE4_Y4t>=(SoNC|VA#c0gFg}+6fKE5Kl1FZ3iK@N#~)Fs0R>I~ z!@Ch%MOVx+Z;@WKQG7{JypGK|YXX;1Lfo+YWewtksEUglh>F?R+yEAU;H4=;2_L!E z6Wz1SFYO0uRhr%`b~v?TaNA3ZuWA1YfsCkUW@HPbV!MiF;!AS;ZrA%@0@9=NU{=I8@%9G68I$fhz;T83AkkPkN z5KuvX3%AzIxyZe$*y3<^L$vABXm?7S|qM3vNEl8o6N-T-|9R)U@0l}a#*AmoFm`75dw;L{y6@}5;R*ZLg=O_pU8;VL)|<pU zN1l)P6ps+(e4F`KnftJ%t?}DR+o7%SNWRMG+;T`freQAlZ~OW0gRJ?ZhSA?gY%4xN zZwXB;>uFtt_qdH9&&d^u%vn>zmT8Ggj7AdiVfVND_ibzo-2W_;^C7;I!)Jzu{%AiR z(k9&Fv+L94>RmUy*7OX1*CnsxOw&d6rO{TqmM))PaRvt+%d2w8R+E2l9N;2Icr2K; zT%CPCk^Ro=e|LptGz@hbAJlP4(k%a=fWjD1LMX*&q|^oY0t9|bjH*A^1HHlu_}Vgg z1yop{#sx58yupXrwR;WC`jegWkAhA58d7Ayt z&L7%i9^aJ<-rr)m7QDJdx`4OkB(D+-Hk;*sv`?KQi3p8?MX_Slu}NxWK2+#zb_uY) zr0XzG70tN671wake(dsIyzS>3#;*df;tGMw>eGyCvff+(knI|6_S}sY2r-g6-OAy* z3g9>}n$B;fvrf0vY+e*InAL$xbp{;7ngcs5q|*Zp2Vf=%97J8HqdF}6ZW(2gX%VuJ z2XCD-E9<}uZPbKH>p8ugRUwN?+f`Xnu3q_=T*Ly|gRvvFn#(U0f8f_nOWO~4Syt~l z$?D923z($&6588;z01cW0EfGD=vka3sl6S-<>s#I=u$!sL-9RL`kj-v-oDSxO!@@U z7&*z(Es>WN5eux2ZX`8}(t5FqroR7Po}LXL1CeD&Sy1n(B z5Hv=GeW8Jn=+)?jeK|?M#ZW+$nOcUTC6_%aDS+$&Tl{aIZ>f^Rr0e{OI`>hJ41t7l z9>(1geV#i=u?khy$TKp#m7P)L$eo|Q*&01wZd`?$L(WjlQ*C+0vIfasq>uFBsn>1Y zUOQ_+GowC*OpIixxuM+R`s3CA#KX!w1?(rP&&^(m+4xU$ysmyiZW8h4U&+Fw8rx&+ zdUM!odSutn%(5#G{)Y#XorP0=1%UFrSqY!B)k z7ax&bHlQWmv@^#ESh+jq2ah|}4+!0PJpO6PHajW`Hq^_iId0J?Fpe|;@LJgr3^mLt z@*8(*-!3@16({ivu)p0sA&p1)$$P|i_c*@;*J#!>`v5u~h{I;L!Sq;QOMFahpa2;R zOhJ_)Lqj2@vO~MA^V`<$iW%8(oTV`@$vEaZipWVWRnbC_-3&xM`)*-}3m*!o^cpQH z2cS`0wN>N@vt9l#R)yGZ-g?>0#J!eF-kl$&QzTKZCVq0cZ{w~TpD4x(19Sv{odv-Y zll4F_X8!my`|X0ckUirAjn9)@T>Y)Hs}6%EYDJ$65QOov2|__HtN$%H95L=#UY&>y zc`kx-A=Oj7bwO=tcU_zD7*cqWHp9D$z{6_z#oClHD#We3+D=aQQASO(N`O>)4f?NCHU5iguS7sP85->X(arey4UEGzxlFU- z45v(QvD^luzjp4#WQfL?jgJ-k*azgB6{}%dB$*JatUbz`0-Ao4d(%{aB*;iQ3iqnS zvq6#qTs;*xf{5X&1rKc@uOuE7q(`T*Gc|s1-mq$#S0V07k(P!^gSI;kw|1BNT+bH= zx;1kJf|wFqb71}r-X{^xZ(&b6g{jH&O>)Ay2+ylW7=!>k32U{ltroE)<}8* zE8r>0{w@~?|Noq<&EpM`p1mg0{VQWbmW&x*wnk!S8vezWla$ILPF{r%jS`Vo(8Bh9Has669GFKVKIqQ>D-VtW!vmDlDt#S`q zIKe0k1XHkZCYu$cSk zXh^Cs5WHaqAHTopb&t=ir5=WZy(UjM@wyz4irFWNK zdMN7e*@^h@^3u{^U%={mtMT)Q=cnBZLvr~l%1sqofhG?yr=|=iFL4~HeHpW~v>7kT zOI&phpQxrvlI2lrwj4+rGR0Qy3bG;!@7)rmLr9GTG)#;76)aCh&<=3DnSRiz1LYY* zt;+Lh1i?Yo8pL_}A>X}{=wB$I$$ZPo_3~AfiGY{O`^wc7<>gzYE~KyD@9<+`HyoTE z;}(XykMFF~sb*88lci~;J+f^n*HVLK|0ghM+xTgfXw=60RJ!4AfEgMB>1^0o{&%g@ zFsQ$mYGjT%xcC#_gd-f<3=zfV48h5AndWJ+8z^whA*B^WgLXUmPV$-(o4xOI8<%V_K{YBjki$YyDais=YeQ2Ht z;u!?Bun4&Db4sgVRz(TvtjD!FZ%P?hUROK2wOHlQ`k6{m+bXP z<+IzHv)?8O7VikFrw@7LKSa5i&;n);NT*L206_xDb>z-NG^6?p)HAoGfEW=rYekaQ zP~fPS?a6Ae6z=`|*+q@_Mm}_&Lw=8jPDZjd?awbxqVnH??!7_RWRmGnuvJ zVER~{lh%;~RG2;E>RTIEATYBB0)kQ=bmN6I0P$H?uYn{6PoV&pR>;StbEI*gM8}9C z#=vL(Y`o<&I)r+5E%jD8IS(;5B@;>PA97kZXA%GtqcAY-*Injp)`oapnz}pk*uG{F z#a>FC-aB&W>x7L!Z{qG0XMswX;)q`*8N&Hp`CDiHBr6MDVp1m>tLz~%NDU3Vov$*T zd2%PfeA8RUBFM|6(hN=;mD%+}RhwJSMz8>3feUF_U3NBpa%vu)I4FG!+ZQA9ELEGp zY=-ga&@JMswPSgUrRjXY!|Q~S8dud;4M05W4=fy_i&CBufyd+jlrfCT46iWiKHKEQ z@si;ryZTsjHVt)U6&rbc1)u3(W6C_88&X1go_TO<))h$1m}SE5ud_tsh&`CWZUYZP z|MVM?It*R^dM|FDXTO@MJO9sX=>NKrMx0y$8EM#kLJJ$ugq5+y1E>>C)?Te6v_wWW zxqgeKu)O>!j#YlMiD=M6*2J51)uqu>PvAzjtn|IcFbA48V}1S6%YcoU-M2ik1?wG7 zd(7J_0lnm%@dL!}F&-R^Q_f=eb1Ml}Ni4jHnFj^-h!YG9h7KOA|2}=#Pr547Y z37~o$VoPrq@Hp6KT4qZ=;5vjD5GH25u7KNbd+iC{Jztn5aI%Mf?n(#<4DEMVvoH~4 z!sO!OM%bDNbu*?FFLx8`*%GU)Y?E$sW5`ycad?|t%wWlaap>Z_yUl_y@SusXg#&5n z&^uw10psh;cVhOA9vF)Qtag?}%X50}(3esO_7NnKQI0!HFvPP87KC8a^lNK2YQ99f z?J6Myz>RKYDEz0K${Yactah9?2dC!pTMaB4HAvMw|FM-mu?;a!o&S)|tRunb(b;1v zSc=KP=i>I}QcIuXH%kKXI_x9}V7xrtOYSg?US?Hfln^%NQ1is<2vWqGUcPMkNY1QK zZPEuPL0N4UOV63eLzuu$&B$W@sll%I7|_8>nnmi|o{jshzPiEt!WgXw6&X}K{zjN^ zqxEC&hRnp_qoP`hUwF44Wv9O-2v(+ncP)R#VleO{NUj$EP*QTzOzG`O`h)cK_e{j| zN(N?^Lu92>`y1U+5+;7!ifP&PTY{!RYBm%5zkiQ~QK|8`7IPdZJ$;3`&gh(%GAJSc za^$4@Y-zBn+@QxGi=beta{#^ni=H3PEk_DMzEz@>x-9q%ihZyNM;b#uM`SBOFfgR$ zTk<=C22iwm578J3FkRwwQ~<=t+|J59+Q_b)?Gn^^M7I?wrK!-|oQPsQN8iH-mT7lz z%0I$YAwRt$%}cc1-sadUO)>PMr-%?;QlX%Nw*vFm5<&i(eBVpH$?B)E%}7O0>;}>S zr1V(_XF8Y~U-uA4s>pit3t7U~8BY5aQO3JSq_%KocAVRG1&mzVmBPvD#Zq(v6>Q|e z3yHDuW=SO}s3HauY@zne@n+dUEj_2-x8se~1>S>&p!PGTcZmmt`rZ{-iX&|!94_mX z)D=T5`0mg+S9kD%PQdfI1{M}HL)^DvEmu?-I}?Pb)+XPP3<3%OeL;*vIWEH%SV$*1 z$dy8?pdP6x-5jGwfB;K+*VNIC;dL6onAW=h|LwBRbkDwzbC(dxxT||MU=POYf+izF z-~&x4eXeO-Ma3#eQ~U8~z)*TGh18Fa9t9_VbNC)wWRUs(_R{>dhWQHxA6fDLcm3pn zGLiA=kH-r>a4-wlG1ZewlX2}d?|uZlUHzOM?^~SFm6xNpb=ovVp&42^#F%9yqR06~ zMER@xW63d37AI|koi{D~tG_?p{?G8klqo9;>hSGRF&`153w4E{1cDwn3JL$fV4?u8 zSPYgGjTfmX*TA9#HE?NRCBsW|jisydw)W}}gx6C5i_oVA^T^*^yER7CN2GTl+;}hB zW89JNmnPLPhI;pJz5kgx)#&=)>TrSs>3cbOwBnVjOGTMUo$Jo=j|eqDRsF#}Q3SGp zAdyHoToPQp@rVr(MGYs9A@3*e5`XHLQwK_$Bk50`mX#B>q=kzDtel-mG`Yi~> zo)1(_1Mv3)=yd%gc#w6>2ppiJ{Rc4bV8vn5u<{z|xM!hmq%GV6BY;ycNr9qJJqwbt z&DPlE2O3E*UPiPOEh<_~X4>Xnt|oo;EFI)JF|OOucGAq`p$5PW+G1vUvl`E5$!`4n z9e(!X_flA@cwEOY1?;aY0(;=M zv~MC*QcL& zWfY78lTdsl6kL(wDpZ*naP>jqy`wX)YOj*Q2pMTcORAv0FIk0QA~8*k-Jkcvt!zBy z2s>xNRxk&-&2lhE7eFy3DCHZi|N5n%_4GbH{0qxbE+;ozPlU|TPyP)#^}*>xyD1Ox zdwUyV{q{2(U9O#?C=&gYCE%MGz~nm8Uxv!1Dw@x7CV%bqxVn@*`pJ3>U>;W={7iba+>6v<+?lYS>5Ug+gkkpkyz5ZmtGF1ZQ@)rZcK^T(_!;h!($T>z@vH~w#y+%)T58{K4C~&L zCV4KoEpa=;O{%1cN%AFS|J6H$D)xhBf296Tq6qt#mB5}64b!)t2Vv_tqUWiz~Z_; z&OSFSc&Ry=v;bvad{2p9OaH@#AR}|i__VI*4}J04&1;xXR^+rigfk+n8F0J+(xUyG zi@pkQ3qvNX^vk#$wnSdL*;Fj@VucZ4ma{;f8rt-7eUHuUBxL}{jC#y)nBJhJw>jk( zt5iqFiMbP`)gCgZMNcnz{=wVcly=NEO5A=9P7eb8{Px zAK$6-5$zhupDTD#OP{^WHuOm7*<@%o)!U{V<{wB$p2gts5IqPNLQI$?j$e_B=#i+5 ze2nF&j-ZnnN)In?cYfX4r|ac+JX^iVnWeTgWSzHm_M&)`9zf-leLL!>N?Yyt;W}#; zQ;C0t)eO{K>|6buG}4cwf;fD{Sj3^;oA$eQVG&i%Z0Jg^SLp_ggQroyvC2_1ourw=c+)zph07z7n~8_+;DqWZ3@S&nq`iK_KI* zzWp(Xc;3ID7M`4M3m#W=99R4gW3dYi6aP>A$#3?M(~FGP^9%a*^3C(3>L>dZ^8>t# za*?}oktYq2Cl_eS3+VQ0$JS2!(D1?k(~P~i8M6yj8Z}i2qq^9`K7-vpbIRKQOzm*; zjeEnZo(Zy7IA#_({XcFfn$cbXbi1b@Bd~b0q%lB}W%*3rE{IF|o!nh)dG0j1Sj$<~ zB$7wMlTnM2-sGBtOA;`zjM@`wA10<@$&~9`dtviVG6-pov7xS^ugOFrdLac0b8+MC z2w)WF`P!T%#h;zJ10Zloltv$_-{!0VNya^f;st~V1PaZ#o|BL=#X`vDSPk%(*8fhx zQ(2T%5^Qh2)Y)F$%3U699yYYVj#Iu){Ji@2J>eGPyP)i?wWaiW5d{mCVkbwq?{4mzRF?Thzc9dHGMS zX44`eK9&0eOqLVUgS{=GTp~Hb z+0v60>`Rt~zAB4<1uLyc&mI!xhYP&8XJ8oTCdZT(ICxB;TFVN{F6?YsjeK)zsv z>#kMB{^v;^d*_XC`??tXB$D~a$PX+{-z~oOt zRYy?ak<}+N@0KUzkkRwZRHjczXRM_2oPNh&uB z)@6r~E;T$yuW|=N)h7aQHCnP-wPWw^R*$SzQ5LEh*yzt1K5toNRqT~T zc0-=YZlbdtp_2yd&@Ou&al7LW2XUI;qx36q68_orE@H(7nM1Aa^8{*4R&m%*HJ_Hu z-PjZ#?Xt?y9>wNngwqm>GjBs~c@EFu!d4YQ0Cv%I4fPMA>u)l^-Fn!61i=ww8W%TU z0GUYFEBBm7_^FRwnvM6vyCn=|gK6--Us7iypl}mz{ouv0in1xfe78Q{;@b&M6huy( z{+D=#kOAHaTEyC(o09(QEkItWa@{U3mwm4}*ga&Bsl*;&x}W(<{H29yL(h`UyP0IM zp+Fasmx88N{p!Njk6;Raa?GU%Y5{|^G{AcEgjK^qv4M4CtNg>E%s)fcfso`vKYNr@ z&YD+)be&fYL-z*LFB}vUu(05qQ8KUjTm3g;ft9Mjkx83DSi#jN8pV&D=cub@S{u z_xbOKH&3R(Z`|h>T;suxe}m^L*LJQ&{<(I(WPi5Ao^|u)5lAts{)4$;FyN;vW zjw2!nD!!oVQa$-W1(LEWfBgm{9=6Z=Q~&jY?5u4t=9c?NprgO~Y_0n2bpHHw{&aT! zH1fF8{wUM_Xe2q!{)Au;5@!E(pRZNy4&`nBpFUp1!+T#vJ|^Q2OoWLpT&k?(V!+ou z|DyZpH21u69$L6nX2RL1l{w(3>?UiEV=*!W?_&U?S@fN(AJ{5fBT!35N9VdH}XnB*W8+x^5)}UTGy3l zF7dcIqM@S+2z>Vv0%?dV&P8)fdT(290ZH-r>r`r$msMbx z8XT?y&tBKFb5H1o)dZn}-2%xjhnCgg9=0hxEh=|>sKzckL#`f=r6q?1>ppL~TgAIlK7JE3d4#;`*yL+1#;A ztg+k&J#_1ew7e3EtdiuTA)BeCA^A$Exy_=>`6*=!;!(f%)YRWmkCqcGXh)GdME}_;4nx)3;a^5%h|a zzSNnhn~iriSp0uj~ zKSFgoGwGpst7Wm+tA!6xML9T!mkZ5`8tjp7KM$`8P7?%QVTBz(OaMMf3y9(u-`7sN zPg%+NM<06H4j20%(4DpjUQn)gMEqA_3MgkU` z6`D=FGB|@@{Ct^%$`z)c{{x1QqWuB7HMN{{HX&=-abHs^i$07IetV0wz?S~RqxwsDH6;lXDl z4>SEKhL63WGs+)PD48+o15WaISPZ}kxG^!}Cj*iKI_5V^Tvu2lfY=t$j9*;(m-p4XNt*jUE1KC;GUuHwMk;Z!N<5>@WOB^nMg@Y_T=9ZZum5)>Nz}V~?X0J+_ z3YS1TlH#rO^78d&x8TNKFYFfJMg}pZ3Gd3=#9fAoUE^w_SLoqAXsn~=ct9}J2ab@4 zQpbqGYeb$V7!-p|XbzH>@;KKYQukq=o$Bzeo8xkp_~A(xw(@ILtu@vC-e{O^KHtOL z{7qjl#hOK%?78WV#Axy-NslBuJw!SzX!3@3iwP^rL^K8u>902vLusgF7iN6z%i)S( zK`|0M3~2@P+5~OTdg?uWqZ|;T2MKMVPk|mq$aY3a+%|}h&MZOl{Z!SqZ^?L@Y0Bwj zNqQq8DJ?-izLCs?DC)Ff;SJsPQXMa2p~P%R4~|h8UJDJjdai>WTRm`ytgw#Yy%^Nk z_q0AdJUst5a-J7?-oAa(UT}eCPwW6kjs9NfjOEC)<#R3WM&|p4=R=lXii6i2u<+dcHx$YHPvHIa_Lw-||Cifo zTS0Is@2?II0}Tnlkpu6DkG18w4}!+3dh}=h<*dR}M2#4D-q4y503;L(ya@HJ;G<$g z^C?>df0r|}U7oUWN4WS>@q$nxEsNN-@kapz9Yq;;!}X)zd}uB)eXi?-^k={#HAsvA zmr>pm!#y>IUqkVr}-4P zjwFLpN6i2jI37-JXsDtAJq`ghpf1=#81K*Kz@Tf-Tyqj|Efhas;l69!d8&8(E?FhR zfBG~kDYt$(2)gb`@U^4N-Yl`Q{CaP50cu_I7SHsY8DFHhu-ck;yVPi`D8qPW$bXQK ziCQQj;jW|EtdoFjN8;8%#gNYcj@7xyBA?~8q&5`p+Z@-~{c)6n9pRWi_8aH$8U?O1 zN4K5iRP7ljv@{ss`TcWN+sEcbOg043pAHi-xSWlZQ~MB?tcv_VsPDL$UAesLN;hj5 zhKN-&ndNKOf8iV&S!#Q^kRZO^{MOYynL3tU<1G=f0;wEpi35Y>Qc}eWB6r9nt=tik zBl_R#4&unWTnhE=#Z6Wt?mN`r5z-zRCg??1w@N9Vrn2%fD@2vX)%$C^%BepbzsKp7 z6@$a&*A5xx&pS@H-*A6ShE30MY9zI%s7?d`=n7+ZeyBhf$`v+Dt=f!dd!0SS`i3A_ zHiQUN=CW@M{(Ue#A923(j__X0@3?_6;fzpy${xQFbXZ7kqcTJH%Fy7xOLNqapNbDH zha!4$YrxU+xVb7O#zODG?vNUn%WlYlkK))!;n0^|oqoJVmwr?~kWoCuet+b+m4%rhO@~bYxOR zd3MDY!eEosTK#-|cb`rAWg?fIj2Y-@x!-L3>+{>qg!ktqb8Z9#i^Z|s08=nc_cwza zr6Ej@U)kSl_6Y(s_IBvHS{LiO##>r%wfm|#L3e1`LYZR8ML3A}8r5v-Jdwq`CIOu{ z{-fV?epIP-pJ{ItoZlIN*`eZr5@UD5LKB(9U3Wu0$vO}|uPtYIxi2c@`=(&q3D@$j zLGcDdoMT|PaHgop*+J9y*>O>8pc>VjoSpRwlHainJK1dLSl5&qSe#pafbTkN;k31K zD{<9hug8s9nVFf*8U{4RF;C5N)5j^vMTQ^A_kN?i{L`z!dNL$QCJp2qRaLCwV7j|+ z!z#_dfg8CIISBa4f68<}t*P7<+mxj^Zsm6)*K_4hYj=*;+8(Zp&y*E-U-0ViBk}O? z_8&g|sIOLBMPb>Lh)gSk0Ncqc;&yz@R(*gE!lUxVSK_-0GBW8z=AeRQ{u$m33PIRw zwS|oep9WF7-0PEyF2k;AsxJNV)5cOA%4O^!=RzXIMN%3Id|Gavh~Xq>Tj15W-dL{% zkMhHO{8Y`CN){bH?6>#-)fGPd9H)R5EY|&qkS!p-P7P44ev|r;!F#Ohe0f#=_!X_4 zQZCw5hMY|gfnnY9qR(QcoO>_zxf@VspBt0P;}P6`@kaOz$Z4T_RyFN5YFm?Dn|s(U%)?fm-()87A6FSt*?aKAJv?Oxa! zY8?lKOqusiX2-sD$Nq)*s1~k1Uq$>G%1bz3b_~~7)i68X7&+UxC?I{H2%0|j`QPXN zKBom?B1#vIN`h~Rp^jPy4a%BOj3sfRj32U_seLq_FJxZZVjM}NRA=W`aK@0s>4;q- zPA3s)4SzXv8H~?EJ_j=7?XA~BD8|girDh#bYqiaK&6nzVX=D;!4x}NzhZuET6l2Pj zVm`Td>2g`yfs29;fXxzjLZ=T5(7>nxG&-6v7#Y-sk1Qe4>1hwz=5dD%1NdNi!aTK90m)f@k-vkb7}92Q=T9A9 zyw5GMvYy`jel{FH)aR}b1*CmhW23Y%zhwT6almPqqy(Q!@;H=fftz~#B^f2pS{ofz z@w2B_6|-I38=+avCo)%kMsGTFE0Zwa7*n*cga7$+QPXd(=V&+!iZb2OdOeZD-lBOa z>Y2QLkA-|%z5W$lgJ@T(IMfeS38zUKL`8~ffjL1>01J(~@Y$Xq9yKglcCD$WZP znVTotnx_jg zzoen}3yGz!mC$&lm>naw-s;cy+FATaJ`oVGNn|c=W^V@f+Je~MXf~ER zLjCM`lfI$%Ov`39(N^wka{9V`zgGPfo0Xou4cUXJrFp^;8qg|MBDCdJpb4iNzyIVXPwD%}wF)cT*%rSJnz}copN8ogCuzAas4Idp9dp zoGX<@EMfig?)&`ZH%4z(=Qv}NM|r28Q_;9E22g1P@luZZhK4r{_Z`zj=T%K5XKv*F zX`AvMig-FpC4unrSjOggPYQQ8+B1cTo6Dg*|MP)l+n+h+!lvQ+b>5Hfaf)-qc%Et& z-Je|!pZZpbyXAK&XoR2I@zt~ z-`{JIf|Vavpch!V!bU?!U`y-7qy z1TF=hDsC4_sfdw|mKgso;?ywRcK+`vL45Q{DzH#w7`Ag!N3>BNsj11KQ`clkS-2`SASw_c_w}^ zr~IwHLg<8RHqU)KVz^BX>?9B9R5Q!=AmMi;EbN6arn;XVeZu@r&?@CquL*Z0N8zkw zZ=_dg#7C*!?P2AQL9rO}7($(%ei0Hb)VcM;(93Ul%Dqw{XFIj_V3>d4(v_pR$or{6 zV#`|_b;mN3&AV(P+m;Qdl?A-J_(ho}fv6TGT4`nm8GUy#DHCcg9PuA~N(2 zZ)nHYWPE7g<%!0ZrEHa~7@&<&$nc*F%bH3Y$TFJj?Cc@^(-PT$RssSew|}#KSZTXe z=`>t6_hrPv)X{DhxCvOQvgvwZPONW59+yUjPFOyKbS{HZfmXcLr`95T)7@U_{NHZD zZr-v@$WrDNyWjBDY(E2B{`rnGq&E~eY zi0(^rt>>rP9epZWwPz&u`MyXd%PurDknJoUHob&)5G~Y_bRuatZ&X;EX+Q>4J-U} zB|}zD(#%|@X%q$bWu+`A!J1f70B{u4pKzbL3i_W#C5s3$S$yRMeS3x)kd{VF2c+81#%Di4TBkIVOoGOEqbXtc)4^M)L9Pk>hwJKy9zJ!*qpvP z#K5UIlY`>nrTu7-_OYKmY6z>hb59hSzhbEyC4@vhcJ+J&Zy{0;NyRAX+P6Z;VVAnX zZ9;PXHFkJB@L7c{%@X-&bJqpMaQmr~U~$H4#WGbexi2@k#Z@XG(U)vZ>TYIpJs8Vg z<+4`ywX>+4X-Y|hz=OIy_ik*51FWj3>_326w^X}yTC(cH0xZ|2K2hV}$NK_3$HplbQ>_VHZ+4usEjovVou5$CzwT*eBmU8?hXK`bR z50_ddj{i&YvZOjUvit!9o@Crh`=bMYa6)19rKskaxpTmO#ZWq?8xAts4<@d^>zRn3 zR>pf@^EpeP;F8?Gjf6ln{${+RHtF^00ymVqyGwtI{x|Ge#GA7bQxSH2y?6I+dPj|{ zcy)sQt$9`8EgKLFFqP$m$^%RYM}ZC(aUCe{S7wDIG%G1z)dBW-?-^OM&Y6>ms77W; z)6A%E5{ywdKhk8ACQKff_>NfEnwxv9fR=a6Aw3UBMmPxmLBpL$4|AKE{A3N$_g#ee z|3FY7Os9_rum&q7-8IbVm6iX6&&fRX<=@WkXpUZSNi=f` z1u)E2wl7Cmp!m=&rIs)kBiKUJM{Fk)9Q>g1+Um^UB#UK%@H5z__us35Ny|v58$UEF zdTRwug8|KQod@Ocys5`DNoxVmFjik&DLCJw{8 zKbQX7_A1Gs3fcdOAoke6r@ACQPgZi6?8pL8DcV~WbZ@pc#i-Vw-hbGzopt(tdQ=wm z#Y0sSaMEyagzoyXW~&(n1!dVz4xB|$+hSftOiv>UW!*++D9ps=3-A0vw5lS(#6W*m zGZ}9gzSr2V)szAwj(W3Sb{`*Z9QaLcY!4(#Op5~!-c3E1*8p(Aqx@4B#vvq((FGgQ z{5~cIkA&l*6_Af{{pPADAuT>LJKe|BlxZQVZ0Xs`UESjx09G(9wgeBfJ+ZeXzkG3i z&IWiwe;7uXPde2$?tRtQ7rbKQ^AU7yzSa#Z3ZsS3D~GRxoG{ZRa6gmoPpwR2J}03 zT*n4Ns5FYO6``vBRV+!S-o7M zKTSyaWh|?Nf~v8ai&_o|?kr=@juz(R%cGuAXH6UMhiX7I_*k4uh*g6_30S&P`sl?4 zuTcXJK)dC@G&m|m0dui=(9vovpA zY%V>`_4s99O_*I1ZM;vd%(b7jt8;TzO;-fb-*VK8j+t>5di+j&BF5+<853Jsvui>< ziI%msVw$`jVl~yjj5q?y276(gve)k@z{##v?Ju$#NVsrCj{11x=dPq1=sF8fv6^Ic5rHoSZyhRz(B^wSozX5roF4rJx#A;v_!%= z`ZB^ytaR&aO|+z)jLgjiV{Tf##IT64aH-bLH*NI&LbK4l zjM%n7g<^NxN005}bw!JlJs(9JHxs*a@hxLwX;cJFoxp>G<0q^(n?0pg+#XT^w7 zEbl(`~G38Fdt7oE7F+eWvf56vc+J>^YUB{470g6lX8jGkdYc7$zv>} z>C2uILXn;?G3qXEE7UNmR;x{=v&f&!!V;1V;L~x}&V8d-cT-ZRojD<{Y(`U3_kyw6 zfjj^ljJM!BB%Si3PQQJS8O}|(ZmQB{(&vcM73aK z*-uPnIeo?k9qZ`BZ;+s+*Y9#-v&9ww) zm)d_ilA-C&0Wb=co5KL>V=J zN8fuLnOW9^-dQV>&6di&U{+PJUctg)I6VZzC1^>shT-9H`~3R2T5RoQLE_g#eL-Wl zA(o~pf3yDFSdyP-#RNSf`+Cq#RA5k$IS2hJOWlWThVJ}wscTFRlD#NVJla8zNbr85 zFqdkufuWEA8tpl@TB4>_6pqPO{CVTul5{hn#Bj3G+axRv-^Bl4s9S1oKXHf{EE`01 zxC7%!Qp-Ja2fmeWrV>@QKgYjLMH9hM5;T+utw~7jzoMMYI9i(Dkqoq!8FHHcuS$07 z+RF^eQRxxo-6ioz1;8d~HsAs-E**QY`22P|Se8x~7$W7D+AhWyBKO{KpT5;mSp%J* zz1ns^e^BNGfRe6s4y;Ja_66YC-ntb~-LloZZltvN;k@^2irK|r#2-+&?4+LmP2H_# zh*;4)1ZCf3h28eP<-?cz-zVD-ENB(-3FjA+3gE;8Udcsh{y)d?{R;cjHS>;R3)=Ai zgzbKp$hECrD8IAg^%0fBnbF%fPp!pvQd<1pHSbSYgQcCq+tNk5WEjxkG4|_SJzYvsQVp{ z^BS{KQsLBe^043D5{iCFIpz2>_^91GoM1*Q-$D^cRVah(re{$Iz?y8(BZ7mse|o9KM}om@@XvT;zGq4eWlNVz9=)cPOv(9nA4-?% zqtBGoJe44#57C8oKL7f3!Epr+R6EAxs3#1tB@4 zuR&6OWox{vPVw7%QWpI@?Qje->-aJ+5x$|9$^%rN5g5 z-McXbVPs^Kmb=rFH<7g`#(URAK_{4lpknfj$5@cl>_$LUKzo}?Zh(>weS_nj@eR}d z3JwIGS{lnp28nevFy&7yBB4!sWhg9mLFSEx(8$BO|H9Kv=30$QCd+P5_0>FsNVMI9 zm}nHbL)GNO(M2U#ruYf;S3!EgyqZ_cR4Z}ylj4U52SQm#2M1B7)*6p~$!`li9;*AX zh2@JzJV#=2RjapT4+qj-zSb22C1?Lp$S3M8JFID6cbpeOpzDsD=fdg+hqZfUu9?eK z%2+feE`}WyrO^0BClsrqmZtWIBX+iZyUY|1iOo5ZfSHhDo?5O^5q~I$(wUWT~Wk~WHxtdfJjX#%J)Z<{R&!skDTq@z8Ea(y89twr}g1` zzX$wJitdIisrQa^JC6bmEZHBrb-%z6`kP26j^};DKzqHpi?N4dKd(UXLlsg***lS- zF6CS^0jT*4jU8X!N9BG`g^LRG`#b*rAlNcb`Oq#3RWjrg z2RPd0Xa!etV)+d$u+$E$u`ge8BAL_2-v9A3Oc!B5B}!x|tKYgas9gxgI$TrZ7I-K= z{(VViF6a2M&!Ly(i&ARihUsIXpIXq=_yuKGj<28ZPMsElj{33dp`f|nz#L@`Aat}nr`ocUUQvNTdzB`)DH~c$d#b_netQl&R8mT>s#$K&ivu4!Z zrACVyF{(B(Tea2RTTwG;&DN$yQL!nC_woI`>l`QN_`{QPoaDal>oac|5LsCzbTLiT z1_&QIP1%a+tm{0kMH6wu%t;aIJxS3TJuso8Zs#wDGkSGX>9qg09LHbLrj!F$t)@R2 zn}S6uig`eY&bt!c9%w9`#_x6Lx+v0I2ZiOsKHP?Pbz=%r;wN+H@LU>ckgq&2>_pIb z#V#2)|HYS^>(Bp=VH#TIbV_a-xBc+ zDt4AqI#Rb`zPPCnYqujd=Y|iO+XXPR`HjT`LFUp2O{)n>DiM~x;~5J_){joCcYXV$ zMjl=N`(?D`=M$?Ba9y9?{Em42JL1jXh*4l~ixz1A8~;9F_4?iY)tAY{8^BVh(;m2h zqwOful$-*VlH`|L#f8lm;<0D19G!oG7XIHVa_#~&{P~b`<<-3tc6M`1!pFzpb+LYX zi%z365Feaa<+QN(Wrb8_Sc6zeVeGuQB_YIYU?DhBXt4;w0-2!015d{^2RBeli*yzu zO%=Full>B#O|4v$RSaU;V<2!=PJQ*dX19S?KOUaIKl(>QzzLBkC&{Kw&W*92dL=y^ab%Ci((fg@V2pe!fg<`Sfhfq2OpfDDLR}ZRMRB1`l7;09%U}fsm(dN6X8XwF`bvW_Mjq(b@dU}}02av3CoT2)R>pzs7CDZYR5b7Sl z>~ju#Z8iiVd1g+s8k=^Dq+bV5Zrq%Hp_hp8U1*!0-1io3_({gm4 z8m9QO$Q6@p1dXo5R5Wcb;h10PjL|fud_vQ?3#Y9|IL0_IZ1%dZ>Icz1yYkh*OLL%NT3@je&aOL*NsP+8lPNnsfKe~zXS)2ODplL0m@bRj>DFY(_GqryV_>{{GXp) zV0*}+(oKwD=RIiSQBc^G4Ys&);L;}M-N=#p6 z6*&air8H#}i-x9+whWFLdpZ}>D0BYtbK{}5^s%!8eq?i^?>HNKs1PD8Q3jm^-?^Ma zD03?lUOJTBfx-e8xfC;?Vf2uV8lY;~v(k#wjSHkEApyq25C%gAEX#h(r`SUU?XlaK z%sitsOog9m&@DX29pK`eI%KY92|JqQ`<0lq=7Or5(&3=cGY6+fB)Bp1YZv)BTC2Ac zP&vCg&wC6B@?Er9iY?*lwo!*+%MhVenz{niLOLqjuYh*im@3f%TK+DQR2@`1HS=Sx zZOUQYfp@%4f#3zmp$s~8#>g7}dH~+Tp%Y1h;R~px!7cv?XPav&M~xF8j4~Qe)B7UA zo*iUsMKxiXC19BP*G+vICbP5XkCNf{^4axtPw*jKJp0+kj&SL($)-! zek?Ug+qesQvaqlG80@AfF+eZ}Xjik@9UO;02dDeTL0El@n#3m0tYYVim2_nS{<414yUvz84N-Ho=TwMPathxEU2!KY%ti3N_(H|6fEq6RHGq8AjTzK zr2tOu$3&fx3w>w>-Ao9Tmkc_xIL{&bHz9`t@hPZ_w~hvz0&#qYCMoD;Fs|GGkA+CN z;g#x&T}v$KKugs_52W0dI(-h9f?T7%hfJz(?8r)A<cYLC8MS6A2FKY!*n1(>fnnYLfBYh^>%~k z>EHj$naoW1IJ-AGs{15{X%{?Hco$Ubs~{&H0RwA##wLZ#%oIp`6u|4k!$)^^8%{N2 zF>hI&3b0*?v1CXNn4BCKk{M3P0k#3}u|l|(M0wfn6vI$BWPf73OKzw~ZXx^r+hQI# znRaBBxb41{`%5YYk#lz>ibizuDE)H{>Pw-Mg>kW-W=26+y$zjZBRyCcCKM(C7bKw^ z8&q(HTBdiIe^gUhr&)$D!m@Sy2ST9y4 zG9*-_(_Q1RA(WU(pq^&EzNLW}nr{-*U9{CBhYDXNFeP}Jhjnb2OkdO244MiTyif2c zcK-8hLm+U?e7Gh*xQ}!ZI=VcWvYIymku!G&m#Fo}U_+gqhHSNw+zY0T#mUhUX?{Fp zxeITD(nwwT*G&$~6C$>jP5O)nt9M}*RcZJj5Jm#Q9@3QV$SPD_xti%4$}S8KCMF8O zCn8mqB*go$-AwZ?{`|E>%wu1{gr+GtoN@`u5S)UqGpv;pvmTY4!5Xeo(sZe?;?MEdjZW@2(p$et#>ch`g zBks1!BkwSsWQoGjTv=WX#|(~TfHiHjeKjFf_KY^iZ>KJYBP~I5_)mt{I;539##iT= zfhGbPqcL_i_=NRL$$(Uga zyFcpj>{3!SE(R)CXSzPnA5dC9n9=^>MggA_n#cueamy@TT-P=lElL=qBUwxcn+KB! zb!yCtPr!Aa&7#q0>HBYn|?ImB$J2(m?bMS*B*t;f- z>!R4~K8n_&2F?o0Unad8rIY)@0hH1q_3@v4?`J{_eUlbcP}bFlpkzH*&HI)R??{8CyFQWl``JNGD~$ zTR$#JwXsC8yMdQ zN!RzCADZ_(7WaTW9}QjWu2pkansoX-;7>JGCJGDg(OA7>8SE6dNr`3-(qj#wE31R> z>3ldF`Iwc_;T{ck&DoRb{+2#tHRUYO+_JdSQ+7r!f4CN&hS$_2=1uyT0DhYl-MM-} zMOhi^P=F->GJ)Q{f86}0(2(DdOBl(g5&AuRp%yPlWM0A}6tg`A?wTvBEV}JN1PhZ8 zWMvG|n3subO^H$|pvTAF-(ie!e<3NHDA7m{zsCZ99utzl`pe8vy=>@r9mb7BPJ!q) zipG*caGIQj(}NX!SfHfUwZdEwg(QEbHc(H(YnvP*d+Q@!2YbFW7?mbFS~IOBu-Q1yc|Ny}1PHj*4^6 zi(P#tecIw?CuhL^Uim+d!hy$RS^t%qEB0oy8XUXs;M)W8t|d3~5=Q_O$`gR1{?v@N zZl#K((BH-5X`S;b;G4Y0(U-9Z#7pZtPmYD4YWR4>a@1>d^sCOKx zXZQ!`X58RQH_ZGN5JaQ{$<0*ASgJ}?b~xBt`+PuJ!^rGXAXvv{rD{!V1%JQ>_8@wo z5A}(-L&gWDW3xz*8YH89XEmt{t* zeTdLkG+cO%2R~1Y92CdS^$w$pv&?miCg|5XxWmf!(1-Kodv@j6qhX?VS!=$HuIv{3 zY18L{r;R{|l5Ff?(BawKOrzB8zz&YCv(Et1eo;@MQmlNEqKCRTWq~fUN8C@Az zTC=Z6X1sTpc^Ek>CzoWh4bhA4&zy6n3!f^5Af9YWT5{$Avb*>d7bHQbrZ?Dsy-HpQ zkZp@p%DF3adJ#q- zIr3jn+!r%B`^Sq49sBQ0ZtwhwDIp`UV61~F7md(FgO1X`RTwC&*WDroLe@Dm>|oeE z%s)j4!oo!Y7e$ZoL1+jWMfW#>3z|LLqba-81^MA*;#YGlp))@MC1EQ{OTy8X}BJNntUFKdG@D1-mi?R;vrUw zzR$g%{_1giIr_!`@T{30cT@N+*)W;!=Nbn5l?$bo^JCCspIZJRht<{KUU7cfc~+Ku zBz2jieQDdP$uu z)`9!HgJYR}mtk2F<PA6prmXwZKj?$giw^76Y-*K7-crIIGjn}h4`6dqN^WG7bFO7{@Drv zz*0I#{+csBc-nnWqm#e~0eZIU#*Rce$^=414zf>&=QQS%)8bU1lOB3PR`Ku!E5^^o z$vUY+^B-M-rl5$|jX)JQt>SGb0o0*n{gl@;J{owIsFa7z#(GA_!fE#v)d{}Uv`_(z zsX*L8Uo+;blj!WM38$3by8>kbIH>|mo^3@(k_0q8U`nd;8!y;w2X)xou4Y$b#A8cG zbcn*q#%><)g@NRTL0!_=cWzzmsc_*O%%*s3x1b;uJf%lL#nK9bm=?U-hu8hWJ41un zga<;XN|_cOFo0eGLb~1 zTk5AY5Lb6)z>!Zv8Npwi34*Y*X=r>)iOyal$#2Vxf zEn4tA1q15(EHv%5_;a@O-s4+IkbD)FI4__PgrbIZ@W{)&?Fk_qsnPn<(=9?rt@vgK z?nbMWHTgdV%fZu!rBb3gaZ7@>#&1o8_waJ-s_ad|o`kj_+y~nVB$v-&`P&{*&rF6Q zoYbyv4&rv(8&br1D`N}bJpKZV{H{6xB+Uc3(#grogU`aF$Ft|RL79F45|s1$e0K5b z1REPTWU_DoY~w2vy4shnpZ6bZDZe>VW;smjYh5A~XgnCazw2G$kJpLA;oQs5%W13Y z>b#G90G7lbU_w}$0U_J`CBSQpP~7}UX28Kfh40t<3s)x%sXDg-QiI=T>n0z7+R$|W zhEz9ML07b&Z{6ta&H=OM{O&()+dzPoAq+Ykk)iDA8aXk(DYPFvOMA0vvQG0lq z`EBOgWxrZ~%Y4L&X!#|uu*u2fhyVuDd+%oUl}tchaEL|RJdpu}s`&}fF?IfPznDRL zjeRmBSXp2?I=P(vryTpAQMH?^7Pa}5e0KBj6C$WkV-TX^b2l#?3MzKs+%;4gqoGpf ze_f`Y_pf%v5?l^mm?NJ^Yf8z5{t^en5L8s+Acbjf^zRvul<(k>pkPP=`O;MF1g`?J zhui^$g0hj&zU!asppxcXlU?cF4HTU63!MJ`XwOaDx=X1!b;A{ z%4xx-eFw3+Z#14zjK*XrQx?PGEHl%t618Fvf75Uy zoS8!uw|=~Dajt;l{b(%(7WVwg`t@aNM? zeM3YQMik=s>qE)q*qrkeU@ySXgB%bLN|e}cpQXS5kg%q3oDt~f9De7-m~@ut{^lxp zwbr+&P87z2N2xo^O-BR!4GR8k36+B@Iut7+C9PnpU8}+PTuH_hERy2nAFNq8ZPl>H zM<3El1j%4kF@m_AKPON=-CDuIu>rV_Q&&|2MhOX47_TS$jYsc%7yY6HM-vO`#g>#v zt_Jv+_thE5G4xgy*SkOTQQ&ZZ0^bJ0;fx5jdymG4O^_4iRPk#bqr0XuMA`sQzI zNB+xKm0ikVQlIxa%4}CqXmkq*pmpK-+v`|G{k|%1vj}da9GY2;V+JdOhQxsc=O!3I zGJ=d2`F&6@7(*nKcV*V%Vo*|&U3uO41B(UV9KEunW|0iGfj-mX4< z!&^>OKW1oC?0d+3?)C*ID3uFk_;fF1m(&+vd!*SdQ#5MZ_)Eov>MP;*eocI?zIv#m ztv2-X>eE#Z)oq(;6-JTTGVZBJdKGVR`=ZT}?qj*MI7?PZKk9MqAn|u$4UtC@KftVP zdr!~zPcwZ%pyu*&yiw(MHH+lFCi{PMv&`P;X2myd*QY)4?)x;UL)pn#u)OfuHeJMC zutvF7R9FaBF`?;`bCr7b1!tbW+TAsupQQ73UX7=$&ds7gC(6HwHz>I)Uk`!*P2a(u z3e#nz&QtR8r85Q^*#h=2P?Dp&(OG;Gq2wtrWNWqg8l3ISP zT{6Uepw_Y%Qq$-7G`Af zR*uulP{ldBNQ9xUs?NYMYj{0yu>pl8Lfoq;KO1z9a)+2zMx3}3|dCDgReJkDY)P5yxaL!9W@D7y@i%H>mnU+GMMvr=;&P1 zztdp3E>rW^7kRF)ZWxLFhQ;DB6=P}~4FTdtrTf4eY!KAOsA>@3K(d;1#SVhoD77@1 zgo=nEl@#Rk>V98&u&XeJt1}CFX0W1XqmJkXS75wx!{^9`|v<~UBSVCr4$sL z_9G3Nph6MU_2)MKsJKqZ-Gd;`r_wAHL$>eHxaO7y-4j;?`wBAIwd_{6;P(1iY$zJ@ zg$Y(>OFZBQjq34;77T3(!QB4EssaF-vWvo}s2K_w82)mjsW74^i3f*UN8!Aus*)PrLU|@iH+4mqZ2aEOjH^Nhx>2V`T238cjpc?`824MfW zdDk0-+32egPv+CczDZ*s7h=-zd7JrhgXxSPZ8^a4|ECz+EB9%0badRlLC{)^RorsF@Lq7YnDd7e7baZ^Y3z zzW{{N#*LBnMlNup0x;X1*x9=IKLA2FQjox_0d@1k^y$x1O%GcBRNtu9L2iZ0n>T3= zv2{}0_d0-gX#rNa+sx8`qYPVDZg?Ov^SzM!<&AK7eSQ7wo89nb2B2<`{&gcKP?kN2 zzj42wpHFwZ{%6>~^K!>%)Njgv;V}DtMe9Mw)piHYfAPW`5S;hTgaLHcn&F#cL)QjX zW!GMI=6&?Bl{!zKC!;ov6J0^(Qg31QwGZfC+{>kOiq-6 zfDEYWB<#~H*hFT3&MOA#s7-s9J~OD@K}pvWwe$$@8W+(FCfNY-d$(X(0){+|5g@zSF5TBIN`aGIiOs&eO4IeJ;?35YbN7ypl zhff*feNu|#9$H}BE{kwEtEhPMtAB(UGQ3d(xC(}8YhoMLYlQC~fBR_C*_JU{TW9$v zOf_`anT{C#yV>O-)5~zDB(V_*^L5TyWVY^f>qTkQ7!YOOW(`WlGRHGKVe7aO<`ITd#tL0&>wd(Q6&PW;Z?Vo@#JuTP^_WB zi0P%z39Izn`Pwtu!zl(tmK#9Z&iU=7yd_4wlvvXvHog50>bQgLjfH<4?BW>PnJp>( zGKhviCkpvPRe_2zO5)X}lo^dvt?!CrC4klWKx)@m^IwL4dn@Lw=!Mr)4Y?B9uZb4N(5x2mI z5rj|D17$SS_F>b!}}jhhOw8)x?AJXKC1VqU!3V zEP+(%?e*?&%E%KD41CEmKJ_TAa767vSXJo*`DV`?i7U}x4Sd-o}w_(}2MPpidKSEjhP$}hv+f6sn9 zol1)0tEY+n8bTNfLd1PBOM^kWAVP~3Q;(rS#Ls~0xAGF}ASi1>*m2-{P~A2f!Vig5 zj4MFNQd;I(>IGT!s%qSuYjE{vRHmV^j86#O$4bY(RpB9Y#pggSbS1o98#IkwcX4qk zC@HvwmG3mu_YUJC4uZU$VjvPM9Fm0KMH0}@0cn@ymW*7o#4y;~I|rSDmg|hs;g)Gm zzq=w|S9pJN09dR({R|V^n}HpJ7!m&!gD^jBo}R}Ya>?#TY6q-PO}}Xa=G@eyN5BsC zZyOj3pE?2tc?uaX*Q73QgMb2FiktQD{nhG?*x|c+`?x-fqy4tzPVM;3oEidNo;`1z zoyVQrqzW}$>}eSW0v@Y-EaKZY7Xq9go3?Kk74Z0zs`ocaIlsQT9AGsC47Xgkzh_l1 zfm!M|S!#Y1S><*LSmiwL3f_A0p^72S=}CI+hv19~ z6Mf7ptv{DC(tqJvlUZm6dWWsgU)uDIFkGYTR>~F?u9r08(Qc+`-+3GJquvPV|2C++ zVANX{^s$?~|2v7|_STq>Kj#qGN@ub_C+)@Qz|3^MqS8(|PU&-gi-|Y_A!b8_PNcHX zv9wYHx7Z0a8?b8tnB!{n9@Uuoy zF+AUIlkXmYL~8yN+1dE9lB;4W-JS@#QwsA0F5Yd&F{#^pYJJL6|6O0_!FGTuGEa(l#-M!u3aEJIs6HD4f?Y+yxbBkeY>I${~90UpCmg<-;) zC|yCF1M<{?R#WAa@%AG<(e;Y{sMsO;0fFbT1V6g&xAlL9kNL?yYTHJZi4ffjgGAOw zv7N`uj^)#eN}uM+>NrzS2pAsvgkryx0KwSFv{((_ADJXk{Z+$gsAXqgy=`c0Nv6uPva4=0hLy$_a7SBl#E7{KcSngOeWqdVX*+%p3b7dqwO)jZ()$(Tb z<=;aepk)!h!r`&iWk34fHDGghVK{%Y*ysJvP(8Yt+ET$u#4>p-0bs$GOp5(s`n3LW zWrI~IZ)l=@<5Pt?HENUXAwD`>TH$zcU5cvqhI7m<6-!)v9x1PKK#|ILuL3>KSlU+^ zy6Tg}meG9;H2OuGqwdp!Hq0c_W+$ozK$Hdzo3{^+j;u4rPl?oE?xzyHwzJs_ZT`nw zYk|6*^v$#mTzWQ}Weq2P|NclXDY3JNIek0Q66Sw-NL!e5xOFggef8$`wZQ8=+Uxl@ z7mE`e0Y?LU*9Q&P8_&=4pPzGeoV?#`i@vZV6O8pvN*lbbROd0}gX0Sh3|b?jsN_P| zkh)McZCq^Kaz~)fAGKes%&QuA5pv-$DE!(X%BW-PefDQ}(vFhVnf*>W9|L``$KM}n`x zP2=-7HkgJDT4Ro<;?h($XMDdge>DN5n{v$P6Q-KS0k4dilscD5f1(a>hG)+tkLi3v8W!o*GS}NRnG4Q_NcqvTOqwYxdBZvJHnB?pj*zQWhI1VB}*kz zyJZ~#XPqVMhkycW6{uLsZ^_TfSs;-|Zt3Kgs1P+lT7LfW6$`{qkf5SZ?x2X~wtm>) z++r#UKWe9R|2Tng4BU1Hg<&w2Gi;wBn3h7E>-eXw@r!LaQhxPTy)Nz*bBp)vg6P10t_@ib` zH5*}gE_m>n7J7(Qm~VYQgc0uwjc&ts5$X)pRa4fqj5gUm8%}xpgf~$%c=|Y>?_x09 z-17_>_GW<=!=Wc8^ORBUG^^#CKk;hy*R>s~gs+q&T2|Wdsr=|LpdC7bws4`&k$zg7 za~PR#_IN|&-RaT4q7tmLQA%(6tgX~@=+m(Nu1pf59r9!d+|tSc`GFpHJ7q21EEeGM z<2k=d*yT!&1R6DC$kb8k!&{6WD11*mmUOlfXxI5P2$CNZ9(U@RAPLZE^N4sjSdEn~ zle;wlMh3<8v=)h`^b9J|wl+#9oGx|4USgi5 zA>dv8iQcEe_KQd&cLgJE%*li0!Lek4)>C$2!!OM6pl<~#3%w5!oaOZs)wg(`8p`Xe z5e12p5g6syB!40;y|ZsVS`5d`A!A1ti-N4bQdPut&cu{&rA&D;dWVB@g~Lh=9lUnD z5C|q%9+pFpG%L$Z`_z#`1)ha&w0~9wKMT??C^9{ZBjI3+6qaV>(cseyma&39u=ZFT zA3p?yf#Ze4;eF99qK0LPobj!Va3RQa603%^)w^H+{I=~9n3^KaTzKk>OrVu}@4R$A~Dzv-! z=iV9^klvlXr!27hW_kR*`J8u6v4%EmcI}|@q(99Qa+obk@m#O@vkMKz%zGygE75oK zW4y>;##2}FL;soy?Fg+#8MS0qq%gcFKAVOJ^K;EZ^w8EmSBEfnj~idyzZ7M}hRQ8r zwO#gD+dic{wBN+)VL@TyQQqS8mJrOa?Dd)TraU ze7nSNs2?3uDG_fp8W8gh_*Ylid)MkQx{9e&^+=swkquaYI&-czJI<7^e?PjMXGiQw zbzF43Ub}z2r+t02Xo_fMY3w{}cWBT$Jf%?4e_<@@hJ+5@R$HZY8%8FPaITs+-UjQL z&~uTW1L0PO00MKj<5KEc{j%r!2zb(D#p|6LIOFAQ@1N~!NZNPjWI{`)T7vg+T3kAzHBP14(}|1QhH==TY~*CT{yjP3{7niyE8-`96qx2mkp?M_yjvv{8vqf5cK~1(+e^ zm0>0}Z0XC{upZv&zsFDUwm80L~{ule;g;m-$y$blF?VqSR1hRC+xy^vpX>YY@mm$I$^Qt{^UY{OOWcqr%f z3D8tNvsvzsT{xa-=6>bNfzgDS`5`=`Z?Q7^S|%5ifTkz6&YNh9&KSJfO&^q`|9DD< z9JpAfMSWC&&q%dGuNhTvJFDh}PEjAYA)tEaXu0I?N+W7_S;DyuZ9|9c5w*hE9G)Y_ zw~%)}(>A2ZC*`JxqSIjG^JKZ%B1B0^BN`TLKt~!ru4lqez)8Gd@*i^en+^R^$e^v% zl4UZ}gT9P3%(D!=cdZ%ha#)wwKT8f;-%E&PO#Uio<@|6^U|p)3&Y;?4pldBaINA!H zPNc-@?LL!!l#})Cyv^>=LdW4c7b6n9N zqi~{okjZ?tB=@5u>XB(hIw`@I0*A9wZ!vidDjEp5`Sj%c_}fT&4)|v}&l%joLETrX z57H+s7{V4qGXXVHC*RA#V~X9ouP}<5`6MxH)f;q!KJ-92F^Ec{#g zD|lGGh%G9QOfC~Ft|H9+HeTR)Yno^CuAKF$c#hbpQ=sMQns8b|ew~44E>2W#Rq6fi z0<7kVpGM)lkJ#aPOf~j>>NHLoNKjK zA~}+}v0=A+RZS0TFE5$l?IxBFe-%EuiSr!ND;pJx>(Tjv zB?ytjLUe6G)^sq%4^e`OFGh^Mh{G(yd2JI;u2z;;SGKhmUSFN;tewpZ1e~pP&yUfo z8=~4SetV}yXxffw2=R>e<&rFHTImLQDLy0E)abj1SE}TmSGd+#VtZQ`gLhpOL(mqG+ zCoXOWHLN`Ux9<9Sm!kdjCfD}(xFTSUB1?6k8daOLT$58 z#fZo2;FHW_M^7J-A)f*u&Z47jOYwB_Fz2%7%@rU|ZmS5~aXh92v^vvQH`cL^tBsDc z{Zd+6dny(!x3P43d*!AvLOz z#!%r-zMdph21b+`CPs@o6<&Prqoo&lyHV0EJmPtUBk*NL!IOH>ZIg9c-As=)&|YBN zlrybqWiu#b7>T>;YU8ujHV z|GElUIyl$_rRSVOP2^SM-0q*NFqSdR<=H#Z&}BH!e#QC+8rO$izT-$=e zI+L(2WT5z4fZ3QHq^cEfs0N#C~4%w z{yyARU@Qp97eNgikuQ#R;ep>3i@6(oGf3h2wl+Q11=`J zFNv92FH{5X>~Wr0zPFAFT@VY~xEembybwNI$Wo-CZzuoM{W)J^LnOkd;{ottesc!+ zd$(`yxW@qi%hhqb^_Ayo)=bN2Iw9(j`Nma*87r8Lg=O*Kjv0%dh)kLUljSn~j2Fu{ z80B)6qK)LMVPa@<@$)Z+EY?~vC8|>koqtdUOl=zLT1a?nAvHU~BNpS*Q~P4Erd4W6 zoQnHmu5dDOlyP8%xhtXbAq7SJi#EGZVKO23SioP76^^RTOiM~+ZMjd$ZC}N9iK5(( za#7rqaP8pcDUqaVsG?~)ivr;tgYcTS^0twL$9GPC}$ zW}zjD#)tt_MJYrV{6T==#L9BQry3x*1h>-rn zaS~{JZX~5#j|*b%+2lN;OjZ+GSI~AkWIJ2W-{q(RR!J6?jSiF@=Huu7vUKzzl)JE{ z1mgK~t_wTEV-Y|5N~*(u(7pZn1rSTKIg}Gvd@K@pr*fiiu559zQsSol}b26aFz{%Avlm%5{UEadBn+5mh*0Y=5 z5kOT&YnzIBYfwsXW8Ed0l%^3kMx)87IUS=f$s>xQ-?hyj1zeaco=-1cWS3m^R=nAs z>^5s58hRNdV3ye9yV&C&xSDmW(F4y6YO(7z-}ir#KGaOO1j88qDM9QEEEs?Db7kpx zeU|0=X5;y#>ot&>bGPHF%#h-=%>IkNBW3TY-*DhUXyl^x`)x6l?A(0Yv+0GDy**2z z%WBPxsZ_=EBJ|UA?cA=8t;xP2AnD&MUQqOyC^I4JO(ug}Y^ucuNy9-&1?SUwJ zK)Go2Tr2kuy~EcNlje#|u%FY!GV{H_|Cmq%xXegn$ zzA=(qjB~GUSOP8~3^gw#XNpiv`6Muak`27tQ_gwhYE8G$Dphl$E$e^woht_mx$9}R zHn|og&unu%71I!@}u`NJ7j>di9zG?WUlEj+ZYE_>5+ zWUpx3Z8QZ&T zw>}*U!=&lg6%@#c=WNu!v)$BKu~yAxh%vI}k#reL%{AtVOVAH;6rQ2MhbwxQJQk*7;` zNo-GBJQdA2bGzs$<1ss|Pgd026+=%7=I-wq3gt(&ajQGFWv92;cGXmK_k>&mfJJw1ivXQ8DuC zpwGN0b65DlPbL@qKZ-|W7#It{yW%*oI3>^+hAof8uQ_v3TK0N%xWzJsV|&KDEqkE2GD~qxZtCL z85bEWMwZo%sCdlA+>-&Jq-5dBmgm*wr6t+tD>&;Ii9#vrm^*U2ZKtvu0RaIGd}MJj zDpnZLftRG2W}igaUY7-WOd;#NR~D%{)nToDPp+mMrqYjhL!yK+9m9(-qi}H{Jk;Yi zRQKEVbis}25J{Dq#L1ynY;?XCFfgwZt;Fnc zlP&fNR{!2^bGX>2c=InYr!~;8x%JiI$?^7d$KT`%Y3VsC!C^dy!0%J{IdLxjIbNtR zKj)E+jg5u-mg+D<1a;@gM&F^WGGILZ&KHy^%A>0YWa)q2IraE^()xfYr*vUuLJnRz7j4SxWY@p zr*g0fFeG>6-}lmp-GB=z%-N=Lh5o&Y&4o*P>ep{5nAoY3P*3N(`MNahr}V<0%L;cw zg&KCM>o}8E5z>5PGKa#6!m6azTS&L}5TsQ`L06j?^?n-cXPt65ggRIj3|EMhh%rKU z@kI^nE(b;Z=~i0a#6@zucrcZZaUi-BY|W;D^rU&u%{GHd2DN<%2*jSCLiu2@YaK#v^I?4P{vGRB>HB4Vl{`hHJM!+xr!y_7*f!f z9@1jfnj8VAbiT8RBPV)_jAgI~v+*EqJsgg*=y-x(bwZSTNLMBTsdq-g+fXk;F=59L zAp}(c=AA^~57g3BDsy)zNm6cIP~YXHsxhs-XY7>Tt3W9+Fo0*FlmqA_`w^}#7FoF z7FWs3*>VGVPoFImmS8_smh_%Y4L59)dE%4JK|p|f&F||x26yk5&21&?4=GyJgalqy zcP}Um)cvLIO1do};`3aAf+I!{aVWlyrIeXnV&5)0uX_A69&l^oR=}lgDA%PzTdp|$ zL|YM_XZmu%4L&PwYI6F}&7SH4)20sDX;+#Aikd8t2Qf2=FC~QXO@pdi^lTn=o>V=J zCfgct1)konv2wiFcI~9l@0jrO|DwhIw|Y9+2ffw=V3oH30KNT93kwNE5YlD=k#WPM zPK>CMog z#!%WrDgI{i<kgtpbAX~ah20RW2&m)#ZUbkUlOPkpaCs@1Oa>9EX=4+RFAv%S(m!Z0cL+Q+K8xlHUO*_fNr zwj~M~x*z1*c8|U-M3G&c1eaPJ(Ni&1BO6}^+zaRf!|WoRrEcGidnc^Jr>!goVo@pN ztnS$tPv^>PcPN(0hlD35T=DDt*_wL`hg?;JSZuxMips7S+crr?SRQzIem{VUSlpU= zGt#GgQQfA@&>iHhbPFW_;lxno$YVDdfnIPS5bh=MWpim0-rY$i_=mV@?D6z4Rd`z| z;9Wf4$l>Dp?)hFvvv^(b)Nbf@O%84CJi0wY5wurdIbCXJvb)E|zlPiga^^B8;IzxI z&_Sx?vFyehjv@msoHWR8b_fjLjqauS7S-3KW*WSNuPCcU%2CM!oMJp^HArB4g6dLN z6_m8x@G%>^mgC$rX_RyqEqBwaEcby1p196SKhiaQb%hEt?>_3GwC1?uO+c)Wlg>;{ z=wXpEf{t^QaKd_lOSu(8@rOk=-=ej5PuTn}1yMxDVal?#;;j=p? zA^R6LKOe}+A6THS=e>U*=Pzx$&uT~QSNa(47ykBk2SA)ZPgm*wKAp4R3FB3na zIw)TmXA*WDEDbt87K_{ZTco{dTJ1B^(?Tl7J=(?^4bIzG;qRh&v~_d9-|Py5@7_Y~ zObBbkwgiH&y~bi(1#m{m1V~V1Gb54 zZcDE=wcT5*NzNCHX|Atq^IuAri2Ko=0f4l+D(m}pKW)Ika&3sx3LJpXv)2mK;h8WO9|C&s-kLkOrhlwXdn#-Rib|m1rr@vjq-xDEE%S^S}V*8rc_T(1N_SvbZ zYw~y`<(ou_dUxdEpUm?G(BWQordttQT!#qZ7X}E6Qx&)P0-CWOA&_9;M45)!%lnqs z`%6Klx1?`$|HCu6OO|n3-cLF*^^v~sILqyl_2p5D=@knQ78z-|-J?}flKmyZ(#v!l~%+uZ}tIgPsm8n`p0NP1Vit$DNufqj#q%BmwK9L%Ys1$7=BVm_USs9e|XAH`p~!Nt4!v= zU7<>IMyKv>i5KI$M}PN*aLyX)>fPZhy`C32lZK}X1@uppF0)cj-FmN`s|^Zs@cE=ArG}Cc<#R zv_s#w{p#0!`}zw%{_9ScYX9Gj>gmhbqoWP4*flC7aE$5f>T(ByKyKU@-x=(_S1g&P zRkRS#_|@QXp~>qW&ZNTVHr;l1Rke{te(p>^HX@kLYk9p8jIs{M-npQLxO# zT+qS5=>?dDn9KUvczD(-VkW$U^X8`Jl2RTy)pPghaVyo-+HG$YMV%?#)CfM^Jmb#d zspQhW*tn|G%$fRTY|{W*=yS}*@Y>D9K%Xwxd|w_E^jRFlR3dUfQ+k3H(YO9xQ4Oy! zuL+wR7*-ZyNI(MKMU<^Kvwb=pp!YrblldgvZvJ#b5Nz7EE=||6WT;!$V))TpT*XU# zY|ne!T5tTpmQ0tNydJ~*9NYTWBgG&r{+sUjY+m4RLp7vp(q8KPmwI3O z+cY3+Zc(B{!fd%jRqS|?B`n`_qet3UR%GYsPqlKpUV9`=uSyATg5ei-XM4Z7QG@j{ z7Y(-N20<9frde}k*TozkJ?m<2Z7y$cOib)h(YS~DXsEfE4^8SXzrw4IaaC5ZgxULo z=-y&FJTc}bU*?oVL@J%**P$D86$1=nz-mdT!p)sAtkm-CkE3Ye7oHlxw1}TUQ)`Ra z$?kS>hatCLnjId#d0^}hGr}c*eh4Qh&j(=#dcA8*{~>K=TPPJ{!4o47O_L-gnRRl& zQE%<5h-1{>S92R0e)nQjr3?rg9etR~ogqKedI^*hcy|!9Q+4lZRCtHziu}6u3VHsM z3Pry3_j%(K1#uinX5WNS<0x`u3{8IfVZK;x-cx-!yJ&xX026q70hk6$0e?`JMB3UG zU|?4sZ(dRlN?wfpd1l=vwsyI^+*eENAYrNJr2Xrc6Z4$S!2PAMpA#Bq_AkfuZ^(&Z zWv?&I2Hj-k>^O8Q9Sk_3qEwziwKE zp%I*Fn0Y6-W6=hh)%tu3Unq!=n6r!evnr#Ghzz$@ZGXO^oZl+hlpMt?VcD-f>zTp? zk?pfoT6n$*8a(MTNSf8?tO@)S==e15)~(gY;*Gz_T}U5aJuM2C^~(Wt07hoKxz@e}90UR{nb<0$eIJ18cC;7m@dcc6uewbvPH>)>%;#A##M( zqz6R63sL?vt2^qg0fizdBXul}zBKgkArM2OyluJnQ!i7h;aH+#(#Q_cH(^{C?4DWH zLehkey!6OdFoaHclXz%sF9MtEdPX($57&bH#wZl_24^j~&xMo01Q{hFq;*$$sI$n< zccfXhz~~;&TCCZmi9V>OxPJ_A+3J=c^JJ0ckn+U()}Kl%#3pl)Fih$bgT*`HL20IzRH4=PfD_W7nNqliGh5 z7Orat^z~^mf1GL&$NYM$x=LDGNMPDFb9ltfL>cG>JXX+`Pr^!MpZ=8vPDl+yWfHJy1Wtsgo-=xw4GxaJel5A z{EmB7cHL4pgzfxWQEuHu;M(kMlt%r@tni zxz4h?jSasV`j4k-`-G?I{a=_W_0yTzCe@1hZ1UgOIr}j+Gqi=^6*%2D_p6i{aKD}} zzbwFOb)n!=W!d7a0jsY2MA=?dyD&tB8<= z3*s_uV|~dQ{j7L4xJCV2IY^g%Vpl{Wt#E%oL)lvpbBkVDDP5%jcOPl3acflFjmFcM ze&)oG+g7c%WxmJso`U7Y+&4^a+=#lm&D*W>meT3v&1N3Tl@IE3Fp`oL-*`vM98;1m zCs4D~snqvbd3w(oWM#Xux8jI|5=slFgq)48`%7z2jSPPsS}4`TPfa19a)Gp-DTTkb zEA%5#Qo}_CWboVryw!(?JisPfI6F|!2FhfZ&V* zS1Awa0W(S+I95h9?!u4$Y|dY9lIF0mc25+v{}m|RC{~JnQ_oBO{Nd)4=9_7pS-A^f3LQ-rcW89rc>+>ob>mNj>Prqq1Vz}&9*XlG0e`=z zmtVo;#ekZ9&xkhoh*$4UA)#I^h&a^Y|I`B5O~Pg_yEb98_e1pu_X7G>zg-v{G*U7T zSPWQ19xVTj*Qpz*a2jSbliks*j(Ua36eLQouy3tg1xAn?Nxevi&7{oxE9$Wp);a24K3J^~2Tr=@X-o{(~YLtfDKG7F|~2O^|^~Ktz6Q z_(=y)zJC{?VX9$4O1_bO`A!6ucGAbq$4h-uCayODQBWxp>{UPaN5DJKlPQ|T*7aFC z=%-lzAW=JCAw#IMJ=AKfNK$VG*NWKec^$rxu<<4}Ead~PZoEijS*Y15n~xs|x3p($ zzJcr?SP#7mwP}B9xNRQh>#vQ?dT#751r8=L1-CIoBzjrDi{GMW(Sd6J{&Gn1kB}Sf z1gmY^hB%vm7HY+LpFKwqd_L}^TNm@m`+CK}1e|*2;b+t+VR`?)z5R0!s^lXm;~Qo?{58b@$ss8pfOtgkzwy3Rlw- z<`E{Dl$JVtIq#_GYDI)YhfGN2Es?CWi>>2?wvxh2gC3=o!(r={>jn=h6rY02u;6~6gmCuVUO46Fpm&v4CCBwXTpj6mSdP?C2NRPK){yBthhm8>@Ei>uv zv>M_@DsPkje%5?dF?zyVAXuZ$@!>>=#oOOrfzEkQGZpLCq7e6lEV)1s(f}AP^U zjPM<+LMfn*_Mm4fAhTlWz(8FtO0*eUSv@@e8kH|#*tlinzcs81 z-xfgS!n&z$#gFfBrfAbYf2O$cOnizw&mQyqPfA{yf0HmMA)2YV)QnE`1SSJBvM8XzN#4C;Ek24IBf(^-rr)e?sGySG2Lp+P}_I znO;CLBqjbV2>XrUNE^WlNqdd&u48mv=oGYb!0rBKUS(8MT5nNo(-Ep>Tr`Z)a7I-t z{Rh(Jt$tinb?YK)QxWo(`WF}Y=e#QE{Qwn^Pmlhm5O>?ek1t#08wmf7wh$%MeoA&3+^H#8`sXuHWHzRmekng-5gt9<# zpA&e06s=t2v@Srw z%I@6S%@bz+Dyv_6_A@`(e3AW!e;MI2;g^%X-RLS*=yLL*q+i8fOyAJ~fv^=x@Hh6S zau@^dsBpO zhj(?6ML(-G1w5-(G@7TZKpyo0<8S1JzGX|zbG$x>=^!_Sad?{ox0NM8&4zfg6=SWw z$5blrA_1_j)!P$PlF@1M|KqCX9gFNN0n!Y(e)itxtK%q9)+N#U)JuKsy={Mra zOzyScp(=NR6Q8E5ah7Ki_EPg(8CqjXR$y{6xGz>o1Ja~2QJv#0Bi&*l@zfoYX9PuPhZ+Vy% zjO>#9TLbxv(>M;?PjATJX^Q#MWJWTlwWwHnmVV%Ta)g@46`hz-a`b z)zda_QN)eV+Ic0-V0yOMA_kE9UFMN8{!xzuQgSMVDTi;xz4XekHpQ(?SrRiroE8j;yHE|TNLwoaG3{C8> zYOQ069NrkR1L)kj2yIcPQG%*vu z&ertm?W|hx<0luBB`o>(tjqw$QnK7+F*iyT^#zXg5K9Fm9wDdYy|PTbWSp~ffGh6d zh~3nOWaIsb0#%Dfxzwf6!LZW5NM=A9mI+nmlTB(BnbN4>lYlA_Q?ih!t-=E$*yU*= z2jy$J0uh1ksxk6?jsbBRa3ioMy_WZVjo7-j+hRn+m)a2NiduE!Yik2*`ynSqxEoaI zfPtB~cso5ZprY}0<9$3l!~JAG-~b}oKQ1j|)zk=h*QH<4`YZ^_r2j@?d3*bV$+j>x zk!tVrPJ)(7F3G#)x~!fW0zdEpZ0F=2?JaS^szqIu#!va+WeQ%L4y+zJj$4c@HRH9L zE9b3*2DCN0>wSImFN$ak!x*6X27wz8!_0sO<=xCy&pY(TG%OPX(WsGI4%a|ICAg_$ zx^ilj$Ygy({5i%Y;lk90;d>ljR8|M9T(J1O#>J97i9vB+$P}?L#_)ZlxoiW~J&t@~ zcoHyUCbaSouXVKFwiHW`?s!`x#d=G@uZ_Ag!Dgr_rN!LRw`A2us4y*1F0@rD!eYTv z$1bDKDhsJ~{n0)jfe5v-F9`;H7%aW7(Yx)p%s}F&LWxIPThbue{PD)($;#cSD{h@m zOY3s3_dPeBJA#M<2A|3wZy8L4&@l31s#|&y_7`MsMm$K_Z=3~pZ%h?DlK@5?E8blH z@(9i!vc0<&)P?XXW`=q9T>t4_vDNBNsH3#*Wi*KN>Ti>Mm#$=f+FCfo|K;qZQ+q09 zTci)Aux@t6{(Bot_VB(%@XG;B3kj|Jvky0vFXc#a73&VhRI6U2@CJ{cD7-R_B7?7~QUwJ=`e<7l zy==Lm=9nr2a#H;Dl?;=y5EU9+(3cEssA|;27JRy*(L;bH!j&{z=Jp-yUZ`w(n_hSf z=%>kp=u~!FZ0lKO)>Acu6DW}{_`D$uNQ1KEIduSFL-XYez73((9V8Rz;_D%`A*xWy z-Z<4nE*{N^jIu7&UU@yA=ZS#_o56*3J+RG-k!A7YNuBhsGQUQOzqo*@YW%8-(}+F( zQ%UYS@9r&{%-17?^|TRAyxaq{q0z^kV8eIdml!KrkV*p|9k*tQSx=jHu!%_A3pBdS zfXOwsxtrd_8|vy!EBC@CQ8A5EraG>K+sa#e<4hCmAke{ zDSUhm&1)eQvt1c6awF3>Fj?tT1Rj#|+lf!8l-Z%dzrVJ>Cy>0gw)O}Pgn+t!twm#+ znA55fB;yF7+^F5oFNm0eT(Sx>BPwE1gs(^Ezs!qa4K)e^N~gK;*p@)s?K$K6SXj zgrTXxq=Lt(R!9m%0+=tXkDMP|%YATl1rC|kE3bw>E4K`n_#YUHcxF>!LaEgg4 z^sn=W=#Tl5Ier066xWM_t-khv1H`bCx-B%b(FFQA`Sn|~ANzFyKW!$rs@hy+Vq-tX zlA#IdRpvqw>&jgi#$dP{Gm~F0S-Fza!goHhM(KIx@golpj_ij-L4BL;%yg-zRo9px z=g;dYmBo?2$WvPC^oJc=fB)~I`ade`f5*8wjM*62b5hM*>S^1G7)Q?9ML0W#2tqiq z{I%H%5Zf0Rz1*BzNyLI*-i{06Ort-x{qB0+P2_xLiJyJ zKVyY(x~M(9CdGy;!cTF2s;_a%@IrZ7xgK{<2-2bZt#fuYtVkt}7(UoEcET^}1G+Psc9!2hv0(P|o`z%{{E-JEZcg znKDJ*1X`d7#5cd2w2YdWwJV(4jO|$rv9%+$E^r9)|5J`;e}PPUcpDh*IL~`RtOv0a z>ag)-g3lYn^h|{Hhng{%!Ttyv9v9da?eDz7u^vMa(AOe9C)(Z}qj~S}VM?1!J zhd*V8&icWV08@53R*2Y#=>t{#9q7%|!n_w_={OH@GoA3eRS(xMKAZj^H5v6;b{Y5q z1k&XL`M~S;7q5U^DZFD?!r z#M)k&Sqtp~>Lg`P#n9E7THB#9EvNx6aZ#^ShW;U5KgMw`=seZ*R5K=k6XB*DVI3yh z5usC9h{aHPUs*uG8d+jM5MZ4=r}U=L;7)g~7Y%`^t@Ac^m7z?Y-7aq} zr1O=GHvf$UeNTV!DupKJ_oI~a&bf{}cYEbu*MCL(|Em-1AT%-SiW~olWj~Qs->zQh zesFmSwU(GJBK_~s3inIB4zW6C1Ihox(ewv@=~|N)uapr)QJvD z?$@y~f0>fB5z>(^pLXXOO4$qgwMds}GqiuZVNM}9x&Y6|Ck2+u$<}^;O-Yx>LCx)$ zNNEK_98Ru&a{XL%<0*iR6VA=XdXE*vz8iwb0kPemG3i|JyC4w|CQ=aWA-Zp7y6C6E zecuAaF|!9iCCXJIJ59@=;U@l5Iy<>KR8nLb;PI-yEgz(_tN_JqNN%LpMVPxZwOH$irn*f1L# zwx>jztTAH27rqgOws#ADO6E=VzG5jg*95dblQ9<(k-WhiZR1CU<3|MQQaPl;yg-U- zlMpj*fZ|1iP5Rl)*m*2wS!^ufmaRGR$r86IGWRXHv`%+=zCALH{EkbPmo9CIwKH4M zff@ppC)ZgaO9$`jH#f(}BYSbGAR^Ib#N9_hB|}c!n$-V!xaeb!5UF>sR}!+WIo#Sd zt()5~ffW`An^a96UJ-ewGUM*34WgQlC-S;Op`2o62}~XrZf*3JLKOO=*?^{*&0IgF z7UFQ|PV?YQ;acD9z39FL+`(q0FXM24PzAdy{H}z;VEP8%$u|35ppebrfJOp3+d>;P z^qbQ?J#KEee!sEk;dS?U#fsho&-9Jy_xwA*zE!2=psHdY%a%BSIhbdZP}8+OaTv*6 zxi~VbWx=&d$UA_7Dm|NF8Gutb?o~Ud(h%=criap`FGDNd1M0705L6G-S3DZ*P=%OOB2og}b7KU7A6hb_75DDb zWq|KHBbX9W^lU`awAf??^~zwvi$HTjMjFz5VfihNoUo-TWWIs$=eywas(Y+U^fxc0 zJVz=hgCx~iX&v(b5KhBH#wtoLSuH*hgCUX#>ytCZ50au7cHVViFr!vDD{P&On^}F_ zRWT5!uAP%N5P%xxGQs7Tbb!a8^Wi0}^`{T|jy%uy$zW!vpwq1Lzt3UQ2PImkZ~e(j zMRUO?favynp2kQiBp$J(LQ!{?G4==MnVD$wUn5>HFY*)O0C_~-6=mLVeW4$H<1}pq zS0Poa@3;R7-@h={f{lKQ$y9|=Z2)JxFfd_fU(@EN+;N5RR)wM;_wI>{iGx%MqbgXK z)~?W1y|U48f#X!uWXuLZ(dM5wIwgVE>!w91pmh;!REQEiuqEO;yealV+AGimR49|J z1Ze9NRG@|d3ev!Us_kp#^FDCDx|g$-@I~9zs_(VW4{x{iR82FBo6VZY8TL$=aG|`1 zuzs!nyOn~m-93E`zM0GAqYbftwi=%7kFyIpfp$-islLPJ>*dDB2WOc6XIWzyLv33g zV^5XwWb2u~EH@)f)1enV`3{0J#w_$Ma>Pp!tPz)>n0ts6#odwl59*N81YjuDiag zz3oNhB&7`OY1lok`9z@=xuA`yvU#$|njjb+c<(fj^q`L{mwRI@wZ0{TEd7nrwAGFi ztb4D&cWA-oz}M|^8(Yk(7#&V<{+Q2+q4nGPGW+ISE%U`M3PJ>x&VRzh?g|8G=S^sH zS^zx`EXN0Ljm_&!<;~vYGas3KyriPb@~5bYB2$Zr$oj;I;bLaNd9QqqdSD7^Xcq_e zOZVS+*?uvsJ%weuh?5Dp(No};ZOh~_eY(6f-0E1a1bm+jkeYAt{Q5O!USPYJxk{g- zQqn5{lZzEB@U75+trx+fh*4gs4G4YA#%AXuLh(qZpccz+FL`cLb3L62&Pht=4UX-2 zBi}Vp3wi^%z-s8>R)Fx0vTc@~;`_HSoY_W*+P@(;f_wf+EuUPtA_Z^-1!~$!X+dAxIVg3zE=(Y4Tu$C*`H`XYwJ z*>nM=O57XSD=7DL*KCCg(EfBG3!qF{B8IkXEM^0xTKTj}$+M!fUih)JP7-Z(AV$?| z)6{?(sVXf(LKk zxYN)DKM_&@1VkOXEPd|@W9b$W^@(IvNjiPJ-i&lb=`KcfsEWR7QrE$h1=VvSXt0H2H?Xh?gQ30G&tahdqO#C_ zL9oT}x_#33c%ET>mf~RR>Exy4D(X_l_T=^b#|e5!rG7HKEN}x88mEYxX1P$h52Y5# z>T`RIOUwT?y4C;B<9JwhCHc~QX{=BgVT8%ZD6F9ZRyrHiXm?SeJf-=WV%Q`Tw5n0@ zF=Z?C!qle>0VoNbjkb5rqP6<8`|1Gbd0+La4#SN{qC(O7M++iBGyMjbwLR#2{DB5; zeQM5xhEDXp)Tv|p6K%W55SA!z5}$U$goet4t#z;ULP+Pt(LP zLU5eW{VZ1x(2D?}N={l)3l{G4Y&%P9WsywzWc)kUzz3eCa!*}`mLKxGBY5c9UsZ?g z4{RQFWiHW}Z99frcnZ}zMNFpCFuw~;LE+fG80VlqH~{Z*to1u|c2PBt-r!Q64FOc_ zq28ZzV{#lG-e{mPzWVejlk5J(!qQbMytFUpv&EZ18XsH$$w%l61MZ7iD|sn2z?Q|F zTPtf_U;Lj$1A(Al+jUA5UiX7VWczOwz|282ws=yuj-t91+BH)cyH2U76uSjdfBI7> z#jAgu2-`=7c+IX_=|d+_hVJQYZEbUN4-i*@LeRU5(ko-FohQ8CS1$37ZoFYt9oLbq z!B0azfKBf2=OMXZxd*4_C1<~qOZ>V@%r-YwWKTj*4hD`g&qo`~(u9UWdrm(-Ib_#5 zJEV{K7j8R0bxllV%RT)Us>OTIrCz8}b{y0X{E$wsXB@&H4xtA!aMaJ=2XVxGOBv~} zjGDg8<8e{)1(OG=^gbeO-`rGfZ|&ixpDA{KZb2u@El_a3Sv0ra*vIs^F|H9P;QvW} zP-x65X5cfl>hLd*A0*zy2JW7bn0aFy6mv?&8m8Ab!}@N$Y_F_8`HCRK9-mE9c2As7 z|6cj7tk+RuhW+JyWn;GC;>V?{1SwgF0_xT?`pap*?!63mmd+by7;Fv^<=b))e3VPlq3@b`5;F-vYp zljv7k^~MQZOzI+hRmrOD`Lm!mfkO}w^C%#$XgW(2G_QEW&axu$ zQ-}0sCliV)wPMgichpRE%0QV)hC$f@VWr*9_!oT9U>y(T4_{h5Nn5Q5g7y1QZmNi= zgT88WK^^%XEShtf9SYLj#KB7!yO=WHMVWyJiw%9JX-lX7zOVP4Z8>jEpUgW=R&MUM z{!BTl5)q=4#JphM??#I%K=#|6Y(PM3=^-dHCB*=pZLOB4N!&n(=WliUr>r!BFW2aQ zDq!l^#l2w>=T|yONbm56ijLJ)8;H21TX+SvZ~2K!O`&i6yXDCIHfE@K*3Pu8%KBd3 zqh}c4o9d~+_y?v85KHpQZ5392xCG?-w1)#kW(9adss4xXE5<|&Iy3gTYx~AIqwzAD zE|8*^zoVE~mCB^8{1n#zO#}>>Q2+{Kp(p4Q?~SF{f8naqxN2Rg{zP4}R|QhR(pReA z^L*~D?ok8W8gU(GRrA31%?c{A77$O9+Hx6UxkW>K&Sb&qZA*#dut04Gb67Bt_7p;o z>g|+M`DIE!jw!$2955I7NCJ&X=~iXQ{5%U@u}<_K}ab{GXf@Quh&$ZmaLBPZu`~?d~5j z?l}~*pM2RZ4c8p5EcTzJg0UJ_w$Qc40MN}(zfdR~i%W@n$x{QQ7&h7TeanfzUvQq+ zwc;?#VaPO|2{41?4^A+&dlO~u36HD*$Xg!W-!OwZ{NdI7mp{-_7gCq6XKCn(Fr~#+ z)%v7XAv<}+IH2J96fn*ZtpR8P|DZ8wu9h+&)^;b)>tq@TjYY^e4YW6gmmQ-=7NCWS zuZ3>5A;+>>>Cq-FPfFsoOAQ($%x7jV`dR8&8hNzO3BR+Jmy%y>AkPt$rYSKGtV^2+ z_0WcV%jsRL6iy(%c7YIN%r5I=dppZSetmn}^w$=f=A*LzY+SHFxwK5jZxSjjDNOvW ze*(V_n6w|f;!fOQqXbBh2GkyGfoLv#JvGRF@gnu&6sN0BO2yR-u*}V-dmNsTIJDUp zD?8toqigN@Rq@^zg*Zy3sR3MUJGcJkI*>>x#O?lBft42X1v~nnj8o(z0n_+s^>rlf z_GmR-5Ez6l8U+Kt+1cln|IGJ%ljk2oj$@Ox9M=%BBeQ4x>xk&lfRr9gHxpe|LT_G9T6EHJ&YPd`0P7zlrnwvzt}+q)*>7 z`}*&(?gnlHnfNT~kNzM++M+Vq?zbFY=K!83cmQ$b;G0?Iox{njjn7p$KG=BD6a4i7} zxSNkb?ZN{`yb+FNcdAmiQf#29_nlPd5QKQiG@pzJ;_|aJtZ62)!V!(H=z6w%K7;h-S(iTAN;{!8sfa=zT?(b75Lp~uSOBUD4Or(>!4m<0? z`$Vg&Ej;J)cNZE|F_xwMpBX;M=fvSgXn<(-fA2?@u9#G}{)iGfynMs(;&XXW5qk5^ zQ!4-3N**9eC)hA3PF2{VALp(W&drS<4J5M;-1xps6!cH%jEWRRVSO%ziXr2e*af#U zpY6z{J-v0WitRZK0ETf8x!wYACln1t`}p?c^8F4rGu9VqV~b{135HInS~0;&fbw{} zi9OHAYlnTDI~(0c1pp5yEubWzp#%Nc(Kb9?EusH;QVPSX*$*-}u#`zUZfQUg!2R_N z59gY`%I&2GszzCJKWx=8CRDa6`Silh5r_K!KFL$Zd9BFmU-?9vh<6b?Mk(1yM0=E6 zvJ~1TN0JFuEKtnHpesa?hoO(&(=V#2RCj9@QlkzW^D4lDY(`}dn0QBg-iTH(iHdOs zZ#}Kh_bBJ)6xc9rR=0H9=(#ERLZPu=QrvAigBl7sJHW{)!J0}m9vtMijXDHkXw=_} z(rOtzO+i0xoYJvX*9n`9;uC6ux)iE$tgnIVge4`Bw^9^(&XHfSx04?MJ(gsSY(BjCU%!CMKC)jO1MHH;W7x2leZrwKqr` z45>euJQxyJC4pib^_6#YTx3|s2Xs7_@|G@(b5y_lBcfh_@f^`$O3OSHr%_P}wl-|H zjiU+h1q~WZ#wF>uhkAoXMw-jOvUMEchb$VVKwNFzb^KG*;C!U1um?Zkj}Qk;p=onJ zMo^8l5cbgU*XzsAygDRv=gR1s?}~#idue4$joTaELW!bU_pYEAhyR{=loMH1YLYof z-6Hs#*Ln8S(6Fj~zpgeh-mfoY`MQ3Q*LeRi{0%wUG1Vyg5BUT zj&yWzR9BJAab#!DQkL-i-Mc>=jzOjF_Z;vGM7|ME)t1@7B6};(h7;aPb>4SG6*9+1 zPgyBSAf1nz3q$4YHPzK3i{W zYeskPa={kO_4M@<;Q6Sm6RDLo^)i6ZX(Yi@Revy)K;mZu_Xtlf_%07oH{a@RTD%l1 z{z^iQxSC-{i1l;hYq|`d%@}rXIXjU;A5&DHbO4OmHF6cKrW z!fs9tQC}i|KASvG$IQU&&_kHTT_8|hy`MzvX4~R&>@2i&jpI~8P&?HhFyYjnj#i!p zGh?r?b>4pn8qqk%J1Jjr%mv8XN<pmZF zt<*Pyn$a4&8;|jCD=Y*`Zogy^f`6uGDt=YViah*jge<+!Sw(eDYJ`-wUr`=@I^&ct z&8a8wXQi{Zo4BfG++n5#&3kZ+{`C{<-uCweL^7-2#gn6>$G>FBpVsUX>76;Df$Vrl zz2TbOy{R;C5Lj2+Bi!^3m#sD$*6~$>@>pVEJRfEurW+1r;FR#;YT%~t@=L;eyP6N& z764ALx%$*$@QIK&&z@8~$GXt`nqN^n5|WZ&|CGoXD6aRTC)cJQwah^O;}zTALPY+}Lmr#Bzko zu@K2hJb?ugAFn`RlB}(VsmQKAC+=A(eF1RlCO2WOyKE7B}!i zjOnv$C)5VoPCp`*U;@%l$Ym0mV0tUgJ6P3J1)oZ`@=N-y)Fg^s*srEn{P!8Z^s^unyFj^>N83y0}L%R&;F#~uOc*1@Q zbP=^%#OV)TFiwCcwJ{ixszokHa3%#I8sL||c!h;Ai&l>X7rlM5?bp*{>5o%9NMV9) zAw0z)*Wh(ZH=7?@4EGJ%5PA~O0jMzI8y%n9T-pO4lIjVggKg};`P4#Lw5##3S;XI=sco#isWaQ# zsMfaq3JW?gDV!!QQF>m^ktgyAa4P>)CUH8gb@bieNtVrc@MH_I{lJssHc-s7Y%-t{ z*%nh|R)ajK7p3mSL=BVHVUVb3~z4~)P6!qO9H4YykD^=e*EZ4LlJ`b7(WdUAa z{F5j__X8!s%yUu68y8Jzo9$%DjA1X~-*ZL$+1jK=2$_Yp$T1}O0j-C$IO;|}XwWdTrp1XV=%_EWsp8#Toua%-OB&il{XoVKCIXfwH>*GW zJ~Qs1#d21Nx1wQCBk*O$+&)q61x#0K+edA3DKB-yVPSSGzL+(u<8g*@&@AEizx%I-AyFCQQgS zY;H{18LM!~tBelZteP)RLE35rRtfk9zifX_`?`YF4CTT-Gg~v|nsF)#9UqbRd}>m*c9O?Nb{6aDp~ZwCrgi2kHW-ns{&ZO@PJ% zd*c%tOkBZ`2}2B{J#-^mipfU#z?k{ zK#QJ0I1iA`ZFWNw0og5CTGZ-WIu3d^vZcJ}e~tLwV|r6K=?aiZO!yJ0s0l6`={)z? zQwPeGR{8=DQb62=&PPMDSi6cxLCl|emhzFK1KYgolH#H80(N#rp)qXkKeKH+lrM#$ zOcpyutZaN+6`=@o{d@9dnO=?d{mo7MDlnN{pUpoIq&XUQ8#e(8Rkv*3gNn{9tQ~cnQ3rg$|H4L(Gb^8*_@74wpY)vxaG%bd zA3JL}*Zfb+^xPg6?|{B?t?4iS3QvlhAmsW_gc3!LGtoy!`o;?m7n$s2E5oi%La)8K zwCn(`5)%P1oaRAo3rMxNvZ(CpprV(e*O2p*Y5=M|>`uDERlVjHnta+A8z;F9u$%~_ ztwOJ!+ZtMs`HnqP!TI<2UFmxUQ?og?0|V+dXg%VBy7nMgpnYriok+*Q-6F#;kqFcj zdKwf4L3762C}=1cGMEs0)0%q~;qr9LxPAuMsG=xoFF=ke^4#;t!OXQ$2;|tq&!8u# zRM+BP`F+Q4GM9c3)fkUNwQ~k;Dmku258^;33{pn!=u{T>%U;$VX7yJj-}4*JCn77> zi;77m4$J=G03ebzC-UoK+g6?^{=0dp9=Cxta>$hMyKKApb91VdNUZW}>jT`uk=N)W z5X)Xg)!{ewBeiT{Rq{-9P=F6i7$CDo{f1lZ|*8GlgWV+CQ@m1ZcH%CAJ)M-=023o=63Apq) zsRxpBrT@xemez|(=cCMBuAPK-C6#xPPZXE;2a?IXM?Y5xp@cRc7KONzzCVU>i&QE=AM7*tl%xV9@MebY+osxaez9J$d>9 zw_jGlW+?n`>NgYM`8MUCQG~7CCNoPI9HxmiNyaaB%2Az&WXI`TGUSIpJsR73j5uDI zags4STPfUaY>pucF|&yC2qWs+)+WzFjvCI6_Lu&#KXD?5*!DU1oH*B7y&8-7!;S3# zul$=wYp^-;Yu>XJ#yPM0ylVLTIbvr_F9SgStY-veG7q2|g)%OxrrmrZS3G{}?3#Y? zlb;E+OPg9`<=|6rJe`H+{*ztV^K7l7uWn0LP?&bW4`d>!A6IK=pFhptg&!U4p~$cE zTEZ6G9U5p~%$DsFG#3|_)M-~*!RzCjS|^p~8@-4$ql%NSXsS!Gc}{Encx0@wZtfw6 z#iDCHO~-JNWlOHABA!-JLuzrLDJ5tQ38uG!l5o=-ibL;3@~gXx&080skHx&_nSTK5 zq!UMW6t?W_%UalsxKbi<-a>wLz(B{2%=!qbW2D%s(Zf1vRpmlRu8133zO{5W7z7Ez zZJ<)QY7WLwe#;+vbBuBkK|O;q(0{pK+VEr)~OFU0e364rcg=+2BUM5$!8LD4-13e zU%?acQRL!|m}9F<$6#F?5qXSClp(iGy#3x;V=M=PWxU@m;>^K;f^eLJ?#HJ4%ltIK z6UPs&mgI)~;Mn80W*VhDUypnCJKQoBz*ad07qg>8vkmNL^HLB?*;Y{vjTdz$!nb}oB|de#pBO^!S@LUB^^)gKP2_jN&k~~=Y*kxN92j`rBW2e3@xv( zI=tF?$`7D=#JMjH_Z2DsM{`&G7uECi7ZnxB4+UfYg$@N53`Am=S~k3tE$#oSe24~E0rk-*r>mw{>UOG=DT~qEKdR} zwbqWISeo3sO&rgG@Icp=mF=|eEhh;$J__QY4XK&1;_iW zv9cJ${FM(U!qFcq4^ZvkKE0A=ul14C>O)=5q~~f$zfmYl7o#2j-CvAdk-pyEDt+Eo@%3N#>=As5hIkEjmy3rzT zrEOMY+d+#b-={mZLY58~N;dc&mzI?|<&kYEkTGK5q;Wn&3EYOs*s~K)hZ*XL--&&)S$XOshUNX_;b)Ku?^2R;UZMPvGdWY@PapcTxO3IiS zE-o&F@9`}nGOi`WM5z&?!T+3$#X5^3Q$CzlCiHcUI+JmO`+B5#m*f0PYME==CDYY! zz8KWl>YQZNp4d1XxMdB5hmbKsn(Tv<8_#EkwSH`jQOoojeq+lFIJxbAu6v?-)x;Rf zlDe4BMdXrT0#XhJX3^^wdAPat8Ln*WyXVYjx>9wdia`TTao4W4GWjdefO5c(9tEj_ zw)>h1%zEVC-yStCBwqYDxBY$`jKg746o@d@(89l2cEDLLrTk zoD%;2{jNenbuE-!=clJr{=4-J4J35pJedKwM(7R~P{3U7q+Vx)#!k6&Po*sZ0scdn zgeP`oMJUg|)+6k@S%Qf5d|^&lkq)swAk4dC8U#OQLxyZ^7>c(j{cP=a@HK@#Zd7&e z#Cr2di^EVP!})OTkwHmq=raD9=KkG`4jVzDwy$S6M5k{%MG z&_UPM!RPf;nyLL`EU&rgeXRygI+FLk$J^{L7=tL@7au-W^AN?HUVQpQVi_i%)$>bP zUbyMgZ85syhN9U)ar|;@!rSlM_J@TFQ$9mMLDvqv-M0)zgcbs35Wd>^Zwhr!5Y(k6 zh+4NbD8lDRV5j`G@qp0n75o`P+`$+cKe>o4&x#(BA@Z@-wv#_pz}~ zA7%=hrsCj73U=tBaFet&L7_p@Z#GkzpQu_jFM8>6!=p9Rv$9`g*y@&D$Sp{QL}CvY2^JYN=Hw&& z0v6sf24L6oGB?vxl4vRK96sQ@Gq?AJm7CRM>%_(vrC_Y8>gnkjzA+w5K|d`~>Dl&} zNlxBswNzpO*5n;Xxm;je^`03!T|{_IoA@S$jCP@Rfgy6x)Cn)|5B$x#3gmvWKN`uR zWILU$5oVzk z{+PtP3uVR0`^UrID$G9$Uod80#f$qt&NT726p5ecQa~?j?KK!=4U3QD2ElUi3mE#c zNZ*1e`db@7uMW;NhLHJTFk3TH_y`taf@`d8{iko*L z4;L`%ah>4-xHEPLIGAF4n?b_oaI)6H5LhE?An7UnsdN7aYUS3YteSzL@VN#_EAwS@ zV-k7Uqn~En+>w^NML`sF=F9I%F6yGC^Cx5O*cVR2bGHi1Kz|PM)W95gTu>C}a_h)d zj>Lh6c%7a;u!x9dXQLapX?^sUFZ_$^tRZByY(Xcex~vzv?X!*XR3<_k>u2E};CNyt zGGH^p%7pR6M92|(+#em@v-+uB*;6<Zn(u>9HS#v>nf{@H+hn)+>FP zL|bwMtknteTcBo;t5rSz9*sJ%LR6ua)nYguOG}N#pgz`vv%^DDbw^)@-jg!01t}^j z=9@?y?y5;S%`~@}36RkVm%sVa^r%NG7cqD7xfXYRD0r6ym(IZB)4qG*e}0qcf_HHt zd7}8E+BbU_xO|pNYt*aA>Ng1Mor}8Mm$t~-lIS=QFql8XRwqX#@H?PPM$%!Y<5N8a zZe0=PCU-S{GTjaDTxPxabpHE`b-K4QLV|Zs`6!A)NKX&dB~QwXSN^uSwe=-2F~{D; z#bs}=!2M{tX1AONEvqZ$vD%-R(>J=EeR_Htzym8yPEIy)N)dFMC>XUiN=eOA@y~iC z7j*QXLb!joykR1%I}?S!aGE(KrpaqM@?7rjuFF-ey{pQ=z_4+BrrK7goy%1^(!m}7kB!6askZw~+B@Dt{8=yZ6ns5*xPtU6d>qD~=%k$~01HJCrjA)E+!HzafliZv z4oi$ojee4bg-r zgSGZk*p>9Wo1pmho4j{Pd=Qc@KC*48Xw_{7nVZ%^$Hd%kQme;htS{C#H;d(5;I8de zj*U?o$+zPrw49VQfB9Y~B*gq4_V2>b1KZxSO(16KoOX1A4hMtlO!u%ZoBDtrtK>kt zi{_9-YgQHdYLAr~H{KTqVIOcv8q8p4ZQQaN8-0BY8cfR6R1i7^(Q29_M^X{#clTz0 zu2)(4e)DZU+YjsLef!GpSDD-_%^&zrrnX&!AB6a`Fj+7WDY37bL}N&ZTmDn8+1LW+>e6HUw2@s+O-;E2DK$P*l^b8bpOf9!uW`(xcnA!c`SY-e zGJ{`5<6Pm88usn1iY$5R3y$@5Xr3yJ)v9L+czwpx?_hO?e@U>I4nH!*A$ z?QOa?H+@8Re!LCgd?4NJJ$E?rnv-mI^WTJ;;$*cUYL!^B-5NlN~ba;cEHnOa)D@mN;ADau)-!lRFxbYoo4 zNevNOI2c+qewNbW{8eeWTZEVzi#cbkv75ji9^g0JeOS^#hcO5-~CR zdRN)Pw|a|T?=o7Y4?vAy;;e9K<^z8~K5)M9&71#0hV3uzp-Y@&=!GZuh7|ytG*f3< zDK1}z1c#-+3w#INo^ET2uv8!d(UDwtz~6)7g;<(iWK(258;V=QT&z!_RagSd%?NpV znE;L#J_QY{v{rO3AJlHI`+dCO3T%r$TepjO5nuV}m`O{jfD7C=)zM)iu%S}09DD3W zqlW||OQ%pMh{NS$MLls%lRUI}MjfA)|@fhj(M-WqINok;|;^qI3Ns z2f-B3k&*r|2(ioN$sVBea#8~jKBbU4CKi?)S5z-~-tmRF$HvfTUROlGGX$?;9-XAm z=4M^qcnKY*$2y(-9Efq0=d;Db^wTxx&Qq>{ zV%}N&UcueO1O0vu-I3d0Ec6T z^Q_!%Z7?`*F=D2i3kK3{EFMDe4ir{{Il zHQl0I$(Lw)N-on{$Ep5RXH6mfLqJyxebI`!%8f0q*scalJf*mCTjN8CH^ zg-K1>nhY=p+29ptj-`yEKgW8o@bW%-q+K+gq^B0Qn9W6irfnS@OakzE1QPSa1|9iE zJWbB};qxsiCp-J>d{v@GW3bL%o4Rs;%_f=tWNv$BC`IBN*Nl(}tv);i{HXa_4=__u zdfCFjO3eP#2YoawXGKV~G2Jm#^weQ#INi3E>;;y2p1nBCFf5PsdZ2vPD?%PKg$l!^ z5uJ4Det=mN6Hi3=IZgumvoTKFiQ)B{C^8*OnmiDBLn#&Yc^rMTN}4$EgU^NAH?*O0%{ul{u>md7TEf^MF?S6feAC0;~7 zqKYD=WmB=#dIk_m5J>&;rnYo%1i_-;ZQVX_EQ=ClWmK^Jvg_G-RcKd=q?_l(kLO=l zn+&Ra2JDmo1P6X!M4{g7}jNGR#6*zW%s zwTN$bn1}8DRKTBd2s)ydf{Aa5P>_>H1|WP(=E~VcM4lJyfP-$5k|GZEuz;gCJ2w|h zkvEj)FqK(Pk*O25s%*vqc;3S!D5mevVRrj@Lu#kvkZz{{8|DKCJMOc$oa0i-uo z%v0F?_ijBg4F@GnJb*FdRRXI6i7ta*0IqQEmN5Lvm^R9D{7I}F{w3)$J(Tc!b}vqvyf{~GI^02WY6bhIYwm2t=Zv4sHbfZdUJdIHq?P2@>i z9$%$IP1_nf-BVgpFq}Y)md{JQ0<$xc(D4I)9dUIR6@o%pSy@pfvZs0v z#Kgpe*?zxjuBCL}`R6A+8JNb->i-Ps$!Kjoo=;^7N~kjXEIgK6rYsZ90`b{B zMW4Q)!GX__v&v z(*p-IT($z5sna!XuC8SClEuR|F&4GGjzEkPP^QK$?3fM><{{Ij6ZG%`D?)JIM!*CS zcZZfTrDT-TprJ`^sB3O^won^WCuwoeXLonlY<2eZgI?+T_t&f~EvdAT13po+&>P8| zb~V%4Xrvvo&{87BNGD8}c;jIgtcdR}$xQQn!2VbPvJ>IHP}SKmiuLn%dYlK4h6+dh zR6FGUm90t+b_ug>=>uaJ%cGT*m7tK|d*PjztecHa_T9TNW6q%8IIqY7Ln&qD2HySp zuN&7d&GvuEJ0hz{NOwM4(-a(D2q@lO2OvOTHIQ7QU$dISn+2c`CW+5{hVwCDU=S2@ zJ{JN$r5f#>Rh^kA(JO`EJA?F|(yELMpue*i^`g#vhMQ-xymBMWb2sWE4t zVZi4buYjmaV`Jly{DEvK(5Vto$BlL*i_-q#Zc~aEizHLC>eh6JpH+`LL0Jqe>-2FO zwPjW{n2q2Pp1n~Lw-iO>NXxsLY_jf9WqI{NhNC!0FP$5E%RWDNzKbiMjwakxCSL~(~zdnP$` z^~L@-PSXf}W?F%}60c7VAv;!9a|f7xTKxVbV6vIo4V_-5J$1VHGDNnIDHSlEPNrrL z6RWlp^1bj4#7pSi{7*LzvnBQh;Uh=22P)DoxG&)?b9e|fGBT!pYMw8W_{-+uH%ls{?gb{Y{A}nMZr;Q_QyAE$N&qQB=>~z6GpFg20gqV@X}v1hms| znELJHyX!sv&~nGAxjFxza2Tga^HQIK=@8)ZycT}yG%Yum;XxyELN^x5%Pk@%R$pIV zV>|4JT6*65aR0{;En3yh(=+Yx>_qSJ%RcN#Hm6xHR;YFgKH4MZUQJQ{Dm5+SRVtT^jIPh!mx22_A14#mjf~fF! zqRwmE5<{f)_KvLO22V{H)3adr?WUThKHO$SkCmbpvxXxotEvWwUQh`xXx{p@l08-B z3vE`}qW*aMgUpKYy~U*^3cTo5XTKWT@rD3gC-D7Xg9kd-XeA~wvEF(pZR6|Lr*@)7 z7i)Z$xcZ8W@Q?4x1{)wkSp4#AjB=YW!24 zkV-WIc3=F5sm?nShtK0w*h@aHp}8fiCYMmCqir!KL;KCyz2QN6Mk<*U5nnE=EgwsB zAfh+k7f(I5Z=Nb9IZ>b0(TUk&c(btmUs$-IP$}4lI7bFS`wg}ri95$sOn#qfjE>$M ze5|H+>@NmQfMIP$&t%BdvxYaPDkNamo}0703ocLJ+^K)P_wXn#CT46gL)s&u>UmWz zXA)<%7t6+6lejoXfD5239gXPCac2N+gAC>8r)g+xaIPYE06ANRB-w4E^2tY6$tF1K zY$n`ClXM74Sv>+Lj90pg)xiAdHi1Z3a_U5#^-!~fFSP)CoIanHRiz{y`Fdz^F{7&y zTIE>2`=#NNPp8jck2tkgwpbzf%w4O_YNF9PQcViK6pl2dk^vA6&3$eNjq$i)5Q&I1 z7y9ESx6D)>k4}c8EG^4;O=)Q2%bHJf%|Bc$1-?E# zI80QSuI4J41JwYoxoMME0pv?(1omOyZ;7=6*0ad_=anX9dNdfWiog(HM!cF+Ny+nF zm{8yi((K!C8EwX6@BfZBXY!yQfEi_JFxjVe6C9DeJ4 z`ARdcT}sEMgJFMwl2&@G!({fg-&`ft+!2bdDC1 zD^=M}NP26=*jE&~xw!bI8j!22t<4PnTOyE; z9%^aykAfy$QqVL4Gk|+?D9OYfL_pZIbWw1X(J8*fb~3NC9s)I~^^>d2JUmfVS3gys zrwv9d&{-a*X&DSJWY+0^o{#VSt#3n}a_2tt1z8J+)|KBzh4)f@aAk7JCNc8~VBEhp z=d-+Q^NK6_J-U|4uVSSlW4%>)F6%2C;a4%|r(w#(`{CKW@P-=&8FwftWyr69Kp9uQ zxh!8#h3~fme%$>BAP&gm;$D?=j^x$yPb8N~$vT^`NP(~~_7)yjdTmaKm_9*!GB+XJ^`Bp(@@DZ6@MSY+ z*zB+BYi>u+H^~jw8}7q~5JAZ5EBa5p`{MD5!aT~p+0-TPG^t=rtRu$2>mV~H&nFKo z@l>t#kPIDSxTV{LH9M54oTAd+;6Dx`odRYZ1oPCaLuFJD$66`lW%b}PO5PpNeZdu# zj(wSyA5F8!JGg-&gRJR=JHolv8imW%-Bd9VX%xqm>wh3qp7$a?xZIS0y^#>E@}_u9 zfwj-u#f*svvhw~Nr=Iv4@zocV>ZbT&)sG#FMwcSpdApHmI3Dwo>PQF20V$>wR0xWV zD=wRly-Ap*eFN6QTVsxaC3cpfZnsV$Ku#EaejpImc{$T+yXy z@P}GCc7tK~!Zoi#_3|@O)A3GhAFK!eN%LNuw)!PnK#gDpU|3lbIy3Pu&K7;K{CX{L zKq(`b#~Q8+4cNB2e1%Q)z+&Lg{KC#xht~`(X0HHytI3%2f9cswf%IU)YSHT)7D{nJ z-N!29gmItE4j!7JOfD8L%g7MkH}(TV0xCY8PJdg~qri2v-7ou_93E0AP8C(@2AY(A z4AvsiUjbXj%-pLldOO}1prXguNBtFQ^(R{Yv0L7NiLMCt{6bUeIQ$|Se=kQ+=3m>A zwe1lrPQeJBzw(;7u`_?|*N8Rj)eURt_U1J`D5k!w!pBnh^VT1H+h7ivmUq9o8MYO3 z-cepYm{dAtdw`-~&v5932UAeLGW(o74WS|u^iXY1;C9o$e5Kyy;3!?JbM__9e%@5kK;AjrGCk<$Od-w z_=sJZvj!i6LoYHv$+P?oPPI1oUgC@hL`+u&@leQr_}$y|B|1O{4NI)MY&kaG9t=74 zZGJjBonuPe^Tcqqe;AmH4Y{I8b_b-(Xz~5C*=He*SWZz5eayXIWHyF);R@tlX$Pc#JtAyo7x638np1c^YG^iM0Jh8?C-D3bN+*ypiArU i_mC!h_W!!bB|L!vomqS= + ![Bitwarden's Data Breach Report feature](../assets/img/account-deletion/exposed_passwords.png) +

    lU z6ym=0v=h)g{2ln#5^CkI56pQ?BQ~A}# zWtSC(&oVkep-`csLV?O6?2x}GJ84Ins1=5^s-4&fyHU^ht-ktC_(V}kTbwqFuWFleTj$U|WvM8r`JQwu6ot(~ ze%CuF^7geXKTkxVhol_M$N2kF_za=rPL;CoxOp9;nzv(GWJ*S~tqDFKvn14}fA!;u zj=j7G@Aq!ir8&22F!+n;rzeV8bNDzNOH&5_Mc7Cq9#>$sr#uo$K#Cgz;R8fxVO)_= zpXTogk4+U2WR*X}ad4J$W>TmJz6fOyd!|D@oT4ktk44Db zN6KiqLrTDVo8Iaky$^B2A6v$B$KpO5mPrro8qMt%4Nly1PBuk_hAekTNE}sWe<5uQ zGd*2Rb!yC8+rZ*m;Sg-=V9%(R=Mpt;c!|yrF{Mo?Ohm|xFelO0rkh7qsr#; z#-Hvwl2o4`&n#OQAjma1q9)|u6}x54{|@Z5sLt|U{8u;8JyNJrkF!Z5=j16>af|== z-_}uL1PMP%IgV_hv4iXu;>2CFRQDBnYi&sRorCIt%oVBJDya=YD7JtO6RS_-OD4{& z({N#f3X{t@*)gA~MESMNcfo5-;;rXG=#y{eTJ!2;SXpW^aA*-TO;%Fjp3OzxKze}d zQ+qukPbv)uIc+&b;a5#&1$50d`L8SRW$ct7yW+^w#*Nu-cJyn9-X)^9n(^qnu#6bi zdSWEUR@z>LST^f06RB>mMlXUGCM&PgYzS94*PAc!z>A6Nblos^c1rLtdBdj|m7hc` z{>a(A-249D(jweYvoabIvN8(Y=gcu@E{96Q;yrR6aWgS^ujp;Mg$Gvp`GuZtvoem5 znm_|AeTBFPxC;HV2{OIex4)f*?>>LAcSsWn3FWwpccz46r*wYsQ)1Weexmnz_L;@P zslIn5jcwoFS^j~L>0;8fibV6ftz_K5KX3i`pH0}^1Sex%?izLlEYwN4we1vxdhtY| z0RuW`C29jB+iWU~)^#a7Xl$Pgs6?Hvz}WoqwA|7hG4r+2S^D3?IL6fM4@T<15@sKa z8LgLh{VfNDs6yhpZLg{w(Btm~Uml-~OW$B%M!?$i4>OdK8w_Fu+{;Z$Bf^Xdq<)JSxE21H;&CmAQn3MBp&n zn+`DM#)TlSH$}Qyoo3K0e{xqAfG!4Pxh)I#kGNxnC-X~CuLQ9Hztb5*fRG&qcCbNU z)M^J#H%ZJ?9*ph*oc_+3Sl%&_B=9Ad6c=y8_bU_rd5uB-veHY+Z%JAR!~sp zsx5D#LC$8Hp5~v}t_vc_1$aq*puUZZ<)i#Aj|YQ6CTHi*9-=E3a&q!Hb6<1wIWYEN zB*p_(?;OmI{y76*8EDYDfEhed>TF(Ye2QcfL%J`01GjlwLwhOcGoN{j-In~>o$K?}@pCH1UkJ9&jqmiF{a(tkD>5 znzIP>UKaxpU+JHrcg#G8*^o^RlZ6;h`MUizFe37AQRce$-10i~fXsvUR#WUpTD<1` z`!(>f_!{ptxA|$uAl1$bcVjJ<_c1sv$E0swK>Wb!EBJ8bV`zvF_qFH;ZUL8=je+=q zdgN#pa3#D1H=)mHH0EJp2*AO7 zE7Cnohth@7z@6#;>LcZ)qoPn$hQr-5(F`YHHaMkMl%k$(Nm7i{ zY>w`jv7&ZAYijh~DBf)-?ns{u z(vZeuBKgUP%*HF6Zj@3Sy-v%EJ0@I|O98eiMO_MZ8?0trIhKnu;dF1c{jQ`QRt=!n zHoVCZWL|ae!ro~LkWZ!$M)uE9$C|sddWPE5+uhl}HI$ymu>5(^w$<2MNN7Wd+5ky^KCNT$2J&_?4q}qrw+_ex zJYzw=)~9S4(HvqYw-FlZiwXv~jNgX~vpfZAm6K69cR14}POZHji+sr_C}UyRHQHCM zX?gkDOuWxkhnjEE*VJ{aE(yAaWr=5V)LaQ?kNQ}c}FgX{77WPrd(>ARrUC-6jt@= zAvWHt!UXL$^$NB+x{z*V|BTXU)>9;tke&?IR-E{F3&9Cf7La1V)k6SaL}BwZO9kn8dH9|dtwKL;_6EQX{mCHM{5GViXoBf7A7q8 z-wjSbXtX8}-dQ(lT)EpODRc9B5WXa=?dOi~%Y;oQaZAoV(9$iKlM|*voJ@&HJ{)26|vZ_K|Ldw^PFOB8I$-S^Co8`4d5yvTrYlLL1%G$S|SHP?48%TP+L z)q`jFA@DKLbx?KYe_sHN@7EAZA`awcXs){JoQHJ)rtJ}SQ&N{;tpsXnG^_3*TJOMIIg9hPcd#^W;V zpmqOdJfkxeFlzNI5pw>}VuO2m9-Meo%yRSn{y?)&YtHCgKK#SY6}-3v zSU|rQgb8OIusP3~)lXLC9AwaD0pjjSb9sOpMuUS&*VUU7c$F z2^ML_D0g|OlYc-gji^3igkw&F@gLX>g`kuTWQ7!T$(s9Fa7TOap!`fRp(?_o1)1HV zOxUjqI8kk%A7XRR$Y^FMdg0ZO%A=Aq`$?SZ+3xx|m2?0K zHc|VOu=PXlmb%_GhMenf7S+LqWO|JW(zpi^Y0a+KRB7JI0|DgMToS*A!Jw|6?k=}6r-&o7; zOsDB$JCkD-qzpyRa%i$Tke`zU@afa7_-~N6~&T~ zoEiF%HC$n++iZsv6``nrT}WWBEd=AFdW$pWE-VPQgMafVkvjW!gxkFGSStJNxX*a6 z7EkNRhp@91=gDaw$BTE<*f`eczgM5m4Z%9bunKN8X$>H|7-?xLKva9P0y;Sj%2bf) zy222I#}6Zz&ujyd!y!QiK}Pl-Y(k7s(0Gm+Lj_=W`D;Ci3GlLFo9m6E{uPp+Ym90) zvPMEF9WAOk!`V7V37OOx)yM}<^E-b9HutyaHs@0%dAaS1gHuzEbXaVQ^kF#c>OiKx z^=)&hZbGL8?|?Xt_DqiXiKPNT&FiX}6eqL;DM|y8MX{W^lt!9C8;U0V*C{#~du4<` zD7schAN@%&AA7+o))m@P1uv0xWr2Qs^`B@ zK1k6>w9UuwUR=amvdg8$%Yya2Z%y^!{gCb3%{)uX!mXm?%Q?(uA+AsKM818F!Nu|U zhE24TFF=5 zJ`aBW%*OZpSE1^VOw7daVl#(bv2I%C)okIKFOi_#yKagY5Rh;3;N^-BaVDYFHq8PrV&1ej6CdF0#oNGqOin^<=0V%;iyPZGF+;@5m2ck`6AnZ@ zT<$XP9ELw$gOw<1%bVbfO6C+LfwmTlnN91bx^xH~jwD-*f?B9N5p&k#-)b$&FW)hU zI^hz$nSidT$>Zm|W6Tk)?L2t-=R-AmHp?q+@{a8oqOsYlc3mybyw~T~!C$n~C@AV) zuA?`XH`ky{_s3H6T7I~k1e&&Yb>K2a)P3>d5-bB>gW02&NVe;XUW_s@F13=O3pT39 zulp@86&Zej?Y22E8T~!Fa`_0f*NY(e53KOGb@%D7P$nR>884Gc_ zow(M6Yt|N?f9=?Dl6&zpYH{xkukDKLh0Eh#HXR_EGh*c;zWPh#)pKs1eaZ*pK&nzqR*|?GI~Nk~OmO%zawm+>e6R`=%Osmfk| z$B_*QzH!NO$qR5!@D*jq@u9r-Bu18Qc;-}hH?uv zv1xxzq!=Cv%;fO#$bgYYQ)QE;YE6OX8qke|a!QW833R@zp|VK_-wFwR=1*%{dEZd=PpU)^19!46HQ60|9hA-XTafIpQd1#56J&NqB-NBP zDzk-qePz=!0=Y0dtD{esZ3~>WlQB(W!RK}HSx4fOQ50g)6|l^#!}jiD(-j`Kr5!cw zKVM9ui+L9_{Z)VFFET}UZWzREZxwiDtB-~4StvODph8$hhTV_{KFh#;%OO}M@>E7~a(%Ds*+Bt~s6A3=@OpJ7Az!X^77OCYhN9zQq|B;rLCBqp9t^FGB~ z99h6N4lsbmra05)ze+?qUR66Ig+?N(jSk|R-3!|1Xlc>8dgWuE4>RbS{)q%TX<2#| z+B{kPRa7sC4>+8se$}g)-tE5-nCI#LOapsL#D8$7RiC3UyD@dzsETAmI~>ao;m>Gy z*7|{8^XRduckD^7qVQO2PwwSe$nr8__U2~UqQ3rYhBQ0Xlm(iH6;N#2eQ?bg8hz=9 zWhyJELhVY2>sMduoSAuF=Upm`_3{{mTPy}(+l+JLhzQxfJ9S@M=vLaLKT?Nie=!j< zQVmUrsEXz+Rv=8Mu{OYwo5HKo77aa1)?B?B46fr{ejU7z&g?eZ6?`SYe3!l!aOv)4 zZT^x-ubJG9VK@MdqU`A_F>(+NxLibylF?$rxH?UOq*!xH+_0*fe4#q=6HB9L%oFF( zni9*3T|^&$84M=qF{a3yUsclFIho?6OFUpElRC5TzDLt~CjljnI9#B`^S2z4z--0? zX=Qr`N1g}d-O_b^m(bch6$jo*^q>VjT5YkyJ}mBf_^3904T<6gbDlvro?^mLJL+Im zKxWB+O+IW2?}{O&akf%lms3peos}xat}=sRTtGV_Zs4;=iK;aFYS`u=LrgUaDPKv( zOh2a!xlyw@MEbwKP!i0fIX$~oNfQgXreO*F@yXS8QwLX4U66V9fjpz&4JD zf(T!pQjpxwy#CkY@^9`WXt`+vD2cU*Y(?y+tlesvH;2sb`<{=?&t=#Pky{qUU4fg| z-X6|h?xxIw&uP0(X;s9;`SKQrslc@zblUd^BFS%wYffIOTaNAd_pzS*SFZ`<(S2Ja zFFjkOWkUb+!)fNgz!@gW^M>~Tc2HrTUg8dxq~v8GP}6s`j&z_Os?*n&;M7*~^z;-? z-1+mTd=|W;%OshGG>*>B7~uJ)MU`v^H?0_wrg_ePz%epl)AopdpGL{05uXW zgAN{78tGMKD!1=9qh7G5yRrD-Lb;(rbx;RhP$LS0US?EfknxGKqCeSWSX!ssL4Y(4 z>Rjs9v6w9-n-|%GK=5L%J7f;a{2F6s!OkMJs3vI3D0*Bn?~u7(4JVJbB2Lw%)*3Xc znGYdRWEgS~*zR{fKm2Y}hkFC`C`H6Z6v9&l(3F7 zpHg;%I3P#-Xs64=LODBws;x(Jr8M40`L39`O1kQy+r={Qa+)kMQU_*hemF$w3LnXH z@#4=;APc&HfP9whJ1LO{LoXi#v9R;_onaQpluK1{Dy$lYHvG{NnLms#&s_gziEgQN zOsR~6Y@^@F#Qd}0eoaeCipTIo$WrGkN91iyj+fRAa~m>ph0jHNUg>=r(M3eKj!0|A zhnKodfeWqt-tY; z2?$ZHI^)^YDg8kQZbe)CW@ueBVkJ7~=^np`Q3`WuYKa5PwBBEcqECTe^u1u>l|{wu zY;;x5E6QiKQ^~Cd{E})Y@f;ROgbRFsB;f zadlQ5R!H&JS)o>Eo_0FVd!FvpiXEGPf}ohKR+?~>nU9$mrJC&A-D*nWPM^R3yt zT%_uUq!*hN8$rQ!Z`ZP3U-SibnX|qf?zwOm|5r1w8YI!)dH>8;BJYIgQ~Q6pfEC|f z$oz{aEMy&7sBC&|Van&;S@H!JTz$MFs~czf-t6W`l5{qJ_0UfNDxl9s5Ty`xJyK1iqc`S#Dz^eOk| zfAA)k>Z%$`2`ED$U(jug6eLJbavWS(z@|V`XYom8NGuQXiZ!zYUOn2f^^Ub$KYS3m zEvF9P181QrPr2fSFby3?G!ZmP@WCf1q-4=4o zDMEsIFo@UFQR9-TSvRXMnq{+&%pmPB2d%85q(lX{AC!M8)`Q%JgE@;^>s5+NwR4T7 z>>@-gj@eUA)Bue~p`ZV?bn}65!f`t_C84g*Y%jLHSxB0%6-EyorQcV9`Enjgf|9Q= zK@IY;S4`1djmt-;r*)Zi(V;PqHb3i^DnugQXVzsYO>rd=wg3=Td4vJGi0C^X_YyP} zLAM_vlSk!h3;3d>(Ib@@)#}G!(7@x3$B2)%{e-d4sS92${LW?$|Ekz#5=uk&qH?U7 z6tqEDd(BWsfly%n_i=>6SNty_Xe|1~Jxa>4GMTnbk%IcTHu}T16=3xd3UlO15h9S= z-v!Nrc`awvi%olz2tL>8FcgS@b%+fw=$53?RqxYBx-mm#lC$ZzH#VQtl96R(hOlCV z8VQ9cjytsC3t_^ZPR%krondy`26>IeY-_*8$y6CfODM8){wO6fSBc4AfhA;gCXpsy z-t&02vdsB_?Q8aXEBQAdP#9$))|kRTU?z7V2luX}e#)#9#fq{ZXVr2)NaBfMRGEMr zznI7vi&mi0u)rY$J{Osh2>MQT-_vZ#mvj0Q?8IF)6|SQ8x^- z9}Nx1glqL_)!h}{Q_3Z+NWC~bqJ*-uy*8_|?6>_Qw|0)!uIKLm)o9DQUoX8hY1CNe zWV}VNj=uAqK5!XPQEBvkJ}s;@YMu1V|BWSal27%nj*l29Y`S?-^3=V>=6ej7el+|D zXzz!c#yfob%10Uv<97V`fp-9jNQl;t10>3`1!}(qONtYt=Py@h!@NY6e zV&N3`kw?kP!f~}<5~uBtoTBLFw`?xGc|C`?anS=K9lP(q$^ zpa?86T`PNW!-xy-h@qL@Atc@P0Qx66l3=?xjpwP4xmXQ0QjJDu-Rp)WkQe3=oE)5v z=*t;i!KzGUCLbt6e8*eYh+1cMbluNFZYe03Iy81K+Y}A3+b_-cYSY8=DL=$ZhJOI#6sS^V!>MH-^4jMamn6)oP`pJu9La6qGgL5 z(}=e3ypS;pd<~@-SmUwW$Dh3b-gf+c1Hr)SX!hm|y4=+0(DmWw~~AiYm{@DvE&dj;IB>@nUP_T~AmPwl8wR3lgP z)hCl;6%8v0DrQf`0{faQjB~pDuGw;=ItvcQZ;x1AnlFi{Ed94Nmyshj)QN`Di{<;N zR%(v)O z@7+pnz`~(A-5vMIt=b>>+Sr_^V(rJ9=kPhxSRxx1?bg!sd z6;Lzde(wg$1gG_CR~R?Puw3t=q7;v8TSas?Ifn%(?HJ{Buzd8YfZktJfiTA#Yb?@- z5{fsDit)-3NSG)TH&eAYBXfD7$UzxPHY7JZCQM=GGyK}q$Y`47*$kaWm8k}o9-BCh z6SP0xdYd1I%rSayb^7CM0TjleX2R+|ODJkfNwS>lzmV#%7o8KwRhAzM(GwC{GU>UX zZ)YwOc3^j%-5m=>5vLpyCg!}EGC&IdC`7?(Hk2WZR^7kv{KXTOQ&lsO0mwZ&}fGrZ#q4g8|1SN|zF{Lf_txAT%bo3bQ)@wH@EM1bZD# zO@HD^CO#wyzNjml-JBy(iDSJ=)sHiIq8?}Wq8PmJcOoHudo~+ftZU4MSDFn=JMw;> zocQU}%5FHAy!cOfBy zN13v}^$Vl6G$NF~~KSF&BUWNO=EIM>Gz%-(E0$U?9c=fZg#eqdTwDe)hPv)1|Q zsCVOiF81w57_NEpt>2ra=3c;`%5cmfGICV^J|3E(ZVzR}6{|aG+H3vg9{y`_@7dC$ zp~w#%KHkiYl1Kj*J4|Ba=j{S1HXXLJfr1fRscp9SP``hmFdv!7-m~i!jrPLYlV7(U zw(dTDO=s5T_NOk>Pd~2}pL$!*&HOX7w`v4K%zoyjW@a#}g2|^7~wN z9hGuML$vS-f7PF)ZWuzkocl9RjoL!ABz*-f{s=(vI~{l4RNLcsOYAY;ZTJKNkkspg zuDh)I`g+E{`S)9+0YmAKKf+pQLHC#UOv1Z0I^%!k0DsDVM&bX9`2QcB%EQyG<`#DS z-9GQCbYK(rm6srN>T?qicABVoEwqW3s3EK5)K1!34PrK&|zB|2_(6*!CECgtfU3sGUj!j z_d1)TQEjgzf65K|^P9cXlgEX6%)Tx{BKAv_wpxFqG8!}YG#g@Cc;L4m7ycDLA%akW z1*G%Laxk}!IcEbap+KKdt)#j_@2xWecY{fbsct7S!>Nw)ZktEDM== zaoc5ocZX}rPUl77k)j)G5Q%%>{$^fXXcs5!UeQNRce>hvOdIBw9ustHc5sK=>u^Zp zj3*W*Kr2Z=Ck%<6LGc7(rss<6&m21N8`w8Snh^K>ZeM77H`kbsjBkBjb2^0A z3z(4DLE*;)$M{NO3oSl@FHCn=0|I_D8|hUP&lMEwi|sWpF+8op!?lHzwV@DN7Vyzq zL?u&6s*=p-`9%r>m2A!h*7|xo(}ErGK7@Hc_=@84PwuNzXMya~g6PBd^)ORM3Vqb_ zJi1hsSU;0qg?d6gzK2JZTX}g{cwe|tY`QL(Xi#XjfO}oeIgDJ->2LyO$Nj~c(4b;g zoy#Oj2cg(^IW|X`)CpKLx1^<=P-&D@&HhP>abk|9pfHyv6qfX;ni8nmK=IGz@tKf^ zm~)8)nNNg~0vSxLgvZ30JS2x^lS!Ob9Lwt4?v-aqj7B+e>xa`u;1<{vyy|R{LXt8)QyI4a#x?=N|Cl04HwH3|OH(CeY?woqK<2Vi!y}3l zb}3IBcHxGU&@C`}8F#&^I@q*C&}9Y}FYPAnBQ1tfU7R5by{T@G>N2eZWix3oOT>%@ z@KD|F?{X%yTLaoqiCp$ykqaPELX+pphNt|5NkoUBx|sJM^`S3XT)dQVN1*ISTN$q1 zHVtCW7Fe6wwAtCU5Q^Wi*(lXmdg}`>CDG?yl%C$K0{8DluX{p7mwt zhNKs4C&vHK0~&`5*+zYAiK|125-Ygazo@iPV922^>W9g({5G%@lz1s z9tcM%3&*e}G2@k{;;3;A-|@QUnihFC#Cj7Qy)aK)S(y;@Pg&krE?N>5P@8`bHQB@6 zmz`C%kLgz$66#vuYK)jjfHp5UzgUbT;l%FqG2EebpP(h~2o%hH4}Tll+$kfTZ>R1vz$YHH&dwyC-hqU&|TQ_WKX!1QeF{ z$eI+7iu1pfnT~K>PVO-)^~EPCe}95l3Y5o+B{l2CDeRJphg(u3A#;CBX|y4j0zHGK z={zc<>=Y&CWiZ>HWUwb_0_DrzbWzr%WSpcb;*Nr6f(GvP$-|~dmT6&&HgBY`k}Sqo z1JsP-XY3LOtT+4$6gmb5Uou!e8)#HsRIb4{!@MbdH6|I zi@_h;jIs26Za2}+ig-gFC%l6ho*E9FyvNPxQGHh2&%=g9E;^?Z+Uy@R*3%~Ylb#6A z9tqPM(Yte~V|xg4fF)`X8SlU-c{ZMseNkGh9G)xaA$H-!3G0$q{yH7M-3DC_;QJF%*Q`Dwl9}zqpoAf0$7eu6oW^bfo3%(Aj5^ zvn2R|y2F7|FDqYa0vY{htr5*dN~G!E`Yy=z^7DJgD&kM7dPl!zt#m3fq2zTYPAXPt zhyvtG4XsD9^=lfXgdER8lh8P)Ik3ltUXx4{4tbtvI7(p!jJ-Tw`jw9R&)NPsiQs#Z zDh!nKSX}`<+A9h+Ya{YP(hAtF8Q2gz$3!pxs(}?hwrj4Ji6sz=NnJ%#^Tsfkfq0ebkTkPC2p|w1b#fDXIh^QIJgnuaG=U40470>1SIeFwDCE5CqjGn%I3uonh3hGf|B$SQ;G)7C2S-vNUNoozUK3foK)DvSH%Jh!LAOMwkWY0n3Eml5CIM!6~1HhF9cb(4}{~uvmTe@_jZ_Rmzne zGwh;~HRLN)b^clIgjC#S!$~2Lb4|pkXt)OjMb6S;vqnYEeV0_2;^v{n^x!E&K9x+U z_Z(Bs?t<@9la+fOabVi*W^e|G+iUO1Aykh{4#R^JQT7Pqqj;^$yQ9CnK6D}!O-{RP zYDFcf$*S61d)d(NFr;>*dXBah(c43$GGX2&c*3&!1Y*qmdo00cB4VKnL$A>FSkGg* zZ$pM^MSfSR$$MUXG7saFROir*b)|etqE84Er(>639FzbDhyjwtRU>hM4RUetvQEYrHo7vI@IR0_@VbwsuzM z-`#+|Pb?}nKM~o}KTi~&-pBxC9f2Ii0gz(290JCpLku?`VXHuTzgW|#+MGUegV*Jn z>Ol+zR3O?c&obwwfqeb=og?z_0p+y3d@Lm+69_aK5)%^*D|S*|Tl(!v%^x7oBqs7L zbN>G_XTP0!T8RJA&m13_yDJK#njGUCU51qzx%F?nj#4u3Hlp1;bqYewOH7BJbIyv6 z?!e|+QBEs4#u<9N3)=QD@6+2OJ+6H_sj7KSdp1#?>#N(|s~>+3e}h_ue@afqI+*O+ zR+nA0no~rN9$}O#*NcudNl5h4#~R1 zUK!gNbsy;{YQQGV^~ss0=rPoFct$J&jEQ44f?1S4JN*DZ#uq-SVt*h+UaXi+W6E!I+15dIQzy;Tnl$Hu`W8}5RQej$UU(6+nMARUL35b~C#e~^`RBP*1 zPoIpmy40gaNYgU18RZ0j4BA!d=XZxZzkR_X0m#w&oqPzc!((`~r!6pl(m`rK=BXvQ z1r96PTCG?>A?gczK-1>&mbf;YP?UdHTq8s^+s&&AZ?8^{0gF#Y#0@@(DOTDv z02oQvOZ^{EEMNb+mh0nQV-B{mBk9NH)p{N z>cH?BX15vqGtg-A6&1p^fLM!_cM0v+_Cl+d~EW=PZrR(_6JTZa(C!d_fnA|;%^<39x$wUuz>XvuO z!A3SJN5{SO@I)}r#lM@u8|3UAomgSZQyuj;BFz;hM2sC!A>S3wDgxFl-%_@5f6@ty z88pphxx@J9GvN8E!&micwfjZ^4gYI=c1L$J#HQ)V-+1lSZ zm)k*q0DmVd)CT0lfjIAdv-{5XA=wL~wR4L#uZKd~@dJVhpdOibT?2ep3i#Z~b#474KB`BH8FCZ6`Yco` zjOo%RO!-k;DIjxE_=y44hACW=g2LHAgA0+Y7fZPQ>s)jr-;hO}3+Do8j!p1me%vSB zP5n08*!)zjPAxp=$y{0-J*6rb4C17$UivWv*VooHFv0S8QHeQAt;ykPEn#)-521~d73E~1;*)pP{a-2W_f!bTzLV~6deq>{bM%90##E!c_wi}>+`AYc z1MIeU26?N%8D1EN6dKK3N(g}pt^Ap8v>wc6_iNVc^SP1c2hIl(l>T2)B|k5G+%@0$ zpLTQ}?3K8TZMl!Bd>U~bd?}UBxpXXO`L5PK4zCHKnxlN41Jb15sXTh#`}t`vM04t< z#3mE|@}RyzW8(39vEuRImGb$jQ~6P}`XV-oQZOa)`r~PeN8#PW*|eXa6Ak0J1GKH& z{Psb5(+z<*JPge13OzW=9XS8ZO*N?c+1MI!K=*61|gSvzSYn>Snwfk121zo=}u@Hc9KQi%P`-mI}>s{MLDu=f|SmEN%O z??EF3)Eyxo{@p!r6Yg&EuJ3^4)LK@sA^hzP{NDd=tMHTT-@Lo&d!gVXOyDvL2=9X; zJ_YY!{@>VK+P+c$|&Es9`D;` zyNm9Y&$L!Ae|y5LJ!>w{G_J>W;Fjvt{mKB?Sd?@7!j(ZjGBW;8wSC2dy^q{{ek=R^ zKJ>`D{lmHXhu5cL%YUu2HylvkDI^fL*ZG;^(2mv($J)8l?u*a3^^m%6rbb!+B9zN` z(@_A4X=Jh8-7>6vk@h^oK*+#LWy~bmc#-*)fruy479?kYf@o-CCe4_F;mTuhZ6)Dt zLg52rRdYQq9v+EL%SV3o^5YqgcPH*w5c*Nl+st{@Vw2hiyl_#1ryiA$vX--rp$f?! z(*R+N%nj~3;jZqCKGUXPn4J(l^%-pjW{UPjAJMFRNa|IcY0jnmxY(h}F4Hr6Umsou zi(%8IF^to$`?i8R+<}G#cUQ4JDts>dg^l;)Wa}Ws6b{Y!hwaYw<-c}~O)#jo9v2)| zEG;##6e}sF-(Z4cGA0n4Fnox95bnP{_p~w-oJ?oLmS|^)YEi5*VdG3&yik_)56@!h z?$<&2NTF*jfH)kqc}Nz1APR{k7TY2Sg~TUUjb=X(x+7Dz(iPi5y z(E7)jbMx`|4U97pb`Z!HFaw*ujmzTPY)>zy(ARxS`Y);xTmq-shHl+xm~QGL4ZS(T zg*&Er>yp;S3|$u&V$xne$M{kyW|3bUOJBdW;EnRUd(Z3}t+ch1jJmRwx6 ziER2s#{r3?Gn=|fc;=F@7EgbS@$VPko47*Uq^Q>sQ!~@iPkel4C)E1*7>0L_ylE*8 zSNw1KK!(A~h%M*8hwe^<^lR6@e7fC1yMy;G6a+)ZX}ZFYXF?UG8%MM$s$+`?mQDHv zx6yJS+fsC)0&ny9PB#{`p%XnDZ-MusmqsC3ckG6L+528>t>Q@Qn-ob06vxTRFm9QY zunH2~e(ELBBSYLsUxqU=zVOQ;+C_{-EU&?&%D|C`s>DN`4UtT};v?7a9Mb85MiKfh z4k}c=Rxh}Qb4*D62D5+Mp?=looz#MO8PS>6wkF|;UKuHY9vj!tnKG-wasuMB>1W=i z1lpU%nG$=UFzE}dn2lD51I3#FbyJOxAG@WbgrH(*KIxow2fqXL&yE#52x_rcmi3-E z+X!Jq?99J&KkBe*`(S0yfpMAf^A%I~Dv=_QG^!A%_2{X;ZaXwxw{go8NFO$Bd1p_7 zCm9Tn21USH9&xzNE+lQoYOAxiSOF!%ZF?_E{w1=T`+T|#op=6@?!#Y;tGZNQ8u+nG zmhcBK*~_!0$68nHusMhd`Vl1y0Q-aOtk?H~j`slnanQ~+-Hv_GuKnHZ`28)g;{6f# zmz{6;O|G4aOy0YWvZDaIc|bx>BK!A8;RE-kqMcFpH^4mxFqyX#QL=y1n%Z~f%v>yL z=3fJVfQLh9-t9=5I;ZBw`HH7)r#O3% z^t#b@~2^+Z(^H2tGg3W~E@{O^-?WV(R|XNae}aXD$gW?scVH ztlm_U-!`Gv)D^G43RfcHV|jDR|9XDg2yj21Q?`*qc$WO2CPw6{Fny}8u{-DyfS zc}%Ed)hhgHR8UUs+~m|Wuc|}zP>_+jWa$h6bxK+^ma@z*rs@VBoZJYG7%Gh>7#u9Z zsf|G{>cf$g&5l;Of1JzqS`v?wL!g3K({#wec9)qivb_urGaZXF_914erVy_)F%S|V zWp8%O$B3A4H)fXr{+$nwKCHIu7pAt)VQ6hIT$EgX3!QT?Nd`p489|8Q5aX)7d$K)W% zpwS>pYi;#veh~w`3gubC$G^o`-6(A$mBg!QaCnSnVZL>{{Rwi~nqQh@+4S@xaLZL~ z1VQ%hAabzi`b1-4LbwucRvi=y_J}_h)-#BZpukg!eui{42;+qC{0ZFnj)-eD=!UW| z&d;DI+CGQZEI#WMMB#0OUVw{2QYgS)wC1STv|`%zqDO|BoF3H?obamFLOP=_x{C+> z#V@=X95&LJvqx0pDBYrUShRU8sxi<+YjK**ETVg6L~P`&nF79|98n04bLR3nS{ zpPSAOCQ-&&*NNwrxbd*AEap5$ z(^U*89PGY#JFcEz^Y}T!ryV)|miKyOI?E*(C1L3*lVYk>vF%jRP~JE4vvuYhll8Px zHLO@u0-)|i&%o?UjUHCh$`&Y1rkHQ75+|vekGld!#~(ToNqWIq=P4V3fabkE94Y$N2qZUwlHep#6q>;=}U#_iK zp`Ka9MlyMQhAE3Z9|nt>RXT!8!zl|l^A6(QZ+YkwH%;U&@;Hfa^)l3RjSFq{O{Dx` z%rh?o_+&s^>#M1&+vD1=^KE~#vz@e$`I~8A^{x7sV4eC| zGWonv@^04|gAJF2LAU8-GXb+sKAH_Z6M2gcC2sDb2wzW}DKP^}CGXO1Kiut&D*kiP zmr0R7rQ6Ty{Fya(aDL|0ZS*gB&oA}CMfor<0E%RnQ@~;O(Yz5o^g+e~>Ac>3 zFrsx`0bm!vJx0;}^XJb8SQ+DW5+lG|Sv`Be+q|tIyUIQ;H`-5dZSLs;Hw8qv{T4jw zsFCc=8-KU+->CoZa%*EbYh`rRv^W)lg;N_%PCb#Qz$CQM%*B^i_-)YNrCG=HnWp6A zuptLQMN?ZciREmFsC{DQFgVAYNL2}A3p}8&1tUSQ#RU|7!ItntI{W0l?7U7RsObQ9 z?3O-5V$wm&j`thW_y6KP1vgUKZ8%u0vyZN~sv#5y^Mba=M-DCS=kFct-YMf@N9_h+ zF(w+qod)D8W4PFpU2n_!0`)8Qzkj3q9dRa>lT*$2w&kfXs5Q-4kg+B$dB0bzRgL-? zksaNTAXz=tmsBNVgM;Qb9_o08^+l%oj&>8fhX~}beE+oY>Bq>_`2(*p-+D_kUM_YH za*%pVh@`fI0K%}v*qg7oNVuQ;-kXkyjioL+PuIpBgk2AgFl!Fee-1M>z>JG zExzwKI~jW+mlB!aoXh8?PjZUQfAZTtAUlTLwf)DNx-oK469fCAo*>OOo3^Vi$x{vt zqt-Zc{qB*8H|rtd@)p46&kF{JmA8QRKElEf`5-q-{fd^hNU`bmOa~X~atf0OEoFAD zn9r?c6(J++HlJ9l;Tm82R|3;fB{ZRfyxf`D-Za^(38(ER1Vt7fT97g^J}Dr_AY(sXc-8LJ1YMZ23r#Y)Tf%E)xFhanNPWs8zN!ST3GT# z+_Jx)DDo7>u!rWo(gR7eL=$JR{Rm`Cp<> zs1IwH9&J(QuaDPSeUAc#R9+?$k$zT0!0Ldi^IaKbxn7D$83uYvXg;k0>sJ%Xq}FO^ z3qBe8e(Nii>H_#g&eq=_y_={hz@_zr+HA|T^ygkS5dh=w_%gTGmc#$}k%8A6EIIvW zHe)$M+}=fRJn^~49FH0u)S6Hc)%vkeyE;Pj-qv@JI1WyRn{2Nnvk#J-2!{Zn=7j2}LzpcH(HJa{%p4x>KsGA?Klux;lClWx!h7Q=Ql?gJl{ejU zy>@&jBA3FVT;8kV9HPXy2t&}~<2~O#+h|kobioW`(aXeuW5s4G`yc9N_(8AF=0@W= zbVU7BzKm9AAitT6Ws*NLwhH;$PfCrd$oCgPr+&&z&O}QM&c9EC|G2|7A>%KP-xsdT z@?+DQ${uBi2#K$5*?5Ap?_YW14?6>2u(L~jm?)PtZc$xMKn-eU5Sgnowu&rw zUJ^+PUCn7N?p_KR%T49>vvJg!Yoe{IX=0ei>~wE71>ZC=`eI)Aru+;1{_t=H5M9UJ z+WU-ZpBTPOW^8ZV54fR0A5dTb`-+;3uk&gXn4P@!2i%jlUCE(0v%l}JBYwS1k$#y& zK*u->8^@#`Ikh(7cpdb;X($kM#p+w7X+xfp(a#p-SHSrE(HAGMLU@HAT`eQ^$DZnJ zIK%EM8xfffKj-gASKGc|g ziztZ+D`e|=6hpwaz6Rf#xCA_bTX<;p^m)G|}ubA;G-bv~6C)>yVd zw1Qz^B^8#w)TrgAoke;{k+Qk!a$Y2{%0&1Ct$y7+TTC6k04Z~(z5&{Z6^(vqJ`nFu zr~_vX_HZiD5$`Dph5*(sZ6fTxMU$kJ3K*#ZP`IDYc&6t4QsYgzUx%du6x#4Bt4#7= zvBOh&z#Ja(j3uZ@T?xI+L06kbNsA3LaW^uYG=nFuOqqDw{i~JDpr*~-jF%n>jRW_e z5K<5PlAfp7*24TqZn)~$0EQT*t)8%zQ{Xu%t3YeQv$}&q$`k`8AuXfvx5Yne8?7T2s7Jq885RXtO*vuqXMA-_q9!-%y=LjKQXr9!;1s;puBV%P@&f!i$;oYEkB{odN>xt0t$RD6yrNm5X(@DaU+mMmqIgD;e(X3-a`s{dd?76>( zihHD$AQtXeh+TQ?`X43b=V`67lWIjGXfMvtUOeVm@au2HXaO^U(FScyc~v zc7v*^M5Ijo7Ygx7x?x4TR-~RfI@aQ5J*U=(r3;%LIZxawUL}NwS0;z%oJA2ni-uSs z5XVfk?}X7rm^|2|1XQK;X`6x0HMk$K% zUaX8syj!26pV2q_5j}wyZRL*}*w-#3NCVqG3|O0qb|IVld+r_LR=VpHg0`>f{8a~F zX%A2rkIblhNcq=4rW2>id)BCa#~j|Wn3VoJqa{krZbYUGO-IRm+EOVRy2$oih~-;Z z1hs}jQ_~|feqm)$Z#4d(lE9#Daf-(iZnAt`_rC5PFK7824nWFu(AaDx3CT7C(_h?D zd|KyYmM=X$y@g8XBf=M^e1Wip`#u)X5Ohi%%z? z{r3*do2#6k`fTrNU#yb(=wZq+ddlm~zN%Cc1ncuECt9+-E5;bXHP^{E7>1nr3>689Yjt~2^;F%N&+ zLKFMR)w_NlRr-4W3!}0|%#XZwDAP-azJk=r&LW=S=x9M#eT=#O$1QgRHZ}7%KU7{m z47)7>xzq#e&k@Kr1a$=i+~3X{)XCk$L3Bo9_HT< z@TXn^zT1aJa!ufoBh}l0)0LGKz%!ilDfo5^KrEgExZ-~Rg?Q)t^O|fZba4;Yvu@qw z0Y??Q=M!Xqd5p>ubzW-qI&f}6HQJ4)73a3C*Be>-?mRT0f%Zbh{zJzAFh1@AOkr^V zFi9nS3fRFUffrd)QUa_pJJY*vcYxYl7Jz21>D=LUS#0+`%e(uTclW*K_WJ{W>LKr@ z2(U5ra(}1pylhS;mIY*CdjRnNA7GCJK*-Lk?bo+wR)tmfCcQmd{$C&-_?%^~>5$ zo-hB0skaP^@_oB-hoQTXmJ;dijv)o4hA!#uknRp8W$2I^IweGDP+I9OL1~fB{mk$G z?tScU^2HfuIG%Oi>sr@30~2?bOOU(FVGX)XoawN;B!EA;ftVsd^-V7j4VTdr?PHcE zE&ik4cCw?NfS0%;;OvYeJ0u76I5ZF-Epy#wbk~~z3)+0I{iD7$&j{C?2<^9Cxnfp@4u`S`2kof4-vuunaF z6kooU`T;aGpy2wsBv8w_4lHjJ0PT_U=AjP&%K02I@&!O;%X{}+ncqeazhN7N43g?| ze0}@D9E?zJX5RS1-QQk3Q`T&@%#_OSNpDFwf0*#EbpPw!J)SDW>~_GQ%T_9li6fzN z&|qvVdZ?m>%;2O!F?mo>t?{6t1mGRr3R|YM@gn`{8H-v<=jFC;3JV=8jWio3SjGG$ z-kSRWd>Ri+L{d^RJI9mKNkg=3I!0coO5kbz$aqfQNyz2x7~Jgjfwdu6fEAx`hKbcN z=6ga2$48E(5fjsQC=K&&efIMyH2nNd^W!zRyw=mE&CTMz_267q&-JDOUC@M3->fh5j1Jw65qP)d6 z_s&LkMv_?bj~PGQMd0w?Z+X1e;2RYOLOK|io6FUU~RaH)PGdQgOIn7;dX44^yiM=aih1YO(kq|nF%9~0s z!>h#vQMAQb3muLipbke8;`f$npolO&@qAN28bAlP)U)SHqNJG>t8rOaFez0>BOKYi zou#uy>-!j9jHx)lR#d)KaiFl)W#Qxee!QtF8-(R4#ALgT(HjAJ)@n5zHZA(~Sk?h0 z>?U#nHf_V%YRmd{ePYmvXkcrc{OW?(HA9D2Rk-2HOl&kr6umMT4Kf&}ywn8Z zrgOKlaGvH@!ivxTuA-Tw&^z#63o_M!)vd*dXXNwvb%O4sN5KyNgD#3n@(_8v=J#voD3p5j$WyCGsm{%fB?*uRUW;Mr8Jo^bB*A zu^CMTQ(ak8c5zJ$O9r%lS4~OY?`xG4oapPe;*)n<<~6q9Ix@|}eL@1B(Q9j@bV83V z($rS6VGL!aIV_Qu-5EuVL&4Y~*>Q+WQ~WQvpR;<>v|4GDGD4#&I%zf8hJ+YNkj2)t z`1W=pDk6F~JCm^%Dth$RKy6(T14Yb*y=(UFey2uSG64)mXfTk&OkaX=`B^N*sEyA% z%#D|EEpo!dcV-UK{^DJ3M@5@YCa+ZOmm%?ONA9oo>ghgGxJ&wMX%sDF6IQ?P5D&s% zR$$QUEjyN+@|(VAUkK!`5#kF}7W@6)NHjYy5&pc1%UZ@iDesW0A(cTL(GmVG5|Yj7iMP`a`OvN&d$T8(d-+bT(bRoD-qz8%^MMsF!-W0?-M!2$;?7K|OjHK%cw=<}(`zG;%louMd>rTx1dlW!%AknhP#! zM!C9hKnPAJLX3=eJFunhjDfxH=Qkrt1pxKT9OxouEko!o0$bqPeKF_JSpdriAee~e z$w|?@Jj9MVg1Eq6@HYw3X^l8oyatMo0Rs>QqaeHi)aDb=H~iO^>$bN707Ty%Zm^sE zO+bv}bqa4uKnTS0(;4>@7?d~xG-N;QSJ!nq_Q&8N-T@qrzzq0rMn7A73-nP2E-y>{ zgH3+EY_0F!h`>$(YB@;(9S67w!Xewj8d5hq2y(PkUr4XEy4VInngjQiwg3Op47@3z z_<4HVP(LkvlzT`a_mi3*FdDK2&^q7O1Lq z;mp+9ez$O^muUNcV(jR+56EaDZ-M_V?3tdv2PKdy_Qq!)s-5CPCxZ-`S@8ie$RqH2Z#m5D!ne+188aMQkIs?l5 zPIplwXqdlBH|n@qd##p|HI>tlk>J3~7YK~WoE_!Wlon?sX0+`2<0$BSE0 zw^B)7cSOBZ6v>OUZ=(ELRXp#{psNM&G#wFSN$kp=Bqrj#? zx;SZad?av?AeH?D7^FPHga4Z7My0*KiAKoE!mv!UL>^=!X+55b*;rv!3rZnA`~NWK;4e6$-;$@ zD2#`RfWt};%ds2>8wk{8N7^y8DP?#+bL_q!axRBcWKb)5n~!=}8NDM@LPF7j0#Jw9 z_?(idkbz$@;vQPVJ;^5UpGflF-|bT4E(xs_nPOEj?gKmr9c2ajt+Pqf4APxvew*aS zsu#F;XS94{19uRtXpSFwgkxrBE_}N!-=J$~C2@0K*05EkNGp=jgYa8mQ72JESPEIv z$)kY1aE5hp8^$le>!^y%bSRMAXT>g}zSLq_JR(fa@T|e6u12x>M2X-UAD-FccO=Mi z_Oq|CQM_FaK?6zYEeGGt%lAD0ViSo!7ix3y*s^`Mko^@8- zybC({+rcsP2?E*S5%mi59sd2u$N83rn4k)t=}3x<{LRwRx<>;qt5I}~f9R%Zj9M;x zwYzyA+K8q8^ZGk+D*4^oNZue${uVnLxX3nw00S18Qxyki$0CRT*bLDGO}439DkjiO z`qqP0c1jd=5Q)sPGfba3R!_10Xz(*!_&6RknXc63qxD#wFY)jCSKR|>JCk775;Uc) zTUBc3M|VnYHSbed#<@GqyXXtV+9=jtGyb*gl1;OxT}JJ|qW(!}l2`xek;E+h7c66L z&uqx_!lB7p5Ui%D6eUA|5to4h3Wrr19NO|0?ETJCC{Y;@#{GopZtBLwaeHb;CjUj; ziajJLNkQ#PLsYOlNASrm(zM@K?Yym^>ypOgt$xiGB+o2nL3K*l?GH2%$nPJ3!%&#% zb4DX{Au4T*i$E$K>?y95XJBAv#)|uGjAy`Fq?J1J@y+T-MLVVb%?6lLPKJ88TwEi( zsW@8|=}WIUwSalq<_WHRQOR9T-}fURpn%H!1umM> zKwt9L$BX)}z>AxPJ#zi){Uv^lSff7yDpe4Kxsk6y`#Oc40T=rSmL04E2vs1`WEP-n zM1t(<^PVICvZe;*c??k?F5RJL>4nq)hT*a57x!|9*IvoH5m5v^qWgBg8n|EcA!P3` zA0c}{xyx!dx*imtj`)&&QIE)Ju4WN9T3~Un?P-f`>~dxXjs{r=4I4b}u4W?IgR?@v ze|Q*@#8ogRVWh?q9F?Ih!?%$)%OTP3a|a~- z+I=r(h9c)AZI5Pj8{)_!sifF+$OJuKXxrk^#~-dW5_75zI<(P+G0M0Q(GhqgLGj;~ z!{L9bG~XTjpN22i;tyN^b(4ngBCBL^usGrjTP8|u2b|TlNimSdJky~~yB`g6^61^I zDU%h$E9;yz53cSa;U7H7W2w))ihlXO*u*f?z__anrT+ z81X=Gbs{9D*fUgJ(0dpr5~O!br90&9k#8QWpy5Df9cF`us9^FAwOpkoQ_0Q01@McX z5-*ypa3}~!$#tRQHg9p`fOT>8RRJJ`Yz4uQNg;1DN?+Kjz|;I>!ob186lXM%Mqn`O zFCQ|M=Y{6QoFPW^68@f;Unljs9sv)imq7(?TL~|>uQhMH!E8y0YsTuXkHaV`!n1Hh z5*dq@Dz<4RlOOY!w>ro$rQxy6oA2;_r7GjQtqXZ6e#eMi`b@Wx(4MlkIZ4sqHG5By z4{nqF@!J#=L2FIX{`Qnyul;Ix7kDOjmNZkqTezy7IZpn%15G(L&Iq{K342w6D4i!$S{Y zZ9)wxmAz_~f*>X_P|Q!P_F`|Wn8P)-rj?#gpA?pJ6C#IU$%Yq{KChY)6q!P6>K$fm zuLn)V!e2=AG@6+s9gM7hR%mT!w#R&D>tLHIqQdp@MkwKqI~Dm2CoT;feio2KZuN$o zSQI(CgRM(x^96reV&?}ZIgH{2^&@d2pC2tDd*twpoIJ0eGh@MZ3k0dDD+UWQy0WCo zy)Dqw{C5+`?WoCb!qfjo7+hb8Psoo1K90;>(%E{WjiNd*qCLA+;F;Q*RvV-PB{sEe zW(#^%1Rh=}<1FO#cDjI*yiUXg{0h>O?Gt&zMtv90UUk)#QrOQiEq&A#_80gL9t z0^#UZHrFokd4rt&(5V7l?RcG)Q&g(2CgS07F{)+>C?JKUh-@SNNQU5d5Qf-Mwap8p(+vUa)QnV61I>s3Jj!nGm8yg`dSdzVXPMo7b-UEo( z_x}?yz`;ZSeOv)755Ne0M}{htB6VvIY6mzv@))40KaR8^*P9@B0C$u8yy?V+^d@gl zVh@4I!34n6w|^=M{nq>^1Lm5u9FhVVCDX+3{gQg#-fy5wgThKv#P+rP&jE%gGALKr zjTW5>Vfi8T-0T&eM0Nm1qlU-Z_TNc; zw87X!n9YDlc1?De@t8kObyv7mjUuqA3ePt)&kB6D8)q)I)dO^IoBY0TiZ!5TVcumr zv&RD~w6!LJ0fn#rgaP-cA6(Dbg+JKr0yeeXO~ndeHlycBuy@#oQhomIY2aR+iL+Wl zHK>Y)vh?+b{&i6u!mz}0I~ySmteOTaO|z>yzwQHoMI#9y3+lhz?jy91y|4>;EnUA! z4DT)G|2tZwv=l>A7$Yl-EzyH^lUEyzmvcMdU{$#t7lGToLr=Pih0fD%*4t zu#N>px3|XMRRkV;QAcBZ;=l2D2XGZOh9{_7LS{Q>BV|!>`sh+U)yTnwI#}dYh0y)Z z^879~I1}cM1Hq_@9H~fzs+>H3ReBmvGz?*)rV{v$; z?m6MFzj|&ps5Z{xFkzpi;~L{dkHVu#h@zvzyhUIMEz3hnf|FZ9209(mtQnXXP^)u? z-skTp#8HF!_wstxAPEYUl>G5=RlKPDi4cu=!f{b{9GBS{0pi(GQP6Mb>`I*>L}nWP z99h#*QTtss?tOajQDXxsz*aTQudF=>j!e-2_UeR9O5@o&qF0@wSn5 z!iqLUDVHo>hxL1&8j@PGy=n)8r<+MypMW-$EuwJWv2IsyJZwxar7ocjn*6Rya;-4JRr?m=h)CrVLKALWCN_|yVrPgU|#v$s^<_0m-bc}G& zLa&?U-ZCk96&>wPso|rrG-$zheX*{kC(5AJzyrDQ6FQQ-1*%SX4P}dhT5qclvK+_) z`r|O+GXW#3Oj^y-z!dV%o5d230wtr5xKV*9mX2G%v9}jE0(S)81&g=2&_b3vgXg>P zrCJ;t=)oWm|KJE4QqKSb!!C2R5!o9>ZC&<)BGGDiHWEFoD#5-@*#;htqh3sK0o-*; zDvJW7NOnISH2R&J5dL}G@O(>7D2fL1HlQKIok6`oq7zj2FxRueqM&qdL;|_11~@61 zwhUB#G)ZcN!(E>{@k)=04wE;Q{(>{m(k}0xJdtnA9 zO9toJ&S~|i*=jD6zQwTjQ>qjZ6gef1Hz+0BMOd{eJba1?hPch!@PPqk5{3?CK`$P< z`V5P5Wwkhlk{=||;l3@+SP?e$=6voK*ql7gOe(Cx&0b!tuksaU2;v1ny2{bJCSx6# zsf3pVCYS0-OQKF?=ePvU5~jUF=d`M>fdO><5n5RsC1Zzv`ht*r{fXGiLEg#AwqwD4 zwEw0rdPKyaw?xwHn{w@lF%$w2z3MX`4B$uB?{YfpkSu25(8qUN&iM1mFRXaT@Bc|Z z{lgVrIYmgu(|zHS*LJe-<30ca2@yO?UEd^3>3Q4UGEqtzBK)$Dll+vuuHEuzsTI3! zQq*mw{Vz}))_E~!eC3O0b{=_mSTwl-7TiGn+1b~zR&TIRhzB}J&ae5X@=n$Ka^jN$ z`X#)&?)F5ZEpulw^kF`qZ-)k318ytgitvu>d(4&#F z zP4|T)K1LOdj;gy-S+^-FoZCkIH*u)N0{hWxR`aK07VtVHb+}EtRh@>c0KH>P274u& zV|m-GL&eUj%6^Ennz~gS;D}M`HQHJel?T#S36@~6z<<~9L7?eO4{&@4Zy1=ai6X3U z+f#S8##S`lXcL3-T*O*%ye|sG{7u{OmXtD^4sNfCIj&h-l}m`K!k0${rMEX%H+`4E zB-qQRk}Q@$pUsS>}`pkeP{IYQtdc>)^)X1TBR)Y8F*rCjjDH zVPpek60o%5x^85ncux=K5pny$Vn?c?qEk5lngMI6E;{(4)nf2wR}t}&#J`qhu-tQ< zAWqgLp*}|GlbiUr9V&n%4}GQm_O+&WGbxrN4vr>HUL0GBoP{j?H(etoRS1*Cvu9|? z3dB6U4Egafz_L>kwYX~jGi;_-v4a(!@o~Yf-5-a?)9y1kxhruWaYQ3oRI#DU?ei}| z*C+2G<)Fd)Pdt2ym@Q8V&|@A<7-;yJ-)x{-ln`T0hXL21L-u8; z5!*1fpTx4YwpirACQpz>v(rb$CeS98o3IR*2?H}Q+84`ehwE42Q1UPYX4(HePyjPw z?eb7{`triD^Tn85w)mIlgjom`hfMNd3Md$ubVO)j7Exrp*e?{A4ZDnN=Tb2a7ZmVa zGsUi~>M6_1XVf%bb{!kwRDmp7B07*GYE8Q~r}|Su-X5%q?`dPq?grY~&DBZ2RVPso zZ;-=ya8PgN_1q9?G6I-$xXlcp(zN%{n(FZ>Y9!$=STR6x43y1OLqrYmY%CW3rX1CY ziFsWfnJoeZ0Xqe{GdC~^g^ANqAR+3<^@A#y5i?FnnyJEbx?Hf#4jsJP3{_5XD!KLp z8_Bx!#|$DuI~_&&sNN#C5)943>>M~7-L#6KDjPDoYUNR{`YuG652!m{F$n;GNdAo60T zp-Z?9if2SMp#>8IwydtKdic^39iA?8Z8i#B#7Q;^#t;*jO?!Z#(-D;JI));~>hn*I zi~&th#ZVz0gJ96}d#f@&F1e_ud!(f>8;CPx4{H&NV;K+2*9O%{?4*{H^6{8-#kRVb zo*d1hX|8e^bI>uyEIQ0&N1g;U#xC5Fr)# z#nlZVEs7Qrv{&uJNIgI<0$I3NVq-7BdF}J!u^(gw_!9rVfHeb>pm^|$!; zPx}2obP4Z7SCTvN!#kh9+Ke|NFK<)-gRUY%4p$*3S7sM*{iFGnTBhMF%Kc!jwZfQG z*nbfR6>9hMJ4q&86n&A|5z#YU(gUqfUlHm#b-sf#68RcSQu(*`b!(gyI83?>J;hki z!iJO#nPf1sR+1#%G>Iq#g@{+t54!WGiq_G*RqNYM>!YO z`r~R>dKc}_oi#lM4FnaZ&hK=}PdEDU2`u=j%cm=)g=bIn)xVlwREN~hA6&soiHL|~ zY=0uXVRD9KyMVHwWfV3vy(}B{BM?%MkpG>%tAOz6Lsd_4ol=??T~?=%B{mY$VC`Lw zA_OfGiC`aPe|U zvK4#;C~XGHt0?Z$qG4Lm1fG->o&z;ZwpoIAhVbwg4K=pP;OviijSOiy31S3E5R(B( zOyI+;XS2*@OKY~K?<2Re$jSq57#T90dc5uy45=D^S?}Y(UH;tR#1YsT8*yexM<4Sv zbL};@l-3x40tQiR`ZU5fqNaWWgk|ndvNTQ}u{P&3b9re(;ow^j!FVdv+i5{ky|e@( zA{I8v4iKjY{ZS`LLjsm#v0x*xojKhEEQDDwRaHiSU}9({kk?3I1UMKyD2c-My<8+D zvMy?~86cVIg?sXqUx|cC$x{Tz&^J6FUS&)5EUomt-5(RHrHhNU^UgW>)d$Qk!kvp^ zuxeuRtp}JTFYAICYxT^iCet)qMTJXttg*R&)5FWR`=VOIyl+b$ZXWE zS#BAMZZWb+-#_<~2#5=fEqR1ONtxoQK)Ep6*Z6ivWZ17bINr#33Y*WT3BG0{BnE;b zcwImXrZJZ=*{dZo_J8-@-mf6(U6NEqU_KOPt?01qR7T=(-s>8Xjwv-QhXOqZ1)lk^ zAZW*0>$ulO!ji)q2xAcgLEu)q5-%9dH`0+MU{4vY#evoIhUBoyP{F}*%K0r0LEqSZ zINRfOxCH_xzd8UJ z8F}0=8E#->B|kQ{JJhDmrvs3+n1lp>qc-ATrUq%Vh)C=IlQ@rbEN8<=o#wP2UDD>v znl}?dn&2KRxmXQe8CwwGn^l3JzEALHZwu%Gg;m;)Y+&f~&ME%h33>=A$x&!hM&12! zwdiv~IQtwD1gk1^CrfDdFTlvBifp~l@E*&3YbG3m<5DQy%Wlw`{HD;l*z`O+a`qJkOOklvgSHJCAZk!6v?9!Ru#FMfEF5Ku zFOyJ{6em2HI@0IBHmVIWf;A%HCV&%IY5YO9M}veSQIn4ci3$a(KuW>`VJK(7lQpGC zdzML0=H<=9Z*9Q}9-lgTd(`3|Pn3ff4rep}QMz{a1#@}k}li9fT3wHgD-b3-Pk z2p$75fRm^tk~Yaz@TDj$teS^%8m~l;js{^G_&;>XU@#E!-`%-9ex6V6F1GhirwZcF zT9zHPn=dKgz3C1iN;l9#gvak|2Iym{J)eLC9kBWnOXIt6^lAOeZ$SX+y!fy1>Hej} zCMM_uU=YIi;Br?eC_QwaX3>2zF?J@8u;ITb~ zm}da4Q~?~3(ObO&;L$)CT_JT3M$#}av&kElJoY#NR)^{U>@XZ2)4wTI*rjFyL?HmI zHT<2+vzGvonox=QFTyrLOkCj5YR?H^GiG*A`soIdYzIuO|3J~wkJs$=pU+x>*OQWN zpTv{;qw-qpSBB0SAXnxpqRl9)tYN)Y z^YyPvwdf8n$}1`Ys>{)?9JcIoU2JJc)+Tby* zYW>%fHRgB!hM!jUVS)fLw?`gdqUEBvwo3_cDGqAQyL?yo1*_4z%`hTIkTnQxYNv{% zFDydr@7j*kL)ip7)^m@p0!l-^?n56!zODmlsmX3~Q6A)CLS;>)W-}RjZB$-mLrA)i zDC9U=vvH#`9FqJE?NUwMaKp1%SV2?7}_s&X2RoE0e3o%g}0QK0-e z*3#M=9l?+jp5U~sy;+);Ae3fBXU){I@}ql(1iKd-x6;BbrOH!@kcs~VnDE~>U62;? z%q50Y(i<%-&GWM29$zvHW5rf5O9>e1*{oV_(r11%@s%b?AG(2o%P}x}D$lfQ@1)p@%UwClhGqJeO76aUQ zA3mv0ghqvX5CEJS#P#1PivBvR^)vHPkde{D_*Jy=@gTzYuy!WCmav9GBrh6N$Ifk8 zK+UkbGjUdSYcD?f-pECdllE(Eg}1DqaftOBxi-AQd^?9X)yvr(RrMBxe+#Ngr69^l zzsvB$MH}F09eivQ^pvSp$;9Li_=$590c2zt3u1laG9##XIzAmbihPbJ?tjWYM3!!AHS)uiyt)_`XCtV zCg!_5cjq@b_mgzh>nZY}{7q+03MkoLqyMq!bpjnZ0X>c(vQ6Os$CSb|Vj`J;V zS4%2l{w5IBqdYX0V(Rbq;4!gD`(edgCZ+I-UeWu7qyGDeGzce}r+j$dy#V&uBPzWD zv#bCiZ#vV+k9vmbqADd@W(EQrC_Q#V!wHgZkhcRZWQEbc=z^@kZ^1XG;f+(exLe=B zGZ8U^B%_CyfLKliTT)BPbAT~HG6ki&pL=MUkdvqR4#a4pn0 zRw-J`NROU$SdSKvH5DynoH_p}wCFhy2%;TAXN%^s5|)vgxbJWL^3 z@FVNbxf#M~NSBP7x0=kb6y2gYE67QVE89nNwPTLxn6t&K_u-F$c&f$cS!q$e1{m+P zk|S?VOZ97bKYX$uebAF(;tuy1;`OIT6-VvZ_+9pWMAa!s|K(hfnyv>%>Rof`Vt}r& zdb$D~5vmqu3+4)S{c?(h*^&9#t>XFKues5KVFjAJ56=0_9WRMxSc^e9 zlT&iuSL;dHdz@LXp38_ooVNXNL@XVB`7f#WwAB8mJh$%a<87_+CxC8yA`N8efuP>A z2Owew$jki>Vlr>T9cZZfCm$f^B6{tcC&UgA(R&|Y1_LC%X?cWUJt>rJlcfb_<3{it{3ZPzo z=B{}kwa(`(o}Zs1$`Jlu1_8TNz+6Qfz$HsR{FDaXEgH+KYZ>b`96>-mff8xh*rlErY`m!x_NuBL>)yRO_cP!Y1C+3QqvN z>l)Eu1E_C|`R5soB>b6eAf5NuZq>aX*Dl{@ZYY^5^l>kAO>4-eAnrL+0 zo5!oKUxCyi5RP-I>#*&m=KY5V{2>DWh+YUG=LPpM-eJUW-yG0!KorxizCJyG+!3D@ zFhD}Y@<0~U$bfg6K@T$VnS}xaus$G!@i}djEEtmXH-^ep z1Q-tCiyt;1CSMKxc*{VV10BfHA(j;q&A!sVqH*sX>tT=Q#<5WYu>o$D;RgxV}Hwg6Gq1Ruo!o2@4rjJ1wFEi}| z#hjA7VNtBJ9An!}2@U61K0Hq4bzN!s)2Q?iBxoR+!{3JCPhMro-#A8{T~(*lJren+ zz!*mBKakr0raSmfLldd>f}g(#E6vY!*?)cI!6%{7h)N!%AD&PSaIK~OJo$h7v$%2M zdcXBfXq~?+(9bo-u^*RePWrRULEF)CZn zVFr|9ihQggb|QC%W1MXRNt1i4=lrq56n|XGx|=l)sv3^WzToa!XRe_AvmA|ym}b8r z`_K8^FQ%0QC(ifuGFd25zybo46jTl8n$s2*A|OP8A9S`eB9~|6 zlvlyy=-aIu;GW^Bq)50Ux??1=n1Td6gb^aPFi&PChA{@^3B^`2WBV#MA^b2AD+&xG z@)lI=(cW&c?r#L+vuVbKxMIOA_6D36hXxox=WDtr_i+ zNow@rg>c;~L;84`#>PIjYAQBlcv6;aHfX3%ET*ZFX=z&0)e*d3RqdGd;rh6AqcU&l z>Kt9bZupt=2sK*lkfkQBWw-h<^BES2(kp&J#%y6D*G*g>N!#psD$bc@zI=eDdxlRV z&dxR9;#UUhDf<}SvzRr2`pElFE*2a~Xb~<+Q0zsSKO8{Q>G9c%db%%yPcHVHEL?|! zaurm`3@Ryt)evUR5J1Cg_J<7&znY_FZ64o&T?%28&e?{o+b@NLm!sIOX|)fNk&1i* zX`FKI&Kx%$VwNcD)5knTYA}8dNJ10>hNMcdjxc-6s_C0|z$!`^36ej%m@E)WceR+J@Fqy_T z=@dO-o7LB{XfH&1A&fmkYBfELFOlE%DKoG>#(%ylSnuu%tcB;q8m$JJr=?Y8-pR%!AjJN*qhOeEp#x`IIq;{b%=WTXmUdzKoHmfTus^=tkaCKeI_C znfnTdQ-a*(C1Kee@Y}-~C;qth5z1+27Ipfg0&Va!9pU+szk%*?7#&6iBK)z2oRen* ztnRD~x)^`evb-IHHvaVy6dO*?>xxnjM8ig zYsQZkDy$v9?7wf$O<9(!!Yxo!iA4LyI>#bp+9_xVXtQ!orf|gu1$^pOL!u>5)+`WB#!51%(mG zK)_9l%95%&0`!>ULEHX+IVaX3Bufmb{70r%I6B0d!)a;ftbPZdX=BDk^n4iTORAO@ zZ8^V<-$^B&o(*gt?=F!q9Gy8vBmel_o6;cf`iF$+Eaq0Y zWS08)2k3V#RqKgD(N*KSPuHQKE1iaSevSY~2ca-hD4+wug12B{SBc;UF|)Twv9Ta2 zAP8dFJp`mK&XTFxLug)0k`8~El=j>ns#tfwZv-gH!(VQppHG6X#Y61^<3*k_*-yGc z9ZKqc zI==)8`6ul0AojSnj(mzJfVX;nw{Re};DLokQ&>4Sg9(r;GJenWB zN%wAU0;h?0h?HUob?DirkOQyacNdhgv2G!&;%+Fyt{dMo51y`{Km81Soc!8r6>vVS zv|PChFrok3_Y?UN@&qJIE=In)-7A2)ln}r0m%pFtOuH_3(qFqOy*;9Q99n<7ld6Ph zpmI}s+=y%sd2j=k4}ookE{WT9Ns*p_dL6dwafq+x&r@n%1n#_Xw~9yv3i~9>{dJ37-aD-wz;!(|Onn_|2xJ z!Ba8kF_Ta4R!4yy3f)mj(7}Zrm)XD{R;deCiHjM;S#PyvIGO65+1JPOWGX+7*kQoF zrVy%MhZtj^RJuT`QWX1{3GiVbm{Bf`VT(lZk#OxW_2OnQR{czBS&rJzKP%XCqMtO z3|)=5UH4^EG;RY{H?c!6>bHh))rdnb^#4+QB^-W!cMwYRS|a@Go!{S+N1B3weRcjI zVWYFp^lhT2<)vVd$>+C!lM9hffddP$9$^)#sDKK(Kb(9#Ji7oa8kn0m{DShGH0`^y zX~3ddo0(@PIS`}`y>FxvrtSJiD1BS!CmFm6HVeQ!2@RzV1rCYNfw<`}iNY@-H1%I7 z3qyhLx$uieY5vo+lE=kTvx6aE)Jdt{>l{j z(tQAIzyM!C3b5pORNEc>qTzpkxYw>JTs92a!agn{ICLm4CsaHMM^WtdBo+pkf{pUk zFUy{;V7bFi(Bl1PXK*{)Pgw0n`#;|R714U8=Bh_$`>9_~PxT8!J-pgFJpY~@1?av6 z%4c73q+x7D?dPmuIQQ(IZb(X>|9*G>TKaZtwEm-OS&SpR?n=`AV(qTJ`@Hp8{O`-7 zW%GbtSnemYuBY(3la7GN;Q6|4-+#X^Yq!(4n=f?rt1rqzTBV9!#Ve&{zBg$%aHR=8 zy8LEv-f&V56?TB?FcLHqu{X=kW-r2e>yC5Mc^IQu;$>V9b9`DX**|u%ViIFhY_~XL z@ytytYunO{wj27f=9bP`KmbPCOZ{}NSDw)?tnhw8>EbhtD#TD>LL!o7YHB;>xy5|` zL=$N>lzHO;#UGTkwF_M5O(Z;j0~pcV>ko!~1UFrMI&Q(pX*X(7k4112KyxB3NdfN2y{uC_?# zV_-#1Gv?L6I+~0PT0D_eM?7L(Y~qrM;`*0`+8(LYUJcQ`Vj{9Auo^vZ5kE5~G;^sD zV&vB&ZiSbZ!zl~$j~(5ki4DjtP}9S+WlM(obtfi9|9;zTHMUc#$ld-qF48g4;-n1r zVj)MT>*ue3CjK;(bSCk1yfFv}|!zpf38*_Q~(TBQUV!+mq3*5HVtG#&E?Ob4xPZ5u-&a9n}YOUO45)rgNJr5~PAO^ftk{}Gjm zA8Nd;rK$@QpQWn$wp-p6^39k*Tznz-)amXb=J_XIT$H6Rv+QfXGPzh=nf!6w{@SN- zyqk2a%p{JCysk}AagogO;nWD4vyu0kR>2bMM=eI?j{f2jpbjqTv3ZrME^P%(3j1=v-@@71}iwMVcW5KKGl_!dB%QT^DdJ~ znI4qi)`8=VAKy!*EEK1K>5Kt|><&I0skyBkrm^N6(a9t;envs;F;itJY0uc*&o0a(0 zwk+b#^d{;iZKO7(hB&%`qLutUzO~gz?^R0hagp*TxD-G46hoa3*OM+= z3R;q*OSzRf9+FSCA>(5iJxn{Ky&!y74jejUB&>zw+Bc~)F~szk*mky_DbE_J9HT|! zSW?~72FCjO26Se%S67FPtmV_PiQ~Q1`@j>4=7QltS4WECL4SC7K%$~v=dW7XVucKH zVf$Y3e(#m)Vw4um0Nou zc=~l4t@A)1ZCK%>gT%x6r$5(6%k92LF65KP{$Hx7g1XR7y`*E=^}oNA3J<-U{L+Ex ze?EP?lYTvDey=Ee7Mw{GTCfeog|2~4T-Wvw+E`&Hoi=B4A10T5GFM-oajG|;9QNG^ zaeSI5O*k3+b#p0I@3snlYJ6TjwqEAf{eMs3HVDN_tRGJDN+N2w@p(NAedA0&J7;(^ zFaGQf>c12I-8uWKf8~nR^f(aCSQ@Zi1{E`VZvMqv;iX`0^_Q-oKTTcr^SK_>?=&>3 z#mIFU-{i%uto(#?x03sRGEyIe{3yJap3J-7fBHf@yl4LQB1lrVKVU)P{M4MoM@&+D z-B}1&p}$=MEdAU4`JwUio~N^o*}yu}FWxr)HqN)Oxxe}z%-!64vz0J?UA>)AUw(Wh z3tYJ$PCA0F3Ln2ce^+7m;e4aS7_~|{bBBS(EQZ@zzM z3=bb)rxSGLK;56#oYg0q3zH>Ik4@&_->BPlOr9RuQHXVz$}qWuU4gu<%z-p@#ke7fy}GrI`@3Vt zvVXGN&|YSvFR!$~^_<6E-n*{P4A^^VGW%@`a+9?Gar;WjO}l#-#&j( zo4!1(^htTNY~>=|l_*i!%>5Mhm{^O?Dif7K6z(`1cpP%tS62OUxFS|VY42B={%h{q zI$pblfwBA@F*X~9!IGloyvEt`H%v7U46%QIa>Ils1@w$}dzU;J@zh8t`Kywf6IigZ zwP}?Mn1E?F6`>6DB8VTSpXA=v4y_}VpU_Xml+~b@%qQ8THUPN*6XON2ISz-_dhS7& zF@md~s3*0cqA$rbMD;lpTwa)_HxzJM>8RT7+d4v-R4f_xb)GRSz;omvopVOjnj}X5 z9EZpRl~=c1zsVou`%(1Fow45v#YOafrVAfyF7&JBZH#cv(kf8T4Cj0yEESJ-ftECk zlaK|Asjad~Z927ZYZA^5APgi)B1ZJ&_iB~0Jjpzx$9fMjJEwLLo5 zpZB>FO@%}DkVj4e1;jp&JR_Ptwpd(5W{^2(Lp*Bv@~CfRbuCUf=fGL>&{n;(#|bwk zfGCwo9UNfCJgvN_h`kpOzSx2Ja#Cz(forJt^3f7XyW_qN>n|%BU%F7&w{~KZDD2%1 zj=rSDOGQRck0XZ>k`JNz@}#%#_|7&X4BDKrxz?NG~IR^7;;SeGiW2B=#By1Zrn)x z-@|Z}1WkWVnDX2lj-cOF_80-FO6}j}$(_75UDaP*LRJ#f5k9vW{4AU4g!dUiLjOjS z|IYloe*X5r>I$*&F8?F;1O4T4$xPyztPB`fi&~>h?@CQcj$~xQ(NZ<2d3J?N`1fZ* zSZnG`JkcFuSi5l6?SXKhkGWp@b@KD%xBcm(yxHsIKcmS>4uGbCNR(1h-FndB5Z$ZJ z5Fc+zlDyL61@~9o+OtDMx39Y2{OfuWxYZ$C^gfajW{;(_m%hxWN&7=49-sS%J+Q#t$ zT-;a$lcv1yMX-CpIRvDdkfBATi@^^ie28UENvyGt@h4|fuY19IWW4T!d7Z)u?IKM$ z-P$$6dNFWt{TV4~6f4G};+wYZD*SRz5mKV~FP0|DilOgwc>x15uYGB-Ji&4su(H|7 zFJpI?hrfOV)8mm$*&EIcg0ht-_LJEl8_x=Shrv!Im zspk6c5Z+A6@F>O)za7WZr@R|<+>95|No*)bBp;!>3k)fizX^_2dVyfs3!c1sWK-s| zFhsMYI1teJ*dyZ;mI~V87LVUmHqV$vf{*w^L@vXv*^Cwyp1GiRWPX3Q_2%ge-uxX} zIP37a=(X(5fO0uHDpom((L3m-b$E&gR4@~KWnl-M_Om!O&L@MFw4 zZU*x|qG>(HSh)pec}gsqDfmgT0CrwSVhfj+B!el*_r$d9^;+>ba0aj$o7EXVQsr{7K=6x}w1Ho6FJj)3 zr{6MP^i{88-bufvBjrLDsy^XHjz>$MGp2eyrRwgZyG-G^o_Q-X;znzONACVZ`_gh= zI&7YKM!MP4FqXeBk+=>rAf33=&VVj%xmRkkA^?w4M%WPuS$w**^ALQoUd#(5dew= zMv_?^E)hAenz#L_VDV{_d~R=#)<}0VY_jjZ#6wGtOaZeEEK5DKSy^9OA7fp%XJ<#} z1~xp0ll(B9gseb9sr>IA>Q)}KK^Or~&S!pR{i8$|L0lHl#j4PKe^x9E_Mej*zi(Ln zN&VY9W%zG7Ox0tF{S(a>??($5(qAY9`uO}9LuVK{{#`!n$+!we_X2}&(2S&ebQ|m* zU4P)%*i`SSH`tzr24`8`7Ib9^|E~Rfz5Dr3+jC^m@0GXr92?+?-CE(IwqrhzasS^p ztNn7-Sf4dZep*=+dYoVVnisfu@pt*Z<4d3az+bH0lKtCyDX?>XA+UzVcr_-UPaKfF z;SystqSBc(vcb=>;W;Bb>fb!|j3zhRbbSLb4 z!u02x<G7<22# z)>uyVB*79>ds;1}x^)?Alh>@o6Qa|oxcde{EYT-&9<2K>1@ab@jaMnSZ^J81JT*hNS>svm6 zO?XA)7Nr|8jS-RJGYWP^yjGy8GyG-lzWnB;tH!R9Mm64ik%Gb6i2NKwEgYD+a{K}& zemZ_5c>=a<4X`cbt$%^PJNB&D)!nn~VJk@pR=Jp_Ys-Rpjty~`GnltU%Yo8R$_Y28 z?q#4u*o<{MWZ{Ukwi-0bLxW?d%wEl)RPeOY?v6%JWelKs;sfo)?d>OZA*~k}w2gYy zKvG#RYca`;T%CIS8h@1@w7JNfTqB#Go85Ab4--W``GL2ktc**eRH4Hzm3a2$!XF){6Wmz_ME5iZs)S7UhcG{p?$Z!XfijSzI!=7r|pUw54 z$L)9DGbWchKXld?kWP2|`Ao}`-SDnR_wiG`KzQOe;uDO{F(!h+F5~eu?(R5*yx#s* zG4oP7t1trz%l5wlY2GF-k#{xDp4Cco7armRU~!*Gr4MJQV6<$h#z@m(S|_gXUNy4? zw2SZdQnP=MdUumSl#n<(4ru{SmDS{>RjVP^QZ3#Kb%taVWb?+m4v$UB2#uV$w=fcM z;EzBWBe2SWiO3YuRPQCO2~xChK8l6AOpkT;&1-cnLj2nNxbVsuyR_u1%{ z0G_zye}H3n2!>~U1_gUr+|1x|ag9V^#v-0sBogzWVj79Yy-b@m~RPN>Z3) zE>b{$_et(Wv7DWPW|+VXspF^csUB^q4fG&*Nn%TealXTXZX^6W-3Y~d{Ew7m^MQu& z5ZSw#%nLm3xqSM-{dtf|oEUDOzWuTBrLp_=+3(otxAoIoZQJp|&%bVV$*g}5`NI&s zUC`|Md3NY12_EX=@SCNu;{E}ccp1W=i<=6Ae%GyWhVvN=D|M$eq%ySA$7p&KsYSoQ1pK6>0-rS-$e?6Xe+kehGH-?`4X?(u0bGP(suG#PFb;nB& zT&Y$6({-QE%xemv*Ic?UVoW@G{DR;3-DY&Dkv1>*3QC%{hpm%8T44)85@dU{<^WmOlm> zg9l)0WZQ%+_=cQO`z$_TECW4qPg~@z*71x$m`ey7!*fvv6GoLnoV7zW{UkPyps+4P zhIx%KeWHNnQ5T3`Gu{c9h|2{53qv${#Q6awRy-F|IeSOs_ zaqajV=tq{`Ni<~aB5C@V@YUo*t!WRbHQp`xMbx?sInmaB+{-a)L6!9)tW(P zo(6{&Dn_~e6zu9OzX6-He*XN}#G_zMfk9Ww!60n(k-~Wvwn$s_Su02P@>78g`b4`0 zoRpBu`Zbzu(o_sTN?SWJl0ab1k*u+7t5DShoiQG-98Bmjdw3MQq+oq_XkY>6*h}E5 zi%XaS&YL@WZ!1c_s))hi#qE-k9XU5vkT&hzzWO^m!4{DXd#CSfa*e}|C6^kGWME}C z6xkr7UOo$mMaJH7|~=b<>ZV?tim-nnPc+8_%oF0*O0S!Z=_k0J40)|7hpo` z^Kdyqf6MQ4Wd2Wx>4cK+l>d#p95<2Vby1`OG?$#igRBp>S{M#KU~dAxzUuZo4d*|9 zbN2Hfc(DDbC;0xRdxY+BcW0^Wk&&Y1RE-V&Wa1V93??_=9JX{!SW7YyM%~9 zG4WGi*5XNaVOfJ|_jQQG0rEsjLPs0Nh+IiYKhMUocmql>2vu3?AO^&WkaCp~1*ONy zL^a8!rsz>>y4ynliN1{Rb&cK_bD!OQ0dgK^Runt!w7`sB%eXo_{JhJi`-=hmxNJQK zZZ2U@%cc#fM6L019#SUn7_|@-Id11e#ojsOYUINa42T>NU_4V}qb)6!F0ZI4bLHc1 z(!EL}uta+*1eczw0=7C(lu?=xp+p%SmybWy_j?`DH4TPumFlqK*b`|GS3e?qysG+x z7e)Zdv-W7M(+_2&Tf!s~U&x>29SR#mey>aN^UI<8=&q+OUsqbqa4|roYV3`k z20PY5O>$i$$s$C20&g8L{ST!jz zs6_wHzfdjcLjrlzK>YFsanq%uJsswxW;lV_V)mjul~{U2Q@Mh_<2S4bw8FjyT zG8L1B&W_&_!52NT&o9Xpy6bdp-pH4I+Jii+slE2N{*46&8u zzxuF9^`L)PVE;Fc{;y8)e~VZD(Dyr|?6&HIB3SvH7eqO8s!=dzpH>Fu8nR${yBac$3i|sa;gv;Efec&KoWG?YYVz0WH-Uw^ zwUEp2TbHLz3+|7L3hQ3oE%RGWS!yY(7K?!qE!sXMZTwMnhCst6IA{;tV!tKCO{wo_ z;$TZz3Bw2T4`4iE;VL9z4gbwCg`aY1Dk3Q->^yw{upnt z`(_rCzRzL{ygFj<+m4`!ZFX1u7%pnK;#$}?t`i=OSY$OP5Q5qbAF_^A3NwO3UTBvlMLfg!uI^ zBp5^WIQ%562Lyf?yY+dAp67gq>+Q`yg8r5KYZ;u{_Pwc6j{4ipVZ)Hcz0du@N%3b+ zR_^iq14Vr5?*+|3wZwph9)B#S?9<#_vrS`tI&#UcI0hyX+|E!}QY@>5%Ja|BXMRHg7i-s+Cf*6EbZpbya!s4>Z^ZEnFN@VL*zmym@o2 zcoX93&hZi~LH5fsffM(>k?1b`yfnBV3#PVr3~6|Ix%ryDR!enV7`{_&O&u9@epG~u zQu9db%lVgFGAvtFKnEg*JEALa$E)qS$Uy8smrgAm8(prke5SMGjJgex(lI0!UX4~O z-&)&KMNXN0jMNfD?1>yMA`7yaJ<($HO7luv-3-&*cNkFmYF)JfhR&s9#&^rr^xC!h z$&-rYd-;@961ToFB1GvL_A*}NvtN9|%6_{YM@148kk26gew^QbA%GZ8v?oqRQR1}? z??Ci_>gcSM)E!ZaowMz)*wZj-Y3gh|4ILl|OJUOM51O}}Ojy=)0rQ;=m`=smFpiif zbON=rfPi!#K#t+w;Fq&Gqe!}%jY_SP`US{Ft@EPttah~hUS0Zyw;!wKJFT;ojiti4 z+;*|d$E7z^8+Yx~&%VVRN;<^pwOA*$mT*n<%0-s$<&qYmDjn_at;IH+xLq5GRRWdI z=avd3s`jfibqbYSQ0Bx(%LHs_Bh;WsJG#S@qc0M__4022g3lCECi4vWq-2SZ-KwV2 zMs^EgU3!Dd)h+~ds1s33uk_kp`*F3F_3!^|zC8?x|1&M~-x!E)$`w3ed+u zFqD$GH6YY{9#&FV7n?qtILdd8H+ujY+(yib7;&!=yU@bmHN)M?SxKuc9m5F~Btd$%l4C;UoQ#%$x0ug@DFNnN{*>vdmb0SB0kt%pZ5KH*-E zE0(jw060KKYCIf*s~SNtyy{ENH7l#*K82DkjH4g2 zJQ8@aRCnh5WiGfqW;`}2v}~|R$PR}VF(6#odGkMeY*;bgE9vOW<*zo+IXgGuymnnp zk4dea9Pd$*!ZxF)%d230jR1qmvb6^?=GQDE!O z+x!uL^mOe2m;zx$Ao`-e0nXS?j?QR<%PwL`h<%N#TN@Z3U4dd$ke*t+*5(CUiI()j z7IqA}s_8G7i;19Ny`s2y1XAk^O$`_Vyz%8RnAnpFqB!sZd{*ca7x`B&s<@Byp6@^B zK2A?ZdzJE?rFlD3^CWXQ!?SZEjzXnSVo9e)gCK zYX10eZ!#Tc%JQuZ3dmgwidpp&J8IE^+wrO@8I&@*LiT2lW67i~vGm5PmwdBHuKl9@}BGT5< zG_Z+@9`>N(-;-R?i4VHO@GH9RJ&y{{lELqTQbYvRf+v@t9QcwwoRK)NI7I}H@%t%$ zTv^cFJN9G;qwRcQ_j!KddFZdAx6Pm5oc}n{7QQPlrDL&J8+ay1{GLhNojHs>UfLRA z?2>s_SVOi3y~fk+d1G8PM)}zr4KB>9I`6q9{Mg9I1(h-c*6Qky@)*_U)waU}fPIn@ zHCk941`?Fm`n6!ywDL+$kt=RBoHNTakQ-1p&t_DBJ%S<9b zm<%ez2Gjr=z1oeGsRFD1lp9s^YT<4Jge|QZXpQ$ z)MTmn8kc)$PUp1YX&+Cepxc{N9rrkI)_?H~f>2B`@j%C-Q&b-9FR_zA7F`uDAMA`nMHjE*UZj8*^op`{lPuwjdtd_G&I&}jN>?8q z7;4j``Ds=F;QnQe{O?3e&M|X81rB@8AC}er$nbpD=38{$Kw;hd1atHM8uT90f+Gq& z!t4k6%zny$wzR^_7bpkR$a?3l^-eKgYOhW$V@F>I`eCbAFfz3y6|>6_ z^(AIU<=wcky6-9j8iw}Mwx-BaMy#sBOw$^=?0lfb&hiSfvI;VRfA8x5ZgxHCKw}WU z4G{GQn$}l2VWf8u%7_9Nhsel&ffrtV3JAFWK6bjoeSCG@Q25IoKMw24D#dWdh(WkpfjcG~7#9sbA9cTG!Q+aHMA8>_QtuU;JM$76y1%S7pTNPx z7V(cj#Cxu+a;nqX<$^?YbWKGEEL}KhaaU`deNAEjTz+f-VD!ARy7^Kf!}j2o8$C`z zv}U0p%(8LSu_ z`xSCYaP6QyqTCt1uleHY%d|a4?5J9VNdVRV8^?PlSbOD9HXb+f>d~0J?7-thp)_mlI{in3A+e^Bjozs8I%P2=8R5 zeEGbpKJ@h9W^75?3@izOek3P0k!V?bw%@C9juVFcE(xzyF5qO-+2d1-V34$)l#_-~ z|LT%8aEACf{LPzIijkwui?7icyVw*MY08e)TX`Gd9|jk86U16Ys6?xJKfjOr5ROfx z{bh}L*M>wJtG8snVV4z_=hS;i>hW1DOCc(}MuV><(_9~x8Yfd>ud1X`q2UD1*8dst z5tyJh1;mSTrA|?et7(mFP9A%S0YFqvX=wtu3Ax@1Jc^TB zC|>C3%sg6uV$rj|9{Z}}?knWa$9nth3*=S3g6Bp^NR}uc>0Dk4 zxNIp(bS=s^GAWK7*vD2LrjtTuhTCeHMtyk!B}sCxb^( zjFS7t_zPVzV?tV=H$Bi|8Dc}U^UFPOkVSc_mZ5sm6nbhI8f7VS{7ouT(;Y)V4ik3; zY{Ax*dAQr^x7 z5ai6;2!KMD>%DdRy|;>AQ2t`XVsF-JlkT@0aqHpK?pjPb8Td_s4UzB^K{^tAR}6jG zq|Re9GB=g`tIxx|7y5gt2`}s+n*IOX+=?r{UQe}{NnNxAvO6+r%UgO7W5v-ruu=LK zX)MlJtgTf!;VU*K*=ZSkBL8BGQ+;-Z6p;oF+9lVS!QOQtu?DoFJdM?whE;U|s~zbw zqQ^!s07*;x(&63Rzdx~W1JLZhC%=i3SKs~%sp;W2ho0SoUupXiCChQNi?Gyn{$1~? zxA^3FJpX0#<;by3H^Xqs0B4v?=vD z?F^ic#&Uk^9i&~T^{4hF5aF8ilW#~5SWQI@a5O;h_xXVK2F~|&lYxnepH3$ z_!eASHGXJ~Yet-;0;b^K{{d6E8ez6^jS(kMw|$mh-YEz5O<`QnQmrudrSoF41ky>VbM9Oy@O3tO(qghx`;fPxB}@nL?CST zCT9dK^NKlYZqq6O;cRD$C6Yz%K+3Qmcy5Kl;OAlWyo4EWVK#Ye#al1Exx(h+#tjFp zZJvlk#$dJ@W0{Wfn0|7d4|T&Wh0M7R6J_Bo`Jova#dkcIgUv<9&O$wdG*uq@`(%F~T9@ zaWma|y)_8hOVrll!XkiD(vr&AVSw^gy|rXBB)>;{Xoy5G5gR9}Uypt0G-=ZlAQ{lI z!%*%+(iVCRzB7oXBGORZWKT1+tu*&>Nh1_#@|uu@sC#x1VAAHUM4WUEFh`tHx3)9` zx0GJI(%8lLfODlEm2L(G>uw`em0?ObGjeHN{FU2NNhcrE>Zb8X30}QeXlW+?6zpPI zUfGm4G<>~woAhT$yZ-TEAiPCmn-~j9*X)Z;!D*-+0h<42wAzR6wxH9>`+am%Rxj(h zkFJQMUU<|^sL+}0V#n_afJhe<6$?JecA0I@occ*c@>&G@`T9NYJyPwCLu=10$I&`< z38kV*;UpZ8~O6tX~pLdQ@asp>yXx1VlE&^X6)F@ z%z~cmx#IviY&6rJ>T7jO$e_1yqh6*iSHkbcX^x+__TFzj zcK?PEzNK@w=y-ZRe>zxO1)!cBi~mh}Z<9;6DmI!^*j4Uf1TJDZfcM?#fAvli;?xzZ zmGbKuTVv3~8dSs!DU!ypBd50k=?nsNXzWUW!onj$+6}1D(#okQk$5!T%ipp!*^74^0=lCxV4&X~V;r(FX_A=kI7w(=^G?6_KCQp*KyR zzw>|oKJxbW2%6pS{dS%?6n&`m?%S)s-}Z~%{>=(K%v%5V_xAkB0s60XQ+iaKoK)HV zuOgub->QY>0N$+g_0qTzK*#;aiN_ZRVwHqOe}f_1jWXB}4T4ibrPA<+F8xLa$}G_tmN}F(xV_Kto#U z-HX6%M3B5G+(|1P|3w9}xy+|vJ$;v)cVMzUJ^uw|UH;U^n>v_)SDmbujBo}%js{NF z3P8TfjySzY%lwg_?1%fv$b4v)9F)l0kY1hxc#XYKyzHh&Y1`QMY){wBzftQbhFi zfyCNyai#?o-vZn7yn&XeFx4;v1dT7W#@U>msMc8Q#o!4#%OOUD-RSff(kH}BSxsZT z$5)5gbJ~-V8SUR}8k4&>cJ`i!WSZ9yaVEL_@}&J{8$(E`4a9AvAtV)GPoW^|Hg*=5 zDOgDT9J((f#HT~pCR(V>kj3fB9KzKkhPRXx4KeMfHE^p|%;QasK>X74;gijfg;UAF zBR_QN$ifk*?IRrZAKoIYY(^6p_L>sVS(|88k+8_I}Zgn4iFIQ<`{0nW<&sX zWZtG2TgEJEPJF)3g>`H~NA8cQWpC$|8dpCcN@09yajJ1_ycPK}P15j}y-*_UG$WQ> z_B5!jCMZNdsF1C6Z+;ATCCpXi_w;!dZe$8ik*|Y(O{FSw8&c`c?2;HS=lo;C9%Gk% z(M(En!Lno08*X0`9R7X`2eI$FqxCAVqwD}SDy-qOGQ*H*W^*wx11 zjvun$*YlW9$u}4sn2V-0_Q0ph~2`I6% z#_$nGB)<#O(*GH+t~7%mAFRk1`WFiT0PKD#IJMsIo!0(sKvlKcA@ z&sivcQ|MI!W(u%7vo&r|q{cq-cxBJpkNVQu*_7r@8)-Ve3b!rK-sFo+5T zz>8U%QIzkGdQ##E?5!ixQOOo2#g*0ihu{pAM&_3M;^m(=@96*NDr_z*^|9#LzuUN0 zb+St>^f~3#AJ5MvuJkf7o*&jUj>lmIyF}$!EJ90-w#*47-6cdk{ePs*L^@*!3Q7UW za>v%01c;MX#8(OJgm9i~8IqGBP}VB-lc9jW-83&7X-3`)Vg&HFmJS1p?vQAKkG4nP z#LMlGg`S%hG^(IV;SOz$YifbMUi68S693CYfyVFvAJp6r@P6)RF&lu!xBvb=9F~{a z4?@$Kt#d9gUL5?>cv9bagm`%SLB?11LLT;;n6=f_mhtuaUAS1YgXo$@!m_1Bi&aD7i}p^}xsDI2VJiCkPg* z^HotfIjN?P;tHN|zmdHryvAKYsnsypuytr#6k z0lpH=CUQ_IqIFY!2|>@4E_1Jix~8$kHGzF*yi&D<0M22Ok)_Gir@)M{Merm^OuhlT z5CXySfqa0z?g(_Y>TAjF?#*crOfPm^!tsXCS_nNyK|3`vW1;80^5 zL$eRBC?F0j;%{i^kLlJdbV61Z$dcvjN0x#EUhuI5OJ_%TQ5^ebs+28`DIt-(@gjU5 zwNF6Sg!LQCYg#mDQgV+K<1VY(`3?vx7LnUQV-V0tX^zbBt_l~GeqXAbI?a|?7I3{UZqVi)*uZqo=eaI8-DuiAD-U2KeI9yZma z4r88_6r3zknfM?vjx3Xtj*56x`N%gRuU{u?Z&Vou$4omSe{c q77zuw9fNRF5 zk*6wR$xzWMkA8~W@@y?{5h+U(CJ4z%eZfyQke>1*LlgWaM9V8XXkd#RKa7c51;3sj!R}7bk9f zxxU?16VUvF;C!b0SEs5M)*7Hlb5?sqhwUXN zIbYbeN(XFzt{GJibYa0Usc$`2*lf%T2GBf+{V*k>U%Jpcv0t3wiMWr{1@Ke zjN1y*6)$@Vg>dxdFk_Y<^*b;jS#e4F#Y4*APcHhLIzF@9PDo1s`qcMn^Cf%eL2ThK zbO1^0tSTWv8;_Lv(_XF%DYLZaZ-2E%AZj}IA>-AAMXazkTYkx8=#-43udl@8jW=kC z=c@O_BRY$V$@zv_X`5A_S)C#@NplJ=1^Z4X@yfl43`&^YK2%$Bi3mGO> zca>7zhiF2768FCcHh=ix9=4<**VO<<&#qB;0)z`en_ex=XtX~PqBvduVCS|=ippYDfNg7mqMk|rq zw9i6GMTM}%XaDI!;ERp6p!*yBbfng%|B$$k+$4CC^YX@W^7Tq#Gzx`{M=BsJwB8-1 zpIeldLsb|)adbp@xO~H);Cnm8BG-1l-U7Y~ zw4hL9_Wkm~j+R+*EN7K6`>LxMQxwYix}Qw8QK-&lzc(0MuDUWRO4FoX0``anCBwTAZONM z!aJ9X$N-4CO&zU52E=~6;hhmBD+r`CXQU2+)H+@gbKyl2^SImdK~4%$RLCtPJHU0h zBZn$V%xNT=O4T%)z}jExn{8Mz1qCj{Y6PqH#RXJN)J{EaS8_5=wO=QTQjRFXQGM{p zehLHVJM`3htxq6KI-W2don8e-@o+nNXBOi+Ymm#ODkbJC!tuf8`DqBz}7%Y8i{>L?H$gmKQ`#vKkn%lTa(AA#hXr$mr-|BiY2xuG6+#bAE$`! za|IzkC<6q-0=Y}Rj%TLrbG5iBuk`C6hh&cykqI4aITfuaF)x07?QPv*RxSWHfoIHO zoGf0rMLU@4Sis>0D4y5MZx1JHd-tgBh?s(04iYyE!8M2|SI^ZKMd`WKGV4%KaEnD^ zzPGle67_dQ$SMwXhgXwfcyeCT)N2mlO4^pG>L$T5a=j*ohA=hDw!c!QFD@UQS{S4| z61KjW>&`jV3$|?%_YX32o6_j=FKqO?*bM&{lyaV5z*}*3DVA9-Dn|8$;8eu2q`c%t zFQ9o@rewl1a%%c~xpCh{YQt-PJHX3ifb?!#uij_P!pXbr|m$@CTn ztj6M&q|`k9ogrk2bA=J6m94GKH5R3l7zVlixTlJQq56vMV(O!kpKi_q@oI68@{!#> zVO4&<4t{kEiQc@H6+tx}fh(B;tQhm0&Vyq#IJS0v4ynFv9yVjPdVai!^m#OJoXgEg zeK3BFkigdg3u_-I44q?GW6(%LHkVYgywF-nRF^qRgdPNV+dB*wu5h$`XTm_q}PC|up{K_5Evy(BuPu1&|HB7^^{6g_s_XabE zwEIy4CAD7gkcP7AQ9c{QK&zD)t#377$Utenq<$oFrN1MS2jDQ~AgW%9-@^B>A=dhf znR-P%GFOmTwg-1SlEu0w!+*u6%Cw`z3#9MP2o!`9SV)W4j4|(0%T5ntGzDFAbF&jX zHT%`i)EoDnLcLGa(?|7EiF1E}k0^t|xv#^c{jI>Utr;>XWn zPLxz#-b2NPj*jk0n7e{C@cNlt;YMkh{|6*1yHj%>8!@#K$Cgs7b zW_wQ{FaC1j&mA&R5#PqHcMfwG7N;?Zn$+n+wP1fsy4)I)@A4~nv&_5FI;ma%ohYi7 zqunG}2PD@zoorxL_)0D~z`@JO*J+iLqD9~&$p383e;Dpq(BpsJ-@2r3gc{F%!L{yJ zr+&6)kE=@zVe?oGv>3NP>@D!$y<1v}7T}4cI~Q7(ECb0@!PXec*}hkszoThy5?SST zp&GJrlx&ZiVQyxi*ye%t(=Q=qO}K`ssTXef8)P$J5lnL}ER+&yJW2Nh&}kiv-c@i* z0@cD)r-3*Sq#-f&(vroVXV?DBIs8liv6JiDVrEk;s_dv@V@#ZY=|4Z{og=dh`q{uV z`1d0{*-eCt&{+{J~#VBB(i)Ex}Bf(NGrKT*KFHmfaK^j9P*O$MBrDV&t{mTW)9osR` zt@SK6Sv*eZakCX=Otz6^w$a^YxT*Zbvn|!glfaoV;<_W+F*lyd0%tEg?cnMi4ex+& zPsvUo&}xJ%jwctFk``|TI@~lO+u*D=3Bux!PLCq=IUJlUjj-NKxTlu$E12=yjqJk> zctgbU@l#qczvR#$0{|m0m60pmFA)85@O_$7jSb^Yuej-To0LpJ>I~bF1MS6(0WzMB zOI(>gZh@zpQ{7$a3RXQK5_cLS#Ju@bKsITl(iCa(QsGjOftBfE3v{Hvz<;f~b$${c z*WB)XF|&OW9W#mP{(V&Ty!m?l50$5(N^id=bexUDN^8u_6k(zC=_7SwW2-K=+elK+ zj)m5~^B{HI;&YxptO_5?h3IiCKGCFs0;`s&0?g=~))$S&IVJB%Bp0Jb`TUaKP(Ar= z8?@|xBHK5GJK7<8VC=hc9f&4y=zaQ%nNqwFzu-GZfMGD@YTQfexCax9$8l}f%?2EO zgT==Oj0a0aiO*!c#-YfG0}xzxqWsUNn5sFigKVZ5Sptq#dy-18nYc#?NlxEsxjgy; zWBx8XG`pqhx&QhLEB6eQMb58KlKewo6ei*DCF}6!EY#>(Le7!<5U3p)cH*F`CX0kN-M_v zynEMa>q=%;R?&}g?vU#msgZPa$zvn#VYR)j#FS;>J@z1bOc3t**@l)CKe@^t3I2)Z z_9dcmNe}Ga2O#kSx6tI%HVqUCMca-S9+u#LzY72P8gpxfwm8C<>?)lSg^stRSVtc?d_W7L1<58=MW1)mw6~AoEU)ey{^{bw&rRlu#`<7wSvrSX~ z^RVbITE3j~@Sh&E&Rrq*H#^D0Uj}?XDCmAZe!yCu|2;d$`ZHA736L+$?k z{WGGOjOH9+KYT-I^_T}_!2&voCNn-*r4xiY5A4l**pmLPk_ZQ&iAF&Wo=DHWN01vd z_VMpY({#`8?-SE#o~F)5m(B0DS7_e3J}eU34^_PgZCuM)I9`NzS{6ZzWYpw%7S zcHIX#7?JQNk;ngbp8egaK?DAoJU(4op1)amz(Aw%n6G3#H+#`{nmO|9?`57)Y+2K` z^iG3KCF$d*0ci}rze8ENo2#IErZS%S%`)@j%RV@gA>U2Y+Ybwy4r$Kx3!j8Ux4KEO zjO`$&Vxs*%xa~)gbfIrDxu|*s1DAh;n+u6D3j^%7#zs!$^B&C>sfcj5R{_{5$xTxBO*O_) z0-Wfh#C{3sehv=bdix@SZcdiEf);-Nw$N2pWS0AGeOFDW$MMPT{^a*f&eG7{nTqxV ze~k;L1A_#I8T0-(KXjQU_g$@n?~%F3O9MN~tw908BV<0cp5L^o<i_!FasN6 z4(@vH2~r#mNqj93%s`hxk;_;@0w}HT*_vaZt7!mY;u-C&z9y-*&0-5%;wL84IBsY_ zlDH!vt|6y5NTU`X%M}_F;b9jXPSf^Sv=*l!i2+oO%!O+88#biOFQj!*z0<|)g&1q` zI#>Mo^cF)gJ6>#bEDnRfNTeHctSN<_^yIwfSGf3}zMX;SG!I`!H)#Gu; zI#04qajkANfcm4QBRsu%FU?qd4AS=<2yrKt);AJMYpbHUspiE>w zdTNHwQ-;na>~No z67$M>Kw6p?`5F<)QTIwr}!*Y18RXVKkwXFn0nTT3|=sIh|B z%p2sHm^T+>n~R%&2xO_0qNVQJRA-v@1*x&7y$h=}M|{2KgbFKIQ5c$VlhK@g^{r&Q zeb0mcj^fbd&9oj~Io-=W7%s8s@PbeEH&Z&_WEN8wt3HYx8oGL6JrvBq$WmMfm;-vp zs531_kx;CM;n9=S8#tX>J4WkY)Tf{Krp$1w9lIY%|Jau-(#z}fInJm3?jfJKNu#;c zn$3piwI~e83zaJQrne!FtXclBT=e^v!eiGwh6Iz_mtKV69RNGbyGWh)OU7RLOZuNr zLRBsU6zys#YF|L5;Qh7w+CI(I=X&y@tY=8wVGO$Gjjh%1%JZSr8|4@#jXjaq?auh5 zWM%eNcwq=Zw|ZtvHO)^8VO;M%W~J0A{``>!eeut-zF4V+wYrQ^YC23Ra_^cM)r+VvQ71(c+xqgW4RG%{A6dj+(SGs&Jz2N*I^T~hwk;wm`>aByKZ2!2?B_yN- z1f&~8K)M73mF|%4?(PO@DQT9a5s((?ZV*_yVd-v=?sM<+d(WBo%sBo-?Cy0l*Ec>T zy#0uI|FuL@qiNu0rd(fv9lDfqk@4oS-mYy2U3_|+3dt5O0(~T=rVnU989YAgIgK?( zt_Bgr>>m&kN&>$yCApSD3&f9R3fzvOvS}8wZABYLYK=|MRU#HrzUy;_7!e z+&*~aT$m`!ZAR<-{CsF=XcnlZfTis->VKIsz@3k?3O63UoP7pr-a$L(Ij{+Hyqb@b zVp{UtkOyw%qUMUlJ5megSbQDOsk)Hmh8^G<443%KPE?LL4hQT8+ZaI*W zxM$oHXW#u-_s?$NV;F#?TmqlyO$Ubl={LAjvoJg`;BKa#SN=Rvh=Qye1lMLfDO{I4tmuF8RYZFqi88<5~|*mT@D z>URtrW(z#?K+N^RhcEis15n;8FeGkVob9SP0!anrOHWv-OFdt<-W*&YQQn9O`2)$; zcW?(pAP74>tt#_zT(vGCTnp&mzbRn%*#{B&6vDn(9jNe9#iLH#fx&7&( z8!b;E%xAkS3m3Gp%WHh(-{mdN_30L!IB)qEr~Gbn{jx*_R_;%liB#C2LPoZQ?RX;Fw_P%`5`mL@Bv*>5XH;K*F8eJFy zFK|#_^HXV|ZE7pB8s~X;ykn|&c88Pkt?++<^9v^J%xIA7(bgXUIehoOoq z4L$zJZq7eH657~!eV+#l4tRojeBCgifx)z*66ye;VxCb5+92_17A z6Agynj3?&CdwYD;*y(8&(_+&%w6S`^!-FH5*Vqk0ndtd8lG0&P4Qm{un6Fts&xjqD1t75kpEjyQs%^ze0nl3wwb5$10H^x+DGZm#KX<_=({FQD?lpjxZkT?VM>x)`59&cl;=$FpGSBwf! zG2zlV!Du7PW=Te%g(F4l$N*Och0fibx%gE@Uke zpX&H#EZHAm1h32)s0rhflJTh<%}}Rw<1;1mZ!^#T2$O$osHp*Rb-vWQGsQqDC{0(Bqet{h`a z5p;$kpK1cD#y1>H1amHkUU52Cwnt6pc$Xb3tNJ=Im2n`nBGlgj=6VcmO(oX?J|Sk# zu+wgBJ-@fOMheN(=zCrr%09tX-K&>zyUOEhVE<)a$#ayvB1Li0O{TPYJ)(pYX}Tgh zM2S{Lr{18V3SFk35y(-Tg?m$xDwLW8Hpf=;1dg>zzYMXfmyL|sJIXi&FQZf+#ph^2 z)WmvAvp(-^fBn4JG+E(4gxJ!m+B$!5*4{8;*+tm$VC)E6Xlh!aA=H&}@qu~E?Dg4f z40z^I7!Y#zJjtGoeE(c*f&DToj6(XH_LKW8Za%)}TpYiM2)3r(JYXg|H2^%P>Yw`Nzi;%w7mzp$RC%dw z7X|;t1YFhC9|3`C@ZkhL0Ro(jS>1D>YEeH(!s`J%1p)9}&E^ZNWF&?c`0-S4*ak&? zLxU%fC<<5PV{(iF0SNv;CAIB_SCW9cqJX<#k(=O~Gjv7IE|B!{HUANiASZal4T7`E z0uBJ%V3^D3i{C)ChWqN)FMA(wgB}1oT}t?f2#nuOuKglFOuz%cH8Xp-IS0H618xAm zED)L?p*$hocG%o@(A@TX-~Q~=e(fW2KR-$lz|Bj(T}nAn*_( z;JrUL?lHsX{{CRV+89VoeZCve^}Rk`0@eYbtg~o~mLofdW)D`Ofl<436w#4eH=wA( zTNU8-KCYoF^3V8$pLxK|`UBe8fU>(cM6qM`-`QPOcp%&iYP4}aK6ve9Uc(3e1ljku zJ&YgE;BO-6$-ap!Hjw}l+l{Vqe8y!x>AwVoC6T6F`9XtBSiwmXI z#iQ>3R4~ug?yr%h*IA839w#!d(wZtQOF}MdUU$@_Sy;Z-K#&yq z+*OrjGVwu+{tYko=T*s|%XkD9Vd1wodIY>P{25|ob=o*Tb7?xo0yn2pDh`?^>W1`Y z>yG~Y`**z544hoGpZ|Na_e(uw>_^`b0e3p~!LI#gA_=bHx-*$(XJFC0cRDDKdcx2C z!R@5Nui4|{;glbSe3sR=v-KMpHTi0j>Yfqpgh^e6a{;402dBi6 zY2m>_Sd`sZkg0kIlqEugrV-5Xs2SPBm&)FOfNkj)f%>c^6h`*9E%s}tMCSfZSQVJF zIp&=qsyE~kexf)^7sdQ?veSYL3~7;v)*rx%n9`q3~6`* zsSMdQ`M0LHp(=a+OqXacu0z;e_0R*=qtbQM)_x|qT!ED*l=95Jg%jFREs2r5{grE6 zXG&=4*RE-Oumtm-S`>b0h$>Denx2qP(CvXj^KOE?z3eV_gZf`m zK6NnVR_K)3EvgLuz5@$H(n%*!(QGojKVFj|J`j3^LCZPX zEc59)Ec_+&_5L3wdTHr|ptsJnDgtBK``RS6uhmk0GWP_f=o?5cle!Uh$uW~rd&Y~- ztguA~p%Kz=N$3Wop}oO&IB(f!%8pEVs|6u->;x0;>pAB3_Nl5!qMT*5T_2qqeZVIl zkZWt@>MSfi`sRqwx^?u(Fq!d=qFZpj@a}x3z%)g3S{7(`>4$YK$qwn|V*lZuX-?^j z*_2CngK*|RzbP)Ru^2;8TJAe z`2~OFUPp9k74>%=+wT%_Tvca8fXZUepCRxMXd+ zD6eZ;X3IkkSzXgvE+y=lSxpv=Ek5BD#^td`au>4+A7+0kVNKfNA5c8|`&7}r;mchZ z8OP^I&kL%qb_CGzWFP9#&VG!}qn|Q;3er>D(~J7XWjf-YAX967W1O$mXQt~(CHS>g z97koZ(-2sGk}J-rtA~`!C7{t4c?Z9W|2`SsCud3VGlQNU$N=a2VkRJnkH(}qg+_#a zsZujj+BtlH_!^h^9SF*ixs3A?g*|Y3IvETm1|boz0yn+OPL|JcaZ#4@?pQ7s+lWB6 z&#{N^X)vX}o*vREFtTm$DF!USt5|;=ob^TlJ zzf`^)BF1x0+}nlOHus0|2FfDa$p{fCl;+TigV-0wdS1X979i3AHsKCUdxeRn4fY=v zuDOr*cC!4g=KqTif|slQfRpixyz7Fv{>HQZx?EiMV}dg2o!iAkTbzJn89ly;{hJ_oyq#uq&v;^kRcc)AD7?0$ zX6|eLU$rF>wxVDz?yw*U5R&-UB*|>vDli0{jEA`>a@{^H%>R$YSGOJ%S8yLjbq71;d9IVJNxZV*TbcR0OO1iE)Mi7( z*D_PS?6iB}0rOj2n?@>NM$QL8q4NklwH2)N!>V}TvT}JDbgJp$CY73`ii5H25C&;A z=J{M}7AQ17Nf)CL7bl6CF-+$-J2_#|H71cW5g+bAqf>qD*&A~jChVjG!7wf_;$2g^ zR@B^|$jG-USSZE)*9Q{4UAcbN=0a(YGhw(@8nN#uYlcgadZy!f7Ia2uzgSO03G`;A z%^4IDTJRE4Ny@o?e6zF}S*4PuH+Mmgmrl%es~;)O<)6XzP_yf7LtkX|*6uqGt(CGvZ06eQXG{!s2I8K z;*(yQ)%E+sMjHtY#;6jmckDIj`8{0UL<_nQW^rF}V}5TOe>e^m_F!9{DN!YnFN4)K z)VVCy9bw@s)%--3F+~YaBSk_#R7!)qlm4zJvb(QF1E}Z8X=-JdNNZqU6k1;-L}1xU zUDVR6avvxSsh7*_eOkrFSpEg0a{dibSHcGjba5`kq-pH!2MFYl@?y^foMZ)dCHq#nq&sR zs_n`dm(<7a+q@1Kj$4g+iRDiS`1kMoK+oZVqD;NRKUZMh!tU9Bl(FfSet9rRI*@mC zfJ|ubhW(flG$LPulFhB{v3U+IWBvXP=C@hA@F#XtB@o?tNp$^(Ve?>nhy$vc?DA>j z*p0;3n=XjDj{b*~9nHN`Q}xi%V0V=ej|w_ix0H zh*#C76lMeHo0+8jZGdtreU#2gRxyZNk`J8r_Sl~qZ5Z?^^amQ=PF3KK*D8TiM)v#E zyP}&?K=wmjgk*lHQLzO>kzW*Cs7xqr*xY0EGc5jY+&gM}&m#cxM1i zRAY4fE$BCaj#I{e=wc^XQHJwi+~Zu_BODTg$C`GBk3fQ%2cVS+c<@`f_JiA%W!*w8>^%W+@XZtGJ{veMvA8fo-d$VUx99CeY=Uc+ zusGE^EB5ortg9M$;F?z_hW_uCmIuY>3q@t--_)OxuI>&hMSyHG;36M{Gd^&jEU>82 zn3Ep)N!aA|$5X!+0D$5XQk45)Q?%4@M>^; z&3fiPy7~XE$O>Z&fAu)A^>s+XDNcE(qf3x-?2ko9lr#V@g%Q(T^97UdsOE4RUJd5n3P~+p+ z!dgKk*+PAptM_)MRhWgLt%AM%3;Vp&3c4)8gIt`IHkZQg>o=}%WOGN#~nH4WAv#-1+Z=>Cm?g@%D) zsGK_UW=dMf+fYrwE1)-sALHF_$M%T*vb&x#*3X~W!lg1rDz(H&!RME9XUm%Dkg zA|Kde1Kqs$%o{?ni#iKrXiI@L6#?~3Pv^SJts~^=r^7)d0 zbD7E)I$9gT^I>|^5o7WA@kFY%?@e>X-!iH=DigBNk2$zt`Hn+HKTrA4G$S|41FIr4 zLUVT5i^EL>MdTY?kmDq`osHd|%#p$(8XliL-!)WS@0~7z27SoSHA>C0? z+f63-?m7c$5D2s2&-k-J*8HVm*x?-Zd-<2PNrLrGRxVlPx*`psSpk8to=qVxu6m!@ zWr%|vR2xz8J8Mj{Q3Ge%FD8Ec?~OH(Fe&`7Tv_`7Q6*I6bW&;h%kPp z1XaA2lUL;~JopeCtd)jZr4Q<|?VLC=Ad5bcDmL7fEEko>}+f-R<{me`!* z-0su(u;+8w^!e0LM>vm-KQGvg3|a^f4egAX3FjPob3fT1e~8`z)?2gs4$^K8IZSm- z-sR!mv%e^V+=9$5=1hHM*)cpenW~N#s8MW#4S8^J$hJPrDi7r?)RmW9oA0ZO&vdFu zi!@wfyU>@_(=-Y7DpUZHiL{x?LTwQ-Ia6xY&%0YYpV0ojlQ-&6K-R#Z;lWYepePWD zregJ30cmH)wpDg7jrp~%A4`#3f7pjHqTk}K{0)40&);9~1O8ea33&yAhe-Y#7zzCvy zdyV&vMj-^5kOqa=FeH|ak=MoTZB5d;D2Oe!pRz3u|g9{T>~ z!D)yTt=DuS2mS*Ud!E3Dqt*tvSLol+DN~{6{L?L{D;A`y?9;`R1T{D&V_rDPWpg**$?@HV2UR%;HH^=eM zD8b@9sy0mjJ+?ss9z1+_SclL=Ua?_` zJ&AfBoz-*@JU~7(DsIKzA51Hz5#-h_*a4f1Ok*r@}g|7KBi_O%d76yTyO&xxHUJ$nV)p zlUmh(CYHT-WpnClo28TSRRum3dT3T z>JCvO?_HHUl-6B)TX2BPB$Sj3dTsqvBJ>6H^S&dY(Phd&W>g~}ueMGHgU#*3AQB`g zbYjN|FRPg11w8EP3mfB;;_;fB+zpLoqcgybmb32ov~P&fL2UYD3Y$rP#XF@VdLpAR zGTum&3>eGFm2GF%A^!;a-bi4gIpaxxS*MjBbLWIlr#ujm)^6bvy{JfjG-0$VB) z^idTp8$GP7W}YrsM0%MX1fMql7tzrlG(K8V#T*b~hXqaX#9jpw6%nc7*HBIuA+(hJ zJKpqflz&fqdOkBL(=_N*eT9{)*^uL>*3tbvgnjlG@u3bWLsGW1l(Rlx?_7CVU~s!_H-Y?c z@He}^NB>VGestd&$H8uk?RMAGRSow{M7BEK+{F|9c@B>fkIWSNd)-9Mw;=iOQl_fE z(W>cbF@N*udNZ4hds4o+9Q@Ra^__GHkffZgK2to6h`ul2om#Vgkv?HUm@+{AOQY6f>2MP7BFKe*WuP7M|o8 zTf}$wE`b6GXHLuT*a#SFLlKg>&L^#xo5=`xgH(T*Y%|{`UClCofT6D%%J!MfRC4PI zXA~VQ`HXG-dgb$i!v}13VpRzRc@x`di24Mk{4L%1jg!*pnD3Z_r2%`}LEI)m718X6 z9;!y*>%m|`W3+dfIFJ#cCy`&lZ1>4&FPdS2;5tJE_2j#oIhe_b;WZ!6KEJ?sEbC5X zS)>l360C`&G48JJ#s#Q)CDLBIaHwH}Pm=XlKm1Bfr?{eKu@#}d`6}Es>>yuM81MJu zudRE(PC8cu^aO@lqdrqLOk9gE35P6}@0|A${Yuj>e9MIEypM1&w#(~mEYoW8!K_bC z;RDw~wH<^~o2=9YZ?t&8%00>4;-77z%V+$F{fv@XAp})%(kY)jNOAL}LThIlpGVZd zp$#2fhdl$$zaC{*wBXXjEhTy*hSXEAzC|vix%0L&7r}4YYloGUb;)^%wJ5vI!Q7nt zXpE1%ThGMG3V1dS_jL|{-Thr*iS-fvp{RT&bfOXp= z9O1BAtV>pb9^QOI2e1@4jx#>$;9acf|1S}gb)K;UvP|DD1HS*i#TuL;2*>o{vQ+pY zjMyRr!O+ai%-{cMQ_#PU*aDvITTJPbq#9XHJ8du)R(;5-9gfP!U>vpk4=DmKyl|{X*gVcsZNRE__@$FEF!1!MOZ*>|p?; zXRn-*uQ&l;TFJkr*a1Sfy*Q7a0sDO;HNd~+COpyV6rfu4dY-}$2!OQwrt&E+>*`yN zl;gao;M7q#yaiAV6Se+!^V{xrJtiwlvK=Lk2FXuu^UH4U;_}bDuiB%tU)YidMzMbn zns)r)co@4NBg|c4?sp<|8NcuUS6?Ta=f)mY2H{u}u)h3o(H)mPaBUpiN(5O`x9x@h z6Y4M$Hv7{QnvzE?Cykk)VCN>31bg0g(B#M-6dQ++0Fdo0`Nv*#Z z+^a`_hi#n*-F@T?mgX^I-OM57b?O?8VKQT8B3Bl+*sY6!$6 zntkbthcL2>07j``D;8+e%uz^bU$2;bT~AqRJ>nGr)wVe~xv-k_uQ6CqEuYzQyIL+) zpDrtz=GlIeZ>_bgX{o`em+E3}Zi&S(^Yb9VTDi2suXwgX|9ydOqo?E5VR0fOw)n&) zb1J}`O<}z4iNvSbJoa0`Cs=be4yZKQGj-nkx4u6f)1OVJo66LH50&|SlI26ExX0ld7N$La>3c}Ypt$9K;clLWR~G4XZ5Ty0^v^Z0POBE zJybPy*w(G4r1($7W`zM^IWI&$q*%5%U5hD2wLe45_%L0!pt=zM{;y#1YeVxI%0f04IAa7@I9v@9FhCECTI2OK^bdw*3NuUDvCVt$1gcY zDFvpjq@P1pAHeQm9bcqV(0?T9CJROXk}f9S zhmhhHe_7~kTNK^0eGb{+5rE?UK*NtF5uYh@>Z!Z9+)tZ=t)P~b@FeGQx9IfbjUyW{FYcmi^-Q!)A6Qw-JOGR zg&I0)OL&D$SJP0$`DL9M$xRc7u?S0wyFW~)uF{8Jnv`iCee3>L3k2B=gc#1cT z@tW(uo`F)0#FPZOWNpHz%klAjs^E;7(pou2=;zInJd$rO>=lIgDf?f(@|9OIA34r9 z<`tvcDpRv5|I9+8ZQ~{@P+WrLUmYA?uOdYoAq9PjOXIAu@QN8S=%C~l8A`UsOa7%B z%4DVx%v&qS^(9SfPQJV|=c7_IDy)Ej+Ej++m$}@b>6C47XIE_6*Id|p=)`_*3zOlb z(h|o%S4kp$zV4hHQOms`JA_S5$psDWHyIru;XDC)!^MVN^jeeO(!92Z{#H3D6q6kO z>Ace%;F661pXi~F`Z(06T>0ByRw7z;>X8u9ZFehi1}|d1LFEYrbcfvDL~5SAf^KT+ zAgU1}a)mlK1tQZS2gXEGIi}L}zncM}ek*@jG@LO1eKdVn`uDL3vBL<|sAuUbu`jZ2 ze$a*Stxa$LA z=*O0bqReL9R_@AI{t*S75qT`RU4ywSK0ckr^=sI}`0r92Zc~DTgSVWuY~VN&fXDdH z#sE>d0S{-lz8@j-03{)+`MH0-cPD}z)Dl(s?72a@as&TW8*2>_aL~pV&Y6ev^y(Jv z?}3*s3^)fA-b;Xu@Ml%DcTCV|m;%G9nhW{Fo|5^|#g(sZC;39JE z@_f|(SRe3M`Ftr0U_xi9*?UFH7lnL}KyYqT^U2W>kO%!Z1p+Gg!7iz1gX6yDY!IzZW^@5;@Noxyxts9*@!o z5H1hB>(g$W=jMRx6M*Mm0gqtTsL=HSe%PV?@d|!kP5zH}?GLHX|KuIKC)@8do?mt} zFJD%qwrtW{jAq5~Ze|4R01QF6ECQfV61D7#vv~t+PsiJTTX2g09bBRS6!axHcQarW z)j#K;Y2Nk%|kcFK^ z!Dm_^899KUV{!Sa4h{eU)nDXB&fpgHd6n`3V0k_WE}zBTtlRR!KR6t_bMUx<0B3h{ z-*$2j7u&%bA|HUbsVZ{|7j6J?!v?;E7dP7293f_pwroMmdb9m^B zd-xj%`$O!p;&;u8dIA58_FgMRMR)Mu7Xauwe1KrNVGCmxEf)Gfy5u4Q@i~ z+aHfW@Tlx|fM@z(@qCz#;JI|5?=iG@Dra?m;U6*QA7YWM%qKj1wISs9r=R7`{kg+K zO#7Lf0PqbiLrmv#7+tJv%g$rKpJu>WO5DSR!41&ftc@~{I?RWSa_~6_d|1r9>OjJQ zInR470>{}%dIfL%Mj3qi`vPK#y@!-<$g-bpEY{_tmbtJlQ6a$EA{CDRCx^IJFCe+`&B9l4$|I*dj6&v{7yxZOl(RCs9c6ohc4i!UZp zRbr*Na=KjDQY})*6!7zI3*ZMIk(28+d!9`^J?W1$ z9yDdBmRoB__&Nkss>}{6>eNbR-9YuimyYf|UZJi`h@yP`)?BG>b~|-B)N2}ZIc;;0 z{~@_p>Cb%9oxk2C3QMwn>d>Vr=Ro?lj|=V80)B9ycG(mGN0AVd8u@8tBwcATRLs-x zt6+)tc!Eret%u&uafO7~OAoH{5^W?Q#13rSV)KHT)%lQ+az~Z&g4b%acsvF#PPiEH z71qWr%&E_%mGZ=F9r>_$XC=xTsWru*8KKc&VzF%$Ym0g#pMj5gX;k)GNLcPP|JH8i z28!d8KJ}cMLr4s&Vo3J4|E7%v_M2D8m79NZ9@OJIC}ffze4X?CcVN$w?yxlv-z16t zw~}oX6lX$+`I$5dKedt(V81N%0fC90i;+h)xKW*_5+?sw{%>+5-j}pLA$RO9Tr&1D zbAb^2W{7|&3!1PQWk=knQf@9cJ%CLqGl9t?>GM~K$litVx6VpdojD=uF_r;B++;Rr zI&6VP$~V>yeSUjTAjtuFowTq0)5JFjO1-Y$+?$?PxsD1FrVL+^>U!mEq!KOYG3ENy zmGQpqP#5aT%O1_zsPed=g6m5{Ra&h(Ks_u1MTRHI<|g`U$Ld&{ecgF@11S-5wRoCy zq~vVuXx#OyNh(LfQ-C~?t%O_m+SjXSj(bK%D) zsYqS&vV>5{DX(`)cOYBvqkC2pP!@M;CKicyL-mRFpq; zCaAPMUJ(i1&MRI$sxB?}pv@9(6_@fA7Fjs%%VsJxO^w-0;s!z9B0_TGdcf z<;7nIcvzWf&V!q_wSScOZ_IHRb;M8zZ& z+-2}4PJ^Cgw$~Y;eR7VBzokGKi%5KEM$1?ayUf0=PyGpoZC)0Q=Vxw{xjNAJ7a9PfBclKuFmmA#pWnkTPKu(cZst9vVW7;_=vI zP;Sn=FXY~f(IBuK;~PKc)BXINF zFuy*x)z{bSRsj6T=SHMJkF!P-RM5%#fynYh+%v~fknw)J`II3T9&o3~ku7ox+|oj)9jpNldm?Vvx95~kr{RkR zY`_mbrRq1FuC2{%T>1dyOiJ(Pd#B0Ea(;ki2d~Y;Y}vw5lnMovBCk1YpP;po^*0dmdg1*`K_B1vDO~u*U1hZ3haQzEXq7K@1{&uZPZ)*7K3@ ztE$>D7IyfmGb7T7>9=*;p+zx%DXX- zfR$?m&2shUen1B~5^xcx|D+M%w$kWw-Fn@+u|wJ9n9H+zwYcK@=&c(7)NOz>`=sO^ z)7}C>1g9fYFMqg`gFfy8z%DX!a}HcQs4r7 z$n*M^g4)w^hu+)sCD!(PpeGu%d=uEa-u8S$d9pZoWznSJ12saU@X?mpc)B;Z-Ocyh zlRfizejf;zKPsLi!lkE`p1sU(+vCGcWVK*g3 z!1JN+Q$;?l(B1A;QX}x}`DmR_TKQeJ!FNVnDwP4kz@G-24>9mWcDq6$oaY3i>y33A z1#Es+ki#?n`+I(mm&Z125Hc^iLJur~}eWIOh! ztfX~dh|}XB0noz&@7pH-eDv9?*?(5gDIby&d(z;zhBKPk4S*-Je704dt2j@qL8N@A z4?7zUkL5Za`A4$b%{KVBUW0xMf3SOv2zLEBCG0KEo~d$3S50X1o*Ca=#VM=!O znIGM(1D<<`y{c5#$GPcjPK0hc%UD~{&RJx@QILU-PM zVoI}UDf71~A4#P98k3aKs?DQ1sp5T2$5f{FrM#8BAmgoatqi6{Y6dSPw@0r?D0Cq9TG z1OEQE-2(dxwOSG_BUN`s6)r9foMCGhehw~J+Al@A9{X4E>dRxIn|=1S*OXlZ`|k~Z zJIW-8;mIaUnGHzez4}-?eq-p2@RW*6OREM$Eyn@izKy_NB*7_(4EP&QiQdnSpR#G7$&cjl!Iv7;- zwro5#yhy!z0ah9O0S(hR9SW1Ki-EJKxhSodiYsqyaL3=a2PQ(4jFqa4 zOF{*QC_Q*^*{=fnba%szs#cM0gmMVu?s_4v(wh`pXX--SmT11P>|-XpDrh^dl_6I^x0cF=;(?jRIU@rsOo%RLjsdeRk z43I*GXYDz_MTWirjmhiIP3^G*_37lO;(k~1`3Bh4Z!A5}9o`bdGs)@mXL2}86p8d`I~Q)F5nm@wlLYNa_A*=z~hO!>F$p=YHcs zINKWX?K)pYF|Rdm(7?%&H3_%#e8B@ze{&7K9WcGa#s?C8*rYc!BRY(wC1N^RVjW2W_F)lA1;? zGUUcZa?)a7hMoV?k?0bDBO^oc%?cYmvl<1Q25IuNr)sP#r^~d-Nb?aojHE1`oGHfs zxS(Ab*K&4184?G$j|~GGQN3S}p&+eGfuVn4-bkcVu+L~sW|e%t@t;OsQ4fiRLU04A z27@9wj5!fLu%pk3A(A9HDq?T)jv2Ucsj0c}6UXxzjBMb$Y-ZT?vlIDYSkU0&x?8_% zs}uGa)}0QtW;fy>M4y_`lLtp5Sp61(aYxf5{V=p2ESDI644WZGIN~lTc(H54&ZALU zFq2nnS-xP|Nmp1nEnAycDC1Y2|F0(GN2RJ8=_hioN#lZ96_(O3zON7zKy-l}5}MeG zN&^#@Wis~W1xalhd)#V?+<97SUQFsFB{4ciq$c9xZ?`4_gA8r>Nfhk+4uNPe7EE)- ztL=>WKd7REkFJBV=PF*$r?I2@txjhX%8b0309rO@x_&r0upIf=Y-=YuD^lQn)WdXe z?|bY0(P@3k_2eScqud&-+d6ZtIK9v1!pF8PT%yWLlbf?TG3WD2=6t?$o@=z({V}qQ zEh92ArIv8EHAB;@R(rT`@>7g}%4-B%u+;@Gf?Se|eSu_z#(SxMHw|pO2)0W zFKigcysi+@PFhOL5@{`%SdKJK4wKtv{g(-P@C|G0I>HA+T)Z@r2q9B*ANRlzz8A0L zXyhmO#!|rUrB)YWYTWaxlUc0E>_!zTcm<_bfCG)J zlIRO6wi#v>n`*v2XKiSFo#*J02c)Gou0AsFB@HiQgH^4{K~sv`5jjJevvI<<&w-;I z=eZJ&hY==Jg&~$N8zr;Om_o_YRnYS-g-dV(E}!#L&fjD1i7K7)Ps~iYM+%(RCAB5^ zRf2E%9GlK^Ip*d*r2UNKO=Oy%v6$WU!_On7mRzy*?fJc2i&8*|GP(lrD6W-hr!BKR)|2B0nTp$vHF3jY|wWzp6FyWzZ8c4zBtweAhY0QL-QD^h-K!slB9zji7p z+d}X+qlV@xPx<{huqc>H3_Ab6+Z0$`?g*|3v`Y)EHZBgqS80dFLkAEN8+^hzIDST_yifZEELPsFOoRJwTk>s;4Q$L6zVq11!v_nNjt-kf& zo5ij)x3AHkVc|ltDi%{81lE(*zW@e%7c@CT5IoW}zs1a~W}H4%JG(ESh;xmTtSgUW z!Kjca#0(@wZv87rQaRqeTi?IzO@1%0@u=*8?ZQZ#S8Js<+K4Y*ve2R-kCg?(>(H9@ zGgvAi4V*IL!7nT^2XU0@R3=Bt&CA&sOlN?(`PI#NFf}5l&Jq~c8;iP=yXkkdYV#137%+7218F*kKCsGoflQGy`T;a+G>|2n+{nCn^7 z7wgL?VF>K7yaHSw#UhwgoquS!xSVT$O+9FPRr~>ejw6%qGa>bab{QhgCpA}ojwE>u zvO1%ju2*8U{3qtd2x*@LiZT-EtP*+yQFWKf#23pruoW#0L4CV(HJ2t0Ccb@f2+}lw z4fp)t=(qk5w9TH?u}byo(orjKqt(fsht?Q=^`H&>M zPI1$~bDjD~sX?YBb9o!4+LNf)(gFjbUW_=U2PhkMNdtUC2g9J#w;x-2--=J-OH6ej zcMD|j6L(3-U)ErysiCT*p3@PXY@>RRXZ)$TD;wYM+aKswom^DRxScc5KRNifSu7Ya zVK({aDe2x?@8kWZS?1BGeRBd14w*WBY>mMiS*I6ZYbUoH8Itb~+HF6WLPFoJ_%CK= z-yRz1w>^mw%81#p@)1U_)oH;r~pqNqK zuQ9@>I{Cq!>rgZe=j}Qg&x2hjEaHfhB(XH6w7U(_G#yJ1zHrs}u$OVW2OuUeX|(lX$`;0IYJzT}@va4Otj1L-uo>!{e35}MMkHB0Y9YNH&y zh2OB*>QeK1ufO3bg2b|ovop2`TX`ByMj+hRA)MbtSgYG;rTXj1I++w|vPh@l3F;cz zkEt7gkl6R7q9Jpq-k(A`EHmf7m{WZhLm^9;_H-m#g&*`j&6^FVO`F+|QX)6&!v|EE1N2D8}o)XWsJbc2A=It}vnl^@0CgjH#)4 zxbUrat9EKzIu9;}5w0{1S*129M%Wm`sq%==(AYwKOhLVPor6poZjF7))Ufb}ciwbV zJ`Ozk{|{Yn8PsMM{_A1|ic4{a0Hr{2x8m*&#ob*>p+NB>1%d@BZovue?ox_NaQBwt zr9BVtfA5)d&g?z;Kt4U0WSDi|>t5@3U0WxJURR;NTrnOqbwbt$-*zF@J&(A2$S?fS zfcb^p^!A!i$89GbA_9KLBi!un`rjqZH?Xm2j{fa?-oKdkql+3muH>21uqR;bro8_5 zrn&oA;;9q{T&}Nx**yZZ4uMaP&E1b5yACj?<2j@+TyB2==Q$VuZZ`hT{d+L`w>J>8 z`fpU?!&ACTk@&{959d6`t!Mx5*3>@i-_ypuNN&Jk{=Z+!-QJHIf3j-+UHp4uZ7LE? zf1J|4R{@S;L~{EF9_z2K{yV5R-HwgMzOSTefS^K%Ipxb6FO=suLxtXd4Q)3L+{k*x z;8sAf{%VzZB%i5uo*G3{KFUkeg4njPL|*u{a6&=L8D(n@1}?#uHC}>Mi=f0ebrGNV z%;ci*RNIPl$;xDGtD&*7LBD5)_pk0_w3%;kaiYKL!?vXy=;5Aq&=c`qW^f9MV`mf^ z=jPP8JE5dNQm6H}gSe>2FPxI2fcWLp&1#YEe6tg~+`!|BBiM%fv;a4#v^womqpADN z^!vb5aPYN9F;Q-9F?H2(!Ed77M*M`$>P9^u2KpmzX2Zq$1tTi+&#{YLdO2JfLO60l zjJDjjU9T*B8@0aZ*_5dCQYRGJ;SrWv6ItA6YoE7)q)Z#j2n@Fq=p<7xy2`Q5Qxq@~ zYs!eKWQkCg3y!dg#DF*wws0mtCy%jGd@yB3D*s_7zZ%&P$|YVA)?qwqPeCs;{q`tW zyIf~-0Z2?hZJ~%0x&qfm%SNNf?;Ph}stiqV7u7L*S1E&}Q-f&zeAQ9t(D7q2liUjx zg~{IQK5C_({IzdAR&Ad%tSTeow~#ycv_d9i*u0F~6-?^o|JIDWvV%MdK~+`X&2E3| zBUB1vld9gG^H0r&ivXjczt?8}H0%hwtf!4(T18bHaYzte%o#_~W%QWrj)E(`Sb_lo`A%dAiChtwlyo z0B%6_ujk1Rc2gf?_a<*|F7fM-q=8_5oyE$NZSw^yB-t!c(lBI%%K5ohvJN>RLiT;4 zVnO@|^?s|P?mwEOKl&W$cS0F`FUYY464k>|B6wG={M3aYhCY}lv!vZj|CB&1lDepYL^7&5 z<}!;zSa!ttNpdK+O@eN77BLFRAmyYVw!{v#CeeNLl+mBctU0wcq|in^snOSN{ zSbod}j^u}o_?}9xuH=DcJXd&f35*_YjpYQ6^xSD{6=PlX64)Rx8x=dc|T@%^d>jA-~H4V$jggagq?15^9&3` zQ**QjuZ3tsj6D+ENOA|yrK7*R;=hKjEE=gO8q~WJ+c8@Z*ZG&a>+|qwBZW?+=432S z_HX+wiGM~=%_kQ7?#9xwY_${C+D|8gjl8d!HbAb{eumt0E|)j3t@3()E1z02>#vKC z>rOOw!Yye@2lkWD_lPL{Opi+Pjm)z7E-V|#nSK|F)#KisNNVgySsp5TU7~^0a4pC3 z&P+@~w}N>#UPG6H*LbnNSN7}C_Sa3nH+h)dHl@1>AzIa%(oBk5j`2m<70$HfC}cK< z&(!W4@j=_9L;UJu?TADW{7KA8xpEmM%yJ7)%vN$AxCQa0`e3`= zY4LB4FDqZ&pGf@KS`5C9+tfdQ@LI*4zMlS6_4|tCVQ{hgezJy!GNL1(rhL^j4Q_7E;MVMhZmk zLElBiR*{74kix?=M#*see0X*^Z~1sUX}v-58CanLWw`H|P{aGU!CTfEiFk90eQ#12 zVIaH-RpoN1k4qD@?NE6`A3Ob>Cr1({8WP6(J>wr$3*$W=R_6)>fAea?g8XpSPnb zH6W_g9@h5ivZ%a%@V5&RoK_7%GDA^HX&x2VBU6RxqoM7ovwNiWp(C0C0eQCz86I5- z5~f>P>M6Ri9Z59L!9bd(e&gagALl#7i8)3&g7jDnA|;>1S=^+~V5MztMAbMbU3qO*bA-Po|v zvr-(j+<9gFx0AEitRxbqi?KX*rVW0_b2AU$O23I_RzA7Ekx$R zkglJmBEpPcilY;aV2w|w(C@SEXi7F0Ohpt0xnyY<%+|d#|9`Ag`U;RuJ(I#X^cV4m@S%W*T_~3l~ zk)|Pj(Y9M+q;y_X{v$K0x{2&f=#PN~qI28S5RhdEw9YzNN7HKxA-Sl_j2R!HnAk#7 zkU1&E!KCFr;SHjcxg|fTkaixVE|`l;J5sQ6!ALn;L4H(AseB0K_u1$O;$QirNp;7+!bb7icWDbb5!~qzu)grQfSMCV8WCy% zC)d00A4UZnDb9(cr6*lp8!Cj=xNG0Ly?Lbq0-5|Mu3#~bp*zK5{1UVf1*A&92}bv; zmS;&~(G%Y$T7A`$4r_&lMWZPvD12bDB>s$&czWJ@t*4Jh#;k;OdueKi@zFVB(I0Hz zh6imYc?3oT%LC6Ng8yj}E&pe#`MgvDhq-buq_FCP;#mvzVyhNyOal0Pw(&Mr1J6n% z5bQ<4C22A7I?jKHwi`0H#PMt*!H1=>QeWjh$G2>Uz2oiufCmoeGfhXdUO>r1GZ|(t z)pm}<5l~70x!Z8W8W~VE__Bm2bke)gwC3@zy$5gZ0)J}~s02E2X!G?x;-I;9{Y0Dnc>U{eWgZ;G zjDv$)dSw_~#XLPN^4Jm9KRbK0RVw}zQ+TbNV08Qg-u^b!yrkE`QvlDHg@`sS?~h(J zTMQDid+7iob#(25(u7I$Lge={BVEiH9c|>eXdVI7@^3_U#`)%twRfLMXY)hAa#)2at5Nn2z!Fl{qyLMPb)rnC_&K}yu;tU<6yDUpY zlw(j8sA~Kz`v^^L(6Op3IiQ>~CA*(pZ?NH7!3FoDu2W+_w1w>+MTQFCC83oBnis1S z6>f$KCXqW&vc>T9e=H%Yqu7s4HET~I9%lwlQD;w1>%vP)U=sC9xCM@7Q~4Xo?=rm*v^T|^6tS6> z*2+=V-i5Vjid<;~B=|h+CFeuNQ@?E;<)B~U%lJilDZ-Mdh*7V$UaL>YSe_??i+0bG z!yh&on}S9Q-b!n+x%N-($x-){C$iyw?yRzwlBq{71KhjXj;NzD=tH$=q3iI8`MAmV zsjtf>G&_5Y&&vW;%$nz`Lj>AgXZveasZpbsY-7RwZl6dlw>I(#C*t!IU0#yk?7e#( z>YjS-Ys`El%yfNO5g$sGad_w;{`ZG@OxHDWXp<8qSYzX_woWzg7D}zg7@#CCGGIxS zq$*}JRG`-=;DyBGYV5>x6bcZ`%GR>eMF##9QNTuiw-Zr@1fMRT9 z+w#YKj6ZVFsUr_jX|C+P^O7b0SrVIxtknEG{Nk-?A?KYn@7q((050Blwc)Mtv@f8m z;f0biDYeUiEaCLuDU)8>PaOixh_Om^p)`e|v;g!5iUe{iDFiQjpRZ57I5b6!6MSEi zr63YbK8UhHNJ4dC#^nfnWcZGJM!XuIvh4W~L+<7Jh6HZrpU=kswk-h?)aOI;|7rUE z_uIgy;WADkY9y!=7kl-|501s4Dq9>o@`i^5vZwXkJBr}T_$sI9Kk=fuTQ#fqhwsKZ z$>i6iPy`%9RgseAxTcxJmO@ysumQ#fUG4IFI|~7Lp5}5iB`V%W@O-@28l?ht-RF^p zl=`=g)yhhHo8HaeDi=-~q5E%DnYH~|gt;i!k@Ni71F7{A9owmH5p9PwVrC6NG7W)~v<}qj1?zw{@X0*^qO_}Zg_v~NR{ch6m zzwTnwZ!v=UYDfkiJnVRupMgOO-);Ggn2f;>YkruKAmePN*SX-Lk<(0%C-Qg1L_x0D zFcep#3d3_x+ZiJ#L$Ki(i`sCOSH7VSy`S1>5~UQUmsZO{G7BEBBc-^Xr$Rs5NOlG& z!s(3m&5C&yyNcDNV3A9MC$D%>$=?wMb3DsLz+vd6G@1T=tqPj@yvy9^DpJ>q0c0rm_rC&ztc^%o;+?bce`sNB9`D@=`VXfU*jBGXtT{K6ChPsE1C5yZwk> zRdI^$hF>SA->e!qGPVhAD1{ *8hX?n#rURy*rIo<55fgJg;Nf+N8*U62t!pUG)r z0*P1vV{khI7h00qUY(`V3l@%eOVVcQec4~S;QJI1d{pk!-KSDEH+Z~awJ5S8BG?}6 zetfJ=^0+d+4_4L}|5)2$Rac}Y44LFIH2P|!KroUz0x@h#Xy zSF&5P%vI?R_l8J9=Y`B6!c z{7=V>W^?=p;a2SRQsKl9`JuCxr+cnmi{O=^kIr>)&v5vwsL+DM*IXWd<~0W2O%^TM zgfZeavaT!DAw6A_q7|T0qX|>IFbO3gtW{kfUGWW2vZU zDM5G*gC|An z>2%F0+SBDs+OjHR;gHvc!}`^6UbN$-=$F^eOPXlb|8;$HU!p8^Ca|W{ z)qAlOEr3GR?9vW-PfAOO@J>3@V-wL0@(KxqVa-~uIViB1(O}ipLS>)00E*gTXbxF- z-gNfbRkdFeQm_}p`8_}@`$C&J@J~-IHan9hf$423q-b2R2nsc-o8KOq>1fYyw96YW zAKz}IXZExFjB>+bE#%Wjb^0*Koa=u)$}1viQm;cSzc?1aj-ZkLgv|{5>&Q2kx}dc{ zvbS;!hOX2E{)CJ#>ITHWPqe24-irF2R`GR@S`4nwnkQg0j zilL)Dl^sqQR9?IQO^ud8v9!hU8iRN)B#QeIZabWZ-yd6Q>Q%5=%BZ-{CI(RB5z!|? zs+4PrZ&zaPt>4Iq1}J5b^}@m@n4=EYv8@SL|s7 z^ZI`ZCMOrY3W=(qXw}8;H{x;OEqAYc5#5Uw#m}XL+2rTGXq3Qz``w+G$zm&;@qkST z#wiGh(v`|}6bC}FYNOphBOcqjt8uTcDtlE5mTS8O>tFu6*bq zIW7u8Q9QUwkYKuF(BF$Hq6sz)n~{1o@qV-JWI~!fSl|_=M7a zUU<{IH>JQ?f;u%1t}QjTo)9B}?MP2My#q+(ocj#uk#BC=stIi!8Hq)auw`~ttdTrj z%PO&DsZjhDq0q+61?W7~@m;CRfTC8qT?6x4m40Ud!i#gAoMi+;#||~5FeIzn&Di!P zG<~89Ikkyo0>y2-c2q)xo>8NCjCK(SEUMQbL$rO~vA9hxfvi+!Vqjo%Ztp#i-(QIP zCjF0`x}~WVxle@>Pd-l8+u6GjeQ!BDLP)XpEJI2$HU5PrB0|V}-TWL9Sb+B`73`kn z!)ekUc+sl{W^_{l7vC^b2d)mur)zf#=Te$>J{VX|l`A`FdAH`WTC}#+iMCaPvuQ_* z>s1EYP{D0khVyUqkTOw_aQpnY}eEc8EnVF4JAfXL9BFEQrDKP8$V@LCo`iTQV zc#Z#wO8AD4F}Y?Rh^SO|_`=i!i6Js1D?2=h3^iY)U+(yXnDzYAU(H?VWs zRvJxwHlHg^aXi~;Uh#J4LsrZ(qx3vRUQ#JiRirHJV8bE!!TOXrCHMNQ%B z1|GD(nv9%m*;-q=+Z-Ab^|mS`Cgfp0ijG`o!sQeg6V6aU(~o>jCQ|bDU6_hO#sTWU z!TBj24P0YKQV~=;T4vCjHalQ0lhDhQ?NtKt@<9!qgdkfbKr`>+Yk%@3_QtP~4tOHkzw zn34+WnUB$oXdo^b2htLE#B6Y4E!yu(br)H!97|Cqoa;}Va}?$A7p?=FY#%c1t{}QQ zYM|omVk69Pc4)b1`nEM|ofm3;(a1sFU(88u?KWkM);ok?G$DtoN0=eDo{Wc2 ziH(XaspxVXAvER|IafQCWb}p^{#vf2 zX8-nn&0myeq6G%zF0GH46bY=F+{`(ARijCoWTf1#hlGnkqB(O$#7;)lHKu0b_Z?z3B5YCHrA8p!4mxseXdm(#=6m;ZA2c=xwN+&?|Glmk9MoeSHdRRFu0~UZkyU z6}=Phl3^3Kw#@3()j(!Rnf;4aMTM?q58-e>j=Q?F7g~=6!=32V#?Tl%4dvZVRl>lA z?d~BCvv#e%U$a(zs=3e=Nd4wu7FMdBEx44c#w?Vi(1Ts|hG9arzc@9z+~GrVJF3Up z1dzU{DxT}gFw$jh)YGL;tF|Kc0(Lru$82gEUi#3tmeu68nPE@Wp(!tkW#0QCH#lxA zUbp3{Fn{2tvp}n00VaibpO5bA~i-O%Zur=Js!&uDP1AdMbSHPWX=(W?i zZO&ett4v0dmsArGsP$MAmyxs@rJc|99yxrw-b1xR{bdO^Ypv@D3jRh(NXJCq{FY~$ z$p(_n%HH@k?Ifjr6co$*BG?Zd*3QGX=bea$WG+b!@=h9^OY&H@C4@9Obl|ml52<8gv;wF%Bsve3KxU@Ga|VSz zkyI0}f%b`hX_fUAsXdE}gUH#$mFU4~r-W101ZGJb9?RgPA3%^+R1ddE$_CQsd(#M<#AVvB{#D-7?4^oAeJ%*+&} zlsVBvfrO3s9l=nzS*Evb!gpsJ%70^m9|ElVe|v(OfP`bj+NBSww0G3JJl8N6sN9pw z<60J(mVv)s*Rj9hk|o%8jGBp=zO+Z$JuiQfid^y%pB59tOB`yrs=hqe(wr2A9>Wsb zAoRgOB~>2pN>9`OB2oHd&>@;CGpV( zR!bX_(e<4YRcJepBA?i!KSx!iqmTZrJ*@`Lc-`#L29ZExxoS>1Khk9hzYom`1Au@7 ztQ8B-K5qH1)K9nFjliEEAPD*l&VJ?)bRR=2)IQuJRQUTU_M!X@ zuRodJl#%=^IvDJQt4zV;W5Fw#rT-xpr0l%3@an@G-^WSL0v zSYifLc-Fv`1=UrItM5MWU$pz%CSuMt1YS!}aA~tt%3}2P3G+9_Xym$MFf|#*9&eF! z)hi}TRNbG+8Ov5Y6+Y#1ZExOJsIwBY(zCHy-ITWjaZSVFylhx$5z1od%VZhC)kIFG zO-}i-cwq8_gJmmSs-xr=`0vhS7#=9@q*&#Wbp~JFWJ<|^&%Hd}SHVhCyhUss9@LC* zmdoi75d1>Kum`$2TLy?lX+dT>L2er#sUknsN@Xgb(9_;(^;NW0BlfHR2;ssYBK-5A zt&G`1P{$gdOtIcnmX#gF4dy(Zm2-BVB)ux1a7w)nahcR2PO#U>6+Fjbw&b+i9_6*8 zP7~zwfoVxSoheJ$v-E4UxxR*~C>jxsnxjTAX7(Z>bIEMtu$oj3BE;iaTzP!g$!jXd z4LWMeKY5t5RkUERR!at{3Gx==OK#j1HoJQa%Jz1Oov#wvE(^QEP zG?f>Z-u<=2sqQ)#%#qi|m$dI*5xCm8vetwRvhLyPCX_+Vk6y>Y6(D>x7h9?_{wCOT z@U&G`v>jGX?!l$>$-XNB?v+O8cQEHOF0%H;{b-^RtKC@S(eGQ!&W+n7ZZ6nHd}C$r zg`o!(-L%Jz?z{IXA4VuzCuvdwpDN@aT6;0+|BO{O3?0c>yD~EkzB$4PA)bekEu-FdE>MxlPF0c7tL#Axx+R-r|;+#vb&*QbJD{;D+ z@2;RH$lBiopgz|{H27H5*xGzFtEEFVZ!i~r>)|4jxK@O0@D(&^dpFjq|8PK|tN1z) z>66Aa`kL+wxdnlzAm-A|FNG0=8gOklQ5XUG(foA~K0&Di@ja-GFx zW!w1sfPcpBZtca_X`MKxe=9Vv_MLv^y^+67#Yad839ukQ-NZtk3)CshiPICV4;}eH zuC+sxi*mq4xfCOr21U+}UJ`85t|)Wa5Ak}hhZRnd6TN1BeHea1GVf-JIJcX{aRaPh z%X4xF>vLhPpN`T$9X;y@m?iE<(JZ&7{fBs-Q$Zbj>~8nCb!N{-9FdLtscf(4z!Q#X zTZh{-h5vHTKZhuuv(KUiXiE>IfNcj-d<4$KZS|_YbW`As@Z+&b4)r*Wd3=v z{9o&4x9ZCzBO(t@HRG`5(5{PgX}6SY`ix)Hgvjbu8IUv#3M?9il9xZ{hyB?tFH(9I z75RWmu~`{`e2@+dKWkeH@xi+-cRtSiL|r!mAy4?zZ8@>E3zl>)2!w29Bjw<&A&=8IuXaY$gD!7)Kh_$Z_| zIfsyrz(2>Ft-1u2)6a$HBr2@4-KXb+Oy5L%R1@M!dQN*eE&{<~tt_{s!wFmL zD<%SmO{BbwHk*U+CKp754Q%P@l@_6f-_ZV_JH;s9OFudeA0zPcnDw>CC-k2auMWNeEM(1e^jp$@|caGlLN433ebyO?O&eXB=w8P;G=O%u=?o(R#rRwBnA1R}OY_mM zLti?g^7u6sklWe)Dp>?M#f(Q~F)3%od`S6yY&VfZN{{6S+cqcg^kwwl`oTrwPL>z( zZqs>%`uC6B99!RB=a0d`ErX8mu%o125rh1##GOgN~FPGZS* zvnpHDw3NuS#wJ7yT3CigZUPVbFsXfqO`6MZSZtC5Yfp*c?&tZCv|{L#U^_+9^Z`s( zf6Uyr>%H&CkJ+H&swT%0h6_@*59jZ$7gRuYML*GNI{< zhP29(I&n_KE~V&h&i31D&8smPW{`2I<80P-vxwVjM4|Y9&KMao{h}0A@=|>(2Dzda zox!m|AY#%dPJwpY-Z)dHVdhLxCo7&aKz!KUI~=*iarq}+j`_t-lIXqS`H6yQTua1K z(NA0z+F5!wg8>UJ-`+!GRH65*E~FJ2<_Mcd*eYao@8RWba@^Ip|G3_!iOuPnv^w`+ zh$dA#@K*Iznl?MyI+nb{N$6HTp(4@tYCQ=RP;qgnpk3#x@E7jXsTwFmI@LLvD_jzj zt@!GvW~SVUe%U3198VF^;X*7>uyP}#JC)t%Rmy}CCp7Aj?jav29x&Bm%aMDkUoGHI zWzt$E#%>j5`t*6XLg&sSD~HYs)AR`{CzH@-b^O|O5F7O+Rr~pCG}*{NrPBRlSDGjz zM$6fOWhPxBV%x88QH=@93Nd>pvxiUe)|ogv>*ygh*z`j~h#f!+sq2EWsVbIn@(hvc z?d`Sger^_n|6b(=KjWnmqeORqr$4i{{NAsGZ7Qq>0!}ly_bdRHzYpHy4QgKaB%wZl z>_>eujpJI&{=b^U=XLKNzplBO)zmi;UP{n=opf2{fo0tVo2S%SFX>X~awvX;0e(k? zikbNQpL zwyq9u1PQYxa(O>G$YN8<*MFn+WIAPa9^eHsMFs3JCGB*#1+^@EV&JdXw#?rm7@V7p-vl2@d~)b4;B7Ep^(N zjkDaBTc@IkBKq@KPINS5k+PsY);?cLdE1-1cm0~yTMq@7k1L1Q*8JQyq>F5Wj)~j| z))?%1bCZ-ZETwBj*;$}IDfcqRJsBs&p1v5$5+jVH))**j;>aKvN$oTGH&loaBq@t? z@_@(3FL|y>ZY{n3^wE|jXuC;Kg|CXgw#|pO4cYnpoRa4^YMC@Va>?8aDZJRh-U+k) zDR1x#+03UCBMGgmK%}cV_@pqP;_d}P~Wf=ZhaSDW>oSEx) zKDfFne<9qWYGg6xxHn)~>xJ8XGw#ZjTZhi2xjNzN_h%p`?8mLqnCCM4s_VjTiRwFp zftg!ru<_Jrg`((C1R2}8m3e}Up5NkTXQ5naWR8R~`I_exs1j#Xh|3TD`5h7ygB>@X zfx;$X^~R#+=`a1g z(Pj{<;uoUGDJQ`>!rt~Cb)LYZ9xlnGNvywxR0} zcf40XeYLkC{me;vc=j;5u^`mYG+ZpKTpT2d&(>`GoAnO%z1*0lUH)%_{a?=*;I2%-_S3`#lZL97$~Va{uG z%e86$1GHNaf7|%Lk~tmc#b|APE|ojymkOt1--IUGT81mZR&qCdk+|sj_w&ac#UkYb z?)VZZ9)GuT*e$qf-1R+_+!-jMd$(6=6BQ(uKFBxuHm|Izvl-e#nh#vsHtBF5zeR~{ zo4a|8S2Z^pUqwm$`N8kjdcXeHgjsE^uG#M~$8V#qIrx1zdC{JGcBR=VN0Z;no^?~i z*hgSN7CNAE*o>(atV82aRdUIS?>K4iP0Sp6u+*EILoH=2O=;5F(O?g9^=zM)!(rXD zH7{T)E*W)U5IV?iartq69@xd_mc`_(vM;x5d#pjawkBmXCq)^qs2f%xOd@IN_WF;= zgbGNjF*d|jj}j&ViOPAk6W1ZM)Jyr7PP-nU`f|5a9CP|>qSHd;xNSIDV;o*#qYu2W z;XG?BD<`WXB+OF2uGRIAFr=8F*HNUxO@@l9(LE%KG!rm3w z(k2tcx*H5Y2(fHGbouOlzT#MJ|4FKZc8SpTXm0S?P6)fdms3FvmXb^cG~c%-`od9G zhd!-`?Y;_zYm;OwvCxXp-t)Kau~Ay7`CBr{gyk!OrgM^_Or4nyGug?GiY!9fnyDog zNuK6d#L1+$sSlfF<$c=Hcth>DACwA8WcgC|zoSYQHWrK!-8&)37GkbZO%PbFW|ZRf z+ev-zUv7LAJwS0xPSzDFi@OHvg;2^&u*7YlEVZF1T2&+FBqNAC`J9#%jIO`0xdjt+ zbrOUvQV;2hg5-)AEA%fvPX38NEE1Ms{al0grX}9>+JE8E+P-?cy1CJux28TtewqVP z^HI!chve%Qj*^cu&adUkD;X3n_Kg~_WMkX%u@%6%q$bEB?#Fvk{jfF^wdzlbj(~R3x2aLZ-5^r8Kv<8lfQ``k z5g`>0MKCh?C4T&yNDpu3=TH8xedYRyZCbS!wA@UH+Gpin^!gd}U1)L~sjTRiqxMq> zV39ecqbTts+Od=u6O^h_eWLN+h@s5Gow{TKT`nI|m*lhfxT=D)3XfJd4+CnJ7b#uP zu338M=>B`~?~nPPJr6*zK1d>Q3Jf&uJ18T!oXkW5hN=9V|3=i8 zqcuE_JE_&irUE)8kdN{La@5Hm5@a*)o<09zdBOrebcyNOQ z0m5e@ifiZf0-){vcQ{k{On!ar3Vw#MXD)W^1E@QaXW(8p(ECaV3f`3hMQ_q%Z0D5w(lk@p9A@xlj`>KAquxY&xAXkD(|3fHM2S3(|?)sHo82nc0a8G519ds zzyAq<5uR~%yV+*fQ2qZ{Z@+&v)&!k#{QJeBt}GICn+woxv+IXoYlQ$y5D?xoZrlwC zl-vU7xtgw18;;eLl{P?F{0&h3{#~1Xq6`rLz_tJjm)XzP*R^FU5gP}ynJrvr0w%>_WbY;pyUZX-DMxibe{lHdw?zLcT}AI_Zflr44P$-PZ(f& zdPcWZm|jDN#m+qto>}qVyrzVnQF=Aqe;;nUfzT7ckT<>SBk2O3(UxxYF|GeX#p$c? zlm9mdj)n9OH^!g7W_fdzI&@C`N`XJ(tdD;idJO)15d62=uk!>z?TlGbUu6KOfSj)Y z7x-c?BzI4t1$Wr)e~+S7U5+Kqe4u=F?UD0u1Lb6u`55}<;hU0TyWeT$98WsgZoIuN zAHFWwRWG{qo?NbL2K|bmX_bx0rT&a|>e`4poc zzTMBffdG{aX#aZzCf=B)W?S54_@|MioO``wEH!O8hPl3S#kWWd`t_fimc?&Jq|wZr zFHGI-Z}W#QjG8?CE5!WL$}c<}?MSkNAx`v{N&PmYI0^9Uv%sr(m$sb|q4ubR(^HOw zjSr`*8*OJ4u~sIIqBfI|1~!#@uCI?ZxZQVjmYvv`?EQe25!MR!e&Q^{7&jSCc){i4 zQG58%<*<@-244j@f1D`{2b979#7~QW-f@LVM%OlT+E!%s3dEvO1zT3pLMo#f>+Rjn zJBiGfI3(_Eh&zrhUbv5c7J8yyaNU!o~;J)-5r!;*Fy2 z5fl+Z2wJF0DUj7oeVqh}8*;Dt|G`t(MXxwvD2Y&2V;>>4yvR!zi1@6OA<; z*$zd~+yf>?^ceT03eN2%dAg?0@2%b&hVNy9hkw?DwqZ30-3LYrhh6kFd<_y{cO7g< zHb2P@$g``E^zA56;Cg6gax$dUs^kt~<(+4Fg%~1JHu=HsB|De5nXBcxj;Q@bDgLOI$FBo>+}dO5+vP!+K@-vO(qndwmer9UKK8*$6u#bhxMIu7nrbhW-PTBO3ZOu;qM zbG4HCVDpW(d%@V|cDOU?{_14tR9sW^h++m!TPOC#xaB{ltshL{2ETW`*i!~$(jGrH zv)`NxH(ZOw3}k)_u*;&Y)kVsd!{qszRD$ZKc29R;=6_P>c1p9h!gLh1_t#Pg%f@fL zt<+}mAX_W5Ra-5?Z8AN!I892XA5cRsHYpMunbQ`fOjf>9Wq}Y4ALG!3Y?L@CY4VWR z63%Q39gHAxKoyk<(k|%<2$xwRb$Fs!v{8?P&}1eE@K1LNhZ%^(zj+hNw%TGB@!sJH z^c>mi{G-?RzkU<$rxVOY5C(}!wA5rNcHbvV(i5zGiO$zgbaj z#JSF)ZfCu&Ud5ppt{V3soaSp+aP(LWCNOxKyfqQp8jXCNaRZ!g|k) zc>zTZm1f3!sa}2W(H-rdBJ1@1R~bGgtOZQ5ra2d>^g*Gp5d~MQK z#J7;tn~1K-pIZ=7x9yQT@iyPVxHiEg!Pt4E#Nz&XWu3c3k{L%h1d`d>X6T_0J(GUV z0qZddiH?x`84|9|5_$A{@CI|3f{&%=Gn%TN+Z;aCsp(ZLzE-u7&oM#k{U&D=zT@0m zd`OZso(uoEqdS2gH{V&*rY!Kz~48}UN~ zuJfv%MSjmCYk+)-ws}7t{EQ#FFaxT>h5xXK%!m)%+dK<{qL?i z0-$&0`v-8;E}xCJ&w|;VQuUx?ZHeo0^(R1uyT{Uf{p>mf0IsXL`X<*voXdhV^5D6; zeq6um0^qF#nj5!3^^@0D0;*T{(=%DiyY)Aq47mXV!a%={9V&!pusPbz7IW|~=IMqX z*H6O5&qYZbuc(I`_cAKdk;U< zHlAh|@2GAMpBbmsfSl^NB-F{*iJkwgv=cjF1aiC2B`gbQ1@OQ64-n?w$slxJiFA7b zC!ZxL>%f=B>US?u|IcPJEVAw~$+!4trRHg6YHI44p&EE7O(XnYt@}3tI8L%Q{_H;k zWa%u_u7T2Z2~fpwsUN;abpa?_r_B8q9R9sdrdOG`!FT=Lcd^}ffTrH=*|G9mtHl6N zj_7Qi*!Y%TNn`HO|EJEC%r=qqJ;Q!*xPcPDW1nVDUWtQL#X2F z%a7`fS?J)d*!ZQH@2N{~4YJ)g@K@2Mkn))0yJKvr*M*p4{OH5^%xp=ggn((6B~jj(sq!=c0}>L)2KX|j~itvwRKWcb@g%tFRlL!6S)wqgTcn< zD7!!Yye`~u&dMptna-41XZAW3RuLVoVh_m>uglv#z8VgZQ>Mr2s)oX?(E0%+<}!#l@u@ z2f=fS_6v$0y``l9g-)25@m#xPRId|Ov6_~~k`{7zoc*jd&Lt0{VmvRz;9W8StjxF| z8qOEh4}l}rZ}&c4$2>UhTUA<&P$6MNOzTqZT1d(jwLgUCq98Ey=*M#^+*+hO13|r;dZD z!1Z#MEN!NOl<(NGJ-f~?O!OZl;k+;RVYYU5X`tq1h9?192rFxQ7Ec(~W-VKC*o1tu z_()F99F}X}8t>!;WqZ5K8o)lt*(4mdIp`GD&9~{$bDj^EEISZ;i|*8O5Z8MD(Tz$_th;}y}cUWAY?&SH0Ibc zX7WHkcolW$=agMgX|;IjEpd|FlfN$3tG=1G=MU!s?u*BgP0U%;VNN97V%Ual1o}+5hO`U3fping!qyF+468c;HR2v+r8RBSS-ybTU5QX z&1o4;f^wpL1w6ohV*`#mTqRkBmuptZQF~~#ObgZ^9OzyTw3Kk&SHnSa zPIX9h$dOtULfiD8`CdQ+XeJ#)IJ~mS@gZpl1A<8!!JQ?Bg-jQgNNRcfE#^uIRU(`} zvdWt@@$i|Wh8^Ou#XlghP&R7@PBWt_C zM^Ipvg;r}VGF!vGGFhTM8eu%Lm?6kTRSfT^nZK3SR<=GBX2eA{P1@X+_8Xjd4FrIYsfnXoA&HO&(w2EZurP z44GpLz^!D`bfz!Md=u*Sb;X#`>FZZw)*LRizGPynpcI+MWn`umILc&ufwlSv&V>zT zwAOND2XZoA&ZtPqAkFz>`rVFwako6M|NXPAMuvc{i&K6VdkL>f?fU$E`tduhTgf0& zXAM?z{GIi} z2>9Te)&BK7%QF7+Af6a+kaN_uY=42n;V`pLv%J7+Q}gM%;#q?T$gXYx!LL8S<|dTr zJS>QHZQV=L{yU#TU=`NJ!F0@p1k44|aXTDS7x_c)^y!cs>g88-uq31tu-aZ(V|uJIeC2$z{r@oa7C=#kZTmMM5)x7(-L(qRji6G}-66U3 z(k$JLpoFjs3kV9xQXjklz z<{+;18V8$zfFcLuzK!U;u6Zlh5R(3xV*+5Oy#%ifS=XAKSKPTx#L=#sRF&_%yRQGD z(X>3YAApj5dVg@g3tWJ`2dT;J2fl%ZB03-i(PS2JFgb&m zZHO)S`%Z$tmVqYb<1I7SND(r@K{K;CCT=j!S2?xxGy!4p+G5gWZt=C~*mwt!o84Hx zc|?|?3+M+Vjt%eI*p_W%S_<3<#B5wXM7OnxXo8vsCF}AOEIoUHEZ88~^TFbal#F9m zBkKd|)YpDk^lb6R*W~_Y~IC14A;gZIF5S3XyDY z@gWj~4^>&3=t{R;#O(#S1d|QvGo=eza5Bbc`wWk4UbEJPQZW5}CJ5`KC|~V;Gix(H zN1B;t7CNBWM4?yp$imkASXe)d6IRA79_8*PFn4_N=g^-*lhPrxNjR5Yx+!4wU})&9 z$sw|M`f8TNOZ4i6lsj95#$met6Efk)6v!+}y=s9pZQbff67~+485{)DPpb;gJ2wNE zq$OEH_c*q>V3uBW*7G-0o#JMBqu3E}xZ|JYOscoU+7H^^EI)a}8!E`j!Yn`vc^m)5 zmtR;p?ls?pHtMCbAHQyA24#u%*jV!m&B>Kv7`a_CLZ=^rt;$VC4aW_I*gfrM=H#=!cz{p1zUBvHRR-iIDN*bOd zVuZHr>nH;NiHw2vrap%wJavCE!H6h$32BOv9Gz6~h&*xZd!D#NYTh)l z3#Ry%hY#`N>I@#UV}LPxy$&>QkQ=mSLL`)JV<Owb678|2 zbNV%Azqh@hQq*eHYcs9r7}~WaK#H%n)D+7>L6ZF8+?Y0*hOqpcOrrBVOvx`gRZpxs zQu^)oH~Y!VhcJclABlY1nGGZpz8jV5d{z0=B`>01C$vYgDX~OwGK+fCE?NjAckNh` z>lsF6l8o6!7ni6dx3MaTmlo(+x5UkMylhDs4Qi^i?8osj5Qb_)SwLG#2t!mE%%Sr2 zV0=8E19jD|%SMbg#pir`6DxH}!h}3nee8!O+adQ{JVoEJYt{y;yw9WPZd-G;0SpHnWc>e^p-Et!?W@gQX^?H$c!5GWnV&mO`MA7&v$1V!a=w!RJVFx;+4Fi8mOSd&!=EZ~5FKaqj?H192O`m6A0vnYpJJyzaWMneGt~|85uV zZqd17Sq&NYZqU`RA&bB*xqWlXNdYgWZx<_r7Vn2NK+o!#jahr=Gi8gB#PHJp*AoL^ zXfvR};YxpRY`g}H_uG>Sr+Y*MX5jvL@c!*W@x4-s!SUh{7~_48aj|94>VL+vX0-RO zdH)ZQ=q$z}0LOZ{b_@LDHikKXmRDHZ2F#L9)IIVMpi8vu--EF3ORW2`&>H?DsY54y zIzUAw^~dh`(om)8f3}AC59>yIzu+}Ds^0&zGeDg*tOM?GSaPpUp;C+IE^LUw!~fTy z(oCnKOWLYG)?6Vwd_N*p)V)~_aoEd=WF|H~H$e>f;C%vDal9`Onx(vsoSDO zd`44Fm6ZAi=+*C)1VB`v7)bY?Gx0Y#oCaCb3py!Q<|Rt_CYTBwp5LUU{6u7N40_CG zR+oK66q7pq_^Fn&CNw;Xx26EtpcbUGT0dgNub07q7FBI4vqR)#@pbyV^IyIUmrduJ z$GeDt-@_xnos7BNuRU5D13;>!A}H|jTy|%{MO^S*i6}kqq|EujLnW|&sf(TD%wzHM zrkM4qn4u{8(IxA;)a6Y~jzP2}nc%m?UM)(ibSq_RaE@XMW955Y6+Lg| zM|;=p{BhxOy$br#2e${BSMn3Q*LnNb`OIz;RmI3#zPbQqdk-?Dye=W7Oaw69c1S$N z3mL&5M=L&C*G4T@gTAl?TNQI#MAG7OYim`3-7>o$Y88|uF})*8P9xKsE^16hK8_%6 zPPdZf=j32kqDC>)sW71mNQ?TH_#X17lHie8v3zAyOO1P5771eoDcu()e{0@2gQW>8 zSx4Mh3f3$o z#XTv}D1@Q!YGDT+8$}-a^LGfXV9dn^2D{JE>#{sQM{s9;^X<5N?f!B4Czbsz7FCpZ z>gwgtFHq1xbg*<)7?*HdEG>GDp1yxRu6agH&O?EWhQjH@IuzBEmj6s!sTpkE+lQ(5 zbN4;_x$TtA-rxs%naYi;OR04*1ahm%CR{i@G$OvvuzBrqJ{J%)fiK+2m!>_M?*> zj#cnHT&y1_vrz0?IN!4L_vtGV#m;lp5<_e#rFnojWZicxH$R>KxcIRblq#_S@fY@9 zC03tL&iP`ph&}ZHwe4{_J>C;S^>$DCQF`0PCt?{HoU%~_yj#`wvIymo(AA3gHVgzhX3bu1UTVXv-==*fVs!RTAcdWTr@(DtAE z*B@nyV&=xj^%aJ=KP@q)c(P|x>8KG!8-b8O*_wj*B_*MpCPoE%lVV5~F&h`z^lC2Q z`g6^~=|FizN#igLfc=J7r;zi9IT$MiDfB$jfb5flL)i)(49ClPxj@uNU({a%WxMyY zJD)+=%r+>+gSgPgEbo4iBWBqS7m>Unm(eq>tq(2_k(H_G`=s0RSW;KodtTM`qjRcXheB>wKXBK28;Ezh?!?vjH?aII$ko@oCu!`P%_r`)318ss-&HPd$WsFQ zF7SHji%S(iN!SBw`5ezA_;4ocW68TaaUi#?`10nu#cxICF68dy6HrIB?m07tKM@5h zr^Fgzdh^P`A4pOwx6*nFoWB}wpbnGoeZ`=i)j9Wb zvO+Bp7jR+P$arA7PNwh(IxQ=Wy?_lNScFYkM_|Y0BvaQw(ET2*S7VQ1+_|}-Dlo*O zF~2}6MLXMPe9 zq|Y67;iJe11d-+&#N-~9@KNfR5~8JoN4<`Qi_Cn&Itgu#=?C4Fv;~N)Lilh(y+mi6 z?0egMvZX;ebbB^~d*&A$8T5d$YMWr{!Q1wSFr~;W#7x@yu@BTP016EV2$)AJylEE^ z_EuP(AQSAZSGd+M3HA=EsPKOuCi2`-_VA$bQ~m+pIw^mG&@SpVn5#wTSGwf#=j8)5Ju9r>DVe?BLGC2>0WaBinmrU6f`RSsM8qMuep@ z?JYtmE5oPq-D6HDtj;RBfG|SB#@Uo#_~}#Tyj6^dNTW!(*vL3`8oluyFS##I%&>?{ zl}F|5`KxGgtY3^$*{MtFqv!HBiO({p<}V*h&Tq%fd?;9sA*dNmwOmBcvMMqJ*V2C{ zLO0O)%l50HTBPc>ftilYQ%ViL7OPFp{jZ8M^5q^3eDx*uTpkUjSuR!Xv>@`W+H#xz@maz5R9d>OB2rWXa5 z*Tp3jArJK!Qer#NwakG$O_f`h1EW{l2{1I{)3r&aMuZB3s$$<(Fk=(5kVT)^Gx8R= zrS}=qDZZ+E!=x*WU9x#ewG5$3>YFRYV0x|QN8~q??Ign8^%@;JsfUR|eAxz#+ENlP zO<`IU{!!T^&6AWCn&6|&Q>uXEaQYR?Dr4_4t6HA^z;UdQ7a?hyhi_86=xm^XexSF| z@%MJ&Ymfa=u2k>+x5HghAU(>7`!Y7Ods0XrlT4FVdGjjo-P!Gr?dV`2fYfXZbUO^k z$(zE+RMeBAUm*hf!5p}a*PrK!jFsK#G1&5S{d%2~S{Scda=}iW5d##vOafD}aVx%= zj-a54(;(_-s>C{Rig4iUniV%#fAapy`J5J5&06QtR?FbmIcE>Uzo_D@2f3^b&p20ZWB2aQ*l-|PQ0AijvGfY{a9xi^j`>|t&-%a7TbY{kOJC_% z|2^2>#{{~?OkZT!g|yxAD0cimoeCiv@y@@u3|QnXR1#9I^LBSHhb*0FXU}$5Zh@ml zhw0qgJbm%NpO!g}2d9rdl~wh$SWT)kVri+pTjl@gDg-LyiMK?*|17QWo`oznE~@=A zofWI5a-~3QFL#kAv<7NdwR;&DAni(n|D4kle<+kMCP<~^p<%qF-=d^atRR7)m{`{y zzX}SQgVO4$h^V*caqm}eL0F7z`M!!MVZuDlO1tm==XWpkv>UTM3{a*SbM1WG`x1vP zoMyxWyV+)^KU<|LxpAwEzWxJg_Ief9?kxmKTBiF2&$}%-<05{Vyf{BUs~1vBWpLj- zUpOioHiOQoeW<_5Q}nST>Y5uEJS!&^Z6H4 z#tfu6IdW?Ee%`^3J(FPo!u z0Y&|dtyd1b9`4kon>4|yPrkvBoP#iY22R5uM{}&zIM}(&PiMNi4g&xwaFs|!T_Z&b z3KpQOO4X^oUH#I(HBdXU#9?r5_9w;jUkO`$X|Yd<bM1pdpgW;I#UrJQ+agcXF^+rrnNyMjeZiil=$E$(s6N%6Tuw$Ot!!RvOIT4`C`KD8e;Jro+-D8-PhfqM|0p+6I*g;1tWb}2EDU?@Gj33Y zw3Fvbr)KohJ+C;zWdJELd`D$HRDC905x{%N)Q4+R!(sK4rG_#t-OwVEl!EGso_8`H z<0n!*MiM**2TjH@O9@SS#9F;h^sT6})F2^J# zrNlBSLn{AG{i81zxXRwME>##N-lY7mz2i& zFs;~pP^zG-1B@otu@)s0@g#12&TT%*T-Ki!t|AwzuD_T{vgZ93*;yz;q4Yn^{6AZFs`auV;4v#gIoYVZw;bY`*(WX&}bgM!Tz`&EJQb>)?lqcg~EG%CoO&^eB zVc}S6(WjE){vNHg^VrIh?_)F3+bmxa2pSwkC_EqQSfH;b%u@WUP)^Em%vg|oP2CVi zh=Fn%8#B~jsiPS{P98cM5|)fPu9-U|8WS6O>1<4BT%8)c%%vn#6QAKRvamMeJRf&q zMOk7IJ9lAA$Id<;iB63@v76VNGpXT^z338EC5dhAXswcY>BV^?1=#BQM0N)?HK(eM z&oNw`OtSp%QD^t`H<=?=8IK7wD6oEcV{cgl{QK&EZ&m<~{CQFER?+s2G<1c0UfQ87PCxp(pbaH|aUwc7ws?L9>GYWeZqs>FTOvM!Uqe>1e-^zUjLz{l3M zuF&uIioa{{0;T^)Ji9mF$z=}7?~N9qfylr~xayuH1Jn>(1`jqG_WXb>!MgErF_Bux z#Bo(s)iJ=M{dbGg{WJt3Gcn$}czJX8O?tvs!f5y=TwI(?X09B+#c%CBvDtG(@3EvbsCH0w&&~Y< zOdZGWf15Fk_1|e8851)iUSaWxx5tSQ7AgdeBrdgd-(r4tV-2&;@qJl7*{lAEp8=ZRY6A=y0&>2$dAY>;=exals zCx`e!E||$-Fo=wh^*T{D9~&zZcvcn45x3Bp*N5#PEXpTFRR*Eds*ZaIf;YZ-ji54m zl}u(b7N4;dG4j?qn}mQ#zij-Y_pF}L+ent4kK&`Z2L{YddrO#VW*o^|j}$U~u=R<1 z_N#x@uh#uLLSYZKD?^*ho~tPnvh=FPg1>n(rhB_LnI=BbQ;SXedo$@F+M!}c!olGl zElK+xCtyDGJ8(r#p3kSyB8b2>K){-sL zG{`=3ldZ!dV9)>9RteT%;o8TQOrxbM4tAouQuZ?%Cy{!V7P6 z28)J|m*0;9^+x(_%%6V>w=6b$nuv>RNH(2?89ia4D-CKR!oigFS+jsN(vXTa(Xj&{=)^tHc{5GRU* zRXbw)PUI;(`-UXbST!_2)0I8p=2jJsw8SOUe}>#U5v%~ye?WpNF~8_j{*mCYs$ds{ zH-6#|>~zRcU$w(s?wF-jPR!(zCvtw(g_x!92C=hh6DT~4smuY1j}nnAr=`_}r{Wc< zD**}dFJV|+j)mp;X*wNB6V{%yR*sa1_9%(U53`xD{8mflr)O$AP;wg+5;2z%!$X^2 zaq60{CdD(gjoX~be`RAaFeW~4@#83c4f#Vga-!;LLcG5Jllmw+KqRY$$608vHy84l zBEkMFEd{UgE!MMFEFdKozA85K3-79y+`$G!)%UM#C@Fbk7ztZd9qc2#i$SOfyRAH} zVe}G@xThxeyPT&g>sb#O3lWviT3Y=+tQ(=Cr!)c$;sudM^iFZN|4KG74X{#gZ~Hh} zR4T$tiP-Lb71pUc*Ul~O4JwdJ@lyuonKNKV&StYW{6)l((WV-J+h+UuU`C*VbYoaq zg?DMm3#i$?dO>>Sw4)wni6yr!ofCbxI~9i4GKB5zdz6Toj2H~YDOh79wE4^S(T9c- z(%0&%{gM^zt0N;Sjl~l`kVV|NYHMm z=?-8+-V;q%M1xnZTko!OPYmvf;D8B#m6Fl)b-RHUNGRXqyr-({LQWJzPH;mGa9x3r zcSiG$t=YsJKqv-B5Ae@X_o` zj?WjF6ImIrqdG|AZVdonKh15r4@2L>)#DAC^0yl<1ONSp6%JhGySowITe8r5l=*#j zz_sNPohs9C-3Qc&oig>m?nj~L-o<(VUh~4W`Q6pT{r-F3M_D~#9`Ntx@;)mbbPv3~ zj{)4%FYndBdmGBB1??1knE?onv=HA;060DbZTUL~?DioSF(Fi;u~OcH0eki9z&$qO zrrZx)m%PWAFM4L@(z-SsdYWzA2hs22@&E4cb?X5^>-`qqH9rqPU4j1hq8Fxh2Vnp= z6vztz*@J((ot>Tc(6oU2SGtb{V(bBsAlHj%*Se$r=ecLI!GKw1_#rF{xV}~2d&+r4 zD(9I)?Z0}3-g_u~(aZS1z&KZ#V|12laCE@GpU^Is+PSm(7k~Y4i<(I^0{Sqdb}@6L zWbW;%T%Xk@ATfVk29Vr=qsw+)37{6IZJ9^NNHKfn<5S+cmnpT)*yy|2v2?g}_yb9;bE=%emiFDDro7mTXz$VD zkBxUZV7Dw@HbPk!topUhsNc%O(aF^Hc6s#bZhLIro}1UfcH{eJRn1d@Q0W;Z`rh7b z%XU1XGrrDL&G3}> z!F1voS!VyhSA**;}yVP&VG)V5lmDc4l=7FP~a$MY-vpI3hh%^?Wn8jyo-*c(xcCO za*o-vLnx3*e>UEEkcI-Q0xZiRHDC%J3!g16P%{ar<8S98>2_58uHfSGevu7Dy@wzR zUv$y0_Gc%VMQ}?Sg|E@}^b&4eFT2@~^}pa=g+RK&6fDVjZ~;O&kzWQXDQRR0q=IBB z%3+il_!$x}1y;TaOVX2vXDOpYNvV^`XgQy38~#$AZ66(!u%XWA`QVUeM~^T{yx1uy zK>D&g#9wc|wfo~crpz1XxbB{N!}m>dgj3BQa|j zNP>d+!_$(y9Rg_mw!io1^yQ!o9S#;&Kv>%|2mGZHV~}@^U`aJ{93ctit?pu-Q^rsC zP%hT5MiV}s_BXrZY*LrAC1rNt&?QYy`SLDd z$xX2^9mp`|Imvm@kwwkUDtYhPE0Kg)WMSI)?^7l|+|lXEv!R+Eoj^)*{$y9}@}OHn zdkq~dx*ES-tFjnjnSBa#$y;hs4(wM$S=jT!eXK&&nxi?-inQEhjiV*iEqo_>oXGtf zcDGYW|LUah|D}1io0YK0v)LpsSh1kvfthT=<=HVpY*5W#)biJkoBxJ&*M_vtS}&}-AsJdg1Ats ze989b32S^0ob=L+kw!eWM%y030PrO^{rD{#@w-IZYGa=Cfyy*(C(xK)wvk@RxVF=n zF&>(Mo?CT~67MwjJrueEs%S5huh;k*hvUZ#ji%K)d5$4s=BC;yCb2uM_o0?C@VGqF zbl<7-!fOfD`lz)hYwG3stmgm^ue5}O|3N!0(8Ys3o&w0KM{P4#@n!!D zHhw-K12{p!`&SE$Kx$cf;+>h_+9&9&J1!-`tUo~4?)+r1ocr%D(ABh-dx^5c___A< z#bPI8cQzCv9a7l_YywjWPeWGyhCAn=)^?nf(CT0}=u_Ztwn`3N{|y40Uw0AYFbe2~ zx{omb;#@e~gWd%%SXZ_Usn6IuADZoVOjTVN+-(*2c>jPj9d_S$0_|$d-$K4E4@tJ3 zIklbvolw&|H}#&-?3W2EE2ru$N4C73Wwpx-w~~Q3D|G-1X|K-OQ?qtH-k|mBlihI3 zQS-i8#a+AS`gC9Y)s`p&LwQEU_I-JJA6au9TAHc?K%*G5K->**+;Bw);I6=v$Xr*+ zG&%!F?WLWmETBgw0(h)%O%x${{t|#f4M|R91zhsf2BK$Lh}MTJ=?-)Mkq6&SSYJK} zxy-0L)o(f}0GQ>n`+mdzw=?%AfEh@@NO{YaUPZ%x%k{WP{WSph2447Y*7qvU>)qOg z;OpJ(=7z(asq@zBxvU5??gJpKaWq?Rkn=KOI9MdT6)jxhu)V)8v-$Pq?l>mUcah{( z*;ZED@`o_@hAsF+@qs_xfXvU@m`+*X2&F;eu>jqp1Kuw{CV-6D#CHXP<{dM3J#Np9YKiwW74g z(aHRU>)r14ehY2JJ1=g^h2!nke=l?Y2|?-~-YviTnS5}R5rWpqou1{$y;Lo|=f0Qm zF3bV9>W`xJ<$tbkWNdhi4%!1GeBWpY`S_@A<5?pi+ z)md)7ycro8BOU4B3K z+I=@m-o!e+dj#3L8Xa7(g5-E+tOqTu&#Lry)Uz{7q^`4pL}dsgxEb)XSi%!TUtYKy2tP$3YBJ1a3U#Lq>)WMa5PfTW6-JfgbFqn zRdRV~SR(PP>Kd6;QXs8`yE6>*;gvr3{uc5tBzPLsydf|8ay_$o&3Dq)3a^-;3YiH% z@Rtq}IKjlIH2Dh33g9ZxE3@Y*NV4V^W>E&_5niWxDyyb{4P%1CqhO#z3F6WPUyIW!_#VnWV(k;?2WQK2Zb1JeB-FZx5Tk-r1cn5 zf3Sl^LETByQKy)inM^Is&>0!|iHzrazER|_VE3KQi$SaK6|mVjYfV}AbPT? zoj;FhUuHfxIyyQh$HpIHIv)9j&pw~ID~^eYIo;O-MoTA`LdNgjpGGE5sxtHLK&~d~ z#iO_!EKa*Zp>6zf?^5JcT1s8SEM7O8cqNCvb$HcB&(CpjFgAXG6oscU#1dy1n>9w8 z)w5#En^1%O=!E;N$%*)fuKpZMAM%plYz326?yv)27E||zip<9!ZtHq2nn~9XSC`Zh zhL>BKxKWG(U328?2!9rz=z9DD5^hC!-|q z?6x#@7TU>&%o~3;(vv;u-7LvsQ=6u(47ViyIOSC(i4hyySW)F0H=5tdYctEmLHptlNC_ zkJ;EzAL}+(!&C=x55GP9kw5G=4n1yRtwtQp2L?NaK&AJ|S=nv!(sYzl#0dC5FJXuf z4?KhGfFWcY>h_!15PF(4@(E*ctf_tZg(pYm137w#*Ju51ejwLN^IiGeMF66b_i$d? zd;48Dz3iOFQGTiMo2jU0X> zwq5+xfmLr9sJDIjE1!-Rs{0{Q+l(RO!-wZ4O&2DuXMUnNKYnO>3&(1bfeMiY1*jTo zAJL7cmYx^|k=L*#ggMuZ;>kYBQc>>XMxg7F! zHWueDuu#(Jq!7V5C@j!!{M77Gj|jYyrgu3uTLj|If)n>e%Pk7_mfNPPI5WG3`n1jn z!O1R|uQx^_@lPlusTZV%GD~k6HXAB-+N$sphbqz3!ep_GSQqAKeg!F;CfXt~PZBX) zONC1~HX^k<4kw7%2t0)rL^8+KoM54u4Nu8zFf5X1bH6__5I)wFhV@2hEL>pmQR$@G zr+nmVH!BH8keRF(+W}oYNfZ#yKv+`(Q@uxm4BC?;AM)(I+LP@4PIHdM-%r7WW>44rhJd0aHf2l1yM6#re2>W zkhHS52Pu1kQ8lV9PbN?BAwU_wO)P1UNoCiF+`kx(&&JeCzB;!=YbmVsdz7a@2!6LI z@Vu;N*pVjFT*pyQ*rS3El8jPDT>v|DM-YXS-nw_o54bAXT5p zS^v>kSBMIy&0d=}8xfmz@dU?xIP8(j#SE}Q;K>15-@s+a34Q=7ZvK?)Vv%K1sF z@nO$5LiJgYCy9)FsMC0e1e}O;0z$vF%{e|s`LE?{^(tC!ZgI3li7CfOuNQRgk=1G@ie+C}tcjR_Lnu=L{1og+zxe+HpBlztpM0 zTs5`ug$3B%!`icVm5g|!%j=mG8NUeUAnSWLf{INJYk79QwA%7#vqRfn_cyt`{O)Qf z7TX9pSB`*vWt&cFu9ARnhS)sin2|w5y~$YRsMQM=q&oInGH}V4#A*s*?NG{rHIM3P z`0z9-Jk{v4iCFbnah>n1<{$(jGM8TI8=uU*}w23+ef zB_(rRZ;#ho4=C@pLw*(Oz=nZe?WzWJOL#s0yY%{U0Bdk}OIN`4Xjurp&tkFc9^-GK z(>0pTng2QS-XDM8)fX7gnPGavXf62fP^xA_=<+@Dt-zvO_x{h>ejyEe`;0p$AeoB` z>zTX6f@FF!J zZga@E(v)X#D!}Vjs$kZe-deQiflgl&)Ia2`DGM?yBX)eT@?qh8Gk{U%4lcp)OkX`p z?se263i(^*0cTF-Z|f2jU?|e*Qw=(qBjhF2^n6F>%~+7G4oB>F6K^OEmex+zwly=3 zWU5J3n`7j@hjND*aHOADD<2q90>2LRp{*ptVCnXw(X|kQx?4a8f5I~1M>t^dU{)QjFCzBf0V}kUw&1b03*DB7aJl}9*r@R+r*I}b+=%{&nExVj zenbrUm){NcOHv8sZjl$2RYb4e{Z*Ol5w{eg4h&I7!3tNiKI`K80OYWgX1`X++%ggYLLi@n~zHpmZD(F)3a=E~x z|E%qhQkt1Dls%dHc45tE;XEj}fjiH*sEhfT9C&@T%RHg~@BE+D`JBMEZR$G?hnl2E z=W#`QYJa~w7XFdu%X_f=A;Q>+p%u!2!K&mwC#EFG+}J?Fq9@=b=D<>w^;D2!E7s63 z5$pFKJua*dZ%a;&ta9D_L52oONx-|DCJ2KN7`V`D25aon zn;K*pAY(=lye65+XH&a%nIGOPY#_|jkYnRcBSY1_p-TBk#tz2JEHdszq>u43{P~kF z>3MY$IIlFJBf227AQRjNko4MdPwRJ3&#V$tGFHZ+|}${5i0)Y>OkB7#3!1S<@+Eh(izQgino~CcIe$ z-dlqTR!SWq;{ea6IE^eL3a{Gg6ypu>FS%ZzRwcL z1hdJWFA6T!qKZC=7v16|aFz!7>Ip+3e{d8~W)owTziq+#%AhfFnq%WCQB}I)}b}Ss9R#$X=u*1<`0Kg88n9Ja&4aUY9sH;p)E7HcgMSt~B`| zrx1$E`I!5xsya#-`{v3i{G*_|4yML(;AU|yId7_ODRaT7cm2L3R3q&Q(Exm>gnlFA z_;G~RlKI6#P972HIlpqJiWy6+N27}1Qu*O6I@tHp^Hq_0204+ig)7^N?|#`kmR+Mi z<}zx1#E@ezBSa|G$ezPir6t(&QP4X)H!fVo&iZEU3Ec$r$LI&)=H^$Lev4~&2 zgH70yQPf>|b}>H(#y^gUT$Y*CYWQXk4vtq)eF2+s#=j{4yuC|Biq|PfjrEhC|Ff)2eKb&ZN2;A>u*9$0=h-shx%lY9C^RKCGEG`M z#L~@k<+F;(2%Ffg>1Ms{BngF2yD}+YjpYy^2ajoW`45KO0o0-0by}>5z?0&dsJL zQpLyW2%W$|Ff7E6vK*T4NFD?+&2OV7KWeSCD0ntqPWw}(cj6qR_tp`bKZk*e(maWs zz{=uQ?)5-agP0ZeCwefhdiC#WiP#(q?K)$%V!WtHu5fEgk0=Fgrfp)%Im zAuI4HoS@%F_;MsTG=t_!?|;cl;TO4$B}bS&LHddB(bEqbL<~Z^*J68kmzU+G%>~%q z1<2lm-}p&Oj-BHw#>h*MYG!y0d8ViRXtU58l$vc2dHr6aLA(rp*YUEHEbh6VlI+=h5IOE% zPxFEJ!+KS4x`1Fz_S`6j1~D#vLPXcMj@Xyx-?yB>!V-lD<54^eZR`gN_4ViUbVSz1 zJ;>_ubj)@v@}FWh8R@3)1_^E6ki1q#$h9;u{{~jPg|Zqfpt2Vp8zN?Te!kywQ{CpI zfxedBy?VEi+PY@avIa~7qP}34=t53w>Q2M%EE`e6neC&0HlD4*RxMvEYe)}BZXIE&ZTy*w$ulep@f?~oi zv1e3Cj%YMofVA>KB&Fd*X)OP7Lm0+{NxhBwz&>fYF|rI4wfoowI_oQa6@4z3iO_{o>OlQwjQrM zk$Dl_ROP6p@CyT5y)F9|nr=%fWojqtvZSEyyR$*j)>U@i;GxqAreihHcell@^>-mR z!>#}R2JAKanwq*$8Kn5<*?eM8Fi}Q8(T&7LpR7a}c%H6^{TOeN(QM63rS4z)bM!}% zL9&Ib&3S(jbvisX10TMQK|hx9Uoa$2wd9VmHPu>&^o;6#wAmD>{Bjo|bD5jla#yu* zo|zHUNdTFJLw_sFIjTcOKIg;USI}uS?z#OvSdV%`{-c;LA(jn@NWJwfo`8sDe;*d9 zFA22%%6??QtrPgRaTQ&z5LRqM`4Kq8YLX?lRSJAI&lR$wElb5mA>^mOy~2At@XOKt zry+gD4`d=IjV>zs;sj%=0Xu<=ljr-JIJg)mm@-c&ue+#n%W_C4AshQ@aRbT`=-iN4wgf(yQie3H1Jm; z{Rw%&c0M8kZz(xF>Y~iaZXa#A0RttF^^V0l=Icu2^kwG@voO=Iul+kiz-T3|xVG%s zDOMq|H;zhN%%J4&qID7kqCZa9jw8wBQ)xDx{vNNI7j++<0!Jt>ftMC7SP$YaEto#P zOFZhe9%v~k;iuVM?086t^pW)!Y-TLTY6eC|Udn`9 z9b6=n~icS{PSxW zQt(x*n@ZQdZJiR&Vh}@(js&CY!EZko3LGnXQuohWIP7ywyMH-Lt8G+YdFPzS3pzQ> zq-KeG9lBuz1Z4b>e6>UD^nT8Mz>sm}gbhyxGHEPZvtXYqbUIzi$X#jRfdz~*O@w8Z ztH-v~p;~A4ZSn`YjyCsg{b_(QVf-C|)EO^#-RMYPQGnGkH}f>#PgXK9c5D2J*0{G) zZJgvk%03LQbaHi}Hyx&|LT73}ar{*$1{D8=!vd_=bgxu&Lq*ps>eXiOXsV=?YI12L zUa8uQs(-H?2<6yosCe05&NDyHE6bo5lW5?L!(0YOGq3lE&&-x?p9gGXSzx3Tb7Hyo zoAFb~*6K6_2mhq{5M4kWA2B9Dww&gXdu3idYW%d*vD!3I(t2TitGqg0d(I5GX3Wm% zWA$(m#fFdiR_J~WBaab zPZ<9^`y`Bubl$NISUvx@{{O$jE;~~0vvHX*|K3$_ zk)4u5P9VqeU&-N?z5eDH2EUsYT$$@$@{DNY8@_xNb`A_BIr_0?qhF|AVR20-mg(HV z^1$(`a@#dWS9q~Ww+tkhG#x%BpXH51$8=Fu?iKx;#e=2w;fj7Nf7vkqDEGAAU6 z%y@pNO(0}%3osHf@@K0U&8cm)1|kvDCSdBpPgvh0h(U zC^v%tInCE)opsfv%ht3iy6eD>!s1hoJnz1JepY+f%6_S`=ENW>)p&JZoW#?jnp;gQ ztEgWvfNPt-`th6zBc+jx8^5Y*sT~(=JzGx)GPnPF2^YkRL-ZuMR3J)UrDriK*hJiW zzvmE@n5Y}Os;ZG!KfN6)T7xd*l7wI&zv@#hM}Ng?^47K4GE|l7X$KGb?s=_U7*TvE zVQO&9>#`k6(`X2PtT80q_ubK0TNkw0F3Gs!VRQcE2P&;$;)AO}VoW~fqP=m})>kyE zEQ_Dk1Gkt}8+SeSTk`Bk_FRDI%hgv#n%?uNurW{Z;ww9zHToHsv)k-+uJpR?Y!+g1 z-$jd&j7Vsn>aT!6&4d+SgHN$5m6?N2jKrw?h+mM=7AtI82IzzNP8VH(iN+XK2U{37 z1n#B``BEWyo@z|ob9`*u)osP_$!F~xGWBSEn~X|lQ)|i>%BHfZ>?k(JOB@zNR;Sy9 z)2k)ns9iR{53!zTYMY?F1>XkRhEPnLGZ$n?5WRJzE$z3 z3gJ>@VeE;q)VQ^XDh{uhOoF)QmSHFm!(l*P0(uFmFY2}fLH%_$Ke#12Qt^ZS8rRHN2%tO={bbSkm6_u;v3jYh@l+*F)ODfk?oB0~>mr5wv>3M=LTNvA_z5S~`J?;FAm0`-c zqVaRL`aq98k*9B99o|S&r9Kg>HkaNfu5b33rwB5ciBtnhtw2w3Xg;%?_4jt%+ICmD zN~ios((=EH*8lnWb|>BBZ@{dbo3{`dK3w8SG!TIhe<9V%Va?&2+m=&kXGD%}H#*D< z#5B~r-8?$_HxU2Pq9tJOD8OV)cfW<9C)EUq6a4@|rFz32=r8lqdwkIWiXx|AB4Y~u%X@Ahu1^N~3Q)u`~ z%el_9BC{M`R&EfZx9WNPYZyy}K_L3emcfgu{k~efPph4nhs4A`%U!q3s{u3T5)G}& z+K$=toq?A+U0Y^Gefyzr{t2l3r04#P`IA))y)jBWtz|&8%N%1cWjig#j}N@P)_aRc z&+ob?%9x{VzHhvC7}AiD3UMiseb{Nh{hKJztT&Tg`>hL7HxJ{_hdxIc@1I3qh8~Zd z(lJ@SkKs>N6$+$3%vWK$d)Q0#4Ka1yEq9;eFIe~{7V=2e1KC6qBKyOI3~@3B822sp z8-uC_P*iHxO-ih>!>md;9G`QX!}lG!of>walDt^#LZGIjtRdmnW_>hZdwk^?xi?O= zkkUzkm@p?qRj&o3N~Hz@AP)o+R8)rO1Q;0w(zc9o8=o<3!U$cCC-XzRgrDL)%P!eS z)$?ocD2OV~hnF9D@MW18xEqRs=G75}3NTs%9DGf_@k~Vj;^GT3iCw{YJ#FcLlIw4G zYsR`C39{aVYzguX|KP!fonBRbF#&mj9o%w79N7t8Df}qz8%7JN5amD9;cq8;3E^W1 ze@*Th2UJExu0H~C7nRN*iMJbQvWC${t_+u>9#F+tmU)y)>}e4rEaK2#&D!? zR9LRJZQ+22tbb&fk84&L@;U1|XG|eWjXyVLu{}CGw4OhILB+x(P(F$puVez?*u#3@ zUus^qi^Lz%{5{}!(fy3XNBrYBA_0{#vO(FSh0+$R9>r*WAc|)XP_gEV3VQjr*xdU! zr?AXHfy|Ld;F~&%-x&?xPy}oT*H@T3k@Qg#$HJ#ZY=Ez0%SRd+!-^OMk^xsFq^PqnIFw13cJ3w^B5B>M_+vSF;iy1i( zIfZ?iK{bwWSK!9cCWgQ@VPnuw5KGH43S0Z|cjJil<~jjnxbkb^#u4q169;*HFOAJX zzIRq8J+>g;v=w{H9l8m>xBkNj$)D}#@AW)B#=d3zv1GVKl2Bw}6KZP>>jk z+8_y-$`*eyT&DkQNKd`0v6?wDF<|ogo^F+?yxS zU%ogAv)_9@wfl$75kr}`9D4J`6nwkOl^j>NQo%R>NX)= zY?w+4YwSxgjvlyg)qir<^6XV^&n7SpI(giFT4lZx3Gs7BKdw&GKYS2iV&XR(+kqRW zNtRN@qwGb;N-i%b$S?AIuTc%!IitPAzpkstB%+w8ynor?qz-l^NN9@eU{Qvd|Y3P4hqf66m1;vnG&~3YjtYK zNWX!RetXEWrIYW*)p;c(w;AJ4Nw z7nSMIb#^;b>W`)fgl_o%ytg$^6ALZ7$4GV3e{@;1ZuT!}*O3WQ`_pyn{vgC(>Fm1S zVh*{_`WfKP@H9ZV?ai`z3)3Kvb3U5ZjR~fo$x6%GImy zs$~cZudDT-A=H)Ner!`9e<mu@T{t&%KDNbe(2i!4&<%`$` zG_Dpw`4`6n5XUf(4GB?1`!9gP=Juy@gkZd2Obh@D$q4dpfiAV<9szYaJZOqdS(o_? z=^1ljK_GI%1o>XhR2+xMEGVAFwC9wTQ$;V@t-Kn(#QA#&HdU9`HWl4)6A8UkBBJb} zgddP;Q^8qLM(?Ab5wn5h``mQufFD%6ZR&!UFbQ87zT>9Pg;I0x%2i8h+KaO4dBkYQ zifPPOp?Q|KX%^1H4XDp-qX{~+T=GO#)bATe5=t(&Um5kj-5lXu7Snfp!5bE&`^lDe ztN`W?}LoqQh;nsEpvf{a5IP!PL2+ONVr@Nl&seNz7iB{QtD;?Q%ym2 zLP90hkWWS0aQak%;cDVW-$Q40b~Q~IxG5(e7x)%0xTjMUybGeR)*F94eyP4fXeAS1Kffmsu<`CKXcbYAdOBF?b5`NH?BMv+rAPKb}n_%kWF0V5cBtnv-RwX=NYl&(*jb zjNcl+?xoL00E2VqYRzPkOwDC7Qxv`I9l8rc^`fC>4|U+a?@AS$^D9pDs9ALUM@U?4 zTLQSOSLE3oCot^N@vHeIQcgbboGOV*8aw1YmYfjR(J#_vj;-|$iq2;w;imKhz2h~} zaB>Q#xU#h68)ZYap<;DbxQqaw$W5S|D>6Pzp?IyBF>i#Ohy2st_C>QaJl!9u(EC*ZDT==plQLIF>9Seq$(4N$f!&X?cNOg^w?~+W zKW~oAbn?hQbuw`iR?5$@ur6lp=U#O~SQQ#QDEXsyrttrCb*gwKnq(2X-{`Osrb1Y2 z{EUV8smU17ZW!8igkbaU7-=aSqM!C69}<2jsYKENNJ+70g(r5eE-rjR+j!#xN8x*B zj@o!|$+ui=voXgJcwTM6=snR#A}j@_a4s53Snl`Lkd<7RE<0Bgo5;F#fgaq{*XhyX zqf70zGp38h`{_@yG2vMUiq3VsFi(kQG?UHj@amFKvs317vFp^9=MzE+CODrtw^|$_ zh6&>or1kDWR+yAjaHLN~nnK;)*O&2Jo>TMH^zU+Ha|U>Ib+*z3qMGi}hce-tWoewo zTBlf&K#ULr*yUq{!P(fwzYb?TaD0QDE`Q=M4b%KoGRtb#{N)yE4t@0wQ$V`uLU82j zGq9ha073`{9ZtreB?@LpVfg%+nqx$IAcG|I|Gj@dIOx>=N%YuGGLCB%8~7!-b}`mVq^ZcMOpmozy*!W}XN?R%l(T8bNGA2TR%5guD^&%LHDx4tY$j!#s2f$LqcuVI{Vi7?mBX z$`|IUb}B!T<^1s3ijpxB?$z@;gGAt=3Gv((vwO3VeY3n+@?wRI!H|2u4wQjwdWw~E<^03M3cPg zvwark^ZBLc%ax-Jk#cLxB#Em}JHO!MyEP0HuJJM`qk8ob8km3i@DNF@lGB|x$h2aH zK%3GA4%P1#wG?32FZwQzj2N1_+C`h(cD9#kL=9k}A08DgDf>u7t(^Fby(_;p$he52f8unLieqP^Lr>3`Ep!p;plcRmECJ3@@r(Le9z#U5-nGJn@!GD~%~ zV*BD|KUa;+m`eqKdTD?j`3OJnw}0msEIV%JWv>SWLQg{Pt^~64%C+^$n@beD?0o7n zGA%NOExvFZ!a}$OG@uq(Mcj$=9yJ>q0dHHMWkU<&p2=1{28 zQ;Ien;%;QsZdO#`icJSNqGnNeySFUjZvpMTFR2P1deQYHO6&X46CsmOoRza@JxL zkk0~Dy!^_1Og)Ax{6y}gjxzVv%vHW%P8m>kkM_z{HQ$Tj} zp1I!nyo;raTk$yHRU}e^6XdOkbmnS$U3lEAVcn1ST%BGyk_Y;LjE1VTczxVBw>MG& zu56HBsty<#m}ww++)0`~k3YiPs5xoIVv}a+z$z zpip?c{`1PRPj%?nOb~Tx-KdiD5r@!v3Pc6}ySWI_uQeHLvB+=Sy%+13KA;Z-8G zIJ=A`ZrNvR%5n#VsCFoPQL_g_v3=y)h09qqt7n2IEu5?6T8gWf+>n)K=}&P&61FaF z{4(~GtYF=TjN?bvLjIzGoCzK2nKlk>lD@r|jj+Iy9r_eT2}6tc=T}%Fjy#|P@XGVX zPA-!nn=Zb3+H$y-h!oXpEA_x9JDSQiKws6T2abfa2SR-3x;6@g9N-2y1VCGw92wOE z`ld;#z5NZ3DC5SbgpW0N71sWn#<{eg1jgS;_LdJHk?8*@tSqYy`Mie}q)*bS$cHZ8 z9hhr>{SuL2027TfPVzM(3yHr}~DP`}0x+`Mi^AA!(19-DIMfGTF?bCl?dYYs-CP9GTVn z6g+1dV_K*>ZF}86bUk#Z*}Y)d?e`n!$nwE0{$LdU-^cB0&ACsCA;PA)<=yZGBr(~G z4k{j)syCD$H|v&U1LKE4rZ=X-+;@lNBA=~9$)QL%Q~{K9fc6+)FDtO3@~SJV zkt`6wET7l#>O5k}<21@Dk z=RbJ2vxiImpF4ElB&{s9Rp>=f+spSvW{1`Kr$lr3menWS^u+TOX!FF zLmW?>+h`5C1cE#*I}MpAwO1b5z_ceAaGqBi#cYh6|Gln0K}xbd-hKx&&J=ygr&Zz* z=p{7~FY}g)GQ19GE;dZmneBTyg*rzCW=UK~+fZPtQbMl3#7T_FyhGEto%fHf5|-LV1$iGjfx-}v;Y zv46vx2D$ym#A}or&w=;vX4?unVu$%CYqJ0Pb60>x!U39OXpdbcgQuWFbiegc`L!&b zXR%yL+St75T+v^w;_L-!j}$T4*FGK2L3GlF^IRo)dZJ1(8Lb|aK7T#Lsga*(#O*|( zuJ7r}wtl#VR)`4p5>+gQK)GLf{ncCGKM;MeM=kXXZBb@u1ZoA@Zr7V-(0^ zv%)J{EKMN04RPFXSZesvL%RxrPQ{eq-q?#h{}RHk4sBVhamyItV-NaF7wEs z8jb6!)2Ly2YvK}&*p4q7S+uMuYOoErl3CiY6Z(VLTxeg86DPNCc?D%QGe0Yx(L%J) z%jEg$rPgmufd-gDZ~!Qz&jl27J@rDO$E5h01UCc|G@Rp`lp5n8%8_=#y!joDABz@; z&VRYv=A?!mliEY%NUtlvIU= zbo=x3&$VPxL%l|dfnMSdvS6h`A`N9_JW4{TUEuivg})z#KOL2Sj0*W%_U8p26zp`d zjr5#2ZnS9PD}hhQ#Xf-b(SBL6uf@Yq-5FA~guniO=IQ@$yuN;4O3q~t7K^3Fvmqe_ zprpt?g(;-2jlB~xs)6Jx*N6R(K=D%S&QxKaeK&&GhwRA1@yddY+08(_LW{x~9fZ`d zeybQl5O$+mF1bd*cz0IQW01O;C2(cjTOxakEGx8~%Ec%`44# z9dFb)x_D+K{H@8-hVlKe>|M-5`o>RbbBdzGavc5rb*^9>kfsNKS_N)uUak;{P#~>{ z2|1|v^Uvu1U*2te==qoKzk6d&Q)tJ$*0jyn2mmd1;OFV1v+JC#4Y*11g1co>b8S37 z<%<--Sn%*{r#v54P~gqX=}DQ0^g}pe^nm53vHa9`|BlY~_rzE9CDdE3W*wb_y8dN_ z-t1#`9Pje(heH1nc9)c6KN;xwI$v34DvqmEn5q{yygzze9rYdVKzh9b7%iQxCah`G zXhDivWQxwEaq4gOlUA52aE>!<81&<0eP8HoLao@bw~su~EYyhzW6LaxuP!h?=~La~ zxRBnQ*Grwjc*DCY!D6PaUu}W_M=kR~Qu;|$Fl_GLM)ead?63%v78L`#MjEs7gwH_o zLU=k(EmU&Z_DiQEb*rl9=DRT))Zsxve&CPXjSO_*OueS7Wm=#)+KCwdOHXSWsH~1kdNO_RAHsMRr6RheG8u zeV+F*O=GW&E@~_p;%J;V4@qz0)sSE!-^-`C1pd@pW}Xl4?`_ZG_DwqXe#99_?_AZG zHiY>%F7x5B?13AXnvl2T>%hwD_l5-x4-jY+i`Q}79KO(+VFvCzZjmCSEow#D_B6s4 z9PK9Xn6gSF>BE~RC{Yliv##wb< z1&3#Y62lUp4CV_fkgAHz%M3|@h=^f&oDJ)VRl6J+4;yhgdClpK4GOxB1L>&wFFqbFRZnM>18!(Z83`k2DPq-uHVgx$+`$84X+Ppww+)doBq5s>Q_Q6-b1 zHx++6&kMN&#f$dnfyF-Z=ocmU^yV|YDg@*pTaP)x9`&7{_iN3T9XC<351xa2j{DQR zxBsqf^-DnVMGrE7otB;#R%mce_4f5Z!(}ehnnmuw5Ob(s%hQAW&Y;t+feADLyM?|% zjO3G5i?i)1LFLp9s@)y!c!pey&KSMHt+@x~)T9reQ6Kj13}3qc-DZvZ{qp^t6;JL1 zZz&|00qxM{JjL!jPM4qW#U-qtrT{XJWuPJJQN$s`xq>r%6qy(4NyQ9dQL5psoC%p7 zC{Nz8;8FP36D8tHXpq@OXGTMbp6fJnA!13enNa$XN^J*aWaOES?d`H}FRn4;SvNCR z1+Y}EZ&(q;_;Qtl+_sT@Tvr+7+k4>if3FgW-j$L0iYJ(BwBVX6)zisKer3>J`($kk zs7fox3V%81Yllk+=(lE9WG-dJqXkgcC4O}I^0!BnDmDI<8gn+y#pi+7ujYE{{{~JW zgl4yN$qzlAyoyYWft^N|w+6%Qs`ffi8aSQfC`CH6Vo|O5a;k+-2vSGj11WH?E$rBzV>Wel?9gsp_V(QT5gDZY29Hz=g#vqUY2~pA zTk(4h)r#)LIazh(7$77xB%~sY>JBikU5|`pWMm1>LX5OZwG5c_`#Wu0u!L(=T`q(tpJsAkhZQ2r8kmBnlP1&$u z8CoN&G>6P$4l%Lan;9Qu^2?Q_J7FQQv#>*JdBHVso2geJ{}CBCw|>>E)7y z%77vx3zZ`y3@7lOAXZ4UG^)(|Da~1l;3U?_^oqVDDO#h`UcJax!RGmg5X2{Pc-|mK zL0tJmCjwe5V$RE?jQG#c%-~IFr7-KnUyMe80#K1^S#mgA5HMJ$0$p6qVEDsupe;>L zedIeKELnS-PxVd_uNRw+gtC;2y7a92MPbuZ8hM2Q34+M1G7}DuNR=4Jh$br_D?`*9 zXc#^H4i;Ad1fArBg+1M*S<*hUy6TiEEvFP25BS!}SA06Xv`NWp9#h&_4xbshRo$k{ z-CJbBBLu(rB$1sc^v1(4Ten)=!ck{L{Otzi_S6WrGl7TI@7T?ETa4QI*=4xASUgG9 z9oProVQM$7kRCp%x$iOBG?XTJj<&9mUvhU=X2Mgb9{I9?p1%l>2xsY^o;K$MAG)4@ zvwPe?Z$^Y;i}-vrPO#d}hahH1_5wejWnqwP_H#;Ue;6-~hAKQu8%KfW_>GQ7B$3p# zCp_akAceP?KJVsN`{Y?GD4wn6=a2*u8ar+ou`9;3QR0IM8*sOi^1m_2ovr4q)3oDs zJPhxK|Fs+!(|EFD5lAsygw<=F@Ky0M1L_c|UpJ58fZxT1e@80B$V|Me>3Psr)@;>7X6WB3lNgN(cj-`h8oS5R-BQcEyhk>YVjFwE zcLj1ojtAnK(<`!^Keo%>cb7a+R!tP#os~OGKSLx7PZO3`(&kZ4@P>gmxtNyEX?iga z4psr}-Nn`2)18L|quccR6P1UL@iyjueR=Ee_M5BJLYmmq+cKHA6@sKQ$ATAR3yqTH z-jBtZDW0Q~H>b7R(eg^}JeKlP$4Cshe5>uc0CulokdY7HLHsk`?WIO(<9O{B$+VSPeYhg2tw@ zZnaPq9bu(t;+QBAS2V<)pVCd8U>>B%hn@a4h7J_QqKoxhMdiGBY6i7bAK8dgv%L*3 ze|GK@-vt?M2T26iCWk<&tLEvv} z$*N_;{`_k(+Sed^2BDV41#l*-@R#!lOHx0}^l-vtU#BOZ?q_f$bxd_a<^k)AO7x}eX0%6tkgc{YNHpY66U2s5nTY|t?^=Fon}v}w zWJ3mI@4s7h6_?FLZ@q!{eIhdwa9g_@b<)dWZ@8YHJJ(gV^YeXMi;kdvm3>0vCCVa& z;Oa%?7)$N8a1Bp)l)(CF+~78tetl;P^rC*s@O#u1JG?430%>5udp!J%BVFoELxCU6 zPaNc>AvB{GiS$0Erx1~R7ZSgyR9Wc?+U#Y0dwjv)>^bWGH7H9=^ptiqOGCAbke%EH zOe$8XY!jzqQX@w>Rs5rVFloB$l431}#n;`XyL~T(4Q3+`ara#6jR2>M}$L46^AIbrhC*GB`)8iWI%d2}4yQkt|D$VX9F*Oa)W6^{y!QI98Cqhd}{)w4CjoCT1mw?mF2+d zzLPh}az~R&#|{O56vb^JUh-o8+T510!5=zsLStX%LFoO53b$kg; z5wcs+eUn2$zMw*(WGs7XIdD8%*1S|{_zv+JIFa2YwMG6FHr7yL6#7r)=l!oQM)w#2 zOPRpC^W!7T@inZCcVSCqta9jhM4UXY^Lkr~Z^tK-PKIm}8FSMPG&c$vJ=}Ob1z>|TKfn`>Auk^E-r5^hR^&2m8hs4{&16uHO9weBnwgKE z9CeCxK8UK&HW=D!cs%ks*}HWQ;4CgW-|a)~KOac%^f^($Xo*B?mI#a>JFM3Q+x2is z+_qTLg>O4j-K}`Kk=@&U$>=VTa)HX+dP8Vz0Qqv$#mo+&(d`wPNVdB*#VWpPyVooQ2=azo z^EJmm3Z4*vqhJlbmkVo3J2Hw}--KI5$B2$yo9T*xt-4V#r3`7J@D-nk-K*Y5hly+=WjYQt?m7q-3xh{|&KEGmDxEX$a9!#^P2jZ>S1D7(w_PR2H#M zRUK&duuhn-PH_kNQyj!@y?P~voLXNb`2JG7fb8Vl-|8D_0XB^EaXpad*P^<*m|6 zH{lBpc-4-ge#kV-Ff2PC9^bp8vAVlnxNEpS``CSb7hkvOmHE0fQXw@cp>jUos!S?g zI1!u8e7Z|@8wgmEdVBG2Z(R0LoB~oRVGI~FiD*VtdcwDKkq=nt!>9lO2?Htt4{y` zIa%%Ax#xqPs6Qu<`-~CA2cTEo%n%tQ(^!nFfFa@x%(sY&i)r6>pSWlrk^^;a3V$)% zVrvk?peI9#(7|-a0T%?qs;9KVt7(9{Uu%u<;2K6wDan5jtUNQC6O7_&t&36d2+%J2 zD#b!SC^2s5>oB!1bBKac#L;*oqaFk#CVLLe@bQEM+mf=)riEt&>M|^tN z6M^!m*K=6iv^Pe^6YyDaz6i$8R}yg~1a&&Deo1gctPuSwdy%H6=cHDbX1KtjlwN8y zxgAmUJyunnE4#uTVsGgAln#o;pNzmKH70>EZfeMrfyi0JY{bD_N(gXzp}7VZnkd=p zJp6Wl&MD;7=ulj;d`9m437`>4UuDt1l+Vz8Hj%zr6^L}a1VPB3I-di5{Uf01nPK@AvK z1yY8O1tx7EOn&{Uu(BRWojyT$gr&5`G!!Au$RwTkBLa8Hl+q@#6+4mdc>o)k&*L=C zP%e&=E{foml9xy?J8g#BrP{eq8shjv7X)5S_yO(KG?e*3)e+|OS;tebYed7$;6 zqU!xciF(U9H@_XA2k?n9m4ufi^>kh zZ}N-0&Hqmc?ELQ~uuQ6Kd18G&!ZaCFu}B2civzq`D$giW>92AO=Ao#MXGW}_W9bq7 z=a$G-T6ma^?T_$qT@p6nql-=is2HEb;372BH2BzEbueylrs}od(dB9OhRv_xu<9$< z4R}*VS!|nF^n-7Ujh{8G4EDkV<8~?#) zK#ND6tp%h!0us{(KnBUdo@Lg=wS=^Dr$wu47H)qgcE?=a0m&h6_&q(O@h*Vk5e@I( zUB3$mDOr$2c-T;}+hB;JQ?+e4KqTr&VJn|oIW9ePVhDuK!jV#XGYaOi8ziig)dJws z4hkE8rLnPPJR~#;*Zxf70>V+9?0nZdHM{F`PW614i!&0DT#+kHOYTeI9|r_h?UDz; zpGccZOdiBe%MGHUo^1E0K5;R%# zdF(2R@v&BaXJj&h^|Dxc4Bm(1XuB*eNxjHdeYAmC=MOtG3^R}6M95)_8vWywbhd0h zd#l&G$Sh&_P6f|`oj)fo@3$z^$GrxNXO^LYau0m)myxl$tkIxcF(ESsB6;0G7a77Y zWC}j6lFF))kWnogY&NmDL%n?Y{f)g8Pw`BCcemxeO&XdavR4RmgYj%m#mXB(b$1s3 z3_(c16LKB5+|H2GF_uprbqE69@f>4ylck3e@03aI`{4b}E!M>6Z=9zrqDjJ`Fc>rY zp>$>-xr-UZr2G5wN0-MDHIxWfl>2f*7EQN1bs{)>`-oQ@W?dv|?a4jF$@+V3DXY=% z>KQ-I!2TU3-+u}DKy;aUtC;LQ&r93g+N&{R_3)gD2@s?ZMzlg&c)~|HeRvOtbU&M*#`*Uj z^b6i?D>-lSactOi9>4wlO`iW=v%`{Sdv`eSNYHTs=o8d}`=euPH9Zp!3*}uz2f=H| zdp0yz_7*9`l8lnt2^XoyGPwW;%drR`M*FqxS_o;_XW?)bDI;d92;!#Q8oo{cgI%@v z5=<}BPe)ig7qIHk>yIX$_h%tA4CHq$etEIGzqtL zxZ+GJT{L+&O^tz|=AT5YOV_WI>xcWyP3ZK0{#yReHKoR+9qVC>_kVOZ|54y{%Qs3Y zClY!%UGW((iN~!567-CpC8a#F*jAn63g<$x*hJHB$IAIMJ@3hx-DPqkAc*Rl(}xD1 z^1bI@e1B$5ktz%?dOj(Q>g^0vkt_KrwlddImf6&Oci|sg0{^XBoPSEDx zUG%McQ0CgyhFqf^clU~nZvM_q>Wt;Izw0FTvD8Kz#(>0YTd#3QyrC8=zb@{I5WH<3 zNvHpg1A_u3noU2(9RFP`BN`JVQ``v%{F#=bdNsJv1!U`a74PxDMZyhccOb})n2&%3 zw3L_c?+9^tw5JM@DON4M1QM0DmzTi-_D_si<1GbbH24sI{JJD>Rh1y-YB-5&mdk@EnjgnA+Q)d zg3=>Z+b1NC3yHhqeD+l*dafcyMOjE}TqA>Hjh2Z#&I7DMQ&6Y=*oLlBt9|Hh%QGSP>iF`$UPH`6-AnkC7DE_d*PUG92|iRjf(^?xL{gyUXSPlW_y>j2&c5!qs0@~;iK5Qi11fFs zSh;O-eqJ(K;)6Is${H%C!7QqZ7vIc6?k1?Ptjo>5I&6MF^#;EfelNrE&CC6*Ck0sJ z?bHTSdG&a#>VC12zX8`mJ0_SEcH*;K)s_h;$`U$WVYW_e$g%cHqu_Tb@>$dQu3{Q>AJ3MZu+3s~}hxsXE zMOex5iRt8$G3PAB_{T>BVu75ett{WcP&;ZDs`G5So>+~*o2z)MH-E*-H(1FRdRAOs zbu;nk6cuf1@ahd7djyBR)H|W=d_*0xn{<% z&IPLw+L?f0?o@klu|9fC8nM7Gjt-xw54m#0fPq9~I#Cd~r<)Gxp6p*2TI@#S}Rk~k9(7wa-YT+YeL(#x@65TS94}^zG(e%uP%6 ztL-QI`$CLn#W(xUW(U70=Ert%&re=y;k26iy{MI7Yizyn2yDm(lBfQj9b4FWV4a&A zLHw59n3i%%c&NH)SdQs@n@sDBQHdTfhqdxbr8nQBtG=WO}wu`{TSpVx{a-cc)d zu|qU2EGc?oKjvGK-o8~?P}2hctwEKXH`k7=lUVcNh8yr&03vwX=Ii#xqxRan9J11X ziTCl}jKsq+lf)f#kh-h&Z)Sy>zaaM7(`p$3rKO}z)MB|kMOfC&2YsnN8(3Qe0O?3W z5MUthMmhXReKhu4G{jz(_tYH-CwEA&*(&QxJ)V_lVL;GcSypH-IrVE~u)%+jqXJ?L7jEMW*N0(}t%+cSRsMBZ~m=d-xy{S4!V`k5ZbKhtRtOj_QUn z?(cn8YEM*Qq(#T4PKMb>kFU}nP69j`uF#|NaL$614=4d-e%hW@cq zJMzJvF<}2J$|3vmLRMK3i8cQ9Ix9K~7y_Xsw#pJO(M!_6W^MA#Ju>q7J0JCQ?mQ-D zgw#&|4$Zf|i0iI)m_{|S44oLiJTnuQ;rsDW@Dj0ZyTym!@9q|VFtB&t(Sk!PvB7EP`cwmS|il%V*-_}{M`pCoiMDEW0X&AMTrQ2O4fx}Px_%(0Bz0{u|Omk6(6 zdCllxI|Fx7&9_f%qy)&RK(}{$%@Sj79&a0ciXUqkHy7Pl(-T+uewL6f9zd*-XaPA% zw7*AVlqsc9l*dzHD=Tqnn&B1hE^%0$`oSH)AbQOg4pPR&JKB?iF!LfEPC5Qii;srhixO5+hHqN@tW!?PgY}cV5K+i9RKp>hRSECw$3|b{<9jH46BZ^h zi;mv-7hlb{dTxeFF~>$YRINM_Y4NoN;j^*0$e$XVu-NdHt>cHjNB68qmv38Ud3y$t zg{do!UayN5p?7YF95QWPT{m0)VpJe)KWVpiKYrn*OR=r7TP9b7wh0ntbq}v#yHF)= z9;sE32>pE69>)@_v$k?7g&|21PYQ1ibszEfSm>9Uy@vtcwn@n~`rKb#FM+EaSij-5 zuJG&6W1S!N#lT+NY!+@M$T@tS9YX+uC)rZxuhRP9ga!3Zbed`PZuxkhhCeKd8Df4O z>Hi3|*pekfV1mn+wiroNZd2mf!o?8jIt*0WgZ;nQ{3IHi#P&-PNnOpQ+AVUpicz?9 z(H~(md@Oj4E{h}~J#mLCW~4t>94QB&3Ieq(zLk#)ypu>WpSh-1D8~Bt7Zb`~5O{tB zqx8)WeRFg=`H+C0d_XSr7D3NoJFTjHbF?TwJ&-b;T8DsK<=%#;NxKG}KI6NG6ybyr zh=0pnGHwLIyfppxBWeFV@m*nJ3hoNdM4XGTq$R-PIiWn(HfYKo)`?2DfK#!sw>Hh; z6lD0+zloN1tE#eBo)f_IYkt}RB(d!k= zf*w5BF9`M$#U2`A3g zm&+}A6~v6&n(3DNBpYqVF<2l_`ZriDx?H&5MII_sQxBa|0hX;$07yJW69keH=_wci zQ_Hi_5x@VJ1J(n0&p3mwjBjSMA!7ue7;l}+ajYR`Z1obdMX`!%;UJ1B^9UJ4lt6Fq zR=)?h>)(F3G$@k$DVUF6+27+Qv52&>wAM0+MuoY!xMdOW&bTT>UDAwM6QQIc182n{ zvV(yZFrC(y^i35moQTHn9^PC@IV=4G!2js@5x%ETULL~7QdC)pS!f%w&kPNeaJTl4 zm6xu=J#wvX<0TbqhIpNRQ76L2Pe8{@P}AlPp-ai&|Do*#tX6?*@F=yjYq*@^@2kMC z6teAE1hB1`xsK-9oA$IKz+TnGXVd@{g>d??bn>qV`q@lX3t?K^uwy@hP-u9efflF< zXo>BpB!eg|ujndi^W~PnqLXPLLQNAxvVvimnynN=^J~~5{*~G}Jc|VATF9_(-%kHW zy5N&;1PaWUavi%Uzb2DH2h-ha zo)z>bR*#?o9#706PH#GLeAoGH*?4^alb8x`>8>&Z!8iY}+w3YaiD#$>In`$=X>A!i zy6U8?akCw^UBizj3i($Yv9H~jq-0<5jdfH7_z=v^W;oyNVl$E2yqJ*~-&ags-xMp_ z%>0mqC@q9V#%xnZNB+^nE%|0$lv)1GikwYUd%d^)Gh|IIC_d5ZCmXg_u`nR!AIoFKz%hsI3h~=^V;q1#KdzDekQ~OZL955?! z5llLV?Sb-_cm2oVld)Mt^gtk*OzzCQk+<6cgk=?&U2y7qYWn&Xa}3DH@3sA+qMIG~2M z?fg3x!r$*sSNj`Z5scfnzCsl#pfmWoFD|7AXqnGxG^F!H2od4M&SUaf^eGf4QUbTT zpR-$b*}-#j2H}bhV($#G>IfQIWUe#0{oZ}Tq^7|PbP0NBG4Us`3Ov8MKPWn?T0w!T z*Q5fXEA(Vp(PSiv8kak9RYS0i4@EZ`9#}wY2B2FmcEkY$4gPq1D1h)AUcUIl>GRUd zeHG{P;6q=oMR6LB9gtihd&MD)WJXv%Np}DESH2AayQqCzVknX*JewN4f3<&qHzP;Q zJOF`2tE8ny~Qg?~PBZWU6QaknC~&!W+r$=&U2Luuyvn&H9Ku&bAs4%J3~6xexro9}t^#N_GJXZXb_Ca&PkES`ywgxpB!dQZ zJpFsKPIE zg$5}E&e{C-I*j?3@nb8Vl%{2>Wu-=B4x|WyOlG2{{HGz! zHBRdk&$NpdJ-ibQYEZtQwvSU-f!r>~(x{O&DSYQHRgYx@t*gM7Mj222=6w3BDG3Zi zBxyh?zqN{h3p12KDWP&&X~xd3gl1=mQ=m zTJnurtgDQIEKq_o3HOY~EH*w@b>HuYs+g2ET^$;Csx1up^M${1JaJtNa zWY47(O*fCP0~awIr#=K9+&X#Xi))8eY$rEXz78C*|1fJGMH&{0=ru>QtEMd9%h;=| z;0U1TWdG9UMKhA)Q5atQywuqhodb-$*3jhWwP2kyUfNF1gAAo$y)DS^iRjEbW&Zbh zq=n}6i+Rj|vGg0#e}cN72njniQL1Wm>1nYPk&{gc22c~f$>LrOSsSk!vb{${8Ya!v zo>egx{`q?sL$=!Ga`9wI&jk9kK!Ks8e(>Jcr&*WeBYCl#DjaM#b!~3LAIwN$QVB&yEIX5RNSf@b#o`~-4`Y|_TvWDOJ zMrb;rCsT~i$+To@OXB(BH1KX|O)RMK;p{HuG;lA4I`CF>?P0sGOtsdlUsmR;n>T+C zpK?jY8)))pB^2I1cb7UEuXdS(-_(KcLvktTXlnSVLv47@OT+*ZvKYu6~3x07nn=&bnJ-r^i<%gs;60BX@=uEc6is^X6gKo$kE zfVF-TWNp!zniFfxtds+aAwQGdfZxyH23ov|7`%VwW2e7g?SD2L&N%3wW9*GcUNphs zhSIv((4kbQl}=|M4CCgHL4tEV^I)!1l_T}EuZs*;D#geTw3HQ1U?N%7sQhUsJk^p| zY>;QliKo@8-Rnm|+qymor%(&!HY%W|YspwF@T&Ej08SAp5tIh8vcj9W5ZA7U6oHSg zW|ptWR!|RwAg?|%+i^OQopp0%#?3Dco^jD;;|&Ax5E=o;V)fPeXEds@b$~$f!7Z1d zpdhhh@m?uzm{iTxzvF^F@#Q$%sMkUC)ya%8nze`@#@D2AfAur#1f3+TkOqKBv6>Z? zt@lf+pkb1LU3(S1bd+?5H4~&ujsZXpp)Qd%v#MVg$h7?3^znX3s)uhzP7I`q- zOXi3?%>*cWw$7OWTS7P8Ka2^4F`|J$ZyIvA7E4Knes~a8_|iPmxcdeX?&7p5McNUE zUseknkwR_Ug4UF#hacBT`*tZ~Zl`_#cZsD~SRQ)kV<$nc6&eygjgl&S)+Ri2_42rd~rrF1B8jQ(ORk7`j2fF`!8nC{>uU$RT@|fH{d^T#I zfUPfVSzQdOl3%~hWQV79$_T6fJ)XTHn8fqu!@`%g^ma$py*a~YOA(w`*yDI_1;x{t zAnphJxSpEWnZFVG&5P*0VvUm{us?5rbo?_T$#=@h8qL@H>(|<*_BTb%w&Q!dHL?zY zIY-MKpvHAtFx26UTnsqYBkYYXq2*MZraokm>vWp%sslagemOFcXlr|X_WJldLml+u z_xf3czERDW=<4cfkDM=>bQ29W-zorK*?yrPCZ)(&?jtLF8q4W_lc!yYES^hTfr%CD z+xp=2TorWwc*pee^m0}Aa-#Yo%jKi@wWGD`c|EL*b7u##q-zzwK%ovQ!LDQ_mYD6F z$7j)8s8~oDOmLzSzaWKsP}XvC$mLg^T?|S*p6^^=-JhhBLH4@uR@PQlx&t0|yXGcq z;yo2a!j)P!2ekiDm8GoCe(=R;9m~b$8##NxaOAj+*hYSWz-sG|s`1no1rG zN4T*2$1Zzmfo6=w5V^I($rtyacx!{N>B1U|w10|Gl?&x#1PQYjLZKv|GXBy;GKe+2?Ie$~E0=SkbT5|6SQ*VJwT@YQ+;H~FaA4WG z9@oY{D(bjLIihJcB#F~6Cn%r(2`jbC+H!m|mx>BBimxNi=mN`JKJ;OZ_P|75w&rkvy`e4_UpDn1o1SuqA~;lua5VA_H@h{kwfx zu(D=|`#O6j@xB>3;k-DuEGe*Y4*f=QPi1IaXq98L%rq_IoTJV?wW|6e$ai)nmkK@h zns!P#E{=ig>BmqeYwN!8%2@`uD8uv8mavbEgqfu-bmrX$^Lp=F*U!df5(oCqlH{+& z+P$4ptO_o=O+4R9JW(Z!@kI2>wULnVue1?E}z;U^ZOW4e4cU)8^u&h{uU$2Yb4@!joC1f4@5>1)f$ z{_gw%x1#ft`9_C8EGy%1R+|)Snc*FlG<0wM;)w|3j@DB;`x;@D0`X6R=|90}l3^*N zWiu8yIO9j@9NOGC1=Sxcrde`=TfK+lnM-M*IR%YFxXjh{T6;#`M>v{XICYhtR0+N! zi8*=zazs4a(4s=~U!a8bnLk~Y@z5J>M^#?WK|q!%{E=I*1z%t z*V#aDV*B3@g`6^Dl_05VnE~z9)A4;iTehyhXNx;a#|5!siU{Sdz2(~$#2^|9`eo?E zV;CMCVB0QJly@>O^|W6rN7)bQhjZgx{NPr{+ktvbRPL;- z^NHrxeYOB+)rZtn#A5102z2qdZmk2>_pJNz2-ZJC9q=-V>sHf+*Q_&YE4cPDA<^08 z|9rIeIG#Ok5^#6XBH-$!PUDfKG_+L+@Jxr`dCpw(Vb}C`-$|Hs`rkDSszxSA1YUKX z2JresmbJecCb_s&4N;^+?SQ{n^OaU70bgS> zBNcs*?Bb}9xY@1L8qkv#X_pD?W!vr12&5rvUMokRFZk0x6x!Rn4zS>9V~2gW7`FWj zZ_#ezt16`kpvb%d2#mo-5XP2mcx5D%QNq_nxy1O!hgOl|JXq`Prr!I}-N6-_??Ci*xZJ zYDs{$@+=DgjLN7p7W)??BvucGaY9&CI$IoGSd@CXyl4tpaW5ZS%tBWJiJ?UkRH4&7 zoqk~0C^5G#4jJ)?L`+oR=C%B*g}?Eorm3`&5$Sg4Bb6;1lboVunWk(jNjl zVSH6yV^z|rm2)Ke(}s!)QVMbhSj5r8n67X#gN_g00hQD6U!+79rDvtN6if?DxhvDC z#nD4~Z=-=~;pPQI$?c|2A73vYBuUD6VD55*$eyusQlBPZjFO{x0}G%bt_@&6$)BuU zO)%AQA$gx0X)YLnGviqK)sc|Zz<{A|Tx)cDkkzd8P`zTT!?67=C75z{1w=emAW(Lw zhF|@o&lHl4d=gi;`m}jD-~F^ATK}yyp~n9TDkqpwDiEZMLi=RTvo4S26#us1Zu2h~GqhKx*AmEJ zd3P>p_g`>NqaYP?CR+hryp!asrMgv2CA=#VYnK+!U0%{I`Q1Z}3dc~F&c`rrCqsqV69 zK)$I<5yJIfT|n3nM-#`1PjwBS#FCsh`v92iZ_5 zHBH}7Q93Cg0y0grfDx@P*WfD+dW~24zh<={;(nqs^~tu>I2O6|gtlLPrIrYGzxvwr zc|!lCWtY5&WpmaY%(Xq!2A!>_ z23sHZT6%u`o>Dw@=)hU z{dtnNNP0E?O%MZfON-On&ud2FE6NF+oYW>N2@(%iZ!UJuua`vkdTcmL#JYU$doEQu zy;N^+vEh!6dGTA`Vyn+Lm-#P;FaLrfHS#68eV;e)$LCGBH^azOUvp?q17F^(1zc=b zio^~J?Jpbrj5Ue|{sh7Q8uX0#jS<_(PX1MTap0;+V`MJM%7U~QC`SX}v2xM87Vp2Y;p3d#`zDi@RD#?2n?o*!gw7 zfQChppvr0Ssb&+N8~p`<88s#TEw^zkejJ}#Q0mB>B)2KwH^$~6!fEa3z!?uKecDnL zs(8G?t->Y?mV{br6XVauu@6uEXF4=Z_SY6}q*YY$jc>q56rM+GlCnh+LjvJO zv5J`bKkmZ+wRHPEEv2{k-5ymPm`^jQmL}v$v}ZX7@j)v-owgUK>As7o%xs#wUo-XX z^4kxF_O@|uu}=W@N++bi5mngF}Q!+~+D zM+U+dacqx#Z`B&BJN?UuaDPm^k7mCyDs3leISpcE$9))*i`iLnLs67Kf03c-QwuY6 zBX=0WLGLj0sJ-(+zmQ;%$h==WWAqR24DQ~NUXzVR8!Oe?z>lJh`lsJQJ{r3ONaO$0 zUlnVJ2w&YoxsWAA^Zn-|P_j^YR9A>Cbj_5M2+q|7mt`UnWELly`!)ABqPISX*&K&P z@B-HUCX>{^n>*YwR^6?54?hm&{6*1qqZtr4^u0C_ODYy0H)eW9($bE|P6{e(cK=;TXr zY8irlK+Pg;kepGLxhKCm@<*c!+|G5N8Opfv$zi$JxMj-V{y7%olaL)FAmQQFc*`KO zLaT;c1nYy26qE@0*p63!n;{=xegE`)DcF7gdMUm0dM!TLhDJ^1KfdNeUFG8Ce++u1 z5zLoK_^r5E&sM~KGYN+)k$6PFeFZV#z(y&xD8_vbcFr+2y%klcim!(CTO z>X_90rwg*WwWpD-@?9<(X#jJ9B1@lXiYZMlB|+eoY+X|mjdIkQ|I-YZq4(%W7jF=+ zt`u*;t0kRmp7XQ6bN9<893JOejmWao>)rW*S|Z?Tc$^`DN+AtY*Jxfb> z;O)GGQ&_y}t7}56aqAfl%T7-xtMh_fJT6?vktGZgyhdSt?Sl9;`rRKx9d+gF2tpVn zTn?D^EZ8EzV33khob(UIdZ)`}YfVjUkvAXSGbxm#%g{}GmXQw7Fcg5NQsp3cZsQ+~ zu52_v*t4=qdPkcwTM3?&nrWd&gRM(ZF!1j6xi&V>0K?iQN``sT{6BDM=-43@#=zOJ zYGM+0R-~qB&>>aV+n8HoNhq-f_Liv(i%uVJquYYOWZ0yoKKGC4-M}2Y;&doSEvHkS z7*((_ca8Sm*1ij0gR9V72A#cu7DU?w$j5Gw>Zo@M^3&k`07gVrYOH2E)<|Bb0uz)L zV=%I(EOIS!;aJt5-)|nCU&B(eS74wblkSciU!mnLET@$376i(PER=v~*zpG`>GDcY zTmhHM{KaRLO5XM2f-8JmnyH2X==;7`ajsjMDT-tz%|hjh^Q0v?4QD(XMMv^sM}_>P z{rHmLa!DJ&r%GvNlY&)nIoH?$dRa=5gYmoU;L4~-C_8Y5_^Wk4wj_!NmxflVLsx4V zo{^N3mNZ@Of@#ss&|xE%y>5S()mgyHrf<>q zGuaA7^DVX}uV(J6(fUX1bjWm=fngT14d%r37XUuTE#xnuZ}?pbX4+Lklj;f z(pgkK$~0ksfV7IEn)@fU$rR@p+&4qDQ6GCR;rx|R`et&LQxx=HxSJHnLLt8^!AvHH ztRx(RX(qWe{eME~hZDWt6j)nPR{SiKq$iIxXAITD{*(E<;xy!D<_Zf4>ZX7{HC(MC zPv7_M%&D-v5a%RaN=6X@EmPS^fnLoi#fdorw>gvd7(K~lqj{Uv2w%SAn#_9TIXqIh z9|Lx73+9--E-o;_lo=kBQF>LX(mgT-eoJz_7C1Dp#K)%fWQnIn%9FxE?bm`2~Id^@92a_P;NvBp(1w=zJ5N z&($X-&v~{s3{Ow#Dpfi!+yI9|K<@Ss!7l% z9y*OAmryJfRYt~|<6QP8480!o&Twhw79O?R&_by`tnkjzA<2CuHDy{cjEDGkcLQ7s zVDEU3i-sCr8a(lEbF*7Cj#StNeHXgEQ zChGmnYwKK7PDjz=Yb&k)gTk|Uc<-8bG)Ue3FI_NS>+Y!gd0}N~sqPf_;rAo#Xze7y zX;5)CK>P1bD{rd7FdB4ahKX7kGP(ruG6}c@#Vw2hdzY$N`)ot;GqHpoPL`rtgS?r2 z1KjSmp)=I+GhE-(2k)e$QTjGQ);c;q_y)NIxcJ?Ur>{Nk{#}*Ci@K*YsB_9Y9T+^( ztK~2e>k4%B;BRVv8Q*iFx^Yr^x~NntdX*b4cRM_vZT6?U#=uZNuRr7)fBqJZSwPCP z!WOR8E?vnIjAlNiF%~_7KKW!ZO3P59SD$scomGgUJx3ODa6(Dt2 zC)D0?rCTVKgGK`~`LlekCWfeIMf1<^*> z0z2yQnhVO1s;VO!LET9zWnGBQ(zCa>y9e)&p6pWvT}#4}tS;kT5^-Ts63q{+_!&uO zj&wxI!;I=fNK8tg*$lf1zz0=h<+0*9$pn03O;rXY*5Tyu=oy|kdXpENpz72wgi}-t zM+A$~_`!0i;J74CU!4yNI8S4yThS3=xdUpLp|ty~?(sj+=gpKpg~ico!m3jzpQFl;7RuvntMPRcY4!_;~cX z*SO&*m?=*b5o}{4(~N1q<#K{IW!hCccERf3CKc9UpIU!G4>4ormdi~T7Y{8VCb*nK zn#x5Y%#)8fJ3|(G6T^5gB5 zlFq!`dlfEVja&?%`YPlNIpqw^m06?)CR=bb+L^r3R1(2pfkzf)#dyLKN)=ronxihhyGvEvFsHK;hA!`xFP`(Ir)biz z&hJ+EasMiqNTqQXPLqnuM)L_l$_}B}RQ=+MawCz8g6n6{)jH2wzo1uL;LXy!YHiTn za2(Ux-TqzFWUYk%&A*w~wVRKtcm{S@mR)frjwi~8q_l=Pv7I^uTG~nkWVkZP;b$*R zpZnJ1gl<2t7n~7PrL6bxJ-^pi`Ek=Hse>Bd)^)I~&_|vIK8BSgg0V4@O8V~bTkQk zf*_y3q2pErnM!rFzm{UAI+M92vHEE_7R$$p!*Ey)#4F!`qU zrbyKIN_&~%rzcSHwUVq7M2#hrb95pGr1#5(bxW%efijfXjZFAT9Md;mHj$8)sx3eN zc%6Ya`PX8lR!M5IPrh|&8bxA&KXPskD**o}(iRz@?46I-zKapBbS z68|<0mXxkZQYHu6b4l`hU=fkaC*ga^MaO0yA{k$IY-wItrW+Et(`v&ofh^LRg&+1& zQ29V?7q1lx#>CME2eNzw>L2>b?TNv~o{Dja=(PLs=2D3pSJ7yZ!R#HW$zS%vX&hLx z^nbFVR0?wQV-8u8&9@oDJu7vxt4c{3wIWE%;%NGfMfiW%$xZadyML_n$yaev$iR_o zq%6W2S5zyAMnPkG6i}KjuTaU8K_^w>(+Lg$+hy~SZJtTiot$e1UOb*bVNdg%cxxTd zI{5W96iK&d(?ttyMTQRu;NebxcGn9GWV2z z%@9g$WzIPCPd%zIBJU>%hP;ZZ->U=vI20}NVUPJca`#4=z4AbYH8}WQ8I=V}I?yaDWL^CHyJ0Vi=6=z&69Ni6FP^v0J8Q53*8jc|*jx6m`ZHd8C# z2Avwvp%+ZR=;vi!T+oqN{t*PrmD3XJ5KK6m4e!I1PA8f^fzbFrB%4M!E@9V4M{^mN z%x3<(;y7WL6JaQWThNR^# zc3f5#F@bz*c9u1thx@$@-nFq2Jh%iaE4kIlQm5|b289+Mi(Il0i3nYqQvIz>f`M@; z82h2Wxn6nj{(xBDe~7(2L)x^lh%$BJ@rMep^milgK1W1VVinwLZfwlSEUs(Ra1IS#^We8Tf>+1m)fW}N(%9kjpAb})4G z@u#1SLg3}@GpuT<`)Oxyo@}dOFyZ6#*~07m_;OW5_6nn6atXBq8w!8ub{n56r7@#- zGZ?lWTu0Ma9?0E!QL-D0`o$C0&dNWYQcm5RYL#2r&aQYr{kyZ_qzbUl2rr?!+ux0m z)OP%Mx39`k8*5t===}hPK_G%rTPret0bkzmV{b`T5b&eG?)vAu`HsO03*OwdkB)H&+W+SHo%wJepr$XA0n8>4zr{s-@=v?^ z@sb~M&L!5Urm8Dwa{ z^%4F&xkU@saZ>+Y39jeqw^|S+t7vLoTwLxDXh#;n?)&++ERKbPQAoyr+Lm@aOofSr zz>Yr65m_n9s#qm`S%({S8m)@e4iR2$fSF3kHU;Lv7Wm#*t5o!TroRzF?)A#=$Pt;v zWi0s%Df|&iZH!$2@Pr=gS67rc$e!;eVJ0QlVgB(elBXuMJ98vZI6TxQN=(ujrx%uU zQ}CKI=SR9dW#i6zZw3j3on(sN{{>zzSw5WY-vfcxw48Gr+xEAgxB&FydzCd!9n&Sm zS8;h;jqH@)4ZKnm@v2K&(k_`NnZTy^i&D^?xB@|g^4N-u0;?~jdD8+9?_>&H2^J^r z+E11JZQ9_h{YV*m_wbeH=Vo!=_Mm6;mwim?<_Oo4I~hj zWs8)RnG^K1T_35mKU^@X(oP*+C4*_w5%yuuZIlo?qYD)iz$r{A?QP&!Ztjp+^`^ba z8xxn!`-@{E_U%he;`jXr>h=w?k^-g-KP{|X3@qs$U>>8FU+2ttUyE$onLygzok-Y8fh&dnC%y3jea>J{ zWYWX&bHk)H`6w4L@5!+%TiRNK4}ES=>P+7c_A*IQt%2U}Ni%e1rk&FZj_9?>cv(fa zSGKZOxP7Q*GXy*TpKIc!;D19~9nl%74dZt!L!WUc#prU;U`GjQuS4hS*ljH2pV-q! z^3VvrPoWAYZM_pi%9kDu>5?cK71z;eYP-$ozu7gf_E{iF{AzvT;fY}nh0QV!4Srug zcWUEFOXCwK*lwtJu4z!MQ*d1pGv4}L2gXtX)t8L2D@kUc#&E}_`P;e|cvTDJLG|PP+1(}6d_tWU>y>SEG|eB79j3YhJXAB|N+zPE^!NEj&A>^51jNU0 z=^1{R?&XD-bF||a8m*bN`1A{>y_t=Zst{ zU6}!a9+&&h+kH+!x0eID3630Pt{y(Z#wHSh_g6)7^OHwrU2Q&m$^zfYPo9tF*WM+x z%%_VE?KJB0mjiS02HPqRF85UP!~?{Lxx-P5VCZBd>b&fBnHsOEtf1+rG=SqY5Cl}F zsbuT4p+Ta3ubk!AV`tt!{R1EIE@;88f$CE-z2RwebY-Srb=%yWHVig1n%lFC^)YE( zf@UaRGB_v^;SLy#;DQ*6myWl58oDud#nw4Ht*@W?>(xsEsfb0V2Evw$D&b>iO@k;4 zu%x7oja_T|N;GlTE*WXQ?Nqn4sdqw~pp$5!lf*S|PVFPRB4Sp~-=qr36v0zvGWTEQ zT`qnuOD9M*dxQB0PGI3kVGTcpT&J()b#3fSyr(OhSi=!?Z-+)s{FQ|&4;_QNmmO~t z5_Y(DxMR+^a6R~EVWue}T#->3nW*7*PPw zdO^PolrdK=wfEB=mzSG|mjGhUP%Z`%;|PEQCTVX=$eSVAONm70_9iyerlvMP)|zmW zJ|~oYLda|*3nXtt77U}OnRJfPod32PzS>)0d!_3rx4^^M$9-ff=(aoYO}u>qRQ_Rp zko?*n^S7_7+anR;C+{J8>EaE}D2V#tia@0k@8iUmXKE9idu9@T0X2^`$6LWuLC(qM z`T3SCVmlENeY6is%0x3LR;sn%F*lBNuGDUDZ-)jLdG-#QKeX$%iLWm~PE<z)3EEIVD;?_(NL$8oZP6ka-Odr#uvt>22T{g4J#zy}1kzQKuTfbdWLm21MCX0>J=1Lhp%QgwN!pYVoUy-`_|V#&q2H9m z?(Ny=877$WcCm24IWC_b@ESyc0x^x({2FR*X!-DXQEY7bd9J&qyh$k{Z~T?UFWf}5 zhBute85EV*eaE3Zt-(+_uw4W?&>v;7U&F(u7>VM%zH<~H&&|y4MP%&Jon$r-E@bRl zE>2X(?{8%+hG>)p2p{9Vso@_^)TD}{jd6zyCX4y>ZU`AY5M1!)mg z0B75d7p;5ca#nnZvqg%MB4ISOoXb<+dbXd$)NHR1^u?&TBwgN4`43yiknES$K9#Vu z)hw((m!3YFV3`-{c_e= zs3~#ow^6gJP{bfe+W`hQn&f%cXP0rHpAtGvhcj{x$x*Lfr*vdyMP$eLC#7q3*m- zd2MTZWTKV`^87?mqQz+Ny~+Uh82yBRSj&vJ3Rm^hoW(tCQsUuK;sM5Y_wq#j{921- z^3t;A-()rDY3MCf*Y01Nd(XBjh6#P6cfy@{h76u;IEv?}`qniP38QCgxfNeKUvG?ZCf5nx zCU|8(48ysOUkQMZ<#7hC>3z>BoQ=5S7v zoTQhh_dFYt5WH5qiIho!rDPV#H;nBa!iIb{>8B?izxgafz02cs(7Z>MG~EW%#JQ?H z16ygsXl%4AW%=+UaC_NZSOTsmqrAZdc>iZo*HwI{LaWZh$vXZJp2~IV^0x6%>NSDw z)ajJ^lzPPMl>cpXgk>sU^sc2fGJ__0rf~A>vb_kc{c3*+ybFxH{byhf9zsx|MTinm z978d)+@w#AkfYE@PL1YO_XI@QiO;UASUm)SsGKOM4G2`CqBe?SU zI4}1Uq%|#6JGYg1tKz5~>g@EB)J2w+td}nE6Bu8T!MVDvZ`R9>lPR6{Fim~ zE@R%plijL2ABBUShVj=KAdlG@KuGn){9~y*a;1R-ju}rGEqpMQkXJw4got0X8j>x@ z+$gUQlX?3fep#`)CKl1~Lm=5%2JoF0MY2?6DPB`yKk~149aY`K8Q zLy7H;d_v5G(5?`p0CNsYM_Xr)mB0^+iH+|xyEk57YW_CgmP?Ub?}9zvPbw-CH4@0X ze}JC!p8ISFyyNZFa!P`W;{NUh0u2pV!L|+Dm$t+8dEZ8_=u7`rtbJzJ(OX&+P0)#g zNc9$dvv1EY9ei@kI`pNVVqFyVRXWBNEW9zRcnIF(^#MOWt0CatK@Eo_k-6O+fexlv zcrA!AKBe4p&Mrl&Ug*3@VVh>a_T}ZL9`5(!>^3J7aBJ-N;X7~4u`CO*RSy5*&W5t# zC8+GQd4eCjF$CT5CvmiG+gE z-3+9=LrMlr7|rNLKsp4*2vKr0qq`)85z;Z5AzcC@_3Zx~#}oH`++PQbmi%g8Xh1Anx`~DY^`;X?`i%%!Tkh3O?%CKEbuvWMjH&!Zt zbq%rAD)Qt!BUIb&Oxv;CAe1U@Gp@A3f}ehAs=NkCe9;4?g_XC$pGcYhR`2d*wtM2Fm!$|xNb!>0P3BN-n6)il!LE?N zXabGDZlewguP;x}ZlNQdb?Y8?Ju~m--sV{ymmESwt%9!Z%aQlF+Dd*5??lRO`fOg2 zhvNzED1gmKGR6iRnA`vUL1=e{qH|U|F{f=Gd=(pUp9(KZYYA0VjSV6Y!g0@w+uS>X z18&fVH*fXN$Yp}v-TiV+;@b@zi%=2MPBcu&F=hx1i3uO;J1oyEcX;~u#4z|YP($(j zl+k93^&mx%+VjJp97e(l#Errm^^^L%42$unXhfD})_gM5(_~GbK@Z5P#v)Pzk19UAUq>I^-z6NE z7*YW>6=Id-h)pa$V357NJc5Zc2E*7?Y@7w`;To(1gUh|~VnS>Jm2Muw^(1E^KEG*} z1NZ8lrry7eeHj~B_*BJeSe#q|U`=j0Lc*xn{UYegGzqEL;h^dFNpl$K^k_^@IQaon zhQ9ukS(L|=eDm<<)I!L}=&Sc61h!}(GRIz=&4%AovbeSPYt@r)+_8kCp!jVNu}3EM z=xD!&vUc%5(>sav{zm6{v1IlwtzHXZ6lxpN)K_ji_tZi4S}%oFkJ#PzlD!}3<|}G2 zc%gJb42h;tc|P-7#~mRZ7=(bvld`Pm#I&=c;|!S=hB$yP^`qtSJRcICY1Pi)8EWR% zE*s2LO@9I6?1M%mbk zrYBO94(vfq8jjsTuf*OX`C{-VVY`Gm$8o<-KgB>JW8!-omSCjq)Hyd7dpIE$Q}pHh z+V57)x4&Z-KC|su5)BZOj^OoZfdw=FM!k?0Yc*-^=(QE8^;KYz7aj1i5tgc53E@ju zQNV;{mzNo`#cpB(l1TCMtvv@mns=2&QAI4}I!=HZOy~o>qQgE4CGx#w1wDU`(EBJR zE_IuHe)^~S2uulD%3e0x5~LO<;e(L&y=x1}4{X)Vg2G&d7xCO|osM2u9})iM zAK|z1uP4@#Vr+(TOI>&>B<$TWlOq1E3zD&ZxS?}D5~PVTljG|_m4l!^g=XMNDJYbk zfKxxozO7)2u(A6wp^&KmV$lTd+|CpK&im;$+KDV|ED{pD{Z-h}h}Rz8F*ilYIs5$! zu1rkjwin$%*sadnFs=9hzg-MkeJYuEz(RfANclC_`RMbB&c~1+X_h1U)G5^8kBL&p zS%U$4A`yY*Wo_lHpbxVtP|XI7B8`S=xc(&EsN9(R;wh*Uj9*n{XtTUPhGgVj}tHD?tlR`m&SpFx8Hc>wtrP*+IuhYPod z{JWBnytBWn_mGE8V^`O5BM+8s&_T{8K-!G!N>^I?V-BrA*+b@4?dV+Twts7J2rDTq z`*UC19fzlHW&JP8pwexB|Nhw44nE(u>TJ8d>*0{rC`Y(|aSEB&o&vbh&&TIx)sA^6 z(J?`yFS<9O@d4ro>8VAC$*Y%>zKxiD=#6WTSh@G2^Ko1)d%(rNy^S;H2Bxd%T@*So zC`bmQeV)bYsarV%=ZFS!%*iDr(zUAtW$`|L;qdOH1Tz-gySA@1503&Zx%F$LvKOU) zh%xz%f8cT{mED3|QFhP?r+;p_hvZS^E^=p#wn@&>rz*C4YYT7&G9SlNWc$Tr`%&jC?$xX=`C z5+;fn+MAZ8W6X65xk2Cl`>{}?wqyKMYfM#)lU_hFD~i}qM_3TT@rfR$i8L6V4D4aC zwSzdYd9YGt0CE6Sh7v|)w;j5U^+wrwh z#dFau9_2|5S49~RatsHKo_a^5;o>*bx6&IJ#^zKkO)fy2KRRgxVs!35*G!#_U zX7e_v6yFJU)0}rQl7cCIM;v|!?V=v(r*5_^SMloyyc{bikIJ6pSE{U_a1RFICl zwA2M+kGQ$qZxUVV9WY&{w!>5Ywd2qyVZ+NlTIQMDXDIeoR65G?Wzn@kTns$h3~&;B ztcWC9mitJi!bUrJAzdfBh-0*WQ7?<eLD zJ>?#0!+<~W?tqjkvKpELYW zO~YKC$NBD_*H^n?3f{SI@m^|)llSQ$EeRFy-(rw!?j~#$imetaVeIeLu8H=(%OZ0= z$I$XO^&>S8WCQ)PRN0(YoEJ5B@M9(frnyhJG{Wk#a(nsJ9C(+%KPMo3@EU)c#7^c^ z8hiaOzkRDL?IwC$R2!D2kduIBj%CE+NYsDKMldL(i7)z;3iz2MQBR|sh*J#O1IJCK zd92U)@sKop_8n;=NK}D?Otl@Qqs=x>$vp|iFJQ`8=X<2?5P22d(JZQ+@@z!^PEY-g z`XgoNe~P*PzgIQeOX>m{`V+GrVi$=C=NBA)9)sO7rvGM2+AGlA$C99B z6NQBQ-Cqs7ez^UCnb4)pPD`??dMCmQBrdu8!`0~1Q~x$Ksvl8Uc5uI) z{}4CxZ!hHE+{4J~Ey}e?-;ZZc8QmDLtcow_`DW|~^wNw6>fzV4FuUriEbeI!`_*=} zqdJf?o|@CuelN7mTC#q>4nuB|I*plrex_;&Q{z4nB6%vFy8wXQ42~X?@6Y%^x)wS^ z=2v4i@zjUA(?Kv+U-jBR}s6lCgousXsR=$k*cV6mU!Ui=@ zQ3VHGeplP*BO62z|H=JG_4?n9OxcIE1;5`Mznrzkie*T+cfw3BZ}ff|fP@j>KbDf~ zf<5pg<-jq%mIMK-Ar55so_4o5VqxM0Bu463EfLr1)>O1;9WtH)-ih`6$c47KUv*H; z3z}U9Amp^e zdg}VZKd1%6v3*G?`8c*a@<%dzk9?t;n~4vr;U5yUG?~r>8ZA6d?a|&;6DoCDvSIm{ zs2(zR_6-dx&S+@D6Mz;F6z$~SyehTq;zKSOUi~Su5PKOcBf@#s%)?d8_~~u&^o5Ts zG)8Yj#L^4PBgdG{mX`1I8>lSP%fFT3zviB{)}?5`#G(O-iO zYI~e*4kR4aR3jtlM-_B#f<#8 z5#yBe)xya(=WD6X1tvbUPY~*>v2Cz8b+83)h!o2xFdRY6l6O^KV42Ous379=E$Hfh zObUfE`Z#kr@$Ym@ZHbXyB;qJb##8fG1gHijnz_hWy!3Lae=aS~kcoS+wk)fSYb8Wo zeC6wc6S)SM4J-v#1v3r-DzBoNk%d%0-G=(YBp@$5qrz-H!OcE1Jd-j_6oU}P5h!0S+95f-x_}qsZ7|8G3&zj}7%9s) zABPaxCEwt`pwHF%%&)M-qbDV(J`;sLY8LM5+JU+d$eLS&!ioj37f7>z1_!3 z;Yk*aoYA+{_7*?Srn{!D`$NuV-G^gxje@U?3W!KPyxQHk{n7ojZLqJ& zwKLWIl~2<`SG7@Th0(ryNAJuJyRgsJo`1trpWD2_+lgf4W=-}YA z0LnPtNzVR*{|V}suP@{wfHuI>&Z^_4ZTx=k0<*9^Wpz93FkUrYkmf5~ za?vaR^H2k57+`0lw@84VaJ)!7JjR3;&^^MNRrvP87F!PVB$Aa#a9NW})fdgRVJTh2 zE)Hb~YtM!Y3IgOtx%m45nm%Xrn7!1(nw?36ZI{R%nV;EYHDP*|P@MMlm5 zI~3nj&*A0xr3v#f(@IFd%^?yJARfP9=++=3`|MNBaQ!zb@ph5kk6Y$c_8i#rB%^L@ zQLobFw(|4}b$gLG14|!dYtrC!ct?!k)Zd9H)=oYP?_vY2@3{5PteVS~BHbFF$ zqTN|hS&y9U;pq3Hu_|~JH z4b!#<2k)OKp=OQe+FM>-fK}j^zX8I-##c!>8LEj^(~Sx8K9RFJYfDbuH%DoB)M8i7G-72?gT*TqeJm&4U688LWF#<-ho`OKbrm)jsrtW&HM2e>qm#VLuMH z)E*0Ci7|YW_l!Cs%l6vY1Yh8Vz~@k$orUq`7zP?%($lT7Dl)r-;Z-6qT<2T5wKAH8 zPelc7@E@aOkGV<->-~Q#K|y7*_f%SV0toPM!$Nu38?2Bd8V1%lgm>M;R_t-V4IHsh zRVovazmt{%ddgO!&Dc9?hhsz{x-4E z>93e7H6U^GRP2V|gYfyga_t+h)tjur@jrIro+Vz$DP~2-0Uj*jTg>X2&tC(lu6z;L z+mMGD*wZ;<=8!-CHp#6*?uVn9+x^`enbPcpNlbP2SrG&tlyX!UP4*7mLNw@2TCoTCUHQx`I8=uNn^K_TwCktMg?a+_vIwkmxqZ>Otex46{nj`%0to^O+hm z@`%4bYzU;Cj{`+DZ=w&8J~z4SFT%M$o!(-8`h4Hm-c?le3Ic1J0WN?{){Q~92 z#AB&)yERYcb>3b2bhSty_=H@RbOm1D_9E3!FOtt#jLHKZpH><^ZbAfloN0FgZTU=- zHWN-6%@ekstCInAJS-V_D#Zsczr3@D#((_o-HT-N){{f;ZLjODVx9~CkQa!Z z9dS!#oi~Ed==sHT6;kKpA?jebe<=_gJ4}M+Ga;3It`Ew18(U#%L+i$n%2zVK94(l_ zSJK~)u1bwb&Dz~OI=#EWl(EOmP3DG3JF{HUeS{6265SK6yL<1CD>aVfy9^6)H2%;R8}1QEwm)f2}^ENr18`()x(UC=!!DQ}#&eioO>Wt{$5B zy5Vnewv&a>$Cf-q*;95J99Dk65gy_0*sPbj+Bta+u|9X$T+|3$ID_dl_U0ksf*8TU zqzeu)&0F^mE=(>x$jx_Rs-UYhr{&mNW=k^k`4FI=jcrsylR)qS$B=s6#v1t3kL1p^ zX_b23aw$4IjH_sLbYfvb!!65C>$Nv$U$>C2>P+?c`QY2?s&T~9hZCt9N^Y^2te)p; z^7sU7&-@zOd!^s(QC7hsBkc?&{EPA>Fi1{CL(efS3|Yr)Zr__kP*9!CE&qp}t7=_3 z04J9RAh_GnA2NIFZXOSwu`uU8S2SZeD`a7|_j#7Y?OCGE%+J zs`%l;Q>zr?oy8Jx>(@S8DJmo`5hyCu7@RR-XQ*uiaOL^*{e9q;ZT(VnNPfPxAYpkuPq@IMhh!+l?Vu36+p((Tlh&~eD0edbPL z-tCDS?${vpgOXP{JxpKu#^9=HHBe9-req9#EtC7%}9{f?sKy? zlvA_DgJE+}qF@Va!yf&m0qn9G0>-*TDTISU`hoEZNTf4m^6aeMwej5qf+z zRcJ`&^RO4O4>IMQk;uxeG~Pt)PyWccJA_#A4Yk40E) zfvVi3ece2)6H&i+i6M`B>>9J83!g6CE3n0;&=4(L<;4H$r(YNM!Bt9s8#ZcVq2YRT zbboSrNWk1-k-v>_Pfm|f)zp;M1#;MWbjSbDjE!1e(=tGgTA(6JAAe(`L@ax;6JMxj zrBPsIdDbLS$I}>Pb+76DLr5f9@%09NvxgOWpCB0^Dd!-F9H`|Ez|BSsGn_m4j*SlNV|;H)=A7;yLWa&TBn zZo)?mMu9F&Du>yO&r8Jt{%WAkBkDPJTi)6kbCu(Yr3+Or84ZXag$A;pQ3uho+h6I2 zNB_0Eo1xVVe}mTVd45}&-C;sx{0==xi!+yhLRNq@udr`G2p_YWGsl%s*Y zW0C1oV(f;pjB3`#NR1izlhh$rpjZoaj{KH#F&NEOM@ySOTUb5zDL=^fZehQ?JVk{Z zOTG?a!1DY_k%?DDHZbpWNeA(L48Jr=$sBD@6hvx=PS>k<+DcdW^CZQFaVP7&Eq=1z zPw{}kcIuQC!^#4tXtyV8=lV*GmV06b89KizZ1R@?l#j6$m}LC0M{}1-T|Sm)M^x%> zYcs_ATl`VoaI#qVd-1-KyuKut|99Z=m|R}900R}H8hC;JWvcnu8@wpSK zztAPkMYZ<4Un|8$uHbS&T%a6YN&aa9c*cRHAMt_OREj%H!Z>g;B-3m!-zW~N{l9u3 z7*PwkeZppxAfBss%}NM;=2X7KDA{^MGL zI;L|8ZSrf!kN-N4)U|IXWZ8V9kI&zY@z7hN68cy?sR&fKJZMd+R5+UIrlNPz`^QIf z`f>^Y)&js!`!fr^_ftvxobNv$mE75+hFmy=Tw*$8 z-@6TrEdV}d4#u$f$i4@kPH9gUTVa4!H_f@P;Dvi0r48Vcf7?x6K9D>o1RXH`Wh&v(bRNxyt-;>nKSaFucP#^xZ??P z{~R0l_SYczteUXSZ!`s)UA2~lWgq1L8-kE=7WZ~PD^jGlw7I7nOj7B6<%@Zo zpiym0NTB4GY-s#fx6JRdHBk!xChwPmf)MUcXwJ%w9F*;}6th?rj;0x#c@LkCDtj4x z{-)F&55=T%NSuuG4vN;xVF90n5|*R`Qez^+rxdz7dVK79Jw0a_tZ|J!jlEnFmBPPL z)E05@q?$Ar1;AT`G{RxjreF8CBbOI47j8Rg&7z^YquD_jxD5wd3Z;7dNaa%Jl0zRw z!CVc9FTA-siGeAb;SV_vseD>d4gp)0a6cV<23Z~vouf36PR4fNCRlA&ERe!D-C${@ zNbW$ej5v{#Y0Z22@O$B!^X-^yJJXxggkF4sCQt@@N?SIiesY&m^N+T7@nwCZa+nL= zu6x^FXw581%}Ey681TCj4$o%aPM@xrZT-0~6t7lgD6Wo(*r@;(B#Bcnyq$)_BlBrD zJR2)(sLNo@f{RImf8%fFU!$jYU6aw zRppQ<6t&qNwJ^ro{;r(g53lX2$>8Ffgr;}fD&{d?04nniDV;J{miDYNB#*}F)|67D z!+#MW7~6*EDL@}lvR1jQkpC96{Y>4QMjZ~Yt%QDGX9G4hsr+uP6`)dm@l>oOtl3^T z8f#gb6+$k0@ho}5Hq}83P&!aMhP_6Q3eHhjI@eazj@HhO!TG&{Ibb7kyd~#3&=mX( zmTD*46aIf$ZtHpGiW58Gkp=*b~79D96D_(53X)dF98wKjhwLp3g-1=b;Sy z(C-cQc{_4$q^fx_Q91OCYQn1EWupeZDdP zWGGUa*2Xt4%dc|f>owoQLVWKVYK>iKbidQy51MTvD`pwU*2+L-Iv0wShTZ~(O&fg8 zl=NS>_OOt8prt#&)Nl;c-1lXzO&i2Q@WlnJ>l&FEat^~Bom=3n&a>(azPSAt z7!^aUsev_@T}P4=nOo3xd;L`OI3&RH992FyF5`RQf8*9A^X$DvP_abrHstk6TKc!7 z_vLL2e-4qyQOX4cM!}GWVA0C)*`4xJTj7fL9k(aQrRt+2@JC)Ai$5pLZGx++dIn*f z9wIiC7N7BFzC^N9hv_kaDsS$*+*+k%&67UrFFA`Yp-}fV!f%geG-9`G?{1v~^RE5Z z9LB4yWV`w=-P=}IR%8S9$;egtH199w$X!=gl7^3&i?wC_FuC6iMv@v5nhog;C0Q^> zdCI;K9z0@POE&|0z!s&(Z_6^rUqsKP3k0FiZkJ5iBDaA#Glu2{)sNuf;)0hyL}bL) zy55b7J@OI@tu-odA)=y&`dukpyVG3qFHEn3qwOj9%dQQ|`;^%G%Cq}m!|Kh`YRVc1 zN70roZGQ7otK?4XXDEZqA~Ru6TU82rJt`_VRu864W1#N_YLue!)Yda-X>HhOKk*5& zz9bU=IlY_^OJmkSl`~2{b$@w(-v()F5`_&O%D)!V)h!2Fr?UU<`EqCnN%>_iQkGBg zNUD%LnxFm8Uv>qzM`=BA*+x1ZGJ8<|5F~^8`G9Kj3TlaQqJ0hF%zR|!MCj-`KOJ+D zJ2le7H>C$%m}%#xI*OSMp9Ve>tZdNIz@>6vE~h$x;+~^kBd^5z)zH4W(yQs3KRB8l zVz{*U{0ywI$wsC5u3$D!MJ?4NJ4J%)obj6njHvmBum6&|IFv{hU^OatpPRu+lvTn39p9yrTiod~hJp<$F-#Qe_&@EsG?q z02Nn?)_k0}tAQ1D;@VMA`zmfiE+F8{&-h(*SPA4>nomm-)xJ_=Hy5x?$WZJ0=9-5j z*--wcczbxqi*xc{_E-MXklvkUg3e8Z*qxkf=4)bMiVt+5x@ASOQtCnr`^=Zs!0*kmd-I#w@#rqmtl%aZc;qE`QG&pnp4>JXu zdut_C?tOlVMjrM-@HzFaHpHeQaM*ahvzOE_EPs(u9q4p!Y+L%4#Pj~=*r<0MAijaa zC;Dl1bgRAw53SGAh1=;ar))>-U$?fh=#DQ9WQy;r2QU7z*;h^7FI*_8H3s>H%)3fm zV~|!=j393R#tkR-(l~^jl(Lg3ldviagpcQnzGrju^>%VQAw?RIt3srPEQpj zeBHku>idD@HFj@mmMIrwK(BkaDnKjeh^N;r-6Kn_){NN)c7<_{n#hxq^tr2MzWUJV z?&+Ys&>mxNYD!98(@kB!_nad5lF02VOi-n`4I;k-;khJNwT z5`>So84}-N`6ocV2Ab)!fiHG=@Y;O=J}Ds@Vo`~sc-h=$RA~V8!woI-dF#WZM5 zC{LDXweq#XP`y%^48i*K24Ih#yudlD*$fc$@8toGya|_VH|55SUmQ~r)9Ml}Sm0Oi z%PY=Vcz!3!7VXA_D+y0m0QB*Zh*ul+_2G`H&Fu0W=3XXR$}zU;DFIR=@$=v37A3v6 z>=0AWjEFmuH{wWlr#r_QGkOfKg;B8d)`I!!3i&<=2+~hH(%1=K6_3FR31BeGpWte+si^HRVXWn zn||P!`VvC?XpAwCB(>-ShS~3hYxGmqHGHNw`HhF*C%*}egoHKFqsq)#oXGTCT)oo` z*1O3Uzu3Onm^BOkUZ`@ULy)t`RY(0LGZC8-H5F3V-zXY?M3>@*Y`sXcB|SnJ5B=3H z?8u)FL0P*@>unD78GMB934Ph+drqcbR^(WwcBEmU&Z~z*p@CELGFnAajf1qWPERtg z`Q~Oxw5hd?(%li+0Ea6#dV#R67YCTqUi9XrL@x_WDK6wLQ7y-^wfOl|n4e6Sx0dlE ziqh-&km3H3>ErX4Cz<2C8e4qPu#Zyt1-dwERh-5}ao+>IJl+9?unaRZb`vvn4*6_t zb?GRd5u(us+HA4VA>?;df5IdkX}43FoalZ2CpX;C{VS%j7zUBs-xPU=<1Dz5bg|3f zxhvL7jt4ul*%T=0$#cH6>;JuJtoA?a*qo3imV^}*B2io&2T^3J{D%4YE8r1RFIJvf zL6yc?VibqzyRb zQK~FGBJ;Ka3DY$^pQrX-n_k8BlE!mf8)M$cz3#8|`W$heH|ckOU&hEZI&xAv`t0t` zcvOPFcd_FA!VGHIreDduG*5pKhKU>Nx;{cxKU|7ppvoIoce~>u7w6+v9b)Fyfb#5s zvE6?QKY&d)w{Z@xu1EJt5Bqb+;I2>kAtz@~>Q8sZ{Bsz@ke87iyVvFH*Ksys8c32)FyqbmRDoF7|Hs4z|TCW_R7P8mGV| z!KE^WyxV*)u_cqrFMhZYH4Gx}_6`CWuMgOuqzy;w=~D~WZY}TgN&V*24k2xlEjD3$ z!Hh;H&PS zHcWGaGp0Qh17bLU`MK}xa0$w@pNTH=QZ$&_9yF&m@mbr@vseF;BMW6_CSUCc3YkAX z@7}iwygpdC_+gLMz~{AJe6Gd~NR0qJ%d4J9vtZ<76=4<|(Z%Ah{mecjJ|x0e!2L3l zGO2M@3!`YFuq7A_2|RCJ)tr(aG0@;k(D4=~)^*c&i(!ZM`Zh)RbOGvu^h>yz`Q-(OcOPM>b^wMKWklE> zi;2|_hdu8}jv9aW53`NQSzYDiFP9r*SHFH60=J| zKSN0k{vafiLjlfshWMl6axZU!{s?ecnBb6VS?`EEiBuW2mLUdjX{=+^c9gpm>r}lR z=HJ7^mZz^q)Pdw$!v^9D<6rZi3p@97u!$XJfacwCtPOK}GIHvNo%>5(ALQsiS2Mk3 zNI5vF5^SCWN+XB0a+(q7<(b7}QQX_F`>`sTVIr{bzxAeSF-s-;k}< zwIC}+d>5r@!&;s*B+7B=5N4cvJ{m$+8dVl$=zW|qYtRDnllH-%yaH@|O$W@tmHm$= zjUHnye|uy5`wu$(_v^2YLxhh5DjU)TH1(}@zeV&{D8EygGvY4l?;ZF89sUB8bJw5F z9YPCj(-BP>Tp3or5?o5272cK(l_RJbPB2V`Buzo@l zL919_zkFU&0X>q*2G_?%|1A)NrGk2pyy(pk`)w#CE`EGBpB-MrJ#N-zByi#f*7wTM&jPr@gkQ{vuJvR# z{PK^2$KEF~RRrDo1Jq3Pgu+t;hiO_V&-RaYayqWW8@n#SSeBUI$J`v}n zHqpD{KVJqVX8+Ge*}vQ17IDcq+tJZPohGLGVS+u5s5VxJ7B(vfo9IZ;3j5!pz>4dY zY^N9+vMIjkfKq=!S0+$ZVy@EpM5y?5YX;CVB@C=&e<97Z!2WyQ|_n5$7>KFu~#d* z3r2lMww5d&$zi2YKMH9aDW{61{q`e7S3~}lb@|;0PF=LNQs>~F_iIXyS2`qU;m^=>Eg*!*C$ zgqD`;#WUZVwY}j@cWwbJud9RlLk$0JeB4MOas=(&y-?$O{l)lmPR&4H^l{SEmw{#k z=^Pi&y1_okP|K?G<}CcN*~hjxCxp1uTz{(tnM=;swy@W4n0m{ytXv0=bGl}1&2lp2 zX&K|}TkL|#>#@FktzCGL`OWXJhGdPHB?jhCiSCi~asXnEI z0GbVjgEUZcOugF%Rj(GIps$-;UlHvq`{_oQGWoN@n8FoWxYMJ3TxRQVg0)?GdmuI? zto20}aoFfLDEO9Y-TJK_v3fCg+iSrudcO=Gu}2F@_ZpO@(p=&h5U^T28>yix^Com~ z!FO=mmbbO$ZK6Py`ya1HNg#2UjV6#(tqfE>IGCV z?R}7E$Fg9u(xQp+1^J&U#1x+DM2Y?Ce; zb&l`_ke=~twwgbxPZI^a{t6P6LE(=kYk2BdXfnTX54S}V2=Qe%$#F-?x#)fV8d~EKfJ^M~N0^*X}z~?y(a>m_Lhs z;rpf+wJ>B#Q7}8rL!sQ`7TKL;7Nc)y=WWM-kz$%f{LQO2CQys{Xn(%_z6c`N{+;&U z#_t{$Eu~RI!I!34b&>>YEZI`dXB2Qn(_E4{*dTBRtqohH*xi!kbCP3t3!+!asIv0i zUDh9rF*;{Tl;6zg0$5%glxllf;A@4?* zX=rNU@|Jk=$lr74&onn(X`D^lQkAwgu@YZ&3}JM(GGT9D9AV68pb1ZhuwkYez+zuP zO?M{7rC3cHL$XaLwlT&fAd)Ls=h8Fz^>YXSR}1?xjph~W9bM-YTI=H*Z6S&w^p3;) zsd?ouSzh6sd}u74iO80ZL^^`;!;<+tpN6ziwjv1Ai=DsYgewuBw%2*}IOB7&v?0Eg z-#q6zeFHX#_-+`N$YF~^EG zc1EMgX3yFqIe<>LQN<0bhiMCdv^8jD*z{k*+$ZuHk3ZGLP`_Stb1_dKnxuGrretaG z7%xDgF+vr2{+QYwi($wIA4g?v3vS27_EmGxNiY#si*d9?$bChE#bQr%K9t(m#^B6; zT_H{;qQK|l7vzcg{D^?fWdNz!H)A#x3pJtr@yJ50hA&DI=VjD+KfqxbJRakKTQ|ZA zj1qgBFGrC#d4WZt8o6R+-h7jzu0hDg>IqT6m1^A=y*Zgy(1aDM)AM4^s0XA_DfC>Y zgsmt<2B9IYS1h0Nf=DKk?KtwWx#botXmU{&;c+ozryVqIqRG@LTZ#r%>O6P?o(a~r z8%zW;qP$0G3rTO*Fgi>vN{ z6JIm$5ZKzrc}l@FS?`%Q6DVNpd7%SI;Cqayl8|J>Qg==1OT{5l_^?>66CIk}2n0$t z#5mdR86<;PfEh^EiEgfQR#PeM8m7DR0?JZ2E^xa_R$$*2*-I-+>W$4Yq!f@Ah zEJlM@BG7FmJI9Be;tAg^n+7E-j{|j%^E%q!=j7()D49S%w7D$py07=XOdlW;{c2;9 z_a?&|B+>vI4@4vK11=H{wLXvhyJ=ckwzTSWyBb5ay@j8GA*X*P!IH{|<`q=D zOI!W6N9_lO8qktErAgwHQe~}K4y7jG5XZj2m<+qIgmNGdtt2tbkIMbR2iEQQ9}w^$4H`#{4cs7?tqn!$QhtK>=UVzaWm zRKpe5I@G*yyR7$1e`MD&-VL&!Sj|WkBxp`}K=x`>35&=Uq1$bPW4rg9s(@9&%iT{H zFQKwZ%h*nk(zMbTr%~WqECWV$BrsiPmTtq6nl&x*eX$TYqzI(6wc#$(n-F((s$?i_roE;RiIppT z&42Hf_XQu}t@lpzl&~t1(;=OWAm7{wbd}|ftHGUL+eo6anrF>0$Dk3-n^@k-nUX}v zBPO79|IBk~*#?Juqc_8^jy&e1BB@?c5DLPIxx13^#&KD^Q|Do+?%f82fW|Kq%b}Z; zKp9woq@1J_W|NSXwzMp6oN`X^smSjM*gFFDaPu))GKHk89n%`}FmG~~qk*Dy8!pOC zvBX&tLR$fpOJkC&NK&znO{Y6E((G%G4Z0!pQ7E{ z)AFB>My?$Cuu*}^pwOsHYao^O2@lfI(OdW`MS-e;O`M-OJ;p3rgu_$=oPP zS72PXVX|3%J>!hKHXBAx>8Lq4?33mKaS=^~cP4dGpw0H`$l{bPSlAk|R9S6tIO8PW zcDP}uL@9?t*_LMl&$6VZNocm-91+?>)V!JGEznUfk<|#NY&?JlR3sr(POMPY;e+j; zu#P3^80dG=(87=6`lOfT%NqEcI-Hpf6KB)KwZi9g!UhRMqxP=cGHchIccJH(+x)U0 zPlLm>pNeydd5%X6dvZTEAs+tvyOwCuX%=tDrMterGvX1GmKK3H`@8+)+Qf^bs_$5V z|Gh-T2qU?C3TKu8I#A^*NQcGSQp{>z@$9l70&(Zig?ui?!pb?`@?CpI5q3B|$`6J6 zdm0N0=Tk8JZdXrYN?Ak!hF`~LA$Su6PDq&wfQ#ALP)KJ5#h^^~6|Br?A3yHN1#vZ`^bkSjQbo-&V2X7D#$Zirv3JJ0m;ZdYHDV0 z>wDa8&s5V~T)_S|YG&il(Z=@vNUk=IK$y?>eDY)+rN2U8$kpxer>n=z}~ZPAsW2lINdh4`s0UM>SW$;MYvnEdjpH?K1<2cBBp>}9St zLmFEl4h=2$r-S6O*~PmDnAe{pp?{E-kUz7M%u*fmQvUunEZ%?hCw`m1QQqa z4oJ223j&HAva`bikDl)yz95hwP5{U#+-iQZ*(-nk{DM+4h>%o-aB5oWIM+G;?~zAE*0FnBgoPiX0>l!jpx!MYj2 zJF%2^G(f(ncUecnO~BSB9;P9Eci$I75ue=zsVRXT5H$jE1T-4pl)W@1qxnOcbGHU~%qLzQWBv$38>kOurqw$CsM0N&;VQyiskrig)=qc1D{?&RO(ONq4*9Bq;D zQLq&MF2^%N7=*&!;r-O9`}nD4wVhBpR5Y2FhW?*spxi_8b=6$Yl?{^?8IB)YDfU%- zpYksu2|p%6PV_?i%A9xNi8;wlkKnUIgvfu|^`LMG;_m-f8~)$k{Z41v6KJ$G@UJ~0 zpqv(<{5U@uQ{5l7ES*!1U+s&V6K2v-ue2Zr5 z@p|8Xe-M4&Tf;7lVbL9G*suqkrY>4^tsL_W>MfFs_+8C-Z$7RrZ}Rz@A9M-}?=;_4 zDo;Y zulF!z44r%pG>90>2k|%K0Fz(gkFC!voI=9CY|dlHr7hdQ8|Ki3$HazOkyS$CBg;`> zfWS6k@}6k@&g_j6J6x=MHrPntEbCUr*oC`^rlp)Xv$wcgBlDu@4g-ggL5y7t0j2!L zG-#6zPL<{Ip!Q%#jWExlUxCu9M;NQ&l43ae#u^JJ~g2QtSLRVh;8*H$uuRT$c4Z5J{ZFTh~i`qnQg#n~Y7| z{ucKB!EyqE9W$Wiph%1muw0W(b(j^XzQcSLV=D>z* z5eYk8_zCfo;;SWWo<*xTkh1RDbbL*-L0m3kKW+1-s*Om}e7@jMBUVF4kYA2Ib69Q5 z&+y51QzOO5SE#o!>u zHlS`F)>Ru>5h2;w^*{gJ({O|#-yBOA+u0ReOFJqAy(fQ0uTDkbSYErtC7yPIwXahi z!f3-}1kJE!_kdP zMa;oo-hAfE{D`I~&7VHMS-KMH|oG zMj0Zbq88Ti?WD`53v_NkGR;l8nrT6A)h@8U&J|$_AjXB|Y`MrrF{>$lCk?0%w+E5!lGVt-TZ zy2Qwxb>S#{lCp#+7qK-2!XS6x;&O!H2n|sl_73^ntKUEH1^=*or8!}Qq4@t{n*WQI zcj2c0j3MBHMFrc&IO_iFY+jFqE)sWaX%*E5WEkMGD|*$~pC8#IW(1{O23gsih7qga zXAB}hm{4+w3l5#20G(+fD_yx)1UW6T&D(>C8S~(SGv`(D55-xA_sw4LKa8H6U&sLu z41wQNA5D(D2r{sw;38z@WYD*o+FcH0ycsMk%$YORZZ+_Vr$qyxihwt@?~q#W-mA#v zzS|MDm%pcl@7aZq6kG4x6UY?8Xz{MjrKrjhJdYRGHkOTK4_52H@>4S}w}Q{V20{V? zAOHT7CDf&;GG#n=UNj4|P{svw5C3ebz7r8jWonygpAsm;Qn$-*0#e zjjE;bsY@0e0yAF^Pp$(R^{O|Fl%W)&HJ7a(@B7Q3i%OGjpevVS6eX6su7vA=g?-KZ zfyFCR;_-Cf^Y*oa5td@T)CXypGXuRlZa3{n65^w`_cEuv3a_Tso!-3s{H$mhyfWjT zip9^H2+6++ta>Sy2hHLTwB}ew)yw|a>>LtA{M@YYU!>{Z07oo@3C+=w0&49Yl|Q@n z;;sC`VFeGV5yp>LaO_JLCiV@21AEIjX7I!mnEuMgUDSbx92ieWN`Bo{*;pmdJks`~ zilews3I~Saa)*>9|C%{Feq1~miWbYuuNzvuc%r8_F8H?!v|JNE8*DQ9v3ud#G{?&R z(H{rVq4DGBsG6)F<(hL>sr{-x@Nnv8TJ~Fkkgs1O2}w*l9@SS0U4#L2MSNC!Bt=6} zL?Vqpn$_Lq4+0HsW-|sg(YcUcO8ux9?Ihlfw%F8(Yq#zIm3)l0iivL5*PrlUSZbz7 z>A7!tU%X(LJhRtGQOSW+!4*`HU@ka+oG~X-p9uKxA6(fHHNRCMG5?;c`^eIJjNXxmt?~APrh<-}-bowMF}!`}_6R$+JWLmhmq{QTDtlnl(eo znKnHpg`$B5Q3i@Ta<6Igxw$2r%d1;sxF3{P!cxgdG?)j;a(ZB@Wt7X8G_2}NAZc^$ zPM=GBi`F*@?=$}V#rUVSu3Z~_=*8o~W41p%hLN?-LQP`~)hXXKET(1|6yL{FIU|>0 z0Y5JxNJzD7(86`b(4Gr*;Xnm0Q`EAurLL6B*dzR_efx7p%4+R_Ky1Z(ATFw+{JVSM z8bY$>t)v@JajHJ|d9#CD+#U|`z=`#`lqlkg*}5ve*ss$D7AjVH_!~T0!Mk?8Xye^X zQdwa`UL8X}+@b)8ecW_#-s2J|?rdyzo=C(=F-RvqoJ^qBipP`tSn(M!i$XmYQVkLq zM89#bnmTZ=LKJK7)NgNg%}#}bA+m_GDL}qtg6Wc7g|dEXTjc6KFaf)w!x<&C$(AJZ zdvMFk{j8_Fy#a?8k4Z+(*@!TqQhdQ!Q%i!pK>CmDT4fzuLzsZ|OZ=Wvx`p{K1$ePR zh^3LKo)^+(FiL|(XEBo|KWAj*b_zSwatC&Rah+2mgFTwb&i)};f}}PV@sef1d>a$~ z8iC7SaS8I@=}J~`3*F9UMZ3tX{|72A{og>vC!Y1tzQo5RF#=d`(qJ5djY`NfU(p`oxJrJ(Grzsath zTTD`0{AZ#;Z8%#;WkvzKl`e0m5CMCNwny?ju&q_d(6?ukOB|TSGUk8^&_6eS^vxhGo^(t*5R_p_kn*?7o+Bis$Rh;N5}ncdgUG#(ljQ1w9h> z@%|RAo5qo^EjRJgQ!Lb;{|3p^``?7^AK+o4k&e(@LH%m_CkyN;p_=e$ueM9db9 zct+CIFU|H)X!OYsL7s;OVf_2@ihb2hgv5z$%TcX72yT_#T*0S zNs<;4TjtP{6*o&YO3Ezgr!fk$*+m=67M_~NDhE&<{FtT^O02d?~3G2*0 zT9c*Tux-C0m9IZkBM!^~K2G+)jy5dQitE`trO<5yU*{i|IcO5g}RZiNSFIVtcdab|vnG*~!td z8Dip4e#jU)5bnahcAU?vi09AhABri#Q+GOkvz5rbnM^T6@dg{2pRFrV8rUfpQ1IbEC_BnK$XN-k**SkNGltfjNes#SJv zqqH$cu58H}ME~v3s8^>mRm{#IT@b;qQXl}u5XOk6jTVI>HQa7+lDlYxjPlh(G|+Hm z<<7$U`7OU~{5UPqPyie^Si`7@U%6_cOF1$uCGCgfgUsNfW`~ zqQ;a8c75(3hJ{J()aSZc3UHXNmCb0z2?Gb@tWs)a$v>4YiD(P1IZY~gRG?hEAHBF{ z0VtH@=#eG-D0JviH3`FjbzPz>k={ct>=w?&Q(fe?Kjk6778q4p&4=Zgwg*PqzxR8CXlv8fBrypApdZ%rvg-dxp9 z+nalXZG9o-U2Jt3xi|4T(YQ=9jnc$*JY8di^PlSRlS?pU)Cpcd%QNJnoiAOyTcI6> z=!w<>k_d zL|oOQyXW<)W8v%7YvbdfLVktaszLMB@713j4$>#b6FI)g(&wO(qTKVvy~?BVs};Y2 zv?TDwcAlzZ+ro&`^|8nY9hjMJ@OsomD=iYBtpcD99XXK3S^0muXZbE2;q5t8*ip0& zZ&SX+i9y$q2_9x?*5-l=K~`tXG$2U9U%7_Ci(?Tf=(9xoc{O$Vdo|?;0JD*86!8(M zeO$sKX*3Ou2T|t+?Q>WQOj>i5tp^tZ1X;^Zl*4Zt$a)$8wK`MHsq;-H@*tT*^9#xk z|9(N|1RDvwmRVzE=YAe<1Emb#3Y2V2tl*rWF3pS6HeH%65@%35j8qin$jq8WzaA5e za1=xie$DDzppy?$-DoYlfT4j414>BQ^$dUOZ$OD~$D`}aWsfx|(sM(XPt~PT)&J?} zd&wj>S&M?D=S5wX~5UOn=6}Vsk$P}tp~YgYs>EbJXO6z){?133xFs1UPrYRjQ$iEAWw1V^#U*#V`S@Z;P1CftJgIZO zLTA!~!)Lzv?)YH(ZrBpAvv7YXg9(_(F0gQNjLW_eRmKH+)J9a>6`5VwUAziQma#Xc zrrrVi!BA!q>JJeqsoSLp7{+zwD(~zw(-pcSxC=6MDyjIdtDKn{Q35RYfFDX^fq=X~ z8G?K*F(oC8nV=H)HRMKQ)7)t%BRp!DaAMlyO{x3fa%^rfF~CAx=r5_9^bTXnkZp`B z%%<_6`j{dyHH2s_Dv`g%=BynGgpnX;;#mN7sSIe#QYBr&uFVv05YN88 zu@F75k*`-qlq3`gDUx}4tJ(Q&7PGh2{TZnLF8=#cFQ zU~O_C>F|v9KdOQ;0}aNiN6(gy50QZA#(QscQC414Tm}$sXX#QY6J4FEtFv8<6%dm- zo#;1boxE(wFGQ-9Q?5?Y8;C5bs!YX<<@xwkb!fH#7Pn*|-ecL4cg+ZPTe z9ERB-k35KzkX#3E`u66Qq{z{?;m_;v#K?K*LpvwI&qx0;fmGFGVITevwD|uqgeYEC zT}Zs*X>r?gnX~40BGSl#&GR;t%mP8pW0_H19m>w+?6%yR=!xt_*{X+VZ6O`J9v+bF zNfJ3fD0By~Dc(7ZRgpsA=i~k^mic)2`HuW`DnUPvuH?w6%m3y8G8dBazVeB)*}a`G z@g6z;a=Id)vwnt2}^{JgL)iEHq_-W$8N#S9J`*G$3Y!wuWnpqwDzcu5C+ zCr8-Lb$hCJ>1i=y$sF39xt@uK1n)2Es?^o7ZU#MXRNR*qzFniUt@|JKxU`+RsJsod z_jJeJ#6ap)OjoZS_mk2L5Nyc(-Zm=si!m%l~y6c=;V#>AJ-He4h{uGG% zzU;<(*R_4^vFBZrUHyUOZmTWxv2}kt64&|X+rd`Q?Tq)RG+FC1Vf9h^xgbb zasK{mj~*U@bEG&*GNm9QpQo`T0)#4!sYXhJ@+>w0sSzH99XCcCFg!rXE+6&Xz(q|C zJHxOa-kBX!lUEsyj>8s*I}18=iDITZH%!ZYgSlT>T;g4&i7eEJTVQ=>C;*;cw4|Zn z77H>Qq!TXfwf~#Sk5V*t2f?B(FXiNVfAnL|i-?TngP{g~F;~vlvLyA)L1HqzN`Kn@ zjmxg~uo(~8P0s|V6At0kRfNbIw_AF1n+W%GcXStw{$}Xv==HtcKR!6n_Q1BGOHi%^ zwJ1$H)uzD};}J#L=|`vDK||-VIgS^QAY$za z%h_$Qc6%QcBER1J z5Sp|`Xb}(iPk4=JU`lbYY*opdL$fA+(DX^`*_3)Q3mE~h(9j#gV>$Z;0?(vq&F*3H znp}#QIyhqF@rqHS;UH^1H9YvruA_AWGIs8>S9= zR!yf>y6It6KzwN2;+GZslb=?`J>prl;>Q!9O z&*ZZ+W$VvJiBbPSwOTdEHG&s&Y~47okdKW}oKQ(ap>wEZQB)HX+D5%Cq(J5uI>JSC zCkjDX00s(L2Oj0= zgoVPCg+Kns!@QH!4ZdawzV7OK?lOIUS{8k|8oIp85q;Yeee2nJ?r{k`HFW8@Tl$wk zHZ~e;diP4vQ@G##YL>S~kx=?T)v;7)Mg6km^19^me(&-=K=CqA|8`RU=4$fmfBeoT z^G_AMTQY$(9pN81E}5gAmGrP67eOZ~Q~M&`ue=LISeTF)n=n${i9e;qH@R?fYP1FaHb&oEo`tp~J0Qt$uXzFfQw}Qr#8_Kavl(v} z_PzdC_hTd5uR3QYikt6-)X?>D-v`B;_g^mr{o*s$y%J@)pk)8w7hHX0_dIqLhXPJ@ zGP$HvV}zNI%Y0TH@64J{ux5dD%2z?~c&q@yx44R&|E0z(mCF z*32W&xMpDlgs7&N>@#E|X&_|8g>!Kkc=h-9(DCc#`pfWg(Eg2Sd)JR{ljY2djh>FY z!AXmDhTE_H9=&93nqBl2^Z2|@T_Ai12~rglY7|5VW2hnoOk{_H6@j@zkbI$3l%rRn zwXF!QbdHyxQ?8i&?7oyBFup;JhY<(hP4H8{ANEp*V;;fsgB$H7Z%?;pm4@SF(6DjG zZHM+Ci`Mk#_ES8T7Fs`nj%Mf4yp9e8F@!1U4sUPIX2Hg*-;C`@gxH*z+IQ__?-P$) z9>ryX(a22d*9M7pry}RhJl~9Gh%aFK{GJAVnm4*1EQ~QU9p|~+(o^pg`qxf#rx=bh zk97CEDr=ou*Wz=h`4W-%#BI$PV&FFh|8$%wai%Rg=zWfsW*S_##chn~7v@~b?iV>I2^H|P8?P#?K<%5Ushb)c)4mDtvO+^l93)-B^j4H ze{&BhffC*VRX?SzjBB-*hb#Sd2m%W2@#q5C9}%o*=W zYe%ITHWaf{=hWHV>+2fywmGthTx;C<4WQYdY(PVVL#dFx*C<$;!)Qn)v^^8EITRj~ z96#+Wn8e1~fnmMeT9JZ@oSbJ}z4WICkE)PRj~d`b;|*-4&A`RoPP<7**%>?oZX4%v zFP^uPM1@ktACzQ;6fGfW$8kBq=tbF?#XAap}E9)w(u ziX6|r{Y3AV%XN+LPpGb}8JTeZ^QBEU*J-p98L+)1gNa9=ILOZt&r%kbro}qsDciO5 z;YMY!WeE{oUr*|j^o)vbWzAjw-HBDB5f(gEx)bxDb{Nz0PPeim!c+i~%fL3?m0|G` zB*b}Gggd+GDB>n<-=zZSjFcQuzVJ$&@^2f%E9v2(RQfhL3JdAz3wcRkWe$x(gWxl1 zMi7a50U;+2IsI{NeW;zv_e7S9;r$}FpNBju0w>CE6Q@*>ZbZ zY$>tBg|AknvnD($89`y?d)ouY|CO(z|Eps~8}2HDpDKeNqJtk~gKuT~9^(5R(EF~? z``)0Q$!yPoL3_MGd$aE^v+rlKZ)c`2;FmeJ*SW6C-sije;8zNtX{fRcTi@ehZr_by z-%YsRhon3C(NTtOlXuL_yFyP|Azr^e?9z)=Fi7<}C;0W|@B3Kk!`p)Bfl=V{)+?>Y zzUhSi6YbOk6gqTyd%Jvp3qCsie|er1x*eg&x5B3G$fz;v7|o;EYbP5wrv)?EknsRM zYzr|NP0tr69)%7M7EBkk5@;T6DZu_lt&%X>Mcs(hPKZQ>zzT9><13MUkbJ+1t z?=R)RDP3vbc|XOw^}3W=xg5Dfn7L+cEXgdj?&jxyxwtHHHz0d?;gzX-ZV!Ec0&aKq zq6G##0RV4S(}10sPg4gg`OVMYC`1DueovE#KAn`fMr!=YAGvB_3w+CU>48|9J~npt zLXK7YN91|0lPX!q&8J2m!y1f=@8ECn+@NW4(AK&@M z)xX`U20b1Sn)vuUNsYzh@W%YgX~?2?Q1GN|`EBw0YqK=VY16{NQ^ceN5t1oJCEi)x z4gtY1?1u(+!jN&O4)TlNA;S=A+S|_rZ)u#nfR*)lRVH2Xsuz^Q&F_v*q5#{&d-I?QwvH|P% z&6P4cSl%z@U%;SKs*OjL7&%#Cs+hS4YXp2wc0nPFRp$vZhe#YG$434w&VSC`D`#Ha zMtOO4gw}TRUjsco13iHkqo9_G&g`5>WKH&iB~f_FOUk+Rbp~b)1>zYM=xfOnhhFW0 zbUjh5b0@X;6BB%y$COfJ{161lQ+!R$$6wrlVv9bm7Mik(V7xxF}^bt*zM*i-n>-4*mg-uN!wiQFDD?gaep z^xzq1HcH!gR5m+UC+!lJy~Rtls}y6HT{pzQ*eR5sw4}10PHvlrfNnGK+@?kt5^LcS zQ4Sx~>22I@n1%|*$nF{|8RJ1%0-WAmTeXmn{j+J~_TbipRPZQk=5l2znUTXL;ba&@ zBZhX#7M3mMOgpfoPlaXi{}dyXcm&mFM`L1zTkw^?F z5Ig(XHI~r3DH;T>?3`s$%jp(JXwcM1)4cBK$=%QXa2Rxl#rBkUogXO3FD32w2{qI` zcGC4??TFwjJ10OoIrm800uWMtQ-XI#HGe8>C#ywGq?TX71h`%@aI^$+A4&`llZsW@ zO3ET(uvcYt8nHOYPiF`OT2^4*+7tx>2c4X?a6Dj&sD*Du7`rKmrm~Q$=_%34l zG?&SfJB|G)?R!Dn{r>iR*#p^}eO;e@^$5OzoQJ=4^c_JS#YA?BUR{XRwq}p7*tk!E zPzY0lBaiM2-RndqF5iI0@xf==FAN2~0;5Ny|C|3~D<2e?m02RDa1=;gTo7#hIv`g` zkTYFp3E^L-$=fg|KiOodh_SH~C*T2ra;2*bKjMGZ;7HB#7T&O&v#~*4UIaHyy_fXUiWs+4l%%V>C|MtEd5Ds{C%Gnb?9}4u)eS$el7;0N}Y>U41 zdcfLJJRJ$ec*)}oWb~<&$@W|H>YS_G>TUPadyH&2cqKH+e{ldFr%qw#D%bZsr8mz* z!)NgA_DZO_zym=!IkNjzHBugMtk#)PHPYxIkuiCCUDNCs zq`7Wipx&`PQp0>n^IWy6x;3eH?s{2|&Uvj}PMX{h^_Dw31qCPk!@m(8lVWob%!Ev* zi@O&+&CRKc?u?P7ac1m9u%XCd;R@1H`SjBd+7UL@jC83mp{{6Q{PKi0k%RnZb@iM#-oNQd+} zMqh0uC4__u4LRx57*JY=uN_y8UKYC30_U6zu2%O)<&xNsKDv`5nXo-rg+dSe%%mYdR9! z1TNN?#7HCn#8}X%$uX?l8u$bSr@)@Zybe$$Z{>;jSS{_;IFvX!N)18^28MI@A%=Sn z%MiYXOAO2`TNriM&d#hbCRZ){8AQZKzu$k?A?g50#RSi|Zb7l!Ph8CulmSJhOx78f zRqMz}ZB#6RC)Xuvi*Bj@?tX&S!@A82QPzSwIM(gci?<+9>{WNwfObW5S|kxlEr37k z*W~-5W-Mr6f1O;&ptXaW&N@UqB?c7J;4BX8pgm9MIrnGTk&QGh=LJIwEG zgc`snBkGY@8pSGW!&4%FM;hnMIN790AdQl;;q&!G?NwFPT>#f^m+o$}naYB@P2%Gq@^ZeH}a)K`$YVpE{KNTp^gw zBze;2Tnl+^bn+L!<8-fY`~ zNBEHVAT!>ldgmkTBAPu9%f!@soWpzER|SP*Ns6amhts)*_dhFNU1vI5et;MpH(nvm z^vK5}*gFz}c}BJO8!bOlhDc8tawdkrFTu;P?6LCyUG`x>Hi$tP!#3XfpSh+saB}jO z8o=D$gcPKHj`wLADn?kNom#?KBjq@+K+FFF9XFaxj6e@xAF!;=D;*^-MFLp^Tc9RA z`>B=wQMTOb-{_A4LwSj$^VVH)T-@@-? z{P=if?{VMwn;PTKRvLoF`oTO4XZ7ll$9zzdWiA67RYmjU~~d)C^v?l#W73%}0ES2_uucOQv(ABAJDdq6hgZ|vO~ zL_q*5cU$wUr|=P4^fC?CoIb~~#<9)7nUz^Vi=n4Uq-gcgpwn8<~)cdq}BKzJ-#bXNG!GDd(lYg($1u@hG9oA*`}MYNx52lkBxWi zlKJV8fzp8|k-h*ot}8JUybX9VB$#3P8ZN83JoHt-vij8E`$9_$^GKLwO#a-XHnYZZ zi`|D52R^RfC1*B|cEQsw7E&BnO7(j%=9Ig|+AaKML`Ymk3fj_%SsK+nRzvxcE2lgQ zB?dYQDmhJLrQ+pCNH$f>06?ws&z$9AyS7}u2!Ta-{I+|oLom@-JTxp_W_3oGT{WqT zG>*|O14W7!$zGXSJ01RcEnq7PtW{3$#llpt zuiYLH!Z1li5FL0;NU~`iwZ_lx=3cZ6@&PMQYA5{WqNCFY@0_-mZ2ZCv^YL~j7*@$l zp~A|5t4P`=Loka=M#|X>S#e^`Rxw0)c@C469-Szr`Oc0KfhLlMemK#pMTa_FuXZR1 zS_0wcldI24rP9gDOz3-KX?AwHhU|X?jfB%Ts*f^jeri>85r(;ytC}{oR`e5U~;SA7bR)ptk(N)5%cKE=; z#>e}JfwoXWiN`Ul7sbd9J6!BI)1J@X9P{wgUbdNWYQUA96l<#KE9!m8c;|wrag75b znmkji?}(C#sf`IgY|-B|DN@F&!F+Q`lo``Xq5<((_-FzWMJD(@Y6~fpFLp%lm~EQc z`Fa9gj0q?HoUj`Ke=vMOE!3SEzMx@O;U@wYu71$Xly*_qhd z3eYz)AqQ0^?3WcKyyD)9LdfCJOdz$4_ar{bGy#T{>&$iumH5szA^{N|AZG11O+${h zcBO)6xdo|~6`#_pIX6*R^@j$cFjZ1@`4(DksZWxWtP+%me?D2(<91n}r8lC)U`#H3 zxDZLvtzy&bm-@LuF*aco!+mx1fLpiJ=H>S=ul+x_P3|g`tIw=n^{p)?aTJPB&a6kYv*a5;PY8CZ1+w6 z<;$dQFDDS#9Qb@c8~k=-`m#&--}fEsIu3b*Z+QD&4%psjE?-pow)*at46%!0H@8gR z?@SAGa|MsfQZJy$OZbub=MK0AA>*Sw50&Ryx{Z}aOW9lm7>b8}cbcMi_icTFBOPv6;`#+^i-)5h8O|T9KiQc1+RpOr zCER~PmOp%jYy}^r>#C@#UaoiCK=0y`G@@%VU8WxM6aZaDa-OO5SkY{PqRcrF7AAHk5m_t#mUQ6Sb$Ox`dp zJx8qk%de=N5Qy~~vjHgqha>5M)*>Fgg}lyhV*~`L@#v< zm8U+T=pYvIR(JB1P1q%dC!;u6){vmNcYK@g!5)@s#%4X zil6hFyl0a-4QDtfX_m>jyPP-9&b}D4UHI*bgS1i|7SNubUmf0G3SLLf*55$U}S6^P(V`s^^|2AZBMqO_9>{0Z(D^{L~a6;tz`htgkGe8FM)Hwv3 zLx(y8pZALVtlZpSs<}b-qE|)R7o96KaWg+pB#hC~5R&05-pDCJIKr$8?80^UYo=TH zQNd_8kiS^)H3q4NGRQ3xkFeYb)oLDRyrbKlKR9f>XT0=)B}E_=jY`_OIg+gSaSj35 zPoVN@Xx@~jrK{B}>Nm&3q70!ex2l%sL#V=s z(&6*e}0C zEK`5Zy(;`RJb^vgAdm_GjwyvHA^b*$ScYJNC7XlM*DX4yGtx={6f>Z#65ciGz^M*w zRZ9Ok8oA!+f5@>t;Ty`#r0J56Knm{>@v+}*_iyZUS0V90RzJJC+uz^nWVRwUr#kc@ zl3g&8t~wkUmY5b%TH%ZzLUEE$;gqzcax^jsK15VU;TWm%l}nkiqY_JuItp!YAShd~ zM;D)zX=^V}MASI&85yOeRY+D=Cf>9&C*FpL3+(Pc=J6&2y1d-cFwj7K?Y5Vj(O#Fn zc0q5yt2b?VXmuisTwJ=u;chRD(MMS5mO_@ z2|GWgWpe&m;-tiW?BZ*x`TLOsjC2F ztiR(&$Vz|lFX|EU2)?Z1I#2c=&*3|RyRL3(*e41nS`3Ozi_8vq;6Lr`pZEz-EVWqrCVZ=eR1(u|>_ap*>|g6}?>3bMmg zQWD<;q|KVY$7ox1F5@;1q}&Y-x^AtnHz;(VBwydiU^FtuQ4=U(#MCV3PW%}v?Tj0G zAQoVaoO7`Eapzx7CGzF4Fsx55ryN((%H1XTc-PPS(cK(1D<(A-6J-zi-+zHEd>8?y zVECJ}k=KefoBzsG&~sZbNk265drr`0Lbu1Zd`3Q*{Og7ET#{@(jJ7PB2m*nn)tN@_ z6aOLorfwtn*g{wRqlqMJ?b~5TB9M;%a-nnkPLyR5|KSEyfJ;9^^toBof0}!F{p-AP z-<@IK-Tx9Bbf$2X(bj#C0GzSA^xX74`Y#3jmyTdwpwoqyuC3RLBjHQmOP?{plg{3= zrYV!x6J4l&>sB{35B@iRc!7dn-#CK)N>WsxKDE>bo(pb0s=P-|=kmT!^}S40irg{1 zFEgydz|;pEe3}(~fB7${!_;+M2wXlm`06Rv!LZ0LKL{onI(Jyhdyl5VY-76k40UbZ z)tSB>n3`Y_X=!^xv*Z}j7PM^WeVlgby`58Bp4)sNT^-%2 zO$kI|--V~xh8NgOp(F3qJ7_uxr05$(75K~)JzAwZZQV_3Y(hS@w)8gmAA0tgaPRRQ#=PQ=IWvZ(0hKj=rV5gh2m4e=KelP*7d6runO^l>kHdx@i&&=GRk^tYhNunvWQTOC8 z&g%F~vG^%s_=@hX#>%xzX?hsc!$~e5_>q*#CK~6(*8iG?Tg04gi_@ZV-3n8NbV|!d zRu6<8b}pr9rD0T{+E9g9#-zk^dQG}lFB|gC=Vo8r30PyGX=ibQv$P{)-~>~0Hf9A~ z*`28ns;Uj#2kS_Z;`J$s^$KdgV6JFQA_;nn7X>$a$P|sXin{vsWXfC@ z0Y`37T#g-(M#)@>)+Xt;+UCyE)~wa?f_cy?@6MTw3#dsXC_0yxQw=Dz&i1!g(~KD= z3T&;Cs}rI^FBI`(op{f7guni=0+X&i5>iEVD1HU)Q(&WxgaS3$pWFv(jM= z)UbS)qm1Lol1aCUBg%@^8rGv}#`)ek0Ye9pj;%r{a-cTAqZ5njtaGGiwggD1f!4^_ zI6Ji?FG|ryY>Uo0Fta!FsQnxNkda09 zim4>UGurOSe3+$ChyJfA&dy`5L)}|Ub9gTZwyt_TjUZb9UYLY$Nane_x_Qa7jJLo| zIurM(!Xj=o(b^EB-L0_o-io;1dEyC0P219Tour$U23@twiHi@{#E_kY__wp&6_2Q7PDGr2hdaJf*bF)CFuMbLft! z6CT49!sk(eSv?w>4Tl&)BtbnvDu}OLu3k$Nl0w(>q%PSQ!ZV9)i7k<+Hkl<7dh_B0 zmRg1|PNDO9M~}l$v(iY<(399Kox^O48$$#B@f)%&9D{LImbCsW7}L`GH^fCo2pif#7kW8{A@m>xMU zjL!$r61Qil3WfXBXNvcSu~*ao7)9?Zg|92nH-n%_3HG6p;<@oi^!;(xfAhu}$}4gS zy2*8>3Ye2;$akM)dVl!#{-<|C-|M}w|NYrk-#fIs;@?XEE-@N*-Xp!N^}Vh+wQaO| zo-Q$@MRS|XS2(^Lj8lEBOoVoYqwmnJjX?-XdV;oVy@AhIoO;OL1fiE#gpP&^-;N8P z`b3WSXS4J3g?+}p37k}cKuj>Auk)g>1(0sr5!NlQHK(cEh2yUoTaJ(Ir0%9zoQ$6i zy;?dNGvuH1j)ZJq!VZY_I2xydeSJBl_y7CFpnrtH02qKU^k*L-!S4`!!fSJS2j3rV zq|;|^H(pt%7s*|%t0#gFXsdm}?{T#XOto%NKg$0(uC!##a#0IJ7~6dYI(^ps`q|Oy z{Pgek`D1kh`w_t7eQ#(+WU4_5Ao|65~XJNFQ-_15RKqqW%+UPz_!3i#+qwh z4J&6M&!k_a9Yrm#wXjuCW2HsZV*mO3!mw{VCH(hK5;Y5R-F&yp$!|IQHHt~3Oy*0R zr;L4OGqfrAOx_D6LuM4!(_!-dIo9USmHQ~$OmFM1;y z9Ok6%K!vc_nP5I|Uzz6v_9me4(SnJ*7swYl_U`l6?GtS~PSE@oJo#^9CHs7<_jJ?$ zqCOf#NHcQLPyxlsqjB!pSYj5f&pu4_M#@gj+@77O(-UDueg7V}C{MR`Og|r_prFG{0*Yrb@n z+Y}K=Zky@*b+$l{#LgK?uUG=+AZYxHCk=>|{E(tmDFEM}gCLe5{rfngsf?(fxM}>M z7X=oqC508r|20l6E-Thv;m2XJH|89rNop~*Bmhv+FB72@VcqZBFic847BzBs)&>Yy zCY5t-h|kvNj+Oh~Syx>QV&}+4EEy+7Uk=97%(tk}1uNleZm3DYgT!HH)M~907;w`5 zP)bR`;;5Qrlyh?&brCncm+QN(kNks~qTNtGmMWdgtCj6Qk+D*$+al>#lXF;7AN@%> z^8ZkEmQis<%eKaXySoQ>cMAj!?!l!YxJz(%cXw-`ad&qJ!QI^RC1oCCOWdsKthP@;uaYcxOdKioa5-R%ejvU=0YqI?`2Z7oQq*fCJl$|1 zYy_R>9nNH5L^+LI-QNRlwg@?lD1#a;jg&`L8Lsq92P3D8E$_`A`P+gu6{d}g$8>zE zU(bpC0H^^gZ&kB&-n{u~?xK=d7;0LCVMwzrq?z$4p07TFcFw6dDc}0J?lc-A{mt#_f)cYOQHA!>gVf?E3dxm`zv@-Gp4H1$ zh{Alyzz*#-F2#z=Je{0$>DaI{VuVVGHtIJL+W@Sz6rPt|Wd0Jf){VxfUlHOr!$U68 ztNTih-uhITEmF1;6z#JAs}hD&st9@O)ZIFjNAW#_CzXg9sv6*`p+TP_rIKuJgqx!G zOR`#|9?elOIwrAYCZ$u2-=)&vDd1~&7dxL8Du_GJQHPR75;34n2AF8HT9XJ);MP8*d;;fs>oYOENaEN|K}#k8#tS*;6pv)tyh@Yki?*_n+t{f~aKq->T2E zmT~C!SJJ(pX|l0NVRnGv?91}NN7Sz4!$R}h!-l(I^o^|0|CM^71e7)6HyjOabbjhY zb&VWuQ$*mWCgsoV+8Rhf;)#RA{4iSKxC>^b0B&`0iQ=z?nd%G)t0nv-;jTXN5dHz{ z8TQ0EQ@1l*!|nwN>{jXDACsQ_=UwIg7XG*lZ_CBj8T$|irvJ+LM=(|D3^MQ&7VAf z;Tns$9uX0`;GOoAUZf;sa=#oB;^Xxo((dOw)80pQ7N@gxQB9^k2Wbwkn#?8oalF1h z-966xzBfI`W9z-Dwpd5NB&mwzHaRP8E9AKcEqITX(vg#o8`^{t_SVtu_h9;RFLXvQ z^K(Z@=p%S9*W^TAkaXQRUoLn|r`Co(Lk>P95{U9C#1b(fY+%QTPqgY89P{5nS1)E`wKC9G2!0l5Jn4;V?&POH9SrVOHveJi zTqpxo2T_Pl0_$YGf-WOzyb1-6%AA#nC^?BP!8EQo;uEMLb;_XO3bdw${K6FqmgL9# zrJNSD{B=fM;jXprGk)Omvk{a+Ib+oF$pjg9!6Q-wG^sRzlyauuM{b|)<9S{#LhHnm|pTDNg<$p>X!RA*iO5m=AG zo&2OlG^HxT_*3DqyL41_vWl&R0ana_f4Bc`y3rQGAhd|OdW;nVyqto686Y_x+)Er7 z7|!n$o~&}C7q;V&-2@zhE!V}Y(7-f;nU;bk&>2lOu#;zoDEDHskO_n+|AC3pFV!dV zy4w#YX-3Q+8koK@sm7gQ2|a_z1qp*QH;%4gOf4CbS*p9!5!ohDTTD&w`5B5|r2aM%x&j(_@wo^&(eSs%ywDK>dnJKXEYPMwCd%58z6# zV<=!VMf!wq7XnN~OgrG_o-M9eJAsX*+)WWL+(wV!(8yk3y@KV?y>(OSs7u56t%~!^bt`?o|KWwYD5U$U#VIH+I$rr^j(rYIE?GsACqHc{1 zE5+_ClhdbT=wLd&G}UMgK5b~npDL-%B{C?2YKZy8M+I#3Y)=Vuo^fCcfM5T8`Ij?2RySG7)W+^Bkqmng8P z{ZhbowSMdlcNh>u@#ir~cJ?G(lVT7ZI;_`(+=QweweqL328k?1{gyChI%Sg5cQw`% zH6_;iBd5?&>EARLO#OT)IrzyJvl`r5vs~tIuz`mo#d^c00Kog8lIc z|F}{tq&|OUQHXe$o|JAD-q(Ejh@o09+s|V8cEdjk?^}npbW*zvuKw9PAOBE*e?ptz zF0JowX_np3F?oYqvyCB&?1P%arNl7qLn~QgCwD#5r)jVk^Y&-XzVl`n43GI4n3ADc z)OHH8=y;Ek7;YZmWHs8ZH6J`Y_bGJZICreBYflvWtRq*YFE_z(_B;-;zW*r$J5x(t zcD}yv|K268-Zrn^j4+#q9sfB;WW4ra4VS28)?v-hn$`;xlkv3HdaD_SqL1J@|Ha_N zns|iv=aipmm80Qbp_$3aD)t>we<~+TuoXv5bF&}H6Rd}$MdiYW45Wcop;l9ow@NXh zTP4#(3K|*$a!4>S^+SYPVdC_L2NMi8{Q#GTN;%0}FZ0sj2M~rNcc6*hw}oL#UitXx zVFJ5z2BxDu!p4I0eWX;evWc#M1S$O=V_`aX@t&`YdnOZmJ)Cw^f}6QFv;hmf+qg#} z%JE65evVHKIxkwjMJ3T@ff=dhvSzBZa~|ijN}l76N~{Aez%aCnR@M@$y@(l+o8Y#)Y8vU+ez?v<_wza!@_4B=(=2Tp1{IORt^HhhF-y(Fo zY^tj<&}U)>QoER65jSklfnxgtJRN!p=~^&pYHjs%WLq-KrUhlJz*9;<7Qjo&04bJh zfw9{x=x_`1P*E~LG66aIr(yuyQJXja*=L40bB;=d{_qI!z~Mg3ElX1xRBRJ?l!9i+ z7yXgs9Mw{*Ldrz-&%>0%+SpRtM!*Wi3Xrw5-A1PD2tV#&?N>;SHXfM_EcWg}Rb2HckA02faUbF)N~ASS^@ zn*yC?$?9U;vu`3iL=bAW8h#C%?s8H_YGM)e%0`r-nUTZjCddFy@CqJ?ZFC5YxvIu| zAR^Q!&2NaDSk4uO(|X^XnyjQpfjhN{#`T4AfAc|MNL~|{n=8Mfx+?Is`y|F!X8HW{ z3B8ke)CYe0UcHCipRciteq7hC(l+;2l_EMAO?U1nBuveJfoe-(Ht$4Uky<;$^cREY z#{(3~R%lkM<_JBRnU}%Clqx9EKn)#7Z!?J(5cWdM%ZHk{4B2S>9h$9mVz-hy)akDz zh_})(HJyjT1abInKSk_zC)?VG3X2T> z0&Pa73RT7Ia@dQcu8Dd)h6-m7YhRtdb83@>j8w{4@37ctZMsB(BxGCv=X9+Ct}>hM zpo)%HApOx0sJRMpyr(aFBK_+KN*hi0S(qB^h7obb#`@}143T+o-A_j7pkxSJ`y|K9 z$!B%3ij40W5ErV~sTn{NR|rDbJ5)iw-jh)j(h z`>{C}FeuZjJ*D-2zw-UA_asn;EAmm#uB~LYUN~y=imBvYKR7J-qCaSMvKLknC?mD} zYaD@ZEO$&a=@q$jSIGIwO-@!r{RrkRe8FLf;1qc@3H{tuZ=l;#wLj)ca|GQw%4zxV4pqU9iRSFk$$9JHgVy6nqV~*x!zP zFOPE9#YHC__2f5EEjFs_tQi%9zI^woY&xwQA@wTc+#e%Mb1OxG4Fa3vsGb)!j>JnI zQ%OxRWYbF3j)q+?mmPV^{eBSA`~Pvi6?Vr^T6QOX1sy)T$x>LE6i1H7CoWQ^tg^|b zoWhhGdvnMEDXm6z+e|d0A{V2A3Nj+vO2|}7LD$E^#(QfKhap?(IfVmCjP?2>TZ}9* zq0+k_?*0r;(65b5)Yc@GlJ_CAvbzIg4Jxt&!~ zb587PzANGlxrAKzei4*;kvaymeA>%PAFoq}%O9rTtR|t=yW7vsPJ8MhEQ(?A z>>G|_CLfJTEI{`!+{?q|T8S$V_@=R-^$o^6Hefl#gj=@9pvsbMV@HvCfj~``{;z-< z>Rq`G`H=@^JpyBl4Ka}m%w)dNiY5<|e}_Q{rM&my?~vZTq7&~P^wtAh!MnAvI08yk zKm>G#6m6>c$dI~fj;g+F4pT%#??P4v_!*q253l=Mb`ZVFKa0pp8svEksz8~~E$BW1H_%yCT=QGLvx@iQ=FR+^GF)KwSeA&q1c zM@g)pCBmipHaHYqcPG^?HeBohZdRpQihl)iWMH_fr(jBJ(bK)LEXi?5sCKP2^LaS2 z@B(>E)wUSY;r9R~$pQWt*-7l%Zl69K;&0Olb7HaAeTn!@-o$K>g(1!fx0i{_}fN&CR1e!FCQbpIv`^L zUWIeKJZ`Vfgxu-Cr^i}O0KZgj&Ov+0^)vltmRIrdv|AY<1#={k>-jKv(#c)M27GaC zcKD543O`)r`QdZ1k-}h7mP-s#)DF+JV8CmtrRhvT{ncU9TqtQUwdV z0;C_Mvn-1Sm`K3l50p8Di=WQp_C1CHLWje;_01I@C!E^8t%RQO4^RujqdysI4*!;h zIb3%)sLvB5aO5NAaMnqsDC()!U{DXCOE-sugr=X>c7$*aN*0uw*X`~$cQ=$qk7>=| zP4>Ko%hqXwuYg4Q?x&B0vT32L3h}kCQ-HxN139EFQ^FJ~BRvjfIbBR=R=>as^lAHm zHNzwJW}wbdcJ%RK^lsT4j!!LcK@XIJT1#qqT;?y~Wan(5!0fEV**3=k!G!!-jUyBQ zX*|xQM+IF$FvuM}3v^G%Y=tjSOI7Q-tOdbyRjEa@e@V3aMGU1=lq>{Zx$7R!w~Y~~ zSBI})Q*;~Z*5f3_?$-`aPJ>q=&GSjRA*Y;yC{9?|EVa(V2chDsvUnJEB4`p{=UOmy zo15YKl#(|HjY8QH_)GV|tKp`46b=UPRjwA9$=Pja5o1e`Nd9O9-&xecN^Q@gbVfGe zr#1@kr*_n$Y_Te5ROyDDyY_;bm1lT8Idtz=7(4;{nYmK$Vqplva)BCF^dBrUNERDr%1L;N=6<$+ihh!|sRG2d?5pL_>uYDvs0dh2`RA6t{^Pj* zVO~&=+i;>DeV_2My)N72L116_PKo~@8C*Co{#gJP0D!6-us!?HgYTvf&DY`XaOxij zWY>A~6`}_0g+nBpdydnWL3oU-<=!5E<$ho#NOeKK!;R!t-{3kBFB{C4{`0IwUU$&& zq`ekZua_nnP0fXQFG5COXf|L&cgnqMP1$l%t! zY5&4uaf7gSHPII@EPTF50yE zSINcD=btyei`V0Ef$#xIobaD+pFM(>cT$*v=#SQd0);;vgBnH!VaFD=l@&5eD|ukL z9FK`9ZGSpt1ab-Jtldrg+aZLdDK)W#+w>m$nf}c~5S3+;w9vN?i$yNt8~?Sm@F}EY zo4quzs67^r9aQx4ej-76Udjv%v&3NIXk70Y=o$}=a?_sIHD0UBR zB3ygMcsfe1(<{2+F;h1qCbD&OiMyYvCKyenzC9nurg8Tsl&WPGTCU8cQ3G;~e22%J zunU_$Z~8$yxzZ2oEq*&YAvB9Q_Aj=PMm)P#A(5d^DIc zD1Q8VO};8C@_nW(IpzFUdR&{Y?8Ax{h{489>BXuVoYfL8y9C(gDhdxj z3k6)J+uFlvk6Na=XaI84h^`yIRpc@V21PQa*0)pWCB@V~DF@*bu&eO-H(egv!+&aM z&|r`97=A-(?0_#O)|>lv7w}+ z0{A)jEM=v}%xNbTCe|hRwU{t<^6<`d)#Om)@%vCL&vey`G5YKv62AJU!cQKK((A%Z zi^YC+$|1D9|$5Q!`kFFPl`}I97B3lz) zLoL`YqoiUenxnZuIW5|CpWVU8M7jKw3m;i>PWk9}cNn-`XyKLGw!=u*!GU%4bfFvBfB$0Mt71<|E&C6tA&6Q|X?F}8T9$;Z>C1=~ULgb{GAYb{j(KS%ta zE0s{Cl%z>lm#Qr)6_9r6sOrxcW&m-KNc^IHw@JNQo-qTFl_wH+*l(d-}h|x zD}mE{T;uSXU(DyLhS!d7S+oi)ubD>@ogD}1@Ub(N!<}Zo?8(`h4YRn5vvFf+XbD~? zP%Nf8{Xi1@U?oIne_VcZ5`XnZT~FCyQ5N4x^7%5 zw0+{uUB{mzcWhl!8#@2-hgv!vNnZJ`gvtGU+xG5U{3~LSw+9SOp&0`}cBqLRAAWFK z2#({dg2;6aqpFcHYkTAj=w_Bwwv?*2oRPh4;IG1eSRXqYnsI@zb zZWa(x)v+<|OC^ffY)$T-p`RE;ryY-M?)4clT6W(*On}ujU1(X!1k*a=pLqXaz4x!J z&ii=Eg9exLO|S=gg9m<{TnIuF@i@$|c>YB8vOKc+IL!M#IrADl!RmLamIvi9_l*~f zkm|qreo&D;je;Z6Gok3mGZgzQr z`QjN;uk$)TFo7k=%liOw?>bxZy;yp`M*BeTMd4j{Sk$qwU9RoB`nxjYd;jnC0{l~3 zH?i)WC*SO$u1~;F%0Frf4AF`T3%~84`Qi8e`xVwb_txOENKe}Q{P_${Z}URvIZtu_ zBbAhd|IXuqPiL;P2|lymQ<~q?Kh{>M5mHL!^=<3pjcD^a6iZ3yW?oH6_+}96;e6!| z&hHxT--r#Z$$@`Fw35%MT8I19`@iq51hrcYS*Mm+3w=y(AM!Y5t?^h8d9;jhdet`b%KjyT@lI1P@fw!-$IOe?yc5 zzDx67){jz^(!ttQ*8#Kr(+%0jO+Ay6$kRR}sMTa5m6_4)^)Bz@Ro{IBESEfjfh zPHf%{m$}Q04$cSRk<|h+tf`Gp+gOiabU<64NHgpI!$2oxWMYiS8dL|5| zRULDh_IMEPHuDAVl~6YTf6ksKYC@G&Wm!XL&ET&3J$v z$;;yK!Q1a>ddMPIBbZKseAIEIM)Wehi1erS;?y+A(A_)H*st8i481b{>)qV|s}Fe8 z>B!;75xCJ>>+rHD%Lk(eiysdcS8qKZH(Rvo@7}B1f;~YcB~)3#)yw>cLb4Sb z-?e%T=h^lAu2|o&&Yu)xx=0g1``U@i;R{j)XaT&SD!om>l3XCaGd}~z3YW>baoOm! zmrz1XEf3wKlnB5;*@8I^!>24q5sYsNUq?VZ^=gRGYeFnL+b&WY$tDIwZF=aTxp${-vFH&UiyfePuBDmExCx;R%!( z6=GJuVQ?&t1ez0@^yrIB-Xpw{+l|Ww6n16iMpM0ztGUISv8TR6IoqJfN5BU}jHV=3 zt7P$tDGWsufT~v`fGen_9_t{6iP z)+gG)0%IC+11ku_Mm;BU1_&0E!7Q!RC`~#{b1yq?0aH04p<_5ZwWhoVFtJ!p4H)d^ zE^%HZ8tB20JjC@06+(OJbjM-qQW)+0=l*8fJE-^tIS9SjaZWPH;2|O<6<>xbx2T`` zi2Qp)zfP2l?B|kpISskeP$Sm@Neoz7b+ou+m)xJ=Jky3H2Q?KSUS%5{3eQ|+0i=WK zdf2Ii4n4`oskRdpE^V|abF%!SZ`$%964A=CiUKAq2Bo^((;xzsyhF%KGfq@2Bv2{^ zn$JPZrbW|mQ&EldqJ7k(U@b1I6^>sa#xj_Mp`dT<>+d(7P^RAjWuY-|)@rf&pcr{0 zzM&0-G)sb8atCO(#5?h>?ueM-(FaT6L;bpT<|z|c^vO)_wR7xEeSoTYi@oKfC-dHV zenLEVg88#O((~#veXh=&!Z?T(We*m+L^H8(VIs$SIw4~{B^xE7{5!U53qI=Ju7Bb@ z*iaLYVUS9MC(<#p(_JP`#z$GfWPUi@2_!nS0`+jTUN~_=!ERA#yjk+3cL)tkv=jry z*;p~fK?q1XM=QMNuS=kgUiAg3&fNc1tpDaBAA5Ls z>^D0-?*I_T58$ZIax=>J=55ZrzWHRs+M8ul`%|~OqmLKx7(P~?6R=@Xh_`b)akIL# zYyW}!y~S>|k^YP1yP%Q}L$ghr$JwISRTuA8#ny*HO_(oP%X%O>sOx^!x~9ub)|93F zxG;*P-SQ9B#|_!{X@Rp-@Ys`P_TvZEN5hY^<~93~iZYY4#rwM{JiY7f5ImDL9(5d0 z2kMgHRh}XEfL${_EX}q9hHp5{c5jmwB6FM8L$DD43VqLgQw{Tn_ug>KzZ(gN0t+!Y zImy&RQ+8Ius?Yv`r{~ZI2EE+kw_vVIdAr6EhHmI4oP>7l)rVSoz_6F+Yw*Jhk?&tE zQTMy4<$80WFnPO1FcqfN^Sm%Y)M-2rN@Uk+%=MkerdQs8LoU|Ow;y4-{-CVI&Xu$c zY&J|HA0A$hDS^+fl9si#(r7+$)ND&cX4$!mL)2{BVLXBBeIy9y4W1ZczuJ89%{1m? z{YZq@3XQYbj>NTiYvdqJwAB=@*{08RDduBZ9-NaZK@;*vV(BeO1JSpWQeRzysS%MOzseeW}bu z&30Wop+u?02ZhYvYpv5hrWp;N#_#X4T5S3T&|Z$f`szm-cnZx?*T>s(v#rC}XV$!| zmtSEbjW7_f@mj~)g^HW)uAK)p&sjZv{ZN;!(Ci>{j_A@$ZB`!J4S~SOEU%mn^NFSR z9kOAIRbx=c$OU1uoqm0W&1UmO-)F4ue}5e7iUJFGe6`nACsvwaY!vHoDs$e`Anoc| z4YAF+Y^AkQiYp~-H78vj+x}T; zB~sD<<+b_2kMTG9h|F@YG|G&KLRDFlrZ4>rvfSdIWNKmj$LKN(fTsduY_io1Y@cD_ zddtPtmNSC(%FD36R(a~ACsd^jCA{s4nGNs8I>8z69$tkXHhId|^rcVV$qcupSlh*C zVX$<(*59P^y;&nrv>v=Pi(T=Rc#NSn*SwFcjNwC z%5oSkcv%2q^Y~5P9DKK?bE01EnL*zz^a7c1q&)j?r2RfFUzA7oc!iqQkUHE%YrSSz z)aau)(x)dCw?2A{ww^ZMW(1tUPp8G}QO}mHDmd#jEws~Gw&62V#6Atm;ye(^K(s2;lnpiQDlEe{$QpaxN6$bo* zoDJZ2b3mye=SI${t0}x0jym>N%XOCp?7~Q~>=bnr2ZNJVAg9V`u_@2*=4lh+(7$B! zp{;P1XItm~EJ1W^>_iRe{Wspun|g}?*9v2+ZDX9RYIP~<41zum3k*d*5<@x5`3+_- zoED^P69;z-xLcnn^tov1P-V7(wr+*CY6$GH4tZ+IfMs@?K&jhENX!IdZgsY_lHSp6 zQw%=& zvbYj5lV25njXES27Wu$((6|vAR#tBDl?hO-{|)1ujf;kj3Nmi8R3(^ft$qAxcmT1t zlxSoea}IkP>78|4be$>cqtg-cd02Ng9uXH(yeb!o3X~(PmKD_%(SHlB7RO?h{W0<# zE+`ZJhgfy+c8OrZ*IlxFG)r2`qd$;BK76Sqs$v=!f$d@!`Y*RW*40nlrqOq%omYC! zK3k=96-b||64VbW!QAikgTSWF9l^}qXuKA^>!m=06QHc;Vsi7F*Bi)E2lqBPeS=x~ z33O#fAEPs2H;ihBz~iw%l*+p!B}5}kd6~$`Z9_;kt|$q6#6sXrrz82yqQVV?uypxtFlpwj+rS z+~{ZO=lJ`REQ%sC1{4y=2O(`Wge8(HTY&O|Sb5|XRaYZ8U=gp@~qfuQ7CkesoD+FjFd2UfO15vKj7yI{k+Orj31;_3c0Eb@SZi${8}el^}HJPn%(545sL zXRoQqdbz6uTr?36vim}_kPxXZMB=F%X_Is}4HA}~L~l`ym8%G<8Q7!-8*8x{|RZ zZSKX3chcfz@*Usj5K*|9m?hWicrOi&_0sKyBTMwPZAA2L^l78Zx}+R_#^No?!22vr z^ttz-Xr$w*@AC45Xq$~7)O!GhxBbzA^yl@T49>jPhqjmf7KfRf@dZZID_SxPScf zbay00eH`0gFroX#Q3v1vEn$k02F`qYRhueqH>&3i#N_NyM^mBwgiJj+7(p9t0&~)m ztk+nM%lVlGSC&4-A7;QDH{~N&J6k1(EXf52;&40wlZM7Uozg;|DHZ0bqnHvRf@pnR zLZ*Ecs;pPyWnR9eVGb>bggH%%W#;H^;A!^OvQ9`qAP~oi1s%a&<_kU!FRunwTstIL z7!$&SzFdFKsCTa7#RbXv6*2KS8S(k$WJit;?^#mCj~nF#TKsP+2F?!n$XdYfwNPDS z!^5{YCI>M->{b$SgbnKpd$u{a@F z32OMI0;na#sH@dBGqp@n+?t=aplEF+fIOd8;S$fKKF|XpS1y>C+c8aYqOThPp*ubo zoJ|w2yG)&IBx80s78z&Z%-9*FCi7WDnNT!3<=5UERv2@ZZbHD{K_PtmlU%Q5_m5@ohFR_)?3{I1bK)$@s_IMF+S8BsNPD{9)lqscw(EG z_!AJ*LHhQTDiE=Wq~?2Oz9U5-+c=!Ip#AWWjdFe0?bV*g{XiO8&$;Q&x|S6t-4@o0sa^?%ssU)!Y>txieN&6ip>Dc$I4_d z{qbCYGcNj(9eQ5W{-ewBSPR0FnQ_~0Q_roAhagUxjI7|94jpk&Ao+NSE8v)J zu>godLf0OEtP*4bK&@GBW#_DekK!Axte2_+C?L|FhF+<*aOTY%b!7yt#6%@@pzs^& zFlkGMCk(<<9tZ1)2k#CMOWN2W$jX#LT>liRMDK}FIKOd3o>D8$U}>>EsdlpRQOF+` z*4pkNm011>VQ)&L#L^6L&C@NhxAoz*AHDUapDi3U1a;-hD+%62xckyW_Hnr-9F%9+ zdRIN!M{JY4yrTAga)$t^NuC-U*M zyy3Ih-rzSvl1BFPc>JQ}s^?_`{pm5sz57U`=9yLW-c;#(+~HjgSW7GOWEYC*xN7U9 zsac&WtLr3*lYzjA@eRSVnZX|4lT*FAnL{x2!8)v?|~)#)0GHDP)- zuDfc=>~!UHki*9JJX5^N@!9v!opUo>;B*?#tMyJ7H9tU*wJMFf;g z$5=&M|7v-c{fy14)P283k4}Wzfuo9oHe$-gP%BO-5&=mz=bZc7bEG93=hRxrR3Uz^ z;`xt9Me=Wt9E^*6gv%^dM8zFG0ZVn-T)G4h5dxojHJi31Jkt*?jh$io4lg;$`4jZy z#Yu_7M!n-p5Oi1?T8%bo=(`cmmH(F$xR4r`o8^NUq0EcWGdlg1yxxwz?u%#&n2ebXbsKH)C=0O}kwNKk~^aYf^g;hrBYD!Co zHRNR7-ygwQxLFA1P+z|IwrN)g&?h$3mib#&=6;5&VNd4TFeax$?a&3dRkJ34(MZYI zk&Ix%qm@Y;H7+GrHc>JO*hL7~XiCR3nKK^c7bK66Ql)3NJ_l+>b|i(zsirHSn-JW5 z$2+8s$S5e))tp!`sk^pG#4N(Xf^F+K+|}!afyaRJM49%Hi|4wMd}-u7+90^PDj67f zI+&2w6403xAmKW~T=oY?TN&L?Y z_}f4o5urbjsV48pThQDmTw5Ml6AUkgkl@+MsQ~>8MlhVuF);d94Fb}-@oJ;BaIlvgniOAem+RqTZTzec?l6yg$kiR-FU%! z(|DZTe4+cwbR0;@qQXYTIOje}Um{sGASRxzg>|^$S$3M~%$tQ&*TAR3n-$cd8tH5t z+EzMW&?7Bx z%@s#rN_l0pCj03|Wok0tv=u$c$iu^5JE^i^CH)Hr2a*RV48}mPNNWu6_-By1w~eGm zW%fX0)k7jZ)(V>!j==Mn6b~iD0Mukypk+&_x{GXr>7OYrc?RitTvk((m4lScpN-rv zn~ls1(wJ(Mh3#e@J;orQbCNB+6 z?=Vl95_RrwY@==6QP~83*K|~Au+hPEq-2Zhe!3R^HP5hObZ9n+je7G|CFt{v9U{NFgWmFwpZJYV*o_$q;hB0!1B2@CA%q^I;6vM8MTA6m3?-F(NK520JMEg z3oCXC6NcYTSM2DJa%thgmSRovHQhBW|E->@+UK)cz>Oy4PjJWSRQJihyWyQl`1%5l;Xm|%eVk{s zkDX!gpkYCgKLus;wX6?5Z&K%5C-6dLsD1xwo|lK6X(Fv=RRfVjR6bS~s_`eQdN&IE z1rSwO1k6YjH0ZU~jj%PU%rt>Q8UjC5y_iaWojmT8$Mcso@@%`IERxR{$} z?q$jea)k5hKRB$*d+brF89m}F3N@V%1y2jI=a*ErznUbec3w7lc?{|nLCFuGD)C(H z``d64L6CztP7}CuEi71l>YZ26r>>)&Fbl!@8*x-wqVN6cIQnbG{oehj7O9g?b*MC{ zk4@d$$Hvwhcwkodo8O1-trV@u*+uFRiTA$!$GbyDjGL07R~ORXyOsC%*Zvau66AsS z2e%h#(U-QnIN|p~ysmvPWbR|xTHE4GbAy^ha-O3@k^>jE*qV|UW-OIYVd1aJAjrA0 zvGKV@sP@^Ut(D`dBMa1XKi@|>paB;c5l;;njX%FQP?zxIGOls>Eo5|^$aR$ciL>-M zMh+VqD=xK5B3pH-Bvwp{ldzY}Yz`5}u3d01-HMljDOgR8xVbQbNM}0CSeqry6W_bq zfwa7*2;1d+h~(?wS6CBtB(>`;0Y&-}#p0{yC#I{53l_zT8qLbY>U~TZC6Mw$fPY=sMls9Cl6fBA zyd$E`v&|%#nHjvA5z?YmQBp=*LTM?G4pG{s(n^eI+xZOGfv3TSkF7TX#GgQRqXM@7 zc2uLFndT3RW=4`vLZvY=p@;`o5VB)^an(ktR1N*5%9fsh!9J=*5GM=@la7Nj7%w<2 zys8{xEd4qvNr5joMKoy>``g9^!REB~caT8&Bb(CCi}&+P&bu=ZKQ~sp!;dTQyh1jF z4nU}@Y@fki|(k#GEYh;J*li`Gff||54fLX6(%4~pWlc7y-qtglk|C2++ z9zq*%<2M~U#^ze1+X0Dn34GFC5JMimb@TD?&=PHwm3N;92WoFSc?G-nk2i}tQAWIs z)&(=};N~9+->YLG1N)*F!Y<4%&&3Hqu|12(U26^;i$1zZVN@pq>EX&z!cf(Rhs8wC zH;T&KybV?DmS&0!T2l!bT!^{i7?OK)$( za55laM&0?0;I3fi$WZ@@tr~`ANv=wXiBf_(!9ij$2t0DXq_=T%Wqm3IoV?t3o%>)55P%h z!#uf8>t0)L_U~~Yj)JIb%fo7M;tfC?HEu1jDfxr<=X}jAWr4^ih?&bT^lkeonf(2K zriqNyDs2CF?u?n1AIWeMQp}hxpJMe6r*C_zMXe)DM<$#^RZ{$-P0(-fh#I3};+kb1 zY_y$&twHE;amCv+9o$W7<-o>}+a$oRhOQO7qQfQAb4+OcKDTY36pG3|3-_rhG`_S|L1^Bq~<-5}-m@t~+k z{%8m_&+o2c&CnrK<#xA!!oYiAbJ}5NJV>Ym;JL$wmsj@ogvuN?!k-eQB?7l<2>Qc` z=6ATb*1a>FmFxcAFfrt`QZi)I3{FZeRjbzh@{vln%lyuwvk)Hl+}P6-H7Kj&cEtJH zck#hOF)!0KLXW%ShjC$Ya0EoXsydGP@{eGf0EV-(1w%G$E&^{vse7K}YabF9hT?VFTdT9uX(64v4P znV9T=&N@I@GaZsl2*UE1axiWo-_!4`RG3#9gB{$B)OXS=39p~p2PuAS{mOymAC)jp zBg~1Vc|^w&W2;P`lRaKpcCrN^|6b1Gljwt;HJu~gLmR98 z$p|rk;%P+u`p;#dC&jQc#fx=^i_Le?5Z>-PF z8q;lbGXf3}y%C-Yw_GNT)(GY`3geF&$3IL(>_Lrlgqf!>g>$M6s>gp{|T zD?wRwc7F*_vesN3{g;Xf<)cj5vxwl0MU_7lOl5s{3Bf%H^D>;9I$!aQ0|l-qrY|K`OmTytt3QLn>jj*g+|_&}paR@h}6 z8$0WZzdz`Y75&}#8@krcf)IX_0E6X3w90Bv8yc@dTws{pq2%B$ww@;hP7A=5)ouv9 zbzXyX9(9bs3tTTbsFP7Y0xv$5! ze>`EA*^opvAtWUu1^(jKTos-2wQ2mdL?W!Ms^QP2I{ey9u|mSKk>4cmqQ{5nTltf| zlu$aqrA9Im#!5x?*GR|w4QT$BG;n_x)fmBOb6&HuFI^peQ`Y36ct~EHILj!Mt5*cu1~ocHP;{a$e7>B=x$EL zr9CmMVU~A~Ybu3L_kuBB3g1%ytdPcG{Q6*xSawGh2z!iK z;*VP;6!^w3i$3*^^!zpKdJSn2{kXd7ez;AE>JVIVa%|bPDn$$nFJ_UY1+GpBn0=zK zHb7ZPpNQXx;J>(-b_WQ;aB4l4-%bMTtlF?!n8x*IB(ZPX*oWEmH6mJcxQ5ZKWj1++ ziQtBklN{1iwh>FM`U$2ZlXhZcIgtoi^7Oq23Q8MXDclD$LGEi#}w(M^!eR4y9)60Tm z=*50?NekY9{6B*$K1O77wy&8zmYq%~_SMOvwM~Q1g8B~?Ibv>m z{B35nu49>_lym+aQ?`ICNfh=RL@JRkjbzngxcOx%ZfLo<;9TLEElx6rv6dPq2OcS0 zr!F!yydE1*v7lCb3t=9J(MX+}DO-iMqcBhzE}OB^J2Mkgk)PjPUve<@FI z{}N7Mq+0hoDQD#Z#DDx?;bNtQ>Sn&lSvQ?{H9gl<_Hc3QG|H1T^AiK0sDCtwfXb`! zKWzPVP}^U$hYM4nxVsm3cP$RZHE3}NTC}*kwK&DCc<`dZ-HI12?i4Lh9NPQM@0>I5 zym#&le_#`aB(wJ3pS9QX2()^Q^sV=AP=*MN+kgM!sITYkqjKNeWW%S0ERp6*f9CP- zB0*k+E0&yUVc*x?{E( zO!P)RdaQCB9Zob`MV||i$)zf6M=aSEQdEOjkcz-mOLAH90Viy|nA$__ovw*bj;ohP z-VI~+5!w);%M}3eFF&r5-hK5I{X?doyiBoVkoF@QGTc5 zpzL|pSHa0hNHgC?;(lT#O49V)5cI}+GA)nW?dag1w0-IOYwCqj8b{G9;xJ;aM{wRm zn^KyV|6U2bA(B5*ghfTdB-TJ~K7d(t&l2n^Pg^4w zzh(Od+Dd#i!*$FR*l@{~;Gy$+22}{Cn=!w!D%lohx?g50F7fDeH_JJtLXa*e;TD`d zvLZQ)Qs0dr6aMfpS|>4#@pjDpZQrC(;s8(56FrG|%UMbD??1FUEK9!}AA9Soc&(pS zYfpw-=eD~sR0foVske-Q4Y6D6N3k*EHBck$`|@||z{!e_rV;8_P-;`hoxZK~n1{PWR~md4Q9x3O)l z^OW4DKY@48yPGC$K5hc+;*?poI-b)I`FLK^2x-m6ukvHeJmrtEIG-x4xrY5a%7F;A z%&=hHgGVE9>4uW4aX-a_>Po6sF7}-ulA!5|4l|)FLNCI|le_y;g;T}*)g(L{TnkG& zFkaapJN>Q=TVPvdgnH4-ma)DjWR60<>2q*zmE&JatD73Vs)2!lAxr5&6Xl$r2WOn6 z22*e}%@Td*r3UG$w{YRHCz3L!h)N|BN(ORU@0De-R3}N{vO-WkHz}(2pVlrk&aaxn z&2;LnLy#*P@u|(37%kr{xP4yWSW_e?($QLy(kKq^PshY4bPucg#3n#$hyxNV*F8JU zPldC_GQsYUGphgDMBV8((~I!<*{-7^J4u5%;f8bem{m*}kKNiaoq`tCA^AKPWjCeb zh6j*ReHB!;4qxf*Y_Y1z)MvxOk#1mRrocm21!)&##i;NQ*Ci#=5OX-NSDrA~_VPt@ zw>lQ;B+TS73S~On;`MGDcyQD9k&BE=Fwle%6E^NK*7D7ss870d{hHXw_2=v=w3=wg znxFL3kU{nbcs3MHZ%_C$f)>Nu46H18p&i)_;AT$&3^)&b^;C+{3CADr+GI7K#BB7J<|c%;c5(JBVkDJl04#L)ZEJaK`t}ARv?8y!kx%vzoF2 zXKr2GbI;OOYcbM$2Yn&lKtnB)SuMIYM020Zv1jF=&*DhqA>aWF)Tr_F$T>7Q(d<5W2^h%rCuQTKf*N(W`TH!h?0f zLv_}0@`PSlo#GGW}Q9vA#t1bM{Dayy9el$h$(43)qQ3pyY$d70etO`y>0D#gd_tWdYh@nY<^0n=GJOH`&%_g_aA#eClbSU4Vb_OI1j zyz7NFS3}=-y8ArXHOwednV6E2$hiN$Pe=dvLievN*x}-JYhKjqnb~z%UEo;!MeuLB zVMTlOK@&-QtI5|g%%;mn&%4C`rhzdjH(!!(JRh5lPR|R_@N&s>JEiOmY!*_k=ZIYe z36Go>YpmbeDy;`#!yg|G=QTQx$%*G&V651NSGHGG5@iZ$*<{*-vOi?v|LPw*7S4lgAS7Eb`+^r=c6=NJ5lV&L>9biardae>bi$D?rIe1_D z9_sGnQvspfGmy;(d9JLzH<8Uu9VN#AJKKa*LhZMY0-E{}4BVwYPpl}}A!1^Y#y)-Fx93=kO-R(T=i7sa1cQi^6ZPgC^H{V~3zPB7JL6%U*To1lG4sWrXUE%dF@P zpC5mK;(X^_Y%OhF3Ac#AwcvtERu283dQDYKIF8ai?Kq=ZZ8TiNRYx7nJ*y{OIn_X! zBtl(-;r^NQEldq}q>>W_1Dmy;4PA>^7Pk@S(uyi=N{BK;S<8Oa6Igx?>OeZ^^2&pl zR()rpl;D6q7e#meOVt85d#u3Cd)?SLdcFEe1(UGFSU2T8^^L`C=GVcW(%aN~peQ&} zq8Xj5KQL`?^MkJiraLTps%s4z429_G-??zUV9>_4ot~e&X)od3Hh>jSYMfHjVwf}L zP;uoa!IRelwXQ;cJtt0}JqMsQT!)uPb1 z?=nsP${Hm5F49@+_(5U7I|rT{8ZJEKiDN@aBfK^Ta=f2U@cvq)E=R@f`+-IQM`H1J zjJSTSJ1U0 z6X(`g9=iF>VmwOn&6pG9uiv2L=57-*F>=3KXs%=~c3^46g`C<^M|po%2uIli8TO7y zO5T#Vdfwn7_b#mZq`l5e!>y@95Ur$>(B5O?5N5{@i=EQ)!cj-6!K;PuUC_y8PH~q% z8lVkzGKoE`G3w3JVd6s;bLT9Bkb(OqEwkQD>IQ-^&ef+Pd-ph^#Z=W&OVaR$NHupv z+eZ~Q{>*pqe>BlB*WrM$i|0%eW?v_XlImUOFRPG9lnjnVObjVmKJY*_iM;xV;5LBl zM%U@p*8jV%0Q;HltKv2&-MvStTgJQz=8zM~xUxVMBs`X3k6iJj=XdTW^x23CSrRib z_1(;o4*_-u#bNsd{S?w`mCS$cBUyY9q{!|#*WTzT)6B-I{q`IbFU!c@nbdJ!;gQ|3 zV&Bk0_j^QTlq;yh&08`XK+V`pMcBu8-|%D3o;v#&0Iw|aOWUcqg>~!mH*t7Y@vtAC zXv}=>8{?<*FV-bicdlkUR)UN`mvjf?(+V?`Zj9flH0uG~uCO60eb?`tI%)_q?3J`0(4 zbTs~$1Yeslq@>}&O{y?PK`RAbSrDCP8gkfukS_U%l}$2agmG?q^iHo?(^9EY-ymhM zUwfs!7~}U(y+zsi#>pw3?0e={5>w{vOKEtxfIz-huWHDWXHUGj(Db`nPR@{^fX)Zj zA5s-%?E{z$vo|ntED+6PbIK+7FuY2q(d6LWm}xX+2zpA;K8{(LAe%dv4(F6#Nj|7l ziIt}?osgjrc2iT3xSL~$25ug`Dobdq8!?$(_UB=?xyx)J%PuqW78#{}8 z?lxcNW!d!7qbgBN=wK_&yJcU@)aRCVFFQ0CO+9s|ePb=H$gmKx?Qp*Ps656_=V_&m zpKL(#Ls#kS(C*Of$eAx*?|SaDB^ef+kHh3!r3-Q;s?V?1ocBH%JY(!s;4wQ7vGd^L zmqRMeN1ERBw}>xiq(@8*p0>|k6;|+iNagF&XsaHYXs6K2IU%-|u zD~`eUb#7H7u+yxsIXMe96)~b}_a{LZHckdIL^SjRwnY8w4p;Os+hg;$$Ss zK>oyciSZ{lz?z*lLDNC~MADqt=1Cbk)~LqsG8jCG8gxoy@pug`G9b(nig%BmO}-l> zj3IIIoEbUHs?gbXm^pPu;$za&B{5@VRn=1@!~uVmLzIzT4rl{q^W*nAbJ7xJ(@p?= zl;ep+y_GzuJ2Vbi0`3N*;zU_UrF|1BYA>Up^ zRnD0THrVYx$(Sv6+dz%^oTfssvsrGxCPr!gKqC?^E^Aa z{I{1lq6a*%gLi<96x&-*heO|j&VNVi|Mr8Q-$>rCznos3wVFN6Wo$hETld(wf3%^J zyKnC@#;#+JmRF+X)9Z)(uHb7=Y&%bhb#2nKJwL@cmT%hj?Y$9+8Td^u3$eFtTRT^D zK;(VMEcW+MwJ$2|hxyUo2TdKTU0aUMewSy{JqLd_Hl*=H;Nz@XjQX2M`gF%K4YV^p zwFy%=sZZcoz#&=5pyiC`##Wq&S?X~dUS6N@^zK;s)zX-33&kLj_h}2<1=C`NEdn_lW2Mt zrEgzfE3;4R02jbIJ@P0St;bYRXZ5f@crpD@EgDA;YhD<2#jVeX3-zzBWTr2)I4^}8 zj?EHS9ZzR)X-k`(5> zKHEwdkS1vKdv7x{BU^##6E z;8hUZGMiJ=;xp%dD&;-J^%S9nD=zvt)8EgRRcgqjG|wv)xYfSQ$fE-(n^LD{ zBKrEyZqmGEPr(aQ#ef(bj+42J0v601X~0(I*M3;w)xpD2B{7Ewof;R16(viK9Alz6 zaB5$G_{k&CNEPxeu+$qxbIl#zJF3N4pf%H@JPOA|(Eog2&An#$$`((@gM*V2RQEz=p9ez1IGiJ>EpjJA6l3~V1kj?tbyU3M@LOD_Nch-W4gdm>W7H3!=+TObpolvE&f7j|U~d&6yNUhIa7rG=zW$ zRdEm_>Q<7nhGN}kX>6Mg3t+|2jJw6yhJ3Y6IRI8xp&o~C0keQaA8<|0zxxos;C?V? z<4;*#OP|Q%rP+O?*?msWLk@P}k?i!5+U7NYcYZl@35Ed~WF`N|NQEuP2iruo{{yPF1XRIzXP z(F4bHE{UCbVFbE=01j@$!{X-crF{1%!O{P{0~eq0$(5@F9;3{VBd10g7y~ymbZ;IL zi@k9k=II-#ilf?XE8?n!n*uC^%HAG47PGwqmt} z8g)4@cAdG-C3uFX=xyrc9?av0%USx#^~UF)< zth(phy7l$de*pJ?mGk|*U0)Wcuaqr%DYyG_@i0#`c$?N7N%dsa;lTO#wn(2;xU!jjm zz^TCPO;i!VRhk^0H?8=q{?&RoDVwv0cS}|62YuQ$L>l(ZWD|jlu_#s!>=Ic=NfZp; zU+D2Rngp{hF*m$oBvnAEwP>wSKs8V36U?4DKTOX!X(FqWktIE2-xuk>Y@frr#jcy@ zAwkkff%pzS869_E3sN+3EG<=f>?e-*6s9-osK=S@QUmf|f$TX@SGBYd2!IG~4+suu=PrO&;1oQm zMxwJ547gCLNY1d=^X!TzN(>XCbX@lZHE!1*9W5AD)LMQr<*$KJWdFzjHuor`i!nJF;4o$U0W=*knxaqWW8S49PYu zyzq>5dMD*SR1iaxvPG@F7IP1tWt9>Zx7#&sRz+R_-$M=w$TD=ue=^ZF%qOD4FQt$x zdT`c$)W#k2H8B~?jj?h6l#qZ_yi@~9K5VJjPU`IsXF1`B_Fb^gCm`0^f#b z@5Z_sR5v{-Gb%7^R!3c~7;zAv{~S)9!%AGUyGD?XP)2Yk?43&@j~>0wnVd?>gCb+q zPL;@y=5nDOM;1kMNOM?pG$FbT>8E^uffnKKDNtv+J4KO|nvfnG$tY0&4Od|JW&N|ARTOTT5TxWT>IRs*~XtHz)SV zrXYhA>H5MXmt6pX+ubFU`F=r-h-v{(Y;KghTAAfswbmL*$DOb>e|xJ|rQ7zstboJ2pEz%NLlj)OjEP2ish} zz%(y_ekShzH%v}*@eG*I_5nMK%gdsRL>J%F>Br+N$5oG#m+5AU0KwI3!X)dmfg9^~ zzLzNvU*y2bojw0++u;97R*bO|_K*K|ocG`2(+4IR?X`?6v7puqrw8fyh~@*Ih|a>R z{)!K$$@ybA3@vc~tQsbekoc7^7Ri^`H<{YN{q6G7r(8wK+b^`*Cx?Kh}{k20F+ z-uiKX`Jb3fi%!+9J#ymupXI>BKxefGFEkU4q1y6wiU$P>ehxHVo{sc=OH%glSl0=n z6Nr*f~gRX;wCI&3k{`mzJsI!O6w@j-V0a`+~axb9!8@2-%^>Z*wqj zpH^q}m5dU~RIKQ)*!Sz82GRE%UlQL2U0w~TWSIG^Uf*G3soEP<8{qZzemfWzKzT#h zUj4Vo6%aXzNr&^wQ(JJU%k0EPs%6nD;d$fmUB)0La?P^6Pm9pOLs0I_b&mRWVj0PZ z%rS{43^!_FP^0&Kc0Dz#qZU6oihrK;H5}Nbroc&5k3)7!?p+=nH4ZW_dd()#X6{?p zg3tKil`(NnO~i;*w=qubaw_>LzZoq?%-;zEabTvuaM^%flRq=(D=V(hG)M@6T|9Pm zy^3C>Xxu?%9^Q4qi4YtD{|9q4jXqTPIf)0YQ!MLOJz12+sO+Nl)`#$p;*B+hp`)lX zJ;dmkh}X_d4Zk41d<*PavDvB<6G@-15(KMMLEPC2&*`im(cGhGKJl-2anf6GL9{q= zgx`ngBO&hC4x>(VvZ{FCd`|*sU#v%Koe|}{9-H0}s{9dlc;iE~POUUNwm)O!%exDM!|*%;0nWIxT0V4X8)8nn#oXV&|R8|TXK=xeJ+*Jh7Td+15IS- zkLAY!zQ zNa^oDRxo0TwmSFOFh;!Y72L?6n+Jw#7&QGW_`nsly(9HwWqH=LKlofns9^H3J0lIx z!x9d4_<-m^e6hN|B2rX={%`#vBV(NPT=l2zbNTqFJMpDdKHc&1gMEf7=tu+p01(f# z-d_l|T<%$-!@2BM@c`VEpj{a63%{o^f6*pbM1f@=Xq5TgRGGcZWpw``?V3$|SxyY} zojlFx)X{LWm&j_7P-NT}X%@`izZJhJy=Tyn{;}=HyPg$v2o=1Uj`SfC{HxPBO6(S2 z&bIITKW&5jW`hbs4nq~rY*3>;4>s4pZ_FB1x^h>=mw+V^q$4W6MM_EW*c2-NBIvKz z&>$U=uB)*(>OU{lD+hkm?N4mb|=zj&JH@)dYzd60nDkZSbL?BCS@cCP<@`oGoIfL)=^(>@K! z`X^%vckS!|l0x<|_9UJHtK^Y>_#7df>YF0A^V` zYdig~*shb5QB@Td8*UUWp|q>z$bsVh7ky63uC2({JQ3legAQ4i^C3!b?fIU0t#hJl zM3tpxE&H;MlX@ttNJJ(I&6Mi9z>DFj)AZUw!uBdG==^-3T8vH#r;=Oo4#qMHM$6sO zVEXwfW*^$dF?Y2)m0XMt6D^C9a@cXYBZ~3FxFLJ7^m)YD86?{SObZrP5$23?a<&;v zP6f3PR#OK^Nx;#(;^E62tGwsdWC?)lJ z?*`w>|Iqw=h2`!I&lAn;W{4QhtyS0UYhL7)*TCJf6vK_&yxukDvZ>*>8lT!VR zbr`eKKib6zUc^JImL3D|$mLGhL&qIZ2W4kLoa4M`sG4vK^n=w@@d@)yMtewEjl8)m z=CTM8QhQ?phQE}s4}Q&`KmQ2=nn9~sv!6gHv9qX57P!2rR*~oj3UZYyES|E0Y|iQ? z$NdWn6B$+e?hQ>rQ?XX83MK~L*hE&Y8ta51kVeoW`YLsAV?pCK4|p5L80zBiEnU4F&+Ds%8BHJixa960nE&R?3Dc?LL6 z)s;{tu!z-@ohLudyt_Nq^h|nn*%RYAK%sKl@Db7=rn_!}@KIL>{MCqe>x6*>so7P^ zqT<&uTVux7`?Ig%fu_?ax5>MXbao=!f7K7I&y>m8w|}khN*Ij1nOOf6rA<_20Uf9Q znddEjAs-Xg@WwcW`H@cGht~ezMU(fG(^kq`5e`V`XxsuMHz*P0AvG#1)%I)}-fTG9 z6H3}M-yCzw6{eDlhw0jCH{y^wa#R#i6n)!rmag#RZC*VIqk)QiQzQ}|^qj;?d&wGB zgdi&pu_O1Wf!(&>V*mC%;`a6xz1}IqY^iH=Dc(o^jpmM$s{5Ct;sRw@u0IzqK0qUP18$d_xPGs@z z-bvn6YP`$?AN$`kTsqELkg0skA0Jj4ZFhs`Z5vkr@#{g3OZUTaSM6gS>;`^a@XJZ? zo??*o+k&25%8UDWfS3^;9-gX}J^bcn_RY&FK)!;Zrr_^?M@t3(?!V5<&n}&Z`TqYg zpo*fY9=G58-EQr^seuEIv_b$=>7wJ|Am;)I5ydV#uYu$A6I`yC_xb5cqrbmDOj`?> zXgUjo{khH+k1Nc!TvFrkngZ#l)rn6`0uUDzgrlz z3-+MEM$?s|mrcKR4bUGQP8ak5%*E+Eu{(eZIRbm2QnSa>f+uLfQ&rDnmDxkOnTV+9 zE9=^S({W6hE2(VTs8KdQE15(n&0J^RZq7X(s=qXSD5ygpVcaiRjcl}?hA9Gr zCLK+$VZg2b;O($OHh^UhSO5fmFx6o^)o>NocVeEF5wA5##|BErX<*2=E*LNv{@mQ` z0aP8E|Nh=-+zb>H>J)GhQgr-;(Z@70c7RtZ)Sk-c%+bsr;1QcNCu@N7a&sfGgMNog zUh_$MYzE!|sjACU?Zsm)aP!v_@bxakq5^#Y^ug27#17-EW=74~ zDbpkl&M~tzeKlt({Pl@YER9zQ^i?i}Rc(~GAd(SjCM|~SnxP?9?Gt^F{RGn%u@;UP zRULG4#eY&HIC!G@Zsl&x|IM8Q^|oT3p|0Cz_Y*LG>)>6(GeS~c5cK%pn{EsH@7Cg7 zf>75lH5dWEJAKwa=2gHEi|Yub_n+X7bW`EM6tQ^22}`0zpWb2RDK+QgvM~tRNS5kb zhR|761(E@>pk zV$aSPl2dxQP7gUaQ0MPy+ogf7cwYwxZa$dhKkkhb+%7Aw`#rVZZ8kKuxtGXZceedOPX(4?PkWYa}75%u#-^ zH5~!!!=ra#Mm$=qt<=ei-zMvn?C+;)n@3HM%)f*YuhM3(Q8^GpwH9)7rcR+`dUC*I z+?Z;3-$(>eBX#`sqYM$oeRp9G)E>gxw+(hywSJqdfjy?}u&*M3AsgDSh<@?`OSfgA zj#KUz+#be3b`~B)s%R~oPc@W2)6gA72hTaA-zEB$`YY^?4&y3QGAki40WyJB<0#;GBkx%%6X+y5(OL`xSDFDemrIK%%<$eoGA0l)YumA+A_*zJjTM!BsXo zShf3j9{5Ca&BnI7u+U!1;qjyCcu|mw@4GpDrSgo_uyoC0rvtbW{wub|&kA}S*@KA| z;WQI;4>4k7^kROp8N1$e>R4<%JQa+MSS&tb)Sa)EDpU_>xh4qso;!_fb!<`Pl zs+e7Iy-7Ke$xiYR9HSv>4J7E}^7xg;$6Sf$ke`O-b?d}9r(Q~gIFCQ~&doUDj7how&U@`KJ=#90;t{?BEjju@NxX;67H5|!yrtAo0i9@ip0@s?F>cAOyx z3aK)}aP^2#4>h7*V6HhNy7#g+tN`Ls3*M-hZ4Q(T(6UVV+c_J{yb`^^6;%9`4;|fd zE!v@zliLUVgMH7p-%gu01*JXiQWQeIif=Z9Fj~|}^B0AM36w$vgCjF{zZdO|X)UR2 zJe3%B@TY@-zQgSMn#do!@r9Brjadu(-L=UT!7qMC%9u<;; z!~1i4PMecm2)DHNZK(1XeTb9$?E+l2!}w97ie7cW}6xxB1P?e$H#=8X?2Dli0!c1LS&F zR3l?iUB3Z4z0L)|;iLix&|K{7z~9jU0l2HjGXO;8bFFK$_VSv`r>~gmrs6+|FpTIK z0K7ms4z-m_E3Oe5>#&_i^T{J7`5DgVwM5yEN8kpFn-<|^L8rKy>VL+Df(6&PhcJV# zWA*{;wetYDmcWc6Tk>s3de<)O$r#za)Kj=1(vP}{1XAsqKm9a*GKUZZzZ^F} zY%tN(M3NI^r*Ew#)J5%O1lQ!S+OZ{WZ?ZZH%0I?-z}I8VpZ<7ylTUpM-o;@#GOlP0aIt3+11{p`Az21y5dZjOig8dlFr1#nYWj?TLe zUrB@B)XZBUbwB>=7BaXWFIE@XPSepaG=v87Q%p{CP%Za7*IaBsJKGTj>kk$5uOTxK zYLR27s@=|G>SWzg3kWMM2CGC{JEAb2ToP*vqEbFbT{WkWq3pdEzfgfNE=D>AD^(0v zP4(K}npJP7O+le*gNW25l+5|b#`Y&_1~|k^)Y;F{1Z`h%DK_RV`c-)}$=$4Q#CzEe zG}|HuUt>Lum@CVZ&KrFps@o(IvSbZMqjXr{S4%}OPChw?9qdVJuHLP{(Ja z&sI2T*IP)_j*b=)Q3~B?vm0z_L-O^m*eLT8uF2DhbXp$o>yTYgiceujMcJbO_D79| zg0{4E5vp5cYXWpGeKL1j4!-e5ns6j~R}7g-GEF&K=6I+Z#U*hJ$tY3|U(~`Ih(8oM zsF^J78Z~;A7&j(JL5FMkw#XdB(9UbM7(8B;>fOK%SucMU*B08Eq7W_a))JhExax4O z#K5c15g`eoN3BSZxfadpaCBZ*i63J#H1_b6Y-@7g>Ya17&=ksUv`Cs+H;cU@vb@ zyum5BK0H}-=VP!gbAIIEo9QVuSZ84>^xa@+`jSZ%xY3I zdeLw*VodjrDce|$^5PbuE!tRKb`1YApERBMP!~D1LEHb6^@RwFdoApA zq}-;dy*L21X&1K!ELWcd1%1s=3XgyOlRaNm`_$Hq;~mChm~Pqa zmeOxmmXa-{ci`k27yEslLkftRP#9@&qI)~DkP|f2xnFI(d>YRzer*d?tn4oOHj-rzB*M{gpdC23uE>+_n{@8P={z%I-%1K7$iU?8j=TJTs|pv(dT zLbeM{wi%keIe((MG(Q;uNXd5>n?P1|V+LFKgi^aq{%Pl^UDu>7njs4o4>{T7ItgY@ zi(gN`nh!9&JwSG^gn<@;N0$6Edck@P3;%#4rOW2u+g8N~4WE8|TDQIK?3QR#@>XF# zY&I;dE?MlB{r&wLwTASY;CMn33?w)R#1Do*ZX1y}hhd5VXFwXqIpz6ZV1W-hDZZmx z^@@*#9Y`{V*r@^4DuY1|BMQ)Ll4vJJZ7YX=-KLA z5Pu$>Jr;W2afWJp3tJ|4pGo&iZ19O^mT=POjj{9NG#_+$ue0!G7l_TwPeRU(p(p+# z9HlSC7XcTyFHh$ckW21*ByuXxKMfr%lB&0pXRA-^>80sh|DKjydalLl`AI$<9Jcac zf<~V1fI^*6Wx-oD38x(1XJ>$U@>Bmf{Fq4C0EC$-$C2Z!Oc-Ap7c1T%99dwuzGt*< zn38R)BaAD~X6yFD4>VGrJrqfd3@SZ77s>n*^7>1n-fIy%Cv|7->}4?-{i5)1VUrx4 z*s{gE7$NZ`eEzOMvWv#>QoPt-^|5z0KL$V?Qaz?V`-^>ACHO>*nr$3Ci3qWGwZA0P z0b#z{c4dZ6Pk%$xMx5|yQ&wS3;%_mTe{6-4)e1P5*v;vkI~6+ION z7vBcX#GhMw%VVI=Rg(wG4Y$~?-anX|qtHw`flYjLj)jqTN{3B>%eVp` zU^4ySv}4Z@(*6F52oI{MMa-qskZGBr+^RDmwsNC4vErXUY2r+DcZ=Kf&#=|o(@OHb z@2pDh4tLZdJ3?WA6@*$i$R3f@2*%0WBCuoZN9hDr-d&k(cj5U?zzcwyXC@irpDCF; z?XMgb+wCVT(z($?*%+~p+&*02inQ4@CQycsd%o_=Ga|O(vNF`P`%ZLw5i2i{Biqa` z=;0H>7c;^B?2xyJQlL7F>gj>-p+97>8(-L4x05{X$8GOAD}9(O{TwdJr>XO-pSnGQ zTBBQPQ&qc{bK~Qo3)#L$@x>3bF(t~N^ks`UJwvl13o4w>U1w5$E|E7IZ;0|18Vs8( zldYI=-bcg}%C#{QGljWQb2>J+?);QjmIxZ+_TbG6T%NWhGL9vM6OTv!5CD`GME&|2P>Ue`ZmtWg!G?3%r^1E4+^%9*DPQX6 z5g0s!p08mLT!4hz`eF62H zeRZ*vJmd2JSB``HA~QPo7+^O`YM}?&@m$?LzzPFXrC$W{ZCIJTS$v}E1IqA^{M)7x z;8u%muG=sahywvx*4tl78b6ieKL}33w#XEE_R$@PAKbWMyZ2`xqjWu~X??rTqOr0w zN}LRX*2Afb{wirp(G~?{hZh6(9qG+(Kq2im0tr$$nY|qAF9{6+9bz-*(!bH5(4(DI z=Z-TLK=Ma)mq16=mD7B-O~m`Z8PE)($5*{K0#m+~gm+G7mz`p$c`^=Se+W)y))uK+ znNMg(IU`jSYWCRF2p70I-%vV>md164%AdFQ9RFS6@fZDRFa@ph^6oan`X~>Nd7Ns4 z0LRH*ON4-w~umClc zH1#)FDSS6NFaAl8hpTx1TG*|geDu?rfgOq^H~FwX_J--|-)(cm0S8mi!oFC~zO~AC z??XSE)ivgaPQh>7-t!HLdG4nJ8gDPB2%TVMR<> zH&{(#DlKw(e%MOmG(3*21eBV73ihN`rgf#qwWxPpJmMA9OX3luOGb-_J6Or1PA8a1 zmqO$d*o|B6zxl#U(uIL6olBBrc`}hgq6%?1EuzZRwq%UP<>SF^UG5S2mKw%e$T^7P z=CSmCtPn4$szZhCBf5vaeyf8p{3v>Z-r5X5)X;vkw|~A}xV_4j78#YKzh8#3xXb22 zhi%4TSUomE3XLeKFEg(qvj|CWRzyIwA&Yh+S1H0>(5{Rfrwu7jg@WjhAl&Pp4SHk5 z=F}ts+J%C|+iBVmRu7PlZM`mt?Ks~21>)8=8)X@qeNas{P%t@z<;zIxHRsfj35+MO z$F0wgV)UQ=+<8^vfk#3RVlGU95~w7pFMM=<9VGV- z2d|3*sdfrH9@>c7(C`jErdl`}Yl}5MHZyGy1#{x)yi0}Da`1CbqZnCOy@0dB7Yu89 zCCdCPitH*#c2%1fi4!%#p|!(aevAQM5$>3xOO6@EW&aGDky^!I)gFr$89iy4oZQ~{ z7ClRBZ{9m8EIjycPzHOcY=MTUSnw@~K|rq%K3QOFWEFV;mz>{LKZd&q?a6`&>02dV z=vZFv`Y5&P#2&bezWR%fWf!H$7 z_PYBei&r>AyKs=&`*qtIx~B4}rhrbQZ~1F&xq@P8l&Q$q8&4Y+#t=c6#XeEZ>`{9 zD?yx_{f| zqSzm}A&`SvgX{#$n_vPE*u_GaOXTVHObmGRa~nP?XR}Q!igWXvI4Bef2um9OI}qH| zdP@L*6h{9JIY4xuDF8^$avP7ebYxmv;qe~pMQZ#$F#5+ocil&%F?^;s&bkbP0x%^n3wJ3LZ zTN*9?+Ws#19Byk;c>GAqz1-Vb8eWRf5apkY<*XJ4#ThN} zNA&x)kmqi{+2sRif!jJpw1}{0*a^t$YzX(idqbV{4)4q0*Ej{or2g6YG<$B<)hwbM zqZ}}3h0LV#+98!(s0{V#E+M=w zR94*s<9K;s5gLZ#(7g*$fJ3g~BhXeuUrIv>Y$xYyMe3917x*J#h$u&o;;Va@Zhm@hiHSeSX7~fB#r$=%f$(P$Elz0_v67@{>_%6;xv7H@?eFw^E6Kzp#ok_M2QiTe_i3iVxQDXiYXhruO&ldi zj8aL+Q%VZ6JLk`D8?0ljPshrEzqjzL2La(c2l)j0=Oooe5d+8;qpfEvl9X~Kgf%72 zx=Pq=+9D0LY{0^u#tM7KX-H0$<*0{Yw}kN7Q<%rs(V2pAV7qw&|IxN7 z-i{A|lUx@Uw{T2g``&VIAa2vgm4cA@Q&ob0Ud&Vy*NFV*6{5Fh$305C z&e%5d!8X;;?`!Ts+fsr{)tv9}p8vG`G1UXbWO*bNe3(oylk&Uz{E@99ybfB8p8P!- z&0aWWbIRN*bMR5I_Fw{q#RiuYD@wsP*R$DFqAkq}!$9#<-1qVRK~35+h_)VFLq!vF zov+42F}wRqV$ru2H>u~dW6+lXrZjtLTK1wCEHpFYHbcOx279iJcFlnJokNy9mM(B;MH?h z?N@{Sx*(QP2Tf4_e&Z0T_TG5S508Y$kA_}0%@-`AX$_!nsZz^F=xBLg+gisNl7kNI z%DGA7Dr6csw{K6d?v|i)?BL77|1F$|$tPcooqhZ9^Xt=}!u>qIbF`}BZplR40|z%M0;#r;g<}X6Rh6T8y=(a z+lF=CH(r3e9?(w&4gvQkD>VY+Vp`^G067qA$bVBjmw-pN9ChySao zeeDS&l+sTWD@R=!kraAd{})b-S~%x*xOlUY<2ro7&qX&Y`OFb1DzV ztsr)_uj>SawxoDh{WqN@6?*Pw;MgW+Q{0Ahy_5W$2amnT0u<-*;X8;Z|y;MY1(&0uMtcgS=YR(dBOzc)EyiKi(2hP zgtGbiyDWvPOW^0pP`J(w#GMa!28a&4YH9_&FE)F$gFP3pPS?GokK=Oc60T9E;$MP z6e*Mf#R>#>cP$RZwZ)~lYjAg`6mM}0PJt3!TXZh(djD%?&6+iQ$_Fer$vNllXYc*H zaqP?v@bLKK=M~sF-99vVl5e;!@P;oOBQX;#(Y*(gP@daMDncRe%Qqz_;$<0v4 zzQu}vlgi!phe0OIS<6Sa@!ZLY3`E8;{)E0JMVizwd@F5&G+dP2rP93!N{+&aBZr|B zS!k2f9syN%fa&6Zi~LlnNgZn9?S!1IveYJ~P33&|0#zTK0=y(!R5!}tG^{G8P$ob3 zxB~^O!RtKQz#|_bxOu|Lq+sbmlt}!y7S^E>3XyV>RVh9>TrV$8k#C!(j1{4(dh@kAR1d8FzMPziiv z+k7Q9xLJp^-*+E1qO%#N7={+AiG@7xGDRq*+)-$eQ5`IFb~F{lBNIji?`e8MD3&g= zAV-gmD&8VV_}ZV#SYrAe9ifx~;)cwA2T-&k|A)nT1~fb`tq4Iiw*|LihCs3`(a-%C zv)%C?f=J<~xVZgsJsJKKYFwOVhKEZ*@e}X!=+D8p9L5-qx1;aFK3>Tr>M^TleN`nE zd>ctbvb(m{Rh$n7t{ONMIds}ZSV;kDT8bHk8jSmPmbetbRQzkwfmHz6HhxyY1>X*#eLq>Rau_P0NOV|;eFxbK_EA$8#IeQMPXGm_w_V> zFT*;(H-y&rLcDuH$W=8?9X=mxorru&#b%EK3^2}t_p1O~XVvuw)h%%1W#a6(e^DHO z(cc5Wp<@i1w)q4sq%Xj|Nbrd18aL4ko{#!G>U|gB^a76M z?7mXxy9ZoG?gtln*HzXPhb$83(G?dofa3i!_SFWM+_q&op1@xK{RJ>U?&sf0dSQmA zhbPN*)~A(LlG`=Q4mNKRc3wbzFDc3w|Bkky$9%W*@F3L(!`5GmJRkRe$+WXjAF(XJB6It`J+*@^@0hrn|K!%_A12|!Rr)s|t z?*ebE13dwho>R&A=Yz=42QPop-uV7MTF>8|c$B)Prlz_&?rZ3Y2ljL-Mb8EC;;_t+ zmgv=beA8s+whOE`72UvN9t;rDrT|wB4z=!ocLaw8j7aMJ7r7cZY@?VEhRAXAEy(>O zsOi*v+SrQA%5TZB-z+W%Y5&UofXt6ip0&m*s3)+;n$XN%>`tFeN!!9T-CI8>aL-g* z0o7ZgBTV0U)up<6EHmB&Y^!JAZ3$HSYo_51b)H!a13J)eE2rUz=x7|PdpsjuNGQfz zo~Yz0XMP2^bTf2&5Pdv`bJ3qaDeC!sWVyp@0BV*AmpXovvuS9`aUH8qj!uCMw=6kXROmsimjHnlB z=a7YDz5{Q1Q&ZFXfq@p+#*ShX0VTq%c<&*GxX&ZgA3lt;qojEqEqUG=dcD~_$f;zn ztgQTSdHF>a5Mx~oJGn7L(CkY~1&P$Rkpi#b&eY9_mR3#g4`;Pf?AMy_i`E+!cJz{P@ydqs zhmzj432ZRU5;l}0o$%=)AcyJHcvaomlzX4|b=(n@8D|8k0_SpYvu$SSXz=q5?^|*2 zBf1dkuWhg9CxY{zMT8x`VI-)5;fp(JvV5~GoIX1VQxKEoA*-Z$z323w4+v9V)cxpvPRO;jw$|&^fZkDZQN1~;`wrKgiMQ% z_YkeHN^`sVuMjzjo9PBIBHc){}lrClCvEMAVo48zl3Ld}UIG0;ZIFRC_)VQ#l| z6#If2g`1m+c&5iTtbS@AR!)AObBE7+TFp_aL8@C zHo5xtEGH)tj|Ea&3X3PX-EV5vN~ar(usHu%sB(!A%OWB)GYLo8CfM*-4co=q{T4ip zE??;p)+5DE7lZJJiR{khggzPfxW^>GzqguLxeA5X`@x<_h8m}-9iqOZ-rOXV!;$MiO`bi8i1^jxoci0V%_N~K`osn$>=#d@A zQJx&?AHQ+^J>M0J328cd_aPs2gYAVMeHte{Gcm!M!eYQmYo}A}5Cq-H;+BQ)(A}Xr zQK4Nvs;qcS=jiLzS6X@{#vCEG6y-iXWKECd*%=&`-Fe&eB3S4;@VxkEsGI2M0jCKI zXZvmv4bT=Xyq9jS0x-GRYrA-bJ%QlQxY6_7V&DZZMttFn0?WPFNiF2?h3NgA#MmF| z`Xk5xVia)sL0^EVH!ZC%#?ZZcz)ksr-2Umi&4|fCbbIIKTr2%e9xElcBl$^|ETCU{n6h z0cxaQ43@q3oxK>FFFaQwZG&?lbeSCQ2i=(hmhzX3rcLHvD`4tbzguVpKm&B9AZ17t9xTcFALU^iLy^Dtj7 z4=JWo_w~YyZI{Hzdn@9%b7>9oW&p5*0;AK<02&;)epH>F$1j5V3;lHJ{1f2Esat*q z?n2B5fkIUbW56;hBkE`az={%iGO;E@Cp7#?FnY{ou+{cC19*>Jr zmeb|Nvir;GBPxBG?ns-}r?EO<+)cgF6LA0LX5a-ijP(urKYkz4h2R{W{p(J;`sVmh zl|O8ejeq8hm0bfDWt7wD(W<{_IW!V<%l65^PH;d1NNK+!d+JnX+6SYjXQNK?>Q$F9 zZ=YR&H%c@6H9O%mVInu?iSdvgKRH!nWK^_lu?G7w+j3y-RAk$8O3hTjXU}}g1IALn zvSB4O?Acd>MCAoR7AB?&bsZJ<_7^dlO~NZJj;nEY-2B2i{UQKZsMVuCbz9P*`2$5>o&eXZx5f}Evrwk8@sxuE@RkmQo10v8N>w9{69G7ByNUE>-RfG@mZ$a5?gOM zFmaZ(gV5-X?1`0nYZeRbmy`y`@ON-oSvA!1h%cj2Wcjvbh{{Lsvr!KeUrYqOsi}d`CjlM(SlyE0TymV%HX3dwIi8%uw~|Q zL}QIPjf&d*jqlX5X889>zq>`-a2@N3VjE9l`9d}zxhm8v zx_lF~(P3gm9L!*iRcMx{zkz?xOz?~2{VF{-tvfxlX~EnSlDnEBJ^h5{qK8dmSxQvI zyB|cm)Ct|xYBjbpNm6TX&d;ou+SU8Y!xZj4##Odki>HYiMZ6KsLloAzXh~*&@ zjW15;Y+TjCHQ|`IfXa!vCn#B9XstI~%|qbfuZWIdV@iuhXKg{m z;Fgu_KhZMn+PN2>`2isv*HwVqW+WPA)6t5xq%c8j>&J(O@oG?-6dguqa%5E%Nq*A^ zCJCIW8JoCv6Xt^&JWlBEs?rsHWw;=O75v2fe{w6*Q@>m3XB1Q11C3uDP7)ZjIItAB zQKx!NCaxj|y{#iX8XB0OPwXdfyACFar14+M3wiractr+%YAtC+hACZE4=P07$Z?ol zU6)fc$E>a-DCXsc$hoRqPYX`&Y;AHjg`|r^$CC*IP8&9w-65}6SWt}$5H!TPa~#ww z1XgVlBX3p8me$^;W`fM<&kH|O`kqkLD1-zL*r&~~&FA73X0{~)Fn zfL8XRS5vDtl**35M>8YUT@{9ElOCL|6_8hFnxAw2BMV1bRj*)ax3^r&D!zeRzZ1SM zriigYnlJ~GV?`86H#T)xK-z7a6q&(N^CwKE)f)zeX+}cWs}Izt-rcYJHlkU=_^)=| zqZrUibd23AH)(1P6D0 zdc8Hy-ac0+0J7%nba;HU&hc0P6r}di$4;-EnGbN;0BsxCePr67f^npX{BFbn9yy@e z=V8&-a2a{6VRd@F|5wuX`*+@BBLMz({!Cz<7kfFCrTM1=rueTcHzrct0)qXrRrNew z*Lr>bygN)$?9xou|VxG%?@0iV0`F^qZ&!wf?pQ z5UT8xXL--jzkgSdJcq0L!voJoJCNw|@}&gf3U~^FHNE?Q^L5uH>bK>@&*vf4hoR%v z4I}ci$I~AtYu@Ky>J|P0`^yg@*e_sE(c1lV?cDj#3hK+A`*>8bFpNZE;JN1UP5F9& znPF?_jo({Gfu|euFJFXRK#Rul?mu&U`$?dl6uEz8#dpZk^PYht!;E3zxW{6*<*n1h z7R^nbfGs~rY7t^-L&eK%hy!}{6CRXOg8~BnbELKF7cbQ5=iDm}wZlN+?=|t-J-bZ6 z>xJvVaJ634l4z@=Fa6!T!M) zPG42=%0=3rFGq~WvcQ-UriZ-e&=h9-JuBGo#f4?wzX?keob4@~AI=YQy${F0fJq4W zZ5qENFKtyd$c6@BXN&R_n1inw~D*9lV(X8LisvLq8FyNVKzCUl8k`BAGN!e)^A>%Idr? zc3Vr=n+cZ8sXwdscV$Dlpg^NHMq^3BxmM$K+(CH_jBZzE6?Vh(r;pKXYWB1#?Pv*3 zUZZ&U+Onh8bY4k%Jelv2Sa4w*PJ{<}SoD)m4BHzID*Hr}tArgj!5WC&8>4k;-jCK+ zDy*i}Z}{+lC1Pzd=c5se998oks4crQc^PCFl@D=ZG&tuLP)=?}j)uJEqIo#Eb;_f0 zq``^wyWLP|*lvP!6sM$D24fOv@3oVi)?P{vLS_}gc;0b+q5Tgo+@~r#=a5cvkta7@<3o?TTzcqHxwy)5W&=}_eTbN0pR$vEDRSwD~q*M0xQYs3%t<`h)NRkRip z97n@*D@yo{44A6bEOrzzE7=eTfw-~c+MP-oBJXACsB*HttM|!Kj4})TK7FB{5d`H_ z7>=$ABj1+SgjP`@9Xa?5zw*+78yL)eN|9mhPS1!2(@7%qEze>7gqlw5b68G*M(_~~ zPF`fam^(+V=oaws;*fL*{9Pd|%);r3Zgt;lqD&;J z=GRkdl_0bE_Sjk***FAC&i2*auVV}`udnz5(Y(ogV3!*$0zngUH(U-5^DpLZ@o-gd znns}*fto~_x-b!Bo~5e;L-!vXah{W9c1TqdL%CR_!TBmVVcl0<0&X0gkQdO$hT-Qt6AmOC@2+I$sxuKoIYhwiJ1<6x7 zZRThB)>kyM3dE(OZ#Gk7nYO`NZpNj%zts%US4Tzp*{2xzdr5=7uMDzImf3w4PFJ-} z@dnJ?_-QKMgBX3wO!u@v2RhD8Uw4*?Q9+y$*E-0W})(+)YlaxH-4N=;)saV!Z50Yt;W8=SUb9>IvS73q{pD z4txD)lDZcUlWoorU^sLpK)v2rgfyPk^0k zV^qyqYxH@v|7N3IR{YnYr{wJuLI)RhxyGK+e3|hSo^$E{h;N=sw8VDj-*3Va#h6u5 z^zloNoP`*AkZBP!EZfJd1-bH0uMHRwdNMzBk9xXjaR-sVBBLmgH1CAU9Q9 z_d$0)$%6CBckZ2Fbt&8!pjwG(mfi2EccsyIza>kA3TcFMLSkH8qPWd#E`@Yk9r=~2 zY)zgZTfj#)ns1W0-cfm&(pm8cMFz2vpe2>&xEui8WujN*rLV=Gno&d>46N^Zvqo$pi} zZ$a>h^tA%XZ-IpzQreYQv>b9dHi4kP0dGdQU1dLFg)pDbOD}{2UxG-tNVnC6cHwsR z<`0q;wh~Hs%w+fadvwbTn6{*s7fdaZDRh-oly zfgaUja2VPLe0JzwJrcUx1>%4J8*(UxhK&ze{YUQ=awe@3*EG4MhO z6yBw*WjXaV*)0(;cq*Z(;NErO=>4_km0gpru~IQf%BN7or%$hls>3zN%%1ET6|8}E z)U0(wfG>2=1f?DR78dk%F)}H1^H3$YvHeROq=KD~M8E=(WD(V=G=M3PZzqjp)mDaq zwCMHzI!1eT1`_un;WS2Xrau1J+|zFu_h!qe??2Voc4W>&Joe(4c^H|b1HF!o`cjTI z!Pe#0@FJ8*fA@*gzThAtFXhB2Hr5UXMUy#E*gtz>uD;C>0IJI)-y^ti`&2faIMBMG z?&B2e+9^DAm z6|v|H%!sNc*FN$ex?Obb>#aQpIaG9?Bcfyfom-%#hv+JIf7{>Z19=lSF6m8xHg(12 zca)vq&Taxr4%0UiOQc0(9K56D(7byQ18>uI336qX%T~ANN7sPU^}(7O=0y^B32sVi zN^FwbqyC?d(8>M0=K|pH-_bY~a&M}=BVn8HeBE1Tj_7FaXQjKlyK5TNW;g_Dg_t-r#EMf76ym{Sc z%HUO)^uU@ zU$qw4^2F3@CBwjT|4u{4Tif9l%F5|>n{pCu4@wWZ`I2JukyPvTCcECH0xvEBM%LSE z-I`OQ>i`rj)S5lzA`g7i?d%*5411=G5lxur>CcYrYE%4M>3p&pvf?1fA1S%qSaQZv zgLv(nhC4ex&o;c^q~DlPR*&mmy^X-wx##ovB#z$!57s}@g>t8j_9BV4h9+MrO$F3- zVQo%K1#FJjuW^vy=66gFb#>@nnxrRbPPy=cCy5u@`Ds1)B8gev@!p=<9TD1t=QY#& zqoa_*9Hvn1a?vo*`cxP}j9?M{eK)&3MDs1TVr4jSxFO}_Nuu4MDNJ-8-P!zv4vOZz z6!fxu`VQYIINU@8Y&=tiBsNfKd!MXRIOXy{`5ZZ7CyCC8vOYe&6kRrXm>k9{f;z38 zg?qMN9#?%QNJ6$mv%e{6>cGg-45L6qu<;kEg|>HYfT zIWqH&5M5duRFzzn^zjoX7jD;Sp;vzhh9%A$z(u=sAn5Enu85%tX1Je~9ZekrTj~Z& z(TAoIlN=R=@)-Gyh&VwM*aDMwx)hNPo1Th7r(r0(yCU%XB&26NDvGNJtj z#k*)q{j%YyjJ4QRu_y7>7Tfb5g1(?;bTG)*Akr(EK7GjFR{y#!_CXfWsRUz1`xbu7 z7j{SCT{|#|i$+lT-A->{KGjzqA~QmUiIAT2ib5c6_?N}F2u`K686-@D9xW1;Ap{o_ zL{LOTc|sW%`f~!FZf_xG4WmA9?oF0equx9;+PeTk3{gy9QwlvqkGw}L@El4<^VxLR2_wGa2 zH8{?KfNn2=MPAOzZb&PPQv5v3o+fk@$~zHF?!o7%M8V!bR6PYZGH$I%R612bV^JfdV$H(I8qI!zyveOAyI5DIe5ac`QI4T?+U7Q?32xr{|}3#ZP#TE zaDPo1!0&lF94SGFjDy>MzaiQF^dr#U`xY26m+5HS7Lr>(Ol}yQuixeZgWVUg8>0IN zB&T{#{r5*#TTFlE4%Q5JJ0);Ej`spRia=8K1b|phiE!QD_ex$Mi!_W~VYK)9-AE7n z-REVZW+_edw4Yj~KG0A*Jm-8ELa27Sbw8ENzuyiPwLAd_-2J9Jw-WuYD}6K4t7*dw zLul*%#@XJME8wbCEbwURRNvDCL#l;i&{o|!-nAijKr9^Y_Ba3Pr4uaMagF87?v`bO zB0u+Fo-rmh%_%DPgKJ-X0Lxm1_*5FjX0%pfgzSx|I$M-QLi*<7Z zQhd{Wx*^c(Zn|Gnw6}+h@XLlJAnyd)>O~XwrbLmkQc!pKEa&vIvy&zhF?>W(3`hVs zS}e1w4s$leo13&aMIDUyMP#IE$vV^hLkz$;2MZ*it6`ykVyZSP%fLV*nbO$wpG2HK zd;0({{icovsR<^lU=XH<21nVVq*X#Ku(4*E=DuTvKf&fDw9i)0n3m!`MbN-;C)n|r z_-h7X9L*QbRlLr@eHIikL6{)Fd*I#-Er1MAHp-==h2LT3sr^Rp>)%BdLg}NIw!ftA zy}J`U^ZKsX`)`j?R-NhgUy3ZDCwW$1O9yODk#;v%=w zw~P{)9IM9!ew#&lQKlWYFT2O=7BPbmX|_^OhovQQXw%H(B%u{2zQWH5MTB-kFWd>t zcUpZ>#maSrM$-sop4hF2Nj93g36AppA0yOd_{w~YeraQRK(}^}2! zLK4-K8AyN|Usmmm&H0K;V0r!QEKUeDg5;C$@J&}aj#!LXyD~>sd(jvk3oT^_+`U(n64RE^nBEQPQA@@IXhMRddn9rElynqZb% z85V}H#?0uEsPCeOI+&W81!z{x)B8?*NZtlm9ajwUKCPS)PS%?sVQ!pDM`G<_aE}l93)143f~Y6 z2+{Rv;iw5>9(124eS!K6mQ7NylWU5MO;b>g&GYo}^ACp_IGvw$btQ_zDXkyQZwp{) zP>U3NHZ_IsihAe3Lkv2j|Ey$giS*6rj^XUzpzq2{!_3P-k7n#2%}H7|VCep4=&Ae9 zGPLt7)P59axibEYzyLG*eZJrG2c}hqWdupK*_C+Memo?yAswHjKI$FE_78q?Zjltl z^|`p#{sb%pC&l*T{erNgGd6bsTYap{wjGz{Z>hlyt7>4Me8krktHbtX!2Se4IRO?r5IA zc8b~79GbqW%#*K^Y(aZNB0mb_)(#O#eLTU9K`!Z)nOq-!?Jh9eCreo0_M9%xPedmM zeN<#07*|5n|C#JD_ULAIy10C)c%eb(d zd@aySofP-xuFX7N1UZcbR{7Isfp78V`1wLI;7_N}8a+ql{cXG)FfgMPXq-oYt+qPC zI+_AKUi(M*HD}Lv=l8C5T9U3`@bU>@0ZG%4T6{8V75VMIjGlW z{08ZGwUYj}FG6tQO!PH3A3ONrAo)lrL4Ejmg*YRzy>vwOeGY(6|$xoPo9^n6%xoG+n< z5|_z(U%pU!GSLrW1;a?$Y>})QWo9`54`npW8p=pb{zX9nk#9B|Ww-{bG%Lmd!1B0> zvzbjIo2-uAP_4FZd>W@pZf;IYXgpeKaho$;^>W-98p>Be#T6=MG+YeF;S9?dL1j=F z#gdyax(b4$|CIB|aID=KHx{e3^TOtkw|_!bG$-*bik|!8=*7iMi{p4MmXoQgqm>BC z1`*-V`vy@Y<$fT@1C@v=&a4rxSLF7Q@^;)p4Fam5`G4BgbTACJWn8yAzr_QoD;hRu z)?DnZqX(6upFtc4Fv&dm8mmeL4cIBH$c{|k?zCxJB2A?HY2q#VTPROgS42cLCt+P0 zW6|P6x}+opPkRemDZ>51?nRi2ZEWWlF)%HYcZwU8>xTuhL(+aXKT>h9W`3yprI2`L zOri_DyR|TN8~^CL+M>X|#D0o8e%w0^a9Kh_JJ!LJEUloYr@MgmJSB|bqaEj{Y1ZUN zoJ~3fgG0BNkWcQWks4sI)I^mgrsbBL)#mOT9$I2TG3h|C+qWhM58Lmo1!(1J!`(EmGA&ELr`ng11Xl#&0NDX0<2EKE==qg)D;A{U zgYjI6>A~*qe8>0Eb}B{uhaDfuqenFJx+j`66|Ko#Chy(|?pE}DJ9*Cf2yyGy#i;O}70SgQ8=!?z}J@LzG@SlhAfez3Rhmb+{ z&Iv3}M^ufVC@eEdb=&E_uanaotX$vyjT)Te*u_~k#eZ~Coea!MQM4bC6F3q|WC4)|E;FaDRl`A%ff{BiqfxN;${%OEP(U zF7Haf*Y$+M+uvabjNz5bLr_ni3hthIIo z+FCyB^8I8Sc5Gd{14cT16Yr8fnX`!0b<||8d8Am}+b|X}k#Qm23Pmlx#m0V|FJNHB zVYM{!(@`p2f{;O_mEapT5yW_i2-{bLhTBk6A|@(y#Q2B~rm3jaN-~(ReKipNO|G%- z)+^{WL`N|?VP)5@mT$rc@13J9sMS8X^t8bdhSr~+zRc1aan9<4^9`i4|Df{PEHDQf2e@q-8U>M^ z8I?$>)23=sxO^Bq=^)Pry(4v+Ofvb9t9`2pHF}k#j=9&dZd2Wm!TTO-&Y1;psKA3_ zG%PHC!5}tv#70pD^Q=~XQDJJqnoq6vU*Dl9L#*7+=b6CMxK)PYdmqN5Lou!~XRuaW$wVgg5$ zo+ct=TGbKC><87jZ!oZDzir6Mkd4`M%VQaAM*=4YwQj*9k@;kdR6G3D@L5FmpvawnAlCKvc`j2CHZ#P|unFsCLC?zcdrPaxi zM-%}cO4bbCr{}SWPhPXXvf}iS)IUk!*7Q=3ox#bt2M>{-bhF;+AAf!WPV;0!)aLm# zUpoHPv|6r;$ckDWk?#vUX%NwcfA|i%=7h$(ZS{^#m6iP83r)eFq~}v3zWgeOz5PY6 zMIxg_m(^8J?l-3{oCx22cxN%QPkjO&5%b`9D`%lX_g$Rw`M1DOBI<5_+cG`s@jD0^ ztrv3$HytY+u%k@Yom~m!%P%0PQ0hS~qavpSEd~$8X{%?{`h2Eji`F@92u{~0KWcS(TLT>8}76+|vjms&eZe8cPd%7z$@B{Ds_X=SZbxk`G zA-+`4M2%YmR9s$;C76*}Tit#xhXDCG3yzJ(M6 z%ZnW8!Z7o zww77P#ru+{B4s&uf1mG9pZ^>NcKXbD6b(7$YA-e<5u~N1EzUc)oy);48}lB&mOUKJ zrg_qIw7k#BI>=X_P*1JRR8&1Ix*BoU!?m4 z*c)Ee7n@_v17Eg$d-^OJiOl_a8=>$1uB%Jbns586IEN5CWPcJ5RgsofZX5mz$G39bv=pJg+%c3!Ck^tv~Ik zK$lJEn4wHO;S{JQ%nHGB1b9hm2a;Ls?Yum$yX_+0MejuU#9|TbId1D57VIVI zF6Wr~a+adA6}FZ!dOcB>_=mS}N1U0j)|JL8b^RgH}N1*)`||W$U{;WhEa@mK8D9 zqQ64h5n{gF1cg$#Ex(&yf)BwWhM2x;zb(w5LSKE0$O>AvkaD{0k8F+MW>(Ds7_;nad zR8rP;cTMeWWu-kV`LiuQGRPC3I~b0S)W_WLeK=|(E?T{Co6RUN5=Ed_8j28I!mF9* z(YEC`DLrJWnnFuWRUZ7BL%}SQ6L0!vx%BSUv6u{In?aMJ%?}MH?N1mi>o%r%Fi$Ca zCfxvpR~{g6O_y-LzK*}X7Eaj}MA(pR9u=DuYL*g8TBMSeCb#qPTe_l45-(7CNT4xH~zlQ}VR-mmgz-U%N!i$6(=J z;6{?N#W|sG2U7&k^(8#nYJQl(ydLKnGVr;VbbyS?UKiC zoVCQUg5+b^j+R`8O+!ydi?2z8-_MijR~425Oofggit>C1qTf?JeaO3yWs-=5r`_$(~{^ckp773Nlqzpr5Fx)U-Eghu}` zzKJ(}IPr4+w>SUne%;pt7$VRA?!@Vm0~~C(@$O2Ln&-$ZzPFMbJDL{Uc(rKQE;+!Q}hBuJyFa(|dy9Qx^#&T-IV3%T^wm&6QJyYUc==dTP-L{D(scJCSR ze5Gfgl8O`S6!33{v$EpDtgFy>ZRW*_Rv(&Bi!ADY^S46TIDZrv{(ceR&9D`ZEHygK z#M(n8aygV^AY;P&*jN}#P0J{>u}LOh^VdHz*p=@0DxnmA=9N#O=%2^F!%VW_B1@}v zASm6IT+iWUC~9_lvnG}%SImvW*cpXhuFMS6U7VMdMg0CtOo=~sVuYYx-Ul1mdQXLs zTLVs%*ePTXfhxQp8-akpU587Rxl-v!4Nrx&y`1qxwBA4>ap+?{uGI`H6CN7EilBX} zzr3uh$Ug4hSjl>Bv_|r{dPOepE3nu#fS}1z_EelUR;VhNH&cuTuh%At;uI**OeaDf|8HLFNQM9o|i_Ucc$eX_x6D5au??hk)?Z;2i`Ow*!(m9Y zOsp3Z$?#R7A}|M{tR3gm?_c+x1^VqhKMdEvoZECQqJ91V=6pafUv6EGZ@9D(&%JuQ zb?V)D{ujx0)VrViD0y4O@^GcPJw%Z9EiL!5_sPpJ%m0{n75G#rF9zOEtpXGxYaG0c z8+y`M^+Ru4aU&yLa*v!ng^jE%-xD%^@>qB>$V1Z^3nuwemuyQ05gat(kqJAU(Eux2 zUfpfHhBM^XX!YohETf4T&tgPNVXg>jTVfLN_Ucfo!|7mQDB10SB3|xjGP=+V|LbTe zjyd7JEqi+_!k}o@ssyChS4jc{jbw$A4UtyYb>)R1#&mco4b~u9uYwEm!Q1Am#tF9&oj4gy5gGEkcr@gvns^;h7iZZ$AzmHJy7OtOU&(rY@(+r)Q1{cP``Z&}yZKO8!0OCRYU*#-A1Y~J*^V0arwzmWcb0RJ;%?I0 zVWvvl#Mp>Ss22Q(L;Szj?;Lg$6!*UFv#XzNZfVlePoG-Joegme4Ol20%v{XyCR&fa zo%6_HWG+o9&a3J#owd6BJlv!cwHF?xuNxy@GqGa2QkHV}x%<>l0Uqa@Z{PGS`Swp3 z3?^#mM4pqw@JKI|3G+#QV-s;(eZpd5&YrwqXHbMrMWDwM%NvGjr3rI@mnX3Lxgy>& zI_+N-iAE`_VP%G1e=Dc4j=0Y2MgRNHKGXC{P74ubDA-=uqAjK1td8v!xv3@zuNxl= zPO+9q)DRL6Kj;WQoTh&TlheL}9(Dd;MXwE6nml!Wr8K-06(4BY+=I#OIW22WLS@6E zN+=TR(0sKol^}Jmv?^9cln~2VGZ@j}toafk_19WPZ|Fa8xpNn4f`xigu_Vcu)#k&}gJa49 zx#EZ6tV>n!J1sSY+*!8EgE2h0G^_J=M;SXKwcVKZwJRdLKkx0jU`;HUMPDVKG0425-Np9N5G!_c8Gue_uNLfDlLk zQ2D(ERQfd?#6DO3eb|?Lej(#PDr-7`);*H$`l!e^KA$-v{{dy?i7#-)7YpZ05v=%F zkUF#O-jvs}U5LFsMv@JL7KvS1jmVe4o;%##b6@^0}{rr~&(DZbL zCvZZMsaMJXozA;K?<4y=%VLp4QB1pGr^jodjjP{4m3tJ!@DIwCBveLzJ#x78T?O)J zNRrPYn#?_rfHP$O`FTng=&BX{NFJ|s(s92I4CfZaoI3Yc7dI}}#7=XnR9i}#Fgs5u zHkP~=dpG=dY*l@RXKDOqc03(7o|1tu&25fk+xZ=Aq1o6t59+mOsLO{c)>0ewt0ndK zxwkF93dhX;XI@FY0;l?=v>Qm4t+-EZBPG5g>{;Rc42>?h>vg(oGE&O##25OMrW|Sz zFVMyO6lryeA%Rra!%t&M+6x%Eyx2CZ42np6^)iX^(ztdzr+E&YH z%nHYYkOVo_F7fPaEdY zOr$J5D`!#}?Wl2wHL4fnMZ6N$cqf;YW9`~zwPogog#)vNZy%hDu7J(l-DOrpjF!LR zNv_bWuqP)}Pj^9wn8^ePcU4tXE82iLXDRDKh${8ua-(H zkoV?XBSVZu@yzB>JV~P+A$v$wocV>2>kJeDEYe@1(JR@yOHidFNCEFrL3bsYTJq=~}yA6^X*AT`+-4nki0D17xcaAmSa5B;kv+l!8mu&4D9`B5-8J1VLZ z_vGGo4PEfbiEQq?**3nt9yWNOi_BsUZi?fhIN_sFIA%_5(^S!BM*j_XX8N5t>ZB4fwm zI_;JLQYEDbPQ*83^9bFX;Gm9=!nmqA%WwRfGZab(JG{nu4A%91(wT1E?iuIHH#TmjnzdEP^K?L@-1~sC&AXT zGcqUHP-$m-@Ve5|$7uZMzbLO5O^Sags~+!I z#_d${9alZM`FLpj2Jn7J?v>9YR4zWiOcw)TtG64HrfGxm!efRff7fxIj$_zw);$*g zs7mbY=J^kxm5D#uj~KvXx1r#jFHan6<`F#+bJmgZiVF#8IfJa~oJo009#} znLt;E8`)pqCF^L`>651-rCv|JTwIOz7NOH3$ArQFiXWS(9v0DuLth5%RY>F(|pknWTQX{1xSL-L;a{_eehxR%Q$%$YOrp7-7R zv!4ejelEDk3b)t8=A!JE09l#nO$t@s*`7j0G%9uT<%q!7y>=Jknqr&qx#5JMs2Crs(5nynz zp`yIsEJpZ=LE>5gHC`V11&&;S8;2G%Ju{Ow1sp49Fsg<)9=HBIfUaTpB(%%9XcyH2 zz9FtI-CVVyBng>_As?V8eGhX~_;4~rw}Wn-XcK3r-FB&ezv?%&c8@gk`?vdj%_+6` z@SKYYzM7p=ebT^qINMReKF|S7O_7E@S0SR;(bYA*`jAwRO(-h~UHOd!33L* zw@kT?x)p{`YYc2>M-@TfK+nq?l)t$8xxV~fJHM%|$pCZAvs*kXoU?x-ePHf*I{}Fr zURxOnKMwOpD;#@T`W8G_GB_fGkk^!6JzAC%Nx_Q`2uy<2ou@kQI@{zs(%t$9Z^Vy&`!7>i5EWb5QA}0NX9KUOo!abL$Par8hU;GDD zRu`U**-F?iY;h>*U62t(eKx)oB@ZRbk@_s{e$ht)P4(VjMQwqe6+9`aWLIJ(;9m@* zwFu^$gyTW2paroE$ORH2Dk8dS2)jRl< zcuHJ?KdKD|!AwcS{o?=hdV8B6c)b4+UW*jx=TBLnZLdJrX$}{zrakXDRf0(sE{>;0 zVf{0{C2n#QhM)uEQ3nDfVvLM4roA?W} zgxoUP&w{qQdaNa{a!!gCzNM@lQsChWreQa6DNv}fq02F@;ZdSixv@UR!6FNh3@uE0 z;tQY=Ae%I@s`ax2CB&s`kfw8F4CYrUxCkP30F(j1z~}*F$pqm1 z9%row&`Zts8xRx*1f>7p()hfE@m6ZK3B&WG%z=py^9F;NJ54 z1grh*|FzBfmp&cXlJz(bqe{gd+`xyC1rrw|R#rLM*qfZCZ8c{sXJWp?`ZAtih&&wo z-KZ9fN`rI!nrAZy&rDp{kkSd~QQdP;Rl!MFby?SHSGs?4_L~-~_hX;qr)FC;V!0@E zu~q&82g@+K8x$LM8EQLnIk|kAsQkCfDm@so)#>zR5hHq<8CvD37aKR*{LNa-IQ?X`-DgA|0+2TL{KvC-9; z_4ijlhTuuvntlN+x$OItID*%RVmkjwhcaxo_`2W+A^*5kdo%}s0;`JTWAf%-%&Qy- z#kyfGl*JPP{OY~W93#QB{BWtfAJD;UIDd>P7HjcTMTlq{8cy-USUQ*V7jn@T&)xfM+*7IM z?`72K=tWxKS^iNVSQEJkv^8_frL$D;2P18nfGWUd3KZxO4(ZymP@J~KunKym_zE)a zt5VM1)fkQS-^SS3e})Q&w!m@U2XA7}-t;yeb}5`n4C_GiN0CgLFSX@I3Ka%UMbDqW zRBj?WdlLT$GII{I81`Ivu|5Xid@c6pT_Oi_#WQ^B4X0n$2;wv+pwcRwDTlo*Sz6dV zu*LO@^yb4G+qh*O%fB{NfyG+QnOvK}=%r1Mg1^v)$mEkflKiA@GkC`QbtZVSV~L8p zl9GbK1DJO)rTw<>cPdv4HBpSY?IO$-oW>NzQs9sy0g*4Mb?R6=U_Ua-?Ig{wl^rm>&(!i(PELD*$g(5@Gv@8#L-#23g3k zT~;$hg?+9YjKUkZcLjs-@wX%g&PGw-FMwb9pIV@v@9vGmkjeJ9r1K9{uok`@JATix zZ;rqezX$`f1psOU#^Ncl^xd~Yx-U?=F9P3nY{pOZApALz@ud*r7`Zld_80A7;>F0P z4_k8zSNq2*A}nH*AR65JR9Cc2?Yj1VoAHI5=yz1?T!+g{I`vsbU}w zS)9loTYs27c60BRKtCg?5*Z$9YKs;9_BL2me{=DEqQ;%8rw-u(`LbsVn}Lf+jnxdb zE_!QTo!bC+xEv+jfc`2nZsMz4;dD!6umbhBP3SU5>a+gRpMvc&CxG>UMS1|3m zbe!{?`g8K$aM zPgyKDkGF7P@5RUI_>9PKrFk%}nmrC10bk}{8<_ogZ0J;)_@9*I6Tu?)R!o1z{|eG1 zC1TQE5%OvCq}xP@p_W;lwKbX^+&$gZoC?=1>badSyNo-^*y|GR&A-6ZVHm`&o);0~PtycKr9Y3-tl!F1NTT8iklrJhqR~<+XJI0T;U(6NNKQaKAi;3S1T> z^Co&!LGDc12D{nsnTZIoL!if9m_qyYw!o;+5s1lGQ7PhNLFN2Z7vEeEe`PgV>9aXH z)_z!-rufiu1`1_)M8E{qFh`Q+g`bIk`ggl`aIR@BfT_*bTP zL=|}`>1FI(c$L-3mNo&2{o(&8hAcS`jxm7rP8hJ;96%sk)&LD0LgJ8CTmxV(SAZbz zntM^t86bv0JpdS#YvS%pVhAyID;VbtXs$y3`+~0h3q&V)Jtg`EnHq;E7yJM)ZO26) z3I+)ugk)}e)(+sah9^beo*O0w#>Q*fjw*l#_rLA$tReu!aVM*re0}$vw07P+sC~xOn9}@6wY$e%Ed7J@#>uq90bR4($jeo?Ym06~udp@>10bFToB>=1z3T7Uo+ z7%)PA;&Bh;!cTuL`U2-(fNLgb@OqVsKlZ_{Uc z5K{*5t^I}wEz*`3yI*es1CgQA2(3k~505`^!?J<+0AL_h+ASwuy19-B@(P#F9Zg+c^pAvX{bvxiu#fE`{VfGV2>eq?n0&JKLf3V=EDo&&Es1(AU)p~Wi* zSl;g2IH?0bz#$jl$C!Do#>kcUOq7{pu~W9OjobXcgqSo9uQwC9{~)Vlc? z-IzY-R>*FR7(+PkzC?0Ognawvvb1GFnys4n)^d9uYJX_*CqID_*~wRzSrF6wxT3xf z7ZG0RR9y$jMOtZn=?`AAv!dXxsk0n`2w#HYvx~+9i`=`pofzTQE5Cn3)x7I}eVSe> z!P?d2tS*!Ci6XVt)vbl+*Y1r)%O4x->+3tX=+HeYaWb8IPfZTGFPtXix;0|wmKu0# z+Yd-S#eAXTR-NC?rg5|wO?NsRGIDcN=cS|L_|TOzaIqao1PC1-QSAvrdUz#rtViVe zWkT_F*9*9m%p9~#--v=*0zsMGalFT1{F7FIXsvjs1Ye*2=9 zv^F8}4G{GO!0>aspb=HHStmmzhn|(AE9~!aJ!>4yVXcf~0xoHczx*#EZ)@bmekgJm z&3W&Rm~m)|nt`Voit>QJrYi)#XO6}b{zET;Y1c&4N8CTZ#;pqTm=;1qE6Z5yZ;61# ztPvKEf_HdLktKZ^LL8=H7qDC~K(&G|1*^u`9RPAR4sUBG9QXKJqSxrM_C-j;`px>5 zH0MVOS~~P_T(kaVCqvc+rOnCUzvhB@%Ud%p^X(KQBvtkxre~$)j;S`05$od@&s>SY zz%-RqY3egc0jE&Tcm(U5O%fM)CAEtQ0aq9%SA-&WSuRr@j`@NgAbP3@yw$8hB=gaKgwXuWf(Vl2#FQ+~m-Mh4`9)McN z6QGn#*?MFFix$wNsNA>+<%M`Tf_@0u47 z+LAOm&$5aD0Cb-oVsFT|0@mu6J;PU8e+an>0t0~pJQ}PJ=+=W*_q`Wr9k@uy>Ig|` zK`2qNe$P8HWFEVa>gkN-4MgP!L92)Wu$I@!^XJL`v_$}D%ieP~6T(nqA!|CM1wBJx zRN5BVw?G}1!IKZ2Pb-n^suSX)dx9X&02UVnJWS;TaD^e~0pMwK2cenC0A@m9J-3!S zEF^!i+_*oJI{pZ7tWIu3A2Zw z(@qTUO_+@Y}LZEwq8rVeE*DOk{=Tq^bG`*a(9$Qy{}ICtle4qER5B zr|V))HX_=X91SdilDCR^1D7d3cV2#$2-V&>L04XvNX&$pC)jS6vTtrGV(da!HF2M$ zbZP(EY&8kS^STazK40yR^m(h3!2Rv+4K|(;Ad5{j`dy1-!$o9qER(?Z1r(P2>c&e8 zzIvbscK%D@+G&imHI^OU`cnQ53_lN?>4zC!vT6buo#@Ii(yoI#{j(2&$;HLW7S=#s z%i0=<92Qj^ubBO5+S6}$t*~g$nh4gCY@1<-hAr;z4Iap67nx}OJL`VN)CX&lki`6T z@+3sK@8*T*w8-M3CU1m&p+gf z{I*eAaM2G^DJzzd5?e);3>g;|6aixT0WPz+PGzsnWhCqhs*Z6Y>o>Vl1680FC^iJl z3DoWFSpc4ataTHFEPR#C+GT{juaN>j>jsszHery^Jo@CK|IHO2WtF+JZI?ov{VEM=D4WxM_{TR8H1ln!9 z%(fXdmLulkI_5X6KT9NF{$U;uK}6={U5cucIphRm$}3`nQk>?_FcgGCz*Q`%)78+!w$!&eC6(&xbjyC5aE3TntT-ys;iRKW+Y{igY zUHUE~V@qIkcEkmpp(2MhQ1fr;*M>5Iw3I0II#vsV;*}y$3b_W(Nj{jK8OTuTj10`fAi%1G zwEh1>yF;FJc(v|>K%Ccil(BT68Qo{;<$k04kk)Aua?D``0GrWnZsByoyI%Y!b^RI| z8X$o1%MW;A5kRZXK$&F2?+wTrd;`8X_~Zz3{)i^E24nExkg1i}vb&zGdH{VryUWe! z<~xU<7e=ja;k815oXG>gguO&r2$`xD^q0u^o?06U-lzi-rq?}6`Y9N)hCz7y@v<=Q z|4s;3w+m5_<^Mn1;9rZz9}{7JM}o4=jxla1@5!(_A@gESe>MOJnYYowWVYc$-@6>( zG+C0=bmi@r#_#bS@JmQ+8l7%@3-v&JI4-e;974Ewk02JSY6Zvt9|Fhv5kJ`;0Nc?D zbsr3Kmu&l&#Hz6( zz~Gx>?@nOHBocQR#qN+nHVg)O@9f~mgVu;7o=@PGOreh1z{0YoO5PiDOJ)9GuP~(^ zIBZuo_Qdy#6My@pkSjIqR`=YC%xej07?wiP?F4L2&u$6*<8kW&b`3>No6 zUt5wrW0W0+1!M2iP$jU0eW#*D;H1a89XBHy9hvpEPN_@^?j-Tg=Xbz-2rqriPNv_V zAZ_0N_;;esV=_Isy~f#%o7RL5K0XsJkJzeM8s>hPi9?sbJ09umBW-PE8{UnMb-aZC zaF9;GR})@zpZV`B7^$l`2oa)r&Fc#M7c>|(rdZJT{@=xViBM?Gc>@Jd&$NSRM_}nJ zuJmryw3&{7AmS6Rj#x9v{VK<|>Pr7QnJ!dJQ|^z37GLclidpGKFB8X13H=evw;4_b zDQYcy)yQX(!tHBxG{CNCYN(mc3`T=d^{04SB!q=fc^tfwwk{1r+4#X+ciY8Gtq zt_#L1Md#VuEGjPegpTMPZGs*eOsIEEzH>Ngo%`;v3fmI2-*^iTACMh4=@Q6qJW=Lf zsLq9LrHfsta!~(Op|Ini>79CDY-N7z)WZh&jKj)b3T7S7qip933GUYX` zPd>@u3Ur_e9fmBo@bb=9`Dmz9Pcsx3&$t7{HY`ePKH^Akv2jxel#=?8G23LW@b~b1 zdN$Nq$ksgJO`nXz6cGD$xOtsRO5iw><cp{bH+HqHftdCgE$!j zm^V z+}B;lmVexJQzgp;xMj2zUuv*cvwbv-q-<0SmJjt}Ou8EA8|!1a`lhm9GGe9>^v=43&z$9A>(nNc;*$NdBrD1)weL z^tnBEs)hAfgd~5H2{hS#cuxg^-D3D89|MISU`^GC@u))+X`CC^IQxrv7|8GYFmT9zfD23 z5Hj&)ow5}l25Q&CNvoL3LmfWH`ZQ@r9&XXfOcGQ(J{|?dUCpf^IgTqy z6A?kM3-qK5*LD7$hJLk*;|ObBHkyHFL)9e%irQ55y@svEJz~2*18^J!>EXlq;O7p? z&5q$k!NfOs;D8ZD#cb1DZY;q>d7y^mizpTJYqcfv0)C47E`ikdhFu1Dr=>A%u$FRM zhxD=nOz35xc)UWr^ER~;%J=t4Mr+~fPZZ;=?VqS*(PKK@O^yX%_J(uZZ`_k!Z;$NP zU5~57NSiE%C$q(qoDFp3p6<^zXLn*>BKpxcoDc5Lzsv&VFB&Cr^Y6?0)!K1=4H=c3 z`8Y^WpVi?4f*C<%A3nW9ksy#;*NROj`$2$ki%>0y(sSH5|Ky0c?rf|Mk6aq!fuuH|9l<+CMW&eWA6$Ms2`27)@)-9vOH+}k#xeXPO!AN#DU!-JBEjiig z-FUfG-)bSs^8(qsUK7ckGp|Kv!?;(b17L{*B}C2`MzxM+%Zf0wIX<=_O8xDa*p-xofJz;b)ha%c;>OR3CBa zHhd>d@XU0+`?g?DHqG@ET_U8sA6k&|k+!#G{5?tR{76KY-F*OFVNy3=D>c`w@=`@{ zYGku>V|1@%z$@~nGzku>l?fy4G{#MEYgg(V;cvX(cxKo^ZFsN_nHj3Ah-|T6n??E( z8kBPqoX?!;pyihy1qA1DWboirgC3q0L8!3j_~=3LLD3S>9j(Kv zG>>wm(J6mA<(QGTLmG)Ue&gQq(t%wpHrxswZs(Cxr;Ac~K#xn1m>sQ+{Dy zh%YTOfrlGsjSwG{$>$oa{0jXsQeZF)J*t08FS&d|NO|rPW+Gx~+XnYHl%{eN&Z_ij zUAv5R7kHyGrOO%%C5wG0gr901kD`N~i0 zvxltf%VF|2H@|x~2o6g6U{kUC!Jn7F`Zl{VC+Wv!T7zRr`DOd zhsVE4ppF1pZ2@??sK-J>&Mkm#b)AiQc^DRbCC~V(JD&UBu^*^+H@iO%=@R?ihkf0m zOt>?SLg*O9$Q63a=YNZPvYn0C?sa_%5_m8Y{`X7huf#yS4B0>V?i+bvz4m*o2g(OP zj{&9Q&e+=(;rIxFgjDw=UGdMG!|hS;WP{_Jy?LbW0G02zokLNtg-d#pw_;X94Vyd2 z*s;(+2yprjT^=6v@>n2+%X)a89U~19X0-{R-!zc_F%prBr#;iAPLch3DxMj zB*U&^1@T*OIdpEr@*gam?6-cOUPA30kc(J|d>>X$_C2j#$+IF4iJN$HzecZ}syNBo z?dPQZ3!zYJ{*lYpJd#&XBT^PkI!1sQ9YZOzI6X~KEjj|N z1QY~CAKK~#UyBn^$CW~J?0{FIjG*bPK1M14Dkp9gQ$bFb=S1^ouJgvyCSp}wSaiCXcrvQT54bf6~(M-3v8Q#mo0z)q50hNX&l-79ETQ48F4p58Jp_J zTEI+Vl8%b>`&T?PxW2I&lB|R_M_i$_Hp10qec^Fw;~=N#PsZ^yIBO*bnBKK3AsA06#WQ*c-$Kr?5Sd%*8eF|i=}5LT7(e)VtK#X zt~@LbK0@Wd`z|PeKQbBvhsr=i>}I3KXJXUwpZEN0*-HNYY12Xj`*@PUDsd_lDk7JrIl9XMHA@ttZ%r z&STjRR;|yS1+oStKWP=}cEao%#Ci=&zV9Pad zo$p_Jte9oAI^v23)7GJBKdq|^Qi5e=6TaM32=` zGxo2j#>D-j!zFIuZ`xFG|7BFfxSN(BxYa|EttHiS)<1n8G<4kX zv19a~AOWUT#MJyP?`WTR?Yag)k)3Ns5kE;r(q;1c6>Z|fx`D8#{GMV;0sS_u7%uKd z72^2lt^2?}dJ#U2t%&pD6{XntDil{43%t4uj|ntR;-Beb6E6$Ox&i$HnpLC_D0?+l zSm=p)hBl!ODT5w*e>c(d1PWw|VFdLWLJ2}Zed3hiWXGbqb^a6EKNa-XdJ$nx36yX^ zLW8(Z(MX`2ZC_%*q7g<0{2BW2>WL&*%!YIEZbccv-&WuZzFwn@AIAP9^Tly&V73Zc;G$2Bn2eLeC-DjBtfJQ<++dL zYiM4YGJX1_U!Ni%{ZjhRInN`x&m%rDJ!`c*@cvVG!B2!sZXA~PI8Wo*weG2TzU!U6 z*ST!_=dSIi{K~8I;BI;P+-lmlAX1;$0Z0uUxU6Hy)k4}2YsFoErq~2^Rs9B^*Zjs# zd|$mP)bBec&#L@JRdecd8SNq&&)R#LF+{KG-aY@i-nbq<7j)bnn4?ftaOB;#aZ$6r ziaPyOGx3u>HNrKwu4Jm?>C9C8B3txeS!wCIt3&RHRManiMBinL^v@$SVvQMhd)OSVuVmoNP zEHm(vouTWGmpf`_E?S47^%6U!7YP+~U^zQ+0RKpD5CZGt!uOm9+l^2z)A%IIzYR23 zQ9sdL5jQ18KFBdBD$fa5V-Bw_PxM**9_P+9M`@gmPUO2D5j-RKc;LdRPWlMh+qk)tY?PoM$Q%%d{P<14VZ!(F0M^`Ub9Jdym{hAY<}O<Gzb)+~OOIwGz zQ~0afhokFc8K9gcp)G=`&O^oq{%Is#dDK(UBdGHsnFa~Xvd>BJTaVG814&mCnDyP> zO#P7jod|cP6MR+#j{KsFeyZ$5!0F)jcseIB=?|KcyrnP>Z${#;Ztu_P)Jc}swyJ6@ z>tPGEf6$_6z#$Dan8+LNQ#{CdJp45-I67X__%&LMRx~@Zwe=`uun3*7@b_lsO5dW1 z_G?yMp@Y6=EFZEG*h&8xKk4cg2!S4#qtueb0GFQh(T$W{gS!V@G z(zai5AnV-=4`h+^eFYYrn^I99pe6YXu_S8>y|n||A?2 z>O*0DhLnOeyC3JlcOk6a#-eWBM-`PHx*oQNh0h#!f;KKmHvmbU&~~ctVe0DzP!yid zmr&jl&YY+LA|b$j`4U*@aQ^cRZ6SSrfcTPt#LA%ICD8eS%e^V07rq8W0Tb2+*O2@T z@OrQg`{U{KqQIO5kh_2sQ5`Tkfmh6dG%|sI>_X6ewP_{@-7?1TS~>=b$kw%;O~-Aj zrAll6{@p*c0}VHFkONR~fliwML+ogGHcRaS*k?u5=s;Kp65hEyfLJCf9wA1f_dJ^r zw-TiB*uEY49#YsnbA~ec_^Bj{nKni z=nk%s1^YXMY&VU8-J64)tkrA7Z_oCLj-`gv8zU!b8Nsp3ZH=0$QHCsyfr~31Xd}dL zb=)g0+DAEj3vFrP?9y8itG&#+f-k3~&14t;K`97`L2IFuaYaAZncuCNixGO4&|&D| zDxi_+BxmGn+&E8U^TSxU;(w*a&<+!67bLujYi@2?q&< z*?th&L#evxC`YEZLX$(P=OTjyq^R?w^+4|{H?6X@nBZa1{42u07hDi!uWmLO=wR^@ zXbPoK;&JhsX~?TXaUwuf=jd@KiYeeiuPB4_%(lmA#O}YLn8D6WDi1-?#m7W^8j$9* z8?n6Z@v%voF2gRd($Ev@Ma(v%ccMdtV@X0IP;;@c2;;Ip7usBv;KY;+6lqs@ONn(f zTN}xYbYp&}LY5WRR#XB7$~?+T4;M^2YDb4g(ZJu%S9_=V@@R0 zkqQYf8lb|3uTqwu1y5EjuLZ>+Q!ufG<}X$;7Jryfk>fUu{K(ZX7f<$%rKW9g8rRmd zHfKxu?BmCHdy9D7&@Estn5^ytUO`E3zS6XVh79{Y%PjfKCs^L#MfL*kq3-g{7={lk z=mdDL42Y6_B~s0l$O6b6CF|av@0X&AHJrbweZS&V_QFL_O|-G+vla_A#ozjUxa+XD z#~{V{#*nbmn_7*A?u6R;0lz;FUwn)G5=~-#Wm#ltstql^K!6l`ZHxTedT2iSsZGxe z=6-E#slcZs>U;Yti-m4wCX)KO!`*FxnxQA`59m3A*<#D4cX&q`4d%VHJ&QAAKesCc z?wfM%;v?L%-=wJ>_5^9;4ohMt$C-^0zdWWAz?vWpdElTqQeae2$U+qn2dK!YbPmHz z&?gnJVDdT#{N39pZPIX;!3>kC9xC&uhea)GGjV=W&d+=o@Ropbc9v7f`f!pQsH(s| zsG|V7z`g$i_~IS{&j00{|68zsS+M_?V(-z5V!(#l&-&cQ+Ho0e?+pl=o%_*vy@7qB zFW_JMcJp`UxTgJVAOfe>@8uZMQiE*uAo|XbcLtEq9M6}ba7e-d;$J2M5dOkIxFTl) z+`Q^E1|%%bN%)=2p8xcRVZb~TiUQ9BAdvydGN1!Wb|C6kBb*T4aqe^OH4kL3(}soi zA$m?AKJmA?>$V!mANoB%0(~__drusHNHI7TaH2qxZs9^dJ#DEfJEnB zXqOVB_4V->qEa<{yEXKK?3f`@OHd8qcY|0o$J+}XPhsYRD_&&76wyZTgpz(*77 zIam0hWit?%MS0QmyVW#&T3I~vc-1+1(+5iB`?_|m=3ZV;Q*X~xd zD8`XbmRWorR|6x72V^48HJR&zKZkHtS5Nagy=528(%qbWG(Xl`u@sKX#dI$nPTvXg4+4 zKC>{WPkGPkFe1NSkgOG#Mg=P?Z)<@&w!F#P@GFh9#X=(b-?WfPc#U$lE59&nW-*fc znOzMsB{6$LzaptZOtsY8RP*!k$;;K+#y{JQ=WzQhWs98j@$9)sB6{g>2lel}f`!Vc z`l7Qn*w8uWtE_4&%htQ*`2bGkJswc#4U1f;7ZCkAZw4T#AAgkv^+xa!Se)rOPp%8*?E6oIPUfCg>SC%f!x%|2=0S+dEDj4v

    • eSMAJBv@}d*zfFnc@k?L&bybT;{x^$~ysH1$vj4|?9u?aPxR~B} zNP^E}k%BhP68F7mXI&#K5vZ9F9ZKs8Yc;LuAIAlm*m%7<33i zY{pPVEkRGhOzaKD^r1aG1Ky|nUn#R`u9=L&ewA=gD21hjhQvW+e!ohl#D<~7P>}Qy zH8_OEQk0R5LeOz2B>d4~sZg~r)es24DV`^t1tv+y;^UDO!)bb4&%cS;k7}xoILTn) zO7#)T$SQ$J!5=q~DH$&~PJ~X3*X#<}{@3FOOtH=WksJ~#eNI9LrH3F#!CyJ{3HiVk zv7__LwDrNi`}9woJiM@KR4K}0qO`XZI68so{&ZqtyNrwBhk^u#A%wl?;vWzf)_zJ( z-ZS#%rQ&#}5QNR0Vr$)3-N%~p=Hp?ru&S(!m((Yj9IIB38DMZ~!myd!M6%Q4(oV?f z5hXW;5J6V&o;|pPm1z-jLX}05gaVOcgd`H@nahLpadznj58aCHyB+##MCM3~S8fsH z8`ld{Jyh8^p4BsdZrI@QN?W(wKoHEX7skzwC3Me?Ad?z4Nc5IVr83y9EQ+NT+ih1I z`w)B13MP@9M|2c2nbXRqrA$T{e$ zKX%8_hxP%5x7Gp1KF#cgF`UZ*5t{oc%}=#1SV?L*ASrXIfYqY>#1@ z@_}cQ`llU^=%YNwHx=1{1O|f%o_7|~rM}n{0mt>0F5#9nzV@}%jnL|8Xk#t#H=eZ5 z2Grs^^tjrvl#6V(^eR}b>T3f@jJ5}MnZW5gWtKM@Bq|oe27Wh+@aPs}Mn%N{s4!1$tHk)h{$DAAAi7eeQKH9 zqH@G_F}BN3J(8L>^k!f*0*o9!Z)`VjG>^cR$I%hb9?|GNw#k}R`hfBIVTAqm@`1C%%l+}iBx+kD_P)K4MlC4` z{TI+ow$wx;XOK_{Y4}2rsIz3i%H0ejN&LqqIgcc!kGX|J^yUNUBauaxcCdL9&Cb%l zgGM#Ph`HCNcG}S6T<{bNX2nj1+F3ca@?Dg0VcWeC*@%Yh@KyISMGn{Q%eNw^Pi;ly zIBot$JhY$Wc3ka_RDSl$wB+U7KvnU1{D+f-2E7b#MJPb~#R%xuk?|30j+oeui3^rhmWbq^cA)JsLs*Z&@UUn(~3eNE6 z7fz)7>X-7i?thaXzoibes&K|UFV-L9&*(MsBn!AVoru2|W-rC{u|_|E(<~#Y+6m7! zORoDhoE0L!YE43Oq@(IMo%@f$ovwgLzYS$}{{$YYOoAh|J?pTKkDh7CyU6-XM7)royRrx^uqJ%rZsH zE#!wIaAhs?PelA(%eEy**>N8v38Gx6W9(T+OXFB)xuaaMar$CnI4mQS{3S}CQVR-8 zSByA;ykO{|^6AlyDxxK>J?YE0+YQc@#)?wZQ^SasyOz5zLd=)w>@#T|aFHSA6$#0R z^#H}&zgRKt6R1L!ahkQ~9z$9Vq7eH#_{&Zn+_;4SCf3-LHbXJ5YSC}^bdNPSlg4cEINlynGu zSxUNP)I*M)mUeK(`zk)g{#DAoyjqTp-Y)Bos;ES-+fyT{faysmbTHT*G2XX!`6~9t4ZnWwcrR1q+#o zbIpyJF||A;-xBGM?07O^2pj!&4O@6Ym?A`S`QlcoV}UN$BI&~tf)g19n2{V@fPI5V z0|gff1tu%BP`xz>Bo}v5s~1YR-rK@FKHW$`O4Jhrx4PUwrsn!AQ2zF9d~aM$2b4eT zWu3sxfo;8(_GLWdqJbT(PIUT=2faZWPd z5ws}jrBE@QQSdxjUXsg4^Zg&_Y|>T3ig`NLL>;8-)DiQL8**bEJLoP$ z!7R3rEf>N}ZmWXXT(Oqj^x>VbfCPj(IgH(!S9s}HZfy# z-wIQ10-oxGxDk~Fi34<}W4NngF~Lo2z(Qp60fzMuV`n=lAekN4c`P34SBx;``$A#< zwVU)6%-Qcm^L)H&9I`i}GYsadqU3x*B}f6&Rza(K<^M`78u$Cr_C2k3N#BK1QxGnn z&YwKwka+wJON$-M;*dhV(=0Q3#vRKxFWf+xScGQE_{5k&*>)-?TTWJca%O%tW(3-t zwY_Q-#|lxQU68ADxN=NK71GohuAV(?%1PV=B(fW~+~Gfw_E`qt_s}ic55G_IKHGBM(F(TiLvs>$W& zzmTWZWNBh!JE73?p-6I~R<6E{!}(P7 z>Qc)k%!N}s4RCbS(KHVderjGZ-N&72JgCQSm2M7-V5=zd1!3Iz4sUtg@Bdh9w6Z(~ z<;4$Y)l&63>#IN=8HCOKZaj}WwWKIC3o@WJ5f_KVG7^+YD=oYtss64Q2aQxCgoencEh8xXGzT* zVMIQR_&j@JL@u?3P8Lt9MXnm=c&Jx<>}7o3s=exw*mMwGY996_AdOt~ z){WA_)^#XFhKkU*$qQF&aflR01+$4$sm+5#4x>VA@8Pa4flQ0okNYf{IzWn-E{|1+ zP7w@Jl*!3YM+%?Ugt)h{^H~(us!IjZrKvPFdhtK>-68x!lVj3c!~%!qn_D>G=oSq& z5Ginwf1&ZdmH(Ni0O=;%A`%d7)&IWffU_+ky=goXe+Q~rH-m?wNS%a%n1w^A!2Qz8 zsb^v+V8y!DoU5d~K`6yv{QOToX{`(F2|rkcjYiGdf^;jU;O3`0%9fcpz8V$@fbuP_ znDD>M)vo+4Tb4!LU**9u-Gj*?!ypV0OY04%$Y%<^Do{0zA&KmV)i2~bLQ|pVW2+m( z9^@5u7Qgumt`5410u|Ry#lQ2vj-x^~bUQn(ijY0{MY%aRI(Yp{04b$wPT;=3-vGM} znTqZy#zIH>;Gm@*^l?@;mP1<;T!JZt!kTf;@5U`%PWbmP&$yT;=AXtdK851@*No5| zKEW`;q%!WctP(_BOgfIMk<60Q`i)(!o?~{shk+(E&WqYIT}%`PZT%lJ_@Nipc5Woz z`OD~_2KUu63^)%+|F~Dq2_ktBh%ccjkOV=70$&{CwmQGi(rEnih0v zKetVfw#WSQ^JUii_>Fz{Zv^o3Hog(?=6^mpd;^UC&$erTlLjgaXeD}Hsp{Bc1R~&H z?Yk`(fqG=qSFWG`hJSjTtu&l0R&@a&e$PIljqhGwUq1a2{G{N%a^N+u<~jcc{sEwy zPEfZ`&)@Dpy!O4p%hqk~2Dx5l09&9Am(3c~pI$t#T|BRCysXnFfCVS`hW|-dxR>et z9scuggsI02jle#Dvj!sPU4LqmJ>UARxh^gRHm}wNAM;+X-@t48c;BvbUvE+;|HVUD zQ~<4=cPHOo*WukKBn|ZK-vEH00PV;xIJ}QHxK`1R=$%E1K;(LcfX9; zyj}<%V39n9kUqb7{~xx_Dku)HX|rgM;K7|i5}e@fZovk3cXzkIV8Pwp-GaNjI|O&P z;5+$t|8=UEDlWL3uDAQ?K4&d5ZC>1Z;`g@dfcyk0+I6ewybf2;(e|r0paC-m-8QC< zb~`K8Gqf*YZ)GJlwUEiFlo&}73kxn&2!~DiONmtTX(c+uxNO=S9T`o5={KUE^O?t! zsw(u}9ie8Y4WSga*(+jXsfzO?;ngo-Eacw5oKa!zev>^BDKgXw{#` z->Y1o{i4%MfbmsIOs@Fc{-CQO-tw0GFDq2>`Q%Ed)T6BK7u6BdDyDj}c-d4?AuM8T zXCCn_SzGQVkkqj)*=JU78N52hAE1Ruj0Rgq9(>G=9#1w1JGtCq8)mjusj6)$uSI!; zr7KEr1UGRAYE_k=X(i$2hxZIi)U{5i5{q;3uiydd$!d61n|?Usk0~dn^b{vNFO~Ca z1c+26&%4ozX~L)si|HutL|_hEi1Hy2-vnT!g`PR-p*p-ufCL8(hLB>=`$B|9}dKHGM~wWa>eLKFC0=`m-ca zhpH1BD<$M}aGuialWt`R7Oh3Hjx4K;d~0Uicyk*8Uh{|Nbg?`yA6X=;8bpxO?{avc zQg(;D{n;QiA_%emUF7-em?Cy*MbgoRVh3`Diq_hZuaCBzasU#Qu98+YUF&H=$MB>y z{>5eG*+lq=u8Eye+PB}wKFX9{6ac-J@*Z3EyLJfTsJd~7WMbGgjL$H^xfDh?`H#f+ zu`?5rvwR0gr&KwMvldHF*Y*6r(k?g^FbxzJBFqzXIB`(jT^`d+I9l>oD~)3PVIBqkBcJ=;@7a?}Qql)9+>L$lhV3TzAN`Qg^IXGqYt(Za;(>%9=B ze&W~O)Xdep?~D;(P1w44k3WpeK=ZA5NZ$Q68UM9TNy0w*8uCLpRL#+k>F$ClEdH=< zqkruyi?FZ95x03V|A^!*kzHk__3GP$N&bBa8>9zjwSAUPz%~lKm9#L`t2ARrx7cA` ztT800ZRun}uU%EIOxVlXIWn9`w*C@dn3pf>U=)n#4?h+e3OcW2Bx^rQ9XpOA$#@$e zalW_&t9lRgUI#d;M7}|FgYlRo0#^a3uezuvMN=M=*&X1G;EyMPkJ{VYTd<1q0St+M zw;M0H08pAUWMJh19K05d82TWq@CPrEL@@Nc8~+;V(0zWF`|;cA0K@$#|BNoj5Zwa85}+{Q$NUz%uK%Lne4wEU>+tIs&5DWBl^9y`h`~S<6iF( ze6T=7GBVQs&{*xYGS+!{c6K($e=fCkL%)Ue$As~P-}+`X^F!(cq^GCVwdZfzRht_L1ToFwxyCp z^sEAW>6tg*V$+;Yu$GV-fjK4WAf&+Dx0S*=ZU-#Fc4Z?&u6Uc41MQ9EQIUI*`@+Rr zlWTZ`6b(ck`lZ#|vXE{{1cqQJ3;fKa`Y*L%J?~8_e2S?iwWTy^_w7d4&vgjLpbbLD z=7`>K>TBAi`o9nG>{+6IU3 znmOpN(K$k;+z(iYP1Q`Vd5dS2i18)vX0a*n!Gzs!bJ!c*j^|G}5`AF=x9v!oZ6pKe zC)u{iN{^0mDc2ZY#E-@O#By5}bC zr<+;lC7>aMkqxv>Z>5bp&R0Z^DDu3>p3^(hi1(LR;~fw0k>)Lhd7PX}#Mxm$$+aCq z9HULkK;~GQ@vPx&q+c)twW5bx79oaib)V7pG_)2;?yl#C>1FXXEIK>$S*mzjaH&kK z)MIuVWXJ)s&_js65M{7V7%#Q24x3rQrC7kEJbW?zqR>9a&Uwn)JOa3iJf_&pkt)gW z8>xw|Ry*dwP2%C7yj8ssI7|5yan(k zdPHjP&*Ma}-=9nMNcyqg>!!BXxmI7hn)bYY+Sa87X-fb7m7rgaEUl{|==sTXO4;#i z@ega!-=13K@_?%(Tx6yCK}o7l99v6aIa#y?ttJo-J-?04Lv-x3KiJvg_<5x@E3Up7 zYZwjx=)4hYIQr!2exFh8$b4pjvb(w_OXx^*!e`<~k`j`R(P{z_R%l{J`KxxgVC;e0LyubokiIZl|#uy+2*L?0jkda6)lM{|}4y<9X?$ z-tS=wEI883sOCL0Kz#{hbYD#NS;_u~*oAnV=z7`#b6m0hL2P`%aM?F|&hg}j;`jN( zf5+T&@zDRcS$>C?uN|*X(BMYL&G%5IYnMm&20cr*^8Ns9f3w?s{i*kNfaEE5X%mdP zSiVy1|G!=$ivew0?G8rGYkao^x-TzlK309m%`}#LDXFO?;ia=gMLaBDH)zFX<(b!i z!lNQiO-`=A9XvhtoZ5C(+c-3e7agR9mz1`e?}Y>U$sm_)zn0M~!ZZMmBhqE^sLEhZ zguYtBplxP^%rUA0sasiK0mDHe1fl@#R7YnA9%0#DdNPZs##%g(+jm4slsuFcN}9b^wEF)z?- z_kPOE_~Gp75`H-DZ)uV*Jk&BMwII0bjf?X(vmdBo<;U?0Dilj+kspD$c2s~2Kp&ul zU&~aN7e9ZgVDmg7e+vz@U$NMbq$(XdIaevyoHkK+I_^F%Ps>H&e+x2<6|!#JjmhNB z6mzDH1~9uJ497GOPq57diUH*+N>~|WazNf{vOM3@zCg~-r697bjpepENJ z`5mpkgEpFb(|Bmhrm&DH2cLdib;U9UrcDQXGbQ{8-+rQWQOF9W?F6WQj)WdK9On7Z zhP?wYlSQcT{d~%r4xN}VmrI@BEe27dv017yQC()r4Yx%ct2;|TAzF&jYjIOr)MnVp zC=)f{b6qldLL8H+`JGzT)v^d|S__vk(!WIr#YJslUo$G(@o)HMwMQssIakwk6F^8R zO`J;lrP5UxO`_k+dBtIKv4X(@hhP;>UJaUO={Z^bkW6aUgHw=${@Fphrs5t!*<(&t zdGUn9HbZ1m>LTLYjYpHa^w8Xq+1MBZUZUhO%w%BL3YVOWdgFqB=3v#q%d4m+Fo#*E zMQtjG7>=(q0;1PQ%HdIsWWKseb*d~fM!e7qyD+lf6^NXXuwX1CTd=&ek=)wA#Z{sl zB|!^{u(jUYAYj0EBk|bM`(qfIKHz{bP}V1(duvjNS`0)dz5feyAo|IBJ~NvH^U>_3 zqAdHCEBp5MkdGzxzQFsC+v_?QK3Ye2E0($YpTU60jrSg0O_mNPvcQa3?-MX{ui1O- zjU77C<71KM$8#tFwt z=8Ze=*_WA9n-q&tMkx)9Pd1nbEKw#6Siy<}BwXcGXI)M`D8P`b2}>z0SYa+Wx*jaK z$p}IZ$srIYvJ(ZD z!iQu3O+JeNJS`RRXh8=YkF4yCUaEggkQi$2NA3=*qm-H~RaPGUh;yL$IqoJQHr9T! z`gL%Tg4}mLECHcKqLM#Pg#3v3La5tXP1*pSHF*vgOhaR+Vxp$Q0n4t+-b~*F9RngY z2uf8a5?GsUm49fD+Dy#q3y&2@kGOv8j1w(VZ+7LUv|nOy7_lnu*oWaRl?-h&o!u*i zu=#vjBu8qSMIH1PdJYIpSVFqQJF@u_p~*V!3XxwSfkzSe}? z+GgJoxt7DmHz9kl+xdX7&R;Yka^<|UD?D^{B%KhNCWmV3=|*4=aOXX8_PGv;riAD! zmB>WX16*S^J`07P2#E$LNrQ~7>q=?*F)2@-RVh!$4IUGACRq+P2!zKy9J_0m9}Cos zhx%w9_WMcYG*9HGVMFWrNco^#rAy^K4)w1}>QApdA?xRTDYL{xaz&||B7{d8JV3*? zcB(3JIZ{b!P1?E!WAMeptgAmHYgTHLZ~-T&7?Za)$4fdW69zn6@YM&g1BNT3L3RZA=(NvL(iOwnWn{KK0cu}zKFI*Q$MPv zsH$wQXNgkOkQpel3!m zUiC^aN5H!piBFA9q+P{0q!gWJ#?kyG_GkA7m>a+4lKsqCcUCVf4Efv>gdY0@o%N%T zO^YKi4}H7xdtyOby#1r@tg6;}V_Dh7_(S25r6cJnQEI2;k%Mp#?!fuWvPp*(5sg#i z+cos*&QjbpqFUK2=wjls%J0v7b=gE0S?de5x{|=TMYh-Zs!g@Wgq7%B>Xi3^a`yB5 zKlmomEk)#ADUUm*bfX8lvaqzR79rPlPTu)3e57l<$2`Y*(JFyS+nc%ygwOy2lqk-1M>+&kkZtl zCIBZz)z zxuF!=6hzWI6pII(NkoLX& zBJHtOcN zWJj!#^5DE;AU0+oQQE5*%G9)L4B~zHMI6SjRybo{Wx7jNsEl#O%{bmUJzj)WfaYs9 zAR3`*QPwWc56eh3CT%uK_2rZtb)n}o$b59?WhIZc;$Y#{6>BDCu5@2*Y$FljJgMpH zKJ4x4vupy#O}V38&_fehK#;Ki}k&lX%BQFQ?L1sX#Pr!l__!1y5!Cck-e*4P^6!|h1Z=_00g)l5I%n+rDc z6eW3Ps~AfSN!X-L+_&Oa;?=tVq2S|Hp!k3|O8C4Ws>S>Fy&Zv2aV6&Kjx$lI`5e&l zWJOA98g)Tp${m6+@djtwQGAq^S;U2NcdjiVb#L9xtTnmhESdYNQo&TUk#^PG>bM0_ z3-{1BI^1!4JNhcyHF~cU8lHN4CJJrx>BvWFB*OJ6)crq@v(C#t)!56KU+2)HHjl5~ zbI?a+dp@UMcFEovk?R-V!H8z(s3CO1UtYe;lRb9OMaGM`SJZFs@vl#Ik<`4s90?aG zw{q&-U9SSpV0%C&TW_FJCDqN0_pW?x-o2!4nb>HAlg{ z&qF=S)LgDaG-td@lQGQ18u;aXY!nIpoMwlC!%`C)My8N>9}s|&th4P0Iv6-+3U>I-$()O_ovmR&WnGR)k3Wc*R~%o4PQH+ z7X;!G&Kcik8Tn2%vIXWEF5bxnZdQMQMJ9fu%2}@~;7aumVC?&peAzCbb4Kz+?zguq z@Q(Uc?sxx%WF(g4pXt!ccbDV64~&E8?fQ7^x&@C`#yZcs*l5AeslEdnuZN_k zYx{H8@jJ>5mfrQ2&%T;3tiRuj-N$*Dv-@3Y_1h}Wy6c(^qvwns2_yf<)07t&*`6%0 z1xAW4RqJi}QoooRYOVfPQTk7HsthVutJdxCbg>FWCSV9GLLpA-W3VnhX+$9y*+1Zd zsK?lrL7w?GAllz&B`s6v(2R$prQ%wcq6y;eC%-pPz$zf2WIM-}t4t8?ZMrUjr*;wX7}jkr6_RjXuGbp=P`bZo^+gU7|EbX?j@dodN}&^jyDp9~i5rI=)& z*)rLG3Q1JfOxvTHxs;M26^5%TQe%E*Q${u~^OqBY9R*FE9sgOl2^KG7fDo#U%+OB7 zR8WE0Txl0-X!xrowWNypi`QfY$t*E*h1_ZheGH_iy;3rd%wnR~8*yBKCPjXVRG>n6 zT+xGu7$}mAFG@;ZV^AO%zM6WXYhB!mLz_pnxRR-krF`BBm50X{p2bSA4KYvm1p6yv zj7*9bTYKX5quVxWdg*pC0nNlIL_X8eI>bG;4xh67XKgcnU>iZN^?g)Jrg++}I zMAp;gEa5Z){W|Itiw)h&nwtc)YsrayuqcBE*GLovYNS7e&oh89I%Z)1F8`4ZWOasrEYrsRwFmx167TsSwOk^o~(?_AC zEU&1A2nYzum>Zwb{%9%jCw5M_>%RYB3#VSwT>sh2$b$ zFxWa>aO{2ejC8(~=Py`+T;!X`3^Njy?Es*=#V5&Vb4+B9OhjU{`iT)Pdh0SBl9==;rp!LKjRf@j(!01Y1@V;Fj5VIn z7&0zP7lmRMBx0A0Noeix+)NrIg)R03yD$e)mXk< zAekymbVJF*IuVw_av3;`K8laAiXlxw#D6X;@c&#a$wK-FZ}w~ ztAV{9%Tur8Uj;5b^qx=Dx()zv;Mi*c+zMX)P0fB<0Z*pEuhz#GEr=(Zt%okZJ`V4V zN52n&*UBx=rBmI<{KLb;uP#$ycTCBH*o5?Ps2JV)_B7@9F7Ov_ z>lWu@N3HA9=Q5qc{h>bl{+~Q#>f@<8C8|^pY^d;?dVGb3SgO)_Vevay`Bw+C!S0O@ z=Ovx4x;M**nV$c1uJkX6Z|2A4o&UM58NTGnDX^t8^Je=Ma2P5gS`x0I*xlh-iG~+4 z-g2iwokbcP|rkxf+3oH{% zOc3YT7p^W#OQEFxR#vFMCd?2nCSS7kZYUi*OC2xdIgfu4P{J6ej!q9o4F57Ko=SB4 z5kSPnCCd(51d-~-8_ek&YFM3a2RD& zc|OAib4(pL`EqIuLylFI>OkNj3mq=~owi7#DLkS$P2sb$FaYE9Jr zsAZUUwzfLh(`b8`%<-(wQlpvoB8mQ{HeT^*Hb|amNVN(Fnsms=?s!-iwbAoNpy-pT z!xvbjxTfv+*8Angzy0KozwZ~-TK(=R(WmI6*g`5Q=Qv>oL||e&GiQ`c{^150gn`Nw zg>dnzVgaTT+%xDlAR!g$dgtOM2$dAeQ?YG}Uq1kWXhztJoHWq>?DdE2gXFx2aOjHT zqi16ps2VSS=R1nl0vn$Vkn$UY^rsor6MswAe}Ykap!bB7a6`rZH9vK)Fyy#wF=-_L zv*f-l3RBn^1+#rVi7>J^W6fDUCA~2hmiahmx9dLd{HPPDa^X7pRFHnx(czmHA>QJ7 zV|I+BMsQ?HBwKYeEACYFYdj&b@?n=J@B(j>zWl`lmx5FX1XboA0&4RbJsEnRc`lBi64!+{Pi1q$|XtCBlLzqGj)Snnv!zsktOYj>@Pi%95hB zO^m*9S~stm+-htd6jQQbrITbb@_k`VZ$X-U$sz)pews()mHouaQm{T?s>`{ufnfDo z6&=v`te+5z^u4(WkC&VAm!cawD3Vm8@O+mR?WY9yM|2C*AH2{$$Zjj$TXIwymncwk z*W3A}`w&m(>sZ&BL-fmh1k6?T-!FbUK9^n}T3gSHTc@#%17M8SX4k{gd-C-ZSdugF z4{+MvgX1&fqzjJJd5^gMW$tfPm(LgA$8D+Zf%2q0e-|F1y&zn6yd z-SP;K<_PSyt!+w3^iB*Ky0W6lcQuD;gt8)XvxZ=4@!(Qpr81@kd9)dpg^sjRn0bUn zmHx6Jr7-*p0Lt&~czuY<5tLNsFB8EF^S7lXsa8(;8OczL+a36v)vijdwHCplUi0|d zcPg6a4Jjv832(N|v?g7&ZH9&FZpwpy1jIe}5Da75>$q_qWG8w^6qv8;oa&`q_ebCM z91v4g27`X9Gp4ROi;(`LXKk)b=hp21N)R=b|y{@fXA8 z+MZ0#M6F*mVnkjgDveG^T9qwz04xPhB+;W52>}I*s_8W*&CAO1Cnm{XcMArCV5sxI zdzu>Q>S!ji=UY^bqYizf^HHXYv&Pgt_>!b~H$|*E=4R$c)G!Bzf+!8IK?TpEqH+NZ zaB4OoYf?mwq9P3foP-)Z41dyb`2luGcftX@8l!(+;SiX;nc$9{Fr9r2U%h&F?eS^9 zW}EB$PQe&FGo(*`p#lV*L?CK4xWM4eC-T)(t=Q#l&#+*9Tipca9)L5X z_-P_iQLHimn!l;FR>En#j>X73qKoqq&&Our#wg?;>Y<)L|wt#0lzQ- z+2jCnVpJbLWjqlWPqS|cSCs9BG#pH;!-ODQ<<*{3&O{`u6j?5v!0uq(}tUKA&C& zaop4(K~D0ctayJ=>(E3W zncxg9)10QT38P7|LbqsXPlf(2&3Go}ZGyfRCu;K(`>O#O$V8+2o1JtB5U8Bn7LwJB zZN7!@j5|KZdQLU|7qMC{E)=IC@?6ogUvufHfzjBuj zH3vwIh_#5Qf_G_U)2+l2`;OE|+F<@ocrUl@|0eu+N|2F@V*~)eliiDpuhjw%wb?gd zBl<(A-(QlC&gfT&-(d55_D#anYn$KWWt1BKElald%X#z1zd?_Ld$4BmJmr)-c>Cos zF4=p?&3i~@^CqeJ^=zthdzJ{yE#B&I*c}{twv%f{V~2A8?_0b7vyu9JzkPW4LaTBIqkf0hUOQnY7 zCRZs)v0VGsD2GX{cKS*9SZp`!8-~=5gpbAm)5gq6n9 z@(L*il?iC!7b@XPw=tPsChn{1rWX{VJvpq5rv+o&&15#Y?cck;JA^94icfQQM3|@l zpqei9WtLoCjQs8xG?Z3T0VwOqcAU#y;jXy`Q!LaCy_Af0hyWC z+oGo_Lc(Mo9)4bw{tK7IL?6qVc_N#OxHuQW+o$wK@jFw$qe>3MPru6oW=3I+gQ-o6 zH7N%q0i zoH3M|qQfJ;ih$Qla_6NsRq+DDb}w4_GJ@;b)#egr8{NoxVVJ%+3mE_W)<5UmN+A1r z4nA`tL=_~-KLm*{iZ1kH>f)**8-W>&kNjDJJ%`_00wczTV9K<-@n?o_Jq)6-Trw0q z85aoWNQF{bS-F}tHTe;7pif`f;`tT<1&|xhcGDJP>1PpTT}eNNc4wV>U~qTj&Yv4- zxaP(yn{>1l2FxM^ZaNQH6^ay3hgf%IKF0#QFS`5AUolKh67a|J^WdqQbkUve3}bXV zSfn0@Op+a&)|U%zn2oUNS=phiLMjQr3`$59$XEZHmQ#o`Un~T;~&!5$r+~s*wK(7wlf-*%HI`T!=_)+Cwhz?L5zs_e(nP!f@ zwDX3zWM9qrRE9o^KRSXy_DqWu0ax~NCLXL%U9s^Bk|89ra(PfPRu-Qc2}H|lcmicv zu;gUSOQhX`ARvIW1Ja780f)@v3F(jstrYI=4O77!Y{UFvQQW*1WP6Av7Y5YtiP&%z z;X*SH!Z_^Y(F4gQ4skK0yy|@GsR(oQUcQA3=^4C>nEnTikQTKlHtHN59s6Q`G!qx544_zi3L706Q;*7JPv`|H%lEBJxaImCM~^H1&y z27L`_OJBdI``z04{(;kd2fI+^?EGHVw(hIk4x8KFeBu6#CYJvPy?$DsbrY`EZuru1 zmLC!YvH4$D1^=Ty+4^X2WRjJHcO>SeWlhm2C41f;Oc?t~c~w6Wr;$RK;4%pWgM8|6K9o@xQM8D+$#1e~&F zyNo60Cg&vt4_;@;@oo}g+GtXab`bZAGH{A5RWBeQW4Kg-iiaYY0F?v}>W2 zpUXZ-El(28ZR_Xmj7!B)Yl-q~B~Rgr3Jp^jqr{b#iwc4ji5egLkLITgKz{ ziG)l!fzn9wbPA(w^C351**_KWS&a)ffiaJkU#JE$wG?xF4NTOtgtL&}CDh)YRvwM{ z3ib6w{feTedEAg{iVHOdIcL%9t#Vw(m=NCCoy$pF+pFsZO-8Tj8s7o* z-L*$w;v%=N&fz;UX-e%Wl)Ia2Qoc+Eyi|oMDqpY`OmMTouVXw`C(y33$K93s8wN$1 zJW&*~DwZi0h<(cokaBB)^y2*B8b8jBdv`gW^B5nK|2dgU$QH2cv{5juot=Cd;2;;twNuuxy)l%6)K-SMG$ zqRe;atMAT++ZOVlH?Vruw)thy?llCQRlRk-TzG+%&#zHie|x=80lH74B;K>&lngxZ zsRRq0^&qb(^==0AZYcGT{$u|JcX3T!*BqVq9DcWzYnLV@Y}PPW|G9nopRcH8`_tVf zt0l|INKI*UK?G=7wx3jh9eXrHWc@JBOaP6TSVB<()tyMgPbGL2pnAHcG7vtV8T+be>9z#Dw}!Ti#?X{!A#+$h#Un!(`hq7=-=xI# z;Lf*7^H+y`ypnYq_JWGJ$#X56OF0yi1&lrQfQsBqNv3uyo7{&!65Et$ol9O*E$LT6 zdsb+(s)%GL3)(62soHC}(NsLNvhj#4?I1O&urOj%GDb6%1jY5cR3;+O~c!9jcslvJ$B?PgJgKb2!Lsf76bT*Ip zR4I90;JiX10#m)n&@6q_fyt7m9_YD7m}meHCf7cQ3+TyrQKB;0$ckd4Wmw8$iw~OU zjNhR9t+!r~aH2VC>ea>$@x%G|Q2tR|tc!EhZk&{RcPL@oLaZP<4a&LUEVcu+4lCEQ zlfUPPS>+O6<}X>i@>{JAzG4+K8^keV5iJGw1`F%3p9-{w3g|Ro_9;0{uqm~d(dWD~ zN+^J#RF7w&S`nP*?Znp%MLs~}j=#l72qFOYA}gzwR)nhlM}4IG^(KUzkN_64^WzJ4 z$-1pDW3IW1JI;CS*9a6-dG2c|(Kg<@dA)NnoEc+34@M{EnVyIJ`d!JuwpHpWW3$~l zM$dLL6j$S4v<=6fC0bBb7jocXJ--KfHkRzm#%x^%{n3w?Rlcj{$oBENDpB(|%LYE(nhH20ay^`-Yu|_-#xKrY znj+xgF^#@G$uw|LNZuw97!42krRBv18=dFT^ZEAE*C}0(KNfqv^aPa-4nwB(G3^HT zC5@i*bYIs9b}G>7x*YdU63fkA98H?L4BIk~rf^avlxrH|@N zt}f-flgjoDVzypjZkgD?I405#@9xiJ6D~sDUKO`7$NLkY40VGBPNR`SOqyPvZ0XYi zW0zuqg=l)WX0391mWo*av~^WJZHL5*AM5qMcMhY^f2J#cpEAL9hgRN{J!|%;FrGPGzABS zr8Dw+dy(a51$=`@EK5yL|;&lC`1Z%BiY-jW;-^aTD zf3x4Jvj+~o-f~9ZORsh%P*hqG>X2h{gNVjZvnNQ6Wvw&}ZxxDf+DLEcq~f?r>~|c7 z{f}RNs|@9jutki*4gVoM$+v1>VSPSgB?`4}Pib zQ*;gsqks*))qUR%9I76nF(-Lm5vskYGoM90fmzC#3d1(na|gj42%~`0+eLXY-C|;b zbHL|ZY4(d3Rs1iE>LFTs0*&~-s~$L4JvCMxwdg{AL%+4`jRq$mcixlTX7%Dpg5qZy zeKZzWl?V%JSJ#1t5{o--Bom5ENv>FeEXi0cn}E~_k}?g0*t0{~bQiv6x4QDSbYUzg zxzftOH1PxTUkjM^N^$6)0I)r)CP@I+`bh^TPzbCInmfjqO_fu`+(XtwiUo3(dT97Z z%HM+D99^5nSZ6l*0EYppi*b@|^Ve)&V3`}&Fz$%Qj(-PQpb@&|BUk+Hb6bCP4*(;310~Fh`oO`~)`7BtiAg zOwf<@9_?w*NNi>unzR2UC)M@T>=a|qw5MiQ$*OjvDuLF_w{q}(bb{cJ0~MU85Tb+< zaM*%CZRM6TtR{HMN5Xa7qOhfGAGp0r>@reMXf9GW&Z^_-YJR zGX#A5k}QFUB;MyA2+y?DN zaMz#4)}jza{m#x&GyaYwOwszYP+Cg|i?os`eSKO!%6CM)a4?7-O+}<)mahcq8I506 z8diZuB}Wje^>^4OF)`#F$TIvee3xs@o`KU|&MO5Ui?f8Vv{}p|vH0&r0PgAx+W9i- z{n&;-@~%VUtS}Ub--iPk#1;{fY!@I@m|?i@SKlmIydCM}g8)J$5y(cWDKzBmirtHO zfZSZF)+6RhcGMN}ed{h*nb4zS;Wg z-8Unu01omFLpimMY6xT0R+~<+bZf6=Bo@^wn%~xU28p%D{xKtq3t@s_Rtq(QT;sb$ z{KLsF4SP-~QnhoB3v>}Kx}A%K4rXjJIYgic5Ezk~NYvYp%rw%5K#55sON9G^CIh@O z4vS1Grwc$g+n7}KWT#LIwf-J-K#xQ&t$fylASj1fqJaH-dOJv;%s!?S)TAO8odX)4 z9A8gP=Rh?BPtCpJs6$w=fQqDLFFWF-M~574MNLciE@70U3d{;W_2>7s-ClHN`l4v+ z)>an!>QaUiGkaOv%+kn9zIis)-bo|$DkH$tu*DC-PVWULzza%#p_xA}wZZ%@7>}(~ zR9>s}hg1QU!MaSstl*|43Z#!pFX!g=O_YtVcJ7_%`|@UEc|o+`mk(5dXIBC*Ft4>F zA?(Vzy0O)4A#j$pAVs_ILM#CQSyubQ!6z_k7X<+*^-h<$K`u&_{Yp$xv%2ZZW-zbM zo(}?f+Nw|p8zR7UFvCkj(0H-c8=s_iyp|}NW5WnH#azrG5Tc0enQ>jiV{c(kLOi1J>iT`Hm$&XXHa} zqB_OlJ6Mja_L}a@H(!rfWk?+6>!hctIT6_1tRU1o|EpS;CEs!^Lewr5h~(pu@1yg00kMnXG@B<~G_?6LUn0N6s>f%|Qn7arK?|3Dd<~=FcS%NumMp4+TdAv7&`C$n}>W|8JX5UoCesKqp(1S6DI~7|F%m1 zBb}2RFxpwb_f;8VsZ=6JU3s3W$HIUz5U*(UP992__lW*UvGgQ|Ih+zXMK`ra0poKL zpT)dkTiw>JH(aAMVo<5(*!aL5YJ+x$?PmB4Ay7GKHL23X(MJ@+LkF^9D{))!H-^gN zCEHt$ImUQV7q|S0_0dix+*4$tiY{Jf78`B6U}W<7sw5GVQLR>ZOiL1Bl@P;%Rpr8N z&3eVQA}x8`07qhG7!5r^O&b;m6{!jD#_)G!g7j`FG139LxPeJbU9IudRhzDI_HE;FoVH#PZ&7)U;%xR_&mTzKg&G@rL2JyY)G*=WML}*FHX8 zBtui&v5Rtc$Btshmi^;ca5iK++nPx+#+aen(CN~4p2-Z%St49nK$I3FHz&iH7f=35{TW=>lh zf(tboQ5yYoqBI;iZjPu5a|x1ac#;nKHPxN5%g3Df=_fH{Smg74OA?TBzTBY!2o z)k{G|wymY%8@-#cS)W*ah_O1_=Wo{5Dvm#*{1y*d*TaqA1NkGQSJ*Or=H+~$omS6c zRXK4}^~Pf0#S4(FnV9z$^UaQB8=Vb^b(a4@y z!&FN}fC+mUn$;0hA6a|RA0%Fv_)cpsnTH*hxK8Jn86x4BB4Kr65lswDhEi38rw8gy zNZ{S-SNjuj*zoSEHGoU_JMHvmeA2fC%s0gxalZ!h2zDF)UisMG=7umixVm^r6$4Jgl}P(c86DMRukXF{UW&zHD6x%rOSdEPOkAe^M)_$z)YD*wk7^sqRU&` zq^~G^ zlkj7*Wl`pweYkmK=M2(PEE;}_0b|CF7hYtBp>p?NeB&R-4=71yD5gWYW zUH&7I@a_OVUAts<%9q0=TlOEHoV(^vEnRZu%!riGv76MP{H;&F^7V#!XjnGxUc2*? z0Phuws2wICMU8oc>KYq;ZUR7uUZ;$H= zpX+ydzZNpBBbO|!%Qc?kdQ!vN<>g4P9mFr}uewcBV?wlOeak5;1BJJ0k^AK8`h44}!R& zGZ`j!fWe#rdx9#)v5b;*&OTw2Erj$J4N76yZM5$r9(ER7j&^2!85DWKKx~uxpd!g4 zoTA|eh{ak^IWtQ&@mUc8IyxHHldhWjbV$S7vbfi8&1ap&;HWnS-3Ji+_YU$q4<-RV zZwEcgOsmR+(tDXtQ4yGm=&9jlAo#lM;N3FlQiuMgm+f!@%ScOSrAyOyna57$;D*R! zIa=O0x?c^auI^4{(YaTZqAMy?zv+j>18f*RVnF^Z83`esQB3toZ|Mdl1n_AiZQ!QxJl%`)V7^a$<8b-`xw!ap`HK$l6xn+%y{ zqQR8ou1FTn)O?v~`f95Ar~RAo_Xtc^k&ncyR_wrv)T#7)s@y#!k_fW3*E3B+>0>Ev zH`H?53!2=*pwk~qvntQ&#$9p)2N3Jg*=M7Fn}R|`@cCmYA{sy!SLToCaqWcC@D}DL zPlYlv;PiOH22fEKr8*I6038&Q!;0nr#&O}pg@J#lQ;ahM zW_`SE1ee+emQZ~?`HI}zHM>JKRu~-%on8|~69ph9)`}HooWfDfxZtwm9CFHG$aTAm zqz4~64U)!Hb+c?X3dt!v>4hfVCf-ab6AbcmR0lB(aCBPhD0p;jqKW>ti$_w)U1=fYNPbloDcc>#brvkLnYzQt?NiWKZ43bi-u5u70XY!O&r7gT=ffF0I=&$Z& zZF<jg=%V;$3ad-FP1&Vud zch}UK}R>-JChk+~qb;lAZmnz1F*0mZHU#ZN;Yfo&+P> z-H}*HQ&6L0uCJ}R+k}e6)Dmw1ch?OSqt8nAJSAT_bTz5>Dn%o7!mw5Hzfa7nEM;e@ z#c;Z?OK@%pWKnz9Hb(I-@qZm#3L+H zLc$)fcTD2Z=-W_4nlVdRG2@4Hlcm+p1{7(tt{y1pS#xB2=ut-6PPOqK4bP<9r$F3` zqFf#&sjtqx*{$H?WMp*i7)_)d6piI`z`wXS&&u~{s(dlI7HXURA=#s(pFxmi{RcwH z)9%H1&Zz#0XY=acWc))FTS12O$gor|ne@E5bbgs7aSH44Mahk3zd3RpSr#Xz=vDd6 zY|b^Yy9@Sr0ZOMxe-d-nEai@RP$cft041LNhQZ8I*tsh?)JAbTTq1Ij*(!txril7Hs~o;^v3T8u)-PCqKT{wdk9=>GTK)$`S=uz|MU8rF)mq}9FO z3*+0RzMd9>8eI=p+j5B&gj3?Dou(gbaw{$DsBKK{1k3#mXj>q+zk3PYc4^9~KB`sN zjOKP+1KN~T!{`_y)h0{SnhK_JRnh*S3kX ziH8?CY@Ky-MDU(<)QdzuTQv-%ofSrT0OoqyoWmS<|9i3g|NK&;%Cw+aujGD2-;0m&2aTo>$yCWi-1>ck2jw~0tJD7Gf zx1sDD>#jv8^sWu1W-#$6%E!AVO!iQWMSFsuunL~_M6DX6JBn{>c*G}CUpfk4E z@1%T*{b5oxm_R+jmSwzh?9$ZP4r(XfIaebSrHGZoWMJbWu%A=L<^t6wRT;WUVP9Y* z#mgcnFSigcrJ#6O8on!d+b0VzZtT1nY#|6kP_xUnJ47NANnnYPN!pS?tz6=l{w_@I zS3vC>fWj=2nst${sKLaDNk(SCq?}jl`1n>)kSsP)K2#n3ZP3Ekc50Q64g}R_;lB1Ro6*G&If^H84#29F-nV%O$gITd$iD(|u8-Fx% z^460}Ur{fbeM*8V!HlP|Wm}39>yt_dIr<8Vf*;j@J680lqFdr%fG6uVjx!ExJRZ-lvjyO$<$5>9S5Q*MNP*!=6{4caR$0bH)T9aNCG&5fOodv_ z0$nBR8y`D5*HuaG-k5%Hdx4!R*FiBNc1|P9+F{(KmwtZ#p@}27_=?GfpWAU}lR2?& zOVRwgBRvkoc38?yJVg~(Ps;x;tCS&-LXdB?J3dZEKHpcSk5CVuPP>+tn`d&-Z(Z{! zwrAY^BmVd%qV1?o)zjXk08>lNZ3&qQJ8)$+vp{EH1Ejm`P|sVRb~M?%qPAc(>=!9ZfhScjFxMA@q1ayT9S>?xIZO3q@{)z^a{ zJCr9k=i8qG0vAp<%L^enY8@Lj6Ie~6I4!8cza&T)_;7urpw^H;$QOyN$kMBh1@*Zz zNM5P<7K6OG9(CA|gJ9Hn5bG}z<;X+gS(RajC{~X*-WmPDz)SB4;M=9iGe)8irWTSWHsFu2}9! z`-OBMDiKhnn%wp`t~;J$@)GTk!~*_gq8`D%+E06GaN^m&Fz3eciRAFlvKJQ1 zyN}tj<6E+#IMOVlXXYR&WG1v&+T|ych69%W-R*;@%~Gzov##>zz6=W~BKP%OwLp%K zPHtuuWe&Ok+nO6H!k~Kc&7}Lp<73nhJb61$r6#wFISQo2;#M1&W+|IiV(A7|6{$K6Lz=9nOas_b>hG2Rh>1u z2DjtODm;(68x>QoIh6~G+l@V|!`I!k^@h1MrFLd0>X!QF9m^t#(l1W@i<(Y$m1+_p zo_B=(6oRnzCr>A}9y;yg@|a)I<9JOZGuwSTBOC5$ir{~TJ_p445Q8$!8;L~a+{>C0 z0Z_TwyE8~LINXGyjrxcPcD&z+O?Z`8+Q?|2Ne_aIrw8>ITqItrvGMH^WH9X2ch+>W zg$P+pj-(whr$J}j?AWVIptJ8jfJQ4IQ0MBaO{5R|Vs-t_y+2UV?08DS@wW06DTIt6 zNk3R&_8;y|Hj~-=U+2bgc_%5|@bfNx&{v~CDSnwY{V3!>S z1_XI)?_npqNqGt-0#>hpseYLy;=mZXAu8QFLm`UfH^x<^*)>}t&{r>4RZpLh7W_g| z&C}nrQ1ffzeC33jc*!N390Ff9P#HOdX6k}@p|;vmjQ`tl7nvch{>Srat1Hvk?Yz3O z|G_sSu&>}y{^$sz#;6l)Hi!cs`X9hf?JS$DfAURBUs5WxDs{5V*M@U3Qm0cF2pE_! zTKgY0n!Gp4PA_3-nSjMB1qbUB`msv72x0Bvks}R^R*|9USeRoCp+!xO-P-mXjZSa8?Dfjnct~YC&>1$2A>~D! zfA8j2sRrQ;$%z{rv|>w`Y)z0zO=VP0DDkxP_7LT%Tj}_#*L&Bpu`=a*Y65C2s!v%H z3!(#Iv^|avwvbSU*_Aeo;6&8A@F2t3G1VmG#7RO=CQXpe#lJg;d3IQqYSlP50)gLv z*?i;viWCSxF6TXmX-2Hg$pN!6pp*(d3t4VL=7b&#m|v&cI0J$cQEYv)FyyoJ#cW}K z^w~(E_4%ObLppH@$Gm8j7=<}b+#IxG1<6>PV5Be!-m;9t--unFB%6R^R81Rx*Meq* zeU@he4$l26@}k4Eh6VVsSnQ|MXe76P&zT*|Z7zGimur-b$snYW9;PBnV^5{suI+rsNV!%K$7J&ea@=d1boa2-P zmeIf?7uh0$$0xKXgQUQ*gDn!BUZ_*=v3PwyhG`_WXWFgw-l!#FoMSsrD3B?3!FEjT zXoxYJ;jcaAjk}@CLQrcXPR7^c^a^4iAOI_~L$u`Aaq~rw9s0m!$3?4=SdiX8dle~( z^IwDIbv=E=GrfGDvI*}cuS}gD8F}M0JeK%PpIN`!?{Q4)gN%&E;~=z4g``%*qa4IZ z+Q9fGXGdx`G&oUw>-q>-K(T@o#KrTu8_ylWt+_wo5y38AFRCJ5`Y+xCz+1H=Ti;h_ z=?dl`g#~tye?oAM#-x^F8>fxI$`f(c7IH$t)Ahr{(I&`qFNLHzeBu0W`#Vv z-oU+8QTI7GAC}5q$)U3diJJ%MRc&`>Rn>o?7r1Dy&o1_ga!w__+$37s5+qV6eWsw@CcHbF$kZnH3_b{8W(3 z-=Lp9F)11oL5f`V>|0he2|Bum- z6_aR8{+KL-2Wk*kYIYhq4F)=%{QPSBn#oA8zcZY>ur8uJU=>ECm?=2m9mVstS4fPS zpOq)V0Q>z^CSk=v>pBQ|NoBMLy*KOkq77oc0wjz*>bw2;H7f_lR0Nvm0CZVuA_g^u zCN2h{Xj)X$lC+4f8&}ffIR=VPP*G_Ixfr=03^Xy%q?A6U$l0N&S80Q88wJC+tSKy% z0deSbS^#>6K6^6GPhJIeE>MQC5 zvE+cf>B9|)oU*cm5tO4sU;FsW2(vcY@uCD%QMGx7`_JW-EiPMQC-dtaO{~9%2!Q1!h+8Iw?U%bz&55wz&k{*jASL%%h9N}n^H>)$FRB|Yd z;mDiR`%=z(!?};Jj`kRU&5;V7og2~_%0}zS`Xp#Dm4oAx83%qqr^&H;-R39@S_~_z zP)N$^1&ifQ8WS3EAc}5{FG0-{Lf@*Ssj8~nD3HZ%MD46#w&{)_Ve&A1WbqiajoN-- zhmH60Yv9Q-6XZ@bVw8RV-%_?|RlNE`5;M0KH!+dd@g(uX8L|kmVxNI)|KLU!zPU5! zY8;rFFC}(!JBdXR;-WK1+G?ZrOJ|SXoPHj@*;Tr%CmU~ZWKw;sV@Cl-g(G{cnPXCk zltmuG-3a9x3D=7WH1C58)1521^o3STZPz7HsR8^z6A?ZMJ)rTs!;6 z43yhaqDjSoo$XkD1I}_>CoftZPSP;|w+Rm+wlUqr!(NLtlCs>a>dF`p$Li$lC)gy% zR&W9WsxAj3%PFU!XrND4>k+()ZHjRmq|hmFPr97j@RJ5tOumz)Jn@#pl`UNfv@Phd ztlpa5RA5-KcKM>ghG9|wVjZja+=FEQPRx*6c9E34y4!`@))*1hqS<>-)8FmJlnHR= z-~aaJe6v4(20EX#)`&oPM%$XH5@GF+&eXL#K%x13$ZY9oF5tY57&3zdPAZ4sC$jk` zwbhsimRhdxr3(if(?T6RPPYWR?cdwrXCL-wU9efQR%>!}3w&D>XNAEGh-oP;Lg3BLmWt-U-tTY?crN5nT7Qy zPs&S$x%e)AG3>)}hd9l0xH zCmA7r^~5#P`Q>jmnl*a|Y})dTpOsOIaj@~ZN%S$a8dgHK*r$}t`*mp8jj&Ngr?jX7 z28RZfV<57`^luk4%qE8sYEXt$_T`2X;}S8pn!qMHJ@}s_Qwaq=7pthAzw9PjbC0~y z)N@Ks6pDU+)3PJ&?`g;RMoInEB`i{hbjkBOnPQkZ1s4TE^K4Ek0DqU26k@((-r_qy ziNtKPKxcR&m*(cUBfjd4P1fOFeJW)E#46Z3r+E*!x0NN}&M!-kaYYwvPL(a?NRPJm zd%Mnq-=+w`GdUBBOI4BVv`k}OAT!FDO)b>Y>zW+#(LZgNZ`W*=$IHp^*`L3upTyjGRfNJf% zPP|@dVUNRl7Srok5)ef zSvyY?BM;s2v%|&RAabwi>_cmPm^MANFSinzFkY_Ok*vK~3t8xT^prr@O)c_-kFT{+ zR*Y@^y5E$w2_f;-3WOtO;~mJx)Dm1PEy|l0XLR;2$+%33Iu5`+>lcGuQfguupReNO zq;01X>8SCUj%5#Rq-!&o0Oy=5mid|iP5t;k@Rfxp#~1XXir)^|Jj^{V%C z@5|>?in7r2Z)~F{t6%=R?MH?%0I7JZSZR3cL)~8j&H{Zt8U(%Me-4Fgu63UeOvCm!KD)85mS~A8w z9K$9ssD`MeN+^~)jNS6KVn z6t|lqTpjH#TXl!b7j1d!>ai}yX67WRn&@I{S!=J9bQu{UW!GaDzO~{0u6EwDXzm2k zRi9bvuGHXAwvd3kD6>5n^o+&q>1vyaU-(Q^T@Phmna!W~X=Z=23J!ox_Fgcpr=nPhthWQwOPv(e`g0ki%=_1 zFNbitt5wa6D9hyvL20X1O*E>8M6WfmAxl5EZ(_EiwxEV2S#-R!N;taOeA=NgK%=GM zZ<+&b+LRrMrj^^-^}8UGwn8nfT2tmEEIlafM^=lV=+Fux1RQke5enS;b_77Y+CBGZ zuWQ^AAvP82CZMkYSJbhlk8@^4&z@W;jsu1TNPipN2B{9_X3vnjDQ5EfzWj5m9~O zVa9E8^tKl(!HPv}y3*R%z$61L$HPmpnwfLzXv*`F=alDdLB4!td-Pu%ZL1p`3x*OR zI*`};5@GWY(#Cz;6=E3bPIaXcX{Z$*RLIi) z1v9x;WvI2y2DFc;>+JDzt;p9yj*%A|O6I2X`)EJdH(}}Nal47M#vD~(2{HIAD2rY| zv(}|sh*!LlW%eq10Cn#3uHU#x7;po>i~ymyXRwFAy~*jvE!{MbQ;-wMR45s-7E!9` z_3)4OHN8Uk@#y0m1P*UqXp{Nh&%l3qo5*;5e(e2Z@qd|1_-}{6@2O$H<~^<`}O?nb$|70hW_E&JFO9LnsHkD zN#YoAlCZb6_yIfrzcdm};EJ@+ZIV;qg&mlhdb#xh#v$KR{d&G0?0vky182xc4*+o6 zi*r*^0*}I<8(S~^p8n4(-~l$mziDELF8p@=UxYmewtMNq&kmu$x?ds*a#Map6UtBU zB!JNV#Bf&B^e|W~hciV$H5JA|)?v9s&DhcM*x0D4Tcv}QhEjgC;8{Aj1X~VnAc+D) z5{kB11x@mV^e<3v1acM~$7k3~HBF=$}Q1Lu> z8&NIT}vG@YkccC4$ceOR82xT)rQALYi!cR%?YoCz;6$Cbd|IW)U;uZ zU|p3wj9Ak_dVYwp=46KJx_I$2aq{q)+S2$%Kh7W{V(%b^3JF`Fy@e^Z4pJSywP}O1 z+@eXCe&=7`c*?t{V=~f#>GDA)MO^Qy`TkoVI{1Ss@^|)KHjC;Mjs2RX1w!`T&RJa- z*cX)1=~DH+V;aNTTM7G@Z^(6!_YR=_ljZBc(^_045pE0Q#D!(b^4^{4MDxKGHM`p_ zaPCHx+Knt`11!l>mbwmWtNZc)?V8cgdR?a?-|W$Itvku8CT&_s0A zWTM1zMomJflo&(yM7O-9Umw>rkkBZ7gAuz0@Xp(g=_fqUQ9f+Xah6x`;AWF%5Iy|R z8?PhWAaHEd`%Mj148p`S$$e)lC@PyB&#;h{sz2Q)qs-TxL|fv!(?N`?h}rLjrYqj} z1m_+b$)dVY9E7BGG9ObZ%u@_|^3?2hG$fE|@~4sLf3i+9si&*gK$j<8I{p(%0S)QP z(O=R@mNIDlcAbVj!I-f3vFYZ0KEC!?@=SQMon2qYqJBYwmwuur!WV!P{yF;f1m$YX z20iY=c?eU4HIwLQ*u1yi#|0bCFBx&|7xgjD2Tll~4Z?>;v+n7^ zoxVdkb%rj}`8b-oD$}VUzXQdXD?Mq%AxxXE_H7t7M}8;M^D2HQHFOi`_c(vK@bv8} zP}yY`5uMT)F9@}kwR{45ov`0~@aV3)I!o}&62H~5404zb^GDV@y&~^~C3;J#u|yk7 zGuhE|vBh_?grgCQa%8At>$7iEtqDW&4w`yt{suA5?81}+~k(Dqj)-g^PGmeH3fCP*Bp{nLg z6^-I3rHT}#ECUEsKeVPF$6RRyEU{uMmiowiGQlA7BV5T~KfI!ajio6T>)<)e%?4hH zn(bQsm%InXIh~KKnyt_Gt zA73s4zrL7hc0z!)ng7cYw4wC?R%BqGvX;6I^CQV#uBC zATa3}E**hy1k=WjG)Sz9DN#6bP{Jn|CYX>Lb_VNg(J-(@NFCUdvjS;`YM5SQ4m5&V zJk?LO!D-{C>MF2uB}dA#uv}$|(z?Na$Sx-fe5ONn7&W^0aMiA=@9Z6i)Wq&B0g`>x zP>QhBVvhxW zGqYZW$Tjxf6%4bCMwo(sZg-1idhVB-gbCM7hAzMMagFe}FJ&hTICm@CEQTc)I+ZJ` zP!n@SaPjNvUoA&UW2LKl`v=CA6gbHb6IdR5#5kQ0-MNS8$ zfY!)*XWM*aAXUb!8-uf;CK48DZS!2HIF^FK0&l%w`HNId4l}81ejquk7C3R&#TZ)w zr(YEAUplFJ#;C?lXb{t8*5VToa5nsKM!k_9g<%FGAs?S#A+_AVNL^~vpxatYUuMO)xhz+x7J zX$+83Fi^_q!c6Hm0L7_{H(&^%@M!WO&_xsgUn#^|Rg%Q$Q^97Zmi%)pd%pdCh*W5_ z^^6(qT((@BVZ7y>ucNEp4(DEs}JB<2AVGd@~cyDxSkzXWW%*MdrHdVl(Eq^JFs&Q~jfmQRXc z#YKX}JPG+msp4K)lwAyCN@j_v5))I#s!`EjwKx=GJ5xYuz+G3o2tZep5Lo|S*E$O= zhC9Dc-%$uzu9;R41gB>4tpL$gB1~=FmcdZ!2N%{Hrz`{+oX&lfeju#ldc*S%L8KFX z64gP*c{kD`tH!(=AWpGd3CRgh5^ z*u5rX((tLiL*Kc0^z_BT@#=}Cl*w{Yce@XwSmC!~`tYOS?|PQIDogDhf7tiu5Tjsd zhR?<1pA@RQ+LC3Zyf;z z7|HMD3Jj7zIB}UyWV^*>PLoDXtdB~dO~+wMH0voU^ondk)}RMC?Orme2RG?aB~ObI zG8cchbQBNR%(w)=XEfO{imB3^T#oEH*Z;McDNil8rZ2*=xorA@O9VBq_M>T$PfszF z6nZvi_hhBIS*i^v>1BJno~n62nQN0(lS3*qkI?8xRJ3{UXAlEd55vUdn$E(s?fZHP z1PjhhP$YCRXkTr+mxj{`LjS+`$2%(UO0t$60sz42|`cO_uonDd_*MXz-JAv;S zYKMbc6B;M2p9g!DAdJG|Nsi-Iqxta!`^6a?|x&h zp6uN6klD^7AlNuGZ-tk|#L~UqqFlaN*P)(I&mG;F`LdYVVn*#=MS@OuIoIMs6LFL? z@`l_X;RnsH!yHADMcDg?Cw2nzr7?2y5QHq5F*gKsMOG;tJxfY~=WC?|GE^b81-+;+ zm1)Jks6=uqYK&n7^vdW=FnyNK_ulQ^m^a;a!M>(>(e_X=pDg!K;r3t26Z!)WcgA)Y zFj(~ac1)WH`%}*N_%Vq9M~CkaYkZ1=Kzm^!$!)<%31Kik2I*R$4Jmg~R6HD0F70xy z>mH1#3zl}hw^$x{z7AB5%$&}oM`e~kVU|D$;4ZwWdcM3A#bbYcP5Z@p+duc^L5R$y zy{~?+ycH{8vvcCMlRJkC`rd1q>mg@vPqc}w{o`G+=l#=2DB$k3_w&Lj;0^>vA%7IJ z2tI&AvjF8)hO_>bL)MWrzb!47QCql-%pE=H9&ZM zzJAVvM@;$Eb1o0~mQ?x0@0#bA*KV}aq0HN_j|RWTUdCGg1mO=zmHmmUBj~{NCBqY= zcel68KzyEG$)4}<)E9-Hun@-@9|NEJ34wjW4?K{0`rm|~ThBs2<9m*TR6AlBnIkekca4bvnOqwmsl}hJJDhJ?gz5X>Q)m-S#C&wa2sg z`}qTx-h#RwjE)Ry2cMVTqS0Tj-mBl8Tm!@Ym+thhyfoM66qm=b>*;CF=7B5>;pv?gs!L7g!e zysKCdQDrtYr~Fm1z{pr62`tRY5FBcm{Ao&*GO~rAdA9WGstrYPXmk|?a;~2EFbKGa zcB5VuNV65e(iZt;-p4yH_c6ZbZ|io=tkPUwsIJJhCU8`R$WF#%=Y>JZCiR$lj2uBJ zZnMkg_=X1GKyJvt6o@(V;+|y_cr`iJE&+1A&ov?2ups2nE$dVk0#9Z&=ECTz2{#MO zM9cOnCNZ_BsNccdqj}z}fd-;O;0-ZZ9Fe|4c9#V znk1VY=dEOAy^6$vr_D#Ix%!EL{KEW9uG-0C1mM9GLkNomMRw|i#SxgIH2v!XB9qS) z!$XZXp8JHCrivHP%Y;2f{WW3XXl!S`W9LY$+o7eixhg+y6&o?G@sUdK9goJU)R>I3 zzuXKN#LV5x>ENOQ*K5I&=1yKi0KYO@zW{FAfwaE`WLs2`tDdtoFxj(F+G!i+v)U^~ zdBx0QENoPd%avjIl*FPIe4wB1OcsO9sG0{2#Qm2&NIB*-Oq|GbYx_woA9~=-uZlL09i*GT40?Y!Y>89`2ifX2MPkpWjZv55uBp!>=TJKUS!M82`MfI0 zG)W!~#WFaeWfgL=ZXQ11BAh=X5-uPrsM*v}$H*;its=2AyB~BSVv>u*NtKl@dk`0Y zKJ7oOw`OV{h_o2}Qp{Ro*I{E=e5Re+T7hKSC1*5O!PXh^UzOwb<*Agke*$9N-kHa` z#^pourp|UTce62azZK-c^iL~j8+SfylsVwaUXFCY9UOb^2Fl}%ltf1oGrLexTic;B z(ELLGZqg+Fv~$Tdx1VFF#kuZ>P);#n0*YK-1w@n_(b>>wBYJ8(bMRDaO-zh~#)(ZZ z!&rYzOx!7BA^Xfpwzx)_lK|`=o*lFXTD0lB?;H+1>l#Ps5tMBNWWrJq#ziLb4c$#W zTwKCLB7;2{*^M%aNyI_DIAAzFMW6xtZy5K#yh2m*&O7L-=$Jejt zsWD+^@)h#WvJc8hxV(U zf5Ye-{#QA;wKscvk%Jt{BPm92yI`5$8~pD5KJJvy!LgZEyR;LPYO=Ee=89zEaC^vt ze39xj%3_=j^P$wpe&H_vE(zZdU(z`7!2>T~%t?A`u)ZyLDI#W@K9MXeI%@!fgW!0S` ziPf?g0h4VrVNcLPco9W)SV#?*oJ0YBvr!G_(-63aNe}uA;j3cta_2V{mqLEY3{B<> z&@`JsX;OMaePou>cq;jK!2J6})OCEfLC%nMg`pRR(?jT{u5J6StE=xKB)ZSj?mKxO zOm|F?lPxt}i@)|TFN%wMvH{=@jRhysB&e^?w$`v6A=bSRU_TI9nj)LEQR7g>qiDLY z=L@$#%rO5J2tM4={NM|pQ0iO>O29U@P(K`S?b5!X(fp4rE6OR|(N;)A7f#*fun0d2 zySO~sx2*{)VHFl~C=->8lP)nzwr zps_7v;h15ZIOYghLm1^IIWvzLFUE7*@stc}{o~@55bM~#2&6)uvYRa){xca8QK&|epJ?&o=4`zU8x0hQR?9Hw15{tp-&)#5UoVi1T$3sVfUJ;39-v4OEs)02Qv z&A+C4twfp;x&q^G1Ea}KpBgG=u3b$h(*k}9d-1NECXf~%I1whm52BrU_VPP9e3s{N zBF&%*a#5+MOO%AtPbWHr2v^fUo795hEP3$iiH3m(b?09U!tJ(NrBcylJv~=PY+Uax%tbrq+SWhT zdHpQKujdQ=F42<+H?BOhEIy~$wX9aXXj@U>xS*h>0rwTty+U=+$_}w}oEM%3hER*q z0m<2Xk>^KGD{!FSI)Y#O>oH^+ME}RR{KMq#S(= zNEs~I7Y)3~F>9jb2r;uZFB!M-kV)5JG< z=m6H+FDh!MAS3%|&{)wXc;h_&hBqZ%#)En9Rr3 zR^#pq2PglvwN1W{JMF-SC2$i^Y0u~D)<vLOIx;~2efMk6 zE}&2N&JzrkwClQSzS&LjdsusqMQ=U1Zr>Vc3?v8&JPe#$`t;s>UiJELJ=5!2j}6=r z|A_pQ?riJ-q z|FL)EedZIY%_!u59#dP&t#Z8&`HenbP5@8EfiEj8!oF`j0f#J~#}h|JZ}4B*UQ>GS zeqM7-3HffFZF${=gV6o%`{6gAHokPJcBdu8Q0#l`V?H z>;KHvewCI(n3fBsLZO7&Wp;LOgyY6^>Rp;~`;yCQRVH2U;z`Rz!JGt%AtdC*UIP%A z&}_5b88*z&YUkJM)A9#uey%t!T!2<1(stLB!qya4;&GL}n@aN5iu$!vF&^)R9r3sL z^)H`8*3!;1<5wMTy-C||b-b^g)IWM&0ZYH?RQ8Sjb0CL0G~5_>AaKs|{y8HuvS(oG z`*IP)|8*tuhKJ`N927feft7$Ohlrwh)5M)E>*V_f(q~P`uom_>RJ40FEc!u2*|6Cp z0Qk4Y3}&L_57vg?!A4E>Mgs1o;lz=xdp&}-yJn7D^!(HY6Q@yHPz>)5VNtiLL`2#C z<;fF;?2M&HdY*6DzNB)jO+>34&%P>>Z&{-o7nMLubd(v$9-`ZsXr4=1?j@cIEQ#@PZwBIQ0q;^4c3h;gC_tr@jiD8X-QZHFLHOh!ea#@qO z*aMi`pwYi&$Qyl$WrB>M7qqRWmZt|pV4FE_B9W+Nhw)ke=5T_fY$xi?csB-ZBbq}w z=u5)czsCZQR6FoY)ye_)s(A>U-My=NO1B+eKmBGd-ZxeeS|-rupl)F~Dg0IVLl~EYit3~9oe|A)ANJ|FuNn(^LD0SI^`m5DB$UZgH4ar{hv{_Dq z>EFJ3E0WN)oqymIO|AyWfh^%A!la@BjTR8Z(~AiYY=0G9o@J9j*Q)>?bQanLIW7(k zbWhj2Rh6N5fLF7{_byJBL$ox@fy*3TKKeC@V@$|Bih73R$#ceC54O`r`i0?%GAbAE zyBXg`N%luill#LoKa1Zo9#>PJO8M3aD5nwh-KLBMfnepfaI7X0~v5r1^_0^FxwXx*?n%ixZKvf~lIzTW|T0ds&bY(IZ;JrIGo zo10zZ))H9Eg8Guw`f2mzJI8ttPQmu8eQ|Vuuh%r+%XVpro|lE%!@xz|Up}W}kL!1T zFQ)!04503PStwPGAoV))+>Lu7YFdI`Pld3P#MsOPr)cJI^O@5UtX zy#ML;>M}6pwQ%8oopF`Bz3wb$b}vVUST`Pe-~I~wEeJ;b`lt*%==|~&e-QZDDg4kV z%rE`+Vf3jSV4M5-&39-nvU4c@0O0iz4zlD&Tmxv^+kWDl@)17`scySqCF+wbK#p!~5c?Cm-V@bs& zT7Ku8VBx3BtFnZAeu`9w-febwlKz^OQJ>%gIunCA!9aLLYEujKWNWy-)S8kT`S|Y~ zjVPGo{<<>D<}6PdZPp@1`=rVEW2O9BXkA*skf-;7616tyJi5>l8?|c#FChwfZP!kL zyv1~@uCB%Z2lwE&76jWM8yf@MsE@N5Qa;7QpLn)w`X&u&h=3jc5!D0kcVhyzFhEJO zTVh~)QVGvb>A#YZn4KViZ^-kz#`yFrgp|OMERrcPfnfW1sTBsom;6SBzs}}3cC9z= zix!+LS)JMmD|^E_ zwIlEE!o8Yj$)39=eEPisW_${*lSW{lb@AZNx#nZfX*~ZWpmFb}jU>SmY#ZR>2-Q;x z(Y34Q>Ug8}M}+9J?;m~AOkjq0`8M{mljX?i_o%(LAm^S9y;@koiH~QLw-?rPzAOb^ z5i}{~JZ15*25rqppZ>07Q1Kvi%gK4h(!Pe~niy|a*v8PP(0e0W@!X87xhY+bNl$xw zHet*r8TpLC@8w~rCYsvE*Dz>8UBP%;Hyrnnx=85UP&!~3a$9@*l5I0{ER(CjVaM|4 z#3m?GPfO!y(5}pX@&XYC=wNQm%8n>!jumyCvVARi!XhCAkeQeECxM{yzJ(T&q{)Pl z9E!q5{|F&}NotBp$_t}Ym4LR6HI9sm3qhSAXTJwr33l36KfKph{M$T2+i2~SEx6E8 zj@>xQZS>T<(9}Fy?A(0Rgp7#!KJAC5e;}NXM3VUppAJ3$#|z%)g?`I)vuQZqf+J~L zCj{W`cVtV^q6!3k<)oF-eFHoZI~+t%->JME++6*c`Bo+!x)E+r-8nrP1UyGvQb+~g zP#5knoV#tc4~;|thPvEnYIJOr5SuEw*4Y4XL$I|-+)xFvV-n@!vyj_~hQY}(oicn! z&?BbZsq<-VdV_e#{mb-auE2Yx#8PLq;>gKDTdts+o$3+V|3Djy8Ze1Ss#U<_KuSx8D{db2otQ)9!J(czSx8nRa1ge0xmJ7JZN>)Ov?Vsud#5eoICN{Fvlj+C zVMg`JPB-lvWQqQ$hGPKwr5DEKP4Ckm*NYkcgV!%_2Co|zHqn?60x_!gn$BDPj|PB# z*h;NxAFzeRb6!tUr!|){-ylaDVL*2&(u`T;jJnMkL|12{6S6z4DdlDJyE1lGh z9+4~X4|pG40z=soz(7C2$2dCYLV_W>0Qms}#Cor^hmk|+`)_qnJoWkX*>C^%ZO-XBWJYMp<{e9|xuec^Z zXQF2ed-of3dE3N$fe5SIB$?jZis21xV6ILNXrXt*qAISe+; z3_RL8(_*9`2>}bpQJKMU@~c#B|#!7D51*d{9P*>Sf~Jd>pWxZ{0ooxs*pH8voZAV3n6vK zcGz(&VbN{KgD;CaNJ(}{tTy$bM~$5y>;*(SsitxEi?L}!?wm~b1nigU?&HV<|I$kgFy zdH#!;gxW+y2T`&|ju+ZZ%Y^lzL>+b+sZ*+3VBYxZQTz}W<;+>t%Ozz`9xRSWvXZL+ z_BKM49`=A_O-a>zh4I7?#w*|sA5b~j*mf2ygMoym4H_djRCE;B?EHQQJ~R2+G)d79 z?#c63YO3lSJis^`R)XK6Ichl3-2s6+1K||czkf?4H(AdNka{kE4@*?b%FHZ-hvuXK zcfA6m>D#xN)%%bL5)*;q2mvdpYI5~8g@xOfU-UK8JO`yyS9LN>1~5XDMUB$+ptvk` zsrY)cbx<^z=!-N$2?(?(GV=+ch*Q`@=Hft-E08}V#P{fHc1V*#l=4w5*o&ae*N2K5 zX4!+EcY$eJ)v*XKA>YG}oT*0TH=0}a#x}Li_HDz**CNH#JhHjU$tj~OYv(3Q@=9Qe zN@QorN6Cjo6|mg}*)o69`%I|g@`kBs<{N1SMo6Ij$KS=y#-8Fnw#WZ_|-2x)80GAe&vY z&X^VxbLzoO9Fyd{u1uN`nB{w?$2o4Lc=r($mu(tI;lYLwi7@8Gqhr?|A1yvy7+3iX z1JW@;f+~sHZ(xc0KO|jsSd)$0-RPDP(h}0$EsRt;2hu${Bn9alt$=ic2%|+n8YG2L zO7}}kNh3&n55Ld@Vq7wX>(WgnjGr3pBF`F(v&wu zAK%#`e`Z^FcTyN(<9r^l_}9!ZQ)Og>1w`TPqd$?}O?3tgj=%joYWv(}KWher*!KWh z9Uu#T?G98`3Xoh{ftCr6OQ?hn5>-k^98>d zarXvf&Nar3dt*|6mL$JyiCu;zt^YPAl=(M5ZXR?o9r8CO7#1FP#JhxYfR)PXBLa1xVHKQ~}RP-hY9=H^oVxd`aP7(g1&`kY1t>j+!I zF|>6+mT*XY0zB+22PB~X@!ub$Dvxm`hjn=XO8??r7+PpO_&FvXmeZuE(uem14aaZ@ zt~yN*ERqP6MhmgxMcSP|#DOoddqUuPVeEkA+a3nEgkG)^Fp>Q?AfvVP;6+eQxR z{H$*0egV=3h~;P8U@g>r#$kxss>xatX6SM%c>?IJEAgef4WSEYGj2?&Z;@}OIc-eE zZsrUhpt=f|o&E)`}KRgPF@ za^*{DuYP-vxp77!CzUyUQ$V)P&H#a#mS%a)qcPyf^Xhk}$M09W>I)Syo{D?~-#@j# zAnaj_V#}!x5y&w{Ry+qQW>GvTOh{`)G%$WD$-C#qAvCkkS-LhPR5UYAqXR4Akzd@v z$S|P{pC3qyAYdJd3O@^d{;P+v(&pm!MbCEX(9-fGy^XR8JPaH+K8}3R{4e?QnL<5; zaUFd{spAYuEJ2@ex{shjG)5_Fq--g{bh@E>Bx)*pUt7~#(!WwxpcOT$K8$7?85r)$RQyNHcTmo0dpt{q|1~+vOtT+-PBpojEGvr!(n}0^ zQK|R3#waX&4L*9RoE_xQIGz))N%b|FWmS5({cOulr(swO%*Zc?gP2s*BU9o0A-p+C zEp?q+>0C8M)M&DMEcR5)VE1XbxQolet5EF^zV06IKkhp2yh4Tzf4kfxcbof@Qm~mq zKUp1p^Tqw%^+RX&LMtR-eDWpz*{FN47ZCLhB>J7Pv9Zy=T?2zMb8}6UHfaVzk*|T;l_PdpY4Jkzs*Of4QULm0 zDgMnB#jo{}t@Nvito}D0f0P667cZLPE!PDCjw)S`(_RE%gS!8gh@Oc5d6&Z7g#ltn z+OPeyeW&%Y?V&5t$A^%6j*8g6O`JFIss5ScpN##8=83VGInj69$^&oO9&*mZ{dN!O z!!DB7WkS;Qs+w_pU(i0g`!Kz~mW3^!{k121(%mZu@*MP*%*2%z0J?xI>E$nWBfQ_% z!c#RRaY4@lc8i_^l62rNx$|Pi1Ss}EoBH#Mwd?r2|L$rv1ZZ3bZGSqY4(fW-=&Q{; zZo;sii349K#|ms@-oj-j9$N43-D))~LxAdQ980Aj`#R1lhUkiy<{$ zL018J0d`_!SFEcbSRtBO?ED$%`>J!UOqI5|)_Hr?x1!fuX zoB*esuwqA-d`GMw_wZ20+cw5jM>xy~i-Kmx2y8|5o{H)No#a<;18z888N67N(h%^E zb+x2r{mzMj*MZzKETWKyT7u+lL1@p>J)K;O#O=6DzjN}F+8gN(sY3;Qh9$|Hmj=p7 zz;gAWTuXv)q=pEeS|W48=3fXr-zJQ+NqpwY8fKC)^a(T2v$d2-pHQv+7=2!w3!MsH$Rt0VGAhUGR%oMhrOwN3p7s1Dt?TNs0NB zBF^0edPLgZuJss_iDVxK$HvBH5r`%Z$HWI&x~$9JRVM{Vbh=ibgh9+c3o}|o*a{qh; zLs`&a5G6&A_v{M4KSCI&zA!>C3CPf>n9;`?pQqzX#c>20ns<;>4Jtp8JquT3{nxP1 z8##|lJ2BxCC&l%72iMrdW2$?gPd|maVLOn5IU@XRHYa5{Whhy-|FLXTTY=qM4YP~a z1jN(CoI<2v$SXYSQmB(dsH#JsV$tAKrF`uyeu6qBj>4LZIPY?};PxXfHvO8W5NRkEL4iytO(XRcuf6+8R zXp)Kfd2xyP{b@$U-eX=7prjg>Z410k)>VB;e^-o&|5ROFedWzyvM4U7jHR}ar52>o zw4HJMclq~#AGAZ1?V7IOQ^X4N<$V{_C3&f6^+j!Ui2ts^+&}WmeR)0eyFbUb&5OOV zOGA8Avi~?`9$deU9^Kq^<)5rKU4lFIJr^E?rPq8ecj?yN3V}dFbOl=xtEiWG_Spyb z?%!KuK;6je^Qw~LLfL+&u<9V_{hd2>V>hE^6!8dYtQO4y(6z<&u%Wr<4;Dbdb@gX3 zhYnD_6oiN_j7=sy>t`1w2CDtvcdK2lC+qfy zErShyOP5I}t-)*meZJ|qPmwoA$< z^`FweD6{;x2leQeAxHn4!Ii0}!o&yINvM`xerh-7XYLA-77s-B!Q;ZfF8q|||AOR& zr;$iqRXD4PexIF7HKJDV%NcWCFqzHyswzRl^{4O(Ii4TfHej7kPyc%+)Ij4zV$D#4 zpd>c+`--H5=rby$^r=Tj4I5^bTodGR$2!oS>)Pso)sP$&tmGm>`aXDd&i`3MINY?Z ziYQT{mWyOZ?m7W3ALC-ynytpWI3fykOh){&=YKY@$2p5(@v%WGGUy_p55(WKO;&q;4!NrZG?Ts#F<&2;FNieA6djjdQn8t@e)M_baX$$(4sBV zE*d5Yp#Al_pZTTK%tk?ofLD<&p_;Qh%leSD?Pq!@?jj6>qtMi*4zV$}q^NF`$D^iE5$$Me*K=%J8`cyKQ}iQKtlp-h^|DJRXH$= znTuI@m6G~E?{z)rL_K!-sz6Xh+Vu05gP&7yPThRT>+&5gsn0JWLosX57VYG$QTpF0 z*@TMd>X-VR8QvqZ&^+xFaiDmmxe^1rdeg1G>kT|PcCJG=-E+J-aR|8NCbi2wPOA^M z<~6Sm`3fB-OfO@AMITR9{pclhIe`cHCtBt$R$03AsGil0Zx z3(jJ3Lv{wD(l#hAPXnW8m--H(WflDjE82Su{dk2n;0Yd%;eDR$56F^;xt_$cvAOO; z7b*r49mePt>%CGH3lt8-h^=?Lf0b^Gk-8^g6;)96nf2-9EFO6snH> z>OUsht08=js!gf_@+A^z3Z5L=suEMBlXZn(jI7u+hHdFQC%UQfB=0|OSUgm(5)p5ABCdi#acWQ|i_04SKEV!+)n4wet?| zHk+RGy3*%g3{qbVW_(ZP%lnUws}sc4IdOlsW8vqs8#wQNcRj&JVG-mLy!d?NKN|Oy zQ)v6uII4S>h&0q&Ju5*`(^;&{1^>(2MFK3dHnaCtLEGKw~eHIbKC3F zt({!2u{d%r)B69y@p->pZ|6|(ntlV4D`?!lS!I~{W_kVsBx4l7YeXXhIJST^@K`e- zkQ`ksdj;8IdYo?JcD>(q?+ki7>TIqDn--Zh{WWz1+=do(uE%j*0+7g~I_fF-eDCA(9&xwe6?F4P%n~{^ReSftG^*9X@UYfTsE_aI$XUGYtb& zeiK0KdFx}JY`6eA#^aj+{QsQv1W(HW){W2gRz|^_0V)6}%0vRG#(8S#+${%RMu;SL z3++bI^MY@F*M{8f4-O3QcHN$a+Ht3hb%0tU~c1Om6Q2Bmq63J}G9y#BA$Iijx{)NloLLTto!qET*r@(U_jx3d{ z=5R`!?B;N*c`1oNkNLuR0I^QXWa7uv+lW)ZK~l5yw;p9(@zhpICpRQmE*vFm-= zUU9F-)LgMs1(1CZrXppytmHfoC{{&~pS`Z#(I%lHw&KIUK-U4Cm6*#~&)mMm)&A06 z7W=$|!^*6;uu0M>j$>NIT35T|py_4WlYa1MsNms1a(jIQ-{1H-T5p96AAGYLDoxpu zu?Ox4FYboGs*)j>!wM%>R;J>Iz_};H;HnFX^OE(1g7g9;4OmmE$gld~@>qW=#lhRv zNQYTDV^k@Ir$QTM67J*H`?bptKmNyL&pHo~7t^9^Bar38UoT+l#?2YKIO(#b@WW+j z?H6^D$+kR2?$6dVE3Y62{t@*hQ?m)S8U&};x?4IC{KGD5NoYB79+v|SloBl&Fd$_z zC_>7Ub0XOpm`d=km{M#=BKx3yyHIhAfo_@nBy*=u-1@WECLxL_`B{YCmLZRtQ`3a; z%NkOguU1GqjNbn08VRaPxLT7d7Y2isQ58; zi9JM%ouVlV(_mkvMdjByd$Xu8DafZOOL{{=p(q?E)TX18E6RQu{j&sm9CEtx%rssS zt&g1%TKn=fOh6@N>d)2Sb|O%%I%}Q_T_EE!OYmS}@4(pdk?OBP$%}rX2g_jf>GUlX{P8hBgUEd;U>{FLAmXJ!_rVgbCVWs=@ty(-1bNOHDOu!xXci> zz4y%7a&h5^$lM2PQ1l+*Q$3YpPI+{d)JF9IN)Z(jk>?hWFbKbzBdHXR?r`T%%AecP z?sK`-D;{mGmV;`G(Pgxv;(0yV)hQzTzVNo<#?t}15G?L517)EY3e3Nwr=977+^!ra ze1%+HrYp8MXc~{%;MEvRoj8_uD!R#EolIOGh>4bS6@QhY8z(T$QRg%!AIe)MssBrqpi#8@h+lPOs-kg2 zN132oxUqQrkadT$RydA$xySjEAX3vTO+ze#vL7XfeLp{QU5V1-rGK%ck@)|+!eexF zZOe8xP({l*=4F1Drmg^ZRRK_zpGY5f=f6Ah2SkGfKK#AI8Y>pd&AVu|g$}VUEx3rypwrfp~g!(4%-y zg)Pr}zq)zMw}i^%;yXpBM+rsXWW2fen8c20$lZmZna?zt{)VgjyG5Xh{M{DoYU!cb z9xn*_!IGg5^8reK2T;FXob-|Icv^t|rpjKY_7X`Q=oQ?MflPhp?N*}avoS!A%g$qi zNe$$YGN*HdHOl<_(VY*@7d!UN{x~f-!UvzdJ4kz?`FjX> z3c(iwqPN=00&&$+NTlRB=J>;viTf(BFkh`cv}nn+Y_E29$?v#c9rR1pT8IT-jX%Qz z>6ixZXtAgOpVOO{bl)C=y9SH=9)h~WPltLdk<^L*u{X^?(LO|iEIB!p6b*e0fC4Az zOyU8c*jXw9gd|r~J-Ji+I~zW#*3n^LsG>%qkVZl=9ujwsVZgkLBA4P7=#>)^Va?A` zQR58Wzqlb{)$g-ZcB*0K;w-{LKno*770b&~_FiMZ+0cV|2PY$`kXdqM;Hc17NKu)h z{n?Sex9X{lGdkUoX2}#rVf?Alj6!KWadY;)X^q^15>fOsw3uRX+1Iqx-2XndN^lit z`@x_fyRm#X2)RiMR|T$!>VvLr*3S@-j8c2M z{Nxdm?(@JsiTa#pc57uNqu1r8GBaAKZm0G$@858+v0(KJ8j-dcq)4fIKld0C z=tmcZLtC;vY}7$#Z^7drUM@Np9gFuNYR%&V_&I6V6Uz;Wz0{u-mwlQ^eibGb z(qKy$mxNgTk6B;`;{8^G?TP)1&^pand4}SNO00SV=yL;ResnYzVig#9Kv4>r!fxWl z0Bhd>cB)T;&Dp>=Jb=v0p`C)FC~tt)Hkt##nM?`^Oggrn{FL+syB7iZ1!XFI#PzGS zf)?5${2bxdp{On_5KiuYG9SoT7>nbJ-|-6xyQ*Uw$}kjx5a~>xAq{aZ)sp@ zrrwI9Ol5j{IAK;OzsfyLrg5#6u3-rKP)e<|N2ZjMg3n-E&=P0OJ>Y_}jZECCg&Gah zQX2}9^Pfx#6GL@UOMTQWK@5syfzA9v8kQ+jd+d#w>@%DZ>;kN8wxr)+e2_YKt$vxs zt#?AJ5_|#X3%0zt6Ffj--1GO;>2QJ1hX_ZL`HDh0K7q4OCJ&|u?5tu2&2z73DSY=Q z)cN9JTm%!)qI8q#0~;LP@F$;+#-iV;t5 z_sq}KynzF9!re=>-5h_nOth3*H8`F*RfHw9EL-C+URwwaa)E@N?YwanMZ76~#$1tV zU@aF$P$57t6pr_6H2QN0RcKPyS8}CfgYOY>5J5_`EF5p2zx7jhZ-aFIB|cAvUUNIBJ(eyC+uNwx)Fc4Jp;Iaap{}g5-x+P*FX~k(7^v{`7Anb zf#tzdVWK~t;t#+TKU}&$Y!99QQNSGyky_FxeaRuW8#Lekl4?oU!$-4$<-;9dx3hF+ ze1NsCc{TXow4ue}L*OH=?H6+8H9Yx4!8I&a>#<{L$Q%<9s&&4*qtgx$~kvISBROzgrX| zIS_KxvU9@)>{a`{Ph_PBb$s4?HZd+F%!>`q9peZmZ({>X6qctWuUQTc&_RS+MX#`2 z_7sn5cxZyO#8L~=*&6*@zRr_|G*zukISO`+G-%At1BRj~u{J)Mx9osS%79+&a^+tq zu=sw6p%2(5lDh4we|dO}I_&Z}bH%4f2y&di*dW~iy$1lqmf#)xq`O+uq-FQ6Rno~A zgW46ljJ!+0gmH2=(V8o%$I=pBEJ;a#L~`QgYJ2nf5IgJHS&P_N+f#yzm{phvTOE-) z%ohQS7|>T7V8CMNW9j!kW%in&*rdy%B9^*xNvdCeZL5*fuL~-NPr8FGGkP!@y2Fal z*guaZ>d;b>OmhfA#GWR>vza#l>M|VpeotKD8QXx~3xv*Ismi1xZh{8FNL{H^;+n;I z?De9Tme;fi=BP}f(Mz(z36?yu-=|-Mm6|C)!vg=_N7)+Q{8S(5X_f#HC@Ly1nRZy} zFKAB}&e7Rye9iC?%d;_RXDzB*1TsfP1Ib|`6*I++<%n_)aT5x{A?|mT*~O4z$@RG? zK&3=|w5aPZm@`5h(!~)S1&`x_#7l~H_VbGg)p7KaPzh`IT}F1Sk&7x}H9hY;#2y~i z@jUZt{+k%QsYMhnsR_7WQormNW)SUWA{G+V!#VI)X2PrasBulO&|`@lQlAv`h_rh} zEnHu?kz^nu+A;UxDi^R0X;K|$>5YB}+16@ATRh@>VJo!^x;vUajBXpX#}$wY$S$%v z)@(H?l|$bykrNOcB`Ga5HXs*Zu))GpRD^x}6w&d*n$CNu^$_LTj!D8k-b0`BD+8?m zgNp|R`iQ7g@?HQ`EY?nH0t?wm+;3cYmKJrWMhQl46JAa0rl73)5B}{NR_?df?1#4_ zZ6!MivC!SSE%{$Jz%^=TofD0NB4d?cWT{ME{Y#bmZz6%EJ1{GgA04Jp>a#y1+X#0J zsiK#+EW5^k%AMH-BHp9aQ+3;}fZx^EBa!MK5iq?H6v{k>Y5gN!87EVg2Yxrga(nh< z`%~J|O@`!uLJRTq{B19Hq)+6F;Ww3>nT(!UYuY;%eJFKx6e@S;L&UA(k#v&VtEyu7 zdtEgB2@H}CT$`bk-B1E0I(AW!sqcph50qgQu?gZ z!jO0~NlG~tc$wfVj;uHzq)Bv{|4WhLlFBN&U!g~M5xu)c+mcWCkXu2Ri#(L9+uw7? z-o;QM=dO>V4L*<2RY$##5zF3IRj7Rq$C$2k0*y{7qDTb>z+U87eF;T^@rubKwiRu>5i=bwF=uf`vk>LhqaMG5kStBt*wbsXYykZQ-W&ek9)40|QGK z9dqy(i1)2Hh4*0g53Cj7{qS zaP#@zKUE$Vln*bTNo)}UlQ|zqSP=QhV}ovQcVr8~XGO&p94fcp_DEnsMo&6Hb)H+Q zpt*N{I(Fs;6^JAhVf(F@vo;AtE-r5;${xJ+28rXUE0ANKENGHiEPP9TOeC_XrGvTw zdDN_u*qxJC``=$F-8mnMm%r`gzXMqU2-SH=H1XwXNC@b46Ckg$8+poO?EP?eHI9%N z6-Rne6>DS%c_p+YfP`cLh|KH9rxtJ55~GvTjIO|jwx-GdmENS@rG~BF0lGOEY9@jw z_Ncv(+rf~fQb)lnT&YE7C+iW4dMf&1cIEo%823Ctw@R3Nw>L@Wx3JZXeibt2mCmq! z+j;P%8r*%k_{XC=IOb2|PClc)$|j(8sOFU1-YpSxk4v;B>*6`tTo6g}c$H!fgXpMM z;DI4ZUo4$eRptr0(e%~H=0K&;=SlvN#HUtbP$g;HNv$8Ls$`JQcNIn{2bnSDagD>J z!?tmaxB@!l<#@rSZo@;z(%&bUFz6}W84-d<(P?MvvTQ*H4<57x7uV&MG z@k*uGLBCu{gvy8@D_hNyl{0J}m6=5w$2AxqY(Uf4ADPRwJ=mCtQ{!wZBp~nG;mVX6 z=d$~8z211}#Z2yM>mVPAD(gql3AaIaO4Jnf4BywmwJ~uL5Xg1%R$4qgPgi4FQ8-q4 zTAx@GHCNf_{YAZ+hpoC-KnXKo*n%KBc@Hee=eNr@nk7yqEZr7qeKplqC~m~;J7hlJ z3i4nyQLsX9{+=;|7Kc~pgvMHqQ>tAT1Oky`f{9@|-d!H%Mf%g26@FY zmnh>KP+#{o?V>+CTf&SPbsb?JuAZ}2Hx*vM_SNgVUkwd1qNnE6wYg3ESlsC>K* zaB|dipNlmr`@$>tvr$4iBQdEEB!Kri-a%%T(Wb-r{2TuLKB$b7N_oSwuj%SD=OMVa3bh6&SzyP4)1IU#9*4003A0qCEA zj(h~a9y#YAy9P}6G$u{=R9F`Vc@tyn^WCii+q17#gK|18rS=xN;II-`nr1zG33kl_ zlMqADvZ!q=;pn6)oOs0?${-J-H|65|&jt9=Ka^9Wfk~Mp6lwY=wX~zi5?>2Icd6dn zr#L z<2?cw65G?QZic=}I00FlR>iPZ)nR7Mm{x|V5$%iqG9T4X&19}nn(inVk@g&x$jm@8 zhdK=r1!D1*>d9AF+Q#Y8Ik;wb)@ErK+2>r@a4j6Ik15V``wscfX9&Rh8*8USa6z&6`L$YQ;E30IcmRXi;KwdOCvYusZ{p! zZAx*TQ3?%%JD^_O`;(PqdL@9?bZ&{1x>jY+P(pkFZvP}`SK*NfvE&DZj_|g*Jdy+l z&SN=ZfDQJ)mD$eA#_{0GhDQ(|Ku4|s4QJKAXbzJp?f-tN*H0R_?qTjwdQlO^cz&i& z7@J{clKd}{^zkCA^T?+bIIvp=rqb%iyVw68ic@%Hd9?hGGL}6Ay?aAAeD-#>&2E41 zEu<6FcDcq~e%W7t)Sv>mjS)~r0ekJdQRg|VXosW*_mUI9>gBMmm&l7Y?4j5+yB-+X z8wvZ$G&gz1(?^fS;5$FlrK_kK0`#P0fN534abWRIjBN!dmyK9LUAsyzgLk%b3~O%Z z8wxtGg#^C;c({5X7muGQBhyO(=2SrYv?>HhP6b}lzu^4%INfSh`40=zf4@KuqpTBb z?&^bUcUZ6PMPVXiG5%N+{3~@6;H;Lx11P?N%$)&-0yYCVjuPHnG)5nqD2L>;eOu}P z7&#J&%;X>zf|M(aEaWa%zUnW65&8C;@GJZEdK0|Xz$74nS~AOHd=hqycvFp?ox&Vz z9l;*K&H;8rB2p}C*O?#BOIR4Nx1)m)HBHN5YCz?4z}(9A#kN}-9c9G)+BzXZawg*SZ2eOh$dZ}acAHq991!u#pV@E@E~Pih z$@K|XefT`QBooq!?t9yg8Qd%$jRcM6eR5;D91a0F zBmbL0G5xdWzKp9$APJ`TMRw%d-0XW*2Bgj;YB0#F33mP6JVRW9)g86jglvd9pnc^6Ds&~( zXy@{ukYHR~Py&OjJikgTJ^noc>X@+W# z3K2#2_;`IFn98%!=`kuS1|rq;onffU&+4I}C|;0e=qo#){&wTHWh5ZU#scEH%$fLD zHHht@H~KKifnqrw-|i!iJ(Pf1EmrNP~P1x?u8gJfQIxv6E12k&}uNi<({50%5{WxptHA-gL`_T|EqmtXXtTt}M z!y9)Wm~*HUy$F9C2%}S13~Edzq6(YBSj_@Y`fCHGD>Wsy$lx-7wCVm_>%qGuLiFzQ zBl#=ZHlj76m%m{rmQAqy4RHDeSpw%z%LnmoO_%9@u4;nAiw}>du}|*To@7&G0MN)| zIrrD}jVUiey8k>_bjS_5oCoOYdD@q2UF;d~gHso?oHw+hBBC}-?p94Mm#GT}rVA-C zA~pu@PJ=r#R`%`7WtUryDhWCX)?D$F8-0C|2-@5Bh{rM-SFi+wO#|3VQ+d)|y+4RQ zGxv3yFK|t8=VWcY-qO|lN9Nx_&f_5qDD(q1FypVkZg8uvi0W3{{2mDG`s%u2ACbhT zlg}XH6dH<3g$Nb#XHdmEBsM%nkvQwsa$RcXT+na!SgMq5FDP*XbBgXdXF_7)#k(Mi zJpwYyhA3vHEM|z~+rr3A+u;M@iuIqPAl0awisE8RJVpnoLaboDj7F7KL~G42#e{wA zH%v1mjGzldN~jZmwSGjjC03Q@Tj&0_LRhK-> z%)iZSj`9G5yRUmOvg9)QpVbTSjGD3?Xh+-`(A}v_S-au6iB_-@MYAIi9EkF7eC$FH zT`Xw?E}E4k-V{zbnvanRCP}`=35ldjkrmxW1^c%G5-!h;w+;?9IMoci_nAgrnL+OL z(_?)z++SQHMw!D+5hd69W<838Jp_G5-{@9S!ao}%yx|8_SaN2w5t*ReBUj68%+`wk z#KYD8BMIMsk)anzNQU!e%jUmcG%K0>aSyaG9|kaG_$pbn%G4a#eJOGwyNj^G7T*7} zh8Iq8$Fu%*2GqS=b#4k`imyFWHX-?%(x z^LDKm|B!aJZ)x!Tk3QuW8Gfwt&IhR@B^;aDmZezYdQp@mPpTE*4g(0EDiw@5zh@+6 zaROOF_&R+{`_pFOT#6nS@KDRAAl&!ha&4*QM(S?Up{@^1>{!5o{~nW8O330*>rTSz zU2g>~l+hGQil_&r-GSd%icHsEPR;FZ&xDQwX3VOd%ecglROu~nKTa4WBr6OpMaVGd z`|Idjh$Ip zjl-j-HQzyI6==@!qF<8unV3jnuyT3rkDI@qlpUIz3vY2 ziyZaJ%fwLQTkh<}cAhz>iPf>-%#*#m00G`O&j{|zv|Hr@- zup)ls$sTRY(Ymc-=$ZgVD;L00A2sIy8)w!ANB8cf+Stx<#|i~(ny5el9V-CmC9p*p zL+d#Nz`}2~J{q=89|32e0RRC??>WTSVCGR$y)cCzfGUs;x!9YgdE0BMya5c9X6!05C=w5^#nop~(#53;M05v^hZIzO;KW zTWzw#zXB9)MF2$|0^wVN+$pY7p0I#Yq!dEcbG2M&cKvhwmRnZA^X}5VYKML6=8L z1zsjX5(a*b21kS-B$n6G%s5V-c8a)8nA4EB@RUsXiwZqU5=%7H&gIRUkD8OJ%Pq-a z#IQYw7?3|#wAG(VYc!9g5>n6Xp0C>05Y>4O(mt8(&g&#sho)NE`3qNoUTey6DKFA( zO~IkWUvew5!B_?UMTLH54Tnt|ilvF$0bobdOR6}cR4T+@G#l$~6b$%RYj{zKWU`Kt zFq4q2)mIc4AP!#yNl_z_5zJ@0NMsxWiQJQ)yze2F$FX`mXVpl+fQA+`kwC2YGbz=R z3?l&suhycWiOEJ^TMi%OZ#T(YsEkO!Z~{B_%(VxX@3o4CUTkbc=wH3-2(C?rr@mp* zoT(q;yZU#BG%U*KASPmE!;X+E@gtiOVRCMGApOV0e!a!Mn4HuEKCCl1@O0LeOPmi_wE%+El74 ztHgodh)wRf&MDG+=QO5kkIzffT+CAbYG8vts;xenu z|12Y1!SCD@9I^(yx5Z7#%5|_UX2| zXiO{l*=Gshoq3g`{V)rqg2=z(!1d(Q=derON=wnuL^_$JveA%Ys{)@9qpctA-ho5s z%+nR8m9iq1j^_nn+<0Sf8b#sfpHYmtnT8&JFK88K4;lRDL_sI}$({-AG|kles@hei#J6 z&yK4VDFJ~K0Q~g>^!<-i77zt^@~GDQoabxowY6W{b)W5A zS&4G#3C9e%-wBcFV6nLQnXz&WWObc?;`6ba1#-Whg519S7d`JL+yNV#TRg@ztTFXJ z>8C*NHnPw20bWdtajs*F$KC%C00H8B{sDc!{itmtN$Sxh-+8vC15j<61HJ+7=bbQE z(4n)%JHYg->G9qK$Swtb(?x)6JP`{y6MK}6CTPg_=>Ze{-Jg&LKp2YK^}XHytfuS! zW*LY(e0+762+<8K`}TX_ph5Nl@Opg*{06{--2j@w-(0{c0FW@o*M9uHx$Ewb{$?Tu zv<86Vw~uF8CSBPA{y)^rPl1YfDYhCUOnDDGse&g26eY_+G{KUjSg5;*uZPIXX6hjdzp={f=68Z-(mAA zma^q=N!DQtO5lm#oK?(k{GrDOqiT~j;T;txil^XPDSbrCJMVAy9}{B-0o5iTms!iQ z&zIPE2S+`sWH=(~9tFRd1+{PcxkRNhL?usTZzhv@&D;O(1GxFQzvPR`hrh`WZ&S;D z0Do_Q2DC#(Xr*Rxj7oMcs5c?@1fWuV(4W|mmHagWiX0NT0MBu~)wcs+es!i4UFY9B z21$&<(SiRXK>-#@TWBnS6HXL4)OQzbVRLF@$Fv7fm64LlyF>hvxTw#`efqPFq_!d| zIHhn)6%D0+K|kg?->4rI=Sd@OWQWV*DHDIXt%k|7Dn$g=<_JfLAfEFD@zA)aN~ewxhdaXytctvtmHN`6hjxA^^SmCj}HS57ydp#JXuxJV`7}y z|0&0?u2;z|f&Fu=gnfQqfzi8&et-QH3kIkVKPu1Ly|)I-_qnqvZCFp806NyF_{(0V zsHQvfK@g%0xl7$q#aBgPC3Xld#ky ze-_3%g!?M0f7Kz?h@Ug?yVkymA=5~RWD;1wCD9;DWv!Uw#CctA>4LYn(edum+-vM! zU}xc7!M_!*d;@Zr{-KJ_(z_$zK(g`D*o$r^(}utukC+@n;Vrv9K~jj>?<+pn%kdhw zVS#h0LqsY!4|A7to}1VlBH_8mEO@3Hhd}jN_&w3AW8I_K^zgxiWLV9XiE134_8LCB z91&pk5z93fr;7$3AypOG{snO;<&gYxYj&=tBZ@KR^5MCnj9GTW9u!ZkZUiNVN2!I1 z5+3AaF6W362TpC5jR(#MJ^PEgQ~&n%q__#|m*}(Cac#^!+BBI){*=*Hlz1Z_WB9aw z>BmTFZ2b5g+_gx0e2o4?=6DVL;M?!A9N#vx>Q7U9N7$|!Ia;hJUXmBcMyxS91&YSc zNUU7k~5{iBMsut;ig$VjYi3BHRRgQmHrE0JLSqesMNhq|W*&&DiFd zxBvv0*MChd2s^rm$Ljs%FVGlWz=>~Ui$cgHg0O^g-W%6(k~Wjdk=M{>(W}2;A+9He zw4pIX6W0%Vlf4Rc-R8x7_H?#J2a?jzFzZZ=uhzVmze6Wh-a|XUU^O`>PwPQ2LpwoM z$oDluGk|i?@rz?xuazz#8=97i@6r8Ie2ah0?&c3KF?WlKHb0`E;^<2C&N}@zdj4wR zJbSer{mw#i_LuSZf!Hz}4G#wl?_;I5f)95Q1L$a9eNKCe{R2z6JC0Rwxi%t*xs>0# z;BqeyG5B8+`MEzsqnu&w>vMBR)yrXBCT!EK=&s_&uG(F;6LZ$887QH9_7md2`f>D3 zx^5`M`YN`4fJ68F^ASbbP4jb^n9OD)lGWwqsnJ{`RoDm5Fim#Mahr0|`$lbH&=R>O zkt$KA-1MTb2;t9K;(Fty^rhS(Kc+p=tXLYViv=O#%o?=y47n`E`H#wow%&iJGO8ys zH)IM1*qgshU#-P=`aUeky=K)-&>}NCHWu%#|F6r$|l>T*gnmRQ?t&$@m+r(Wj5m-f8z|>*8{{_TVZ0S zVSE9T@na`*GbakN=L%pE@Y`QGE5co!_qpT#79c>3uXewie7}p8gR%Cgy}_0_{y(bD zDy*$&>)OHH-62pYEl}JkUR;X16Wrb1-4onhOQBeCZ3DDuaV_pH1^#f(x%fXWxCu}8 z4o~)4YtA{wJ3<;>9vV=bJw0#6*Zz&a>TH(Qo^M|H#q*s*KaFm_)V%nPPrj5pJ(R!d ze=ZwNVIGK`g0-u1zVVeVn17>Tq2U@V%t-SX3cFpr2clP_^!E)cC!L;G;peLFVI3bQ zSHtsJ&=g{~QP2ySx;qu$n*XKKzhS3bKbMv2*Rja?KtlWhPZVk|%RzPtnI8i#pL2{PZUIVAQo^*0ZD7y;}V77BZhxFu-1m@~;JS*YiRm`n*-( z*9&VV-ops}-*1=0mK=r12ev3)Tb!NUhn@98HMP&(f46MMro&|l3NmcQ!?1X5H?w8mdBbmkn*`nqKhId#F18nozWv#}qzD0tv}R-J z+n*zmGm)?rhIvYt%H!?erY#$Hv8R)lhXd857flgWrBf@UXEd&l;-huiZ0t7B_ao&9 zg1K>?tin`+oz1+;7xk9pm^<^*H(8Xo6@i=E)k>%l;C1}s=qYEG??c5fE^$ zKy-U+D0?Z5^(0D9tJ#4pZfY2l{WdKVJ`;aiSZ5>xbxHrp}2jo8nrzUs4nc2DAFpye;MGVLnJ`-YQ?L z7UGW3aU$Z_>8`Z#(7)2+#?U@s%g*9%F&e>b{brE2+6;H5WXCm!Gq?J?)kQ6vr2{8y zAilA3i%)5LC79lz+}4tc5kY#nH|j7zeFZUF<}5+FU2Dh zcl)9B3CGRBvM-RtEkwm-?cx-?-BC{|;YvvQ`-He?)vB_ia9qT3!c?qi<85b8>n*~B zf^r*59Ki5k{Q4 z2y0Oa1x_8>`>VYHQp+>X&5T#frI)hHZAfUuuQL>hQvU?zPDn=&fd?jf(FP4%UA&pT z45wZvcanB6H1vsJCYD^Y=fKsIF-uPhe2l9R(k8?xb61bbf}a`uxDs_0aNK&Ub!4Gk zZey$NpwvKlb;NE+#>B*h+&pGNSzmh9JWb$GFz6%pYByLzMyU0c}X2|Ek% zWv8_4v(vWJs)A~p-H2ZY7ZlA?Yc@X&1O*4Az%zzU0S|@Er+)uAgWvTyP-HSV%_|{` z5Kpoas+mdX?x}F$g`?2u*+qi3mC4sou)(qVEo#ldeJgU` zeY}0Vn9Q)74Q?d;cRh(+t2I=0fS)|8Ag$} zf;rBW^gI_Fjl#TPDKmmTBKK zv_{@JDgQxb>{P22E3robL-W*0ng8`FBU{bw8dpJQGP3#-2W~3133)MuG;Z zyw)`v`e6krfA@38{KkZksF(TkagPHuNx}T2hbHg(5s55mBuqbHEK2m>24DAi0v+M` z;AAF~1+Qb%5bW~jS8=AK%im?`LUB){s05(ye3)VB$!M6Lv|&Ip_T7|n-P{?a=@~@@ zm>=6g3Tk1y!&X$rjETpG;n)PpscvTH0_(J4w#bLP34_g%MFKd+V-#h@2ydxytl-eT z%}p#4-VD?!Io8dg@06GGrXb)eY&Ey5 zcN&^e&#d;{Q7|N2mzCC=i%0Vi+=VRX!iUMkG%)7)=QJ|7GdzTCdZj6C@2wxcTPF^i zp*gLP8R5zB7*)APO`?+EwCW5X$IO>fSDE^@sRlgpu&1+cyW@VK3CCfz(6O*prK^QdQLf8|Z&^W=6uMV&Wvk^O~QNDoro4v8$U^Bf*{z{j@El1ehYU|sf0j`z8FqKx373cLF42dm!xBT7e(%9Tclh*GyX z8Lb|FC)#bTI0pOJvUDT~x!tx;Fvv2H;V9kqXjNN=Po*N`-lrq1b0A^7-6~%C!qhV@ z!Vj~hoyVchC+91s(vNL_;%dY}IxsZQBUPCy+Jo&#pgD_#s)B?mbm6nSIKLgu{^??@ zyTbbnBcQdr)rxtr7IdYhe<)?{yT|(NyYtrIF9J-Gj;+hL)JDvRZcY>uH3DBG-Ezj= zr-|BTiqb<$otc49x&S;RT80|*V(T?MMmU*SJ>VusF3?sA>1vOJ`XFE{ zcd%fu{h)}r8<-=SG^+O_R~m)Sj4oM(S0fXneAA;>045wB0pd24VVF>Yw#0|1fHA%V zLLNK2uE;fy+ewS_&7P90P=JPb$0C2v>6RKCve|uqrRlYb^k8kf6MA81K#G0qZXqh} z#ysgiwy5h9$J*+>{Rgnl+WKenJQmhefeG2eUghgB6+PU)SKHGoZ{u}1K>=a?*l=F( z!c~sea~IdPg>BFt>h&E1*yfJ5_E2}H^0M#Z|MdLmRLSvjvbLe$Lj>!^n6H7Ko-rsc z{e-EPZ55T3l~1}ZC#H!6?qYITRYvWX&0v@Rv$;>wX=(+MtV2XScl^^1;l&(KjUJDe z?rPy~awF+op2a*Fv_IM6rY^6_jwR$WH+ADqDzR%!2SnmR)!B;hS48N?P!aJr_=Aae zg5RN}gkWfFXo)E%dR`GI7e%Ug%+i~xqS)F5aGONy=F$`yStWzOO3IJfPqmBM71KIP*BmK=1e(li$jve?UxbnU# zm6se^pgSeFdb7%TFNAI*Q4Mssi?H9}6|M<%NWCSs7qcDGb1uyowcAKrarW)#XP47BwS!36XHpt*p?iJIRM%v7|Skb<=)bi`>$^Lm&fbViM0En0VZd1iyQ+_7Z%}_jmo>(}va>?9Q?i{& zq(7dK-Go)?%@jgyu!3cXqCdoao5PnD4dEcj`lX{n_e4qMoh(=}e6)g?ReaPx=D>lQ z{8r)OPpp)(hBB_ z+%U7lBsFvk*F@2w=myub*||+!UnwdsBm2hr$8i@%mZun6bQ{o@CwU6d^)WIj>~l|r zb}I})*4RbYP*lu~K~znTwz(IqC^qE$qqXc3Y{fd_>KU%5k?A~cc$z)q3ex@)eg<3sb8k1NuAni-y)CM zGArwZON5`aficVB2uF=~E#uh#Jr@~YYZ_m}e53c8Fd57^tl;+a7=}6SNDXHsr!42D1%;*SsPhgCwth_QWqajg0ecwJx2Vcu67xq|QWNcDEiM zcox2mB;2>a{4p?i+w%l0iBe$gHlX2o?d6ff5gPR9Wc-I<^W59HhU32Y!$UFCZ+jmJ z&=%~rV237^oKuxsu@1dD^ivG1Jx6jI){`gc8_XASR$Gb1M-5@P6;8s{^yM zBY!rC9h@-wXk|Pp9rvNkJpaxes>7{5lgpS^^FoSfn_=%VbnEyvj!n>r3HZi-8N1z# zij5GQ`|W86&yz%Ee&06dmreeAg*{=vVhcF9=~{>O;(u%pQ^9zkcID#xcwa4$@{b0B z(XhB9;$Nuod7+OAM>c`b{oZAnjX$vsUI=@h_3rL>tELx)G59gb8ktl-^ABm&Vi02R z%-~U!!<@x21B@lO^1+|}hHZ%9ny67Re-9#Igy?PV>kM#yCmSJcq^Hw6XdT#9iP|l~ z80dH3#Nz)v{uPh?=%5>$L|H{eMfpaO2xQ8#C6(?!a1A!fEFsRJ=-&m-oRl@Yq8e!$mC_2U)7Je^$Ep7u?CK-qO=Vl^Q3 ze$t>#%;co>09)OBM^E0)wwi@GXq;uBk)q=FjF)8IavkKL6xNTlo@2wT_?@PQ?iLCu z8|6=&UI+J7WCF^wiW^7u94CE^8c24}ya$r-~mpMFa!M=_&%@eRpuiucVrK?WXvQrT7yp;1l# z68gF-$A;RU-0`xT4iq3G`lnrZ9HC`K?Ur^=I>^z^C!!So7BsiYuHprI6I4&}&HWybGaq%UL zTA=54Tw+~$0w61?wI+bJjR=Tf-mVHOJH8J0Eg?@;|MW4k_H^$O4zzm>x@`eeOo8o=zUe*L!indv-gBM?pK)GnfYH-|wo}_F0hd%oMO(SZ&DPTc z7WYo&&lQ&Y%Xu)9k1!hbFZJDP*um%Z^aB8B5N95oAg7gH7tR&6pxG9^kZCX}1sNA; z%(~kqEQ1%|h&lKb%ZSZd=V0(79dI-PJ6ef0E<=lvi#;o-)zp@m!l7qc3Er`1INabd-()03p!HVhSqJ4UxfQrT! zFugD&?kVN#8L{s1jR_6yH*OhnnyF_10~%1a0ft1p&;IV0-hL&(2OFxUMeY$Oc$SnY|g$SI_CX)b|CvG?!gQLG_^lz zkkcI1Wk$$N+h^9kBqD72^Xxsm8IX<`h}N6kcZ6w{%ukA%WJ62#n-*tJe_eu_u>;OS zu#D-=v@1O2ObuD6a)5(z%GWtc?wzu{Clt|_JGCMRd?DJEnv!M)YG+aY(Jj;C)Bac> zAEsu1W>byc!@oayq;UKldOsXdwvw53OHIcPwc2pg2uP1YX8$JF|GMINoEJ*@XWh!$ zB&cod90!)1%S+vjzE0JV!(^B~GNs_&8kDrsahPjmR3j{n7DT^F%}@ws|(s<#0UksQg5J(793>n<@SL$X=N8rjv?*=eANC7wyRT zwjN>r4Qc1)9^-`07o~dK&kqX?q3Mpx4>jo@1f(g0x$J}Ai z+l(gi1_7+%QGL#&9@;)A>J%GYr{l!^X&2%(@zgb%&1siWk~%V8 zJq;3`fk%o!;i>6ev&&LbcAZ0fn`CvW7#W7mim;*5;qRN$@z;NJ zV`FmLNg07hYa5f3Z76U`veY6Hx~iJ|L9`va2IgO4~E^J|p5H6{V-G zj92u7>nW+*j3?O&VjGokf^M2;YUeh6Kh-<)khX`VH>#0=Cc?Z?22giKo;&AJff()~ ziQ%kyq@bFbP`p93M6cU1I~$@$Gik-v-i9&yiDnB|6gp>rV|t=x0i$Yo&Q0XQlX`}J zAmt0>Jgi>mJ8+(@@Y?mAvQ!7@Cs+JdFcu3M7+eF7iA9_m3{6O@7J{w+2II3GfuQ`# z3I&G_xHR?TnkmO`DjUxOizQ7M0ArPx`*(5T!Ia1z1$ye5d`!irq&JUGL(^$bf!`?P zQ~Ie|jolzxuIWB66V2n=kcDw^A5YQFN?^D}Ntl!vxe3iAXm*^V|JFxzy$BpWJ)oykQkq|xV^Xs$;AF;jVYY#o?@Erd8#R@#~# zm;>EfNwsezq^lPO6H~y zCwFe?$lyGRTKW4^n~{qVedw4H&TV$*q|;Q}jwrJu%J_NdtL=3tf$Zq%2r z^#pA-AaBn_ldzikN;bo{HH>JwRLBb7XIR$ zY><;Ojh-k&;i!*1g}Cgbp{&p4xNM|Yl$z!j%q3gY7_YF2P3u>a|F^6chj3CZKN#^j zJgP|R-C(gAV~XD4{@9Sb5j0{C@~K`vD$3>W%fiOS`O$_ae={$HEGJ81rs)%WgoBx= zkqEJj(PJ@VjZ(j%m(rGEldh7y0lO60X!9>A@uxp|=cL~x*Q?slfgc4`RpjK0k%kJ- z@{SwLt^W#+T7Skej3J$5IzrYDf%kzbSR96(6X7e>h>KM!HB;2SX@Lx`h{a?7VYrMZ z!@eCW5~Ht_jF~kI$yD|KH6cvqBSsm80>{e0O9Ig{)G-TQvSm+lH|7w{YMUbbWLqt6 zftaD@*|~8A`*An6Bl09h<)?Xrx1MX(-_8wX0qA|4Gr~?SuMn}FV`Cqis%DF%6#MZ* z2p?+i=(s|MzZ-{ReO&uz$eskBy_a?uLI%wpZw#i6e$xwgI>Q5!o1H{#n0uRQ5;5Tp zjj|C3+kaMOqonM|=9G|s6{+G_R+IIg~1W2!~x2R4!Maj-V5cZrmuAMG( z!Ql%uArf&kiZME>^S^+!EK+{3l(C;@{Io)3ysf-Ln+>bXhcM=7HfYX5A!RLddTzIB zcGe$9pr2=Lvik$(RwBwUgt-U|STWq8raMI*wS}JyP?+DWTQt+2x2k?+D`Sk&9E9rG zu`eC}h#_pOwB<@-`K9Lv!&Jn|vc73;9F1a;MjtiQw^Qc|C*^^&)-@`0=CLcpkBNuW z*Ka^#n%n0x56V>|Om6K`Rj28A)Y&^4Jyax>-=vdfNJmviN~F%EY9;pORoDHvr96eo`zkwvPH!>3LhMF4}Uh?fJ=KC?uWJU z_?}2XMt_^u-KXw{eLhJ4@b3;y#zU>YrE*$GiZ0d)&X8^+G)-p5DVtG?Qj5~dU0mFl zUkMGR^nLt}iB@y-L3^5$mU@x4xgkLR$zyJ*!0V+QXj4BCJCeqnu@g#uVEd2Oi_iA! z4fc&u;MdSJD}~s9v{2W@{A?8En#FoubKP+Hzf-Y|5;Hhv%!z*O=TPaBh??mi;~`(*8$q{95R=tKjUaml7%mS_#o-Avy>2U%#(XPiMQ zj&U8Gi=~TS6Mi9U>uVIQ%rn#xq1mwdRmyezCVR)A6B-vxfO1qGg6E3rHQv)lk4SmO{0`mx!AJ@^EWqDB7ASk?G2&B(E8fzZd5w+ zhKC5qX1}P>vgN$-ks>KS)$mh##U3C8sun~jH&JjLo3=(?s!z9z8|Gn-T+)Z&sO{>7 zVN30?tgAkjhAxYG!mF>SQk~}UrMq)Sx7+;S000cZQwttMWEVo~W!WAM*7#t!dIzn2j zmGGnPMvjqJm~s?|u_aSHI;I^Q26J5ZQQ5XQvmU|y0+lJ_G1`sK-aH1d3VAU_w(~Gm zbq0IGAkH#hB<;q>r7Zp&OARWHoMRf+Yn3LKP<^tq6>LIK?4!<)u8dAc&zvjIy)8f2 z$j;IGQ;W|fIS!TJgNIf-?%3Me-kj;!t(-=w$=muNFw~B>< ziVc+{eXsBl^2(FTsUz{ppE;z9vzgOp-Ntk90bHb`F&J`aLYi*GfKN8OIglZBexJXt zd0#J0!u--lSjf>n$vqf!H5``gq~K<)VG@wYVQ87&ZQ7uZ&}rBYs<}E0+x3*{szS z0CvD?Hy@-o4rGLmh|1x%%|F5kQdk$a6LlA<*}u6zBLQ}G5pt{uqK>5gDEOI8Y%j-; zF+?pWY0CVSkoeU6p1nb&&aVt?HTFyKHzU7Irq}hPaX{bLeO{J~2fpQ#`Uk_!8Sn`) zdb?BkX=quM_(#qh5`!RzN24BC=Y;UTos-wz>i>=}uU*zBQhBT|RBs#-HCuRyZus?S zgx-y@gsAo5J*4M_rkVzGF%!TQol)KqxXH)hXX(8MX#N$h0Oe&@=u>wxQ}$E3=PDO` z2Gq|jmKJ@eA%CH+7=uQ>E3%XiZmdlr9ZEqh4O=F_G-a&V<5tTD=a8l4&aFK6M+_iT z92Y&(bo&Rr!B;#|K9M44kvSdq%5x$JAHd~c?UxvYM(A8f31W+GfX1QF3`pKW?lP!! zJ-XOqoF1xsH)TM;TF7(B5lN8#kM+m2)(NQAlhoF66rq0LCar{xPgGR0yR?2^4NQ@_mf!TEQ zzj@5TD)}<4!`MWAIEVk`t_|yJ`%2nA%fMu;22_wEj zlu3X2-3UUS%b!{^LdIThTKarg!qR5gY@d4as=c|jejZ&EhR`Uzo9r8qp!2L9gP|LH znoCUSX2$6d8)ZXeKFb#93yS8}SYJAeiCZYw%Qa$VHbu7+rSE0weVK&D|B?74!ltmK z#m6U&dpMg|Zb@?hSzWEuZzp6_We~)6S}pCpQQ70;@p7n}gApdA2ghg0xm2dPzjV->`8xW(8;TBHsbA zU6Xn`hu*>|EpaRTURO(v_2pO8J=uc0YeFb%>@3L38|udOH~q!VAEk@#Dk?`?c8Vtrp)W&;YrQv;SjOb#OW`+_8xZm(*}8{QgjtK2bOH#_8$+>vkyEbFKmBtALUZ8rMTBE)ADM!;S-*PUfNTL8(OcZfQ; zT04f)*&vylU){Ydjw>yx0psTRROM8IMbO_pf`5Ca8i5z;fde{rEVr@ckhgifgUzhc zFIhDDmx5(sz4APk8BHm~xcpNzw;D9YiYL2?G-$!Ek2xRl>mxtS2Lq1YKEZO&{zbtO z&Q$_0(u~`_d%yZCV1m%Np!=+#dlO5$+Pph!FO?nNgfNxYBtxgM7*=h%^}_qN0ivwFtKgXGWE0q`>0Er^sDlO zBDIl^+m-h{Y38Ve1Vox*DA2-s6@!Xuvfk1TWu=P@8^a0NE&MZ?dQsog(=hl2s`x|> zk3!-Cy-m6<04h-jdh3{nxoo)u+u(3n)X;TCiQs-{Q5FX2^2HIUlnEUjHpLb(VW!;y zaX!MqufNtp9XYx0Zj;xg*T1`fThQw#XkV4ifPKF8xQ zxmnRu_iajj5?+Ifus)_D4c2bl+3kQ%5}?bB-l==m4%Q1w(S8lYXj-TJd4Y&ue)+Pe z)hkx`tz3xO=}QJOV!Gw#PUx~CY@S2S-q6<1IdHZCZ) z(c_F!=IdHxkbX^V^yKscrUAR&Doh$GmhKXUddT?ab5p4-{L89Br*>wv(}NyT z$C4@V#D^x4hve{S$5C$9yjN_SFm-18q}-5QzJ36md z?Vzz?fL1!Uu-ewzR(Jj`jqVTFjzpUY;mA~PpYtRmF<*PA{TtGh6qUrWB(&O*%D^w>l%}tYnP@7e9 z4ONzFC57vFFZ1QuOGt{zh))2T@k=(>ARbC<;@#0XQRrAJew1g=+Tv+>s8{~a)a zE#)w7@-Q6o_nzn~UQow-F7!U>KW2&|tggO4|8msN3%AGG+V=ZZvXb9@{;C~^d6FJ~ zMSbM%xrpTJ+CZSW>xDshpJlw~6AUhOz8`+tr06-P5WPrA>VjFh?uC~R@gh$Oyv7NH z+>63p6^fBJ9Y^gl30r@Kfez!^!Nu=Fee6En*FzpOj02OUyF(ka9mIco~QXUUl5 zt4I$Y8+qt193 zvr1C28g`J@lLn(=PTFzk`*CVTGuIXT3hiSHUxcuAl~+*}Rn3(3TtXiG#f7mh84Lwr z!r0{u*A-}tBtLg>&R0{E7=+oZ?Z-;)2W4`bAPG$~>{7Rq_(isYmv2kUCiE`ds z+XW`$j&5g_>!lv<1%V2Q_nanNbJ$^PAnY8xs!_z*E&7!sPf~9`IRIl2C_j)Mad6V-r5+dIw+nI{r zqgmA9G2N%v>W}oN{QRI`+JE4!6+WE$Zr7ofKs5zHT6rXx_1*);Li4ZNV9hoCx6qk< z+HeyYiw|z!z!GrbIbKhedad&j;O}=-kG~ssFvKAN8xK>TE8gDhj;`4e@u`I2~*24PiB^A z5qG&8hj4tUJ7{fo^G)G&y{@0GF^74A;wFa_wF-I=#(AfdWuB+I{jp@bL_E5Ls;M>Q zI|6Ff%;G5G|1-9E^J;iB?)Ja`ZTz|f{l48ieLgvbg@LGa!Mvvdwxa1w4Ef>akFcfZ zJm+81z3j&yDM1qc68Z4&&uzd2uasE0SKCbBl}ykTEQCU?>(0{n#d=>&nk#2UhevG6tPzK& z!6Qa!O3Vh725(Hn>y^sdq;Ub%xoRY~;Uw&s)pVj`b0Dq!hhCw!T(i7NO8U-w@^$Y4 zU^vuNQx=v8oiXr3SZhPC_HXVsghwuH^+JRQ6(x4z4qgg=wjbcjP>8Q z6u@jaBTu>k9}|SI!ms^YZdiBB%B7d<{B#@uPj}Mp^7IFv{^|Isx)tZGqq}UGJt59=R%5{=O_w(j`-@8|Ji_ziq7+YEivfn}Iwur60KX{FbMS^j#?63@s^ zt^{WtVrJ4GOM%3=4^5MUdl0cb4BQ>A zZF;%K3=BY2d5>+5Vz~+DYSPv;2xX;I3b>(R9QTc=XTf6R<)t_0Xl8J{T~cSOcZ?$o z98Mo(FA(Ru6}v5_sz!?@QC@~F!@g;N-c4+-Ybm!&NExR%b2BGz6K))&FAqE>QrXu+ zn15UlbKv+^jas;~Yw5U@5QQu^#*Ve=$Eacd_`F8TbsvQJ0nF3;NZ(rjGpC`&#dezT z*Pb`&ETt5uMpcCLjM)k*fj~P1saZF+F{O3PaQ5rIb@!RIbhsFcn%$e7=7By9Dw7n` zZ;~F2_#kOch8$&wug<{hTIt~GRu|j4_Ashr_V$RmFK|*4Py;(E&rVLvmh!jmvL`tZ z+o{mq+)ZpCn{?ybsW@3V&)S18DmH}hV3b}KiO)(V)u244Tp}h!L~j~byc0G=5T}=V zB>_PkYRUjBZbKs6h+dYx@&`D&$#zkdyY3qYy43o)ln+ZoN9T#_Cq@JaAN6**FV#h+ zl()~yLuPq2J%E;4>S27d%ao)?CcK{V>ZVXfED?H-QdVjDb=umwiZ}2mo}0SZWHCjd z5RvIKD5{b9gaUFop-AhNQh3rzP_yfvEQ={<>!JGZPb%We(00Zl@zs#|(Ky?3^3t3rsIdA;gyefDNQ5^|pUV#g7G`Oiru0qK(g7_pquI)mZ4sV6nQ!GAA(9<^ZI5$V#Z z`k?POmP@h@=kC}7Mx<+x-`5@m)?Df5g&(|H=3Yg#`i|{?6?(1|XvV+4Mm+=#Y5Nat z!3m9dxc(5m&K|Mp6~z$=_&0omMpkq9-D~AZ=I)=&W$jB9{ry{+XAVeak_=5ja->M) zx%HPh5-nwKVYR-km8uU{3oZZc$e0st@lOm_V!TD=R&N3z|AABUk_gKwBQNU9!)0Je z`C3Yd2j&|%u|Opo_ioCR04QR_g#&6MmTJ(ll6@Vkk0L`PcBhs4A|R%7deg9}G6Jx_ zW#UJ@)K?00cmSgr5Dp`{eK4T|$q5lJI-(O3)Unv7WJrb@*Nbd-K%2htbs4cu1v%>L zzUdt*H;Yx3p^~6(_b1vm#`jjHC=u}W!$sVR1KFJ8kM#q;bT4_dWxn-QCD8wq4xhqz z8j59z+%-C7Q#8seVKw1L0l256|hBH3I1%UO&KxplqBOpZ(H>VlR1G zzSBViM7qFsg$JuCTb&8Jn90k7j+VwhA(S$u~JH*44ue4YAALR@w{=#xjHwdNTkF%HSxEbNW z+rxK4XGgz$r9y9bsCWX4dBPwaOihozhnFqMg90@cdU5YNx87x5A4qmI*QNF;)$wS1 zH=ZKkV`IfGsQFmZH9jPlRQxWB%!-@)h`=#LbyyCm=pwC=5g5l~5)#*7(wkk|CUva{ zFo&%+V<(Q(z?<|zcfo3>FK+r%Df)fw1?CmW8k*5^gvLr@-JF@Nhz}{Fj%yE(6ACgn zosQe4I6Z$f&7Yk8#`KsZ%%8Krjs_DXbHW9vV_|H+1#fBc(L3CJsZe@>srmuy{X-Zq z)B?iK23SJbg0@2#Isz7kmIY&IfNqLl#88FqZG}KsXxURu z&qK}pJm7A>;CcVH=j93JCH;2>vmn8eyiVI;Q8J?c21Ng@!;o|pAFr!kAs;l4e@0&6 z88E+W(Bp&QE7hZT9R+znXR+F6xKzya*u1OCDs z#jmgq4^HG!sZL@v1h08^Izk@)yw=_0l#l26Hd=NPOzj< zDwqRS^qF4tf7P82eq9pq!y{9UtgE6q9_nepeFr(X_5$`4z1eVea* z3*5q*AAEn(^g6);5PGiboSsHyK3-%P-)Hn(yzjYyrOEx}`?$ylBTUhM=(SVclCi!l z(fu&rxl^!sL}9=(PdRyLStkPyocCiZxa>1@qaFr)y!s{invN~{w6C)E%J6^zOX#5m z6tGQ(nR;WxNQ9uCkL6H#Wqr$=J7?v;4SkheFt&LeQ4PHSi0v&M)^T5md8nHkpBMwx@DCx z!Wex5c>iZIm9}Dxo|CEkL@>MJ3R{6{AXvV*;v}h7x*3$h2J&{<{(<3%Yp8NRNpM?YFgg4LqK;1)Re z>kBT0ScmI6aLV;Q`HM!dYtJPK9~$qBeH>TL3u#qti&e9-kLq%$Vv&}w+?YFivWUGI z8IX^e@Hd*jko`!`Sv;fC`b$RT44-OvFs0m*_Yc%6W6|8mOD{kHj}i6h$wK0JJ&m8=Y+t5DnzLGr&1Pl>ZvZ6Y|Tz|rHiDri=8UT(YxU)J+~ zl#CrHgL_9w!j31DqP#YrG0k`1;TX};<+}kjuZkGswh^=1G+um+Dpc+H2hp-5X4gPTS@y)8a-~t5Vct z1PxZ5hbh`4*O8KsA;OIe{+1P!piSdPmg!AVp|eOAn+{lWyU{zm9a)4S)K3l z|AfD8I1kxr)ZhaVvprNon?5O|y_K6-SSBH6l7cm8c5BPA#lR3nH&S9QJU+F;k2_~9 z$fJYrK2F48U_>Mz3?VE*58o-764wOGtE^Q1q1Hb2#QlseYJQvR=Fq|ZFze!~CM^81 zvzn%}o*;$6?4)|Z>^s)2wH)g=sPJ)zk=uzMKmQvhwJXOX*&V2Zq~ehQlM95W3G|>? zM$>PT`FVp2(4zc?jae`yNqw5kB;qp$Pz;5|15l^U_R!3NF+-GWHXDzn2xirI|L*EQ z(o7nXdm^6BVlJ3Y^sd}mlI@3m9J#GB?+qgFds{>grQHxWU18%Ix;9DeI*t;V$Kc?O zff$T_VdUVL<(6*G);)F(`Htyzn#1?R?Bvr)pJy3KX)$DM$AMUG1dl~RLcQFCc2ex+ zkcn$W6Z63hYP!_-U(C_z7jjE8J3oFE+%>bT&gy(W3nClcdb@q`#S<@gsuLnBPjS*u2T{roOzhBA@hLgac47J(C8H=kSSc z1tZLLIbZ`Ox2h-&=U?+Rnaf_GMLjomJ;YXhKN{1&k(WCfIR67!tk^3XqV4__ zO92BrU5`5j67<3X!af9T)6)pR!qV7aRHg3IS0+TB+k^mYPvjfEUG~2mf8C*8x6AY? z7(tL6E$5Zu1S7lNFH8m!_bS2G(5(c%dfyA!Up&4heI-j`w{NHZKeEm$EDC6Q`$Kn2 zr+^@WG)Q;1gmlBuNJxovNOw0%cXx+?3?bbeDy@_v@a;M0|D2oef(w0!nPFIaul2s` z{VB`rRW(ljtp-bReXE$~#~Bu>Dbvjqrh$^bM9ulrN^m733&0DiW6+vxBnVE*@Fr&G7HL9Gb58(-x$ zCcf^@{(-mEG^^$dFt8gp_wbkQ?_%!*$jl;2jBRSkJOKu1!5A;CgAq|vPxq+}65o(y z>xpZlxAQ9#=Z3YW*GsMralad<#O|y)e3t>(j1cEm{9)vA>HcgizN~?)tkf`&r-GU60qI#tCC_i=Cc=yC;u_M{p<9OUEfRnen7^?Pg$x zHx?<9T=q24oAE~fyGC4aK14$vVLnQOJrMs6Cw1lc=YgXAdMKeA84%jq~;3}}&(quI#ng3MNyuMYCi-%M6xCBB?=5cQtI)M_iF8Co=i%2z($ zVy+gjxpuRr(oef=@;EckH8@qBAZJUEp-&0bN~EOGGu0_v85eXD zjQ4ns5Gqu0d~eNnM^{TdGa#9TB7uAm1V#C6n}o>{TX&Q2g`I(XPoowh(%2WZ#}6UBIcI3G z|AXy9)!CUy)W)wejQEA_B12D5vjN9i!>R(2BOSX0u#<; zr7%J05L%G_3xSp*?a@j}79NIL`kFTl%sUzRYf4<`fxi{Jh*3ESm`S*hsDc(ct!L>V zJP0tbvcuYDc!B;BcPRBsT$R!RPIM7d0YcXkm| ztu`XzzJxuxh&C;IW}y>wMz%bj5DJnuo)0s;&g3#Bg|AFBRS21%a!-u5o7;zm8W$KZ z4mve(a*dyE@Zu05p=-QiMWj1xpfA3^+1yC#}u?Bp4mgNNy6G)siwo_1;ef4r)i}F{Y$fk1CZZ*sr$aHW@FzR4+9?)vI=5 z;qqFK+Yq8_wM+J)w-@9a=3QS)P_|w}U?Ra^H48qmCX+WIn17d^B+VV7IH4+y)V}kD zd%Wzz{y+$ocXwNj?gjse_E7#rEP7H#E)f9{9~r&NMmRoG~?3V*3 zjU*C@C@7=}(q$9~TIOj)Oer@q@3m6H^Z(Q!Y5x+j^_YPz)dWhd3!tA^ z^SR)MV8{#yr`a!8-ZqjpIQp5?|McL7RGmVtn4EuxABzsAZkNY?NTOHJ;C(<#XGS-`anv+&r z^HlE^;~!Sub}#z134L8OZhjIh6@?^qyhn5ZONtaM{<_oB7p^=W+*hYzj%$ok$@Jsu z2UkJ6#^`v1>DZVKuh3diboP7KK(ZgQzW0Hzf2?rhF!sFAslHoD3B?T7eP!|2yrYvE z#LI$kycKG%wF}TU9jb3xGSt@Fihu$X&l>SP6HVkEeE8k8P9SXgh@|fNo%x#n+aK{i z9-;BxLVyHZ=>~WJT(;wShX(`g+f@>YS>7}7IqCx2p>VP!oJD-TO8ajM4Wt{6!j-7c z@nS-A!jGq5whRwmf;TtAIPj1pPZU>%ygx7-=anXmK0vsfdH~QcF^CS>OzQp1@i5#Q zv3!@5-n9qsYu@<%Trhll|K(K=K}!leHW%dNJ^eNZv-%$k4jb?X z0it#vK8yeTe0u?JcLHwl9=E|)`&~qvcAYgFHewP?`AoX!{mwarfFwsApzz~?PIC&$ zWdWSKAe;%X6&~S;YG}FJBqc4QFWaBfaeRr%8iv>i&shucD=l$&>S8{C`1CL@CmYMJ z(8&KlJsdSrEnZJK{3v*@J8=YWE#WCqJr7s49PI4QMa>`p>hXQN^t;;d3$e-c_02}z z;f+y=^=8qVHv8)3^`onC8e!)}cnX;_h*%m2qzepkGIhseD5IkliKErJH{z@Rof7%z zP{Sn`LiezO&zEGFE~6S=aOb42(|pY13JxZKUh%=<8GnB?lA z?>PM13?}hnVTEa|H|e8yJ$QZ^5Jnh1q-h#qoWRsJ$$$XmWiK}mpJi!@_a$Mn3sogo z*kxH~;}ehd0c+&;Wa1yPUafSWrKARVF09-;^RI+kR^9NJgRwG$BzDZF&{;)nEcYuG z1>Ic3aDI)WW@BX5Ji(4*-P5u1b|Rb#^!%&hvc!5(sicmYF^Vu~-B>kTIve6fq4(yW z`9Z>OnoITFcT^#`d*5?lQuxm$hlU1b6ztoaG-pdnh|MEoP}=Z|em#Vf)CIQ);S^VA z;Dir)Am^{Hb4MlaD|los$v=~!#^l=NywyY!u}z&-QeFB=Sc35IF6&1WiAErFA#>|} zpD6^xgMp*&L{IwzF_L%5Yf2~K>1NcOO-#ve+=^R08$Ne^MOgSxqxMfRnJwwD1jg2L z=AOt*!jKq=3)nJ4uyAtUyr>MeB2%Q|b=djztlD0#L__`??^WFtwxBI$f?VUZ;9?DO zq(;P)4c{IkOYt19>YiQ-d$wJPuH5Agl*gKYMDkf~HjB;{zZ+Ku)j+wO2ShEyh>yu< zl-nk(6GJ+*R5&$Kaq0b0$0SS|*|3rDPmz;F2cgm3ByV)Y!P=qSEH6C^BdW&MPtDt^ z6&0DR1#MZ!nHEKgi55Cv?)mZf2%~k~r9*Ryu2Ec7lb4byAd?g8p=Eyxu>JZ>mtR zZylBs8b*{l_w19IaGy-rFD%l{~uCU+_h4!2-#-$MUs5Wai*QD^?BzmGoci2ZGzd)Y>1;r;czt((p3)jLO@8VX!1*eaU7yD;=5VwHF_pPhgkgDNP z2J?iq=aKq4Qa%ZiCi`OX^*-m*(yZ;{!<>3jdpQCG&!Ef8oivnZNX3G^o1y z6wAB*{$>p@CLyRetI~L)Px|1*9Ik?^HiuRy@q&X*OkDQ@tIp-X7ql@{$Zw#uMW%su|TVT3XqPM<~qth4<{YBF^NN2~w8u4;)%^|d!BV(*b`#D;Ek z=^`y*Ec0^lF%A|wp+6&PL}E!IxJ@7^DFHLs; z71FFDkiK1*%ZLnge0l*}Yq2v=KHPWq@%=O~!p1!|JiC;evQ_hh_mj7;CoLof66kZR zBod6I`)^Sf;nQIKZB#9*Y?xPAyk&PU)l5=mc@~s-QV@EIT-uGr=w#tjMrxsxX3=23PujVgWnx+ag zlvIMZXdCMo?N*@Nb}RfEq6ARfiMJo8@H=0mR)-++RNMcPqD6si9gs|Z{du}=A!7R} zuKcaTrNRBULYjN%O)Y*fO~m_3BE&CA--@3;Z|i-A0+E2&?&{)w8mTNQwM&2civ1+P zcbi8$W+5f%3%jVnXve9Fizok!(cX^{RYW-~2#yPsnNM>*VZD&slQ~v1ktY#BdL9Ka z!oSSQ*XVibFj>)k-EFOPw4H~MT3KC@iTL$}!FQJ8J!CDc8*OMBBOBp-j#_DlcvP9>OXQkuEnCeL7F1(ZPZguEt?nk4D^C+dO8d~VKI zCd^nStL3C~qi~JUd_mzk2KA2~Q$4*56(%UjIP^QuM<2JQCUmEbCYG(YifjWWL(pnG z1RHOrb}BEjf(`F31t7Mju1-xc4gLysrDUWXX_qa5`EVFg|EJ;(lRbHdk|EHOo>f z74|%~%_?zPO&MzEyXrYgPfw4`WJKUyZ@1)X#$R0H@!k0{HeU@%sh{D@4)Ph=2z&js z_s+}^_j{cju^%dX2L=P=Z3_CXWEMxPKIy8GS}aP1K{ForFP%8iK5s(va-)Ay8R^YJ zwsXU8x>jH{8~ReN1#G1I`Dyjs=us~&j^oS|JxrTt%~FiGH{uqJG(6Yqpw4X`Z#j7? zCOa&xJ!m5_rc9m~^q-b!%-eHUL-}tf?FpXgB_cN_AsAs9Y2zSj(qscbdgt?RQ&D&c z`fKbAD3%|8A18b4X(uC6_;(*k{T!Yv+*7P>a4bzM?8Dy;rwGVBPaP97@k-SwH8UqD zbdp0!!zwv3@FFA=i#%P)$+2WqRhnawn&o^I|AG17T(ttG37vK|A*7p1b1MovU;p6GY``%vR$HgI$hX7J{h&PS; zGW=pTDSER8Pt68pvI7*+haHXwLQV7r+)T!&@itctJj2$k3 zbHd%B=R15kKD%R-I+zwG+G=S0q<*?noJKr^}MV%8JSt( z+yn%35)q+YJB43SZiw0c#3A9Qx~n-wr<%0)zppG}L_SPKuuxK@52?snN+fDv4IzIz zLnRk`e3~_1{qe>AG4$A$l;pQseUP`6WH5HI)hn|0v>idT(eRyE12c8E;(24vf7Y)) zC>ePCuKL=S1vy`;;V>%{z_0z8Z55tCzPI&+^;zP#OztQS%lksxaC(>OExs=oooQ*8 z{pc-Q`Pf)D1NP=dT#-sN3<;zR`XgKBF`u?Y%kgOMt=I}GOC&%UI8cj&+DJ;(adwx}NFHi!Zr-0kkx1v%7?D*0 zHUH7UE;3GjY(KkSPDw&anypZ!|6HzD&_-V`pHt<;*?!telRv*W$sE?@OGNl(nLnrin5c=hPf=;T9rj{RzvADFe`IkZ12*h zj{Lp-s^V-@a*M|ewXo-R-fY(BK z1?`hr*Qgr%X`g4N3dR$Jc)7??E6M$oCGAld#EVvx@M^^1H`v4aN|xemVR67IUBH+l z(CjoDQ73>9^C`4-dL%yKBZS1fT!&P^1v^U@{b13V|x5BUukkBfcXzh zqW5BWCgC~HjP$^|iw3vd+RfwiuXF)1_KVD(U(Ek%wk?Bd>xSr4z4riiChN84J|$Y_ zxY%7`{ExwgL1#%}eUWwk@sIeUO)cse(Gtg?f}x4YhGn#9PlS0_HYnkO4cV&;$0Z{K zcfWG@N*^n30STf}x4JtqZlkilj^npA!;MJLu6y_O+HOU2>wQCF9OVw6Od`2}f=>&c zBPEr%@6`tgU=Xnd0=&W>VgMCzxqv@2n*4Jswng80+xWMQ*(3ic?;`sl$(JRCrj9Vw zjL$qa2_X%G6S5hah>G}|5iHHI!VTq#;P1!Ql(4eGvpc!N+L<{i3EyXt;cz&G0)KAZ zNup0?Xxn%ahbMw$g`d;dU0HROcMLYqJ1K`%Ylo~l{O91;FE=F?x`aN$_gZfF-}=ay zSeOeBm>7{X2+(rr=((?5D63b3L#yod$8!4v$=$QqmaM*&Ry%}ak#?jaJPmQg4HK6B zuw|A;d?CLoh>^q3T~-Z&5tAc=ec(oKfh|BY)U_ zJI80Edxcap{k}`B|HWITHQu$Ba!_y-6+@%BIEcv9oQF>u>3o;9v3mGQ42kpXo+avA z*Z!FnP&qFcE6iD+5@APT>sKJo#FWw6bC0ls{uE&p6@cL*VI>Z2NqqaB*DuU1d|iT= z&}VrYuE8BKDCthz`$3og&+$$KlSv;X)KD?xa}W+Tw#=dVoM3Fiao|iQ7G>xq{^yl8Ky;LK~(3;pvNtt;kN63^suV?wAH7##IEJ-rr60l zS670*U%!666N-JJvt2Ts8s>HS!Lgxjn#omq(__8Kh5#YczINr%zhf=)&WihK3AM17 z8n~*mC`M(D!%m?>Avs7h8+Lh&#f%x&_0v+q7=mH=f;aS6Dt?m%BYRpkL{Inxv8`EA=-o1Ex5**v`44AIeZ&dgklpLI^d{)6r5A=Nf4f#k_RTg7w{z}W zuR?j$38~NbtPAd-P+SY?-1; zyS3ySU0L>bGyQFzq#K2stTz;kf7wm(!kOHbR5Ci4Jn?#|*%!APe)=L-U#%BLoqP-y zN-yfjX@u&$M*R4@Zn$Go+x5ZR-Q=z^I=wp@Dzqxg7M5$VEPoZxt|(>RP4Gad!kOn| zIh6MHe42-hC2Wb^=~_ApjBsBdZ=3>mOR}1f-G}LS$Mqv70r#eG?$-$IJNMBAkM$`!<6ra`!KOC6{z_TKwql| z67AbP;#2}G*#f=74wZ-BJt90d$Yh;@zX@BTOBpaRqx;I|R?TeeR3I}f3axdxgkQM~xW zZFlv0KN{^n5a$=ryA_NDJEncuruEbciyeAj{PWJAA;ijdb>tfdCApoiWBmxJFI6#R z4nt?V(}eTN=yPM@BT<{~yBmRf-C-aqy8SFKb?$0@HS_Igy%CyuW8LGpmp9Vw>{uuI zs=@xmsn@Y+H(cP)UNUHD>fnt=x~adDunC{@I^ezyi{_QU-Ewg)WufB7%N@zqxGIAi3q^dUNodAAgRy#SvWPU8Q;!>pM&Tz|wpSbac;wkVeaK7UEt`eB2 zzc#;y$x$(Yoi^{zq=;SC=^&6xe<)Ii$7&N6m9z6A(ij{6tuQeR@oT0tyDKHNX2$0cR1)U+Uhvu zZ}F;WOXp*6=XdPEIkz_xCH8`bn|LB-dP+4(S#7C0ic37d=@yJQy9n@vA1qRJj4t*q z$P6%YQ@_ZYeUhPPiM0LWJ&nOyT6&p?=UAsyY-C3u!tH z=0ct`O393h_L|8QBu`>!}L zn1zn{n#iaLE6X_9p-DjlpYDK`l^A;IOaTXu%pfO~NWte*+`8m!0$~`-lAoE>x035m z91!MnI>o%Slp^mOv)a{`rb$n9a1x~A z@BaeBOZMc8WmiX&df4%XD+>oIECz zq2vC>gVDJSfqq|BhB1<|WIZJ#lI3vis=GXxGgHNiE79_BGWV2S5pwC*+to!iprAU- zXczIk&W6O>yWk^NMK&@4H~M>$cP4h4U;Ru@g*;4cSLT`uM~?!bH|N;u7!uEa61APV zFM13rXP5l&#qsk`3f>@|o&JOn=z{xI5O0jQ@GmFlV56O$DG<-U2ZClbE@zw`mC54t zPAm{cZ!`IH@YHWp+Fi-c+-d1q zemk443v1VOgNh5vLfhX>3%vxprntEmzv{Yl0$bg<%)@33w8B3mgfcVJL!Uy5!o-DV zI}esi&|-XAo@cdLuVCXBq~gTRjVY}p|5a+=%4~5{eA{O$ge2RX@kMF!RJz-?YFv0V zX^^8p`|D3`-G7nNnij*SsQ8VB!!b5>FQ#I!DxUa^xnLgHU*|NRH6Q&28(ZVUx2tjn z=z323%1v?J=ViT^IImtbA+F=d_;&f=WI~!S{c`I|MfIu~$R95pMxI}=XA5(^_O_fN z@r1DOjdLB~g9$$jsNLEn71981ZI^juUU+sM{B%fZ6jo@UHYC zwB4Qhg5{6{P{MH$Q3K!l|30IIYlpAaTy_B;)ARD1{3gH-gNm$f2>##qQMzb9Tj z!lrVB3L0N+{#$%J3b?Nwc^z|smR+(u!3ri3&GNsxFb*!XV`tTbPv9Ab(I%IlKSO?>tT@x(uD zhmrQ&t)HQuGXqWu;IXux0iy>v7fd~uts!4-x{iT)1Ac7$*-!7hJDA9Roap`Y3Igsx z*GIh%NAUW--f~j-k>>rwpF@t9FJr~8;1o^ZOj&DpKfGEreT=aY+5K5r`|tqdK)_Kr z0L_3OXdy29fp7FP?Y(VEfUD~ToCpWtXQFcoGH~Qu_mT10-wWEu3mefReR*n+xwFTI zvw&U7%{IV^>j6`HQ$SsY`)N%74V%U|TwDXt8l2SzG}HNj$Fs+KfGu+aV7D6kVlZOA z)CGdA?!3hWDfRpBg-3kr=S?Mc3!R6c!#W0`w3BcyjMFMRJG+U;yiTQ3gUQL4c{mZ~ z2EOMEIyv|w15XmDqJJ&`nFf&MHk&a`ZwE-7ftdz=I>H}4+(7yVhymZ^Y43A4|Kx(j zXVZJH$J0%O+sjgMKhSqo>sPGLSr~1(uGTCYQL+tYG2rxNS$F>ZSqZ4olb|~{^8d3B z-Y3~3`}%x=;DYewN)A|bz}3?A-!fn2Biu&%VQMz-y6MWmZo*jzxR4fDr`nzYZrxC! zoP*e*DR{?pZ`{N2)tsatf7h!@@IGK)*MC1AfYWM$H!Sh+}@HqNn=-cg6KVtp? z1p3tIA9Uw(>|&a@^rIY2ly|?pmP7ps&cH6HZ%wN`TroCk>;yKRW4`>xJCD1fWHpKx z{xGhQDvC$aT!2R!-h=L1-qS2bSiKxu)?AbF4f z4o%93Fn6^Gq@v2gCUOlY=UN7i zr_KIxj;>{9%Klxu@#CO(!Q#~A^UCFVT|dhUj1if+ysWTi&vaOAQVNY>Iht92lHww= z!*Grd-WW+EK-dSiX-Mmg2)TZhAJC4XG(_X*pwk5nB0>?_H59hDo@QzY}_X0e0`-e^diCg4JV?2Ooe=2uC(qXvMgGj>+>)- z0_QF`uvx%(o!_Yg>^=_hR}+#l*-0B9-^=Y;lYqa znvScjB1W82Io_kDqYmpCGMJefqWr1*r17HcqJq;26Q9#8GVu~@jSpn$ziVq}4SN2s zNdCltcd7a8@BR=KW+!%p%cchiy>Z&S86T&{iY`)1pS7~^Q{O9hf~b`Gy)ia&lrCR$ zFvMgIKK|hN@u16YmMLw=j5COJOCT z_ntwS$@{0P`f3vr?aI1)a`RZ$1n-R>Ee2$s%4Weq#tK202PcA&C%ar&lMt#o|KlCS zVs=UDkiAKRr__B$RGxUF_M4aW8d91kXp1vFXABGs&!Es(?~M7!>1TL%nx+pO?K!6e zZz>o8y?EKU+0aC-TwiZ3MH30H8Wm5Wk{u`YuR0Iu3?lW6M06A83IPFWPL*18SvxWL zZ}Y@+3qq9;MHh3D+0l==wsIlWY=48aD17iIc?)JMTY{51k@_Skq!1W2szLprT{xnf9L&+;+duH~y2~LHzCeO^{5Dh5}igUY2!!klgC8x;FBP zANP*Q*`meYO=0$3(cF*hn@`@5bJkvTTkJ97o4(`aKka`h<-X~mMPkma8acj0ZHK|P z&eY&N+HGruFUU2EEtg-ef>(5+fP0RASEt8_FLlR28>)~YX)H02*e~ja6ggODpqZoq z63%{42Z3PGlhU{r3JUx7vbowpNb>oc_WS=hbh`N8)xtn*y3Ns+!M7F5@qk z>UZHQ3r8k59m`j}_p8ObalTUlf7O?o%0*m9;ui1wX}eC9O$TNO{dZs0*=gYqe7(Or z`B+?x)arZ>s=w%3d}|M}P5ymHaq*(D$NYJYslW+u*HyK^A1k((#$NlWgIB^mSJk}$ z0IL4?t8QIW)4xdd9M?%fK*Rn)20?WJ)fSG}-XB|S3Hmc#ZKzzo_+lH5dw?_|02k5~ zaJ%ZyD}gR^2drQ;RFEunG?Newyx~d4>z0bbb8?3bW|6D1422Qy)?b3TNGhAHv+AZc7t~8BR%?1|~4(zw> zwyQ1CX=&&6@x%AZ%F1Uxi=AIrIocqGtroK-GZq*Bru=X#mO8F3XVt~;FJ~9orYaEr zHLkX-H#R+qM|1(ZAgS`*e*-cM#{`Xtl z^oj~Ux1s6X=1FU9PmjOPMt9TYDH?6gy6J9;mRkE+&)rw2{ChU=NYYwi2L9?VT~0g} z3wthd&py}~J)XDrggMmo&k%w;fh$J*ZR}>-Uo6wUvQUUxz=VUE_=OC3jiv%ycKYuCHTH}7b` zpF_)8xG(qnr)c&SRo{&Zu&t8br>Lw9zGvniFm7!Fta4Mo z0SxiGG4&1ivu=S48Q^MIYWe|;3#?P(H*0)(jUyg+erJ@mNN@kG9iA^)-gfp%EB$Ay z1qg9NSL(e#bxi%vC3E~dMLwKdG*0%M1ADb=cVdo%|e7sBTjacvdwc@aerHolT-Q$IMo=PDNF0|t zv%Q>!yj@?Z99@eLVN@`ghe~poXvd5z(`QmYgDqjuv1^BoM$PKf;E&BbGnelh?vI8I z?D_|vI|2?RY%0lZ2l?l zd#87MM$_r|gU3htkdG0FWf~!Y+M@N!h*+V5YHqt@3=&*q1_!4?HBrNr8tNge#iI!H zQ&uvBjJ@iwx8qZ#hRK|Hr^FfganPN4 z=e3q4nU@0{{qP3?rroM)PM$IB%XE4F8LMJLa;gGbJx0n12^BWvC}ivjHCz%xW+WB9 zsur{phhGi2iOH1|e5iLO3xzb=|E1X zg216;1%+6T3`k!v_G}Fc3$qoX=RTnxVu!i#S)k^amEf|zIAk0^&Ok{vgt#lSsSG7C z7K^P;+8q|iI943H-0)_iM`vCczlEyK_F-jzm|;iGUxNLuK^i-_=Z{oa}tUX6&3n?8%rKpno6pc(Aiw-=q9IC{+H2vVh;K1D(0i2nV;H^7$}Lsk2bjYrYnpLza8rrJZ*E$=}4MZg}xSXyGXZZ-Xs0x9H9{ksV@60pZbg zwz>Oix@i?ffk-mqoAnO8_Svm`QA1bh?~6J(2XPGp?fnrAlHLV8^0Smt(KpzqG@)^0 zx#&h&7HODT`m-64!lCzd#C`z;>=jR?i8R(t){ZF2w_Q(N^2eaUjtAF9&z`d(7xzcXpPN?e{+D6?WVhawJ++A@l&@-+Ock`NI4m?=S}hQ$!r@%I$9{sYR-Q-1fv>mVPsj7(O%1joIP zI;18cFEY7cZu#3<^udP~923WhJ(fdnR7+mkRDMN^OVoX*IL%^8iGN!iKjMXO+&$%| zvZgRsS?rO8u+e@iR`49prS7^BlbN1VnXja*-9TLo@?q|^JfA9PGI~XfmI0G{vB&ei z#?$hYq+JFg_V}mL^LXi^&7|#+;^a5$!NnBU0pwgH@0074sK9r+2npiDoDd}3KCl?L zamAkF!&KAlDZOZV9t`Uuy*XRGs@-%Myn4LqHEC&jvPk-{`FH~m*)i7l7-iq^{9Q%{ z@qnN8tQYK3xP)+`alTmfJ{_|K#<+;XJJP)|=GQctgl_!E@dm7dQ7KZ98I^_z(5yrE=@_EtrT zv~a=UOt(qrG_n=-;e93|eV0&USCr614>Pf!oZc$( zxHE>u!30ELm0zmG7yBdfFEb`Nov(AqxI$KOqbbrG~Fhpe(xr*Yw_dOs=4 z*2TV+IxivbGELkwlMY!^z@SsaMqJ8eYj_e|8ZKG7vL2gDjzVm1Q-?o_nDG<=Tca(R z82wwH%&`n|z0@Cv44i6}P*v_LN58i#Hr|AJP0`i9d7eSNgs+uYj>mAmnDaX9RXDrQ z74v7OHpP9S!-u(|8$~pHeris(wX>nnS3f2(KC3oQLb@`v@lu_1*9NMdviOeM-nk-F}?bIxiEU-I6(84}4<$qKie!)#Q*ER1-Aj2`9@OJHT+ z{URiy_?&A(6uDI=30>Lck?NoVx>3r=CN(s~NDoUYVzI!JVbcj(rk2W+VT-iiJghm= znGo$9zEs>x5oVac=S;+EClWM#o2H|h-QuycrdleDGNd}2LGhGCl0M0nl9gfI@4LBI zlw%&Ew4y!xsW^|95T)+2|bAOviX6=D~U=ZVHB1|seRnVER20z ztRU-GS4x&loFN6AC~lC_wB4sWiexbZOL%LEs?oAuiM!Ap^5HhZd=?m92IuEiTnv6> z3olJ6@8l4=P??+vq=VS`LQDnZ9GH22&d)p|`@W#R26H0?6@K~d3mSY=-JZE>oz5do zXM7`142x1iDKK(!6xR~N-kg_mtrR+(jFaqH>!9M%V+;r6eJ~4Me8OZ}Pyar3!}B(# znVJ$e9c_v`0F%~dbe3i5o!KDjoJ@-`RC;xH%LDo;_uD5*3g9p?Tp z$cgW`{fa~WU#4QFVqQBY*cy6JjG&w!!M{GX#d0PWeMdwpQ+L?!(Up!{=CZ6z)n=@G zXd45k*NvnIJz;fJ8LuEECJfiDPAFputrC+0|DJh~P(X$V_`|S(#rCa{&&q6`C)l{7 zdN&=v4pzJ&StaDo{_rW-E3l9rFV@k0)G>%Fd~CS+cR|jCYsNr+^RQI>K5*OkXn3Q? zg64PMfBgw!x008l{%1GmHD2b2YDPZKWa>OvH_lOWyf(sXdiS1r4^n~-jIujmv*yg} zVmSW#{yN_OT`wr(3)QWgZsR&OIrU%|#9ShWg%u5Su^+|h&IYm#Ypph7iReQ;H;c($ zev4UR^~Dq9t1a7tQ_H3QSEC=d(0tbi#OYshvj2H+t*6sTn~Qj6$aOvb=i8XoomIo; zLN)l=&f<5+mCkMEs~01KeznmTp-p2PkK8~FV=hpoF*WDsCd?~R%lWU70A@MZpB%m- zqq>tqLGNDB_bM#yNvXZ7(szW=z|e?(me;Hp2O7#bIbPClL_0s3HJLNP9BX^zD_Ds0!H?9uLC>z3Jm0>xzg&F>T85V zzJk&q)swe0`0fq!(A5AIhSw0$C*s~=7{41^Q|ADSOJC&ca^L<0?Hd8@6Sq^HJBjv* zh=dFl41!1vPHI`i_XHS9>!U_KRXfT$3xs7)jPcP?U8eKK$zKX0eqqsI&j|Hq`>2{4 zzsKst9sSEvBUuueW?YwKi%e}#4daPWeJmJNaVx4OYg%kG0$rs4^pu?B%ar*|<>}=9 zULOA8c=K4K8I;woneLOB_Q}p-w4_@Lj3J9fo=9p|tD??bvM$4BWo4*xT}Zwr4+$TK z{mURS$9;4rKA#Tt`cHfjw*g#OQbedAal-5_UU-`xL83R-Vn=#a+}0-?Geij!9ttUM zKJ>Cs8C;F*$fc!uh`Wus8Wv0O+RHQT`IH&P$iep$$-IiHpO?V~VwlToS$-X_vpZ}7 zWgh2eJkQ)nCjDqXmAmLRJ3`fx2ziLQ>?k2l_KlfYIDXpyCMQbUu{uo^F=Wc01*Y9O z`*i&KZn=8bV`^lSp~7E&;G&`)%bQ%1tCB$;-ZMTfoSyD=sy(kzBw25A%^epRLB|q? z-DkzUje?=TkmM-iHdgd4T(CIhZ;uwwJk9A-y0=go!DrffBQl(xiZsUJF*;r}Q52U) z73N#WU!gLYGEzUqXYgc(f@;nR80q_;)p|lk1wY>Wez!9G;yD}3GpL&uS$_ml26K3X zV5NTTGECw3JBo%~ndoT7A^L58>Nn@wIXe@q=oIcfxVQDJY{U~bbliq=>@7%DodZFh zmy)zI)B@a2uqvVW>@Tz)e5lq*Vv!nF@3f0j2z(UZXG36lZ)Ixjf%iKs zM>a{}M_8YWemf%?f%|leu}mO+CvGX{;`|OeerN2WrxhKcRss?P6@eY+*@c`8x(Yr% zy5Qk2L5o_PobbJzuUXWDUTnUT?NdPr+2z;mrl%eIcD-vJ&@U`dj8HlmDSS6v*SAT_ zPy^WmyJ5^9i8VVqx3s$xwo4P?>nt?dY21gYF=zeyKD>w(IHyZOZM;9c^Ep;$>y~w4 z)Sr!tQy+R7ZN8b|Qk8i&b3E_1+^&mGYTK1LNTc@KylYCXameB?W}IPT*IR9}rDP_J ztEX_=4f@?_$XJp%7?Hayn;}QpTk$5!xj(*6S5b|-2l_`!BqHq0?=82o}&!u1N&DT;O;07GC+bzySCa&>_F0x zF!UO(@PH}M!1c-M8CYIc&E|i}&JM<7;x&K%ovhOOKK#xH|9uC<8J@#`-DjfbaIpsD zgm~V7BoUvZRQp=E2LZeCNCe1CG4cLS-ukiPir_0NxBYw(0SQDGyIYPmdK@ZF-vH4Z zx6UJ{hlo z6{Fl^LcXx~_3`-=@69OJwfy_#;dEn9U|RtDctPXPb)dG`01tuMNclO-@lx_H z1{r&$CVo`LOB;rwl$bh^6QK#GRcg+}2LS^YOWP&Wr5Mips2PBH?yx37uT)yLTP#BXQy0t}|*y`gCt&{A?CkxPWma z2lied_(&>H7){ug)556r2kSiHXP)ohrk;NZ+GBO*5RVs>)+Q50svoI3^VKe%Z-@(W#({H zK!#J&QfXaip6iB0^>Eho+b1JjJTo+6%?*-rJ-wev5$FhGWL(jF ze*Sb7M0$9=CjL1!CSyG|vubjN9(i14_>CKX;tM4_emYhx;lxZXG#38R$tUj-pdQmt z47E_6*`P*`xDoB+KV?M7#JY;gv6Qq8TP;ZqEP)Bs>&(6-dD_RE?BA|Cukj|nWK4*w_GA18ZjfG{?vpWZO_z z28Hk9U&}v^!LnNHn5)r+b23OtNEwHlBqa5Gv%#9!zS=zg*PWpfA&0!L&vaQS+AEZb zhUSWx($>iAKti|~47D}*3kp8+$P3DYcxa51McT`hh^pD&U)_yH^=x2y2SFaeL8y?4ju|3emw_QdQ3j!jT7cQ7kwmk^glm{k!N4Bo(JmR~WvQQVfyo`@&!B zf3CCQK560}$K@XoBe-aA*hTASC#h`A5O{d(mEU}r}H(6%k6Uvc_<}~}7 z1E>M!{&yEd1lSCD4Jt1K_8IOlU=?Q0<8|L93O>#H6AWA|f7)6)yF3L_5ChW zrwX)2r*grdDn&DjpR;YjEI{}KtE-nknLi@(Btriu0M~G?Yn- z`taspMgm)pH3%8=V;EB}?7a9uOci@~gKPFAO){B#Ak>__W3Vey@m#yyH>lXslu_-; z@efv964V(dhHdtvlNw1>rZPh=KDvX1D5V+Ry{DCkcP?Xy*)lRYlq~InYJFYRLXt9p zj832H+Uv)5u%xh&jjXE5DgR%q7^-Sbdy&`~wMuM>_RBES`yZ*gw{EKKxOCynKxH+W7GMvAX%; z=J8=uEmz3H+xv1G?{U+;un}&E0)DqY0eKIXwD2qnphn!RdGE$P?go6=1VKp*piejl zAxbxgT-ZJ5@p_iA5yTLa-KP|HcekI#J2q=g{eTt$RzvRgvD3ez`QJD8_~W=tG%xyx zoqpdu%X%a@x;nf0n|`NN)AOUGvX|}iU;E5HES19APvmWzc%!;Mv}ptGf%e{hkmW#w z?fwgS3+@5DWC#*QRZnWWr+?6i`Wrko%)kC~#uZ4e? zWEjXo&7qV|Y_jVxr?u4A4z@B#oII!E&y94vnyFG<$xtECpDGpe+s@!LS&odNK%yt? znu1E9(a99OltA_zs7WyHK-9M&S%f?@7~wf4UE{_TBT zM6fdI)0*B|OGny{?Z3?yrb2sr@RGp1DCODARgPB&G+LCzCB|a!;M1?d$G!Ze1)sI7 zQJfY^zC^6SWi|Dcl1R?&$Q53i>tW^CK$Txd)7rDIk*4eNwL%#2r&M5kyC@P{vKc4r zje|W!FH#dkdSQO$Cs2zKbD;fBGLv%k9`$uUcwNi8V;HTgBe_G`y+~H)UujMqb~5&Z zq*`*`j7MQ9ilD7K@^=p5u`6ogq~`^3(|`-T>Zu@H?_%(}+388sMpv|%h!e-(7ZKk> zw)XMl5|jBnGkz3~|M10@D&mH&h)f^Fu2xBqS+G~Kd?d4;p*Y6hy9kBiMD`6)GeTt< z*;!C{GL956+R5CS+9R$ML}$i!SnUKLUC2kcjgMI^SGgCp7n4N35hHm{y!3}L6I0%b zOt~P&6hu9i4?a0r1VAzkomoI49Mcrl63;rVsTe_ETi_3|t_6svk>zGY5H zH6kN`Z^J$Wi!Q4nDNed|dAkvqQq%6K$<5Kon3GDbFjJo~0@T+2D(gF$MxI+aIT7Mu z|Mw>xtrM#JTje7p7e-P7>BQ!StWmidCW(Lj1@7M>%uL&i^B+tK15KA7!_{$iPH9J@rx0P_L9W#@N|3uYx zd`zW+Ej_6-| z_rTNG)zhClNM7Y>$sW)LDduq|-@=Y9|sQxE=@d4P7$ilo||Gr%PaSia~zVb+V zUhRfdUKjnlNYU>rMFJx@MSAa9!Qk7*f4@$?f5D7v?cWUhgpM$|xdudkAbk_g6M zG%-q4uxhbNg#3B=S?zE4XI9pAw|5hs++0qw!)gd!W{y6C_r zXoORije4i;bD!#(oV-E#DAN)|1wv$%c0o#?M>xn1Hk9KtRsm}>fy2+WI)nTPE4BO? zpvB)l+BTaCFXNpHK-Omy-c?Yru|L=!L%|ZF^LSY_GM=z`?hN zE5}s@(D~Ve@l_Ba(h@#CA!MGK#VTYo6QuK?``oHn_;wt zdDJtJj)M{l;#4&Z&x_@VdW){lQa-`z&ho0OP|r5q%bcSi5_J%XA;L;!k|D+_vXols zdCW2@lMI4X*b;^>tAfdWsM40$k%+AhNCrwKj_ij#?=}O2Z~&b*ou!2Q$ddOIXUqHd zk4T24lDDOLdg&ILvDODk0tR%sE`%L`e_gv(9rvcZ^ za2S2f6;dP)@aA?7q1Qh>%UqF=-SuCNyQE=8jaysmxwIR7viM|yFl1R6MR?YlCRnA( zIAx+~c7mj$GO!V|$blIpfi@ zN=F^Xq3Y_ci`$UFBmy043lukKrXm_7gElTGx=v-t`0p>AAKj+_?|-}JoWG@ICSUB; zSYg#(YNaEAze``=LwiL^lMK zZ})rfTAr#qFYhialot#b7Fjr~hzEJo6@RGHjaV3UDEHz0-;)u@lAF~`JaLN%ES8~~p_Dq-AT_$FWn;nOk-oPX z+=gFuTF`7Tk4wRhzDFiVqJx-DJ{+^*79G`KFo^HI=#!L2{8#{P% z9&+HYW5es$IiYnRjVqX^U_Zy85v#&1w)#R;Uh@Ok<6AsD>gBrNP&yaaI5R9gCaFA= zFuVbFlFLEIG5}(tl4fMVpY|Z^kfdnoM})$9P5cZ5=vzKQ1Ei;Epg!%3!A&*-1e(i~ zzxIeH_*YIpZns(eQ2yvc<@;+X{>dufqk|IV|Z zn)3We)GzN|<0QLpwkN?G*I;rPVwy%V*w&C^kk;hMmvi;|3KH7SBsgt0bLHz%FVKp- z!4UyTzU>AxNhg^byAfd4sq~SEhF7HcsVvFF2Btn_v4`q|>KW3KLh$r-wxD{o@(N{x z@L|&xey48-Ck_o(?Q~P!i^!dzv6%_c#UOmjpa>FCt8nV*=g|~ z9aLnYXVQ8d)0(`i{;pwV#pQG%oV`C4JYm#VT$&-)Qv5@$qQ78j>LL(Uqb&;O+s-y( zim}az^)ff9?H2JWv$=dAO`;+fw&!UYSDx8)85Jt2!dey3ER&V8RLE>ee|9Y?Er8GFa3tH;Gj(}I^%D(In0 zO+0p3eAF6?cE+^F=yr8)=x0p{8=53-v$iZmuT{#Ylj`|0M46RgtjgvG9X%^+pS^j* zmTG&`g-Lbs`h%$QAmIsVJW%0adhAZMDj~BCrx%3B%b^lAQbIlm0drBQ&e(-7sw{Bw zX6G}&gsH2Rs+Q3SUfTQ%-g~7bl53~t0AnEmX?Nn}Ka2ud%BdrDvx#ACJZWi2GhRl% z?4@N8MMCP1W|i&OrrjY5cEsZ7D2Dg#9Uj|ZVTplV*x^uKhbi*`F{)s*f33!O85qb6 zt$arg%fk~k{l$H@_IK>hue#R3eh-lR^Qjx3uY@$&HOqH9=a?@ z%d#t?y{3$#%GSf<)vJG7cXtVwuwx#rocJ7@h4vQnfw4FFiSzLV=yB;3PcLbSo}#^um@b~yuzC?pZ+V}{_lsg zY4U(Zdm=syTgpmEkY)}GnVwA(H9Kbo5;u%KinI!%JRo&q5k<7^F4^^?NWstHszoWv z#jBR7C$rt`i#96Vh;bC%MNOxL9h*nno=-)%w|8J*XUAw1O>2sL6Nf4oM?aYyL#;*l z$SryU*;4gS6|5q29<6QLX}o$YOagErq~v~bFC_MLdr%p=ktmq~DMf&o&6@Tdi#L<^ zR8Zde-=?%o|2=1qMmqWF*Sf#AV)td}n17w#Luyy^aHSI!@Qa;M^cRiT(M7Ai^>%&# z*`)e9R3W^Qdto(O9!)P&EG0f?KwNL7GpB+l0=;*ih}^PejAH&7|8Y>{lWm0X%f8hfSd4jt9A2I<<$EE| zJnZHa8eKs5=SuuZYVx3hGB`3RO;Gchg>vWg#De_$N(J-^wWYA&ait!d{A}0KCwSvb z5-c|Xi4kw@rt}h-s9jh8kR=Cj`-)mtQOpq;{AS=!!nggYdi;=C*ZAE3*<5^24wJAoNj;}Y3 zuJt(CtIkN7H@J!>$n=ZU_}&1BLvTo>IHBB^A5xe2YcGbX@}V7x)AyA3mXn6T2ULi zQ=Wbn3o>+joaq(}mT0+sxt$$Lq^X^IR7iVvY_SIQ*raxSv{PBk2KR8y!~_e>=9Kxx z=~XlQtD@8F&1kvoRK{2`I`Zrab3BckYSz{?rdBfRvuo6IRwXxPM=xKLC2{VP zd3S!Zz-jmO^||8M&rRa;`IPScX&CPDZ~nW^rG9}z|0@{+)1nQt`sAk?a|H_pe3Xc$ zL2(&Zs{{*sxe$Y4W|hu(-+2pP(XI?}k)umfNPegMO-=bBFE1+OPqOWS8li5sqMSH; zJrISiC?A6QFzuxO8#hDXoZK@B-u&_iirk38M zV&dc0@(xZE(=yT1AL!A`tm79|=xEAS>20zm&oyJD`;cO}C?RdRZZom`gJFw6e_rtKg{n1?G5S$i7a4HR@_ z!v;uEp0EesrY8*LA5;!)jD)1aDr|*Fm9f=qh0kVAgu|1FL|tdOw7l29UJ2d0{N8&1 zeG_fhs|$V^ilv23o$(wytheOYjuyP9D{A=*4@^OjBUXeny1TJcESSTPo95|bK6}t^ zQDf$!=@*%ku1N=r_fF4LrOIaVzSkmkj33uC22oB6lwjCsO*%mYdWsuVg)5t_ z2q)}$qyO&%#QwX4NaT!TJoqS+T{lxV>LOKQHNUl7N!3ELdQJo;N}z{b_Ah@W(OIJedSHtPd80CH^mgGDrhRx(ZeE(){{V^ z2zp;@7A->m^V!AnVV6Ep#Hk~37;_mJU6&_=d&k@hPPKN`sU)u8&l5zf>;ug>Af5G-L! z#(P*#b)s{62nlZ0V15Ca*#W)xyNG9`l7lqu>vx?b%lY}bgZRq2EAs2jI9E=7?B@Gx z!~$=CJ6B7KLNW?s>7Q6ap!D@ftH_NBJ9oi% zuMn@mqr=0)UXmvsfL>yeeKFBnNyOAaW7~H9h>MkksE{Ft7wm;K0E(9F(o!yyzw=ak z8#{W7`;h&p&of?pU|gU_L0M4w@mrN?&Oa~w$8o!w^Rl(;BNs_Ip4)EbKOeKC;-XB0 zP%X@(0zEQDz07^2dZ?kKDxdhYw57W?MR1>!BZJ!lu%<{jfHEy#)ku4DlnFU&NacKT z>v_)oTCX3<^Pm7xHbB6Q$Bn_J+*C*oCFJ(lwnOeMAG!y2B<#r`I1`)opBE z9FOeDw`-h5L?8AK;8VC}XDSbINzRwBa1>6JOO@Pjp-3%;E3jCrw3vW5@ni8s{=J=@^8L%M*|;Yp0kvi+ZEG&QI9!2h zT~VODBR6`3sK%yfV^QhB%E?svTW3j8AIaxwOK%FeYyxq7P_@Q~wZhf80nli7(2?q! zzw(J;pBWvkE`SDlq{RPprLOfUG5ccxZ~E0;7T~l2^b(89Qqc7~03~v>(D?Uy^wG;z zw@!deLe7S={Ce8*w*LsTc!yzi%kN8nwtRc^2$8cGXW=sOKSA`F+TcQGI+O=LTdFyA zxLx#un|#N80lep+3nqx8+;eA&O_#_Sq+2k0NV%IoDvCeRkW~sFREB>3U?M>A#Eu&W z)z{OFV;1>QJ1qCD3=+Yp0cQ>9MZ51iSk*?xYlt~!S_kY_>m8#B<16Z5RU%I z6PTqTanI6_drJxliO5C!1bTW%8;Jr9*uHUTltCC@c-T z)OT5HInh9WfH^*RJcre(P#s?-7k)3P_N7_mx92i`;`5gWBK33XZYd)n30zXo`D~q!y%!Ds5NR znX>erI<@9QsG~TNn5io&k?JS7!bHV)w$&s2iB|snbxoplk^;Thqp7V;T_JqW!5S1= z+Ny16_xRr%8w040RRPKxGdR;ZJ1VRe!B>$v>nf=P;RoxHZQ;Mo#!Z3cnxTfZXgxWw zxk@MD8Ah=5jfQrl)hj!6p0`ISyiX_b64E99)iPi|zfyZ>&38tR!L!<_27nOjOo0X1 zORgrKPJVKKJCDy95T^;_t8lP%sjoOf)K{8X00ZGmPmK7Ucdh~(3FN~As2PXUYNfFZ zj)qvsOKs`>>sn;4x4Xqd4hb>G2hYnhmpO)<&adS-Lhqb^s$FR7a3DZ7b2J|5zhN^? zv*Wq2R^}T!tZ*ndbPOyI5xHOu1o7bU4 z;Wxwdv=R|inK1HmYd*f9GM8Q{chfBUC!X79?x;yVH4Tr;p`a!lN^9avi?3 zBc}R;rMD)AuOpC38T)}rTxn>fK9wK+Z$Y_;3Ry*zZr^+9M*(t@E7U86E4`Ve=^~Vg zLxPMY1j)`ivZIBqz@1utB5>YlPkM_{7-Iky7#=bCsXTd%*I!50&%d|%^n*SfcYb{d zkepws$KYuNzi!T7TNW znqocW7!dy(%Uqt=#Hm1H?>JD(J%$Toav9amsb{(~u5E z>#f>zL+aZ(GTUX+VmkTwq`5c=Xex0j5Gv$0hzc`P7N9XpJTN~h<4xy7ou(VL5kk2? z856JU6g z1>`!%DL#P2Z48a8IQCBMWm94!xn^-QzadeABlzHx82e_y0`3{|5nTgj1NZ;Y|XR$ zrekeKzdC7T~jW66aVdy%^U73`+6*S z!;QhDF*r30p|c}=gcG^7rk{jHFUS;5!_fWsu(fzVa&>?f&B2*$W=F|Ljp)YPu={&^ zA7^Y#p>}NOJSha2aRL<%fB3(rZbqR9+2aDDF0;2i+VChsMq9mNB0X$KMm_m#b*~58 z9H^&6L_)Sv1$<2WoO3J7@&pwk@N~!H6`M)DIms%)BPp6@*SKu7D6@0h%xu-gZ46UQ z4^t&==gHUARNs4MP-vvIZWUz|)TgO8$5$AhTb$Lu2=T{>=iub=Cmd4|k~|vP#)70- zP3G|J6GucEF{PYDpQg5u;F#2!dBb5l>$_7q$`WYw{MsP@&Qom;Y!zLN0HXyXe?G2- zPY{)K zO@wVH=hyfs%!m>N{PUX^gMTPZsc6>-$F>an_tKVlflU`s;{{O}gt?*}>hCg*xJhk5 zgG9+~p1R;qM67FS=a z9vbX*9j7JRJuX!+e2HE$C>tLZdyx8}Zx^EL4BhEJPWAbuY$@gSq@ZWZ{UOtXP0m%) z?>StKQ(C#QZFzZlV#h(C6MRQII&EDd8-iXRdN+J_ReaHVB(hBMW2J6e*KlQBTw>0^ zD~lfoxO6GDE<6VmR}p_?1+*#r?Tbhp1By(##s}S={SsFDxM8wJTNf57O-!E_Ub-8u zv^Ph#dgv}`*R)u%P@5rywL-%@^knGfnNW2l~4Y3tDz+Q*rNo2rEyh9b!Q*zIw5=ot{3!`>3aRMUK&Ss`Key#fU0d0ZU-sbGeOo`zp zy`WUUB~-3Xb1vmiZ%e0$-NWu>8}PtAd_)@E+e)ItY))p>kc#)AeHb6QdC0J#O`V3< z%J9QCc`Add`m@IP+^uE3Ojgh88*9F83zMX7rT0Vm(h%UDnvB!j9_r6dk`cGd=1H*jH)cw<;lh6J;gbOlPUnMrTclGe(W zDK74@nqp{D>>Ae4OP|T+V9phFLj6Wvf}0bNc;6CAuFjSxwPhxtCWsqflUh@qmy2MU znKkvDjc=MbwbqZ|^&}k9NPju@mRp8_ANMHAaq6Mc%qWFCWBh($MLq-OAV}6PotgB| zc134LT`>!r&=aNy_7YyfDl5JctnRGY1=jT2Pg|O~VVmcbS<4Ht0VG6E9pWYD&D*`& znE6@`jbjy^*bA@@d~i4@6x$K^%U|P~G^2(JH(OW4EWjry=*7#w&-^JW@{L4I{n%6$ zOWl=j-#|Dh6)4t9khZ)JQ73dO+lIv8W_W&9J7C2qzqTCKr z9FkmikAn+acf!I?tktTPu5~({OKJE8qm603Jr=vQzxety7q^ty-y?&hB#+XB31*<* ze(e<_D&67QxLV4(Cvb$`>>H-Fdog)D@PN75u4|O;&~q>;djR}XUQ&*;n>lG}dN!m2 z5 zmKHu6B096VZzR_Q7U2HRs zEue+Vlpd$JH2$W|i9`K(k4D?`i($J}#@gxPV=Sy?2b=f#F%6G4dG=m46P1LxvL*1M z&yuEAABu{962R5*Ol|~YT2|v0SR3Mt1Nyfk`Y$ZkFKih0RRZPy)64;QjlFPoinD)K za+>fX1&{p^W>(kQe>QOhUB%C`_~ieoos4S8rOLfx4`}0FdS&xK;d(p#?brXAP+)}& zvivJ0?Tyyws0pc$=BqJ_B(iW>K%3@ zBKh1ZHQ9r3Jt2|59g9888k|{~aXHZ{k32Js2ijC9w&Ko(T_qpabG1UW99Yi>PG0M- z*StnNMJXO7A23X&j;x)qq`bD8u`)H@k|PNjh6|DB@k>9a#oDOH854NepzN?f>M= zZo{)#erF3qODT*#dpS+u!isg%rO2uNF-oL+Up%OgB9^RHu65>U-S{f;jgW(=XBq$( zeuwoIN3biXyh__)!Km7#)ka^s1!TmGhfG?1<%E*&+T71 z8L%g$QSjsb$&(R_vzl=i5Srx)4?6%rQndIpA?)F(pPtSnx(ba?rNvtjZnbZE$ z#2l}_BOQnZOf-OsbhGir?!!ly%_;qN#~%LxhQ{5IzMJpIdEK48J22QZiY!Z5Ee`khgQ%jO?1 z_GJN_Wzv4h;?oN z1}}i2IvE{+jr^w>o!7sc2dL;i7|tQE00#hf9|M@g%g+8|H;nR5=jnMmu&_{cH}U>< z0^^J$ARxdv<^t^GKu^zJoA&`*#g9U7eqyF^uK)$>vwy#yJ+l7&M3R;*7`T!gMkp|t zg}HnT3?#?=PX>T?0A5~wO7MKyI`DwIY4W>i3~386o^G!mUkU)~SPWYd(Co3vAF@~F z-E7gn4+Jg_V0GQiS$f=}Os_8<{ky>Y%)8@`)pejj7mBf+UKIVi1pr;p#^8loR$#if z==UCm`Pg&0;_`O88^fVEji3hz8~-l8grdKo{a4*Ex;(&$S|#Logb~U4%3`dw7|C^! z#U!=I^?a2=d;W1NY$b?0=(SJ%-fy-FXvXmn^cYaxJ)6pZ?IUm#P0s%GA7Gmu2B^nL zK;g{;s8`?rBJ~Iy?tC%Pna@)ObTUmPYI?gjbjg>Z1KS?hV6^^VpJ-oH7pV4(CUPo z+GyItuGQ|487rO1VSE&>MlqeLC`k@iylYIp1tHM(Kp!PVg=bJi@{2ogm)B0xaD1u_ z8(e!5pJ~{>7V3ElNDQ+irSS#@$(hHQwL*fHDrtB@TkwpXOsZ_9y&d+32iRJh;RgiU zX@hJXXq~rDL{Ai6b^YNaQFd_TDjT8v8Lu{=dnR`E@i$lH_u@4hFU3PLsGm^9JhEcG z%nJH5>eJ* z*{eAO!tp&-v2jz?Ac_+b|9m4~nl!y-YydJ6W)=|paBXZ}Z*xI*7R;_4OX0Xq2gY~& z!QapIu%WwY#R%n-g+7Y6s^K^WTzh!w6#lxE@mCmZ?WHrNHvSIx| zY$R4Tcv@IP*$3wSF>y)Us%*|mPyv6aKOl!gOWNqB~s)H zeS!`j^1%q_kSYo3Y|Y{U9jP$?NDxKDTceNY>r)-pGzbeA{Nm>8-{=A0xVcIKSfRwb zlU`~k4_W$vdg1F!^I#O7Wy~~d({9ECQ0%jcKet^r) zEfEft#s)p5@sc@3uzV@q4AXiuW7Fp>R9xDs{NP_6Es(I`;QM6LsT&p(H3VZMwz&hKQC~{N z!CX7vFQY}{{ZM6>gosKpbaQNn5A^E?If3kNEA!832}?>tZx7nUIG&!&kny+Q-#Br^ z31iNXy`&_Vw_ebxS4)bEvUKt0AdsbPnTa>a5Rvv#`L^k4%%VkWLNpgMdpkb?uWOejSu0Tdtt41xCLa`cJDN& zgz|@BT;3QX(Ip__{)h$u@1KCxzo0KqLyj>Pyri!H>gW#rH8k9wVe}06hQ9XqUyZNs z?g5-bkj}gL@PfE1`D5p=7xG_y0ICou@FMT)?I!svhJlp3rIh|H+Qv9ZIpFDU27pd0 zKx?NSh(CMrO@-|S^NUwK-pg0~#8|Z}GI!s6_A>?n+0{`F$hddW&#v)67{^ira6uR< zGOG4&2jCS0!tnpD56ijl*v+H&>?1Rfx8D{igsz}Ji)(@avG*fyAj0=;l6u7Dy(YK% zXlcGVuK)5JFtH|Mym9k2#z0nxNB+f7Br!bSMaf6U&ia^4pS2wXpb39hYseo20C^Y- zv$KM6sQcJ`gsn~G)CO&l^1%PpW%w6r6>iB<`xQ$01kx8eI~KfdP5!6Dq}ca2^3io9 zW^sjY*Amc^1Jc_0l+Yu4PVa_{;sK;i!{X_tKV-_)NBRdE0M%lfMy$Nx{VG6#~C z$9^s*SqYYdF(V4Vs*5R$S9$O1F^azeqPy*G?xM#>I&9$L=D`qf6!~$;xGt+PGT-sB3tiwh=f%iWzp>Juu{xAW?nN_PH+E+z_6Q0? zv#sN}lGRg+lBf2fZI2JG(s<@SJld3??2U_L(s7D;(a|JV2pTm|#G9s(iI*D76;a(% z8uMbp#7kDs3}KDFDdz9JP!R6bLD z6{<%ky=dF|o6}hNKC?f!`#%(F0;npMmkMJON_c;{_QjOACldn0jb>EIl&O<%Hs0yT?rgKfqAWBe?!6-b*vAED!T z_-U3=8$tlNSFgl@m-8qUz;K!xo7%$CAqhNR7nocioI~TfqoN-h@PvxB zf5d;fXYEO(mtZQc@M*QcHFIPDCiW0pQsa1WO>wkO6X&1Uv)5>en8P+Aeg*HF8B~H* zO?##lO>b#$Gx&{n+rwTflvdPaG#+A{qgB3MtsOxKmotGcep}6`x%J+!vfR#|zT_c} zdtXbD%CBhuvmxS}xw9Rvb$zi5z3-lfdEt+U_Z>?CQ@m!`H!wP?^8}uYM00v8{0t{C zOF#&OT>V)PH8#$bCd(5RUmrT=@GB92GzKXaklNvQr^urfZRXF-_X{6i=T<=c&;Exo zI#MB3soLAv4@uO1ZaBH!fAmD8nM{+Ne{F*=9UVhvrfv$y2@88B`+8~~i+$&-wG?-} z+QGHJ%VCVf2A!~gPT+6kZ{_#qxu^N9k6E0moS}#U>c!9+eX2?pC{fqvbiHI8>`ui~ zYjIY-!I8wLm?qKx7G_&#V;TzQfb;_rhQYG~ckF+6F`Nrf1CWO>MiD>~x^Fo%ts%EX z2^3AB!t>0kzDpqOY?yPGVwUnS)@Oi3zmg#I?iv^z_=-7K%bW#V+&^ak1^B0jjkune zifLH##V`hzi$~{OWFI)L^OWk*695s5DZ+62o`WRU1Ggsu95M#+`*-pJ^Ta?K;SXS; z4gu<$P(guZsK)`ubvg}Hj(^_&`*Rk9kyv4PjljcRaG3v@`f)pj5w2n&`GJLnjR3&$ zeLqkquHP(n7CP<#KXd^k53iJvHB7Pt#u`o<0Z-|xJ;#^ao^?L`LDGf5O3!`Z5b)I* zAZ3+l_!q?^w+Z0-Wd0o$IEsIk*#HWhU4SaTx%`LgLw8I-QI0=wqL?pDyU+ITtyq{X z18657Q)znqyYv8{BagZ|I|KeE2+i$bkjyya>wnG&UvQaiK0K2W+P}mUwm`ez3qV0X z+9cBNdZj-ZE$4m}6nS<3tzbD-;XnBRK&jH*@Ty_Oo8x=vqmy0KPg&^Ksh*PT<+r&+ z&x|VnpF}{PS)O@j6VT>2Vd>vnCQ4@u3`c}aO0McLj<&3NomR(i^cm`GX3jQs{vM)F zR<92lo3e?)@#D9Y7}|m%K!e8Kl{lt&NHb7K8hB+UAeVD~l^3I=YGS%k zb=iSJp`_hFkWIZQ_YO3PyLcEIOwN@m61B8ePZwaSF@rp%wA%b=(zX`*S-uE}FJxpX zg5B4)^d9;JTYVZWc+cq^WoFaUyw_b-MJ-I021=Og?(egEJh%W&Ja?>=-sM*it#Q3{ z3i0X>FxTJ|NVeA2MQNB~Z7E@^L`h3WDdPs=_ww5qMGQU2A97zV(A=maHZ_N~1KVq( zMj8SY;3I$g`h|8RRVpK|tlcN)VF!NYtqmz0ch+j)bcN;>Gj{n&kDP2JyxVb2KO~ZZ zOEuAR+~K|`=dTS7VrK$Uyb?|w+`ZGZ1yu?yQZG7*fgH^!A8)M@qM&;)O=T*wsROfG z^Y42z1r4hBUQvw?K%SZzl1IyH1+q%Z!$sXJrIM-;_i2;7fI3YInn+w86zQECS&OZl zt8k>t+gOQ#Y)cEp2K%gAB<)Y0(^6U`*MW)7o_&TJH-KI3Hwb=`@swy(hh z5D|Qe|E#X0J2>F89cSzB>vxjGpcAwH=DZJ}%Q3asa63&>lXDRB>tHNXMf5}G=-lew zZZqgY*BvoIT91g9x+ucH0u_9#b8tdeQEp zDIIln3il`m*hE_44=Z+zbnj8eb!C?3#u`%8s9Izb+sZK#b%OTub;ea`0PviNHsb)C zQ(Fs!+mKf)4^rf<2+X0XY{<%vR^v@G2#5L5Z~ZGY3ai_3@Bi!a_F~1Csntc4sk=Ap z$ci^Uj$c6FSIh{2|KZ-6ahjK~rx341=K4%YS7oYaXssqX=m3txgS}J1fbP7kqgYpt z0Q#*kLDM&rIXT&h{NW}G30b8Ot=x~@-z(?Rq155&8P6wavtZ+Ez4`4l;gnu)1HSg^ z2)k!-k8?zsrOMsDuvOKJQW}(cO&f>ge|g<}IigDp;jf@UeJxfZ7<)>y&J4|S<_mJG zfBgNEmHDDK-$8*3-_y0|pq=_SNk+ahEmbWltf%-D{?J;;#`?om5#wO;U$~v8)vP~f z9mAeK_okLY>P`E+WjWd*Yr69PfMZOp3hwrT`FGuHf9yIn_~^huq33;4A20IET0sMJ ztS=#?BBHN)GRHYM5@Obad{bKS&@y^C$HX+guSR{(^`Kp51TF*GiS$w3XffQp&kiS6 zKHOMg)k|?NL$GZKCzPYhcF(?Xa7N4;SgGPxQHh?J>h%-zM%jCXIxO60k-Nx?330MD zkLqe<6U}Y>oHIxB!zCXXijxh7s@O;5(Hh@3H8Ne;%1Yp)e#rA{`3|#HV>zbOSYM9zk0K2w_C8I#vhu?JFuW)XR(Dd zZFLQke45?~0NSkES8hvk?}7f>-%Agn$G6EABg0~Jpi|D5Pn1<-ie8=V2JVrxv9Se( zIlct=@^=_qKaf;{k6oVi0z4~>6c*(E?l&BSX^7DlVQBAr+9^NENP$}Bzk+6rBX;e@ z#bk(zBKfzh_rE7Su%!UK%8zGP3fqjIrH%oBFM!dde}DbKBX}-vO6IWc?t62ddk@h- zaY`_7ri^us>5&5F7SBhYJ3J02f!d3503(Vy+0G749Adj2WP5RB&xUEJ0>t?$^!}hq z2+(x&zyciS)LU;dXYK#P2e1E4+@lCNY$F97yqsFU1N0f|>+ls!Gf%#EYa3t${B8Re z#zdiV3*dEm4&tt=d|0oKLfLgTY!ZheyYlz90h&DaDInAhVFf7^o3<8BxP6tpR@|HY z>oBC3vOH?F`q+KBX!m#V+C<@n+uXZ;Ht1#;e1(&)IZlm#%a%UK4bh$2UE^;}FVohY zxq-#px8p8TK$X@+vrue=XT21Z8l8xqVi$T%2mN$ci9pATb^4Lj-w77<&`RQD^ZACU z*!4K8=V$A#X6C~4skpS_GY}v6a)!7+>(VAk6(bKkp{988gtP*COtLjt0*$&=S0^hu zrf;*d0BNa%vnWENzC0!)ET>w_dA^PGo^(_NC6U^CcrNvyMpo9g+)cdZGrjUzo4zMm z=eatEERQ=~+@gt^*-+MA#$@;mX)=sJeCM@-U6rznx=IMK-7<>^|v{n?#EN z73`FY^;q)2*UvWUY{Cg4-GmUzs-AEXP%}@;`WoHSUu=i(Jf2`JgrnZ8+_W@HI zMIF%6%?{a(pLtONLBa`bd{|-E+t)7weq)0Ye{SBy-Xv)<+cM_f~)y8 z)0sD-$Ccd^>9e!vMynl>aD_^INq^x4PaF;4Z$3~b-B`c(-Kq+Sfw!L;d2e)W&+v-t zwJE78TMj)zvk0@Fjh;xBFD#8?@pj$(jN{=-Y&SFTV8Dztt~ByHiBTkavcv&e4<|RROd96XKq>TF&)15k4Er^jksEY zVtaP;s|sqxlcdz_QW+5p#X@l^Fy?+-pJ$K4WyIwd-OP!xfBHz)K9{$CYudiEwhP8R zbnfgBEogvUv}KlNpm>2_e2a*%x-M~;?tKcO>Y6!iE9c0=#y?f$iY4gm*?-yl z;Z^V*5ofCVw~CuLh+#t8N^7=O!OXha`Yv;`o5Xne)`$lFAItY6Q2mXP%<6@uyn3dl zhdx3tgv&d|2=ESH7UHr$zR+##6*(M}5d?*|*{%BM!!H86+!VB24Ci%y?5;gS*}YAq zMkKL>*?oSVMbZF8z`q+nouNPch^_8!0SGr5RQG_1xrA%m5kn1@cE7_#Kw%OIs0AMa z9K^x_lgc^1Fu)k{Ug`*N5q@(mxp#wU!T|xU=XxvQJpe(MJEdEE)^sHagpPKg@rJ2> zHgMPi0rLf5{&@R-15c>yv%cFkQs%{<|HIc=2SxcuZJ+Kg>F(|jkVaU#8_5NhknZm8 zZt3nWB^1yFq;ru*LO>BvLY{knGtbQP$2;#oJEOzkz4xx?d+u{x=lTqVIcy3Iw2T*5 zFV?iD>9AK*1B4B@eg#LIT*<=97|z0w4x@w%f!Z4->_azYx7o#o*Y)(U7*3wYW7ac4 zhrS_!|2a6QjrB*AAQry6#AQGOJ<7ND2Awi=LvvKY+D8i!pI*(r2jb#oGy=6R?C1XW zIDG@SVlgsZHzPoCwINLMH=g+X8RQb2r)y}WVVuvNC-tL7bvdFU!jic!Xqsj9DMW;+ zfCF*t9XO&K)$<%@AGEB4UzdCwa^7IcKN>?ZQ7;FH=OC=jUU1Bgp3%q$l8w7GsG_AA zZN$A`S*++n#2$HGRuW3sS<%HU0S2+>pzYzFo*-AAJVDA7)~xCtr`N8MAPohn%%vJu z7FrRF%(kV=M-euMJ|tzg=rOwlOvUvHduSXpCC!Sd)9?XI(lFG$wx!A4 zM6Gc0U>Y`rktHCRK}aFgsZTRgFykVwP;ntINmZ`o#nGSLajm?J`h9zCW&h}s0W5i#s0vMB-?Bvip|t27l_-Yb z-S@XH8=l{UkPi~rF`J{Ajr6?qj9S4d7^|z{Oitlym{RGnhWIOzSr&avIttS1{1>^D70#O7C}Yv1_Bsjz zP3od^s(b5L(~k(YPc2VY6Kd4t?(VfgMF)vAxP3S}`B-NBv{AQoy&HoZbJ+_8>)n}) zDVQiWsX=0mBQstjai!hFk+Hm(__y>^Ff}rnf%6L{JTL{-O-w}3$WBh5G27i62y$&Eu~)4;>~ShQ zJUnF91@ZRl&7eSv2ni3(e|0gXW8_s>2r%YTKsU2DdRTlvY)lBd6|g`Q3}%+R_!5%; zy;jV=#Oak%2t&82U{Vj2Y~1+g5!F3X%PWChIt|VrMz@ zqKb^@Sy88pWG!Iz(A-n($3P3006y>{;XK^{F+>nzBV*(Oou)7#r}PiJP%yrAdmQak zMUM5+2x_}sHM$R6rnh7}-VXY=W&I*jfSLFAtNG3*9i#LUgp|32 zHCy)f3OTgmBS~w8-nn5N=PZb%3pi;jZ&l~=ms&Y4-c={GC+{Dp$qKn z1+RV??0XMqo^);Z`I+VqTCLB4)@ejN1B_MjOCi>yTYb3FFqw{3>AcuhRDG_!(-$O{ zU-)8!#Ony$nX5nI$0a zh;By}&ygO_n}l}9vo!5(*u&8}Ou{ItAD#uM=NHBSHBbp6MX z#i{_YP<3{G-PypJ^j&?C6DR=#VyX`_S4`yCQkjM|qmOlc>)`@_EQwmi>iw_~D6oq$ z*%o)q%$?F!#UF34TJKcYLrCV=T6Av3D*9z?iP_qQ5j4S={V`L8AP-g&gFUqz-ye=+ zzO^ziVJZeRSI*Xzy!ccYnf(Tg;p;d^FIyb>Cg(L?H zg9>S!3$aS^R7t$j@Y==r#`hVvjt>-UXBatR6c{2IBXoWyhktL~R_g+->? z8SITYx&tlVz%m%ii<$L~`oe)CWcAF#c}J;&h$;#{HN#Z8goCNRaZ^!ih%kym0n?TVFq1qIc-DRmQy`7o+F68aw_m zFbRFBC>W`@#-AudXGbJH$wH!Lx+=Hk!g0s>xxgVXLpKSg#v9m5@|;#tfg(pZQd7gmgx2YL*7^cE#&sJV8D4Ym zkvmb8q}(NN9xoB!Hc0Jo&YddaAq&YR*Ky)SQ~AjdLx=5sUohfg0Lp`IqI>ft356PD z3YsvpWmPqhJGgw(<)mzeCsE~uf=4!8xVmE4e9#vQ7U`rv5$sIjXY*T>tK8()TEzkF zjehmH3&&T}S++dg;_R4(YGlQ(JA*T*11s-d)(G%KH?oU^&3$daHkwe!LRJwCH<1@Y zK8v#Hu=SAr&xs<=N2c5$?h2Gj-K){^asfljuymx7QN__LF+HJo*<&QK7HUTMCc2PK zRx+mxL5wjXBU>`c_&!5oMETxu3cKA|s=il*ISUf=>g7lX*a8Bb;}#l5MgtauUXt(T z*^$?+yVE01?c?kBEOY2gl=!&2qG{+;o#aMMnd4q8x^4JK9Jd@4uhuwwF&QV4-c%gX zXS2(Diuv~G-%1+McksoW=nR2mN@lM56H?bHxAQSeR+fVhyiBnGDBi(*644#10?PHS z_3kL_rZi<^e~&bvO2X)uL|u4;g5q_Kr`92xmA#@thJ#Ukk+;LZdUDr!qTQVLXvCiiCH>`h4^7m2Btiv8{bSrz=7BVz z^u#|zQ~MMz8|j%Sh1vH$cMHydIkBUDTtayQWFMVc=yASpI&~JPGZ@jb|G|GU`<+$# zyNXy#%KG6}4cg>XnD_qC{>|gwvmYSSy1?!i;A}v)67L1TWET&I%!S;D0Q`Zweej(4 zJ|-MaYbV$b@Vi@q6ulBjKO}J=1+et-piB}NI2allx(%F|0ra?Mj2&R@Zxx7tor8IP zX+{9R<#oVp;rZVV`ZE%c#Lf2vl(>6<_4*m$-`y0~H z23GT*9sz&_9|3vU3jiVo1EUhja&WdTEnw^^0hl`Q$;jgwTuDs@AhYlZ$_oo`oz0%c z#>R0ofCYa3?fL23`xA|~f}QY9MqsW1a0$__)ZYJAL)hpE0Z0p-GAR=K$wF``12~H4 z{sP7%1q3)}5a8nme4=nr+!QT#b#giZ)Q8Q@dQsN{Ku3nYmbst53|t+AizUJu0HWva z;_v8i%2+kv*8TpmUEn z;Sci?cW-ZBeaJd@r5B~SL#ByAhYwaFv3bQG&O0mLUVdv>FT>wH#(l-^bs}p^cl-@L zQel;5zw0;--t2md@6CFy^)e8M25xOI0_ap}$Cbf^@I#9B!sGG+28MuDqcNIU5dt<) z`S|nX-N8MjVG1ZBQB+CMIpB*f5|&)+qRoV*nH@WpY$f#F?|pT1b&T3b#=4tWolyyO zP8->U;z26pleF&$YMB%IRa4B$-{2r{2oo}z_40Ux4 z0l~pF%;h?Zsk)mT$(uSwnfzWX-wAdWE)VaE`Q5@bXzPmHD?+K3F;&BBgl524pe0eW zRB|4gjnnK^-|N%i#leyHXFBj7o%+U|$+=}OnW9JiijJa3Qzq8{%B2%#nXew*Sh8uVlDG&@GSUE(-AXUc=S5PT= zL{OO!%sQl31k@RGQfm&;J{%?{L78jLzFEfb%}7^CbID0-en0xSg!JN~;Cne1d#2eM zCw_<{sVO6)2W!5`bj>=*$g^jmUozv}%Lk+jZth)Us-|681|9T(4=EpT$Vrry62K#I zv=!f$^zNpdh;vq@X{1*&MD|HrpU;j}^eLe8i4RG5r1TM4edFlphqxcS_!M4#J>}$` zd}UP3PcYiY8JrcBlHW+{C>|epMPSVzN!*WWMJ`r%G$FeqW-SCwPrNhzARZ;^l+S8g z@={vB==`${8j2zV>F0coE~11FqpEv?yYJRn3p8tUjz33!@Y*u&b1LNZTXb6O+2=9C zqtIf7R#oRiN_`DMvg#<=6%r19X+qu>zH`@*PX;(;$<*p->^IqGz_cT_u!f<6-3sx8 zdc*FiSrS#CzOa9tL6x;K2A;oRbfk&-wMWVFLMm%`eQu_R7W&W(>_I`kE+>H^)&1Jw zhitauSFf1$wH%A&?1c3#6pkx@2FPX)uecsNf+~ju0VQb#OSN!8vPFo!y;73y-VRq% zbb^-FlhIk(D?@DT_!#>U!RQL=9#%vnf_znW2|3sxZ|k|G>ucO0mD9+O79FU9rmXnP z?QczdhKKKt20~0o&fbhc_9vAjB|yHf+rYp}0Q9hYve9+c<%na_?qVoAVa_EG&Evs^ zQXe@yd!(tE<$*7HYe>iD`LJ4M2D|U%b|NZ)_?gbb2c--ym8_It$t*0&^7nwhCTOiH{i0!ul{V_R{#;v(?@!S z8e8RKo~fa3L00=ET+(q*Oy-!mZ%iP=WWxA&ik+f&BG{<~Wx_WG&ciD{Z(j3L2{PK) z_6>`c+G}ov9i_*(6t0%O zJ;3F3lu9EBcP9Y=`1=JlKKRv?Jx-SmUHG&<0FGKc1UQZTq_*rI5SXh4jBKZYp9hRr zekDNl7lU~(o}QkH08G{i!q;%XD_qxx%iT1ge|Ep;EM9JWoDZyfu5Dzyf!=J<809n9Xy$+Dy zycad-{(L}B1+swuzLEf10RVZpYT-SvbTKkC^jP%%Z_zay+>Jeaq5=1O{rL_Ye)oVk z86e+=ZuVqN9}t)QK?&EG^98&C|2elGfe)kjSn9Z@$j#Kmq#wZCh29v2`Ou|2!i`~H zcn8nnGctimYOlQnHd^3Vhs)b^PxExcfYv~>(R0EM7?R5ZRsky;@XlX+fbZ*$VX{2} zc3|3YxHCJ5Hu&jg^{wL^5P1*3F%Q62FKDv|FothYZC}MUoAm-ivz%*b(XCm)2}bw! zW#Kqt*sVj@E&M)Rm%+LgZ|A44ZQFZO2Y!9#lKGjSwFP`h;QfKttG@@kmvA_6kmzMo z=j_HDOPiCC%f`RI`EQ{$xc+b|G5|ded)%jc4-EL=mT#a9^VsZh{kc9|0vPuA%IIqT z?uwr^b#DL4?cGXSAH2+RA^!;wiM_+nY(lr@q^_aje_{X=b!o{J;Fb3IUM&XPSU6eu zi0@7|S125~-|zo^0@M`PWvE|3z+a#xnTkbx`PHEF5}y{>3@qB-3EI9c{hM_0Y`#&Z z?hm*IF6XGXH@zW+;J5vUuWIiQVPCduzNxa6bTO!2G{41nWF0y+XdRgI?vi73|L>G1 z`+1dE(#VAo-%B*!;KPpN{$h_aMvZ&Sicqz^golH$J-+w@{$v5Fr;NSE3UH>s+|1D%v>(6?M2=BZYSkrHRlnJkYT#QMz*9mDDQ)}qwLtKin| zCs2%79qm(RtVA|1`Fz8UG$os$G?Or4f}^du)CE%I&_NB4GF+X2Vg?wZ3khKoV^_y= zMq>J+b8Jmx8rn1#aeeXpx`gxRQ(bL0BJxhALR`-;NQ94+&>h03*x`K$wi)RC{`tWH ze_sKakO9|jr#WT_9uc8ae$+JNVtDkRxV$~4MgZiGVm590lFLM`XRBXwG?L0dfLV-P zLRQ^nbOHMp4)V!lrLyJG~a3nkkKiMsChBoeDMp{MgP6jSq;=fpyL^24nj>Q3nWW8s!F zlm__bDN_lNKWX#H)LLJDMRxblQ$_&`Hd0@g&mf(jUwsx?9L-t^EM>z^aumSoM;6i} zt(fSLyyUD-R<7g}Ri98)jZQGPs4}s%ELG3lxj1#tZ^%)1lV|@}(@!9fuVJv9j{zOi z=ZOwFIXeA<&Ez16HY&oc&qeQGsT3QLPnAQADVx8G7*kYa!U5LYn;_~(yEx?);xcl` zV{di86RoasieyS+j)Db+cQ>r`RLWW+qC`p+2!CAg9$4`yz!+O*5XY;8oSjOi9x|VU zq0}nAwJgUiB)Ak1oQe*{hyZ-r5A(@#fs|e>c!)tpYPPf}jkpL&?%Mss+VlTxoL;Dv;odW?M6pWVNj?(R_Y>SVUA?{SAH-Zg9)m!%P_7^(G)eC- zy@r6-^^aVm83*$gtIDkTn3ts_HVWM zVl`ed7imwk-7CskSV1<7%$4<$e&*ou{DypN|jV)L#3YuX+5MW&`S` zkj*mig!dliF-e2aGJHD#r|tsXKrLWuK65Dk84WLg!+;?RA^5_pEa;Fc>?WF6bFJML zT?iI@?N_sSf<`qstaO#Ue_7+CDShJrSe=QvxEc{g{(R*7_c$lxhls#u^Q|2r{KZc? zQA?n#0%7(u<1%m*`tGIQdjNYMdN;U#3AinefeWM9zK46YJk|Uz$=bdl=^_Pv`{`hkh2T-fFDSH5^|IOc=H|w1N09k&& zb@+C}5wLnbtR25*YHG4_Iyvv08v*u-oS9_qbzESHZyrRrd6sXRns&Cl=C($j)Sfhc z1RTMQ+&4AP= z-^))%Bazwg&7jrI^)HSie}}HOgJ(p5`}h3gy({^XLfEk%@B6((+~crqVD$qo+OUaVfyl4T1EnZ^&?QUH-ja zC0rf8KmB`M)@E{SWq8quK1IUl;(X2L9D6VD&4QI_&oL zNAE?u`c)-b-GQevR~Wmdxg1*+^cj=asT6)#%D(xq=9Ix#jbVW(fq zk>ywM9Vi}|+o!na2_{xG`(s$(9Bkm)?b2|)$%oM&jXK@()4c2_Zm?D4L~JX$GZtkj zDvcc@L}H@l$*=v}l+=oGWV*7C1j|IkO6j zXo@Ljz#&65&rHq>2xgxa56=kyAuf`sTW)hSJ39+ijh`wC9VC}y5bTvVgxPbjkN9*- zY|$K(H;zs;hZZV{7~QQmpqq*H28BD(SEAz`WwA*gcKL1B+@_#*Y4&NZVg zd%W>vzE2y4Ab#4sL|bcy}_`yTq!Q2WTBxi-+iZz)0% zkBMJ_d1^MgKQd~B8*w7a)!kLyAIpp7#XUXgXQ5Y}^+*in)Re>SNaCLY@|9`rjQna6 zIT{LIVi4rfD-y{ze5TGEyto+}{^i)+qMt943A(`Wp8A!$By2GYUFczA=sWY?5crb& zv(8o7z93{d~K5jSu^}E_MP+L-} znm|k=R+;wVm3ZMNj9c9!;zbg-0Vlb!~roncEiMr=Z4KzvI!Q z!;VB`X<^}W$1i^|;D(SECG7?twG}qNo#?3ju+kgI-7KG`u1Vj>?O6x87&uu{>QiNg zDqkpTs+07f45PX(Cs;)au<4ryH-EI!LA|kOgwzX|nHKg1)v_qQ_nM9$#2Yd$rWo6b z@5-c9O{tpTXvZ+FNUrfyf`$K^eeQhu61{xtKuF?_!t{mt9&H}84JEa4g#SUNLCBu~ zDUk^l@cLWi2>)5{@|JZ(wi2(bGMSN))zxTdz3cY(nY@#srO=Ewq<6v;?9@AFNU<5>L}E#$Rg-k++Sy zNRX8`3DIAHif9O&p}ZP80XtMf#r3ss@NY!F8+_(s>V4MT*b@TcL*cW>GMD;ds6ub1Uf9`4g^XJbs_=~_Z>Gjn(zU1$(?k#-y4L5Yd*JZy3Z~H}S%1!|MFXahfX?0HN2|WH#$vhBG zcWsRD0Vrj1sh6QICaIAL>-LO7QR8T0=^hb)4P)T&4E~iRQ?+_ILM2V}7r2t(hs|%V zrnE1cGycv!Q@;&4Lwxfa_bq%^S^GRWS)zNXgO&OxD4o!`Uai}g~h@ji7}{HFjaNvTKf?z47lFqS(3+O^IiGZ|9K1^|Qd z+9A-D6Yj&XABTulD`Sk<6exAPuw9G>jgsJ3F|?60xEV)JEPdD###LNSDXO7Kt5Q7> zrcEn22 zX@I_ysmzG`m4HX2a=K3gs;Z(p^+ee&q?&fz#-CR_)0CmiYyicz+>&L6CSa%!+g3G> zZzb={vV&SQnAElP+NS*bKk#TQ{Q2tpH$Hfk=J4Y3#GB2WBAi7wu*ir-%u@}azC&R~ zkv<_y^;eBR8LOSbB4LW*)Lksr<54DFr8u+0dn-_g;|KYSfAEBsm8Y>$ObM5M`2h{a5yq)kTiXs! zrXqh71@W535J7uol+&SX=fDdw10F?g-CaYj8dG6EQ~6!P@kU{BE2IeG7zUS{p60z` zt4_;tap9=?+OmOqCyy^R>%yD_TRZa5ccHuqfwN9)Yhzr99&2Gn%lXeAX$;kqiqOc6 zIJ!)s$--+lC=5}OU33c-A9v*!;t2?gs4z51x9Q{MbRs)=>FXrvq4M%Iqlp?Vs7JJh z6+02vN8n+Q3!mMECKX2%gTZO|%~$ywiI%XwSeqUrV^#w5C{$}$n)Of%UYY1EVyJ!nYEsyvVf`D^ z&)`Sb7YlT&tz?DKd=pBFw02>FiWv}gnYj1WD`sqc6t@QIqV|GvC(a(z^ojpm%2v$T?09@kVmTejiIssfGq z6!b37t<(lbzIv#zHmg8@JJB7Z&3)*5{U}O&R`~#v86Vc%EBBoUOJ7?@N9IZP3(S5G zv3_c$ zstoT4FcNmo&lxm}@cAlon>(f^@kwPBQ)OwsG5d~)X}&R7GEf7DjlDlh!RFIDh?YW> z6ux_%q!4Dqj!=fU0rF-T}dt_=mp_EHHCE!VASdrS7ttfUdM^};gXyfrN zT6YNw{|$LIIgjH03`73H8CB zaT&!~Ai7|Z>RbG>fw?E9Vw)?K<-IO2(E^I~MPkusV0K7b=TAJQ>0OK`@i3pf@vmeTImznt5#5 zq4kV1R~VuP!V}TMsx-NirQ8~>18YY(teMUZt{7gLtapoAP>HxM3gdRRai>fI-*7uX z`uO1wYzjCb5Txr?l=3-2wk{QWU8#g6z4)s0O(0YVF0|(62xLJ4VCTh?4ey4l?96!n zG0}da;pD2Q(FELPVW$&<`P55;vnG!s;iaO+LI!>zBSu02BCVAQh{q+V_^aPZwt+ z*qt7Xx$>%u#*=C@3~A(ibcNM3l`M1``b20@Xh|b>`B;n%a$daEfwlo{7v1>I96A8W z!EQH4`np+OSWra9Rh@lqT6Zd~7lyw4auJ5(o&@thxl50lSr^i&Unq23n{Ux}ua+Di zRaB?0CWun-N<%aQGKpS$R+QG`iW%LM2csdl9MxEIbO50!aYx-=j_l|f>p`cj<0ezq zn$c~9-B$DpDfXI1If0OS`qXtQ5Ye2I;+*v|{f2kmdV6YvXt;>eKUnv|b zQ6kQY4e!q;v>XhsQk?ko?)@x=#Ad?_i+OJ3F_`G*7o1mEA9lz}8}lW|i^dzzs>iMI z^bce{;0rlGYcO_1vrg?BNKxr+$ixYY@GZ9x22aYjv2>YyQHhyRnX5d$J1*t6Ad9o; z#MSF~hDR&uM%vo@poYiSoo;Ltj_ZLcr|kj)RE?Ls?N=|tU5zK8p0f?7UnxecF~S#T z_D&%UXhKm9`63#&mJgFO5WGo$!Fth;7jCqyo22XpEJt9#IT^t&l44R45ryiQ9f`su zVH$ebVzF_^qo%f{;CZ2Z4g>-W`VqGa^I%8SIZj)EUoQgR(}{7G!1A*JT@dpoK@)4m zlCYwxT7hqgLJ@1qCP{vvl^1wh_+HP(kIxV*hf$Wu!;PLtm5~6q;+{bt52?5t@@|!w02xXkj^4kWTr{Di zmnELIG3`GjMcb@V)3|uzZMrhxR+vQQ<@Zh)^19L&m=S-fgzw3?F2-`mr&XXiWb^M^ z8peB(S$k{8gbugV-vo{!--N-Oy?)^=mzQga-~3)lGDR->i~e?sGgSig_N{0*E^Y}8 z|AQULR{7*}8(wTxpp1bGf*U`%%}-$Cia2@7k;!aezz`i4bYj|^vZN-;ZLZPe{ zUY;CbTQm~!_p(WvjHjv~=kR_EqVmKV49I`IJForn)2pTgAN)8U*70$n_ag!hTI$lF z__b}M_=&ex8!6kiA^%K3A*y4tO+D70Uq^lZ4PS~sUX8=88}Miuz&-FAhy)PXF-Fi> z#F?ZH`8^LrxI6~~9)yAYd|O&l>Nnt5r*%x|^+TI(gHM2M0oX%q9Xhvv59ne;L3bC$ zUx4lyzOHyah$!iIaXN4TSnrT_Po$*h}|66(Ko{^7BlbF&bR+|4zun}BbFapv~ zn15^774SdsNSgj`Ws2{q?AdEK=EcQY`+g*_ra2V$Cl0yqdyPw5oIL({a|V8Q4^47V zu<_RU*8lC1TNUuUCEi@U!v{usGcVqFPR~CdzK5oky`4*QAPf0(T+H{h$7lH`BkkO3 zWJihb<)z%4p8s{wsZ#e00Sm(_HWkXuEY>!98kvF5LmBH!>LnD0GkTq;T_j?}gbtjP zsX=6$_uOA?>VcA((Uy)PgTaWzs9H~vrn^W0gnk!(f)!;){wAc_z)fn*;mzaiRnu_M z!}j2%+?WKL;ASpRmV>eEdSQ#pLB5xkCKhHVhH{RZzDqr>pivh$W{tvmJ1I94%G??! zo1jbTwh`-p5_V^b`wiPd&^>uD{B^u$>kDZz19xr4 zH2G;!crnATU2JY6GKFu%tkN&W2!9AAu<16vQGH zqE^pOmcyQBXQWyPJ1jN~~_(u58Z52GJ-B+YtdmY!9Rfi$+X4|6rnglYEN_Br{6!L9eOk!NzrZ zRZ8W4(rn*+iEAjKka$Y__n9WAs^{_>5>eh|b$#2E54N;|)XeH=aYAb93|(2Dyo{Ek7o zxC-zyptl-p8*N5IJnIVsnZHft{rFfFYAHX)=h=)I`lfoJj~)DVGSx; z+|Vniyu7bTbOVtfLK2(cQ4}W}A2Rbw+-n-GUEKv8P=DmQ@=xXuAOZa;m!z?38yxKD zQ=75Sbh9(C3@xz~i47nZDk~_sx5k#-EbzP3R@rSE6%MrE!&Rd14z#y0#Y0BD;Oeu< zsiSI`8&-gAk%mX=XZH8!Ae5=`Hqa)O#Qmi-B^*P5V$JlniT2&n^Dm_}8*N@JH=`H) z+|8&(c+J@WdgvaE#sAZEFtu(Wk8SsKmmqxvm8(J!QY-BAOzN70IsgeTKt|ZV`?L4I z>R!`$t(a*2eLQ|ofDR8x83L%dmqXX7i<*+dPK8Bo_qhcy_i-@*qU#V0gonX~gYM@3 zozDT{5@59Bshs~lL9F%X!tX6$teK>~t}DLY*q{st1|<7SdRoJOk1qQjZ0Ukdw<*Ek z)i+^J1rDzQR$DB3fpD&cg#|mofB){n+Ww?;#)nM&XSu`k^W8|hK*RTzD1-0$m-uauq`tA6k8_v}*mIBx zy1@_l3*QidyTk(9g-iJfqkt5D;o^7|8jVG7i{lG!7q@=)1Y{7eQa6_p`Uc&a&JTv^ zkhQ7ofglx*&#?$#VB#TyD^%N)k-elZi>Ww)i%GaNdK8|7A)vO|p&;v~Odm(60@Ls8 z=Thm6WXW>q?B4pZ*4^Q3uLM*6QK!04!<@O%L(%POL(y9~?YISkG*qYiH=yI%o zKIQ$YG8E1o!CY*m(a#{jW@KP552VE7sh8?E*NJe?f-g{fW@3VQknJEb)w7Zp{F=^GnAXNSuqmMAG4?n6gDIw+@+yrZr*;O(|w$P z_DfxgKu-ky5p1fTbW{N(N)0k-o1IwW|Hv_%Xr{Y6#)hv zkm{zEmZs)rLa$9$u&IRwjjWBnX80hc)`D)X~?G_6L`M$|y8JQYJnXJL0HC?j`~U6psm zxBtYu`NWggZAsWkiXuhXb+e13TUD3zB)?gXl2&WnwE6MbpXl$<;l(|3o6ZC5fpkW( zM>C2-(=F%QMwExNn^+Mq1Nrt`nVcW(@KpQaj{e29Xm2!bwtbV=WV2BgKTp_8Ck6rC2)GdMx?EYqnh8WIe>NUOEai(&kQH-j!`ozV_kDSj^D3=llR!HTv zDo0Q$nEcP}E-q0LFXjv#E)61r0+V?uJLXbCmpC~A%Bpt{qxGQ^R2o^s;y7d-u#Azd zhK{a+#{R;BLQ289w#ax`K8{Q<{0E7vqm z8L!3a5g~umijP{!K~dDJpj1m$`a183FOa|f16*Q@$=+#-^!d#=QLY%-r!5~aTw2j6% ztOTjhhyRwB|E^URNq6!T!=Bgrg%nrVG{RJk5*LxX$BN+}%4X^CYTz-o?c+akuMy`T z!*dcaZBu6pEsWyfJJZWTuMw|VKY_BJQgcAMRtmzarxUF=fhR(6g&My0jqHBb-1`sk zSFg>^-n#aNJON&>IU6w`Qc>m!9_I+K)Xfzq-aMT)KR<+pt-%~RcL79uoQ3;n+6;L7 zzZA%@$LEQ~N5C`paQXaHTlO>gjg$}M5+2#I;uVI!dw=%avjU{hZE9VdpPygy0owXo zF_bGbhsjukZL26;(Y62k@*vaWV8$REU0IekuCR7$-JUchR~@=t)9?|B$corL*g{8( zPF$?G_q|x|C%&JSQ~nH?d+)nRadD)5LX?r)WVlD03eM*-658e?bty7bJprx;-t+P& zLB{Gsab6(t8ILX&s@Tae7b~ahDa5b=8ea)^o{}JB%LTwaA8?MiIg*2-?id)w#Ckv7 zjYf?dc0PTKWDRVk877v^_GG3kl$6XD7mx^0!;enzgAovlOZ=37C-`OXIP;(*jLpGA z%u`5jDYD~thdTcXXn@%;V_pXai*8WF;_1X#-VhcvRJC|bXMMyeKgJzR+e8ufMYb6G znlr+~heT~F&7ir&f|w$Kupo=DJ~QTpt>-iaM?h&cjM(X}_-}9{-e%}tbd8CJDC@Bb z(gCXz9tUNx4OXFqz4@>bZKha2algSrqNxhD38@$+-lrLjW->7!y*|`U&8K2mrFS^_ z)v4QZQ()VBX#FvopY!LbUPWxFWMdQjBy%9!Isv_G!6|`U6ZTp}`AgK9cUQKx@3HcJ zELKlG1clVBzI#dK5gEbr2!oC_-*W;?oFSw*-#k#V)lBp7lHre21quR~x2@)cG+o5Q zk4f`uwMW+Hf|Y=++b<(~bw9mFE_OCTyFRsdr!XbEHg6;b|FSBpD|k0hG*INM_FKeY z@zj(Gu?|vASkN93&tH44%3z|)Ei~ueLOnP+m_Vh@<*5+C8W8UgiMozFsrbh67e90ZO(nNYTfnyS5tk1l!)x>3wN7` ziI$=q4|DEZ2?z1Uv97VMpFcT9ZN=oWjq*9h3j)>(2Oq>!O`T^=m?PB3|Yd(=2&I#3NZI9dz`^D>DdqJONFmAVEv z%3e9o4E$9o_jlmtP>I%c<-1qtws_sxNXOpbP6x%@|nBFrMa! zL-D`Dz7z$QDS3jjo<8Zb5{Po1F`jH^MwLGQXz3M5#Vx0b8ZTD9Hg#<>Ri>Fql#9un zqR*yquPX?UI#A6w&1C-l zeD?Z&(-8OrzB&D)`|SPD)2$?Y<$`+n&-V5<5E-0tGnW_!$ErWmT5?_h$$nyJ_`{=U zlcWFdLKjal%kL^kDkQ=rJEJB}Wk#bxiYJ7GY{{daPU7LAM9M&7V`GhELR}--M~vpN zEe1W3I4(D1B*-Yx?>=mZl;>B$tGL4RNqWIgwFS*RRg`*}f)+)(I()eBxg(cyb-ffn znPMx>dd1UBuW%-I-6dD4PAMZ6VHVifqPIY$?je5dMUQJ@koTp!u(~*YeQPU&vhg5X zC_bO*O}63d1q>_+8{>7JbI`}>65@Cjss3N)N1fg_FAfnIqa^wp&3t$)$@FupdE2*I zAN;=drFWp)Sn?BN)_@w27O#WyV-Wu$w5SD=WgZ&wwLolJ<1$B2FFm2|mt;Hx5S)y7cfnGn@2o*u zfoLBTHPr>H)rhuClaC6q9kJhuI5#XNaF-`EAcdDcP%-n0*lsJw3{sL?Z__%J$*c3| z>alGjpK7`>Bk2V11`&O`l&~mZYrmMmTj!|bZ+Np4kPsX9JZIA#$(cm&f9VdesIrjUn z&z?O&1DY+X)g)jQHps3!fRms6C_g#h+`$I+@Lx(&N7||}ILImW3H&tiJg|v~=q5#I zp-7L(`Dwb>tHPX_MfGLwo~9KVHfGTG8x9=2;E#q2a(;19729Mbl=GbyZZNyttJ%g_ zKKa%VC(Og8=L_e67FcPoKs%T7Qzr^SnJ?2z;>xu`_YYyAhcZ$I{$1d%a5J`FpM}+m z^T|i3U({;0QwO_i9r~r*evA0iEp=yRez#ocnSoKJ&%~|&QfGR(g1zCd zv8%*s$M=7p=E?S9P0Pu;g}4FED%Xng+CE-vZNG_xSP_j&%(=FxrE^DIv0qQEs2==4 z2Y<8Me=o>}P9PQN@=NE-qWF{lgtOY4@?2Nw#Mv*)H>8%rs^T=7%J2?rHWn9gXcUdg zrS1Q|+=VS^l8R>()UW6!GA9&UAgDEakhp;rt+WZe@oG;ooEHi56Wu}7LvM{!1>^MC z39E}^twl4?c_2DD@w%Du)Tzu<#ezG8UmZVMjSLSrgOl3X%a4}Zz2ESD+3s6=!yEh8 zWokV5)eCw;7BZxFi$3H02MmN$%lW`o18X`MVavptBY`Qu_%{ zx-ZfkmDv?RL5HbfjiG}%r|MRF%+tgi$m!X-n%2PNY%-w$(Hav;oV%P*Dr9h11H2@V zVK?eVq~rLR$Rk&3ZafuwoZWN5T{;&cyRqI`9{+~Rg>xRpJ`PhtrJQOhy`9`ZHC=FRQy!pm&(%#d zG!R*A39#u4r)XFzHYkbS0XHEqkW^?=8&-~;%kdV)u(1vWK`Em`4hM#2FJ60kT#LQ3 zO5dC*#;5Y9?GC?<;y38i#M%kPp&J;n5^zaD#*66ELWwhMRC*|Lf#5_jv&4Id8;KF6 zjExU=M)kF>vU#c6R2%kE$w;i-`a9WG~>;%|GF0h+KnGRU9kz!6K^W z2RDcO>=zV5;>zxgLMO?Ti)cN;mA&cOB7jBwKUAG%T$BI%x9P3{BHbyVbazSjXp|f! zEhPp>jZTq98U~|BH%Jad38~Q~EeHsx+}FOp*Z;x&nA$bq6X$upk3+^|4%(K~wtTis zo_p(KHD}DzximIR=VT}n#Ga!a@?I31jZ30j#0-e>iXNSwQhlAenoprrw$QY#F#N*z zAi#JJ72jYEH_Y8*aP zN*|F89g7{y@}vl);Ss5OaDqo!@Q=y>b8|iX_!HYXs0LKcW}V+=J@AOV$HN@e{W&`b z;+0m0SFx%I#82DQ1L{5!=amz_Eob?1&ci4m&*t!)m{00AITh__e*umqFAvT8q^)NG z)hBZ=EnA|+NX8cXM&AffDUbH2e2C8eDrIppzC?g`@_}=MYCU~f0z{AKS>lPndv zBie_fGY5p}r1^dMzo_g5NC#SqNd${LDAfIa+P}U=D$!Qxpo-!B|E)6UMdvSzS#@dT zrvR|dT=65_qD7NA_eTP$!)~xzZQBaMIk2t`?GdGDdg)M-fR5u-PqVxQzYp&u9 z&@5|Yj^>B1ubOu34&o1JTvU7tbU8Ok9L@dx{agl=FiH)VHjmRchs$5Ne`)D;Ui-TEq+bDH!yr^pE0{PY4nJF~G#^Dp)ug-aJ+Xp2ny7V4D9BIfBm^z9 zUywHs)Mxel`8q!4SkPsA(YTZ{!BRaTGAo~p9gHH}wsV_xpyHxKjwUj`V8yOVAGFt> z3QHjtvmEQt4ah!x3)A_D1uqx>6Zut+T|6NNVJex(JE@V60Rhj|(6j-rnpn#|{#W&5 zuLYr!#0{YK{zsu_ZzjLbRp7WfV3o!WdlGdz6?4BPmvn2KejsV|=?e&Kzc2$S*Gy6WYs}!4oNCBX%O#oej83I*dLK0^^T5N0gM!$4iv?-{9nI!x zualns+t0({e4tg3^kapE+UrwdXVU`1D6D#b`uJ^V%KmYIggv6eZTeQ2T_~t}muq_` zshpIX-D?YSc7W&M9)L%c{wbv3Q72cLmEEo;a(Cko<8~+ZkrO>xG35uoAr*eBfw77( z*JKq8$VX0Azf4yl1I#it0jC3D-08gNL;(q{9fgnW$CRd%c~pCJdzMonp`jjGq&~9% zev?*6k{=;(4TlkkHsn&-sM!Sct}M#qc7+UM=^mZ&p0b8WnePkVGXLiSTD@UG$ESnncWR4m*q8=1s!D^=| zQYovSw=$_}^?0QF?_XI{6K&aLSv{tyj^Zh#HH9~&dxq0QvSbX5UfkbrO!^C?Y~EPo ziOe=*(t4~j9a|p;LCB~YH4x#XeQjgj)<)ca)v(}p| zol)mk4VR6`Gw->Za+*b+#u5tQfyPRwo;A&KUzGQFa?qrI$m)al@NC9aMe#=(#pfiu z#}|h>S|$Ya&Z@)X-E}Tt+`K~>S?iUa9%I6h$UKvA`>tA|x>;`=xOfd!hi$-7gO9oI z*bL4#&67sv1Gx|{7LpL|y)h*m4Z+@5Ts&S>WAySX!#uj96~7LFI@Ee?JzJP0P>yXQfLWej0^KxEfe|Zhy=wEv$ZNH(q z_dPv*HAp~# zYpygCRVS86tk(+qXi4O_?GB#IDHBym%v32DK>4Rb(@I0e)6$?mX&D#P3}d?e9iWu3 zy!7FXHZu%mZJ|xqWM!u$<2jmmcOsf7)Z2rpckO?zGYPcRzKx~xh`O?ZDlEq#jRGZD zv1Np*5d_Z6#^Zd1TBX@>(3lU8dCQs~hmc@{X(S}s$J4@6uA~eq3Vh8@Xlyfuti39d z^Mi$WcpL(Er}>PhJ1GmM2@Y&Xr+f$#b%{r!ut_+DXTK^Nma=(!k~ZZVwRqeP2jBH( z>>LX*Ib}_@w6;uv=pq+u4%%E=aFlt4LH!uc8Z_)V-!8Cju%u`?@Bq}^=D_crH&lX>!r&zPj$Ue|{&>kOZkyp5pN;0a1#BFymw z*2Zy%N@70ZswhMG%9+{aYJuIMJ z8hB8#xJ(N(Bb#o+zg}Mt?Wr?!MP$BX#PJCbJt+EAJ}+R1>UQ7CTUntt+?61k3C?-S zroyj)iJ@)8rYv7Cp^`O8JA`OiRN9aJ0}ELRjcH|JCfm*yXNKh`Mkp2PnsanF@i3$Ve`V`JO(IEKZKiNCmg+R?7s+gw9`}<+ zk)s#|lMpeWt>J_W^Qk#YRvVg{j6(1^1Nf+Q|KBE`G<@Zs_C@b4@q z{I6&fq-le2Ta0FIi}_*Q*0&O!9w*ZHiS)xu+$t*74ypfqS7tvQa(tDb!-o$$Z$U@;z3{`kb#@K@g|Ct$SqZSURUC|7Q`gc$qGmw}LE!9MsZG zEkYnF)bDM$iO5~afA|yBeLYxtB~Mz1f7(*P^J`t~$bNFQCFzHEx?0wJak^u4fOVio z?_jmo*I~KMRX6aDuh0CRgRof=f1vCl?x-bzTK%;(Fppjc2&>jYCdI$Y0X~qo05=fe zh+m`Q;b^QD0PlDQ)DTy8meD4Q3t)`?FAylcJY9|tZKne$C|`l;O24hdpj6I#z%JsC zj)9$!nZIJ8TO~xVsETLd8vxjJ@j$gn9Pux<|j425fv@G5$=?y&| zUyfL6%shBG;&6H;duo%>D7uzC2|;$r=9)BE(r59OnSvK73DQbqC9_Q^Pc)M7OiVzS zGsOu$Ea!c5aIN&bl``k;E7SH}rX_X=gY)8%DA(_TX+?F3)$MRsW$8GzKb$M;6dMHV zp3RmPDC32>I9WRSEiE!`HX=S|3yYTMjFyW(IEA6i?+$zOIxcd3P^hI&W@@8pC>&02TVBFjW%6&;sm52ed2C4PZXQsD1Hxy38nj&hDsn+2mhTYjb zG^Lrws^0xPsbYTUCC@ZHt6fDbI+14V0K%&@dr~%UCFmumQ*z(=7D{ji**+>SKj?ov zl>Ls%ARNkxl~GkO7;PJ(I6$UszmU5}L*(i7ES}Hkdyji1&q%|*1z<-vg_oC?)7Mbb zQKb(;6FzC{m)Cw^92jMXNSj4cMA~h$vtk<&1k1nY2q_M)@=tX7`qJuiu0()ovYPq4U8@0#CRGgO!XAN3PWGQ}GhF3*N_e zNpGI+3*|v=vp!_O9t3fH|M&FdP%3i#AhF(gPa~g^!d~C=eJGu(5KFb$ zLH$Q(R&du?=E44LksYQwU5Cl?p=TT6F*j2y$Z@|aL}r7<9C*AsbkU-%|EV!U6Em-LyU3q7aIdKCaq5U8XnMKQF$Ol zBH#f1Wl84kTs*oXZqIy<1m4swsm5&@@<|(yM3OtRr?aR`VcZms*XycmsN(m71oZgn zO?P>Pus2I&AEnwq0fqY2RUdcn9z?EGjO?)*3e(jfBbM^>BTtkrVNXvFFV6TnV%r=) zuf1I?*qmg9^ccaHP%gm5nu#1@ie{w5PYW=A+`Uo6!t_F0@5GxVph6Z&>T^D(+4H>p zn3L)+A>%ji78m8&LPkTU+O+lLbqcN(nPvD9>11KaHGvo?Vm@~cF*%u!iRIu08FoLg z8h3Tqw}1RPB*_>zP_97FrlWrG68f~a zvolzZtRz=ZBtph^De$k`Ost*P%U3h1TnwwTwn@vIywYNFo|d=G~++`GVW5!LZiDZm5%wA8nL*)1{XeGd9a@PLkXW4Wc64@&aF7*WIexd zezb_>_Cx3|F-hO)+s?I5mwmg54}Re>Fg|3!3XZrFeB5<5Z~@Svasc(jW*q7ZmdTRHoX!76mBs8`B8~l6^W2qv*AM%f85XkBQ`$SVNhKUd`SupC%w$e6Wu29G zFW@)xuknY-AT+HV0aGDW0+bO6i%bDV*H^!0s~X=uWxC$2shKEOg_s24@)7#(F1D0P zM>8!dv?5#I?5*s)=%nn_BvqzPg>gY+1mX!9%Tu!0C`M5t)E*Xb!5bmLui% z!H__-M4}L^$6)aFv{c-z&S=E*n+%c!QlI%tmy?29YcR!MoAQ_Lp+aX>_IDVYakKGZ z<9vg_$1RIEvubelBT->umw2nlPYR3qdT_J%Jb)xDn2Mgm*&%FFODhXB+?ePpEZV58 z;cx^i82aSY&->}iIQGaEKJPTPR_}b2si$d&CP?{5nulh1#K)M+p$Uzd-1bZ5V^A;T zZ5T#U)k@_KV#t9#CA-0R)SUxC$5`Gr%Xv;Y@Fej4_xfbKcK?qaom4A%NLzc*{tMRZ zwn_;eTCd42KyONYLgH1_ze_~g&JhlG`_nNiz!>^rrO0c;)&Q9nOteyqz=FDm`8J%% zhzL`a*-IePtq{icRyu^v1=&?@_39h?21D$W0TRj(zcjktd8w+FHmi!@&q==8iL6F~ zRt$$ze9rb`<@8t6%CweW=65)e0z>K}?h;9kM+-*dRHY>pF;1y`3Up2Oh6pRw4jT_R zdz1-tv^{Mgx=H(OQWKi@9^(qa!URAhIR}OK%YfS86PgLD0NUsbN-IMA;)T9$A%DIt zfjxWL^&T6unD=DPY$JCID7cwuJOgO;Gq@TyY(nTEa?NLp$hDMGDu>ZHoQ_jKM8Kc| z(!t7r``P?uS)TLP@zR#horNd9=9AAq{8X1dFmoD0`J~pgZMDg{>gmI3v#9v^r@KK^ z@AOrcS^ts^^<#A>IV6H{DZH@B{BslXb32+&LGxHeOq4~_ML&**dyHy6TU@Al6(g^- zT53tI#=v$Dp30N{eiXZs3=Lc6=g4c7epth=x!j|s_hES}m{4GymXbTwa$JTrnLAC&h$RK3gq~Lb8 zqG0DU`uuoW1o;E_X|76`FDo6H``7#@rKq?^T0*I>-}WX&oSwACoZ4}IkJ%Bp*zS>j zHBz{-Hc$Ecv3^tNvH$7T#r>+~)|xGv$cLTst@USF+5D?Hu(>UoCjC1?F*pyi_f$7I z)ax0F{I>0XT@aL7fWN<|R;rmElf^uxY2<*t2JG0$h7-qLsP!=x)#i}Mwj7D-RLH3G zeq5l&Xr2W|*eBSL9lJPoQ}c7k`EWDCFj-Sx{8cSfr&)w$a_*8IsXFn4%ICXL| z_1Z)BOUpN*Qn}J*+W4j_K9Hp-GV%WG zDf3>A#eQF`#BEUvE@{pXsydrrslHZ@qk@KR!q)FVZBGy8!nRb1;{`!URm#b5)s*k+P!XgA^w@6FbIp?q98{Wqs4@ zsq#ki-oL~PxN6M}@|z{h5}$iP6%+@hc)H@U{S4nkoeZMSXGA$B-8E@D*9?19^}!f1 z+bG~Hoe3C09n^KcTGdeVmn4=Ym1Um6ob^?iqm@;BoX1aI%oEzt;|0^qZX=3mT;ei3 zy$Kt-AF3($%v`-CAM^@&l5sHmr2hP__p zMI^)2R3u_pZS!`L4MeM+{r!jqnVaQ@Y|5At6xpE8CTSc_M$#m6zSs!rM_!ez7ndF> z4SK%{%&>VQH0MP)WO3Ek?f%U=M9DHT`fk5Cv*MR-*sdBbxj^kFP?MBH;>7AT>3Jch z4HVcNx$}>ZAw3T!qQ|Iy`u&(ABI)Nqz_%=UpM$ueGjnRLE1vIz#e4ixKjx@~Y zQ0lxBt2~ebdU;9eVE-wkT;UfFIIvF6&DnxGKhbSGDk3xCO1-%Xu znunR0U;u5oytsL1OCtaA_RP(>bSHLgfm(^Cm1Se%vovHX?W=WV_>E3++BxGR*6 zlQz}!&VqOZ6>s(MvR;?{iDof28;+ChI-`X~z22 zNFVxWF&#b^{UH$&Ek9Y0CYm zyf|g8&R(S-)mrEtEOVG8jU8TMXFwAu`u9D1thV1_SN7*U6@*IYc=OCa%Upah`M&C= zaX-fXZYh`(?_jC6Ec_3?x0W|(;PC)m*^CxlLg99P)2|o(GFR2KZ!=*`^t?uNj zr0%FEpK_yOW~Jt*)$m%0KF#Q71uXB8-gN@=A?QK4bw#HCRLnnt3pJY6iM~9O|63;q z_+*V}$`~3`^AGKp1gKtX%gc9wj5-v+j`aeE!7jj%;?;d=h5=Z+KBFa@C=?2ic*O${ zmysU8F75sIJ(}_cu<4Q&e)p620H6L0pryw2{>rZXQwtbB0SM{ag+b=4ScBJ_-2iwD z{j&f|^b^$TDq7Es)=mS!Ypz3ch1mqOSFP;Hn;&S7=$E|GzyqO`Y6HYiOsJyjIl z4cOxTmH>)r+Dz4pZ6GEpe_SIqwQn1^=zJPHA`2YhHzfhVCmM+d#Qpox<^%L2yxI9+ z&b;@pz>T}mt(hG02Y}yvDVpC&!_6{w_ z{&(GbUwD60Sa^}Qmp8wH@K^u^1PvwtXh=T*O5J$;vtPxkq8rV!SJ~ww*_jKzId7;d{_YdH zSeaD3+4}m^e6A_TzdKp+u1WC@khbnNA1hAG0~1aEHT5t)i;)SFG85TRTzw=4dqzeC ziRyU4o&;4O98c_lL)dQ9P0F&gJ9{RZ2OLtqYxmFrM5hzrz$}6svv=2^aoJEm^kcku zQ3-oc(0C*`tWM{x7_e9M_pdWuYfy^;a!;U9Jok%pmQjut`-QA`uPTaHONxb?UGkx- z>uj2)n6X+`dr}E7yr9i@!M2wN4rs7(qI*wLUM?1yUBwVC@R2laqWFb@92gL)EAJ6OThXLKoL z;#KsSjArj_=PIFi7i&zkz;kTg>(SnR>%Y$@S%>T;W?@|9gI7su)cStsHZM-U)t6kf z(}zsCSFVz(qT29pqIL;=M8opu$)YzZm$t`Mw176z+CXVoPG+F=vcsW;q`nunFAHa|jXuc%BPp1=-YDegU{czGRr zy)g}FyM{ zD~g`phN%Qv-wV? z$w@~QN#}yW68cY{<6d2k)9mg7g$Az@S6wd+efkn&$!n{)PUnpbQ5~PR$P>cyGPU}S z&g6+5hlUgjTOXw=s=oCCl5rA;fF}3UDUbAdMhw;>afwzM1tNAofBYRb9ql23w3Hmt zAZsv)cbvq}7}|V;UH_IhgjCSRb0}X-&UCF?-Tb4cQx)}J}$^u6)r{YqQg5& zKw`U-7bEB2Lf8?e7|VSKe4aI@Nn0D<@s~H=UI2d<{CS3 z>qY9D@Lvh5LeP5s@!G?G`EEP@&#X(VmjYf6Rm$4b5WRH$fXhJsUNij?o6%DYOJnLO z$vbksusd81+3ac6_3t2@lGcT_>Em2F*ef_lWNJ`|MM=wv)~Udlk|5j!vcdVSxtCF4 z#g>4qQhW?H7?n34I}YZGZ%3?b2r)n8MI?m(IKlt$f}cquzTU7z=k85B5p1{YwU1NS zey>4EO;&F;ls&)(Q6s2N%6PPAZ)KR>MeHxTZ6 z9C6eCc2?)Lt#c2sH03d&%Q5#a7Zw*o0H8J%C<~x#_r3&F%|oXEXKKI$K%4>IOV+Rv z`4e9>EEVv9;;f@F+V_77?=OHBofaR!pavUJwjC*$W{$UreX?6qE95e#p-vZ#JrYbm#{4stwiE)OWryu99 z>jJQ502Ea6=;TDFfqC}QNc*#J{d85DRrF5tR# zV}$ivD*yHazNyax{b-Ed*#Z7}cH#Y>y<|n!<>h7I%bcff(BB9^#vK5= z<|rz;=eK~T!i;9Yl}rr%6$c=`p4btIc79X9NFV1N^lKFW-@F4n+cE&JT9&Lji5J?CxLr8C``LR~Gl1uXDcpxD`y=H))W?!}UCqwT~o_FUw|EbG=#+d_Z*kq}fh|Z?r12f_$E}eJZE}e{uP|_tLw9 z=I(Any@1qu*_vlc+C_oHu+Vo&zbRx&1xTM7pT8bv$064+jZD+LV0f&pmZuJ-_@>~% zM!tc3nPq9ef}+Wek};xroU4n})n)S%|I{E>PXqmKqnZt<1SS)+Fb@u31guHA4i!@^ zMv^~YigHUIjCq*NAtwjk3MaTLV{kzkxVXZbL_q1W4<#KSD&QCnQ3x$n5j&q&)Q>*R zSh|Irv2&c+S$mO-<8;k2WoM6P&O-J+kDP`Ki6n?mQm-B%`LcYxM^2cz`%_Jc0!1%i zC%dzzCEH|&1?BxbDwt8`4Z?H6ALW^^+moCg7`8=!nqx|x(v2=RegYmD&}ApI16Ml> zIFkhOtXOq^8*g(~yH)GbJ^!RZMOpO-)KHqaB^y#utuMBwJz3zdujQAS0WEC`I8IqA zFWEaO)kacxqSPE z9rgLz`uF$qZ1JNz8Vmu87LF7=T=S8&ijFbErZziotWp{(A?2T&b6_6CxEg!QUDh8p z+LfSb9&j+RQOf>Nk`Oc5#?JN!hVd8R?~evlGLZr}y(&&@Zd_0(;(@xI11RYqjM>39 zSWsae)%D0It46kzFIHWRBmb2MW(&8iS+$xj-=CN{5(+%R+j)Bs%~Fm31{s(iL8;{R z%|V_4?g~L9#ETSv_oCnh2JfgL2e3If0hO?6H7oA1eRS+EQm;p}dQve{A9CLXEcgX& ze#IfW4JXNwT)QwP*O{t1ingv{Q3TQc?;1fv^hNg3)$K^x%rXG?1j2#?Okw+(BooyU% zZ_m$XaZrtvE_aft(!=Ba1^eig#u${m#qn>&)9P_-=@p?}P8B*EcB?K6`^Y;H(ROR5 z3BLx#>P}TT(EK(meIQ71EyGIeiBiIc29YtV;sd8y#-d($GcVQyf(&CKW0sY!k#Hd! zpDc%S6^+n^KJLK4;(e<#rP0s%)*uZjjX`U>S6k~jpPHOeSGYa;{&n{kVb{X&80bt! zABiLd)9*vm+$Q5Q77?<7+G7jH>WV~SR3)pnYnNHIc%^O>M+IjZWUyX*!aCc3)`>F^ zD#U5#nEqXKeV&`7eNg#mN;&W^ z6!fLTjZ^~df%vS*{AV41EpXX$#C!Pi`}2DMq^)os%W|F)^QVvePv7%DpPw@p>n3eJ zefR5W;jdC2c>qu?cUR)|Y7tHBZhAMq_Gc1Eu!_EvNvEz@#lLMxENpTqtVyLF95Rw z80~2tPDV3OBhtF=f~O;xe|^H2C+I_etQQSBpDkg=T~E__90EM+9hw#s-Z+)%++y>*_E`9@-Pqc8mmtXcuShBKn$XDUE+2cUhTW$jHj!7}A z2aZ4azme?w4MV-T*>EWwPltR8YLNyX6B1lvBAkj`lY%dMP4<~4l*Jj}gh;YKBW)6u z5E*&jQYfiPh(D@viixtu>5d$q-_(Aq$*RO|+wEx`;+VIj zbvfCR1*A?W%;B~Vz+?61az#DFvD$Oyg-mL_9&7cT5!610&8=V(x5H#fo}s8l4LmgI z@n_~eVcAhxk&Ak{2cs+SAMcseketXo&b^Er80CI@pT|&SOW$Vf5i5ruNXeCzDE`^S zr+`oMoXsa;mt77jt;J;WOVl42nu=S;2PGE4EP zBJ8hcbcPY6?FHFPdLe+p`Jz5Hoq$_}W}|%NbHb3F&sp)wE~~g$R1oizTqhJV7S*8* z$94af12cxF5swOoG=-*DrH{mGk(P->wCt)v*wh40Twy*g=XoY3XSj8leW^o}PTVjf zS1cH%x!IhtJKtxxmIz80>P(web;E7b>;kctN{pF5+=*f&JgZ`ova?O~;2M`2 zntrlO6ZB^ICl?_!sa7ydH(EpS=yqSLv*Vk22d#Cf%-BT9$zcTTtmqP<2~es=a_ zU88(D#BN~Yyi#`FptZ!W@r1Kir~1?MjP}x}OACjwQ&*QKmjvrQBl=vDFD+~t8T_w1 z%FW_8D}es{_hedpAy;ksB*oyml{nkSDqGc-M%9ox_LdcO*HICM^Vgb|7{S|j13V~% zB)MB5QE;$lq1b_{8Y>4CB|90RtkDDv;-}1zWp=P*g3VOB@rGrPnah4(pE!NwYKdY2 zR{802dHts|&&xI6I>erUY=~*nP|ejm$SX25Sc+j~Qq(TV6k#ej?f!Vo5{mQe&L3l? zP?coUP10t`~d z=^x-gyooktv<8^{1BjWpeG||BokO?f0Hy@@eRk)Nu!)@dHv0CksJIjV{11CrjQo*( z%<3IbH6-lY#=rXuNRTjkfZG%cJ3;bAy&Ag;_y-ID7r05mOL7czObcK;7;mNtL>=JF6QL~O0CIc_$WyvdvM%>yZT z-knaJw@={Z1@kYcZPw7quldoLrVM^X(W|)88OT4+MU3m;X1h0wsTsVmH?H;x$z@oCEL|5yDYq70TrmAiI{ii zfR0($;r|ZVrv5cUpI{vrlEu^bHLi?BdyL7&alx zGqXQq-rg^UUfV6#!gT*II3nAx6!unA)F@?e22`O$YNQI9t{?&e6j&zIk?s1gg?|+CHu{gh31TwB>@z4t}3zVKCGSS=J5E+jF}B zH#m-FTI!F_%3Ckt<@DD-eVZ7NoFsi%>;M6@l=^CTz#}P|%#E=aFCR~8QmAN{&Nw)r zTBwb9lu3l>vB$I|AuBV}V?8yY@qDbUT`$M=qM(Tonx*vZ`35RcP^W)cP5)OA#Gb>9 zyvCA|6$a5*uRnCESa%(fXiPJw#UvaUAmfPglRPXL?$Bvb}OIt=B zm>qZ8r{1A#Xi6i}bE>P|5TB?TRAKF*aMd3V%gBaC^HchY5E5e!c%ALJ4LVz81Du$f zllDFd;@`E1mP~yPv!v@?Bb{6QvuoQ~HY=lUqZ;l3-DAwZ=&)=dhvg z1Jj2krqv7&2PxvFG>Ub>Mdj00W2703*_x$A^8&G4An5EO+wO}Km|3;)V12~DZJOt; zy++&9H)WrGOXC`d<3yP=C#=$bInkTVQ-;_P%#=#VZagg7)(u-2l>nk4Y~9)f4X%B5 z`rE9CzP)&Jaa9IVGUD&f*J9ZaS-KTny@-$}TBtN<)lWBh8UE~|jYng;#R)1IYMckO zHkRJ?`s=N!mdd+E#T46+RtiCUP*Zvziu>mId#EsU2I?Rqy@1jtJ?GY8cLgW(npLZ_@cFoZtqT<;A!u;%cVjrD!b;TPERz3nU8^@)1YPzDUokD@`U&+IQk(tQ;=8z=V=oTBk-OE`j}-)?5ia z(cA|E|1?W|D;>coWdTDL3?MX`fAj$FOvoTym|3hONkdYD3pQ|^I&&sAa*gj2=o^d zZ}!FF^~H_cPM6JNTQFz8(aY^KD*QKD41T&{6vk4;IVCv_Y+Pd}^G`Bc*JRe3@=XHq zq(LSr8|kCtnL*TLEFc|suTBDS0>hHf@n$7L7s;pyBdRjX0_;)tY+h_Ep6^QU^yK`S zun-KmXB<=m+zX96c44&oP_R(dgmIe`}4?IfF`$7|8){Ly(fp-y4(tjH!UF7Vo;>5n&|Z za?Y6%X%U%Dk!Oy#$ZxUY$z`ucC7#{Rw-qDoS&D<{H1+L(3cHXul5T$E*MkuHl@~9+ z8dIw%hFp5Z-DjD3;VPA+H8njARG}7r{iv(uT7g%l>}xBEi2zKEzrya}yad^RM4#Y5 zg$Pu|AL8L?U^InK66iarX>1SK;al!kin(@%C?y||6*WAMVw2#)u`f;N929bBkz?jg z!R&t+=ulyJ5EO`?-CVA&b4@oBK5U)LNBT3>l`G5#`MZH7bkn{Iif%>#-6T}dn9Gkh zcLhHU?q33pt>^C+sDgrmfUZk#kE}xX$RjI{?g*?G4pc!D3>d*w_a`b~pcis~Qw6vZ zd<%LJh)Z-M$`LXmg6a%O; zy$c3h5NmHP|K=DFc5Q2NMw12num~Z`pLSbY*H(Y(SUQvM)3jEVo;;VfR^OvwmiPAd z$KBQOT?8;#fW86&s3U6(ogmKc}8ZKg02PZcF}t+fO58ece3~PWW7HExHyEeo3BqLjdk*!9F z<2LiB%3T=ZmiP&0>8b6fRR~0C8B^M`6E{C8vvgI65#%HWX&rr`ob(I4G$w9x(oz%1 zjuC02qoPX9$+o6@6h;(u?QYNR{s2$AjI5PKs-E|+!@ic2MB(vRNT>&pmI=-5T;Op| z0U;mY`QoK@&KbA1wD?Ua6L4K;h*0V1L!P;dON~UoJyOo3wZ%TTXPdnhr)Ph6wUK}>P5K>e;Grjm_YMY!uU~b5sl4OftWEk z#=iaNA?yQz7Nsb@1_iP?nmebx9R{u@mETF_YP|{xxE-a3WldU0YoEAAl)8oMcS)zE zZjB-_+)U)mvfSY1yK@30&6DEOM(p*pxmaMW52lu2QxmY@0m3gplFP(JGEm!66JrKq znGfZZZi?8THd|y%&~s;{+yt=-DVSc1@LE>iw*2+0sh%|^2$Y<3&v`Al^{VDbj;CE; zQP*}R_q%Vz&1??xx{bjbHi@u|&(Z7nfw_RQCxT1di05xw-43$A(f`J%R$XN-;SwZF zB|gqqrY4O`E;23Z;2@ON2c@qg5e6w8${R4pd@8}bel@oufGjYn1P>a*LG}z>`CWvc zsknyiT-g^e`oRdzGKT>H!J9A=GEs5oFfHS$A-=NNGF@FrK(niaxHCx7U%wlR!4ISUqjDs@;j`KL}!*~VI14#f9nl28l2jup_#3_To|0xG%c(Z zV`SgQ8cy))Z*iux+Duwmii3_1Ssn~O$t}IOb#*&6YbMFN6v4-RHgDDM_9xm5m#s$O zkq~xdo{39l^==PA{275t-7n73?{;q(fvfN3h1erk>J+c(m!ZTrrl&v2NO<9}eKFt2 z*!6x4GnNq%b#C&nVu2$za@VR|$EUpLh|}NWwSVtsTAv#{x|fuHyN=Hs0xX61r}uA; zcU!ac@+@9ptn2;hj7K*O&_FkIDP*LT>idO-FHlo@JreYKWTx;xQqT{@n{>qxpvO{! z-N*9pEC#@XCMcDX#n*-Gt>Xd`?8KNsK&py-i(8{*7U+UAB8a~p zad^DSt3V-q<@BzB1)Zo55aRv46uZlpxv>xo`S|PdI~{sLj0G4709c&=HUZ^ap6s&k zh$u2?X(>oZ_TO5BCVfP zA)6F1MQD0q@v#ft|F0^%t#Xk+v}8YrnRmNe?VZkMb>+U=n^Jg{V}iD@oxaFU-m?sv z+g}0};f7ef*P*z={upt3zfv?geJLp-D24YjjB~y~q=Wb>7|$nm2|8tq)sRC6V9kyd z!mmOkady}oa!MZHm}_+|!pO;*O0$__@J8p~%`0qt0EsH`<9vP|fDnZ$U1??5XokU*NP9f4n~8N) z(juteu;Edn;CIw7`N)hQmWU^Fj=K`K(;~))k2xq-H85u|I}^8|Rp#U_*P4lxV{(!K zQbF4~=EyG<$(65*%B>O=j{4dJXY|L$^n&y_kp%fk4ab~b>4e3}(76(cY1PS#U{eq3-0&){@ za1U#@JY$Xx@d!1jc?7faK)}4B1)pQ11jUfmc+Xi<<&1QM=SI~CQ=?hiW$oBzWxs7> z&0~L^CJ%QL_SfdC#S)$V6FsH{_JFR&c(+6O4uy{9bKJG~nmQQ#rjU8*LPfJO_DW*A z1sO#`Mv{l7dLH7E_*#@0hSR2jpda* znQNsCPpYwpU_^=Azs_JJ4je(pcd>o=;^$Cot4zR4Q@Om6G0jLVf{x;aoJ?b0BYY*D zA0H<|`1rWk$>7VMCiKU^VpX&TCSK08y6X@HrkZgOzO#px7)|qy?{sb3;MbU<@YOTX z948>c5k+3K-9c3;z4UFoi&3FLbg;CQ3$rM;FIh`%C{=`-qyMRX!%T*>U**N|_}e$P zH*M=RcepcI5$`h>BEZAru5L{63sywhxwBO77C6|3%@mnY>Dj>|F$KTK!&C(}o|f!? z$UcGa;3)~}vcJsc~Of)_I;xCTfFuiapVLVo${Br-Hm~r@5*0)l1>(^D-6=1t= z5((}{&D9loB|x&2+LPgCn^|txP16pi{JZo_5FjW-62m!%uZQ*AREbh ze84D{Bf2vR%skcg0HIa?DL{M~%Bc9iHt(N_C%tkjK5IZLI}aUlCTeTVUU^ zx@0nzEG|1=9hfKR?{sqt&k&O2Zvxflindu>ZTG{@=z_l?}&<@i*o1lZ}8 zbwVy${Ym)&%6IvbosR?a2h--C+K%|>newaU`8yO_Y1837)VJql=z0WawqRdCY70Jq zcy-UAdY+U0^=nUgT=?>v7SLjEKZMwRlp>rEaP}iX@T52~!$UjARj}xmY>`0~R>(lL${yb&5*a)O_*>4gK zEj8o%l#LVj^_D2@!#}xpOXB>~Em1jY>jZWU_U2UlLPDY}J3Jr?#;7j>$=b!$Z#=G} zUk~{&>kCNgC@EzN9ueiH`@Y!E&CU@QHjZIv{&9uZUiZ~g{?kgBK}ZcbK{;ElyDkzF zuNwDT=DJ!zjZ?KP6J${6@L~I!){tfHEmnBxC;Q9D2xxVA z>Jo(nTy?#Dm&}A7cBN{0g~({!e~73w178>;o>(PhssarF-VdL$^LYa@JHiSHIaT`K zdwwgn@7MGZA=a)caeLDWS|?pAgAgy{X{Q%l22f2&t(nsoD6~fxgIdgB7&8xOV|F$F zA6su774;i$;ZoAwjSj6S-CarxLw6|MIY=lS(w$034k_K;44^c~&>=OHfPldL&hMOc z?z(GT|5BDZGtBVD{_Oqi=Z<>)P-af>7kZ8P2<@=;UVI0a2-=}q*#S>J{ho>?O$W~9 zzw-m5ixu)KG+Cl4B1%;>DWqA+By`W{6VZbTDM;`wK$bqSv3EGbUjl^SvMwbC%u#Qk z5zyBc?xCS*=Y(8RyPa~V1RB0p%?8G)_{6M*1Dh+PDq;0u7a}CRI_h(%LUb@#DmJ5= z-=F7NmG8)4{V-zTka984aXqalV(ct&loBJ=Mjaq_QkY_J&w;n^Go-_dnsOCB^=%?iD}>8aZLkt01(#Z)p2-n^)DUMjfJMgoF? zg2Gdv`WuspTfSNF3dt0>v4B$7n*YFFDo3;|6;}i=TInV24`H&Y=4O_?FX-aqgLUa` zwkKb20?eWtp7Zj5&zd)~)?s(!=Mg5?Y2gm#*#ma*YZVzQJ;BUSlVqhg{XDZGri)?y z8zMzM>J{ZE@1fSMKX#JavWUYu|7v-i*MionQGQa?HlK?+uUJBy-K1e0mE^hWs~D)6 zAqPb0u-sqrY*xXFT=rWGf?S|K0qopp>%gajw=xN2Q~rWhKOOcKtfMB^`2O@kd&s4?UT(zf?^jtMT17Sx z3TK+0epek`!x{Z9jUdb>VpVf{|5zqP@)FmN;myEr>m+dYj>Jhr)55BP4a8M#Nt1kd zHqMR{Pb0F4CGP!+5@)S0x<#eS`uGd}^|Q2@fOy$iTHj7)p54>Rr!Jdkc=7>dy*P^~ zWItQ?K0X3NQ;4gxbKt{8vkB1Gj73Nv#e`e~Px^t=^-aLX@t5Yvfks=XjJrZygT3kF!!DSs{h3oz*cJ6d$kUjU~dnlKLQ2P zs3I4zJERgGvxOqE(ix~z{D{?qKp>FqDoF3BEijfXnK8Q= z)0f&4o%(PJc(8yGY1d&J;Au{&`E-9cC3aYege1%xy9NSa(tBjHGewQ>AYip(gRIrt zPI3S1lNZ{+s5$pGJ0e z19jkv$b?H<^{?e+z#Uyt5`wgq0fQ6$kH`Tw(nPKG7CAI0dU33Ecv%aKNsy0g^&R=n z0%fAJNXs*F(31DCpC@&$`;eh0u(IB>5p=YNbl=g5m8`X)Ae;e#uu5~o>3RB zdgn2`)ICf)`o`HAMSJwW6n9zuRxK2M_E$phCSkb<_-s7#r2PX5LCsvJ{NaaYZ=9#! z#T8R^orXtF0GFfTPoDCtHu~Ez(&NBcr+#s?uHNktd{_ABWvfVrocz#q=F3!%Tz#{;uBkj=c z({OHy`Okr~8)rzg-2-KwBgCR9#QgLFlco3{Et-b2__|+b9_^yp5o`nLREMb`* z$tWkukL$pf;hCP32s1#t7D4T6)O(_^xDk3-cS2RXwzS0H@T_DhfbqAh3h*WGAkBA#%5UkK73LjO$k z%r*iRLy{KrudO%NM+C%p!sQ@GMcKj~gh6_Z07De^`ulQPVabzGE)nC{AURqMCrp`j z`sohKT51I@+}-;67!v&5`0Z_k<#&m411x{nFv-4*X^YngxpWjQbs?|D6M({LVcdgN zy2(@HP3>oVRT-W$R-SO$BuH)S*@A5t%~Y=yc?5c>5eV1?@6|G7YPYBE;~$sU0}y z;1%hXW%A|Y;5*rvpM}lVn-qfD?t#4?#-@+F?h%lJ0l-sO3B!hWuc*O$_l}jryov>Bx})D(vMG0%ZnwaPA6?O!bp5!6w#U z6Y2>I+Wi1r3FOSRHP#$Pvr#E5Ne81qbaPMCR|9`jZABsa%WM62!h$mB?YQ`(oB?VC z1l5!-ew75*-(}Y9iWU;e1~90y3@uck-*nMGFPI_4nYEZ|+uEMNtr=yuAP;lAB*!Pgr;N1U>yB{ed zyYA+Dsg;|F-2)_qP>1z7I%1OIR5f@bYx%4ZyGvk3 zy*R#JD7y>d2=>%Nm%l!h6t6TDlP+YJjvSlijg??%hPXOo;d|u0_e17eu8CkDtSskN6H5>ObGd< zktxOT6PdGkD@Y_i8%`)D=9mLpf=IF8XSe!N2G%ltaI0)NxiH>RG|s-$(z6Y59!qD8 z+V&WhN**1@f0{M2`NO#2!OxNsB>4*?f0-$~bnXe>d#b;t`}TpWky(Pl$?ph*_^rwe z>4~+T(Rg?vipGLjjMwkwrp?)DyO~-KZT6Drfwrcu>Tc@gTMiUX`dLkj$U&XBw@(!| z3#x0;EblePxaaYsgS8|+43aT2Fbx%Rnf1J&<;BYLzXXdvCtvmpUgx5ZLFJEjOHT!l zfn!8X`b~NzS0V{&7|27Y~|-q zzY8ZFoY~QJn9D!OHUt~>nk7BIMvfhbfNLSp54>jTDEj#C%_CrDEfwy*nSvc5BP@4E zkpQ38-v0n=>(yY$U4(3qxfO=J$4Rz$3gocndeIlTT@A2Hk)ZfM+(%g#yP58; zHtNP}JK>Xy@Iip-QTyp};*I#njrO&;z`N762fC(aq}hz&kkfRbbBp05v)V6-M(V-+ z2w~-ahqQ^^?B@KMS^H;m^eZy&P80>1tuec*%TO=&8}15hIUAarS=a>fLV)2LuQbQJ z;nSmHB;{qu#bo=<&xE0eduq&o8%&#TA6Vkef$Je)>pIQdTOWJjzGQ8i7wGe1n|BlV zR^A_WOMTY9M>@ffdvQE2Cdy(v9Hki{KjB1kgu9%3Gm)_NF6MTw7xLn-c)?Nk={yHl@U-6oA1^t>i&yYHgt9s zCGv4vnd;~lwj)cj2|7cIiOI{CEJ70BJblP>Z}cL&(N6@fP^ ztwzEFmwq*E*!1C>&_2}N2ardQp(M5m_9BB!!cKNt$FVc`m^>D^y?t9$0*h~aulonS%0wTqYpnmDwPrLj; z`e|s3DdG4SF!UYIoIQ4Zdi=E3OayS~=?yc5_!g-8GrGJ4hlv=_Bda9*uTQ#fqpaws z8pOVq3|VJ17N0Mk0ng&kOVbEZS1Zj#z;S~icJv)V0#Yq@O$mfh{l}Q;!~S4iT(k7MJOVEbBo7HIJ}l0PkNs}@yV-9haN@Vn zF2ux+6px)YzmjK#!$vvd_=X2I z{Me-~hE>@pR*=dbx^(|L*Y9qd;f7VsisemQAHnM(Q(pmlpHoRnFjF)l=uY%JYm5WP4A*DFv5oBAc#N`|$Yum~R>Suczp ze~g8;J^q`4C$UGV^F$B%gi{|no7+!zv6lfMN^}-OPV+xFD*H7YXnhSeBUUWQQg(>f zdV2VI>zadh^A2`Vvub*kdJPC7G&~7(_^s@5>zEzX5EeYKp_cRHNfQhQHf}yaEp6dz z@2n!^b@w%2Y$kqWi)`(EhGH>V<$0pxN#ns#cjeUSuccKLv3yw9Y$@}T295NxvIu)r{%?_@_`F*O!?&3F9lDhpA)TkTTfqMNf@|I8_7PMKkjtHWnWtMipV z{5bNXCbLRbovH`boRwJ>G(|M4f5lV9O%9E&oOa#esi$&ujyPt7q0y2*o0zBC8@hk#_{Fgyjn$1Sc#U zN)QnS?_UoZ2{T}tmL~~=KZ=-Fvz?34El!LWM#*3Y|6X_TCw}*4)$T_I`eosn@nkeg z_Q%di+LxeqiJYo)lHp_%NT9m3~m*;Y15s?$@N{7sCl!s#H}r%0_#0 zs4EDmz@L%>=~P^Gs;J}^9kv-c{&X->eDCOQ1~t+ZA?UX#sb6vu%F%t9WEZk4!q|@@ zx`*;rl{040N+^e6-m1i*-~eBbpP3yC268W*&jv&1GO14u=HQj{2P;P#@2p)-zycUG z^C}2VRv7?#bKlqCJHo^hzyfch3mz`t-bj&r=HobDOqfUmQnW};V)}e(G)G@>`BpBm zWrH?Oh*bQwp34Q8fi-V<-+p^#`;`^RnQ{&!^+f{9Qzn{+q?ZLx6Xp_@O|Y9@Hps?p zNadqqyv_Hzn_^G9RNl#CoBVxy&_8kIJ5BA<^F3+FfSwW6f^I|INSoNKla0vqiUL}4 zoVNR|wyx&o*%o?f&R>Nnw#*9-n^i_nk>4~YKFPZ#zv`-%TWy#J+CwTo=y1=wt1aGo z5(#=qE3kclZEYk{6*Oj$*I+kEoek1GX?f`^a6ZLOxA*-lnlEypvo;hKr_-+|t2@U! zjb#zpNL01#CTSe5?=bbP?%F7P{yqnFkt2n`Ln^j(wL^&bVMgqV>uouqcAi4s`9k3% z0Dof!4%{R&&4AV5@wSi3Mf7^*AQ}KPp}*4^r^y-X_HX;eSKUK~yKi+XlMWDLr5%3< z{{r#dU7Zca`J4n_1?z{l?BB-6e;1alA;TQm@xWFdxJ7q1roS4e+tqH{+YBd{3hoP_ zqu46@cHc7oD0~vI=Y4l&`jFEdJuFEGy2$OmNXesbLkyJug2TNI)yb#O4tQ2(^a}n{ zf)@vx!5EJe>H@lb{56MdhQc{hdoX&3LeV`1*nz>toFh0FR-A509ne6};J|s$gD)S& z@G9aXHKtWbD$>hx9X_=dFupf;KYJo_37nahfWyRB;ObcA%w|>k0g*W}(UuDD_!Br+ z2Ymg;srq0j$n$h9!m_L}``4D=jrKN* zQ_-knuJm;wtd4wjLZntOf?e6Rk_h#teEB%^&UvFW6gBZ4W))nJ$kOlCQbO+*!(TJr zO5cXS`LCH}<5nb5I2d%j=^&XXY?cv*oVapht%q%?U5n-U$##b?JGw921Q3Ek4F%b86ToO{jj1R>RQGkwMq6)M53|W^ zb*wQ?Co1P@^BbcoomtTd-eyzxucCY&t#^BGX7r7sJ?rH-PijGG!5{gmxj7sI#4DY*eK3ab+-8>y_EzBKl< zze%nuueq|L&#+-NH<&r%N#9FLETlamCP;)?i5^3Dm6^mYx178aV3E5F#5P-9O(2bE zLu%)+H!lyPwZ*!2v-910ew@iUWkTfn?7_iN#f{3?wJBn}yfF$PNp9FBEm;djE2eWp ztfB%nfhHyBY)l_!BU?E7Sru;dHF{>`8f~~cZkYJRyUAU9c*r#H+H${D=+WTXY zBH7fmi;PktEgUxiU5$;6lk8Go0cL+n^k0BKG5u$0tE>d6NOKf#=K@zff0CaWU4M2i zC;w&hns(hV*pfm1;H{V72)R$in&0cDhOFJ20`Ld}F1JAn;$G{F4VtMQ&piK-;k}D~ z-mmQkoNp#(ZifC_!GW7CfRX^3Siks^1y(RTinSjhs1;|<>L>enRyzOxR`6~hTSNrg z!}44O!abXSY90aLBA`=&E{}~1o2%DSz56~8VYnaJV7DL|4CVvz>to?CEB~FOktk+?{ZN7W z+w!wTkiljpf_lJX7P|vNVtlwMWK_D02YO?R2su%J#rV=eNz_rx6OTy$35WH@5Er>6 z3GX!+^M}$L!v;SjGT0C$(`b>WKIOKhMp?jlPgPSB9;GCM7}5Z7`bC6&QBtQ!jUvSp z?Ny#2=ZT2HXj71}L9p=h>I_EZ3S_1Y3|8G@M`3Oa2@XdzQ4mp>Q|=CM>B6D7B7gI& zFl&yUBRuO(puf@dmi%PZ-8`nzj^`@0!e7{9n}}yYu};cpIZ0V}XIH}DS=uAx4(>HS z%p$*7inLTT0=d`K;$zV%TgARbqip;JErw_{l&3`pHo6K$1=_*Xu>l))-omu%@uU5Y z^S$p&#19RuuoJy()XUlVvVu`mP_3;H5m=xt_ z6u$d4-|Vb6&yya)3JOA3H#K)ig&BNBCOMOpRP#L6p(=3An6t#jVf(8HrkHMpd{x>k z!$7KM`m50Fc)!Lz*z`_>HPN6B`Z=)tUVT+DH{@Xb`CdU|8y>4`>9%yxL^^};Xf-(K zmBp&H^-8u)t_vEqE*p&O(kV`j-q=oit^I-DGj3zTOx~9fpO2u8lS&YjBthq}lN-%C z^rBxo`9$Pq71&}po&@Q&=#nTW(=(RSY|PQ&P;js%n^bYjt8f;(P^-+~TNLK@h2+ws z?NZN88g0xE>6hc?j~f@0SKVKIl~6T|oaVlj_$6MJEo#fFZOLP=X;$ICJ-=84r@tLL zXoTj>IRtVRL$megz@~A~zDhpN46>fzXv2co z!`UZZ**g`AtSL9mjD(4;jKsoZPtih&@seAI97o@A@_6!lu-meq%cyfc?bg(7dL6)u z7Ro^X9ASYTJd!n8Y{U@@E7V?mIaszwJ%E3WuKgDElCnzm1vT1*szd=^;Sjli)6Lc6;-h)OVsm= zGgp$y?3QpK9P~&=_-SfJ)$a-xcb?x2jsD1Jgk%pq$&} z_S3_Z>5A7{<(9c^2AtvBZ)nBS^9TUdGXsQAje)6?6kswbhM1?FAPi5Pg~Q+G^Q^rd z6gjYyMw}z>A^*XY8UXadjMVMV9s5!O+uXBK;Cl2a0QOEJpbZXJZ(dcX@rToW{PRZo z9*KhAPC2^O{F4DF8Upw|oO3}UQLl#zCIXi4q(kIlpXqPiRZ$@SNHFe^`AyhHo zh~ui`0`jsHi{F6Uo#n9y;N5i?#%k#!tZ96x@Ir}-kKpasz+|g^p%XFZ4OeFWGFwa- zPs8q1IskSg@HxtFOzq>usc&2O$O*Dfugnfs09S?Th11|TD<`MYo2hTSQYg{W3RhGJ z8Mbk8c?AQ>G2+(ZqppNMv2j^ddIw7#Q0*PD?z4o(ru^YW#b8jWnp?M-7wL6lW6KFM zeM6^Vb$3N%rhB)+1jbcxQan%80&J>>8_a&k5 zCyGp`QJS0Pdk+vZpD!xrR#&48LjKXUiCg5uAtuV z+0o-&rr}HLAc~j8^C3o@SAVilnXzVPp$@zi3dELzRlN@sNk9JRRX`h=d@^FXPSCyH z0tp)%Ax7Nv3$a&o~sz)o zaEHc{dCi#iey7w9Z%f9kSjO{BjiF?Nu!i_;MU-`N@C_&$nl6@_3Y5(IzHHrc~^gx3%dUqvGy7;$GU{D;lT#U-hS3=XNs|W@pj{?u4{%V2ylM*Kyp9q1_B|L98{hQ zz!TvEByX5R+=8M`fQ)+p;0(yqkh=dfvwN|GO!?=Y?i~X|dcywGAV5+Fq?^BI6emIA z2>&&HAhzlG=E3XUyE|HaWoZ$mC#NNH=t`)M|J+6FBV^?`2aH_F%>af?hMAxJ-L4|{ zEt|l8vqc8nSy8O0@#KU0y)$okLOst~$)HF9UfzF6&ks}Wp+^(3j{ z$A1=Vr%hu{kI4%lD4bWXWOqe!f$b-oDSxm8L+j?zh17Us&+Tx1q4Uxdmaz;?4$jKZ zP2)|yP5b528MyZ}rl{I;M$-Q}x5;}MkftPZCfceG!B;1w#& z=1Y{$4ERMoc9a5&-Xg+dG(KKC!Lp6Y|bKX`R1=yB==I=b3M~j3w1dyBs8_z z7@G$tLZ6is^rnC}M_6*i3?dL#<#P-T zN8aBn+uQqtLu1gfd?;hU_?@?X)aSitQw)ck%d-x|`I`O?l& zyfjt9A0WL2ysuGxKCgChG`|{0OhYj7(?;zVBr>w8 zvawD3=I3i6Q~!#NU8FJ$Z7g}7?3TVqWSdAT4HHsfhducgd-hvGG(Lb3Wie;gCI4n( zbUuZwXYS#n+gDR38$8)h4XJTarCib;6O^d9h zeOVotnZ0ED>pJJ#O#D=olf#l)p$Ntml2Mqw)Y}rX3Meh!%4jTYj2~&fqCL8tfs)6V zC?tuLH?`2lL2NBM8r$16T?cTQl+A0h4cnzMqVpBAfJWZ$+Dy7I);2qo`6jGPxjTb` z62r791*1n9vZv*y)7@=wbH^m=SlNCwcP>YvC7Qi~!<>@c4D#3vv||&J7of1T#;bb| zJwFxysN$pz%h|8TyEYn_&!H%-x>dB(e;QK@>^QweQ+Mi^9CR-+WyF<9FXE|9IB@XD zNb1-@Ee8U|oL-NtZK7UZ<%6kqn}*tp5+@0;U!AA*)z63YsA|N?B@mZlFTTp%3V+9I zca28;y9TS<%S1o>Z=c<#is1T)&jMA+Dl1N!+Wd)VN+48MGWzQ6?^jLM_;#=Q35f;A zul{OX+zN6#$d@bXPRPE3MJFY1uNbkp#K})rvHc^d2=_2)9vRhpv0|{V#nks^V;|GG zEr*Igg=dlE$Va&1W$4I6fx4sgVx?E+GX(aK5QkTTx!HG{d!EF0Z1ZmK5oB3G93Z>CI3_hK#ct40)hPWhBGssogzb%57*L%NFz94r6RsIe3ile zrQuo$>Y`#VmG^e-D)2E0AjEfEFnXV^_abpvfc4ne_<{!^sdpv?FkJrqPLR3+YC7Oc zqQ1a`G?tb)wwEp>20Cf|+Or8`5%$uke>*w*>gOWboS`I}gsFS!@FoeSdtsGxD`HsSGP z&1jsutN5iU1!o3s9@C`s+2~sdK*mZp>P9^J?(U~)gW5cH#t8Ils(bc1VHR43xMh68 z7k@A(A}{9eT)NTs#J!-6h!PxxTBXbQbb6CXr^n9wWjw07faYu$zH`J4qnjsAt7uSi zhgQB)xm;9GWYBa~l&Tpk3ZXraf?G>OJAvkQ&nFvNOPNfO z9zxmWs;DUZRbG=E&d%8DZh4~XT2&!%(Rxw223Zekuxy;^Qm7g)1|#!f@E^hFt*wV6 zLa);L5$X55`80RbRLx4;QA= z=RrmOCf!{o?Ly|=UAYWK#xQ>JrdsR*wYpz(75Z=Ut{PHau-_Sdn}7ypO}+b?vvjk< zDCIb?GoaeT*|VXm#^>)jz~WyL?4j{pH@wh&*2D7cFs)nkL)m{(m z%9>WzXFVNT@;EeV#QM*I98E@WJ4n5h&*AP#H~X+U6*3c_$@M$YBlD zMe+3wDoU*oUa95sJh^uh$-FdTCz<@W9I)?H&4@@hSxckIy(d6%*YqtRtbjtrL_t=K z2SedbVfpKQte>CHPGIT!$ox_F7ML$GPR-1ONp8(qd;ghkk|k1UGo&X>o15#ZsW0uK0N7+b3sme9`k6ohTyhRM74C7sT-YGPcX8DP|~@dPUh zyZTKsQ3sr>D9}(!!fw<+U=^R2mJJR+cwV&E47@LF_!j>)^VxzJ9*(D`=4U@%1nIcB zv%pK`XC(MyXdqV(PX@WW&w(XsBP9|wNAiW+u)B4#&~Th>S&~#brfXuNhm-6XaYhKC zT&?2fp=SWAaTCmBF55`harut6DA(Dn{keA1b1u0K>yW!dr^xmX+b`Z3OES{5&^d~a zSiE)(q#oHP{gwvnWJMR3tJ@#PB7U}xd0jwRDwrj7FFf>(F+nGErcRy5^Hw5tqL=X5 z=bzg`Mn*#)qnjBl)nBir-#T58($2WdC1x2Yu}}?NRvd5AkkCQ00vL$c-YR*GHAxVL za({hs$j=TO*(sb@Gb_KXJ30(!RyDXh6G#6&t>ioo!3adn-~NxP8-MaQ{?p@0cVv|G zSv1ze#is}E4*`$I-S_)|Nf{3?z5J6RxdAB3NPOg5K-{o>7=COy{MCK`3(0JhKJ7s# zk~r;YO7chCoOa(q9v3ErrSFjp=bboY&<9xd^V;vv7*2fmfDPqQXYSLTYxm(;+Kb5k zfNS{Ug))W(%BL$^$j1dp=c)9+$dkAzbyv(&px)`v+P|E~i@WZ}$B(DISdV`b);$01 z!M;DVdXonwcvrq-I5Zd*oBtmFzrXc6SQ!1-T@Zdj(Ad5wz8#B6|CN2ytM78v|3r68 zhaKfY!e1maq_zz6i9*{itJ~2?smswwMu5|^@~`pjr`wrQ`|JZ9M^X3}mI*4xlCBDG zeKwoupsXxoP}I0i$^F+%c*o~jO>0CacPIC9j*rdi+jh<1X5yscow$fQjDdB5WWOP|5DOB@$>=Fco82MrzGxQ9<}O@peC0FC@DZMTq+8qYN@-w`mlqr7GLY-}8Y$ zfv{bKO}Ty%9nQc&@@r-J-$C`eQP$+3C(k6vNn9oep2p%2V}R(MQFA=S4R^?dimS=% z_Nm$_lFQQA!T+p(=Rw_tuf)Q`d%~>kJ1=X?Kz&D)rW5Gk5->Yj`|Fcs!h5&Oy$>3w z5ixEgB$i20wbeKXjEIm!lH7S`ZHTR9l2u^icx4??6bt;2gXM^`Bmr_)>jHH-sJfKm zb~a0&PcLTL^$9eqX7bucXetLwjY={id-C+1J`OKc~N#UyJd zC7~#p8)*Id(PE^Pv)3R~Q3S+cxI4r#FyP)xIOR2MVdN<|jAmc1ZPYeW{^A>5v|AM! zStyCiK3@}~a|z&bjY&;C2K5;WLn7a$CDieRI6OA8#Ikf$OcXlQ@R z9bBQy6BEe~JqQ(nZ2YK^{`RZY(uvPGc>I}zg=M9&>|Ps-e^7Z^3=W0-KMA3nVME^v zy7;bNBtx@Bb+Ewl5(;6eG(vX#hO|}6pN)3=Y4Zm%F7OTy@ zf?vPoVJ7!tMseu)Dzqp3b*|2_Wx7TRMC3_G=tw9|$4x$o#s)prJ!r9w+ODj7e|qrs z_u;|iF87h|(DHP9?4gejrJrusP;$tA1{RR$jKUpVSn6r<|Y7ghBYSokvz_roIs5@_BV042%Ol@QRT&c z){a6pmTd}ZY6&HD7Qq5HJM;!Sa+O)#i+#jdcu&?f9Nwp!=+(2%g78TwcQ-;ZLCR$c z7LX@V@5dw~jmmoCP+GE~KJvu%QRHZbWgilCHbX45T^*bekry}r{&h6IR%lEGhbtCg zV+Ur|f3d@NKoij3Qg*c9OkUQQyxH&`+f@238aH6j?By@IveI_t0&pC-#`&f^#q;(K zZ7-HqCaI+Jj%ypH%%r=0j*pIbaNADz!RHi_Wnh|Kcld4P~1ckI;5xu$yC!tozh$u9L~ix!qql79pExA(5C3gF``(eVc{Nj zHMsE<4-5V0X25*?Qcd13i5zi~5qnV7liaA4^P)qgE=mwKe-(Rlk&M5AmFC0-W7m*{ z?XV(o(m6CKj9DKek?g|4hClAdGKHZHZ6*UREet(UC&nbZXp%Q@WjsrDAm@HYFm zCIX=f;2t^7CGikB9R)r0ys$yOM}6;wtNt*DdE>+JX=6v#!_G)i6cQTzKgk8h1AQBe zY6Eh8;LLDU&hKncn}1aiq^@QEdNqkjh>HGZ$8MUCm6U%TspCSymY8DrS@L{FfHjsL z+a`TXR-idt2E>PQElRPHC5onoG)e|PZC+AJ>fL;vn(Qd=sUIUPrua3N|;(0Y=o zRIgg&SW7kMAJ1LEI~kswHyb8H7ad_D8G$C#exB|vYM)nK(o=)KN4t^0$TyA{O@A%P z?pcdHNeQCf$jR^^yTq0xNW#Qne|G@WwyaVN^9jG6@%osVQCv~_?d$n-Vv@|+)STJk z?>v?qkD?i@{)xnW#409Ddr)UYx>=yc){)q36iL@O%ON;f;kTgf0<2#`qN*sGT)wqWuV~Hd;u3onU|2sGzb5cmrn~#RFl9bDAfLpddKSK_IyKbTsV6gh6k5{|!?_;j4DJ zb-sK0?ZT3gYQX{JP1)yJP`ka6pD_OK<{D`xK4-%9Qxf`)v9rT1o!2uKvDm1a1kk*Z zxRyj8^n47-`g&=r#EY)hb#N@Y%=VWPs^DIXQas6f<+-)e*FfcXz(k|tf(H(;nsqIH zLSc+t|Nk5p|7Vf=M4*^Z89X6Chm*?XvT9r()XvYV&ju)x*x=7?kmH#BmAk@wCs7ms zzZ(}97f4VmFkfr~;31H9_$ctp^>(@>sQ+4!}rF7vjE%zplEr@vDC z7G27x4$c-lIe^;eX=oVu3acyVIF=8<{X#KGs74ix+1Pf!`UnZ*Z_H;E^Vpi$cl{B* zaM^V+PK1&_(+I80S_(qLiYil~sRJwU6hC>Rkom-mU!1qMBUi&!sFw8K$nkCCLLv5qeHSeiGjHMzvHB?G$h=yb4AUMP&`~mv@|}1nu|3k=_KFiV^J964DhV_CE2!1(r#pgA6ZFaW8ZF_{?zJ4FX0GvOGnH^ioGO4 zkrMPI=}pUyrM70KkM1w^869@Z=dfpmB@Ti1^{{Y{>~NfS(f|`R2?QqX$Qzv)$fq!N z-8G46=XSQV818_ehe(*1`Zv$}y9SyycppPe`M>$*C&SS>8b@@BSp?dHI5JD_C$oqA za`tkSA9{cMnlGE1_?K;-euSm_E}d^4{2ZKaE$UcrD7kcUSWT*`@y%~<{XvlR2Q zz89xUTCbp5S%DYk*eBR5x0gp4`DWH;e|RMsj)SU!=1Xf8ouVhxOId^}2pkXFve7Fv z8BqMZbdRB(h6y~Nu@&Rwb#D%|`fG+W_w>nrpRVfRCz65kZK5BSe#htq zp(ovJ*dj4*RX~yrdMYUVY~I4c$R37q8pMAwZ=rx)f{n3tzV%MveV8;Y1_8>^4Z2E@ z{;?3~ck(q=#S1@m5K6e~_l?m{QB}kHyu`<)GH@VA4OGF;uuGk-@9*yeI3zqo*IiBg zqm$@-Mo~Q4>Hl4i|L;&|@b-R8-y5cM86`p8^6}mRz}*tMjsk)>x}^ef!G%yx>k%7~ zqg%M7L>>cSB(UmT^cSR_dr$e^&d~vtA|CSP+MM3P#|~L0X(7uJCq6TyAE#G=zD03I zPhvpATUw$a(W(b8!SQBBM|B)G zeO^rQ)22!g!p+WJOw8X(BjXK)wsEPx?M>7C%(C2eJ(+LBm*jcbgW+Tkld}*$baTUg}wDmv_UdLNe)oD_LzvT_c@|8Tp|tPER~VP&&yiqgcy z#p5r&&&pybuvvFOl$aH%-Qk3l9LSMa@_6Ej)E{LH5dBuClkoZ84wd7F{Ji-5;ehDm z7kFi2b4AINZF9T7?Srr?=i&S1?*-hd;(5BJIj{C&pmRoLDy1@MZ7+gr=SS4q$`3X% zQ9x=I3v+SSPhK&$y_a53r4&^`}70+LqPFUf- zBGbNHMB5}mwv{Xd4&`o3Ki`L86M10e5@2i)FJfOQw6sRFwlTn_Cia%5Cbw=|^CoO? zA^h5Q^7=CQ-w)-!;Neie`b{2eH(@N3fw1K-`3y$i@#4OFZc)d`W>eG}ro6Gbhu6&p zkf|ppzgAjfh<`}TE}wTnhs57i)y)1Tt3~r_mabC5#^BRAz{Uh zS+JkdpI&e=^*;pUClPuzamCEm#-=}%ftI@|aF+HjQPjUJR6qZvf0|Fc_odh3?K)~1 zy3KP?xNli)D~Gx^Th;5ZC?#vn+!2j!ohW#fa2g*qX80)H1nN(HYBxJJ7MAz$Tj+b(T1izyI0=Qx_*||aa;V!9K@bz z7I_9WF@Kl+WtAF3|Iqei>GjC$>T`63;f$2Kg(o2rJxj9!CTnaYr6+_S3$q*+Gdk4` zY%-Cuwx~?sd-(JgPBv-g7SJu!!qi%h9cDf&1**6}>w;E%2UNPMj@56(pjt{G8yW8_ zuV9ZFOeEvKB8)K~rql9j5D`F(x~)z*QsMjlfPOlL5IM9aiPa3uuq4($UXe=ssyNyt z%2)5x)G(Mr%yqa0L!Hr{!a!v5R9cgPohXhkzJGFc@NcOztMN-Cy9#a`cXGy%8qD-_ z%molnp?G)^21;Cm6Y&L!a<`ylQiUvZfhpUNJ9DkM6kKukI|l0)aiQ7SLUu!snN+0(9b3a3G`(t9AZ6b#>Z@-6smP%UGCu&Qq=uz#-7hTIIfcGsM z4qlkA2l91b$_wsD9u4WBK2p|_N4)#*3W~4+FOSy${aO!Smi++uN0VjUspCg$;Ysu} z+*Su4lm>GAb^W`NH6Y#hU2z|Mx?TU*35;n)0ZxPMV2?s^(;e!&SNZs(0e}DBy*8^H z3YKBHf9FmsuZ#ZZ%|RgFE6(Jwl(U9x=j_tMrTm&*dHxhsK4<&3!{hpJ_DKzDFQnQv zSl-Y;jOI{etT-Tj4eFA z(Pka|rMka1GXydbBWlDzqsm-m&qClUfZD$zk%C~jb8j4Y0NaM7pc04J?9}g1b%YVp zpu#S}TNfpW0$D;Cf4p0pn;Fi$j$` z1F(kPHkXMMp@d8>g4Pj^4(oOndzd~w9f*BhEPx?K6A~%B+2gX-)yf^3IH<>VHR4y6 zhAX!A27Lh2-mv)VaF|&{9zEt@A`|7h(VAZ)zh^cx$-rbQ80G|8^FEk>+5k zSeBGslOif9#?VYLv(fO=n** zN;EWY$sEYspmJ^+aosO-_mbvJ*t%m%F>4i=sM-xzzeP_xLAfQcrPuHZ^Sx2Ut< zC==|5rF2_Ms<|twku-VBos3s_wJ~kvu72;Bz?49d3u`NWfrhz9WK$5?tc;fm_}dRn zmNIl0D039hu$}^GO%YTva!A(O-ITr(RIXrT76)>%!5hK~Mvq__Tv6p)p>%QCH1~Iy z8fLE0uY21ATMBRlA>z*l3yX<$1q;5!+uv_8KK9XtuJWr6epy|*ujx^5DL%fj$@W~C zxCDQ8J6q)`lca#X)%y5lzRYdP$$_>nTIA{BpkP=BrN2(6zV#2(8N?dZ_(jLn?6DEr z!FQ#@4AP#RGd5=}|Dk}YSEF$FcWd%f;fF~4G0&P92OER?aZAa9DES}#rlVtQ*K1i6 z%Mzbo=&}O(Qo65}YJ=Tki8$F+%Woa8rQ4X$v#lk&o*RzUzm8iK5P9M{3!devC4W1{ z{YZ)^Wiuh8my4y17$@g-mSArYpZ6A`#a6^L9%yXgbNg#-gkM0W>{~mx?j{hlu57gf zcM^g|zr+#6QdE7#&6h%8phirbxctLs`93d@R|~ zyZ3?_jWb3{tl)^AFoA6Zka_0S2UJu@RIY>h(VnUauEXADT>_`FW6?@({{-!T+okQc zwnNu2{ajZfBTiiWcTSWI2ss!H0&~I$U%5jY8n!RFh3dX{q|PTy^B#ylSU` zBy#oFZqA=c2lYQ>eZJn&{3^LtkF?xtNngAjdB}yVU%HkU5Gt8cX`ad3?HV9?mKz^nfo=l*Z{l>joWJVNwG4mOdHJzn8j=<(RKjT5c& zh)O65l1o}64kQoKheY(|*bP!+{vrp=S^Vnyhb+FttMyxh(TDUIcx6(%bq(&Gyq|Op zp6^<_o&+Yr;Kt9DAj539EyeZybiq3St0OKjbpez)D}aLO6r4{m`t9jU$}-&3wG#60 z2~LgcyL7*Ecp1-iqSov9@%@zzGVw(9`^Vpx z)P6I8cf6B5TsBSW}0sZ0Y@1WPnj4%PJ>j12ri)TFIXomjH)DV8oEJKh-c9VjHNQno=#v zCiHNae)MOm+9FO-&&CQG3+PijEfbm?gnj7+Eg>uNqm!gnw3ZwcQ^bo{Va>G{on|Y{ zTsTSkVA2qjD(kxX7ecIt3=ElDHlMqptXTf6+iYpb11tfo2jtMi095J$1fIuI%2$Js zGAX|aXB#lZo&5LtM|-*S4V|9BnNR=E+Wbd~G~@NlCZUidJSP zYYL_kXpF>O{~0PNYU|AvoVW43m2HBqy)d}dplc*z^NA1PHF-1 zl!utRlag-E3~80Pu3#P2MH594V1D9_Py%r(hU`W5Xmt`EglGAu8Hs4IH}1Zw`@QNF ziCW9zF`BBxsriQQ{Y^S0BErPm_|%+Ss16nfJtgw*RT=t0Z4+;yB+17>7hoU(IDd_u z^sZ^EWLWY1s9weY(BbVPDO8gz#o)!q;!hgd!vAnB^OmZA%Re2Q;_KRrdskcV%IH}#Xgs-^YZiA@Dgx`>%3(wPdGBeqP$9B=+ z*?zcJ5peFR+8ZV+LAkfN#i(_DagNb){ZJ;NpR0&r=FvtC_PE3#AR%pYJ3=WTDWE=8 z3EcgfW#k|xVqcqQ=y+)2%UmI@m?iTVboik97~GeGp`|$uF=0LtQWwx4(+Rf>MG$_i zBGP&r+|yE(y~?jB3~FouYR3SjrS7fBuH4jj{44P@hdhTb`Nd*?v-v4i3E0?0#wKT3 zxjbME6K|CiH+>3vwr|}*PDOmJb4xkJY@RM+(sSm;34Jh^`(Bu+Dx>>X5q-`OWuHO@ zjQ8bNDdZb#0nfUu<+p0Ic9>`oqmT-kD3v3k(FtUj%y%-RwgI!^Cp8p9_@jcA^K=?GKFQP>%qQRkshV2+Uf5&Fk2~anDm( zqP}DUJ0KMudX&uxlTrhnQJt|um7fBl^AvgtCYWjR#0Y6I1#AUT^>w<2s7q4kQAmln zMJmge6a$O5GW3y%2;!bm^JzOO|H?}+=mYE!DEpYH_}(Yw^v*a(DEG*#Yb{PT-6%TM z94=(Xa&Y@WP_?65>Z`}vIU3StEwK-9!)5bkaEI~IF_2N4GVDH9%T2#Z8fd|oPj|Kj zsnMd09=4c}0lOolTaDsS7UlB^T!kVDPQJSN(XT#O%k>kiYVOZ&=sUhdh18Zsv|vis z`9>SmfOBm%M4%7UD-Q3lUuV`DyY^h~75sPTdXK*F1$LdertksAO2|J`vw3{UyA62j zAC3k6*7Ip!d|zaLf8SJO^lFwj^uvC8kU9E|F8`A0xo{w3;WN?6?{Dr}rr!F8@S$Dc zYWq|Oyn_Nb#b~Thi3ZO~=>4z3Z#WnpnxALC z0r8oBQ3|Yc%rTb%e2o|Q&)?Mjm$MLh0lG=-pX8~Af#7~J*b(nwnh)+#3k z`Jf2r=5thCYkiE@A@x0XP*WLap8ki0?OI9}hD}J)-TNgmu<^x?ztyk|*lcP?1!R*- zKt`Ba@o%hEN~{cujR0}lvk$V=pzyNODB={E0AFWu>a)^5-&$5e~xV~co zQe3Yl$OxKrZY`^y)g58ekddPd3fS8hOSqGDFvj+k>3)JnsPL0 z^Spwp+d7wbN-q!;OED_Z1}X47T@~$$yBunDCk7V=-|}{l_NIqXM51{7+At?9@g>^B z$VffkafvR7>GEw_GYN1|h-A_7@pjOjaABvDLz!6($9NO_8&4p2XcacBM&6~R6pRG6 zAw;u=)cFhZre`RnX(^CLkyHH0uSFP+OkB3wR8(SZ@hB=&VHcreWj2BkOh-M)We$Gb z<^DDs+u9<5!$Y1!Z1EPN{0kcIOxX}?1|#}`Xon~)VLDaVD}fX~A-(s5M!Bi{zO*;j zH-Q!w_LY4HAv}XYX>glYF49u?PmEJPHG_jB5PZG#E8TQ9t77#r<@a1GUZr8hFuSf! z#~&}C@!@*dBMMm9w4=MHij||OS2N--`lXq7$(kn2ycSP2J#hJ{-)53)bHma>Wg$u3 zuR|_Zmkln*Y5r_~MaL>eaQ0P}>uK|m{5~PRuokH^sa%EfXNQyF%8((itIF3UgJHWZXKv3L zF9q!Jeiw2V9~(L-uGPA7GWeA0;23=NiBLs*Wm1ALjkxjD{-y6NVzxK;mBTR&k6`xaLbV(?TqZP?MHY(+Pj8vKR_n5j zAO;5MMUK*ht#$6P;@q3ZsbhSrGi%C8w6a(e z5F=}$i`eT`AkB2nggp5)fO3?$UR}iXA|L|Ba(US=kh$jYNwTaJzWnq>4kB3Uk*zfh#~;`q03 z&YL`1nbw%xX-j)bFB^hhbuZ(IhCqrDiX(^z>EGrth6?nG-*&Q&9{B`KABijO_=8s_f<7&I+4_42CQzdun!4K-q zpT1u~?+#%hr-~AH8xaVcqqGu-8Q(hwxNOM#HpZ`X+tS7FKL%CZJb!tcz%?rI+-L3d zzkw)In1!1RL0lvf1v0D5fz-*|BnO)0{Ay1OGp^sMv%6*X>bRN#)F^7#s;}?!dbJ^_ zs<0kw6Pmr2a-Q+TDcoETQTJWBsm?`3CxM_8OI<5B7Lm{b_=sv)-hzb|G_i%X$U$Dp+#ib)+S0JrgRt(JT-x7=*j)Hp~3-8N5k4cbbMR@|OYr)UvnippQJ$cMly&BD;OV*Ba^KDTnJO)Z9j+32)V1Y4iZEeAKMd}DmHGbz= zSv@^mg0^okRwO2;WIuf3zU7W=(kMDCW`rphRc5lR<^}YdyOfYp-s?%=SwvNdwiD>8 zlq;|v7T;}Scpbrhssum?urv{wph2t^L?3k4NYW4!%MsDZHi2QqJlKrUA%nL?Rn+wA5EDBq9O!P%rCmTtePkfw&?7J~v2 z@xfo`R6G!kzQ9X=*|dOMdX|j{`mab^fS=hozaA7f8nm2bR4 zmG{!w67To@ePv@(-zFCrP(7$^L5sPei4~ni2viM5Yv_!(d<=33s~Q9&jC;RH>-gpZ z>s&sW`>2VN#Z6t@Z9sWD3svbV=!!*&w#|_fZaDaH@4AWo@7Bg&z4kFpa(nh&qBGC; z6F|z5)nTVk+fEE=1_m~cH$Sg?u7Ys6L@+TmQNAc0s4}?hMA$_(;gRSW@Q$?4Xw`%^ z7C@^jD)iOWZ?%hf9YmvS@p8)`y)Etp89Vg3mltDRm>x;rh&SB7n^>SZ$!rn`>chlw zvjoxT=%YiZ94py5JKxMvU+74Cu75VUz_=VhQ2!|;@NK|^JiJ++@Q1&gO$05ZxEcGq zSV8H`yN^WGZ}g2jr+WO)XdHjIQ$7tycjWGUel24oEsZf{5T@)E*nc(h2eBVN#h`pt zAQkZsMg(`QC;s_yxKf{^Q>%#+hu~tQk8}VO+v3mp?-A}+LM?Th(9y^^jPr6_m($$@ zHcEGY=a=38ILt-l5d_1dIUdtH?+GcPq$bYqR8+7jx(4tbO%_ia#u+fDYI!lJcR~-^ z*+_ct8XkG&Nl5X~I_UM+-BsOBD@gLcn`V6_0A{U&^K9=Q;Tn(oxDR)6kEdN{LI4A{@3E`z5wQI20`sQ_K(3Cv ze&f7;1IGl{2VYmeeE+)yj@<1z>wSE8l|TON(V{7nP8BnyHYy{srJ6;6DLQ z&4ts30l{o<*E&#pT|dWNKc8#sy*BRMHC}^@nVwEuLvETrJi!^faFr9FX8*Hr2K>CI zRrot?fl<|vLqN9v1c2$`+CQK@_WIw|>kxQd0+4qc!Z#*v9-rV(di?-^f#5XRle;rO zZV0bP=-0n{D(Jf}09Gb?;P>b6e!N%iue>bscac zuDd=y6r$h2e=&{w&k*!~5dHnQy1|UVCp~qq3dP>?w4NTcRc$SiD`NF z{ftU50J6PpC%aHY+l=$^x-XOb!1LEu6(%3FoiWkK+{wkc{vMzyv(=gQJ=Xxf6F61) zwC8s1@vQG(Tz1sxyDH|sD0uM(?yyBWhhrvN<^byPDx4e56>_-*&~^b$)qX3kqz_6j z+_SD3@K^l%@2foVlp+MvTW{0b1+IW&e!%|n`tSFAW_5nWV0aXU+t}gje28~&I^fl$ zP~Y=){l77QR-EkHy$vTG!@o^^0My?D`Aw&c&C12VMqB`ab-xvC7sED_oL)@N$wF0J5yTKkFHdbxK?dfF+W<2bBwF85w>J zZYwB*{!TzZ$I40c#umb_xnZ@~{NgniY!`Goi9sVdTQz4S#q2G*dZNlP!4RaiM_j3; z<`dvs&#Rd)Gw7@ zWh7dq5Gw~{ks`3n7+uXKU3T-4`0XFza6@Qkb@{30&@D~Hr23S)8cnh9JZaid6qzA+ z2A9if2?$*`GRJ5zZs2V+B!|Xz_P5PyWd~dN6o#}4HFL&WiPaCMR^iwbAZlQm#T`@( zn|Woe@4(Tb#L6Bn&^mWD`TkO3o}zp8>>eskQ}vu&LOwhz(CyLk_ZK7T-DL~~B?Tg= z2Kw598#$byA6&^7eZCXQNIb_PT8O}(!9uN~Vuq5|5iy1fThk4gb|c%YQemFXtqTF?1ufAMVtOi-- zw?vIUU(x}cx?{4Pemapyq2*JqcE9O*tLCNVbydDkhS^l*Qp?wl(LB-`X~9QEC^+wG zQQmm7DE@UXxJ0#1bHKm1@%hAt3{8RI4Za*o4AIJaW4!&KJYOxX8`Ggsd7IN$x|%gB zH^djYtVm$3;d0_ST_uj$fwbfed!dsG`&Wz=s2~cl4s7jQQ_)=&>vDNg?#Nk$tu!Vl zaY_Oy%kk0vn_mwVlbwpoJzhLkWYt(`DKydp2G+req56s0j2bAvN<%;@y#f)5F0pSX z!4wz+pBy=u(@|$-Y+Ptedc1a-7*;xMU-^dy)m+I|qNULcvnq!t~g5Hgj6c)&yDcE?))d9U1e_Sky{=+iku z^#QdESMWu`8Stdh7h%i~4J|jtx7`()mvHVop!rq(D)aAkz!{~}qHY%MYs*BD`L)Nw z-km`KG7K3V+P9LHv6Y(Jw|aDlB*#)D;3_PmO5#)&T`b}?sjuJg5wST+HiGDMns-#u z*=545drB)mT3mw9<77(BBBk0HylzEo&jj|#w;y@-i~@XbMT$-tJ`VH2*hG2)02Qt^ z;MdLj?pJKP%xMbHewqEFi1_dB*xm+R&n_qLs5Qw#MiZCe9l);k zI5N)fwA_0(b5~?zTVW_X@Ho0ql`?Akv$ajwhT4ZR-r4r*9m6svuYbj^Te$SX!JFzL z(L5gU@-k5-wN%UHy%7gE&L0j>S^onS`l1m6K)X;IriH0rYcszaT)&c7zxoPr8v%Jx zH?X~loG132HH%I28VSDYlhUy*ar1j81HGRIv*BbpS$$i3GNUMc2bIfj02ozI2J{UB zu6{#Qopk}gYX3j@jVYSSj9T%iaDoemB0SD2mY3B_)zt`p{S$~VeCW-!PamOBWJT0#xd}1_2v38@F3?x(BFyw| zYMGGc_%irfIn${Ylc$hz!Bi~j9u(Dq7_AY-^8;5asm;}A;pUFTF2%1M-%P$9=kB=# z@hU@3qc8}^_-Q9t%j=FDSO>HO90Lcre;+Xs*+h#_4Pwu|P;JR)_x9(_Yxn11WVW}R zhq%Gk}ZrRMSh(QLV zBJJ@$gSKKR(iz?=A?w-mw$uAo3=C}gkd3aLJFv5x|gs3dE}=lfd_UN{7CkV;rs z#Fi056u@{G;)=ZCoh50x(XzWtouUZK2(d44dAw2BmWUKKobY_^Zy|+yfu}lByxd;5?nR+pJ?ySph}%5art# ze(*V(PVR{jMMGmFFO14?BUBnpHz4$+xB3$Qu9zIBfA&?|acMvBItSnG+h{H+==ry?eUyvRpWW*|$j=-#id~l5?U`Q5x*5Unmunx9?Dm#uA7zN+{ zjB1xlZNaf|L1ClhVqf-+s`Z(XQ9+q~4wK1Lo^0j|ZcjT+8|m0!A?WKjyS6xzb@U+7 z8F>nb%}yQkU0x)=N>RxKYlC_y(sMHmCIFLxw9}KC-=I|MR+A@gIQ(E3G!y#xC#df? zb4FZOvPzGezV{W3@y4K?Px<_K6Qj-1f(bgjr;uDlORTnw4 zlnKr4MQy_Bis8bFcO`)+TCGm4{3pAxSD1RuKhO<>FG-Bt5c**w3=`CYSUg%Se-ggv z6{~3<5=2f*5m6~6v{Ip7&L3MYvz4@~Obo{{x@-045hXB;i>P~0mifg=QKBKzWLG;M zy*v0uE4fM_L>W3Tz!n&_y*^fUVklMHVL1>RkqvqJ*pZyt5mkAfKD#s#h%RFF@;zz) zUc(80`_e@8vs-gj?IO30AgVabA7c%&RDK{Yyzl~6oL;`7SXUUiALQ+;L9C*~_v;+b z4XJ=iZV1DLM(brPW#b#Ume#a^*cwGNew^G*(&;x5S+0+Rv;$f7P|_9$1EgH~h7-t6 z1L(s`p;H3bOTnsgtPX#tI`QL?$ntluTgoU}vl{kZK-9R?+m@dfY!Fc_wjgyFh#@hd z>H6|&#pRY-wR4V*a(PYapS`XCpnj1`C+E(`h^7~6yCqMqw9Gu{12bubGw7g%wVyO>e|uX!&fsINf0X9&CiO5tl-pW2FABi~bb2 zBqrn>Jp^F`ZXeMz4H+aVK8GimaJanW-2ndc%J-+Y9|3m#!szo~K!yp#)1dBsfHJ=V zfLwvZ@$w=iL_9I_yU2baT*mTW772jj5r22$Nlo3ub71Y_%S?FC1m5$u=NqPEmv$gL zM*;x&m+&OF8sXdo(Ea@WQSv=-k1xd^pizB1^aqq>HMO;feoNEEH}J@a;tNbU83PYU z`Frv5pZniy_)X&M`Sfhf;~NKS`L?{-vN_^8aJs*G=YIzXgWy9;C?>@!Ow1us&XyH| zg|w&cKF`m9d<|$X0oY2%#Xp&N-r5}5SL^ySNfsV$iLx^3%IMOZN=kT3&1gW>Dx-g{9SQGF}Xi3z)NZT zstj-(=c2%A{k~rtorQ)T8P#bX;DGiLeAIIwL;uuwM08MN1Cb3vKm~=Ia!ae`ixS-%E zElJgLy^ZUnU`iB(Gzrx<*V7e<=orLQDC~5R8FoQY!2Bkk+evoS3#+PApHEj{#WrVx zD)ly$TJ3$^a7m9ds~cn`mtaQ<)rn$o=N%nX$z4rEM%ssjl72Cp+dnm%%7_bZvSK_W z!}hgpcd#a{4mu_$P|ZAjY4I@Mwki-qG-!+ETrjGOM<$H1XID#>*QlZJw> zd^VZyxx#s}L7Fvl8reRxOI)Po9{`dFDR{gC*`0OCaWWmjQ#YQ^T4;J}ZYG!&lNl3D zPYS0cTA3%QtVg&_&{F^#(F=-LOfe%|MW;AC!7k%Z+sGr9K&0!v`AWohy2>k)S!MiG z^79vVL%Vm5^$vRldtcbEQFvdDdFb}!SLKDj0*xUcK^W9M+aynJRIGxKJUmDgkt|X} zdEJ#nJPApe%t^B|bEBl7YB+m-d@(ry)1JhsKb(DPxrfImukD%E$)cU zbZx?ebd{zWb^EhKwe_6uD?(z<|D4vHM2j?X{C>F;+Au-Uu3%OA^(~Iz3B+n|g0Rds6r#l%H6Siy zcX~0ZB9gXKW>jlb=8?zc)!YAG9ndS|wKJ(z&5N$s>Y(44+2wPcSTFyJdy7(tF}xBc zEEq&e=0dHG7&eTf!W#-xe!Xu{I~g>)i5GogfIzgc+_2Lj>t|N zZoIO`fMk@`)BQ7ZXtBdm;{U|z@hA+Iy$sfvvXfvkeKgU=CMCaSy$sWTc86${8-{o`jnW zh1$h?g`Vz|X6?y}Kwm^?qzWX!hF5C4! zd;7IV3a;3F_6IW`pZq9GH)ufNWYGf)nCHc z?U1dNI{=V?y8##81+6Tq@%pP#Gm9WGpZ;WJ{CGH~xWm}0qT zi>56(<9M)@M8=_zxSY zv6eF^R@!Tzf3nqh;ls9=Io ze2u{alj`|}{?>K;q|MVNJH1g2LanN+N9863f%Q`hB44sCtPW`KZ3!Dk4XCnpgmHus z7Mi07)I(=y9SCHk5!VvLMAU(0_W3W---Wz*D!zo*va5GTDMZE+TrM3#=WvK8n@MLW z|HvqUSy2;|C&wn5nch&}p%*pqv;ts-c4@o`tLTsX_zL(-enaxu-}f@?PQxeIjA{ow z8C~f4?lMKw!W5~AHfMGV2M9nhjRe@`@2u(G#ut3b4cnu{ZI-?ywuwzg6ed^r2q}zh zQea+*Qzy(tq4@|4{i0YHWni#{ALCuFKzR(|(LnHbn@l9SM6-!pIBa-`upLY4IQq0* zpAz0ez6+r$4Nc>;Ggu3Y%NxX|+@TF)P+#=S-{Jq>F$MK5ku>>}2g^l&hJ^*_zZ91; z$0PCyjpS=rZqA-AHe3@sx~c!Jw%+D5@_haDIDb?3y>nu)m{8b_DYwAB3W1t5;eG!P z3ugDylE+hy3VDZSSzY8?$A&_xLQ4)^ePvR#&m2)`>KbV^od)dhg-i;342Oe0I+aF}e#Y1gPzy3sP#pbg`1Em-%a|^R>sPg~GrX1Nz zX9#{luc3oK)9b72P@@HQyKCf1Qjuk z@rp^H;wJQx|L9p6PoCrwak?rVw8@X~c#23UmK6Ve^fw}o=B;Zn%QxyQ5 zDdw#W*1puLb)ciqIxOCVz7pAQ01JWI2?gGZk40?)dN`YnWJGA0qF(Yo# z=>~ZEZ}@Hn+XzOZz}*=mGy#p1yuO~lAgR)OP8qu_em&ESJ=#WjnHlJ-8ryQ7@( z+aQt^uJ!DZi@wnna*nFgoRRg>9g#dx`zTG3!zFbF!finE6B)&FfKaY!--10nad={` zTZD&8;MJbeIQR2`L7myLfXb6&O0iRMidFZ-mJj5!DPA;TP}WXbPcyo^G9%4wLdMh< zCmctfHmAgGZjnY%hdVyz0E@mK85x;lVg@!JT7CcZE_y)|M5GB53iPYZ&8ln=kj`1& zMR<}p<-b!VdeSD^JFud}@WLWZHUbpLvqtk>ib{F25mJUqm}v1GVKN23Uevk3mTr3z zb{R}aZ_rxMA}wd8v{!4Di}Da z6CW3Ba12b$8S%*tj2oT>A>8|n!dtJa+oE@rPW!tRH&wtnyUFFy220319Bi0XoAiE% zz?o*iLK%R#qalaMDMV(pcj?sv2yVe#uIL|i`Be@|tot}0=U^>pazFFN5G}U*H>rBv zXL1eb^P*Y>Yekbsu5}%2>0L5;H3<%K5%B)4n<1c63D>DW(3oLyvAnyP;!PNxg;K>H zUs=`LNDF?sl4{9W>$j}wB&{f}atwFJVX)H@SdV2+8>JhT8ba+y7)q4+$0;@r&BoKk zl#pz4A~OxFX6KtQZ#Wm#m)Xo8(!VSd8$@skixvnn+98QdOFf{rc-|mLQnml&SIEO) zc;iOLi{4d%BD6ioKE|rr^>)(caJqJ-JY6nQH81>5l=f@Mi$j@0igY_L?>GDJHDb=+ zm+S+e6}9TOXGKM=zOBAzUe1D(X}QNGS=jp8Q35fpeA7m=Mz1rv8u^+!q5@gyKSLGw z1o2O~qnwqYNs6^lXv=~XFMVldI=6oR%nA;BTshZOZ7pio&t`h8*WTJG)|;3*CYo3r zr0gYg&P@mW

    + +Even if you haven't explicitly used a password manager before, there's a chance you've used the one in your browser or your phone without even realizing it. For example: [Firefox Password Manager](https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins), [Google Password Manager](https://passwords.google.com/intro) and [Edge Password Manager](https://support.microsoft.com/en-us/microsoft-edge/save-or-forget-passwords-in-microsoft-edge-b4beecb0-f2a8-1ca0-f26f-9ec247a3f336). + +Desktop platforms also often have a password manager which may help you recover passwords you've forgotten about: + +- Windows [Credential Manager](https://support.microsoft.com/en-us/windows/accessing-credential-manager-1b5c916a-6a16-889f-8581-fc16e8165ac0) +- macOS [Passwords](https://support.apple.com/en-us/HT211145) +- iOS [Passwords](https://support.apple.com/en-us/HT211146) +- Linux, Gnome Keyring, which can be accessed through [Seahorse](https://help.gnome.org/users/seahorse/stable/passwords-view.html.en) or [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager) + +### Email + +If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts. + +## Deleting Old Accounts + +### Log In + +In order to delete your old accounts, you'll need to first make sure you can log in to them. Again, if the account was in your password manager, this step is easy. If not, you can try to guess your password. Failing that, there are typically options to regain access to your account, commonly available through a "forgot password" link on the login page. It may also be possible that accounts you've abandoned have already been deleted—sometimes services prune all old accounts. + +When attempting to regain access, if the site returns an error message saying that email is not associated with an account, or you never receive a reset link after multiple attempts, then you do not have an account under that email address and should try a different one. If you can't figure out which email address you used, or you no longer have access to that email, you can try contacting the service's customer support. Unfortunately, there is no guarantee that you will be able to reclaim access your account. + +### GDPR (EEA residents only) + +Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://www.gdpr.org/regulation/article-17.html) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation. + +### Overwriting Account information + +In some situations where you plan to abandon an account, it may make sense to overwrite the account information with fake data. Once you've made sure you can log in, change all the information in your account to falsified information. The reason for this is that many sites will retain information you previously had even after account deletion. The hope is that they will overwrite the previous information with the newest data you entered. However, there is no guarantee that there won't be backups with the prior information. + +For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../email.md#email-aliasing-services). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails. + +### Delete + +You can check [JustDeleteMe](https://justdeleteme.xyz) for instructions on deleting the account for a specific service. Some sites will graciously have a "Delete Account" option, while others will go as far as to force you to speak with a support agent. The deletion process can vary from site to site, with account deletion being impossible on some. + +For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](multi-factor-authentication.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](../passwords.md) can be useful for this). + +If you're satisfied that all information you care about is removed, you can safely forget about this account. If not, it might be a good idea to keep the credentials stored with your other passwords and occasionally re-login to reset the password. + +Even when you are able to delete an account, there is no guarantee that all your information will be removed. In fact, some companies are required by law to keep certain information, particularly when related to financial transactions. It's mostly out of your control what happens to your data when it comes to websites and cloud services. + +## Avoid New Accounts + +As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! diff --git a/i18n/ku/basics/common-misconceptions.md b/i18n/ku/basics/common-misconceptions.md new file mode 100644 index 00000000..41997417 --- /dev/null +++ b/i18n/ku/basics/common-misconceptions.md @@ -0,0 +1,60 @@ +--- +title: "Common Misconceptions" +icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. +--- + +## "Open-source software is always secure" or "Proprietary software is more secure" + +These myths stem from a number of prejudices, but whether the source code is available and how software is licensed does not inherently affect its security in any way. ==Open-source software has the *potential* to be more secure than proprietary software, but there is absolutely no guarantee this is the case.== When you evaluate software, you should look at the reputation and security of each tool on an individual basis. + +Open-source software *can* be audited by third-parties, and is often more transparent about potential vulnerabilities than proprietary counterparts. It also allows you to review the code and disable any suspicious functionality you find yourself. However, *unless you do so*, there is no guarantee that code has ever been evaluated, especially with smaller software projects. The open development process has also sometimes been exploited to introduce new vulnerabilities into even large projects.[^1] + +On the flip side, proprietary software is less transparent, but that doesn't imply that it's not secure. Major proprietary software projects can be audited internally and by third-party agencies, and independent security researchers can still find vulnerabilities with techniques like reverse engineering. + +To avoid biased decisions, it's *vital* that you evaluate the privacy and security standards of the software you use. + +## "Shifting trust can increase privacy" + +We talk about "shifting trust" a lot when discussing solutions like VPNs (which shift the trust you place in your ISP to the VPN provider). While this protects your browsing data from your ISP *specifically*, the VPN provider you choose still has access to your browsing data: Your data isn't completely secured from all parties. This means that: + +1. You must exercise caution when choosing a provider to shift trust to. +2. You should still use other techniques, like E2EE, to protect your data completely. Merely distrusting one provider to trust another is not securing your data. + +## "Privacy-focused solutions are inherently trustworthy" + +Focusing solely on the privacy policies and marketing of a tool or provider can blind you to its weaknesses. When you're looking for a more private solution, you should determine what the underlying problem is and find technical solutions to that problem. For example, you may want to avoid Google Drive, which gives Google access to all of your data. The underlying problem in this case is lack of E2EE, so you should make sure that the provider you switch to actually implements E2EE, or use a tool (like [Cryptomator](../encryption.md#cryptomator-cloud)) which provides E2EE on any cloud provider. Switching to a "privacy-focused" provider (that doesn't implement E2EE) doesn't solve your problem: it just shifts trust from Google to that provider. + +The privacy policies and business practices of providers you choose are very important, but should be considered secondary to technical guarantees of your privacy: You shouldn't shift trust to another provider when trusting a provider isn't a requirement at all. + +## "Complicated is better" + +We often see people describing privacy threat models that are overly complex. Often, these solutions include problems like many different email accounts or complicated setups with lots of moving parts and conditions. The replies are usually answers to "What is the best way to do *X*?" + +Finding the "best" solution for yourself doesn't necessarily mean you are after an infallible solution with dozens of conditions—these solutions are often difficult to work with realistically. As we discussed previously, security often comes at the cost of convenience. Below, we provide some tips: + +1. ==Actions need to serve a particular purpose:== think about how to do what you want with the fewest actions. +2. ==Remove human failure points:== We fail, get tired, and forget things. To maintain security, avoid relying on manual conditions and processes that you have to remember. +3. ==Use the right level of protection for what you intend.== We often see recommendations of so-called law-enforcement or subpoena-proof solutions. These often require specialist knowledge and generally aren't what people want. There's no point in building an intricate threat model for anonymity if you can be easily de-anonymized by a simple oversight. + +So, how might this look? + +One of the clearest threat models is one where people *know who you are* and one where they do not. There will always be situations where you must declare your legal name and there are others where you don't need to. + +1. **Known identity** - A known identity is used for things where you must declare your name. There are many legal documents and contracts where a legal identity is required. This could range from opening a bank account, signing a property lease, obtaining a passport, customs declarations when importing items, or otherwise dealing with your government. These things will usually lead to credentials such as credit cards, credit rating checks, account numbers, and possibly physical addresses. + + We don't suggest using a VPN or Tor for any of these things, as your identity is already known through other means. + + !!! tip + + When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private. + +2. **Unknown identity** - An unknown identity could be a stable pseudonym that you regularly use. It is not anonymous because it doesn't change. If you're part of an online community, you may wish to retain a persona that others know. This pseudonym isn't anonymous because—if monitored for long enough—details about the owner can reveal further information, such as the way they write, their general knowledge about topics of interest, etc. + + You may wish to use a VPN for this, to mask your IP address. Financial transactions are more difficult to mask: You could consider using anonymous cryptocurrencies, such as [Monero](https://www.getmonero.org/). Employing altcoin shifting may also help to disguise where your currency originated. Typically, exchanges require KYC (know your customer) to be completed before they'll allow you to exchange fiat currency into any kind of cryptocurrency. Local meet-up options may also be a solution; however, those are often more expensive and sometimes also require KYC. + +3. **Anonymous identity** - Even with experience, anonymous identities are difficult to maintain over long periods of time. They should be short-term and short-lived identities which are rotated regularly. + + Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) + +[^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/ku/basics/common-threats.md b/i18n/ku/basics/common-threats.md new file mode 100644 index 00000000..e278c0cb --- /dev/null +++ b/i18n/ku/basics/common-threats.md @@ -0,0 +1,148 @@ +--- +title: "Common Threats" +icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. +--- + +Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. + +- :material-incognito: Anonymity - Shielding your online activity from your real identity, protecting you from people who are trying to uncover *your* identity specifically. +- :material-target-account: Targeted Attacks - Being protected from hackers or other malicious actors who are trying to gain access to *your* data or devices specifically. +- :material-bug-outline: Passive Attacks - Being protected from things like malware, data breaches, and other attacks that are made against many people at once. +- :material-server-network: Service Providers - Protecting your data from service providers (e.g. with E2EE, which renders your data unreadable to the server). +- :material-eye-outline: Mass Surveillance - Protection from government agencies, organizations, websites, and services which work together to track your activities. +- :material-account-cash: Surveillance Capitalism - Protecting yourself from big advertising networks, like Google and Facebook, as well as a myriad of other third-party data collectors. +- :material-account-search: Public Exposure - Limiting the information about you that is accessible online—to search engines or the general public. +- :material-close-outline: Censorship - Avoiding censored access to information or being censored yourself when speaking online. + +Some of these threats may be more important to you than others, depending on your specific concerns. For example, a software developer with access to valuable or critical data may be primarily concerned with :material-target-account: Targeted Attacks, but they probably still want to protect their personal data from being swept up in :material-eye-outline: Mass Surveillance programs. Similarly, many people may be primarily concerned with :material-account-search: Public Exposure of their personal data, but they should still be wary of security-focused issues, such as :material-bug-outline: Passive Attacks—like malware affecting their devices. + +## Anonymity vs. Privacy + +:material-incognito: Anonymity + +Anonymity is often confused with privacy, but they're distinct concepts. While privacy is a set of choices you make about how your data is used and shared, anonymity is the complete disassociation of your online activities from your real identity. + +Whistleblowers and journalists, for example, can have a much more extreme threat model which requires total anonymity. That's not only hiding what they do, what data they have, and not getting hacked by malicious actors or governments, but also hiding who they are entirely. They will often sacrifice any kind of convenience if it means protecting their anonymity, privacy, or security, because their lives could depend on it. Most people don't need to go so far. + +## Security and Privacy + +:material-bug-outline: Passive Attacks + +Security and privacy are also often confused, because you need security to obtain any semblance of privacy: Using tools—even if they're private by design—is futile if they could be easily exploited by attackers who later release your data. However, the inverse isn't necessarily true: The most secure service in the world *isn't necessarily* private. The best example of this is trusting data to Google who, given their scale, have had few security incidents by employing industry-leading security experts to secure their infrastructure. Even though Google provides very secure services, very few people would consider their data private in Google's free consumer products (Gmail, YouTube, etc.) + +When it comes to application security, we generally don't (and sometimes can't) know if the software we use is malicious, or might one day become malicious. Even with the most trustworthy developers, there's generally no guarantee that their software doesn't have a serious vulnerability that could later be exploited. + +To minimize the damage that a malicious piece of software *could* do, you should employ security by compartmentalization. For example, this could come in the form of using different computers for different jobs, using virtual machines to separate different groups of related applications, or using a secure operating system with a strong focus on application sandboxing and mandatory access control. + +!!! tip + + Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources. + + Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../../desktop/#qubes-os). + +:material-target-account: Targeted Attacks + +Targeted attacks against a specific person are more problematic to deal with. Common attacks include sending malicious documents via email, exploiting vulnerabilities (e.g. in browsers and operating systems), and physical attacks. If this is a concern for you, you should employ more advanced threat mitigation strategies. + +!!! tip + + By design, **web browsers**, **email clients**, and **office applications** typically run untrusted code, sent to you from third parties. Running multiple virtual machines—to separate applications like these from your host system, as well as each other—is one technique you can use to mitigate the chance of an exploit in these applications compromising the rest of your system. For example, technologies like Qubes OS or Microsoft Defender Application Guard on Windows provide convenient methods to do this. + +If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, or [Windows (with TPM)](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process). You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) or [Element](https://developers.google.com/android/security/android-ready-se) to rate limit attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems don't encrypt data separately per-user. + +## Privacy From Service Providers + +:material-server-network: Service Providers + +We live in a world where almost everything is connected to the internet. Our "private" messages, emails, and social interactions are typically stored on a server, somewhere. Generally, when you send someone a message it's stored on a server, and when your friend wants to read the message the server will show it to them. + +The obvious problem with this is that the service provider (or a hacker who has compromised the server) can access your conversations whenever and however they want, without you ever knowing. This applies to many common services, like SMS messaging, Telegram, and Discord. + +Thankfully, E2EE can alleviate this issue by encrypting communications between you and your desired recipients before they are even sent to the server. The confidentiality of your messages is guaranteed, assuming the service provider doesn't have access to the private keys of either party. + +!!! note "Note on Web-based Encryption" + + In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../real-time-communication.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering). + + On the other hand, web-based E2EE implementations, such as Proton Mail's webmail or Bitwarden's *Web Vault*, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. A malicious server can target you and send you malicious JavaScript code to steal your encryption key (and it would be extremely hard to notice). Because the server can choose to serve different web clients to different people—even if you noticed the attack—it would be incredibly hard to prove the provider's guilt. + + Therefore, you should use native applications over web clients whenever possible. + +Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all. + +## Mass Surveillance Programs + +:material-eye-outline: Mass Surveillance + +Mass surveillance is the intricate effort to monitor the "behavior, many activities, or information" of an entire (or substantial fraction of a) population.[^1] It often refers to government programs, such as the ones [disclosed by Edward Snowden in 2013](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)). However, it can also be carried out by corporations, either on behalf of government agencies or by their own initiative. + +!!! abstract "Atlas of Surveillance" + + If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org/) by the [Electronic Frontier Foundation](https://www.eff.org/). + + In France you can take a look at the [Technolopolice website](https://technopolice.fr/villes/) maintained by the non-profit association La Quadrature du Net. + +Governments often justify mass surveillance programs as necessary means to combat terrorism and prevent crime. However, breaching human rights, it's most often used to disproportionately target minority groups and political dissidents, among others. + +!!! quote "ACLU: [*The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)" + + In the face of [Edward Snowden's disclosures of government programs such as [PRISM](https://en.wikipedia.org/wiki/PRISM) and [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)], intelligence officials also admitted that the NSA had for years been secretly collecting records about virtually every American’s phone calls — who’s calling whom, when those calls are made, and how long they last. This kind of information, when amassed by the NSA day after day, can reveal incredibly sensitive details about people’s lives and associations, such as whether they have called a pastor, an abortion provider, an addiction counselor, or a suicide hotline. + +Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] + +Online, you can be tracked via a variety of methods: + +- Your IP address +- Browser cookies +- The data you submit to websites +- Your browser or device fingerprint +- Payment method correlation + +\[This list isn't exhaustive]. + +If you're concerned about mass surveillance programs, you can use strategues like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. + +:material-account-cash: Surveillance Capitalism + +> Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] + +For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4] + +Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you. + +## Limiting Public Information + +:material-account-search: Public Exposure + +The best way to keep your data private is simply not making it public in the first place. Deleting unwanted information you find about yourself online is one of the best first steps you can take to regain your privacy. + +- [View our guide on account deletion :material-arrow-right-drop-circle:](account-deletion.md) + +On sites where you do share information, checking the privacy settings of your account to limit how widely that data is spread is very important. For example, enable "private mode" on your accounts if given the option: This ensures that your account isn't being indexed by search engines, and that it can't be viewed without your permission. + +If you've already submitted your real information to sites which shouldn't have it, consider using disinformation tactics, like submitting fictitious information related to that online identity. This makes your real information indistinguishable from the false information. + +## Avoiding Censorship + +:material-close-outline: Censorship + +Censorship online can be carried out (to varying degrees) by actors including totalitarian governments, network administrators, and service providers. These efforts to control communication and restrict access to information will always be incompatible with the human right to Freedom of Expression.[^5] + +Censorship on corporate platforms is increasingly common, as platforms like Twitter and Facebook give in to public demand, market pressures, and pressures from government agencies. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video, or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship. + +People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../real-time-communication.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily. + +!!! tip + + While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic. + + You should consider which aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using [encrypted DNS](../advanced/dns-overview.md#what-is-encrypted-dns) can help you bypass rudimentary, DNS-based censorship systems, but it can't truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from network administrators, but can't hide that you're using those networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you evade firewalls that block common VPN protocols or Tor, but your circumvention attempts can still be detected by methods like probing or [deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection). + +You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. + +[^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). +[^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) +[^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) +[^4]: "[Enumerating badness](https://www.ranum.com/security/computer_security/editorials/dumb/)" (or, "listing all the bad things that we know about"), as many adblockers and antivirus programs do, fails to adequately protect you from new and unknown threats because they have not yet been added to the filter list. You should also employ other mitigation techniques. +[^5]: United Nations: [*Universal Declaration of Human Rights*](https://www.un.org/en/about-us/universal-declaration-of-human-rights). diff --git a/i18n/ku/basics/email-security.md b/i18n/ku/basics/email-security.md new file mode 100644 index 00000000..f0c2fb57 --- /dev/null +++ b/i18n/ku/basics/email-security.md @@ -0,0 +1,41 @@ +--- +title: Email Security +icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. +--- + +Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. + +As a result, email is best used for receiving transactional emails (like notifications, verification emails, password resets, etc.) from the services you sign up for online, not for communicating with others. + +## Email Encryption Overview + +The standard way to add E2EE to emails between different email providers is by using OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) and [OpenPGP.js](https://openpgpjs.org). + +There is another standard which is popular with business called [S/MIME](https://en.wikipedia.org/wiki/S/MIME), however, it requires a certificate issued from a [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority) (not all of them issue S/MIME certificates). It has support in [Google Workplace](https://support.google.com/a/topic/9061730?hl=en&ref_topic=9061731) and [Outlook for Web or Exchange Server 2016, 2019](https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480). + +Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend [instant messengers](../real-time-communication.md) which implement forward secrecy over email for person-to-person communications whenever possible. + +### What Email Clients Support E2EE? + +Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication. + +### How Do I Protect My Private Keys? + +A smartcard (such as a [Yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](https://www.nitrokey.com)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device. + +It is advantageous for the decryption to occur on the smartcard so as to avoid possibly exposing your private key to a compromised device. + +## Email Metadata Overview + +Email metadata is stored in the [message header](https://en.wikipedia.org/wiki/Email#Message_header) of the email message and includes some visible headers that you may have seen such as: `To`, `From`, `Cc`, `Date`, `Subject`. There are also a number of hidden headers included by many email clients and providers that can reveal information about your account. + +Client software may use email metadata to show who a message is from and what time it was received. Servers may use it to determine where an email message must be sent, among [other purposes](https://en.wikipedia.org/wiki/Email#Message_header) which are not always transparent. + +### Who Can View Email Metadata? + +Email metadata is protected from outside observers with [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS) protecting it from outside observers, but it is still able to be seen by your email client software (or webmail) and any servers relaying the message from you to any recipients including your email provider. Sometimes email servers will also use third-party services to protect against spam, which generally also have access to your messages. + +### Why Can't Metadata be E2EE? + +Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. diff --git a/i18n/ku/basics/multi-factor-authentication.md b/i18n/ku/basics/multi-factor-authentication.md new file mode 100644 index 00000000..ae57848d --- /dev/null +++ b/i18n/ku/basics/multi-factor-authentication.md @@ -0,0 +1,165 @@ +--- +title: "Multi-Factor Authentication" +icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. +--- + +**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. + +Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone. + +MFA methods vary in security, but are based on the premise that the more difficult it is for an attacker to gain access to your MFA method, the better. Examples of MFA methods (from weakest to strongest) include SMS, Email codes, app push notifications, TOTP, Yubico OTP and FIDO. + +## MFA Method Comparison + +### SMS or Email MFA + +Receiving OTP codes via SMS or email are one of the weaker ways to secure your accounts with MFA. Obtaining a code by email or SMS takes away from the "something you *have*" idea, because there are a variety of ways a hacker could [take over your phone number](https://en.wikipedia.org/wiki/SIM_swap_scam) or gain access to your email without having physical access to any of your devices at all. If an unauthorized person gained access to your email, they would be able to use that access to both reset your password and receive the authentication code, giving them full access to your account. + +### Push Notifications + +Push notification MFA takes the form of a message being sent to an app on your phone asking you to confirm new account logins. This method is a lot better than SMS or email, since an attacker typically wouldn't be able to get these push notifications without having an already logged-in device, which means they would need to compromise one of your other devices first. + +We all make mistakes, and there is the risk that you might accept the login attempt by accident. Push notification login authorizations are typically sent to *all* your devices at once, widening the availability of the MFA code if you have many devices. + +The security of push notification MFA is dependent on both the quality of the app, the server component and the trust of the developer who produces it. Installing an app may also require you to accept invasive privileges that grant access to other data on your device. An individual app also requires that you have a specific app for each service which may not require a password to open, unlike a good TOTP generator app. + +### Time-based One-time Password (TOTP) + +TOTP is one of the most common forms of MFA available. When you set up TOTP, you are generally required to scan a [QR Code](https://en.wikipedia.org/wiki/QR_code) which establishes a "[shared secret](https://en.wikipedia.org/wiki/Shared_secret)" with the service that you intend to use. The shared secret is secured inside of the authenticator app's data, and is sometimes protected by a password. + +The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes. + +If you have a hardware security key with TOTP support (such as a YubiKey with [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/)), we recommend that you store your "shared secrets" on the hardware. Hardware such as the YubiKey was developed with the intention of making the "shared secret" difficult to extract and copy. A YubiKey is also not connected to the Internet, unlike a phone with a TOTP app. + +Unlike [WebAuthn](#fido-fast-identity-online), TOTP offers no protection against [phishing](https://en.wikipedia.org/wiki/Phishing) or reuse attacks. If an adversary obtains a valid code from you, they may use it as many times as they like until it expires (generally 60 seconds). + +An adversary could set up a website to imitate an official service in an attempt to trick you into giving out your username, password and current TOTP code. If the adversary then uses those recorded credentials they may be able to log into the real service and hijack the account. + +Although not perfect, TOTP is secure enough for most people, and when [hardware security keys](../multi-factor-authentication.md#hardware-security-keys) are not supported [authenticator apps](../multi-factor-authentication.md#authenticator-apps) are still a good option. + +### Hardware security keys + +The YubiKey stores data on a tamper-resistant solid-state chip which is [impossible to access](https://security.stackexchange.com/a/245772) non-destructively without an expensive process and a forensics laboratory. + +These keys are generally multi-function and provide a number of methods to authenticate. Below are the most common ones. + +#### Yubico OTP + +Yubico OTP is an authentication protocol typically implemented in hardware security keys. When you decide to use Yubico OTP, the key will generate a public ID, private ID, and a Secret Key which is then uploaded to the Yubico OTP server. + +When logging into a website, all you need to do is to physically touch the security key. The security key will emulate a keyboard and print out a one-time password into the password field. + +The service will then forward the one-time password to the Yubico OTP server for validation. A counter is incremented both on the key and Yubico's validation server. The OTP can only be used once, and when a successful authentication occurs, the counter is increased which prevents reuse of the OTP. Yubico provides a [detailed document](https://developers.yubico.com/OTP/OTPs_Explained.html) about the process. + +
    + ![Yubico OTP](../assets/img/multi-factor-authentication/yubico-otp.png) +
    + +There are some benefits and disadvantages to using Yubico OTP when compared to TOTP. + +The Yubico validation server is a cloud based service, and you're placing trust in Yubico that they are storing data securely and not profiling you. The public ID associated with Yubico OTP is reused on every website and could be another avenue for third-parties to profile you. Like TOTP, Yubico OTP does not provide phishing resistance. + +If your threat model requires you to have different identities on different websites, **do not** use Yubico OTP with the same hardware security key across those websites as public ID is unique to each security key. + +#### FIDO (Fast IDentity Online) + +[FIDO](https://en.wikipedia.org/wiki/FIDO_Alliance) includes a number of standards, first there was U2F and then later [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) which includes the web standard [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). + +U2F and FIDO2 refer to the [Client to Authenticator Protocol](https://en.wikipedia.org/wiki/Client_to_Authenticator_Protocol), which is the protocol between the security key and the computer, such as a laptop or phone. It complements WebAuthn which is the component used to authenticate with the website (the "Relying Party") you're trying to log in on. + +WebAuthn is the most secure and private form of second factor authentication. While the authentication experience is similar to Yubico OTP, the key does not print out a one-time password and validate with a third-party server. Instead, it uses [public key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) for authentication. + +
    + ![FIDO](../assets/img/multi-factor-authentication/fido.png) +
    + +When you create an account, the public key is sent to the service, then when you log in, the service will require you to "sign" some data with your private key. The benefit of this is that no password data is ever stored by the service, so there is nothing for an adversary to steal. + +This presentation discusses the history of password authentication, the pitfalls (such as password reuse), and discussion of FIDO2 and [WebAuthn](https://webauthn.guide) standards. + +
    + +
    + +FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods. + +Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy. + +Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys. + +If a website or service supports WebAuthn for the authentication, it is highly recommended that you use it over any other form of MFA. + +## General Recommendations + +We have these general recommendations: + +### Which Method Should I Use? + +When configuring your MFA method, keep in mind that it is only as secure as your weakest authentication method you use. This means it is important that you only use the best MFA method available. For instance, if you are already using TOTP, you should disable email and SMS MFA. If you are already using FIDO2/WebAuthn, you should not be using Yubico OTP or TOTP on your account. + +### Backups + +You should always have backups for your MFA method. Hardware security keys can get lost, stolen or simply stop working over time. It is recommended that you have a pair of hardware security keys with the same access to your accounts instead of just one. + +When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g. [VeraCrypt](../encryption.md#veracrypt)). + +### Initial Set Up + +When buying a security key, it is important that you change the default credentials, set up password protection for the key, and enable touch confirmation if your key supports it. Products such as the YubiKey have multiple interfaces with separate credentials for each one of them, so you should go over each interface and set up protection as well. + +### Email and SMS + +If you have to use email for MFA, make sure that the email account itself is secured with a proper MFA method. + +If you use SMS MFA, use a carrier who will not switch your phone number to a new SIM card without account access, or use a dedicated VoIP number from a provider with similar security to avoid a [SIM swap attack](https://en.wikipedia.org/wiki/SIM_swap_scam). + +[MFA tools we recommend](../multi-factor-authentication.md ""){.md-button} + +## More Places to Set Up MFA + +Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well. + +### Windows + +Yubico has a dedicated [Credential Provider](https://docs.microsoft.com/en-us/windows/win32/secauthn/credential-providers-in-windows) that adds Challenge-Response authentication for the username + password login flow for local Windows accounts. If you have a YubiKey with Challenge-Response authentication support, take a look at the [Yubico Login for Windows Configuration Guide](https://support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide), which will allow you to set up MFA on your Windows computer. + +### macOS + +macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer. + +Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/en-us/articles/360016649059) which can help you set up your YubiKey on macOS. + +After your smartcard/security key is set up, we recommend running this command in the Terminal: + +```text +sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES +``` + +The command will prevent an adversary from bypassing MFA when the computer boots. + +### Linux + +!!! warning + + If the hostname of your system changes (such as due to DHCP), you would be unable to login. It is vital that you set up a proper hostname for your computer before following this guide. + +The `pam_u2f` module on Linux can provide two-factor authentication for logging in on most popular Linux distributions. If you have a hardware security key that supports U2F, you can set up MFA authentication for your login. Yubico has a guide [Ubuntu Linux Login Guide - U2F](https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) which should work on any distribution. The package manager commands—such as `apt-get`—and package names may however differ. This guide does **not** apply to Qubes OS. + +### Qubes OS + +Qubes OS has support for Challenge-Response authentication with YubiKeys. If you have a YubiKey with Challenge-Response authentication support, take a look at the Qubes OS [YubiKey documentation](https://www.qubes-os.org/doc/yubikey/) if you want to set up MFA on Qubes OS. + +### SSH + +#### Hardware Security Keys + +SSH MFA could be set up using multiple different authentication methods that are popular with hardware security keys. We recommend that you check out Yubico's [documentation](https://developers.yubico.com/SSH/) on how to set this up. + +#### Time-based One-time Password (TOTP) + +SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How To Set Up Multi-Factor Authentication for SSH on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Most things should be the same regardless of distribution, however the package manager commands—such as `apt-get`—and package names may differ. + +### KeePass (and KeePassXC) + +KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. diff --git a/i18n/ku/basics/passwords-overview.md b/i18n/ku/basics/passwords-overview.md new file mode 100644 index 00000000..6858d8b5 --- /dev/null +++ b/i18n/ku/basics/passwords-overview.md @@ -0,0 +1,111 @@ +--- +title: "Introduction to Passwords" +icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. +--- + +Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. + +## Best Practices + +### Use unique passwords for every service + +Imagine this; you sign up for an account with the same e-mail and password on multiple online services. If one of those service providers is malicious, or their service has a data breach that exposes your password in an unencrypted format, all a bad actor would have to do is try that e-mail and password combination across multiple popular services until they get a hit. It doesn't matter how strong that one password is, because they already have it. + +This is called [credential stuffing](https://en.wikipedia.org/wiki/Credential_stuffing), and it is one of the most common ways that your accounts can be compromised by bad actors. To avoid this, make sure that you never re-use your passwords. + +### Use randomly generated passwords + +==You should **never** rely on yourself to come up with a good password.== We recommend using [randomly generated passwords](#passwords) or [diceware passphrases](#diceware-passphrases) with sufficient entropy to protect your accounts and devices. + +All of our [recommended password managers](../passwords.md) include a built-in password generator that you can use. + +### Rotating Passwords + +You should avoid changing passwords that you have to remember (such as your password manager's master password) too often unless you have reason to believe it has been compromised, as changing it too often exposes you to the risk of forgetting it. + +When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multi-factor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage. + +!!! tip "Checking for data breaches" + + If your password manager lets you check for compromised passwords, make sure to do so and promptly change any password that may have been exposed in a data breach. Alternatively, you could follow [Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches) with the help of a [news aggregator](../news-aggregators.md). + +## Creating strong passwords + +### Passwords + +A lot of services impose certain criteria when it comes to passwords, including a minimum or maximum length, as well as which special characters, if any, can be used. You should use your password manager's built-in password generator to create passwords that are as long and complex as the service will allow by including capitalized and lowercase letters, numbers and special characters. + +If you need a password you can memorize, we recommend a [diceware passphrase](#diceware-passphrases). + +### Diceware Passphrases + +Diceware is a method for creating passphrases which are easy to remember, but hard to guess. + +Diceware passphrases are a great option when you need to memorize or manually input your credentials, such as for your password manager's master password or your device's encryption password. + +An example of a diceware passphrase is `viewable fastness reluctant squishy seventeen shown pencil`. + +To generate a diceware passphrase using real dice, follow these steps: + +!!! note + + These instructions assume that you are using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy. + +1. Roll a six-sided die five times, noting down the number after each roll. + +2. As an example, let's say you rolled `2-5-2-6-6`. Look through the [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) for the word that corresponds to `25266`. + +3. You will find the word `encrypt`. Write that word down. + +4. Repeat this process until your passphrase has as many words as you need, which you should separate with a space. + +!!! warning "Important" + + You should **not** re-roll words until you get a combination of words that appeal to you. The process should be completely random. + +If you don't have access to or would prefer to not use real dice, you can use your password manager's built-in password generator, as most of them have the option to generate diceware passphrases in addition to regular passwords. + +We recommend using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate your diceware passphrases, as it offers the exact same security as the original list, while containing words that are easier to memorize. There are also [other wordlists in different languages](https://theworld.com/~reinhold/diceware.html#Diceware%20in%20Other%20Languages|outline), if you do not want your passphrase to be in English. + +??? note "Explanation of entropy and strength of diceware passphrases" + + To demonstrate how strong diceware passphrases are, we'll use the aforementioned seven word passphrase (`viewable fastness reluctant squishy seventeen shown pencil`) and [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) as an example. + + One metric to determine the strength of a diceware passphrase is how much entropy it has. The entropy per word in a diceware passphrase is calculated as $\text{log}_2(\text{WordsInList})$ and the overall entropy of the passphrase is calculated as $\text{log}_2(\text{WordsInList}^\text{WordsInPhrase})$. + + Therefore, each word in the aforementioned list results in ~12.9 bits of entropy ($\text{log}_2(7776)$), and a seven word passphrase derived from it has ~90.47 bits of entropy ($\text{log}_2(7776^7)$). + + The [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) contains 7776 unique words. To calculate the amount of possible passphrases, all we have to do is $\text{WordsInList}^\text{WordsInPhrase}$, or in our case, $7776^7$. + + Let's put all of this in perspective: A seven word passphrase using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) is one of ~1,719,070,799,748,422,500,000,000,000 possible passphrases. + + On average, it takes trying 50% of all the possible combinations to guess your phrase. With that in mind, even if your adversary is capable of ~1,000,000,000,000 guesses per second, it would still take them ~27,255,689 years to guess your passphrase. That is the case even if the following things are true: + + - Your adversary knows that you used the diceware method. + - Your adversary knows the specific wordlist that you used. + - Your adversary knows how many words your passphrase contains. + +To sum it up, diceware passphrases are your best option when you need something that is both easy to remember *and* exceptionally strong. + +## Storing Passwords + +### Password Managers + +The best way to store your passwords is by using a password manager. They allow you to store your passwords in a file or in the cloud and protect them with a single master password. That way, you will only have to remember one strong password, which lets you access the rest of them. + +There are many good options to choose from, both cloud-based and local. Choose one of our recommended password managers and use it to establish strong passwords across all of your accounts. We recommend securing your password manager with a [diceware passphrase](#diceware-passphrases) comprised of at least seven words. + +[List of recommended password managers](../passwords.md ""){.md-button} + +!!! warning "Don't place your passwords and TOTP tokens inside the same password manager" + + When using TOTP codes as [multi-factor authentication](../multi-factor-authentication.md), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md#authenticator-apps). + + Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager. + + Furthermore, we do not recommend storing single-use recovery codes in your password manager. Those should be stored separately such as in an encrypted container on an offline storage device. + +### Backups + +You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. diff --git a/i18n/ku/basics/threat-modeling.md b/i18n/ku/basics/threat-modeling.md new file mode 100644 index 00000000..fc1b3b41 --- /dev/null +++ b/i18n/ku/basics/threat-modeling.md @@ -0,0 +1,110 @@ +--- +title: "Threat Modeling" +icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. +--- + +Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! + +If you wanted to use the **most** secure tools available, you'd have to sacrifice *a lot* of usability. And, even then, ==nothing is ever fully secure.== There's **high** security, but never **full** security. That's why threat models are important. + +**So, what are these threat models, anyway?** + +==A threat model is a list of the most probable threats to your security and privacy endeavors.== Since it's impossible to protect yourself against **every** attack(er), you should focus on the **most probable** threats. In computer security, a threat is an event that could undermine your efforts to stay private and secure. + +Focusing on the threats that matter to you narrows down your thinking about the protection you need, so you can choose the tools that are right for the job. + +## Creating Your Threat Model + +To identify what could happen to the things you value and determine from whom you need to protect them, you should answer these five questions: + +1. What do I want to protect? +2. Who do I want to protect it from? +3. How likely is it that I will need to protect it? +4. How bad are the consequences if I fail? +5. How much trouble am I willing to go through to try to prevent potential consequences? + +### What do I want to protect? + +An “asset” is something you value and want to protect. In the context of digital security, ==an asset is usually some kind of information.== For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices themselves may also be assets. + +*Make a list of your assets: data that you keep, where it's kept, who has access to it, and what stops others from accessing it.* + +### Who do I want to protect it from? + +To answer this question, it's important to identify who might want to target you or your information. ==A person or entity that poses a threat to your assets is an “adversary”.== Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network. + +*Make a list of your adversaries or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.* + +Depending on who your adversaries are, under some circumstances, this list might be something you want to destroy after you're done security planning. + +### How likely is it that I will need to protect it? + +==Risk is the likelihood that a particular threat against a particular asset will actually occur.== It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low. + +It is important to distinguish between what might happen and the probability it may happen. For instance, there is a threat that your building might collapse, but the risk of this happening is far greater in San Francisco (where earthquakes are common) than in Stockholm (where they are not). + +Assessing risks is both a personal and subjective process. Many people find certain threats unacceptable, no matter the likelihood they will occur, because the mere presence of the threat is not worth the cost. In other cases, people disregard high risks because they don't view the threat as a problem. + +*Write down which threats you are going to take seriously, and which may be too rare or too harmless (or too difficult to combat) to worry about.* + +### How bad are the consequences if I fail? + +There are many ways that an adversary could gain access to your data. For example, an adversary can read your private communications as they pass through the network, or they can delete or corrupt your data. + +==The motives of adversaries differ widely, as do their tactics.== A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing. + +Security planning involves understanding how bad the consequences could be if an adversary successfully gains access to one of your assets. To determine this, you should consider the capability of your adversary. For example, your mobile phone provider has access to all of your phone records. A hacker on an open Wi-Fi network can access your unencrypted communications. Your government might have stronger capabilities. + +*Write down what your adversary might want to do with your private data.* + +### How much trouble am I willing to go through to try to prevent potential consequences? + +==There is no perfect option for security.== Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy. + +For example, an attorney representing a client in a national security case may be willing to go to greater lengths to protect communications about that case, such as using encrypted email, than a mother who regularly emails her daughter funny cat videos. + +*Write down what options you have available to you to help mitigate your unique threats. Note if you have any financial constraints, technical constraints, or social constraints.* + +### Try it yourself: Protecting Your Belongings + +These questions can apply to a wide variety of situations, online and offline. As a generic demonstration of how these questions work, let's build a plan to keep your house and possessions safe. + +**What do you want to protect? (Or, *what do you have that is worth protecting?*)** +: + +Your assets might include jewelry, electronics, important documents, or photos. + +**Who do you want to protect it from?** +: + +Your adversaries might include burglars, roommates, or guests. + +**How likely is it that you will need to protect it?** +: + +Does your neighborhood have a history of burglaries? How trustworthy are your roommates or guests? What are the capabilities of your adversaries? What are the risks you should consider? + +**How bad are the consequences if you fail?** +: + +Do you have anything in your house that you cannot replace? Do you have the time or money to replace those things? Do you have insurance that covers goods stolen from your home? + +**How much trouble are you willing to go through to prevent these consequences?** +: + +Are you willing to buy a safe for sensitive documents? Can you afford to buy a high-quality lock? Do you have time to open a security box at your local bank and keep your valuables there? + +Only once you have asked yourself these questions will you be in a position to assess what measures to take. If your possessions are valuable, but the probability of a break-in is low, then you may not want to invest too much money in a lock. But, if the probability of a break-in is high, you'll want to get the best lock on the market and consider adding a security system. + +Making a security plan will help you to understand the threats that are unique to you and to evaluate your assets, your adversaries, and your adversaries' capabilities, along with the likelihood of risks you face. + +## Further Reading + +For people looking to increase their privacy and security online, we've compiled a list of common threats our visitors face or goals our visitors have, to give you some inspiration and demonstrate the basis of our recommendations. + +- [Common Goals and Threats :material-arrow-right-drop-circle:](common-threats.md) + +## Sources + +- [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) diff --git a/i18n/ku/basics/vpn-overview.md b/i18n/ku/basics/vpn-overview.md new file mode 100644 index 00000000..a1a007f5 --- /dev/null +++ b/i18n/ku/basics/vpn-overview.md @@ -0,0 +1,77 @@ +--- +title: VPN Overview +icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. +--- + +Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). + +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). + +A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. + +## Should I use a VPN? + +**Yes**, unless you are already using Tor. A VPN does two things: shifting the risks from your Internet Service Provider to itself and hiding your IP from a third-party service. + +VPNs cannot encrypt data outside of the connection between your device and the VPN server. VPN providers can see and modify your traffic the same way your ISP could. And there is no way to verify a VPN provider's "no logging" policies in any way. + +However, they do hide your actual IP from a third-party service, provided that there are no IP leaks. They help you blend in with others and mitigate IP based tracking. + +## When shouldn't I use a VPN? + +Using a VPN in cases where you're using your [known identity](common-threats.md#common-misconceptions) is unlikely be useful. + +Doing so may trigger spam and fraud detection systems, such as if you were to log into your bank's website. + +## What about encryption? + +Encryption offered by VPN providers are between your devices and their servers. It guarantees that this specific link is secure. This is a step up from using unencrypted proxies where an adversary on the network can intercept the communications between your devices and said proxies and modify them. However, encryption between your apps or browsers with the service providers are not handled by this encryption. + +In order to keep what you actually do on the websites you visit private and secure, you must use HTTPS. This will keep your passwords, session tokens, and queries safe from the VPN provider. Consider enabling "HTTPS everywhere" in your browser to mitigate downgrade attacks like [SSL Strip](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf). + +## Should I use encrypted DNS with a VPN? + +Unless your VPN provider hosts the encrypted DNS servers, **no**. Using DOH/DOT (or any other form of encrypted DNS) with third-party servers will simply add more entities to trust and does **absolutely nothing** to improve your privacy/security. Your VPN provider can still see which websites you visit based on the IP addresses and other methods. Instead of just trusting your VPN provider, you are now trusting both the VPN provider and the DNS provider. + +A common reason to recommend encrypted DNS is that it helps against DNS spoofing. However, your browser should already be checking for [TLS certificates](https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates) with **HTTPS** and warn you about it. If you are not using **HTTPS**, then an adversary can still just modify anything other than your DNS queries and the end result will be little different. + +Needless to say, **you shouldn't use encrypted DNS with Tor**. This would direct all of your DNS requests through a single circuit and would allow the encrypted DNS provider to deanonymize you. + +## Should I use Tor *and* a VPN? + +By using a VPN with Tor, you're creating essentially a permanent entry node, often with a money trail attached. This provides zero additional benefits to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. [Read more about Tor bridges and why using a VPN is not necessary](../advanced/tor-overview.md). + +## What if I need anonymity? + +VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead. + +## What about VPN providers that provide Tor nodes? + +Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit). + +The feature should be viewed as a convenient way to access the Tor Network, not to stay anonymous. For proper anonymity, use the Tor Browser, TorSocks, or a Tor gateway. + +## When are VPNs useful? + +A VPN may still be useful to you in a variety of scenarios, such as: + +1. Hiding your traffic from **only** your Internet Service Provider. +1. Hiding your downloads (such as torrents) from your ISP and anti-piracy organizations. +1. Hiding your IP from third-party websites and services, preventing IP based tracking. + +For situations like these, or if you have another compelling reason, the VPN providers we listed above are who we think are the most trustworthy. However, using a VPN provider still means you're *trusting* the provider. In pretty much any other scenario you should be using a secure**-by-design** tool such as Tor. + +## Sources and Further Reading + +1. [VPN - a Very Precarious Narrative](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) by Dennis Schubert +1. [Tor Network Overview](../advanced/tor-overview.md) +1. [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides) +1. ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing by helping individuals decide if a VPN is right for them. + +## Related VPN Information + +- [The Trouble with VPN and Privacy Review Sites](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/) +- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) +- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) +- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) diff --git a/i18n/ku/calendar.md b/i18n/ku/calendar.md new file mode 100644 index 00000000..bbcb033a --- /dev/null +++ b/i18n/ku/calendar.md @@ -0,0 +1,70 @@ +--- +title: "Calendar Sync" +icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. +--- + +Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. + +## Tutanota + +!!! recommendation + + ![Tutanota logo](assets/img/calendar/tutanota.svg#only-light){ align=right } + ![Tutanota logo](assets/img/calendar/tutanota-dark.svg#only-dark){ align=right } + + **Tutanota** offers a free and encrypted calendar across their supported platforms. Features include: automatic E2EE of all data, sharing features, import/export functionality, multi-factor authentication, and [more](https://tutanota.com/calendar-app-comparison/). + + Multiple calendars and extended sharing functionality is limited to paid subscribers. + + [:octicons-home-16: Homepage](https://tutanota.com/calendar){ .md-button .md-button--primary } + [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://tutanota.com/faq){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" } + [:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota) + - [:simple-appstore: App Store](https://apps.apple.com/us/app/tutanota/id922429609) + - [:simple-windows11: Windows](https://tutanota.com/blog/posts/desktop-clients/) + - [:simple-apple: macOS](https://tutanota.com/blog/posts/desktop-clients/) + - [:simple-linux: Linux](https://tutanota.com/blog/posts/desktop-clients/) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/com.tutanota.Tutanota) + - [:octicons-browser-16: Web](https://mail.tutanota.com/) + +## Proton Calendar + +!!! recommendation + + ![Proton](assets/img/calendar/proton-calendar.svg){ align=right } + + **Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include: automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide). Those on the free tier get access to a single calendar, whereas paid subscribers can create up to 20 calendars. Extended sharing functionality is also limited to paid subscribers. + + [:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary } + [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://proton.me/support/proton-calendar-guide){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.calendar) + - [:octicons-browser-16: Web](https://calendar.proton.me) + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Minimum Qualifications + +- Must sync and store information with E2EE to ensure data is not visible to the service provider. + +### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Should integrate with native OS calendar and contact management apps if applicable. diff --git a/i18n/ku/cloud.md b/i18n/ku/cloud.md new file mode 100644 index 00000000..2bcc2596 --- /dev/null +++ b/i18n/ku/cloud.md @@ -0,0 +1,60 @@ +--- +title: "Cloud Storage" +icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! +--- + +Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. + +If these alternatives do not fit your needs, we suggest you look into [Encryption Software](encryption.md). + +??? question "Looking for Nextcloud?" + + Nextcloud is [still a recommended tool](productivity.md) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do not recommend Nextcloud's built-in E2EE functionality for home users. + +## Proton Drive + +!!! recommendation + + ![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right } + + **Proton Drive** is an E2EE general file storage service by the popular encrypted email provider [Proton Mail](https://proton.me/mail). + + [:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary } + [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://proton.me/support/drive){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) + + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Minimum Requirements + +- Must enforce end-to-end encryption. +- Must offer a free plan or trial period for testing. +- Must support TOTP or FIDO2 multi-factor authentication, or Passkey logins. +- Must offer a web interface which supports basic file management functionality. +- Must allow for easy exports of all files/documents. +- Must use standard, audited encryption. + +### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Clients should be open-source. +- Clients should be audited in their entirety by an independent third-party. +- Should offer native clients for Linux, Android, Windows, macOS, and iOS. + - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. +- Should support easy file-sharing with other users. +- Should offer at least basic file preview and editing functionality on the web interface. diff --git a/i18n/ku/cryptocurrency.md b/i18n/ku/cryptocurrency.md new file mode 100644 index 00000000..ba06ba1e --- /dev/null +++ b/i18n/ku/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/ku/data-redaction.md b/i18n/ku/data-redaction.md new file mode 100644 index 00000000..961594a8 --- /dev/null +++ b/i18n/ku/data-redaction.md @@ -0,0 +1,145 @@ +--- +title: "Data and Metadata Redaction" +icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. +--- + +When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. + +## Desktop + +### MAT2 + +!!! recommendation + + ![MAT2 logo](assets/img/data-redaction/mat2.svg){ align=right } + + **MAT2** is free software, which allows the metadata to be removed from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an [extension for Nautilus](https://0xacab.org/jvoisin/mat2/-/tree/master/nautilus), the default file manager of [GNOME](https://www.gnome.org), and [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin), the default file manager of [KDE](https://kde.org). + + On Linux, a third-party graphical tool [Metadata Cleaner](https://gitlab.com/rmnvgr/metadata-cleaner) powered by MAT2 exists and is [available on Flathub](https://flathub.org/apps/details/fr.romainvigier.MetadataCleaner). + + [:octicons-repo-16: Repository](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary } + [:octicons-info-16:](https://0xacab.org/jvoisin/mat2/-/blob/master/README.md){ .card-link title=Documentation} + [:octicons-code-16:](https://0xacab.org/jvoisin/mat2){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-windows11: Windows](https://pypi.org/project/mat2) + - [:simple-apple: macOS](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew) + - [:simple-linux: Linux](https://pypi.org/project/mat2) + - [:octicons-globe-16: Web](https://0xacab.org/jvoisin/mat2#web-interface) + +## Mobile + +### ExifEraser (Android) + +!!! recommendation + + ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ align=right } + + **ExifEraser** is a modern, permissionless image metadata erasing application for Android. + + It currently supports JPEG, PNG and WebP files. + + [:octicons-repo-16: Repository](https://github.com/Tommy-Geenexus/exif-eraser){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/Tommy-Geenexus/exif-eraser#readme){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/Tommy-Geenexus/exif-eraser){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.none.tom.exiferaser) + - [:octicons-moon-16: Accrescent](https://accrescent.app/app/com.none.tom.exiferaser) + - [:simple-github: GitHub](https://github.com/Tommy-Geenexus/exif-eraser/releases) + +The metadata that is erased depends on the image's file type: + +* **JPEG**: ICC Profile, Exif, Photoshop Image Resources and XMP/ExtendedXMP metadata will be erased if it exists. +* **PNG**: ICC Profile, Exif and XMP metadata will be erased if it exists. +* **WebP**: ICC Profile, Exif and XMP metadata will be erased if it exists. + +After processing the images, ExifEraser provides you with a full report about what exactly was removed from each image. + +The app offers multiple ways to erase metadata from images. Namely: + +* You can share an image from another application with ExifEraser. +* Through the app itself, you can select a single image, multiple images at once, or even an entire directory. +* It features a "Camera" option, which uses your operating system's camera app to take a photo, and then it removes the metadata from it. +* It allows you to drag photos from another app into ExifEraser when they are both open in split-screen mode. +* Lastly, it allows you to paste an image from your clipboard. + +### Metapho (iOS) + +!!! recommendation + + ![Metapho logo](assets/img/data-redaction/metapho.jpg){ align=right } + + **Metapho** is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location. + + [:octicons-home-16: Homepage](https://zininworks.com/metapho){ .md-button .md-button--primary } + [:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Privacy Policy" } + + ??? downloads + + - [:simple-appstore: App Store](https://apps.apple.com/us/app/metapho/id914457352) + +### PrivacyBlur + +!!! recommendation + + ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ align=right } + + **PrivacyBlur** is a free app which can blur sensitive portions of pictures before sharing them online. + + [:octicons-home-16: Homepage](https://privacyblur.app/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur) + - [:simple-appstore: App Store](https://apps.apple.com/us/app/privacyblur/id1536274106) + +!!! warning + + You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, draw a box over the text. For this, we suggest apps like [Pocket Paint](https://github.com/Catrobat/Paintroid). + +## Command-line + +### ExifTool + +!!! recommendation + + ![ExifTool logo](assets/img/data-redaction/exiftool.png){ align=right } + + **ExifTool** is the original perl library and command-line application for reading, writing, and editing meta information (Exif, IPTC, XMP, and more) in a wide variety of file formats (JPEG, TIFF, PNG, PDF, RAW, and more). + + It's often a component of other Exif removal applications and is in most Linux distribution repositories. + + [:octicons-home-16: Homepage](https://exiftool.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://exiftool.org/faq.html){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/exiftool/exiftool){ .card-link title="Source Code" } + [:octicons-heart-16:](https://exiftool.org/#donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://exiftool.org) + - [:simple-apple: macOS](https://exiftool.org) + - [:simple-linux: Linux](https://exiftool.org) + +!!! example "Deleting data from a directory of files" + + ```bash + exiftool -all= *.file_extension + ``` + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Apps developed for open-source operating systems must be open-source. +- Apps must be free and should not include ads or other limitations. diff --git a/i18n/ku/desktop-browsers.md b/i18n/ku/desktop-browsers.md new file mode 100644 index 00000000..1c21c296 --- /dev/null +++ b/i18n/ku/desktop-browsers.md @@ -0,0 +1,262 @@ +--- +title: "Desktop Browsers" +icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. +--- + +These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. + +## Firefox + +!!! recommendation + + ![Firefox logo](assets/img/browsers/firefox.svg){ align=right } + + **Firefox** provides strong privacy settings such as [Enhanced Tracking Protection](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop), which can help block various [types of tracking](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop#w_what-enhanced-tracking-protection-blocks). + + [:octicons-home-16: Homepage](https://firefox.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.mozilla.org/privacy/firefox/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://firefox-source-docs.mozilla.org/){ .card-link title=Documentation} + [:octicons-code-16:](https://hg.mozilla.org/mozilla-central){ .card-link title="Source Code" } + [:octicons-heart-16:](https://donate.mozilla.org/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://www.mozilla.org/firefox/windows) + - [:simple-apple: macOS](https://www.mozilla.org/firefox/mac) + - [:simple-linux: Linux](https://www.mozilla.org/firefox/linux) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.mozilla.firefox) + +!!! warning + Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/). + +### Recommended Configuration + +Tor Browser is the only way to truly browse the internet anonymously. When you use Firefox, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. + +These options can be found in :material-menu: → **Settings** → **Privacy & Security**. + +##### Enhanced Tracking Protection + +- [x] Select **Strict** Enhanced Tracking Protection + +This protects you by blocking social media trackers, fingerprinting scripts (note that this does not protect you from *all* fingerprinting), cryptominers, cross-site tracking cookies, and some other tracking content. ETP protects against many common threats, but it does not block all tracking avenues because it is designed to have minimal to no impact on site usability. + +##### Sanitize on Close + +If you want to stay logged in to particular sites, you can allow exceptions in **Cookies and Site Data** → **Manage Exceptions...** + +- [x] Check **Delete cookies and site data when Firefox is closed** + +This protects you from persistent cookies, but does not protect you against cookies acquired during any one browsing session. When this is enabled, it becomes possible to easily cleanse your browser cookies by simply restarting Firefox. You can set exceptions on a per-site basis, if you wish to stay logged in to a particular site you visit often. + +##### Search Suggestions + +- [ ] Uncheck **Provide search suggestions** + +Search suggestion features may not be available in your region. + +Search suggestions send everything you type in the address bar to the default search engine, regardless of whether you submit an actual search. Disabling search suggestions allows you to more precisely control what data you send to your search engine provider. + +##### Telemetry + +- [ ] Uncheck **Allow Firefox to send technical and interaction data to Mozilla** +- [ ] Uncheck **Allow Firefox to install and run studies** +- [ ] Uncheck **Allow Firefox to send backlogged crash reports on your behalf** + +> Firefox sends data about your Firefox version and language; device operating system and hardware configuration; memory, basic information about crashes and errors; outcome of automated processes like updates, safebrowsing, and activation to us. When Firefox sends data to us, your IP address is temporarily collected as part of our server logs. + +Additionally, the Firefox Accounts service collects [some technical data](https://www.mozilla.org/en-US/privacy/firefox/#firefox-accounts). If you use a Firefox Account you can opt-out: + +1. Open your [profile settings on accounts.firefox.com](https://accounts.firefox.com/settings#data-collection) +2. Uncheck **Data Collection and Use** > **Help improve Firefox Accounts** + +##### HTTPS-Only Mode + +- [x] Select **Enable HTTPS-Only Mode in all windows** + +This prevents you from unintentionally connecting to a website in plain-text HTTP. Sites without HTTPS are uncommon nowadays, so this should have little to no impact on your day to day browsing. + +### Firefox Sync + +[Firefox Sync](https://hacks.mozilla.org/2018/11/firefox-sync-privacy/) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices and protects it with E2EE. + +### Arkenfox (advanced) + +The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of carefully considered options for Firefox. If you [decide](https://github.com/arkenfox/user.js/wiki/1.1-To-Arkenfox-or-Not) to use Arkenfox, a [few options](https://github.com/arkenfox/user.js/wiki/3.2-Overrides-[Common]) are subjectively strict and/or may cause some websites to not work properly - [which you can easily change](https://github.com/arkenfox/user.js/wiki/3.1-Overrides) to suit your needs. We **strongly recommend** reading through their full [wiki](https://github.com/arkenfox/user.js/wiki). Arkenfox also enables [container](https://support.mozilla.org/en-US/kb/containers#w_for-advanced-users) support. + +## Brave + +!!! recommendation + + ![Brave logo](assets/img/browsers/brave.svg){ align=right } + + **Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features/), many of which are enabled by default. + + Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues. + + [:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary } + [:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" } + + ??? downloads annotate + + - [:simple-github: GitHub](https://github.com/brave/brave-browser/releases) + - [:simple-windows11: Windows](https://brave.com/download/) + - [:simple-apple: macOS](https://brave.com/download/) + - [:simple-linux: Linux](https://brave.com/linux/) (1) + + 1. We advise against using the Flatpak version of Brave, as it replaces Chromium's sandbox with Flatpak's, which is less effective. Additionally, the package is not maintained by Brave Software, Inc. + +### Recommended Configuration + +Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. + +These options can be found in :material-menu: → **Settings**. + +##### Shields + +Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) feature. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit. + +Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following: + +
    + +- [x] Select **Prevent sites from fingerprinting me based on my language preferences** +- [x] Select **Aggressive** under Trackers & ads blocking + + ??? warning "Use default filter lists" + Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use. + +- [x] (Optional) Select **Block Scripts** (1) +- [x] Select **Strict, may break sites** under Block fingerprinting + +
    + +1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension. + +##### Social media blocking + +- [ ] Uncheck all social media components + +##### Privacy and security + +
    + +- [x] Select **Disable non-proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc) +- [ ] Uncheck **Use Google services for push messaging** +- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)** +- [ ] Uncheck **Automatically send daily usage ping to Brave** +- [ ] Uncheck **Automatically send diagnostic reports** +- [x] Select **Always use secure connections** in the **Security** menu +- [ ] Uncheck **Private window with Tor** (1) + + !!! tip "Sanitizing on Close" + - [x] Select **Clear cookies and site data when you close all windows** in the *Cookies and other site data* menu + + If you wish to stay logged in to a particular site you visit often, you can set exceptions on a per-site basis under the *Customized behaviors* section. + +
    + +1. Brave is **not** as resistant to fingerprinting as the Tor Browser and far fewer people use Brave with Tor, so you will stand out. Where [strong anonymity is required](https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity-) use the [Tor Browser](tor.md#tor-browser). + +##### Extensions + +Disable built-in extensions you do not use in **Extensions** + +- [ ] Uncheck **Hangouts** +- [ ] Uncheck **WebTorrent** + +##### IPFS + +InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it. + +- [x] Select **Disabled** on Method to resolve IPFS resources + +##### Additional settings + +Under the *System* menu + +
    + +- [ ] Uncheck **Continue running apps when Brave is closed** to disable background apps (1) + +
    + +1. This option is not present on all platforms. + +### Brave Sync + +[Brave Sync](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE. + +## Additional Resources + +We generally do not recommend installing any extensions as they increase your attack surface. However, uBlock Origin may prove useful if you value content blocking functionality. + +### uBlock Origin + +!!! recommendation + + ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ align=right } + + **uBlock Origin** is a popular content blocker that could help you block ads, trackers, and fingerprinting scripts. + + [:octicons-repo-16: Repository](https://github.com/gorhill/uBlock#readme){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/gorhill/uBlock/wiki/Privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/gorhill/uBlock/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/gorhill/uBlock){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/ublock-origin/) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm) + - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak) + +We suggest following the [developer's documentation](https://github.com/gorhill/uBlock/wiki/Blocking-mode) and picking one of the "modes". Additional filter lists can impact performance and [may increase attack surface](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css). + +##### Other lists + +These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashboard:-Filter-lists) that you may want to consider adding: + +- [x] Check **Privacy** > **AdGuard URL Tracking Protection** +- Add [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt) + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Minimum Requirements + +- Must be open-source software. +- Supports automatic updates. +- Receives engine updates in 0-1 days from upstream release. +- Available on Linux, macOS, and Windows. +- Any changes required to make the browser more privacy-respecting should not negatively impact user experience. +- Blocks third-party cookies by default. +- Supports [state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning) to mitigate cross-site tracking.[^1] + +### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Includes built-in content blocking functionality. +- Supports cookie compartmentalization (à la [Multi-Account Containers](https://support.mozilla.org/en-US/kb/containers)). +- Supports Progressive Web Apps. + PWAs enable you to install certain websites as if they were native apps on your computer. This can have advantages over installing Electron-based apps, because you benefit from your browser's regular security updates. +- Does not include add-on functionality (bloatware) that does not impact user privacy. +- Does not collect telemetry by default. +- Provides open-source sync server implementation. +- Defaults to a [private search engine](search-engines.md). + +### Extension Criteria + +- Must not replicate built-in browser or OS functionality. +- Must directly impact user privacy, i.e. must not simply provide information. + +[^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/ku/desktop.md b/i18n/ku/desktop.md new file mode 100644 index 00000000..2db4d119 --- /dev/null +++ b/i18n/ku/desktop.md @@ -0,0 +1,183 @@ +--- +title: "Desktop/PC" +icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. +--- + +Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. + +- [General Linux Overview :material-arrow-right-drop-circle:](os/linux-overview.md) + +## Traditional Distributions + +### Fedora Workstation + +!!! recommendation + + ![Fedora logo](assets/img/linux-desktop/fedora-workstation.svg){ align=right } + + **Fedora Workstation** is our recommended distribution for people new to Linux. Fedora generally adopts newer technologies before other distributions e.g., [Wayland](https://wayland.freedesktop.org/), [PipeWire](https://pipewire.org). These new technologies often come with improvements in security, privacy, and usability in general. + + [:octicons-home-16: Homepage](https://getfedora.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://docs.fedoraproject.org/en-US/docs/){ .card-link title=Documentation} + [:octicons-heart-16:](https://whatcanidoforfedora.org/){ .card-link title=Contribute } + +Fedora has a semi-rolling release cycle. While some packages like [GNOME](https://www.gnome.org) are frozen until the next Fedora release, most packages (including the kernel) are updated frequently throughout the lifespan of the release. Each Fedora release is supported for one year, with a new version released every 6 months. + +### openSUSE Tumbleweed + +!!! recommendation + + ![openSUSE Tumbleweed logo](assets/img/linux-desktop/opensuse-tumbleweed.svg){ align=right } + + **openSUSE Tumbleweed** is a stable rolling release distribution. + + openSUSE Tumbleweed has a [transactional update](https://kubic.opensuse.org/blog/2018-04-04-transactionalupdates/) system that uses [Btrfs](https://en.wikipedia.org/wiki/Btrfs) and [Snapper](https://en.opensuse.org/openSUSE:Snapper_Tutorial) to ensure that snapshots can be rolled back should there be a problem. + + [:octicons-home-16: Homepage](https://get.opensuse.org/tumbleweed/){ .md-button .md-button--primary } + [:octicons-info-16:](https://doc.opensuse.org/){ .card-link title=Documentation} + [:octicons-heart-16:](https://shop.opensuse.org/){ .card-link title=Contribute } + +Tumbleweed follows a rolling release model where each update is released as a snapshot of the distribution. When you upgrade your system, a new snapshot is downloaded. Each snapshot is run through a series of automated tests by [openQA](https://openqa.opensuse.org) to ensure its quality. + +### Arch Linux + +!!! recommendation + + ![Arch logo](assets/img/linux-desktop/archlinux.svg){ align=right } + + **Arch Linux** is a lightweight, do-it-yourself (DIY) distribution meaning that you only get what you install. For more information see their [FAQ](https://wiki.archlinux.org/title/Frequently_asked_questions). + + [:octicons-home-16: Homepage](https://archlinux.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://wiki.archlinux.org/){ .card-link title=Documentation} + [:octicons-heart-16:](https://archlinux.org/donate/){ .card-link title=Contribute } + +Arch Linux has a rolling release cycle. There is no fixed release schedule and packages are updated very frequently. + +Being a DIY distribution, you are [expected to set up and maintain](os/linux-overview.md#arch-based-distributions) your system on your own. Arch has an [official installer](https://wiki.archlinux.org/title/Archinstall) to make the installation process a little easier. + +A large portion of [Arch Linux’s packages](https://reproducible.archlinux.org) are [reproducible](https://reproducible-builds.org). + +## Immutable Distributions + +### Fedora Silverblue + +!!! recommendation + + ![Fedora Silverblue logo](assets/img/linux-desktop/fedora-silverblue.svg){ align=right } + + **Fedora Silverblue** and **Fedora Kinoite** are immutable variants of Fedora with a strong focus on container workflows. Silverblue comes with the [GNOME](https://www.gnome.org/) desktop environment while Kinoite comes with [KDE](https://kde.org/). Silverblue and Kinoite follow the same release schedule as Fedora Workstation, benefiting from the same fast updates and staying very close to upstream. + + [:octicons-home-16: Homepage](https://silverblue.fedoraproject.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://docs.fedoraproject.org/en-US/fedora-silverblue/){ .card-link title=Documentation} + [:octicons-heart-16:](https://whatcanidoforfedora.org/){ .card-link title=Contribute } + +Silverblue (and Kinoite) differ from Fedora Workstation as they replace the [DNF](https://fedoraproject.org/wiki/DNF) package manager with a much more advanced alternative called [`rpm-ostree`](https://docs.fedoraproject.org/en-US/fedora/rawhide/system-administrators-guide/package-management/rpm-ostree/). The `rpm-ostree` package manager works by downloading a base image for the system, then overlaying packages over it in a [git](https://en.wikipedia.org/wiki/Git)-like commit tree. When the system is updated, a new base image is downloaded and the overlays will be applied to that new image. + +After the update is complete you will reboot the system into the new deployment. `rpm-ostree` keeps two deployments of the system so that you can easily rollback if something breaks in the new deployment. There is also the option to pin more deployments as needed. + +[Flatpak](https://www.flatpak.org) is the primary package installation method on these distributions, as `rpm-ostree` is only meant to overlay packages that cannot stay inside of a container on top of the base image. + +As an alternative to Flatpaks, there is the option of [Toolbox](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/) to create [Podman](https://podman.io) containers with a shared home directory with the host operating system and mimic a traditional Fedora environment, which is a [useful feature](https://containertoolbx.org) for the discerning developer. + +### NixOS + +!!! recommendation + + ![NixOS logo](assets/img/linux-desktop/nixos.svg){ align=right } + + NixOS is an independent distribution based on the Nix package manager with a focus on reproducibility and reliability. + + [:octicons-home-16: Homepage](https://nixos.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://nixos.org/learn.html){ .card-link title=Documentation} + [:octicons-heart-16:](https://nixos.org/donate.html){ .card-link title=Contribute } + +NixOS’s package manager keeps every version of every package in a different folder in the **Nix store**. Due to this you can have different versions of the same package installed on your system. After the package contents have been written to the folder, the folder is made read-only. + +NixOS also provides atomic updates; first it downloads (or builds) the packages and files for the new system generation and then switches to it. There are different ways to switch to a new generation; you can tell NixOS to activate it after reboot or you can switch to it at runtime. You can also *test* the new generation by switching to it at runtime, but not setting it as the current system generation. If something in the update process breaks, you can just reboot and automatically and return to a working version of your system. + +Nix the package manager uses a purely functional language - which is also called Nix - to define packages. + +[Nixpkgs](https://github.com/nixos/nixpkgs) (the main source of packages) are contained in a single GitHub repository. You can also define your own packages in the same language and then easily include them in your config. + +Nix is a source-based package manager; if there’s no pre-built available in the binary cache, Nix will just build the package from source using its definition. It builds each package in a sandboxed *pure* environment, which is as independent of the host system as possible, thus making binaries reproducible. + +## Anonymity-Focused Distributions + +### Whonix + +!!! recommendation + + ![Whonix logo](assets/img/linux-desktop/whonix.svg){ align=right } + + **Whonix** is based on [Kicksecure](https://www.whonix.org/wiki/Kicksecure), a security-focused fork of Debian. It aims to provide privacy, security, and anonymity on the internet. Whonix is best used in conjunction with [Qubes OS](#qubes-os). + + [:octicons-home-16: Homepage](https://www.whonix.org/){ .md-button .md-button--primary } + [:simple-torbrowser:](http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion){ .card-link title="Onion Service" } + [:octicons-info-16:](https://www.whonix.org/wiki/Documentation){ .card-link title=Documentation} + [:octicons-heart-16:](https://www.whonix.org/wiki/Donate){ .card-link title=Contribute } + +Whonix is meant to run as two virtual machines: a “Workstation” and a Tor “Gateway.” All communications from the Workstation must go through the Tor gateway. This means that even if the Workstation is compromised by malware of some kind, the true IP address remains hidden. + +Some of its features include Tor Stream Isolation, [keystroke anonymization](https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak), [encrypted swap](https://github.com/Whonix/swap-file-creator), and a hardened memory allocator. + +Future versions of Whonix will likely include [full system AppArmor policies](https://github.com/Whonix/apparmor-profile-everything) and a [sandbox app launcher](https://www.whonix.org/wiki/Sandbox-app-launcher) to fully confine all processes on the system. + +Whonix is best used [in conjunction with Qubes](https://www.whonix.org/wiki/Qubes/Why_use_Qubes_over_other_Virtualizers), Qubes-Whonix has various [disadvantages](https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581) when compared to other hypervisors. + +### Tails + +!!! recommendation + + ![Tails logo](assets/img/linux-desktop/tails.svg){ align=right } + + **Tails** is a live operating system based on Debian that routes all communications through Tor, which can boot on on almost any computer from a DVD, USB stick, or SD card installation. It uses [Tor](tor.md) to preserve privacy and anonymity while circumventing censorship, and it leaves no trace of itself on the computer it is used on after it is powered off. + + [:octicons-home-16: Homepage](https://tails.boum.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://tails.boum.org/doc/index.en.html){ .card-link title=Documentation} + [:octicons-heart-16:](https://tails.boum.org/donate/){ .card-link title=Contribute } + +Tails is great for counter forensics due to amnesia (meaning nothing is written to the disk); however, it is not a hardened distribution like Whonix. It lacks many anonymity and security features that Whonix has and gets updated much less often (only once every six weeks). A Tails system that is compromised by malware may potentially bypass the transparent proxy allowing for the user to be deanonymized. + +Tails includes [uBlock Origin](desktop-browsers.md#ublock-origin) in Tor Browser by default, which may potentially make it easier for adversaries to fingerprint Tails users. [Whonix](desktop.md#whonix) virtual machines may be more leak-proof, however they are not amnesic, meaning data may be recovered from your storage device. + +By design, Tails is meant to completely reset itself after each reboot. Encrypted [persistent storage](https://tails.boum.org/doc/persistent_storage/index.en.html) can be configured to store some data between reboots. + +## Security-focused Distributions + +### Qubes OS + +!!! recommendation + + ![Qubes OS logo](assets/img/qubes/qubes_os.svg){ align=right } + + **Qubes OS** is an open-source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and use most of the Linux drivers. + + [:octicons-home-16: Homepage](https://www.qubes-os.org/){ .md-button .md-button--primary } + [:material-arrow-right-drop-circle: Overview](os/qubes-overview.md){ .md-button .md-button--primary } + [:simple-torbrowser:](http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://www.qubes-os.org/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://www.qubes-os.org/doc/){ .card-link title=Documentation } + [:octicons-code-16:](https://github.com/QubesOS/){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.qubes-os.org/donate/){ .card-link title=Contribute } + +Qubes OS is a Xen-based operating system meant to provide strong security for desktop computing through secure virtual machines (VMs), also known as *Qubes*. + +The Qubes OS operating system secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate VMs. Should one part of the system be compromised, the extra isolation is likely to protect the rest of the system. For further details see the Qubes [FAQ](https://www.qubes-os.org/faq/). + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +Our recommended operating systems: + +- Must be open-source. +- Must receive regular software and Linux kernel updates. +- Linux distributions must support [Wayland](os/linux-overview.md#Wayland). +- Must support full-disk encryption during installation. +- Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. +- Must support a wide variety of hardware. diff --git a/i18n/ku/dns.md b/i18n/ku/dns.md new file mode 100644 index 00000000..ca458095 --- /dev/null +++ b/i18n/ku/dns.md @@ -0,0 +1,139 @@ +--- +title: "چارەسەرکەرانی DNS" +icon: material/dns +description: ئەمانە هەندێک لە دابینکەرانی DNSـی شفرەکراون، کە پێشنیاری بەکارهێنانیان دەکەین. بۆ ڕزگارت بوون لە شێوەپێدراوە بنەڕەتیکانی ISPـیەکەت. +--- + +DNSـی شفرەکراو تەنها دەبێت بەکار بهێنرێت لەگەڵ ڕاژەکاری لایەنی سێیەم بۆ تێپەڕاندنی [قەدەغەکردنێکی DNSـی](https://en.wikipedia.org/wiki/DNS_blocking) سادە. کاتێک دڵنیا دەبیت کە هیچ دەرئەنجامێک نابێت. DNSـی شفرەکراو یارمەتیت نادات لە شاردنەوەی هیچ یەکێک لە چالاکیەکانی گەڕانت. + +[دەربارەی DNS زیاتر فێربە:material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} + +## دابینکەرانی پێشنیارکراو + +| دابینکەری DNS | سیاسەتی تایبەتێتـی | پڕۆتۆکۆڵەکان | هەڵگرتنی تۆمار | ECS | پاڵاوتن | +| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------- | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
    DoH/3
    DoT
    DNSCrypt | هەندێک    ١ | نەخێر | لەسەر بنەمای هەڵبژاردنی ڕاژەیە. لیستی پاڵاوتنی بەکارهێنراو لێرە دەدۆزرێتەوە. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
    DoH
    DoT | هەندێک٢ | نەخێر | لەسەر بنەمای هەڵبژاردنی ڕاژەیە. | +| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
    DoH/3
    DoT
    DoQ | ئارەزوومەندانە٣ | نەخێر | لەسەر بنەمای هەڵبژاردنی ڕاژەیە. | +| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
    DoT | نەخێر٤ | نەخێر | لەسەر بنەمای هەڵبژاردنی ڕاژەیە. لیستی پاڵاوتنی بەکارهێنراو لێرە دەدۆزرێتەوە. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | +| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
    DoH
    DoT | ئارەزوومەندانە٥ | ئارەزوومەندانە | لەسەر بنەمای هەڵبژاردنی ڕاژەیە. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
    DoH
    DoT
    DNSCrypt | هەندێک٦ | ئارەزوومەندانە | لەسەر بنەمای هەڵبژاردنی ڕاژەیە، لەبنەڕەتەوە بەربەستی زیانەواڵەیە. | + +## پێوەرەکان + +**تکایە تێبینی ئەوە بکە کە ئێمە سەر بە هیچ کام لەو پرۆژانە نین کە پێشنیاری دەکەین.** وە جگە لە [ پێوەرە بنچینەییەکانمان](about/criteria.md), ئێمە کۆمەڵێک داواکاری ڕوونمان دامەزراندووە بۆ ئەوەی ڕێگەمان پێبدات پێشنیاری بنچینە بکەین. ئێمە پێشنیاری ئەوە دەکەین کە تۆ خۆت ئاشنا بکەیت لەگەڵ ئەم لیستە پێش هەڵبژاردن و بەکارهێنانی دابینکەرەکە وە لێکۆڵینەوەی خۆت بکەیت بۆ دڵنیابوون لەوەی، کە ئەمە هەڵبژاردنێکی گونجاوە بۆ تۆ. + +!!! نموونە "ئەم بەشە نوێیە" + + ئێمە کار لەسەر دانانی پێوەرە پێناسەکراوەکان دەکەین بۆ هەموو بەشێکی ماڵپەڕەکەمان, وە ئەمە لەوانەیە بگۆڕدرێت. ئەگەر هیچ پرسیارێکت هەیە سەبارەت بە پێوەرەکانی ئێمە. ئەوا تکایە [لە سەکۆکەمان پرسیار بکە](https://discuss.privacyguides.net/latest). وە وادامەنێ کە ئێمە هیچ شتێکمان لەبەرچاو نەگرتوە لە کاتی دروستکردنی پێشنیارەکانمان ئەگەر لە لیستەکە نەبێت. چەندین هۆکار هەن کە لەبەرچاو دەگرین و گفتوگۆیان لەسەر دەکرێت کاتێک پێشنیاری پرۆژەیەک دەکەین. وە تۆمارکردنی هەریەکەیان کارێکی بەردەوامە. + +- پێویستە بشتگیری [DNSSEC](advanced/dns-overview.md#what-is-dnssec) بکات. +- [بچووکردنەوەی QNAME](advanced/dns-overview.md#what-is-qname-minimization). +- ڕێگە بە ناچالاک کردنی [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) بدات. +- پەسند کردنی [Anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) یان پشتگیری "ئاڕاستەی-جوگرافی". + +## پشتگیری لە سیستەمی کارپێکەری بنەچەیی + +### ئەندرۆید + +ئەندرۆیدی ٩ و سەرووتر پشتگیری DNS دەکەن لە ڕێگەی TLS. ڕێکخستنەکان دەتوانرێ بدۆزرێتەوە لە: **Settings**→**Network & Internet**→**Private DNS**. + +### ئامێرەکانی Apple + +کۆتا وەشەنەکان لە tvOS، iPadOS، iOS لەگەڵ macOS هەموویان پشتگیری لە DoT و DoH دەکەن. هەردوو پرۆتۆکۆلەکە بە شێوەیەکی ڕەسەن پشتگیری دەکرێن لە ڕێگەی [شێوەپێدانی پڕؤفایلەکان](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) یان لە ڕێگەی [ڕێکخستنەکانیDNS API](https://developer.apple.com/documentation/networkextension/dns_settings). + +دوای دامەزراندنی شێوەپێدانێکی پڕۆفایل یان کاربەرنامەیەک کە ڕێکخستنەکانی DNS API بەکاردێنێ، دەتوانیت شێوەپێدانی DNS دیاریبکەیت. ئەگەر VPN چالاک بێت، چارەسەری ناو تونێلی VPNـەکە ڕێکخستەنەکانی DNSـی VPNـەکە بەکاردێنیت. نەک ڕێکخستەنە فراوانەکەی سیستەمەکەت. + +#### Signed Profiles + +Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/). + +!!! info + + `systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. + +## Encrypted DNS Proxies + +Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns). + +### RethinkDNS + +!!! recommendation + + ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right } + ![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right } + + **RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too. + + [:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns) + - [:simple-github: GitHub](https://github.com/celzero/rethink-app/releases) + +### dnscrypt-proxy + +!!! recommendation + + ![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right } + + **dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS). + + !!! warning "The anonymized DNS feature does [**not**](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic." + + [:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" } + [:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows) + - [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS) + - [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux) + +## Self-hosted Solutions + +A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed. + +### AdGuard Home + +!!! recommendation + + ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right } + + **AdGuard Home** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements. + + AdGuard Home features a polished web interface to view insights and manage blocked content. + + [:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } + [:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" } + +### Pi-hole + +!!! recommendation + + ![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right } + + **Pi-hole** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements. + + Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content. + + [:octicons-home-16: Homepage](https://pi-hole.net/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } + [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } + +[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) +[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) +[^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) +[^4]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/) +[^5]: NextDNS can provide insights and logging features on an opt-in basis. You can choose retention times and log storage locations for any logs you choose to keep. If it's not specifically requested, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy) +[^6]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/) diff --git a/i18n/ku/email-clients.md b/i18n/ku/email-clients.md new file mode 100644 index 00000000..eec0e292 --- /dev/null +++ b/i18n/ku/email-clients.md @@ -0,0 +1,238 @@ +--- +title: "Email Clients" +icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. +--- + +Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. + +??? warning "Email does not provide forward secrecy" + + When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have [some metadata](email.md#email-metadata-overview) that is not encrypted in the header of the email. + + OpenPGP also does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed: [How do I protect my private keys?](basics/email-security.md) Consider using a medium that provides forward secrecy: + + [Real-time Communication](real-time-communication.md){ .md-button } + +## Cross-Platform + +### Thunderbird + +!!! recommendation + + ![Thunderbird logo](assets/img/email-clients/thunderbird.svg){ align=right } + + **Thunderbird** is a free, open-source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Twitter) client developed by the Thunderbird community, and previously by the Mozilla Foundation. + + [:octicons-home-16: Homepage](https://www.thunderbird.net){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.mozilla.org/privacy/thunderbird){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mozilla.org/products/thunderbird){ .card-link title=Documentation} + [:octicons-code-16:](https://hg.mozilla.org/comm-central){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-windows11: Windows](https://www.thunderbird.net) + - [:simple-apple: macOS](https://www.thunderbird.net) + - [:simple-linux: Linux](https://www.thunderbird.net) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.mozilla.Thunderbird) + +#### Recommended Configuration + +We recommend changing some of these settings to make Thunderbird a little more private. + +These options can be found in :material-menu: → **Settings** → **Privacy & Security**. + +##### Web Content + +- [ ] Uncheck **Remember websites and links I've visited** +- [ ] Uncheck **Accept cookies from sites** + +##### Telemetry + +- [ ] Uncheck **Allow Thunderbird to send technical and interaction data to Mozilla** + +#### Thunderbird-user.js (advanced) + +[`thunderbird-user.js`](https://github.com/HorlogeSkynet/thunderbird-user.js), is a set of configurations options that aims to disable as many of the web-browsing features within Thunderbird as possible in order to reduce surface area and maintain privacy. Some of the changes are backported from the [Arkenfox project](https://github.com/arkenfox/user.js). + +## Platform Specific + +### Apple Mail (macOS) + +!!! recommendation + + ![Apple Mail logo](assets/img/email-clients/applemail.png){ align=right } + + **Apple Mail** is included in macOS and can be extended to have OpenPGP support with [GPG Suite](encryption.md#gpg-suite), which adds the ability to send PGP-encrypted email. + + [:octicons-home-16: Homepage](https://support.apple.com/guide/mail/welcome/mac){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.apple.com/legal/privacy/en-ww/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.apple.com/guide/mail/toc){ .card-link title=Documentation} + +### Canary Mail (iOS) + +!!! recommendation + + ![Canary Mail logo](assets/img/email-clients/canarymail.svg){ align=right } + + **Canary Mail** is a paid email client designed to make end-to-end encryption seamless with security features such as a biometric app lock. + + [:octicons-home-16: Homepage](https://canarymail.io){ .md-button .md-button--primary } + [:octicons-eye-16:](https://canarymail.io/privacy.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://canarymail.zendesk.com/){ .card-link title=Documentation} + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.canarymail.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1236045954) + - [:simple-windows11: Windows](https://canarymail.io/downloads.html) + +!!! warning + + Canary Mail only recently released a Windows and Android client, though we don't believe they are as stable as their iOS and Mac counterparts. + +Canary Mail is closed-source. We recommend it due to the few choices there are for email clients on iOS that support PGP E2EE. + +### FairEmail (Android) + +!!! recommendation + + ![FairEmail logo](assets/img/email-clients/fairemail.svg){ align=right } + + **FairEmail** is a minimal, open-source email app, using open standards (IMAP, SMTP, OpenPGP) with a low data and battery usage. + + [:octicons-home-16: Homepage](https://email.faircode.eu){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/M66B/FairEmail/blob/master/PRIVACY.md){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/M66B/FairEmail/blob/master/FAQ.md){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/M66B/FairEmail){ .card-link title="Source Code" } + [:octicons-heart-16:](https://email.faircode.eu/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=eu.faircode.email) + - [:simple-github: GitHub](https://github.com/M66B/FairEmail/releases) + +### GNOME Evolution (GNOME) + +!!! recommendation + + ![Evolution logo](assets/img/email-clients/evolution.svg){ align=right } + + **Evolution** is a personal information management application that provides integrated mail, calendaring and address book functionality. Evolution has extensive [documentation](https://help.gnome.org/users/evolution/stable/) to help you get started. + + [:octicons-home-16: Homepage](https://wiki.gnome.org/Apps/Evolution){ .md-button .md-button--primary } + [:octicons-eye-16:](https://wiki.gnome.org/Apps/Evolution/PrivacyPolicy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://help.gnome.org/users/evolution/stable/){ .card-link title=Documentation} + [:octicons-code-16:](https://gitlab.gnome.org/GNOME/evolution/){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.gnome.org/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.gnome.Evolution) + +### K-9 Mail (Android) + +!!! recommendation + + ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ align=right } + + **K-9 Mail** is an independent mail application that supports both POP3 and IMAP mailboxes, but only supports push mail for IMAP. + + In the future, K-9 Mail will be the [officially branded](https://k9mail.app/2022/06/13/K-9-Mail-and-Thunderbird.html) Thunderbird client for Android. + + [:octicons-home-16: Homepage](https://k9mail.app){ .md-button .md-button--primary } + [:octicons-eye-16:](https://k9mail.app/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.k9mail.app/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/k9mail/k-9){ .card-link title="Source Code" } + [:octicons-heart-16:](https://k9mail.app/contribute){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.fsck.k9) + - [:simple-github: GitHub](https://github.com/k9mail/k-9/releases) + +!!! warning + + When replying to someone on a mailing list the "reply" option may also include the mailing list. For more information see [thundernest/k-9 #3738](https://github.com/thundernest/k-9/issues/3738). + +### Kontact (KDE) + +!!! recommendation + + ![Kontact logo](assets/img/email-clients/kontact.svg){ align=right } + + **Kontact** is a personal information manager (PIM) application from the [KDE](https://kde.org) project. It provides a mail client, address book, organizer and RSS client. + + [:octicons-home-16: Homepage](https://kontact.kde.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://kontact.kde.org/users/){ .card-link title=Documentation} + [:octicons-code-16:](https://invent.kde.org/pim/kmail){ .card-link title="Source Code" } + [:octicons-heart-16:](https://kde.org/community/donations/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-linux: Linux](https://kontact.kde.org/download) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.kde.kontact) + +### Mailvelope (Browser) + +!!! recommendation + + ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ align=right } + + **Mailvelope** is a browser extension that enables the exchange of encrypted emails following the OpenPGP encryption standard. + + [:octicons-home-16: Homepage](https://www.mailvelope.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.mailvelope.com/en/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://mailvelope.com/faq){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/mailvelope/mailvelope){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/mailvelope) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/mailvelope/kajibbejlbohfaggdiogboambcijhkke) + - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/mailvelope/dgcbddhdhjppfdfjpciagmmibadmoapc) + +### NeoMutt (CLI) + +!!! recommendation + + ![NeoMutt logo](assets/img/email-clients/mutt.svg){ align=right } + + **NeoMutt** is an open-source command line mail reader (or MUA) for Linux and BSD. It's a fork of [Mutt](https://en.wikipedia.org/wiki/Mutt_(email_client)) with added features. + + NeoMutt is a text-based client that has a steep learning curve. It is however, very customizable. + + [:octicons-home-16: Homepage](https://neomutt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://neomutt.org/guide/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/neomutt/neomutt){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.paypal.com/paypalme/russon/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-apple: macOS](https://neomutt.org/distro) + - [:simple-linux: Linux](https://neomutt.org/distro) + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Minimum Qualifications + +- Apps developed for open-source operating systems must be open-source. +- Must not collect telemetry, or have an easy way to disable all telemetry. +- Must support OpenPGP message encryption. + +### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Should be open-source. +- Should be cross-platform. +- Should not collect any telemetry by default. +- Should support OpenPGP natively, i.e. without extensions. +- Should support storing OpenPGP encrypted emails locally. diff --git a/i18n/ku/email.md b/i18n/ku/email.md new file mode 100644 index 00000000..7ab4c31d --- /dev/null +++ b/i18n/ku/email.md @@ -0,0 +1,510 @@ +--- +title: "Email Services" +icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. +--- + +Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. + +[Recommended Instant Messengers](real-time-communication.md ""){.md-button} + +For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. + +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + +## OpenPGP Compatible Services + +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
    + +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
    + +!!! warning + + When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about [email metadata](basics/email-security.md#email-metadata-overview). + + OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys) + +### Proton Mail + +!!! recommendation + + ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } + + **Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan. + + [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } + [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id979659905) + - [:simple-github: GitHub](https://github.com/ProtonMail/proton-mail-android/releases) + - [:simple-windows11: Windows](https://proton.me/mail/bridge#download) + - [:simple-apple: macOS](https://proton.me/mail/bridge#download) + - [:simple-linux: Linux](https://proton.me/mail/bridge#download) + - [:octicons-browser-16: Web](https://mail.proton.me) + +Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com). + +If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free. + +Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. + +#### :material-check:{ .pg-green } Custom Domains and Aliases + +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. + +#### :material-check:{ .pg-green } Private Payment Methods + +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. + +#### :material-check:{ .pg-green } Account Security + +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. + +#### :material-check:{ .pg-green } Data Security + +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. + +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. + +#### :material-check:{ .pg-green } Email Encryption + +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. + +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. + +#### :material-alert-outline:{ .pg-orange } Digital Legacy + +Proton Mail doesn't offer a digital legacy feature. + +#### :material-information-outline:{ .pg-blue } Account Termination + +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. + +### Mailbox.org + +!!! recommendation + + ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right } + + **Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with 2 GB of storage, which can be upgraded as needed. + + [:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentation} + + ??? downloads + + - [:octicons-browser-16: Web](https://login.mailbox.org) + +#### :material-check:{ .pg-green } Custom Domains and Aliases + +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. + +#### :material-check:{ .pg-green } Private Payment Methods + +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. + +#### :material-check:{ .pg-green } Account Security + +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. + +#### :material-information-outline:{ .pg-blue } Data Security + +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. + +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. + +#### :material-check:{ .pg-green } Email Encryption + +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. + +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. + +#### :material-check:{ .pg-green } Digital Legacy + +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. + +#### :material-information-outline:{ .pg-blue } Account Termination + +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
    + +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
    + +### StartMail + +!!! recommendation + + ![StartMail logo](assets/img/email/startmail.svg#only-light){ align=right } + ![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ align=right } + + **StartMail** is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail has been in operation since 2014 and is based in Boulevard 11, Zeist Netherlands. Accounts start with 10GB. They offer a 30-day trial. + + [:octicons-home-16: Homepage](https://www.startmail.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.startmail.com/en/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.startmail.com){ .card-link title=Documentation} + + ??? downloads + + - [:octicons-browser-16: Web](https://mail.startmail.com/login) + +#### :material-check:{ .pg-green } Custom Domains and Aliases + +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. + +#### :material-alert-outline:{ .pg-orange } Private Payment Methods + +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. + +#### :material-check:{ .pg-green } Account Security + +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. + +#### :material-information-outline:{ .pg-blue } Data Security + +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. + +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. + +#### :material-check:{ .pg-green } Email Encryption + +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. + +#### :material-alert-outline:{ .pg-orange } Digital Legacy + +StartMail does not offer a digital legacy feature. + +#### :material-information-outline:{ .pg-blue } Account Termination + +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. + +### Tutanota + +!!! recommendation + + ![Tutanota logo](assets/img/email/tutanota.svg){ align=right } + + **Tutanota** is an email service with a focus on security and privacy through the use of encryption. Tutanota has been in operation since **2011** and is based in Hanover, Germany. Accounts start with 1GB storage with their free plan. + + [:octicons-home-16: Homepage](https://tutanota.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://tutanota.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://tutanota.com/faq){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/tutao/tutanota){ .card-link title="Source Code" } + [:octicons-heart-16:](https://tutanota.com/community/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.tutao.tutanota) + - [:simple-appstore: App Store](https://apps.apple.com/app/tutanota/id922429609) + - [:simple-github: GitHub](https://github.com/tutao/tutanota/releases) + - [:simple-windows11: Windows](https://tutanota.com/#download) + - [:simple-apple: macOS](https://tutanota.com/#download) + - [:simple-linux: Linux](https://tutanota.com/#download) + - [:octicons-browser-16: Web](https://mail.tutanota.com/) + +Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. + +#### :material-check:{ .pg-green } Custom Domains and Aliases + +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. + +#### :material-information-outline:{ .pg-blue } Private Payment Methods + +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. + +#### :material-check:{ .pg-green } Account Security + +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. + +#### :material-check:{ .pg-green } Data Security + +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. + +#### :material-information-outline:{ .pg-blue } Email Encryption + +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). + +#### :material-alert-outline:{ .pg-orange } Digital Legacy + +Tutanota doesn't offer a digital legacy feature. + +#### :material-information-outline:{ .pg-blue } Account Termination + +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. + +## Email Aliasing Services + +An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. + +
    + +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
    + +Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. + +Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: + +- Aliases can be turned on and off individually when you need them, preventing websites from emailing you randomly. +- Replies are sent from the alias address, shielding your real email address. + +They also have a number of benefits over "temporary email" services: + +- Aliases are permanent and can be turned on again if you need to receive something like a password reset. +- Emails are sent to your trusted mailbox rather than stored by the alias provider. +- Temporary email services typically have public mailboxes which can be accessed by anyone who knows the address, aliases are private to you. + +Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as your own custom domain(s) for a modest yearly fee. They can also be self-hosted if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the at (@) sign. + +Using an aliasing service requires trusting both your email provider and your aliasing provider with your unencrypted messages. Some providers mitigate this slightly with automatic PGP encryption, which reduces the number of parties you need to trust from two to one by encrypting incoming emails before they are delivered to your final mailbox provider. + +### AnonAddy + +!!! recommendation + + ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ align=right } + ![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ align=right } + + **AnonAddy** lets you create 20 domain aliases on a shared domain for free, or unlimited "standard" aliases which are less anonymous. + + [:octicons-home-16: Homepage](https://anonaddy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonaddy.com/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://app.anonaddy.com/docs/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/anonaddy){ .card-link title="Source Code" } + [:octicons-heart-16:](https://anonaddy.com/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-android: Android](https://anonaddy.com/faq/#is-there-an-android-app) + - [:material-apple-ios: iOS](https://anonaddy.com/faq/#is-there-an-ios-app) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-GB/firefox/addon/anonaddy/) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/anonaddy-anonymous-email/iadbdpnoknmbdeolbapdackdcogdmjpe) + +The number of shared aliases (which end in a shared domain like @anonaddy.me) that you can create is limited to 20 on AnonAddy's free plan and 50 on their $12/year plan. You can create unlimited standard aliases (which end in a domain like @[username].anonaddy.com or a custom domain on paid plans), however, as previously mentioned, this can be detrimental to privacy because people can trivially tie your standard aliases together based on the domain name alone. Unlimited shared aliases are available for $36/year. + +Notable free features: + +- [x] 20 Shared Aliases +- [x] Unlimited Standard Aliases +- [ ] No Outgoing Replies +- [x] 2 Recipient Mailboxes +- [x] Automatic PGP Encryption + +### SimpleLogin + +!!! recommendation + + ![Simplelogin logo](assets/img/email/simplelogin.svg){ align=right } + + **SimpleLogin** is a free service which provides email aliases on a variety of shared domain names, and optionally provides paid features like unlimited aliases and custom domains. + + [:octicons-home-16: Homepage](https://simplelogin.io){ .md-button .md-button--primary } + [:octicons-eye-16:](https://simplelogin.io/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://simplelogin.io/docs/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/simple-login){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.simplelogin.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1494359858) + - [:simple-github: GitHub](https://github.com/simple-login/Simple-Login-Android/releases) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-US/firefox/addon/simplelogin/) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/dphilobhebphkdjbpfohgikllaljmgbn) + - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/simpleloginreceive-sen/diacfpipniklenphgljfkmhinphjlfff) + - [:simple-safari: Safari](https://apps.apple.com/app/id1494051017) + +SimpleLogin was [acquired by Proton AG](https://proton.me/news/proton-and-simplelogin-join-forces) as of April 8, 2022. If you use Proton Mail for your primary mailbox, SimpleLogin is a great choice. As both products are now owned by the same company you now only have to trust a single entity. We also expect that SimpleLogin will be more tightly integrated with Proton's offerings in the future. SimpleLogin continues to support forwarding to any email provider of your choosing. Securitum [audited](https://simplelogin.io/blog/security-audit/) SimpleLogin in early 2022 and all issues [were addressed](https://simplelogin.io/audit2022/web.pdf). + +You can link your SimpleLogin account in the settings with your Proton account. If you have the Proton Unlimited, Business, or Visionary Plan, you will have SimpleLogin Premium for free. + +Notable free features: + +- [x] 10 Shared Aliases +- [x] Unlimited Replies +- [x] 1 Recipient Mailbox + +## Self-Hosting Email + +Advanced system administrators may consider setting up their own email server. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. + +### Combined software solutions + +!!! recommendation + + ![Mailcow logo](assets/img/email/mailcow.svg){ align=right } + + **Mailcow** is a more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mail server with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. + + [:octicons-home-16: Homepage](https://mailcow.email){ .md-button .md-button--primary } + [:octicons-info-16:](https://mailcow.github.io/mailcow-dockerized-docs/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/mailcow/mailcow-dockerized){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.servercow.de/mailcow?lang=en#sal){ .card-link title=Contribute } + +!!! recommendation + + ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ align=right } + + **Mail-in-a-Box** is an automated setup script for deploying a mail server on Ubuntu. Its goal is to make it easier for people to set up their own mail server. + + [:octicons-home-16: Homepage](https://mailinabox.email){ .md-button .md-button--primary } + [:octicons-info-16:](https://mailinabox.email/guide.html){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/mail-in-a-box/mailinabox){ .card-link title="Source Code" } + +For a more manual approach we've picked out these two articles: + +- [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019) +- [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide/) (August 2017) + +## Criteria + +**Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you. + +### Technology + +We regard these features as important in order to provide a safe and optimal service. You should consider whether the provider which has the features you require. + +**Minimum to Qualify:** + +- Encrypts email account data at rest with zero-access encryption. +- Export capability as [Mbox](https://en.wikipedia.org/wiki/Mbox) or individual .eml with [RFC5322](https://datatracker.ietf.org/doc/rfc5322/) standard. +- Allow users to use their own [domain name](https://en.wikipedia.org/wiki/Domain_name). Custom domain names are important to users because it allows them to maintain their agency from the service, should it turn bad or be acquired by another company which doesn't prioritize privacy. +- Operates on owned infrastructure, i.e. not built upon third-party email service providers. + +**Best Case:** + +- Encrypts all account data (Contacts, Calendars, etc) at rest with zero-access encryption. +- Integrated webmail E2EE/PGP encryption provided as a convenience. +- Support for [WKD](https://wiki.gnupg.org/WKD) to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key by typing: `gpg --locate-key example_user@example.com` +- Support for a temporary mailbox for external users. This is useful when you want to send an encrypted email, without sending an actual copy to your recipient. These emails usually have a limited lifespan and then are automatically deleted. They also don't require the recipient to configure any cryptography like OpenPGP. +- Availability of the email provider's services via an [onion service](https://en.wikipedia.org/wiki/.onion). +- [Subaddressing](https://en.wikipedia.org/wiki/Email_address#Subaddressing) support. +- Catch-all or alias functionality for those who own their own domains. +- Use of standard email access protocols such as IMAP, SMTP or [JMAP](https://en.wikipedia.org/wiki/JSON_Meta_Application_Protocol). Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider. + +### Privacy + +We prefer our recommended providers to collect as little data as possible. + +**Minimum to Qualify:** + +- Protect sender's IP address. Filter it from showing in the `Received` header field. +- Don't require personally identifiable information (PII) besides a username and a password. +- Privacy policy that meets the requirements defined by the GDPR +- Must not be hosted in the US due to [ECPA](https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act#Criticism) which has [yet to be reformed](https://epic.org/ecpa/). + +**Best Case:** + +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) + +### Security + +Email servers deal with a lot of very sensitive data. We expect that providers will adopt best industry practices in order to protect their members. + +**Minimum to Qualify:** + +- Protection of webmail with 2FA, such as TOTP. +- Zero access encryption, builds on encryption at rest. The provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to or remote adversary from releasing data they have stolen by gaining unauthorized access to the server. +- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support. +- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://www.hardenize.com/), [testssl.sh](https://testssl.sh/), or [Qualys SSL Labs](https://www.ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)). +- A server suite preference (optional on TLSv1.3) for strong cipher suites which support forward secrecy and authenticated encryption. +- A valid [MTA-STS](https://tools.ietf.org/html/rfc8461) and [TLS-RPT](https://tools.ietf.org/html/rfc8460) policy. +- Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. +- Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. +- Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). +- [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. +- Website security standards such as: + - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) + - [Subresource Integrity](https://en.wikipedia.org/wiki/Subresource_Integrity) if loading things from external domains. +- Must support viewing of [Message headers](https://en.wikipedia.org/wiki/Email#Message_header), as it is a crucial forensic feature to determine if an email is a phishing attempt. + +**Best Case:** + +- Support for hardware authentication, i.e. U2F and [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn). U2F and WebAuthn are more secure as they use a private key stored on a client-side hardware device to authenticate people, as opposed to a shared secret that is stored on the web server and on the client side when using TOTP. Furthermore, U2F and WebAuthn are more resistant to phishing as their authentication response is based on the authenticated [domain name](https://en.wikipedia.org/wiki/Domain_name). +- [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support. +- Implementation of [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), this is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617). +- Bug-bounty programs and/or a coordinated vulnerability-disclosure process. +- Website security standards such as: + - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) + +### Trust + +You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. + +**Minimum to Qualify:** + +- Public-facing leadership or ownership. + +**Best Case:** + +- Public-facing leadership. +- Frequent transparency reports. + +### Marketing + +With the email providers we recommend we like to see responsible marketing. + +**Minimum to Qualify:** + +- Must self-host analytics (no Google Analytics, Adobe Analytics, etc). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for those who wish to opt-out. + +Must not have any marketing which is irresponsible: + +- Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it. +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: + +- Reusing personal information e.g. (email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc) +- [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) + +**Best Case:** + +- Clear and easy to read documentation. This includes things like, setting up 2FA, email clients, OpenPGP, etc. + +### Additional Functionality + +While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. diff --git a/i18n/ku/encryption.md b/i18n/ku/encryption.md new file mode 100644 index 00000000..ded8533b --- /dev/null +++ b/i18n/ku/encryption.md @@ -0,0 +1,356 @@ +--- +title: "Encryption Software" +icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. +--- + +Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. + +## Multi-platform + +The options listed here are multi-platform and great for creating encrypted backups of your data. + +### Cryptomator (Cloud) + +!!! recommendation + + ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ align=right } + + **Cryptomator** is an encryption solution designed for privately saving files to any cloud provider. It allows you to create vaults that are stored on a virtual drive, the contents of which are encrypted and synced with your cloud storage provider. + + [:octicons-home-16: Homepage](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Source Code" } + [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.cryptomator) + - [:simple-appstore: App Store](https://apps.apple.com/us/app/cryptomator-2/id1560822163) + - [:simple-android: Android](https://cryptomator.org/android) + - [:simple-windows11: Windows](https://cryptomator.org/downloads) + - [:simple-apple: macOS](https://cryptomator.org/downloads) + - [:simple-linux: Linux](https://cryptomator.org/downloads) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.cryptomator.Cryptomator) + +Cryptomator uses AES-256 encryption to encrypt both files and filenames. Cryptomator cannot encrypt metadata such as access, modification, and creation timestamps, nor the number and size of files and folders. + +Some Cryptomator cryptographic libraries have been [audited](https://community.cryptomator.org/t/has-there-been-a-security-review-audit-of-cryptomator/44) by Cure53. The scope of the audited libraries includes: [cryptolib](https://github.com/cryptomator/cryptolib), [cryptofs](https://github.com/cryptomator/cryptofs), [siv-mode](https://github.com/cryptomator/siv-mode) and [cryptomator-objc-cryptor](https://github.com/cryptomator/cryptomator-objc-cryptor). The audit did not extend to [cryptolib-swift](https://github.com/cryptomator/cryptolib-swift), which is a library used by Cryptomator for iOS. + +Cryptomator's documentation details its intended [security target](https://docs.cryptomator.org/en/latest/security/security-target/), [security architecture](https://docs.cryptomator.org/en/latest/security/architecture/), and [best practices](https://docs.cryptomator.org/en/latest/security/best-practices/) for use in further detail. + +### Picocrypt (File) + +!!! recommendation + + ![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ align=right } + + **Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features. + + [:octicons-repo-16: Repository](https://github.com/HACKERALERT/Picocrypt){ .md-button .md-button--primary } + [:octicons-code-16:](https://github.com/HACKERALERT/Picocrypt){ .card-link title="Source Code" } + [:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://github.com/HACKERALERT/Picocrypt/releases) + - [:simple-apple: macOS](https://github.com/HACKERALERT/Picocrypt/releases) + - [:simple-linux: Linux](https://github.com/HACKERALERT/Picocrypt/releases) + +### VeraCrypt (Disk) + +!!! recommendation + + ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ align=right } + ![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ align=right } + + **VeraCrypt** is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication. + + [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary } + [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation} + [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" } + [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html) + - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html) + - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html) + +VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed. + +When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher. + +Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit). + +## OS Full Disk Encryption + +Modern operating systems include [FDE](https://en.wikipedia.org/wiki/Disk_encryption) and will have a [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor). + +### BitLocker + +!!! recommendation + + ![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right } + + **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [ElcomSoft](https://en.wikipedia.org/wiki/ElcomSoft), a forensics company, has written about it in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/). + + [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation} + +BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites. + +??? example "Enabling BitLocker on Windows Home" + + To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. + + 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style": + + ``` + powershell Get-Disk + ``` + + 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`: + + ``` + powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm + ``` + + 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**. + + 4. Login with your admin account and type this in the command prompt to start encryption: + + ``` + manage-bde -on c: -used + ``` + + 5. Close the command prompt and continue booting to regular Windows. + + 6. Open an admin command prompt and run the following commands: + + ``` + manage-bde c: -protectors -add -rp -tpm + manage-bde -protectors -enable c: + manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt + ``` + + !!! tip + + Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data. + +### FileVault + +!!! recommendation + + ![FileVault logo](assets/img/encryption-software/filevault.png){ align=right } + + **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip. + + [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation} + +We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery. + +### Linux Unified Key Setup + +!!! recommendation + + ![LUKS logo](assets/img/encryption-software/luks.png){ align=right } + + **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers. + + [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary } + [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation} + [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" } + +??? example "Creating and opening encrypted containers" + + ``` + dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress + sudo cryptsetup luksFormat /path-to-file + ``` + + + #### Opening encrypted containers + We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface. + ``` + udisksctl loop-setup -f /path-to-file + udisksctl unlock -b /dev/loop0 + ``` + +!!! note "Remember to back up volume headers" + + We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with: + + ``` + cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img + ``` + +## Browser-based + +Browser-based encryption can be useful when you need to encrypt a file but cannot install software or apps on your device. + +### hat.sh + +!!! recommendation + + ![hat.sh logo](assets/img/encryption-software/hat-sh.png#only-light){ align=right } + ![hat.sh logo](assets/img/encryption-software/hat-sh-dark.png#only-dark){ align=right } + + **Hat.sh** is a web application that provides secure client-side file encryption in your browser. It can also be self-hosted and is useful if you need to encrypt a file but cannot install any software on your device due to organizational policies. + + [:octicons-globe-16: Website](https://hat.sh){ .md-button .md-button--primary } + [:octicons-eye-16:](https://hat.sh/about/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://hat.sh/about/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/sh-dv/hat.sh){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/sh-dv/hat.sh#donations){ .card-link title="Donations methods can be found at the bottom of the website" } + +## Command-line + +Tools with command-line interfaces are useful for integrating [shell scripts](https://en.wikipedia.org/wiki/Shell_script). + +### Kryptor + +!!! recommendation + + ![Kryptor logo](assets/img/encryption-software/kryptor.png){ align=right } + + **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG. + + [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://www.kryptor.co.uk) + - [:simple-apple: macOS](https://www.kryptor.co.uk) + - [:simple-linux: Linux](https://www.kryptor.co.uk) + +### Tomb + +!!! recommendation + + ![Tomb logo](assets/img/encryption-software/tomb.png){ align=right } + + **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work). + + [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute } + +## OpenPGP + +OpenPGP is sometimes needed for specific tasks such as digitally signing and encrypting email. PGP has many features and is [complex](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) as it has been around a long time. For tasks such as signing or encrypting files, we suggest the above options. + +When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf). + +!!! tip "Use future defaults when generating a key" + + When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/): + + ```bash + gpg --quick-gen-key alice@example.com future-default + ``` + +### GNU Privacy Guard + +!!! recommendation + + ![GNU Privacy Guard logo](assets/img/encryption-software/gnupg.svg){ align=right } + + **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government. + + [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation} + [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) + - [:simple-windows11: Windows](https://gpg4win.org/download.html) + - [:simple-apple: macOS](https://gpgtools.org) + - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary) + +### GPG4win + +!!! recommendation + + ![GPG4win logo](assets/img/encryption-software/gpg4win.svg){ align=right } + + **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005. + + [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation} + [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" } + [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://gpg4win.org/download.html) + +### GPG Suite + +!!! note + + We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices. + +!!! recommendation + + ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right } + + **GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS. + + We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support. + + [:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-apple: macOS](https://gpgtools.org) + +### OpenKeychain + +!!! recommendation + + ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ align=right } + + **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015). + + [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Minimum Qualifications + +- Cross-platform encryption apps must be open-source. +- File encryption apps must support decryption on Linux, macOS, and Windows. +- External disk encryption apps must support decryption on Linux, macOS, and Windows. +- Internal (OS) disk encryption apps must be cross-platform or built in to the operating system natively. + +### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. +- File encryption apps should have first- or third-party support for mobile platforms. diff --git a/i18n/ku/file-sharing.md b/i18n/ku/file-sharing.md new file mode 100644 index 00000000..3e79d791 --- /dev/null +++ b/i18n/ku/file-sharing.md @@ -0,0 +1,147 @@ +--- +title: "File Sharing and Sync" +icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. +--- + +Discover how to privately share your files between your devices, with your friends and family, or anonymously online. + +## File Sharing + +### Send + +!!! recommendation + + ![Send logo](assets/img/file-sharing-sync/send.svg){ align=right } + + **Send** is a fork of Mozilla’s discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee/). You can use other public instances, or you can host Send yourself. + + [:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary } + [:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"} + [:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title=Contribute } + +Send can be used via its web interface or via the [ffsend](https://github.com/timvisee/ffsend) CLI. If you are familiar with the command-line and send files frequently, we recommend using the CLI client to avoid JavaScript-based encryption. You can specify the `--host` flag to use a specific server: + +```bash +ffsend upload --host https://send.vis.ee/ FILE +``` + +### OnionShare + +!!! recommendation + + ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ align=right } + + **OnionShare** is an open-source tool that lets you securely and anonymously share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files. + + [:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary } + [:simple-torbrowser:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title="Onion Service" } + [:octicons-info-16:](https://docs.onionshare.org){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-windows11: Windows](https://onionshare.org/#download) + - [:simple-apple: macOS](https://onionshare.org/#download) + - [:simple-linux: Linux](https://onionshare.org/#download) + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Must not store decrypted data on a remote server. +- Must be open-source software. +- Must either have clients for Linux, macOS, and Windows; or have a web interface. + +## FreedomBox + +!!! recommendation + + ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ align=right } + + **FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to self-host. + + [:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title=Documentation} + [:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" } + [:octicons-heart-16:](https://freedomboxfoundation.org/donate/){ .card-link title=Contribute } + +## File Sync + +### Nextcloud (Client-Server) + +!!! recommendation + + ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ align=right } + + **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. + + [:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" } + [:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102) + - [:simple-github: GitHub](https://github.com/nextcloud/android/releases) + - [:simple-windows11: Windows](https://nextcloud.com/install/#install-clients) + - [:simple-apple: macOS](https://nextcloud.com/install/#install-clients) + - [:simple-linux: Linux](https://nextcloud.com/install/#install-clients) + - [:simple-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud) + +!!! danger + + We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. + +### Syncthing (P2P) + +!!! recommendation + + ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ align=right } + + **Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS. + + [:octicons-home-16: Homepage](https://syncthing.net){ .md-button .md-button--primary } + [:octicons-info-16:](https://docs.syncthing.net){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/syncthing){ .card-link title="Source Code" } + [:octicons-heart-16:](https://syncthing.net/donations/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nutomic.syncthingandroid) + - [:simple-windows11: Windows](https://syncthing.net/downloads/) + - [:simple-apple: macOS](https://syncthing.net/downloads/) + - [:simple-linux: Linux](https://syncthing.net/downloads/) + - [:simple-freebsd: FreeBSD](https://syncthing.net/downloads/) + - [:simple-openbsd: OpenBSD](https://syncthing.net/downloads/) + - [:simple-netbsd: NetBSD](https://syncthing.net/downloads/) + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +#### Minimum Requirements + +- Must not require a third-party remote/cloud server. +- Must be open-source software. +- Must either have clients for Linux, macOS, and Windows; or have a web interface. + +#### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Has mobile clients for iOS and Android, which at least support document previews. +- Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. diff --git a/i18n/ku/financial-services.md b/i18n/ku/financial-services.md new file mode 100644 index 00000000..480c924c --- /dev/null +++ b/i18n/ku/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/ku/frontends.md b/i18n/ku/frontends.md new file mode 100644 index 00000000..7f245f41 --- /dev/null +++ b/i18n/ku/frontends.md @@ -0,0 +1,267 @@ +--- +title: "Frontends" +icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. +--- + +Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. + +## LBRY + +### Librarian + +!!! recommendation + + ![Librarian logo](assets/img/frontends/librarian.svg#only-light){ align=right } + ![Librarian logo](assets/img/frontends/librarian-dark.svg#only-dark){ align=right } + + **Librarian** is a free and open-source frontend for [Odysee](https://odysee.com/) (LBRY) that is also self-hostable. + + There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support. + + [:octicons-repo-16: Repository](https://codeberg.org/librarian/librarian){ .md-button .md-button--primary } + [:octicons-server-16:](https://librarian.codeberg.page/){ .card-link title="Public Instances"} + [:octicons-info-16:](https://codeberg.org/librarian/librarian/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://codeberg.org/librarian/librarian){ .card-link title="Source Code" } + +!!! warning + + Librarian does not proxy video streams by default. Videos watched through Librarian will still make direct connections to Odysee's servers (e.g. `odycdn.com`); however, some instances may enable proxying which would be detailed in the instance's privacy policy. + +!!! tip + + Librarian is useful if you want watch LBRY content on mobile without mandatory telemetry and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level. + +When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Librarian, as other peoples' usage will be linked to your hosting. + +When you are using a Librarian instance, make sure to read the privacy policy of that specific instance. Librarian instances can be modified by their owners and therefore may not reflect the default policy. Librarian instances feature a "privacy nutrition label" to provide an overview of their policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII. + +## Twitter + +### Nitter + +!!! recommendation + + ![Nitter logo](assets/img/frontends/nitter.svg){ align=right } + + **Nitter** is a free and open-source frontend for [Twitter](https://twitter.com) that is also self-hostable. + + There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support. + + [:octicons-repo-16: Repository](https://github.com/zedeus/nitter){ .md-button .md-button--primary } + [:octicons-server-16:](https://github.com/zedeus/nitter/wiki/Instances){ .card-link title="Public Instances"} + [:octicons-info-16:](https://github.com/zedeus/nitter/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/zedeus/nitter){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/zedeus/nitter#nitter){ .card-link title=Contribute } + +!!! tip + + Nitter is useful if you want to browse Twitter content without having to log in and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level. It also allows you to [create RSS feeds for Twitter](news-aggregators.md#twitter). + +When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Nitter, as other peoples' usage will be linked to your hosting. + +When you are using a Nitter instance, make sure to read the privacy policy of that specific instance. Nitter instances can be modified by their owners and therefore may not reflect the default policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII. + +## TikTok + +### ProxiTok + +!!! recommendation + + ![ProxiTok logo](assets/img/frontends/proxitok.svg){ align=right } + + **ProxiTok** is an open source frontend to the [TikTok](https://www.tiktok.com) website that is also self-hostable. + + There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support. + + [:octicons-repo-16: Repository](https://github.com/pablouser1/ProxiTok){ .md-button .md-button--primary } + [:octicons-server-16:](https://github.com/pablouser1/ProxiTok/wiki/Public-instances){ .card-link title="Public Instances"} + [:octicons-info-16:](https://github.com/pablouser1/ProxiTok/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/pablouser1/ProxiTok){ .card-link title="Source Code" } + +!!! tip + + ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level. + +When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting ProxiTok, as other peoples' usage will be linked to your hosting. + +When you are using a ProxiTok instance, make sure to read the privacy policy of that specific instance. ProxiTok instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII. + +## YouTube + +### FreeTube + +!!! recommendation + + ![FreeTube logo](assets/img/frontends/freetube.svg){ align=right } + + **FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). When using FreeTube, your subscription list and playlists are saved locally on your device. + + By default, FreeTube blocks all YouTube advertisements. In addition, FreeTube optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. + + [:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary } + [:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.freetubeapp.io/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/FreeTubeApp/FreeTube){ .card-link title="Source Code" } + [:octicons-heart-16:](https://liberapay.com/FreeTube){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://freetubeapp.io/#download) + - [:simple-apple: macOS](https://freetubeapp.io/#download) + - [:simple-linux: Linux](https://freetubeapp.io/#download) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/io.freetubeapp.FreeTube) + +!!! warning + + When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + +### Yattee + +!!! recommendation + + ![Yattee logo](assets/img/frontends/yattee.svg){ align=right } + + **Yattee** is a free and open-source privacy oriented video player for iOS, tvOS and macOS for [YouTube](https://youtube.com). When using Yattee, your subscription list are saved locally on your device. + + You will need to take a few [extra steps](https://gonzoknows.com/posts/Yattee/) before you can use Yattee to watch YouTube, due to App Store restrictions. + + [:octicons-home-16: Homepage](https://github.com/yattee/yattee){ .md-button .md-button--primary } + [:octicons-eye-16:](https://r.yattee.stream/docs/privacy.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/yattee/yattee/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/yattee/yattee){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/yattee/yattee/wiki/Donations){ .card-link title=Contribute } + + ??? downloads + + - [:simple-apple: App Store](https://apps.apple.com/us/app/yattee/id1595136629) + - [:simple-github: GitHub](https://github.com/yattee/yattee/releases) + +!!! warning + + When using Yattee, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + +By default, Yattee blocks all YouTube advertisements. In addition, Yattee optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. + +### LibreTube (Android) + +!!! recommendation + + ![LibreTube logo](assets/img/frontends/libretube.svg#only-light){ align=right } + ![LibreTube logo](assets/img/frontends/libretube-dark.svg#only-dark){ align=right } + + **LibreTube** is a free and open-source Android application for [YouTube](https://youtube.com) which uses the [Piped](#piped) API. + + LibreTube allows you to store your subscription list and playlists locally on your Android device, or to an account on your Piped instance of choice, which allows you to access them seamlessly on other devices as well. + + [:octicons-home-16: Homepage](https://libre-tube.github.io){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/libre-tube/LibreTube#privacy-policy-and-disclaimer){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/libre-tube/LibreTube#readme){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/libre-tube/LibreTube){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-github: GitHub](https://github.com/libre-tube/LibreTube/releases) + +!!! warning + + When using LibreTube, your IP address will be visible to the [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) instance you choose and/or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + +By default, LibreTube blocks all YouTube advertisements. Additionally, Libretube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired. + +### NewPipe (Android) + +!!! recommendation annotate + + ![Newpipe logo](assets/img/frontends/newpipe.svg){ align=right } + + **NewPipe** is a free and open-source Android application for [YouTube](https://youtube.com), [SoundCloud](https://soundcloud.com), [media.ccc.de](https://media.ccc.de), [Bandcamp](https://bandcamp.com), and [PeerTube](https://joinpeertube.org/) (1). + + Your subscription list and playlists are saved locally on your Android device. + + [:octicons-home-16: Homepage](https://newpipe.net){ .md-button .md-button--primary } + [:octicons-eye-16:](https://newpipe.net/legal/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://teamnewpipe.github.io/documentation/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/TeamNewPipe/NewPipe){ .card-link title="Source Code" } + [:octicons-heart-16:](https://newpipe.net/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-github: GitHub](https://github.com/TeamNewPipe/NewPipe/releases) + +1. The default instance is [FramaTube](https://framatube.org/), however more can be added via **Settings** → **Content** → **PeerTube instances** + +!!! Warning + + When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + +### Invidious + +!!! recommendation + + ![Invidious logo](assets/img/frontends/invidious.svg#only-light){ align=right } + ![Invidious logo](assets/img/frontends/invidious-dark.svg#only-dark){ align=right } + + **Invidious** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable. + + There are a number of public instances, with some instances having [Tor](https://www.torproject.org) onion services support. + + [:octicons-home-16: Homepage](https://invidious.io){ .md-button .md-button--primary } + [:octicons-server-16:](https://instances.invidious.io){ .card-link title="Public Instances"} + [:octicons-info-16:](https://docs.invidious.io/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/iv-org/invidious){ .card-link title="Source Code" } + [:octicons-heart-16:](https://invidious.io/donate/){ .card-link title=Contribute } + +!!! warning + + Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL. + +!!! tip + + Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level. It does not provide privacy by itself, and we don’t recommend logging into any accounts. + +When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Invidious, as other peoples' usage will be linked to your hosting. + +When you are using an Invidious instance, make sure to read the privacy policy of that specific instance. Invidious instances can be modified by their owners and therefore may not reflect their associated privacy policy. Some instances have Tor .onion addresses which may grant some privacy as long as your search queries don't contain PII. + +### Piped + +!!! recommendation + + ![Piped logo](assets/img/frontends/piped.svg){ align=right } + + **Piped** is a free and open-source frontend for [YouTube](https://youtube.com) that is also self-hostable. + + Piped requires JavaScript in order to function and there are a number of public instances. + + [:octicons-repo-16: Repository](https://github.com/TeamPiped/Piped){ .md-button .md-button--primary } + [:octicons-server-16:](https://piped.kavin.rocks/preferences#ddlInstanceSelection){ .card-link title="Public Instances"} + [:octicons-info-16:](https://piped-docs.kavin.rocks/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute } + +!!! tip + + Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension or to access age-restricted content without an account. It does not provide privacy by itself, and we don’t recommend logging into any accounts. + +When self-hosting, it is important that you have other people using your instance as well in order for you to blend in. You should be careful with where and how you are hosting Piped, as other peoples' usage will be linked to your hosting. + +When you are using a Piped instance, make sure to read the privacy policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +Recommended frontends... + +- Must be open-source software. +- Must be self-hostable. +- Must provide all basic website functionality available to anonymous users. + +We only consider frontends for websites which are... + +- Not normally accessible without JavaScript. diff --git a/i18n/ku/index.md b/i18n/ku/index.md new file mode 100644 index 00000000..e65cc032 --- /dev/null +++ b/i18n/ku/index.md @@ -0,0 +1,42 @@ +--- +template: overrides/home.en.html +hide: + - navigation + - toc + - feedback +--- + + +## Why should I care? + +##### “I have nothing to hide. Why should I care about my privacy?” + +Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, our right to privacy hasn't always been upheld. In several dictatorships, it still isn't. Generations before ours fought for our right to privacy. ==Privacy is a human right, inherent to all of us,== that we are entitled to (without discrimination). + +You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. **Everyone** has something to protect. Privacy is something that makes us human. + +[:material-target-account: Common Internet Threats](basics/common-threats.md ""){.md-button.md-button--primary} + +## What should I do? + +##### First, you need to make a plan + +Trying to protect all your data from everyone all the time is impractical, expensive, and exhausting. But don't worry! Security is a process, and, by thinking ahead, you can put together a plan that's right for you. Security isn't just about the tools you use or the software you download. Rather, it begins by understanding the unique threats you face, and how you can mitigate them. + +==This process of identifying threats and defining countermeasures is called **threat modeling**==, and it forms the basis of every good security and privacy plan. + +[:material-book-outline: Learn More About Threat Modeling](basics/threat-modeling.md ""){.md-button.md-button--primary} + +--- + +## We need you! Here's how to get involved: + +[:simple-discourse:](https://discuss.privacyguides.net/){ title="Join our Forum" } +[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Follow us on Mastodon" } +[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Contribute to this website" } +[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Help translate this website" } +[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chat with us on Matrix" } +[:material-information-outline:](about/index.md){ title="Learn more about us" } +[:material-hand-coin-outline:](about/donate.md){ title="Support the project" } + +It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. diff --git a/i18n/ku/kb-archive.md b/i18n/ku/kb-archive.md new file mode 100644 index 00000000..92daee33 --- /dev/null +++ b/i18n/ku/kb-archive.md @@ -0,0 +1,17 @@ +--- +title: KB Archive +icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. +--- + +# Pages Moved to Blog + +Some pages that used to be in our knowledge base can now be found on our blog: + +- [GrapheneOS vs. CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +- [Signal Configuration Hardening](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) +- [Linux - System Hardening](https://blog.privacyguides.org/2022/04/22/linux-system-hardening/) +- [Linux - Application Sandboxing](https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/) +- [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) +- [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) +- [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) diff --git a/i18n/ku/meta/brand.md b/i18n/ku/meta/brand.md new file mode 100644 index 00000000..53cb9ac4 --- /dev/null +++ b/i18n/ku/meta/brand.md @@ -0,0 +1,22 @@ +--- +title: Branding Guidelines +--- + +The name of the website is **Privacy Guides** and should **not** be changed to: + +
    +- PrivacyGuides +- Privacy guides +- PG +- PG.org +
    + +The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**. + +Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand) + +## Trademark + +"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. + +Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. diff --git a/i18n/ku/meta/git-recommendations.md b/i18n/ku/meta/git-recommendations.md new file mode 100644 index 00000000..f59b5f81 --- /dev/null +++ b/i18n/ku/meta/git-recommendations.md @@ -0,0 +1,46 @@ +--- +title: Git Recommendations +--- + +If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations. + +## Enable SSH Key Commit Signing + +You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent). + +1. Configure your Git client to sign commits and tags by default (remove `--global` to only sign by default for this repo): + ``` + git config --global commit.gpgsign true + git config --global gpg.format ssh + git config --global tag.gpgSign true + ``` +2. Copy your SSH public key to your clipboard, for example: + ``` + pbcopy < ~/.ssh/id_ed25519.pub + # Copies the contents of the id_ed25519.pub file to your clipboard + ``` +3. Set your SSH key for signing in Git with the following command, replacing the last string in quotes with the public key in your clipboard: + ``` + git config --global user.signingkey 'ssh-ed25519 AAAAC3(...) user@example.com' + ``` + +Ensure you [add your SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) **as a Signing Key** (as opposed to or in addition to as an Authentication Key). + +## Rebase on Git pull + +Use `git pull --rebase` instead of `git pull` when pulling in changes from GitHub to your local machine. This way your local changes will always be "on top of" the latest changes on GitHub, and you avoid merge commits (which are disallowed in this repo). + +You can set this to be the default behavior: + +``` +git config --global pull.rebase true +``` + +## Rebase from `main` before submitting a PR + +If you are working on your own branch, run these commands before submitting a PR: + +``` +git fetch origin +git rebase origin/main +``` diff --git a/i18n/ku/meta/uploading-images.md b/i18n/ku/meta/uploading-images.md new file mode 100644 index 00000000..55f136f8 --- /dev/null +++ b/i18n/ku/meta/uploading-images.md @@ -0,0 +1,89 @@ +--- +title: Uploading Images +--- + +Here are a couple of general rules for contributing to Privacy Guides: + +## Images + +- We **prefer** SVG images, but if those do not exist we can use PNG images + +Company logos have canvas size of: + +- 128x128px +- 384x128px + +## Optimization + +### PNG + +Use the [OptiPNG](https://sourceforge.net/projects/optipng/) to optimize the PNG image: + +```bash +optipng -o7 file.png +``` + +### SVG + +#### Inkscape + +[Scour](https://github.com/scour-project/scour) all SVG images. + +In Inkscape: + +1. File Save As.. +2. Set type to Optimized SVG (*.svg) + +In the **Options** tab: + +- **Number of significant digits for coordinates** > **5** +- [x] Turn on **Shorten color values** +- [x] Turn on **Convert CSS attributes to XML attributes** +- [x] Turn on **Collapse groups** +- [x] Turn on **Create groups for similar attributes** +- [ ] Turn off **Keep editor data** +- [ ] Turn off **Keep unreferenced definitions** +- [x] Turn on **Work around renderer bugs** + +In the **SVG Output** tab under **Document options**: + +- [ ] Turn off **Remove the XML declaration** +- [x] Turn on **Remove metadata** +- [x] Turn on **Remove comments** +- [x] Turn on **Embeded raster images** +- [x] Turn on **Enable viewboxing** + +In the **SVG Output** under **Pretty-printing**: + +- [ ] Turn off **Format output with line-breaks and indentation** +- **Indentation characters** > Select **Space** +- **Depth of indentation** > **1** +- [ ] Turn off **Strip the "xml:space" attribute from the root SVG element** + +In the **IDs** tab: + +- [x] Turn on **Remove unused IDs** +- [ ] Turn off **Shorten IDs** +- **Prefix shortened IDs with** > `leave blank` +- [x] Turn on **Preserve manually created IDs not ending with digits** +- **Preserve the following IDs** > `leave blank` +- **Preserve IDs starting with** > `leave blank` + +#### CLI + +The same can be achieved with the [Scour](https://github.com/scour-project/scour) command: + +```bash +scour --set-precision=5 \ + --create-groups \ + --renderer-workaround \ + --remove-descriptive-elements \ + --enable-comment-stripping \ + --enable-viewboxing \ + --indent=space \ + --nindent=1 \ + --no-line-breaks \ + --enable-id-stripping \ + --protect-ids-noninkscape \ + input.svg output.svg +``` diff --git a/i18n/ku/meta/writing-style.md b/i18n/ku/meta/writing-style.md new file mode 100644 index 00000000..b9e47a71 --- /dev/null +++ b/i18n/ku/meta/writing-style.md @@ -0,0 +1,87 @@ +--- +title: Writing Style +--- + +Privacy Guides is written in American English, and you should refer to [APA Style guidelines](https://apastyle.apa.org/style-grammar-guidelines/grammar) when in doubt. + +In general the [United States federal plain language guidelines](https://www.plainlanguage.gov/guidelines/) provide a good overview of how to write clearly and concisely. We highlight a few important notes from these guidelines below. + +## Writing for our audience + +Privacy Guides' intended [audience](https://www.plainlanguage.gov/guidelines/audience/) is primarily average, technology using adults. Don't dumb down content as if you are addressing a middle-school class, but don't overuse complicated terminology about concepts average computer users wouldn't be familiar with. + +### Address only what people want to know + +People don't need overly complex articles with little relevance to them. Figure out what you want people to accomplish when writing an article, and only include those details. + +> Tell your audience why the material is important to them. Say, “If you want a research grant, here’s what you have to do.” Or, “If you want to mine federal coal, here’s what you should know.” Or, “If you’re planning a trip to Rwanda, read this first.” + +### Address people directly + +We're writing *for* a wide variety of people, but we are writing *to* the person who is actually reading it. Use "you" to address the reader directly. + +> More than any other single technique, using “you” pulls users into the information and makes it relevant to them. +> +> When you use “you” to address users, they are more likely to understand what their responsibility is. + +Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/audience/address-the-user/) + +### Avoid "users" + +Avoid calling people "users", in favor of "people", or a more specific description of the group of people you are writing for. + +## Organizing content + +Organization is key. Content should flow from most to least important information, and use headers as much as needed to logically separate different ideas. + +- Limit the document to around five or six sections. Long documents should probably be broken up into separate pages. +- Mark important ideas with **bold** or *italics*. + +Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/design/) + +### Begin with a topic sentence + +> If you tell your reader what they’re going to read about, they’re less likely to have to read your paragraph again. Headings help, but they’re not enough. Establish a context for your audience before you provide them with the details. +> +> We often write the way we think, putting our premises first and then our conclusion. It may be the natural way to develop thoughts, but we wind up with the topic sentence at the end of the paragraph. Move it up front and let users know where you’re going. Don’t make readers hold a lot of information in their heads before getting to the point. + +Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/organize/have-a-topic-sentence/) + +## Choose your words carefully + +> Words matter. They are the most basic building blocks of written and spoken communication. Don’t complicate things by using jargon, technical terms, or abbreviations that people won’t understand. + +We should try to avoid abbreviations where possible, but technology is full of abbreviations. In general, spell out the abbreviation/acronym the first time it is used on a page, and add the abbreviation to the abbreviation glossary file when it is used repeatedly. + +> Kathy McGinty offers tongue-in-cheek instructions for bulking up your simple, direct sentences: +> +> > There is no escaping the fact that it is considered very important to note that a number of various available applicable studies ipso facto have generally identified the fact that additional appropriate nocturnal employment could usually keep juvenile adolescents off thoroughfares during the night hours, including but not limited to the time prior to midnight on weeknights and/or 2 a.m. on weekends. +> +> And the original, using stronger, simpler words: +> +> > More night jobs would keep youths off the streets. + +## Be concise + +> Unnecessary words waste your audience’s time. Great writing is like a conversation. Omit information that the audience doesn’t need to know. This can be difficult as a subject matter expert so it’s important to have someone look at the information from the audience’s perspective. + +Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/concise/) + +## Keep text conversational + +> Verbs are the fuel of writing. They give your sentences power and direction. They enliven your writing and make it more interesting. +> +> Verbs tell your audience what to do. Make sure it’s clear who does what. + +### Use active voice + +> Active voice makes it clear who is supposed to do what. It eliminates ambiguity about responsibilities. Not “It must be done,” but “You must do it.” + +Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversational/use-active-voice/) + +### Use "must" for requirements + +> - “must” for an obligation +> - “must not” for a prohibition +> - “may” for a discretionary action +> - “should” for a recommendation diff --git a/i18n/ku/mobile-browsers.md b/i18n/ku/mobile-browsers.md new file mode 100644 index 00000000..d7adee8f --- /dev/null +++ b/i18n/ku/mobile-browsers.md @@ -0,0 +1,192 @@ +--- +title: "Mobile Browsers" +icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. +--- + +These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. + +## Android + +On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196). + +### Brave + +!!! recommendation + + ![Brave logo](assets/img/browsers/brave.svg){ align=right } + + **Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features/), many of which are enabled by default. + + Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues. + + [:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary } + [:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" } + + ??? downloads annotate + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.brave.browser) + - [:simple-github: GitHub](https://github.com/brave/brave-browser/releases) + +#### Recommended Configuration + +Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. + +These options can be found in :material-menu: → **Settings** → **Brave Shields & privacy** + +##### Shields + +Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) feature. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit. + +##### Brave shields global defaults + +Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following: + +
    + +- [x] Select **Aggressive** under Block trackers & ads + + ??? warning "Use default filter lists" + Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use. + +- [x] Select **Upgrade connections to HTTPS** +- [x] (Optional) Select **Block Scripts** (1) +- [x] Select **Strict, may break sites** under **Block fingerprinting** + +
    + +1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension. + +##### Clear browsing data + +- [x] Select **Clear data on exit** + +##### Social Media Blocking + +- [ ] Uncheck all social media components + +##### Other privacy settings + +
    + +- [x] Select **Disable non-proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc) +- [ ] Uncheck **Allow sites to check if you have payment methods saved** +- [ ] Uncheck **IPFS Gateway** (1) +- [x] Select **Close tabs on exit** +- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)** +- [ ] Uncheck **Automatically send diagnostic reports** +- [ ] Uncheck **Automatically send daily usage ping to Brave** + +1. InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it. + +
    + +#### Brave Sync + +[Brave Sync](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE. + +## iOS + +On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser. + +### Safari + +!!! recommendation + + ![Safari logo](assets/img/browsers/safari.svg){ align=right } + + **Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as Intelligent Tracking Protection, Privacy Report, isolated Private Browsing tabs, iCloud Private Relay, and automatic HTTPS upgrades. + + [:octicons-home-16: Homepage](https://www.apple.com/safari/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.apple.com/legal/privacy/data/en/safari/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Documentation} + +#### Recommended Configuration + +These options can be found in :gear: **Settings** → **Safari** → **Privacy and Security**. + +##### Cross-Site Tracking Prevention + +- [x] Enable **Prevent Cross-Site Tracking** + +This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability. + +##### Privacy Report + +Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time. + +Privacy Report is accessible via the Page Settings menu. + +##### Privacy Preserving Ad Measurement + +- [ ] Disable **Privacy Preserving Ad Measurement** + +Ad click measurement has traditionally used tracking technology that infringes on user privacy. [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy. + +The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature. + +##### Always-on Private Browsing + +Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list. + +- [x] Select **Private** + +Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature. + +Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience. + +##### iCloud Sync + +Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, by default, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/). + +You can enable E2EE for you Safari bookmarks and downloads by enabling [Advanced Data Protection](https://support.apple.com/en-us/HT212520). Go to your **Apple ID name → iCloud → Advanced Data Protection**. + +- [x] Turn On **Advanced Data Protection** + +If you use iCloud with Advanced Data Protection disabled, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**. + +### AdGuard + +!!! recommendation + + ![AdGuard logo](assets/img/browsers/adguard.svg){ align=right } + + **AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker). + + AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge. + + [:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary } + [:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1047223162) + +Additional filter lists do slow things down and may increase your attack surface, so only apply what you need. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Minimum Requirements + +- Must support automatic updates. +- Must receive engine updates in 0-1 days from upstream release. +- Any changes required to make the browser more privacy-respecting should not negatively impact user experience. +- Android browsers must use the Chromium engine. + - Unfortunately, Mozilla GeckoView is still less secure than Chromium on Android. + - iOS browsers are limited to WebKit. + +### Extension Criteria + +- Must not replicate built-in browser or OS functionality. +- Must directly impact user privacy, i.e. must not simply provide information. diff --git a/i18n/ku/multi-factor-authentication.md b/i18n/ku/multi-factor-authentication.md new file mode 100644 index 00000000..41030fe3 --- /dev/null +++ b/i18n/ku/multi-factor-authentication.md @@ -0,0 +1,143 @@ +--- +title: "Multi-Factor Authenticators" +icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. +--- + +## Hardware Security Keys + +### YubiKey + +!!! recommendation + + ![YubiKeys](assets/img/multi-factor-authentication/yubikey.png) + + The **YubiKeys** are among the most popular security keys. Some YubiKey models have a wide range of features such as: [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), [Yubico OTP](basics/multi-factor-authentication.md#yubico-otp), [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), [OpenPGP](https://developers.yubico.com/PGP/), [TOTP and HOTP](https://developers.yubico.com/OATH) authentication. + + One of the benefits of the YubiKey is that one key can do almost everything (YubiKey 5), you could expect from a hardware security key. We do encourage you to take the [quiz](https://www.yubico.com/quiz/) before purchasing in order to make sure you make the right choice. + + [:octicons-home-16: Homepage](https://www.yubico.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.yubico.com/){ .card-link title=Documentation} + +The [comparison table](https://www.yubico.com/store/compare/) shows the features and how the YubiKeys compare. We highly recommend that you select keys from the YubiKey 5 Series. + +YubiKeys can be programmed using the [YubiKey Manager](https://www.yubico.com/support/download/yubikey-manager/) or [YubiKey Personalization Tools](https://www.yubico.com/support/download/yubikey-personalization-tools/). For managing TOTP codes, you can use the [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/). All of Yubico's clients are open-source. + +For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never expose them to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker. + +!!! warning + The firmware of YubiKey is not open-source and is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key. + +### Nitrokey / Librem Key + +!!! recommendation + + ![Nitrokey](assets/img/multi-factor-authentication/nitrokey.jpg){ align=right } + + **Nitrokey** has a security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2** or the **Nitrokey Storage 2**. + + [:octicons-home-16: Homepage](https://www.nitrokey.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.nitrokey.com/){ .card-link title=Documentation} + +The [comparison table](https://www.nitrokey.com/#comparison) shows the features and how the Nitrokey models compare. The **Nitrokey 3** listed will have a combined feature set. + +Nitrokey models can be configured using the [Nitrokey app](https://www.nitrokey.com/download). + +For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 for TOTP. Some Nitrokeys can act as a password manager. They can store 16 different credentials and encrypt them using the same password as the OpenPGP interface. + +!!! warning + + While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plugged into, the HOTP and TOTP storage is **not** encrypted and is vulnerable to physical attacks. If you are looking to store HOTP or TOTP these secrets, we highly recommend that you use a Yubikey instead. + +!!! warning + + Resetting the OpenPGP interface on a Nitrokey will also make the password database [inaccessible](https://docs.nitrokey.com/pro/linux/factory-reset). + + The Nitrokey Pro 2, Nitrokey Storage 2, and the upcoming Nitrokey 3 supports system integrity verification for laptops with the [Coreboot](https://www.coreboot.org/) + [Heads](https://osresearch.net/) firmware. Purism's [Librem Key](https://puri.sm/products/librem-key/) is a rebranded NitroKey Pro 2 with similar firmware and can also be used for the same purposes. + +Nitrokey's firmware is open-source, unlike the YubiKey. The firmware on modern NitroKey models (except the **NitroKey Pro 2**) is updatable. + +!!! tip + + The Nitrokey app, while compatible with Librem Keys, requires `libnitrokey` version 3.6 or above to recognize them. Currently, the package is outdated on Windows, macOS, and most Linux distributions' repository, so you will likely have to compile the Nitrokey app yourself to get it working with the Librem Key. On Linux, you can obtain an up-to-date version from [Flathub](https://flathub.org/apps/details/com.nitrokey.nitrokey-app). + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +#### Minimum Requirements + +- Must use high quality, tamper resistant hardware security modules. +- Must support the latest FIDO2 specification. +- Must not allow private key extraction. +- Devices which cost over $35 must support handling OpenPGP and S/MIME. + +#### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Should be available in USB-C form-factor. +- Should be available with NFC. +- Should support TOTP secret storage. +- Should support secure firmware updates. + +## Authenticator Apps + +Authenticator Apps implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be. + +We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and iOS have better security and app isolation than most desktop operating systems. + +### Aegis Authenticator (Android) + +!!! recommendation + + ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ align=right } + + **Aegis Authenticator** is a free, secure and open-source app to manage your 2-step verification tokens for your online services. + + [:octicons-home-16: Homepage](https://getaegis.app){ .md-button .md-button--primary } + [:octicons-eye-16:](https://getaegis.app/aegis/privacy.html){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/beemdevelopment/Aegis/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/beemdevelopment/Aegis){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.buymeacoffee.com/beemdevelopment){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis) + - [:simple-github: GitHub](https://github.com/beemdevelopment/Aegis/releases) + +### Raivo OTP (iOS) + +!!! recommendation + + ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ align=right } + + **Raivo OTP** is a native, lightweight and secure time-based (TOTP) & counter-based (HOTP) password client for iOS. Raivo OTP offers optional iCloud backup & sync. Raivo OTP is also available for macOS in the form of a status bar application, however the Mac app does not work independently of the iOS app. + + [:octicons-home-16: Homepage](https://raivo-otp.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://raivo-otp.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-code-16:](https://github.com/raivo-otp/ios-application){ .card-link title="Source Code" } + [:octicons-heart-16:](https://raivo-otp.com/donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-appstore: App Store](https://apps.apple.com/us/app/raivo-otp/id1459042137) + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Must be open-source software. +- Must not require internet connectivity. +- Must not sync to a third-party cloud sync/backup service. + - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. diff --git a/i18n/ku/news-aggregators.md b/i18n/ku/news-aggregators.md new file mode 100644 index 00000000..2dad5ac0 --- /dev/null +++ b/i18n/ku/news-aggregators.md @@ -0,0 +1,172 @@ +--- +title: "News Aggregators" +icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. +--- + +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. + +## Aggregator clients + +### Akregator + +!!! recommendation + + ![Akregator logo](assets/img/news-aggregators/akregator.svg){ align=right } + + **Akregator** is a news feed reader that is a part of the [KDE](https://kde.org) project. It comes with a fast search, advanced archiving functionality and an internal browser for easy news reading. + + [:octicons-home-16: Homepage](https://apps.kde.org/akregator){ .md-button .md-button--primary } + [:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.kde.org/?application=akregator){ .card-link title=Documentation} + [:octicons-code-16:](https://invent.kde.org/pim/akregator){ .card-link title="Source Code" } + [:octicons-heart-16:](https://kde.org/community/donations/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.kde.akregator) + +### Feeder + +!!! recommendation + + ![Feeder logo](assets/img/news-aggregators/feeder.png){ align=right } + + **Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). + + [:octicons-repo-16: Repository](https://gitlab.com/spacecowboy/Feeder){ .md-button .md-button--primary } + [:octicons-code-16:](https://gitlab.com/spacecowboy/Feeder){ .card-link title="Source Code" } + [:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play) + +### Fluent Reader + +!!! recommendation + + ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ align=right } + + **Fluent Reader** is a secure cross-platform news aggregator that has useful privacy features such as deletion of cookies on exit, strict [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) and proxy support, meaning you can use it over [Tor](tor.md). + + [:octicons-home-16: Homepage](https://hyliu.me/fluent-reader){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/yang991178/fluent-reader/wiki/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/yang991178/fluent-reader){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/sponsors/yang991178){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://hyliu.me/fluent-reader) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1520907427) + +### GNOME Feeds + +!!! recommendation + + ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ align=right } + + **GNOME Feeds** is an [RSS](https://en.wikipedia.org/wiki/RSS) and [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) news reader for [GNOME](https://www.gnome.org). It has a simple interface and is quite fast. + + [:octicons-home-16: Homepage](https://gfeeds.gabmus.org){ .md-button .md-button--primary } + [:octicons-code-16:](https://gitlab.gnome.org/World/gfeeds){ .card-link title="Source Code" } + [:octicons-heart-16:](https://liberapay.com/gabmus/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-linux: Linux](https://gfeeds.gabmus.org/#install) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.gabmus.gfeeds) + +### Miniflux + +!!! recommendation + + ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ align=right } + ![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ align=right } + + **Miniflux** is a web-based news aggregator that you can self-host. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). + + [:octicons-home-16: Homepage](https://miniflux.app){ .md-button .md-button--primary } + [:octicons-info-16:](https://miniflux.app/docs/index.html){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/miniflux/v2){ .card-link title="Source Code" } + [:octicons-heart-16:](https://miniflux.app/#donations){ .card-link title=Contribute } + +### NetNewsWire + +!!! recommendation + + ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ align=right } + + **NetNewsWire** a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set. It supports the typical feed formats alongside built-in support for Twitter and Reddit feeds. + + [:octicons-home-16: Homepage](https://netnewswire.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://netnewswire.com/privacypolicy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://netnewswire.com/help/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/Ranchero-Software/NetNewsWire){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-appstore: App Store](https://apps.apple.com/us/app/netnewswire-rss-reader/id1480640210) + - [:simple-apple: macOS](https://netnewswire.com) + +### Newsboat + +!!! recommendation + + ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ align=right } + + **Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight, and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell). + + [:octicons-home-16: Homepage](https://newsboat.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://newsboat.org/releases/2.27/docs/newsboat.html){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/newsboat/newsboat){ .card-link title="Source Code" } + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Must be open-source software. +- Must operate locally, i.e. must not be a cloud service. + +## Social Media RSS Support + +Some social media services also support RSS although it's not often advertised. + +### Reddit + +Reddit allows you to subscribe to subreddits via RSS. + +!!! example + Replace `subreddit_name` with the subreddit you wish to subscribe to. + + ```text + https://www.reddit.com/r/{{ subreddit_name }}/new/.rss + ``` + +### Twitter + +Using any of the Nitter [instances](https://github.com/zedeus/nitter/wiki/Instances) you can easily subscribe using RSS. + +!!! example + 1. Pick an instance and set `nitter_instance`. + 2. Replace `twitter_account` with the account name. + + ```text + https://{{ nitter_instance }}/{{ twitter_account }}/rss + ``` + +### YouTube + +You can subscribe YouTube channels without logging in and associating usage information with your Google Account. + +!!! example + + To subscribe to a YouTube channel with an RSS client, first look for your [channel code](https://support.google.com/youtube/answer/6180214), replace `[CHANNEL ID]` below: + ```text + https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] + ``` diff --git a/i18n/ku/notebooks.md b/i18n/ku/notebooks.md new file mode 100644 index 00000000..0739f668 --- /dev/null +++ b/i18n/ku/notebooks.md @@ -0,0 +1,114 @@ +--- +title: "Notebooks" +icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. +--- + +Keep track of your notes and journalings without giving them to a third-party. + +If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE. + +## Cloud-based + +### Joplin + +!!! recommendation + + ![Joplin logo](assets/img/notebooks/joplin.svg){ align=right } + + **Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes. + + [:octicons-home-16: Homepage](https://joplinapp.org/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://joplinapp.org/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://joplinapp.org/help/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Source Code" } + [:octicons-heart-16:](https://joplinapp.org/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.cozic.joplin) + - [:simple-appstore: App Store](https://apps.apple.com/us/app/joplin/id1315599797) + - [:simple-github: GitHub](https://github.com/laurent22/joplin-android/releases) + - [:simple-windows11: Windows](https://joplinapp.org/#desktop-applications) + - [:simple-apple: macOS](https://joplinapp.org/#desktop-applications) + - [:simple-linux: Linux](https://joplinapp.org/#desktop-applications) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek) + +Joplin does not support password/PIN protection for the [application itself or individual notes and notebooks](https://github.com/laurent22/joplin/issues/289). However, your data is still encrypted in transit and at the sync location using your master key. Since January 2023, Joplin supports biometrics app lock for [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) and [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z). + +### Standard Notes + +!!! recommendation + + ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right } + + **Standard Notes** is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf). + + [:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" } + [:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.standardnotes) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1285392450) + - [:simple-github: GitHub](https://github.com/standardnotes/app/releases) + - [:simple-windows11: Windows](https://standardnotes.com) + - [:simple-apple: macOS](https://standardnotes.com) + - [:simple-linux: Linux](https://standardnotes.com) + - [:octicons-globe-16: Web](https://app.standardnotes.com/) + +### Cryptee + +!!! recommendation + + ![Cryptee logo](./assets/img/notebooks/cryptee.svg#only-light){ align=right } + ![Cryptee logo](./assets/img/notebooks/cryptee-dark.svg#only-dark){ align=right } + + **Cryptee** is an open-source, web-based E2EE document editor and photo storage application. Cryptee is a PWA, which means that it works seamlessly across all modern devices without requiring native apps for each respective platform. + + [:octicons-home-16: Homepage](https://crypt.ee){ .md-button .md-button--primary } + [:octicons-eye-16:](https://crypt.ee/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://crypt.ee/help){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/cryptee){ .card-link title="Source Code" } + + ??? downloads + + - [:octicons-globe-16: PWA](https://crypt.ee/download) + +Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information. + +## Local notebooks + +### Org-mode + +!!! recommendation + + ![Org-mode logo](assets/img/notebooks/org-mode.svg){ align=right } + + **Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](file-sharing.md#file-sync) tools. + + [:octicons-home-16: Homepage](https://orgmode.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Documentation} + [:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" } + [:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Contribute } + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Clients must be open-source. +- Any cloud sync functionality must be E2EE. +- Must support exporting documents into a standard format. + +### Best Case + +- Local backup/sync functionality should support encryption. +- Cloud-based platforms should support document sharing. diff --git a/i18n/ku/os/android-overview.md b/i18n/ku/os/android-overview.md new file mode 100644 index 00000000..a78631a2 --- /dev/null +++ b/i18n/ku/os/android-overview.md @@ -0,0 +1,169 @@ +--- +title: Android Overview +icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. +--- + +Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. + +## Choosing an Android Distribution + +When you buy an Android phone, the device's default operating system often comes with invasive integration with apps and services that are not part of the [Android Open-Source Project](https://source.android.com/). An example of such is Google Play Services, which has irrevocable privileges to access your files, contacts storage, call logs, SMS messages, location, camera, microphone, hardware identifiers, and so on. These apps and services increase the attack surface of your device and are the source of various privacy concerns with Android. + +This problem could be solved by using a custom Android distribution that does not come with such invasive integration. Unfortunately, many custom Android distributions often violate the Android security model by not supporting critical security features such as AVB, rollback protection, firmware updates, and so on. Some distributions also ship [`userdebug`](https://source.android.com/setup/build/building#choose-a-target) builds which expose root via [ADB](https://developer.android.com/studio/command-line/adb) and require [more permissive](https://github.com/LineageOS/android_system_sepolicy/search?q=userdebug&type=code) SELinux policies to accommodate debugging features, resulting in a further increased attack surface and weakened security model. + +Ideally, when choosing a custom Android distribution, you should make sure that it upholds the Android security model. At the very least, the distribution should have production builds, support for AVB, rollback protection, timely firmware and operating system updates, and SELinux in [enforcing mode](https://source.android.com/security/selinux/concepts#enforcement_levels). All of our recommended Android distributions satisfy these criteria. + +[Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button} + +## Avoid Rooting + +[Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful Verified Boot. Apps that require root will also modify the system partition meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the [attack surface](https://en.wikipedia.org/wiki/Attack_surface) of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and SELinux policy bypasses. + +Adblockers, which modify the [hosts file](https://en.wikipedia.org/wiki/Hosts_(file)) (AdAway) and firewalls (AFWall+) which require root access persistently are dangerous and should not be used. They are also not the correct way to solve their intended purposes. For Adblocking we suggest encrypted [DNS](../dns.md) or [VPN](../vpn.md) server blocking solutions instead. RethinkDNS, TrackerControl and AdAway in non-root mode will take up the VPN slot (by using a local loopback VPN) preventing you from using privacy enhancing services such as Orbot or a real VPN server. + +AFWall+ works based on the [packet filtering](https://en.wikipedia.org/wiki/Firewall_(computing)#Packet_filter) approach and may be bypassable in some situations. + +We do not believe that the security sacrifices made by rooting a phone are worth the questionable privacy benefits of those apps. + +## Verified Boot + +[Verified Boot](https://source.android.com/security/verifiedboot) is an important part of the Android security model. It provides protection against [evil maid](https://en.wikipedia.org/wiki/Evil_maid_attack) attacks, malware persistence, and ensures security updates cannot be downgraded with [rollback protection](https://source.android.com/security/verifiedboot/verified-boot#rollback-protection). + +Android 10 and above has moved away from full-disk encryption to more flexible [file-based encryption](https://source.android.com/security/encryption/file-based). Your data is encrypted using unique encryption keys, and the operating system files are left unencrypted. + +Verified Boot ensures the integrity of the operating system files, thereby preventing an adversary with physical access from tampering or installing malware on the device. In the unlikely case that malware is able to exploit other parts of the system and gain higher privileged access, Verified Boot will prevent and revert changes to the system partition upon rebooting the device. + +Unfortunately, OEMs are only obliged to support Verified Boot on their stock Android distribution. Only a few OEMs such as Google support custom AVB key enrollment on their devices. Additionally, some AOSP derivatives such as LineageOS or /e/ OS do not support Verified Boot even on hardware with Verified Boot support for third-party operating systems. We recommend that you check for support **before** purchasing a new device. AOSP derivatives which do not support Verified Boot are **not** recommended. + +Many OEMs also have broken implementation of Verified Boot that you have to be aware of beyond their marketing. For example, the Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage. + +## Firmware Updates + +Firmware updates are critical for maintaining security and without them your device cannot be secure. OEMs have support agreements with their partners to provide the closed-source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin). + +As the components of the phone, such as the processor and radio technologies rely on closed-source components, the updates must be provided by the respective manufacturers. Therefore, it is important that you purchase a device within an active support cycle. [Qualcomm](https://www.qualcomm.com/news/releases/2020/12/16/qualcomm-and-google-announce-collaboration-extend-android-os-support-and) and [Samsung](https://news.samsung.com/us/samsung-galaxy-security-extending-updates-knox/) support their devices for 4 years, while cheaper products often have shorter support cycles. With the introduction of the [Pixel 6](https://support.google.com/pixelphone/answer/4457705), Google now makes their own SoC and they will provide a minimum of 5 years of support. + +EOL devices which are no longer supported by the SoC manufacturer cannot receive firmware updates from OEM vendors or after market Android distributors. This means that security issues with those devices will remain unfixed. + +Fairphone, for example, markets their devices as receiving 6 years of support. However, the SoC (Qualcomm Snapdragon 750G on the Fairphone 4) has a considerably shorter EOL date. This means that firmware security updates from Qualcomm for the Fairphone 4 will end in September 2023, regardless of whether Fairphone continues to release software security updates. + +## Android Versions + +It's important to not use an [end-of-life](https://endoflife.date/android) version of Android. Newer versions of Android not only receive security updates for the operating system but also important privacy enhancing updates too. For example, [prior to Android 10](https://developer.android.com/about/versions/10/privacy/changes), any apps with the [`READ_PHONE_STATE`](https://developer.android.com/reference/android/Manifest.permission#READ_PHONE_STATE) permission could access sensitive and unique serial numbers of your phone such as [IMEI](https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity), [MEID](https://en.wikipedia.org/wiki/Mobile_equipment_identifier), your SIM card's [IMSI](https://en.wikipedia.org/wiki/International_mobile_subscriber_identity), whereas now they must be system apps to do so. System apps are only provided by the OEM or Android distribution. + +## Android Permissions + +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. + +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. + +## Media Access + +Quite a few applications allows you to "share" a file with them for media upload. If you want to, for example, tweet a picture to Twitter, do not grant Twitter access to your "media and photos", because it will have access to all of your pictures then. Instead, go to your file manager (documentsUI), hold onto the picture, then share it with Twitter. + +## User Profiles + +Multiple user profiles can be found in **Settings** → **System** → **Multiple users** and are the simplest way to isolate in Android. + +With user profiles, you can impose restrictions on a specific profile, such as: making calls, using SMS, or installing apps on the device. Each profile is encrypted using its own encryption key and cannot access the data of any other profiles. Even the device owner cannot view the data of other profiles without knowing their password. Multiple user profiles are a more secure method of isolation. + +## Work Profile + +[Work Profiles](https://support.google.com/work/android/answer/6191949) are another way to isolate individual apps and may be more convenient than separate user profiles. + +A **device controller** app such as [Shelter](#recommended-apps) is required to create a Work Profile without an enterprise MDM, unless you're using a custom Android OS which includes one. + +The work profile is dependent on a device controller to function. Features such as *File Shuttle* and *contact search blocking* or any kind of isolation features must be implemented by the controller. You must also fully trust the device controller app, as it has full access to your data inside of the work profile. + +This method is generally less secure than a secondary user profile; however, it does allow you the convenience of running apps in both the work and personal profiles simultaneously. + +## VPN Killswitch + +Android 7 and above supports a VPN killswitch and it is available without the need to install third-party apps. This feature can prevent leaks if the VPN is disconnected. It can be found in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**. + +## Global Toggles + +Modern Android devices have global toggles for disabling Bluetooth and location services. Android 12 introduced toggles for the camera and microphone. When not in use, we recommend disabling these features. Apps cannot use disabled features (even if granted individual permission) until re-enabled. + +## Google + +If you are using a device with Google services, either your stock operating system or an operating system that safely sandboxes Google Play Services like GrapheneOS, there are a number of additional changes you can make to improve your privacy. We still recommend avoiding Google services entirely, or limiting Google Play services to a specific user/work profile by combining a device controller like *Shelter* with GrapheneOS's Sandboxed Google Play. + +### Advanced Protection Program + +If you have a Google account we suggest enrolling in the [Advanced Protection Program](https://landing.google.com/advancedprotection/). It is available at no cost to anyone with two or more hardware security keys with [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) support. + +The Advanced Protection Program provides enhanced threat monitoring and enables: + +- Stricter two factor authentication; e.g. that [FIDO](../basics/multi-factor-authentication.md#fido-fast-identity-online) **must** be used and disallows the use of [SMS OTPs](../basics/multi-factor-authentication.md#sms-or-email-mfa), [TOTP](../basics/multi-factor-authentication.md#time-based-one-time-password-totp) and [OAuth](https://en.wikipedia.org/wiki/OAuth) +- Only Google and verified third-party apps can access account data +- Scanning of incoming emails on Gmail accounts for [phishing](https://en.wikipedia.org/wiki/Phishing#Email_phishing) attempts +- Stricter [safe browser scanning](https://www.google.com/chrome/privacy/whitepaper.html#malware) with Google Chrome +- Stricter recovery process for accounts with lost credentials + + If you use non-sandboxed Google Play Services (common on stock operating systems), the Advanced Protection Program also comes with [additional benefits](https://support.google.com/accounts/answer/9764949?hl=en) such as: + +- Not allowing app installation outside of the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge) +- Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?hl=en#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work) +- Warning you about unverified applications + +### Google Play System Updates + +In the past, Android security updates had to be shipped by the operating system vendor. Android has become more modular beginning with Android 10, and Google can push security updates for **some** system components via the privileged Play Services. + +If you have an EOL device shipped with Android 10 or above and are unable to run any of our recommended operating systems on your device, you are likely going to be better off sticking with your OEM Android installation (as opposed to an operating system not listed here such as LineageOS or /e/ OS). This will allow you to receive **some** security fixes from Google, while not violating the Android security model by using an insecure Android derivative and increasing your attack surface. We would still recommend upgrading to a supported device as soon as possible. + +### Advertising ID + +All devices with Google Play Services installed automatically generate an [advertising ID](https://support.google.com/googleplay/android-developer/answer/6048248?hl=en) used for targeted advertising. Disable this feature to limit the data collected about you. + +On Android distributions with [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), go to :gear: **Settings** → **Apps** → **Sandboxed Google Play** → **Google Settings** → **Ads**, and select *Delete advertising ID*. + +On Android distributions with privileged Google Play Services (such as stock OSes), the setting may be in one of several locations. Check + +- :gear: **Settings** → **Google** → **Ads** +- :gear: **Settings** → **Privacy** → **Ads** + +You will either be given the option to delete your advertising ID or to *Opt out of interest-based ads*, this varies between OEM distributions of Android. If presented with the option to delete the advertising ID that is preferred. If not, then make sure to opt out and reset your advertising ID. + +### SafetyNet and Play Integrity API + +[SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. + +As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. diff --git a/i18n/ku/os/linux-overview.md b/i18n/ku/os/linux-overview.md new file mode 100644 index 00000000..8ec2c9e7 --- /dev/null +++ b/i18n/ku/os/linux-overview.md @@ -0,0 +1,142 @@ +--- +title: Linux Overview +icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. +--- + +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. + +At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: + +- A verified boot chain, like Apple’s [Secure Boot](https://support.apple.com/guide/security/startup-security-utility-secc7b34e5b5/web) (with [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1)), Android’s [Verified Boot](https://source.android.com/security/verifiedboot), ChromeOS' [Verified boot](https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview/#verified-boot), or Microsoft Windows’s [boot process](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process) with [TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). These features and hardware technologies can all help prevent persistent tampering by malware or [evil maid attacks](https://en.wikipedia.org/wiki/Evil_Maid_attack) +- A strong sandboxing solution such as that found in [macOS](https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html), [ChromeOS](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md), and [Android](https://source.android.com/security/app-sandbox). Commonly used Linux sandboxing solutions such as [Flatpak](https://docs.flatpak.org/en/latest/sandbox-permissions.html) and [Firejail](https://firejail.wordpress.com/) still have a long way to go +- Strong [exploit mitigations](https://madaidans-insecurities.github.io/linux.html#exploit-mitigations) + +Despite these drawbacks, desktop Linux distributions are great if you want to: + +- Avoid telemetry that often comes with proprietary operating systems +- Maintain [software freedom](https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms) +- Have privacy focused systems such as [Whonix](https://www.whonix.org) or [Tails](https://tails.boum.org/) + +Our website generally uses the term “Linux” to describe desktop Linux distributions. Other operating systems which also use the Linux kernel such as ChromeOS, Android, and Qubes OS are not discussed here. + +[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button} + +## Choosing your distribution + +Not all Linux distributions are created equal. While our Linux recommendation page is not meant to be an authoritative source on which distribution you should use, there are a few things you should keep in mind when choosing which distribution to use. + +### Release cycle + +We highly recommend that you choose distributions which stay close to the stable upstream software releases, often referred to as rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates. + +For frozen distributions such as [Debian](https://www.debian.org/security/faq#handling), package maintainers are expected to backport patches to fix vulnerabilities rather than bump the software to the “next version” released by the upstream developer. Some security fixes [do not](https://arxiv.org/abs/2105.14565) receive a [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result minor security fixes are sometimes held back until the next major release. + +We don’t believe holding packages back and applying interim patches is a good idea, as it diverges from the way the developer might have intended the software to work. [Richard Brown](https://rootco.de/aboutme/) has a presentation about this: + +
    + +
    + +### Traditional vs Atomic updates + +Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian based distributions can be less reliable if an error occurs while updating. + +Atomic updating distributions apply updates in full or not at all. Typically, transactional update systems are also atomic. + +A transactional update system creates a snapshot that is made before and after an update is applied. If an update fails at any time (perhaps due to a power failure), the update can be easily rolled back to a “last known good state." + +The Atomic update method is used for immutable distributions like Silverblue, Tumbleweed, and NixOS and can achieve reliability with this model. [Adam Šamalík](https://twitter.com/adsamalik) provided a presentation on how `rpm-ostree` works with Silverblue: + +
    + +
    + +### “Security-focused” distributions + +There is often some confusion between “security-focused” distributions and “pentesting” distributions. A quick search for “the most secure Linux distribution” will often give results like Kali Linux, Black Arch and Parrot OS. These distributions are offensive penetration testing distributions that bundle tools for testing other systems. They don’t include any “extra security” or defensive mitigations intended for regular use. + +### Arch-based distributions + +Arch based distributions are not recommended for those new to Linux, (regardless of distribution) as they require regular [system maintenance](https://wiki.archlinux.org/title/System_maintenance). Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own. + +For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](https://en.wikipedia.org/wiki/Mandatory_access_control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). + +Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **must** be comfortable in auditing PKGBUILDs that they install from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/). AUR should always be used sparingly and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to use third-party Personal Package Archives (PPAs) on Debian based distributions or Community Projects (COPR) on Fedora. + +If you are experienced with Linux and wish to use an Arch-based distribution, we only recommend mainline Arch Linux, not any of its derivatives. We recommend against these two Arch derivatives specifically: + +- **Manjaro**: This distribution holds packages back for 2 weeks to make sure that their own changes don’t break, not to make sure that upstream is stable. When AUR packages are used, they are often built against the latest [libraries](https://en.wikipedia.org/wiki/Library_(computing)) from Arch’s repositories. +- **Garuda**: They use [Chaotic-AUR](https://aur.chaotic.cx/) which automatically and blindly compiles packages from the AUR. There is no verification process to make sure that the AUR packages don’t suffer from supply chain attacks. + +### Kicksecure + +While we strongly recommend against using outdated distributions like Debian, there is a Debian based operating system that has been hardened to be much more secure than typical Linux distributions: [Kicksecure](https://www.kicksecure.com/). Kicksecure, in oversimplified terms, is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default. + +### Linux-libre kernel and “Libre” distributions + +We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons. + +## General Recommendations + +### Drive Encryption + +Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device: + +- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) + +### Swap + +Consider using [ZRAM](https://wiki.archlinux.org/title/Swap#zram-generator) or [encrypted swap](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption) instead of unencrypted swap to avoid potential security issues with sensitive data being pushed to [swap space](https://en.wikipedia.org/wiki/Memory_paging). Fedora based distributions [use ZRAM by default](https://fedoraproject.org/wiki/Changes/SwapOnZRAM). + +### Wayland + +We recommend using a desktop environment that supports the [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) display protocol as it was developed with security [in mind](https://lwn.net/Articles/589147/). Its predecessor, [X11](https://en.wikipedia.org/wiki/X_Window_System), does not support GUI isolation, allowing all windows to [record screen, log and inject inputs in other windows](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), making any attempt at sandboxing futile. While there are options to do nested X11 such as [Xpra](https://en.wikipedia.org/wiki/Xpra) or [Xephyr](https://en.wikipedia.org/wiki/Xephyr), they often come with negative performance consequences and are not convenient to set up and are not preferable over Wayland. + +Fortunately, common environments such as [GNOME](https://www.gnome.org), [KDE](https://kde.org), and the window manager [Sway](https://swaywm.org) have support for Wayland. Some distributions like Fedora and Tumbleweed use it by default, and some others may do so in the future as X11 is in [hard maintenance mode](https://www.phoronix.com/scan.php?page=news_item&px=X.Org-Maintenance-Mode-Quickly). If you’re using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)). + +We recommend **against** using desktop environments or window managers that do not have Wayland support, such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3. + +### Proprietary Firmware (Microcode Updates) + +Linux distributions such as those which are [Linux-libre](https://en.wikipedia.org/wiki/Linux-libre) or DIY (Arch Linux) don’t come with the proprietary [microcode](https://en.wikipedia.org/wiki/Microcode) updates that often patch vulnerabilities. Some notable examples of these vulnerabilities include [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)), [Meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)), [SSB](https://en.wikipedia.org/wiki/Speculative_Store_Bypass), [Foreshadow](https://en.wikipedia.org/wiki/Foreshadow), [MDS](https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling), [SWAPGS](https://en.wikipedia.org/wiki/SWAPGS_(security_vulnerability)), and other [hardware vulnerabilities](https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html). + +We **highly recommend** that you install the microcode updates, as your CPU is already running the proprietary microcode from the factory. Fedora and openSUSE both have the microcode updates applied by default. + +### Updates + +Most Linux distributions will automatically install updates or remind you to do so. It is important to keep your OS up to date so that your software is patched when a vulnerability is found. + +Some distributions (particularly those aimed at advanced users) are more barebones and expect you to do things yourself (e.g. Arch or Debian). These will require running the "package manager" (`apt`, `pacman`, `dnf`, etc.) manually in order to receive important security updates. + +Additionally, some distributions will not download firmware updates automatically. For that you will need to install [`fwupd`](https://wiki.archlinux.org/title/Fwupd). + +## Privacy Tweaks + +### MAC Address Randomization + +Many desktop Linux distributions (Fedora, openSUSE, etc) will come with [NetworkManager](https://en.wikipedia.org/wiki/NetworkManager), to configure Ethernet and Wi-Fi settings. + +It is possible to [randomize](https://fedoramagazine.org/randomize-mac-address-nm/) the [MAC address](https://en.wikipedia.org/wiki/MAC_address) when using NetworkManager. This provides a bit more privacy on Wi-Fi networks as it makes it harder to track specific devices on the network you’re connected to. It does [**not**](https://papers.mathyvanhoef.com/wisec2016.pdf) make you anonymous. + +We recommend changing the setting to **random** instead of **stable**, as suggested in the [article](https://fedoramagazine.org/randomize-mac-address-nm/). + +If you are using [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancillary_components), you will need to set [`MACAddressPolicy=random`](https://www.freedesktop.org/software/systemd/man/systemd.link.html#MACAddressPolicy=) which will enable [RFC 7844 (Anonymity Profiles for DHCP Clients)](https://www.freedesktop.org/software/systemd/man/systemd.network.html#Anonymize=). + +There isn’t many points in randomizing the MAC address for Ethernet connections as a system administrator can find you by looking at the port you are using on the [network switch](https://en.wikipedia.org/wiki/Network_switch). Randomizing Wi-Fi MAC addresses depends on support from the Wi-Fi’s firmware. + +### Other Identifiers + +There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](../basics/threat-modeling.md): + +- **Hostnames:** Your system's hostname is shared with the networks you connect to. You should avoid including identifying terms like your name or operating system in your hostname, instead sticking to generic terms or random strings. +- **Usernames:** Similarly, your username is used in a variety of ways across your system. Consider using generic terms like "user" rather than your actual name. +- **Machine ID:**: During installation a unique machine ID is generated and stored on your device. Consider [setting it to a generic ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id). + +### System Counting + +The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting) how many unique systems access its mirrors by using a [`countme`](https://fedoraproject.org/wiki/Changes/DNF_Better_Counting#Detailed_Description) variable instead of a unique ID. Fedora does this to determine load and provision better servers for updates where necessary. + +This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. + +openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. diff --git a/i18n/ku/os/qubes-overview.md b/i18n/ku/os/qubes-overview.md new file mode 100644 index 00000000..17b286b9 --- /dev/null +++ b/i18n/ku/os/qubes-overview.md @@ -0,0 +1,55 @@ +--- +title: "Qubes Overview" +icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. +--- + +[**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). + +## How does Qubes OS work? + +Qubes uses [compartmentalization](https://www.qubes-os.org/intro/) to keep the system secure. Qubes are created from templates, the defaults being for Fedora, Debian and [Whonix](../desktop.md#whonix). Qubes OS also allows you to create once-use [disposable](https://www.qubes-os.org/doc/how-to-use-disposables/) virtual machines. + +![Qubes architecture](../assets/img/qubes/qubes-trust-level-architecture.png) +
    Qubes Architecture, Credit: What is Qubes OS Intro
    + +Each Qubes application has a [colored border](https://www.qubes-os.org/screenshots/) that can help you keep track of the virtual machine it is running in. You could, for example, use a specific color for your banking browser, while using a different color for a general untrusted browser. + +![Colored border](../assets/img/qubes/r4.0-xfce-three-domains-at-work.png) +
    Qubes window borders, Credit: Qubes Screenshots
    + +## Why Should I use Qubes? + +Qubes OS is useful if your [threat model](../basics/threat-modeling.md) requires strong compartmentalization and security, such as if you think you'll be opening untrusted files from untrusted sources. A typical reason for using Qubes OS is to open documents from unknown sources. + +Qubes OS utilizes [Dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM (i.e., an "AdminVM") for controlling other guest VMs or Qubes on the host OS. Other VMs display individual application windows within Dom0's desktop environment. It allows you to color code windows based on trust levels and run apps that can interact with each other with very granular control. + +### Copying and Pasting Text + +You can [copy and paste text](https://www.qubes-os.org/doc/how-to-copy-and-paste-text/) using `qvm-copy-to-vm` or the below instructions: + +1. Press **Ctrl+C** to tell the VM you're in that you want to copy something. +2. Press **Ctrl+Shift+C** to tell the VM to make this buffer available to the global clipboard. +3. Press **Ctrl+Shift+V** in the destination VM to make the global clipboard available. +4. Press **Ctrl+V** in the destination VM to paste the contents in the buffer. + +### File Exchange + +To copy and paste files and directories (folders) from one VM to another, you can use the option **Copy to Other AppVM...** or **Move to Other AppVM...**. The difference is that the **Move** option will delete the original file. Either option will protect your clipboard from being leaked to any other Qubes. This is more secure than air-gapped file transfer because an air-gapped computer will still be forced to parse partitions or file systems. That is not required with the inter-qube copy system. + +??? info "AppVMs or qubes do not have their own file systems" + + You can [copy and move files](https://www.qubes-os.org/doc/how-to-copy-and-move-files/) between Qubes. When doing so the changes aren't immediately made and can be easily undone in case of an accident. + +### Inter-VM Interactions + +The [qrexec framework](https://www.qubes-os.org/doc/qrexec/) is a core part of Qubes which allows virtual machine communication between domains. It is built on top of the Xen library *vchan*, which facilitates [isolation through policies](https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/). + +## Additional Resources + +For additional information we encourage you to consult the extensive Qubes OS documentation pages located on the [Qubes OS Website](https://www.qubes-os.org/doc/). Offline copies can be downloaded from the Qubes OS [documentation repository](https://github.com/QubesOS/qubes-doc). + +- Open Technology Fund: [*Arguably the world's most secure operating system*](https://www.opentech.fund/news/qubes-os-arguably-the-worlds-most-secure-operating-system-motherboard/) +- J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) +- J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) +- Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) diff --git a/i18n/ku/passwords.md b/i18n/ku/passwords.md new file mode 100644 index 00000000..e81f1186 --- /dev/null +++ b/i18n/ku/passwords.md @@ -0,0 +1,229 @@ +--- +title: "Password Managers" +icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. +--- + +Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. + +[Introduction to Passwords :material-arrow-right-drop-circle:](./basics/passwords-overview.md) + +!!! info + + Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features standalone offerings have. + + For example, the password manager in Microsoft Edge doesn't offer E2EE at all. Google's password manager has [optional](https://support.google.com/accounts/answer/11350823) E2EE, and [Apple's](https://support.apple.com/en-us/HT202303) offers E2EE by default. + +## Cloud-based + +These password managers sync your passwords to a cloud server for easy accessibility from all your devices and safety against device loss. + +### Bitwarden + +!!! recommendation + + ![Bitwarden logo](assets/img/password-management/bitwarden.svg){ align=right } + + **Bitwarden** is a free and open-source password manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the best and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices. + + [:octicons-home-16: Homepage](https://bitwarden.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://bitwarden.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://bitwarden.com/help/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/bitwarden){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden) + - [:simple-appstore: App Store](https://apps.apple.com/app/bitwarden-password-manager/id1137397744) + - [:simple-github: GitHub](https://github.com/bitwarden/mobile/releases) + - [:simple-windows11: Windows](https://bitwarden.com/download) + - [:simple-linux: Linux](https://bitwarden.com/download) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/com.bitwarden.desktop) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb) + - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh) + +Bitwarden also features [Bitwarden Send](https://bitwarden.com/products/send/), which allows you to share text and files securely with [end-to-end encryption](https://bitwarden.com/help/send-encryption). A [password](https://bitwarden.com/help/send-privacy/#send-passwords) can be required along with the send link. Bitwarden Send also features [automatic deletion](https://bitwarden.com/help/send-lifespan). + +You need the [Premium Plan](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) to be able to share files. The free plan only allows text sharing. + +Bitwarden's server-side code is [open-source](https://github.com/bitwarden/server), so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server. + +**Vaultwarden** is an alternative implementation of Bitwarden's sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal. If you are looking to self-host Bitwarden on your own server, you almost certainly want to use Vaultwarden over Bitwarden's official server code. + +[:octicons-repo-16: Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden ""){.md-button} [:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title=Documentation} +[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" } +[:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title=Contribute } + +### 1Password + +!!! recommendation + + ![1Password logo](assets/img/password-management/1password.svg){ align=right } + + **1Password** is a password manager with a strong focus on security and ease-of-use, which allows you to store passwords, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up/). 1Password is [audited](https://support.1password.com/security-assessments/) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf). + + [:octicons-home-16: Homepage](https://1password.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://support.1password.com/1password-privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.1password.com/){ .card-link title=Documentation} + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.onepassword.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1511601750?mt=8) + - [:simple-windows11: Windows](https://1password.com/downloads/windows/) + - [:simple-apple: macOS](https://1password.com/downloads/mac/) + - [:simple-linux: Linux](https://1password.com/downloads/linux/) + +Traditionally, **1Password** has offered the best password manager user experience for people using macOS and iOS; however, it has now achieved feature-parity across all platforms. It boasts many features geared towards families and less technical people, as well as advanced functionality. + +Your 1Password vault is secured with both your master password and a randomized 34-character security key to encrypt your data on their servers. This security key adds a layer of protection to your data because your data is secured with high entropy regardless of your master password. Many other password manager solutions are entirely reliant on the strength of your master password to secure your data. + +One advantage 1Password has over Bitwarden is its first-class support for native clients. While Bitwarden relegates many duties, especially account management features, to their web vault interface, 1Password makes nearly every feature available within its native mobile or desktop clients. 1Password's clients also have a more intuitive UI, which makes them easier to use and navigate. + +### Psono + +!!! recommendation + + ![Psono logo](assets/img/password-management/psono.svg){ align=right } + + **Psono** is a free and open-source password manager from Germany, with a focus on password management for teams. Psono supports secure sharing of passwords, files, bookmarks, and emails. All secrets are protected by a master password. + + [:octicons-home-16: Homepage](https://psono.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://psono.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://doc.psono.com){ .card-link title=Documentation} + [:octicons-code-16:](https://gitlab.com/psono){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.psono.psono) + - [:simple-appstore: App Store](https://apps.apple.com/us/app/psono-password-manager/id1545581224) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/psono-pw-password-manager) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/psonopw-password-manager/eljmjmgjkbmpmfljlmklcfineebidmlo) + - [:simple-docker: Docker Hub](https://hub.docker.com/r/psono/psono-client) + +Psono provides extensive documentation for their product. The web-client for Psono can be self-hosted; alternatively, you can choose the full Community Edition or the Enterprise Edition with additional features. + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +#### Minimum Requirements + +- Must utilize strong, standards-based/modern E2EE. +- Must have thoroughly documented encryption and security practices. +- Must have a published audit from a reputable, independent third-party. +- All non-essential telemetry must be optional. +- Must not collect more PII than is necessary for billing purposes. + +#### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Telemetry should be opt-in (disabled by default) or not collected at all. +- Should be open-source and reasonably self-hostable. + +## Local Storage + +These options allow you to manage an encrypted password database locally. + +### KeePassXC + +!!! recommendation + + ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ align=right } + + **KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal to extend and improve it with new features and bugfixes to provide a feature-rich, cross-platform and modern open-source password manager. + + [:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://keepassxc.org/docs/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/keepassxreboot/keepassxc){ .card-link title="Source Code" } + [:octicons-heart-16:](https://keepassxc.org/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://keepassxc.org/download/#windows) + - [:simple-apple: macOS](https://keepassxc.org/download/#mac) + - [:simple-linux: Linux](https://keepassxc.org/download/#linux) + - [:simple-flathub: Flatpak](https://flathub.org/apps/details/org.keepassxc.KeePassXC) + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk) + +KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. This may mean data loss if you import this file into another password manager. We advise you check each record manually. + +### KeePassDX (Android) + +!!! recommendation + + ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ align=right } + + **KeePassDX** is a lightweight password manager for Android, allows editing encrypted data in a single file in KeePass format and can fill in the forms in a secure way. [Contributor Pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) allows unlocking cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development. + + [:octicons-home-16: Homepage](https://www.keepassdx.com){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/Kunzisoft/KeePassDX){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.keepassdx.com/#donation){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free) + - [:simple-github: GitHub](https://github.com/Kunzisoft/KeePassDX/releases) + +### Strongbox (iOS & macOS) + +!!! recommendation + + ![Strongbox logo](assets/img/password-management/strongbox.svg){ align=right } + + **Strongbox** is a native, open-source password manager for iOS and macOS. Supporting both KeePass and Password Safe formats, Strongbox can be used in tandem with other password managers, like KeePassXC, on non-Apple platforms. By employing a [freemium model](https://strongboxsafe.com/pricing/), Strongbox offers most features under its free tier with more convenience-oriented [features](https://strongboxsafe.com/comparison/)—such as biometric authentication—locked behind a subscription or perpetual license. + + [:octicons-home-16: Homepage](https://strongboxsafe.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://strongboxsafe.com/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://strongboxsafe.com/getting-started/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/strongbox-password-safe/Strongbox){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/strongbox-password-safe/Strongbox#supporting-development){ .card-link title=Contribute } + + ??? downloads + + - [:simple-appstore: App Store](https://apps.apple.com/app/strongbox-keepass-pwsafe/id897283731) + +Additionally, there is an offline-only version offered: [Strongbox Zero](https://apps.apple.com/app/strongbox-keepass-pwsafe/id1581589638). This version is stripped down in an attempt to reduce attack surface. + +### Command-line + +These products are minimal password managers that can be used within scripting applications. + +#### gopass + +!!! recommendation + + ![gopass logo](assets/img/password-management/gopass.svg){ align=right } + + **gopass** is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, macOS, BSD, Windows). + + [:octicons-home-16: Homepage](https://www.gopass.pw){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/gopasspw/gopass/tree/master/docs){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/gopasspw/gopass){ .card-link title="Source Code" } + [:octicons-heart-16:](https://github.com/sponsors/dominikschulz){ .card-link title=Contribute } + + ??? downloads + + - [:simple-windows11: Windows](https://www.gopass.pw/#install-windows) + - [:simple-apple: macOS](https://www.gopass.pw/#install-macos) + - [:simple-linux: Linux](https://www.gopass.pw/#install-linux) + - [:simple-freebsd: FreeBSD](https://www.gopass.pw/#install-bsd) + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Must be cross-platform. diff --git a/i18n/ku/productivity.md b/i18n/ku/productivity.md new file mode 100644 index 00000000..4490325d --- /dev/null +++ b/i18n/ku/productivity.md @@ -0,0 +1,155 @@ +--- +title: "Productivity Tools" +icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. +--- + +Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. + +## Collaboration Platforms + +### Nextcloud + +!!! recommendation + + ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ align=right } + + **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. + + [:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" } + [:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102) + - [:simple-github: GitHub](https://github.com/nextcloud/android/releases) + - [:simple-windows11: Windows](https://nextcloud.com/install/#install-clients) + - [:simple-apple: macOS](https://nextcloud.com/install/#install-clients) + - [:simple-linux: Linux](https://nextcloud.com/install/#install-clients) + - [:simple-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud) + +!!! danger + + We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers. + +### CryptPad + +!!! recommendation + + ![CryptPad logo](assets/img/productivity/cryptpad.svg){ align=right } + + **CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily. + + [:octicons-home-16: Homepage](https://cryptpad.fr){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.cryptpad.fr/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" } + [:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Contribute } + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +In general, we define collaboration platforms as full-fledged suites which could reasonably act as a replacement to collaboration platforms like Google Drive. + +- Open-source. +- Makes files accessible via WebDAV unless it is impossible due to E2EE. +- Has sync clients for Linux, macOS, and Windows. +- Supports document and spreadsheet editing. +- Supports real-time document collaboration. +- Supports exporting documents to standard document formats (e.g. ODF). + +#### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Should store files in a conventional filesystem. +- Should support TOTP or FIDO2 multi-factor authentication support, or Passkey logins. + +## Office Suites + +### LibreOffice + +!!! recommendation + + ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ align=right } + + **LibreOffice** is a free and open-source office suite with extensive functionality. + + [:octicons-home-16: Homepage](https://www.libreoffice.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.libreoffice.org/about-us/privacy/privacy-policy-en/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://documentation.libreoffice.org/en/english-documentation/){ .card-link title=Documentation} + [:octicons-code-16:](https://www.libreoffice.org/about-us/source-code){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.libreoffice.org/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://www.libreoffice.org/download/android-and-ios/) + - [:simple-appstore: App Store](https://www.libreoffice.org/download/android-and-ios/) + - [:simple-windows11: Windows](https://www.libreoffice.org/download/download/) + - [:simple-apple: macOS](https://www.libreoffice.org/download/download/) + - [:simple-linux: Linux](https://www.libreoffice.org/download/download/) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.libreoffice.LibreOffice) + - [:simple-freebsd: FreeBSD](https://www.freshports.org/editors/libreoffice/) + +### OnlyOffice + +!!! recommendation + + ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ align=right } + + **OnlyOffice** is a cloud-based free and open-source office suite with extensive functionality, including integration with Nextcloud. + + [:octicons-home-16: Homepage](https://www.onlyoffice.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://help.onlyoffice.com/products/files/doceditor.aspx?fileid=5048502&doc=SXhWMEVzSEYxNlVVaXJJeUVtS0kyYk14YWdXTEFUQmRWL250NllHNUFGbz0_IjUwNDg1MDIi0){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://helpcenter.onlyoffice.com/userguides.aspx){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ONLYOFFICE){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.onlyoffice.documents) + - [:simple-appstore: App Store](https://apps.apple.com/app/id944896972) + - [:simple-windows11: Windows](https://www.onlyoffice.com/download-desktop.aspx) + - [:simple-apple: macOS](https://www.onlyoffice.com/download-desktop.aspx) + - [:simple-linux: Linux](https://www.onlyoffice.com/download-desktop.aspx) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.onlyoffice.desktopeditors) + - [:simple-freebsd: FreeBSD](https://www.freshports.org/www/onlyoffice-documentserver/) + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +In general, we define office suites as applications which could reasonably act as a replacement for Microsoft Word for most needs. + +- Must be cross-platform. +- Must be open-source software. +- Must function offline. +- Must support editing documents, spreadsheets, and slideshows. +- Must export files to standard document formats. + +## Paste services + +### PrivateBin + +!!! recommendation + + ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** is a minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256-bit AES. It is the improved version of ZeroBin. There is a [list of instances](https://privatebin.info/directory/). + + [:octicons-home-16: Homepage](https://privatebin.info){ .md-button .md-button--primary } + [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} + [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } diff --git a/i18n/ku/real-time-communication.md b/i18n/ku/real-time-communication.md new file mode 100644 index 00000000..68f9d767 --- /dev/null +++ b/i18n/ku/real-time-communication.md @@ -0,0 +1,194 @@ +--- +title: "Real-Time Communication" +icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. +--- + +These are our recommendations for encrypted real-time communication. + +[Types of Communication Networks :material-arrow-right-drop-circle:](./advanced/communication-network-types.md) + +## Encrypted Messengers + +These messengers are great for securing your sensitive communications. + +### Signal + +!!! recommendation + + ![Signal logo](assets/img/messengers/signal.svg){ align=right } + + **Signal** is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling. + + All communications are E2EE. Contact lists are encrypted using your Signal PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts you chat with. + + [:octicons-home-16: Homepage](https://signal.org/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://signal.org/legal/#privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.signal.org/hc/en-us){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/signalapp){ .card-link title="Source Code" } + [:octicons-heart-16:](https://signal.org/donate/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms) + - [:simple-appstore: App Store](https://apps.apple.com/app/id874139669) + - [:simple-android: Android](https://signal.org/android/apk/) + - [:simple-windows11: Windows](https://signal.org/download/windows) + - [:simple-apple: macOS](https://signal.org/download/macos) + - [:simple-linux: Linux](https://signal.org/download/linux) + +Signal supports [private groups](https://signal.org/blog/signal-private-group-system/). The server has no record of your group memberships, group titles, group avatars, or group attributes. Signal has minimal metadata when [Sealed Sender](https://signal.org/blog/sealed-sender/) is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server. Sealed Sender is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam. Signal requires your phone number as a personal identifier. + +The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf) in 2016. The specification for the Signal protocol can be found in their [documentation](https://signal.org/docs/). + +We have some additional tips on configuring and hardening your Signal installation: + +[Signal Configuration and Hardening :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) + +### SimpleX Chat + +!!! recommendation + + ![Simplex logo](assets/img/messengers/simplex.svg){ align=right } + + **SimpleX** Chat is an instant messenger that is decentralized and doesn't depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations. + + [:octicons-home-16: Homepage](https://simplex.chat){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/simplex-chat/simplex-chat/blob/stable/PRIVACY.md){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/simplex-chat/simplex-chat/tree/stable/docs){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/simplex-chat){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=chat.simplex.app) + - [:simple-appstore: App Store](https://apps.apple.com/us/app/simplex-chat/id1605771084) + - [:simple-github: GitHub](https://github.com/simplex-chat/simplex-chat/releases) + +SimpleX Chat [was audited](https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html) by Trail of Bits in October 2022. + +Currently SimpleX Chat only provides a client for Android and iOS. Basic group chatting functionality, direct messaging, editing of messages and markdown are supported. E2EE Audio and Video calls are also supported. + +Your data can be exported, and imported onto another device, as there are no central servers where this is backed up. + +### Briar + +!!! recommendation + + ![Briar logo](assets/img/messengers/briar.svg){ align=right } + + **Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works/) to other clients using the Tor Network. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briar’s local mesh mode can be useful when internet availability is a problem. + + [:octicons-home-16: Homepage](https://briarproject.org/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://briarproject.org/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://code.briarproject.org/briar/briar/-/wikis/home){ .card-link title=Documentation} + [:octicons-code-16:](https://code.briarproject.org/briar/briar){ .card-link title="Source Code" } + [:octicons-heart-16:](https://briarproject.org/){ .card-link title="Donation options are listed on the bottom of the homepage" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.briarproject.briar.android) + - [:simple-windows11: Windows](https://briarproject.org/download-briar-desktop/) + - [:simple-linux: Linux](https://briarproject.org/download-briar-desktop/) + - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.briarproject.Briar) + +To add a contact on Briar, you must both add each other first. You can either exchange `briar://` links or scan a contact’s QR code if they are nearby. + +The client software was independently [audited](https://briarproject.org/news/2017-beta-released-security-audit/), and the anonymous routing protocol uses the Tor network which has also been audited. + +Briar has a fully [published specification](https://code.briarproject.org/briar/briar-spec). + +Briar supports perfect forward secrecy by using the Bramble [Handshake](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BHP.md) and [Transport](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) protocol. + +## Additional Options + +!!! warning + + These messengers do not have Perfect [Forward Secrecy](https://en.wikipedia.org/wiki/Forward_secrecy) (PFS), and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of **all** past communications. + +### Element + +!!! recommendation + + ![Element logo](assets/img/messengers/element.svg){ align=right } + + **Element** is the reference client for the [Matrix](https://matrix.org/docs/guides/introduction) protocol, an [open standard](https://matrix.org/docs/spec) for secure decentralized real-time communication. + + Messages and files shared in private rooms (those which require an invite) are by default E2EE as are one to one voice and video calls. + + [:octicons-home-16: Homepage](https://element.io/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://element.io/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://element.io/help){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/vector-im){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=im.vector.app) + - [:simple-appstore: App Store](https://apps.apple.com/app/vector/id1083446067) + - [:simple-github: GitHub](https://github.com/vector-im/element-android/releases) + - [:simple-windows11: Windows](https://element.io/get-started) + - [:simple-apple: macOS](https://element.io/get-started) + - [:simple-linux: Linux](https://element.io/get-started) + - [:octicons-globe-16: Web](https://app.element.io) + +Profile pictures, reactions, and nicknames are not encrypted. + +Group voice and video calls are [not](https://github.com/vector-im/element-web/issues/12878) E2EE, and use Jitsi, but this is expected to change with [Native Group VoIP Signalling](https://github.com/matrix-org/matrix-doc/pull/3401). Group calls have [no authentication](https://github.com/vector-im/element-web/issues/13074) currently, meaning that non-room participants can also join the calls. We recommend that you do not use this feature for private meetings. + +The Matrix protocol itself [theoretically supports PFS](https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#partial-forward-secrecy), however this is [not currently supported in Element](https://github.com/vector-im/element-web/issues/7101) due to it breaking some aspects of the user experience such as key backups and shared message history. + +The protocol was independently [audited](https://matrix.org/blog/2016/11/21/matrixs-olm-end-to-end-encryption-security-assessment-released-and-implemented-cross-platform-on-riot-at-last) in 2016. The specification for the Matrix protocol can be found in their [documentation](https://spec.matrix.org/latest/). The [Olm](https://matrix.org/docs/projects/other/olm) cryptographic ratchet used by Matrix is an implementation of Signal’s [Double Ratchet algorithm](https://signal.org/docs/specifications/doubleratchet/). + +### Session + +!!! recommendation + + ![Session logo](assets/img/messengers/session.svg){ align=right } + + **Session** is a decentralized messenger with a focus on private, secure, and anonymous communications. Session offers support for direct messages, group chats, and voice calls. + + Session uses the decentralized [Oxen Service Node Network](https://oxen.io/) to store and route messages. Every encrypted message is routed through three nodes in the Oxen Service Node Network, making it virtually impossible for the nodes to compile meaningful information on those using the network. + + [:octicons-home-16: Homepage](https://getsession.org/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://getsession.org/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://getsession.org/faq){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/oxen-io){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=network.loki.messenger) + - [:simple-appstore: App Store](https://apps.apple.com/app/id1470168868) + - [:simple-github: GitHub](https://github.com/oxen-io/session-android/releases) + - [:simple-windows11: Windows](https://getsession.org/download) + - [:simple-apple: macOS](https://getsession.org/download) + - [:simple-linux: Linux](https://getsession.org/download) + +Session allows for E2EE in one-on-one chats or closed groups which allow for up to 100 members. Open groups have no restriction on the number of members, but are open by design. + +Session does [not](https://getsession.org/blog/session-protocol-technical-information) support PFS, which is when an encryption system automatically and frequently changes the keys it uses to encrypt and decrypt information, such that if the latest key is compromised it exposes a smaller portion of sensitive information. + +Oxen requested an independent audit for Session in March of 2020. The audit [concluded](https://getsession.org/session-code-audit) in April of 2021, “The overall security level of this application is good and makes it usable for privacy-concerned people.” + +Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technicals of the app and protocol. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Must have open-source clients. +- Must use E2EE for private messages by default. +- Must support E2EE for all messages. +- Must have been independently audited. + +### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Should have Perfect Forward Secrecy. +- Should have open-source servers. +- Should be decentralized, i.e. federated or P2P. +- Should use E2EE for all messages by default. +- Should support Linux, macOS, Windows, Android, and iOS. diff --git a/i18n/ku/router.md b/i18n/ku/router.md new file mode 100644 index 00000000..a494c017 --- /dev/null +++ b/i18n/ku/router.md @@ -0,0 +1,50 @@ +--- +title: "Router Firmware" +icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. +--- + +Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. + +## OpenWrt + +!!! recommendation + + ![OpenWrt logo](assets/img/router/openwrt.svg#only-light){ align=right } + ![OpenWrt logo](assets/img/router/openwrt-dark.svg#only-dark){ align=right } + + **OpenWrt** is a Linux-based operating system; it's primarily used on embedded devices to route network traffic. It includes util-linux, uClibc, and BusyBox. All of the components have been optimized for home routers. + + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/openwrt/openwrt){ .card-link title="Source Code" } + [:octicons-heart-16:](https://openwrt.org/donate){ .card-link title=Contribute } + +You can consult OpenWrt's [table of hardware](https://openwrt.org/toh/start) to check if your device is supported. + +## OPNsense + +!!! recommendation + + ![OPNsense logo](assets/img/router/opnsense.svg){ align=right } + + **OPNsense** is an open source, FreeBSD-based firewall and routing platform which incorporates many advanced features such as traffic shaping, load balancing, and VPN capabilities, with many more features available in the form of plugins. OPNsense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and VPN endpoint. + + [:octicons-home-16: Homepage](https://opnsense.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://docs.opnsense.org/index.html){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/opnsense){ .card-link title="Source Code" } + [:octicons-heart-16:](https://opnsense.org/donate/){ .card-link title=Contribute } + +OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.org/wiki/PfSense), and both projects are noted for being free and reliable firewall distributions which offer features often only found in expensive commercial firewalls. Launched in 2015, the developers of OPNsense [cited](https://docs.opnsense.org/history/thefork.html) a number of security and code-quality issues with pfSense which they felt necessitated a fork of the project, as well as concerns about Netgate's majority acquisition of pfSense and the future direction of the pfSense project. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Must be open source. +- Must receive regular updates. +- Must support a wide variety of hardware. diff --git a/i18n/ku/search-engines.md b/i18n/ku/search-engines.md new file mode 100644 index 00000000..911525d7 --- /dev/null +++ b/i18n/ku/search-engines.md @@ -0,0 +1,108 @@ +--- +title: "Search Engines" +icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. +--- + +Use a search engine that doesn't build an advertising profile based on your searches. + +The recommendations here are based on the merits of each service's privacy policy. There is **no guarantee** that these privacy policies are honored. + +Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org/) if your threat model requires hiding your IP address from the search provider. + +## Brave Search + +!!! recommendation + + ![Brave Search logo](assets/img/search-engines/brave-search.svg){ align=right } + + **Brave Search** is developed by Brave and serves results primarily from its own, independent index. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives. + + Brave Search includes unique features such as Discussions, which highlights conversation-focused results—such as forum posts. + + We recommend you disable [Anonymous usage metrics](https://search.brave.com/help/usage-metrics) as it is enabled by default and can be disabled within settings. + + [:octicons-home-16: Homepage](https://search.brave.com/){ .md-button .md-button--primary } + [:simple-torbrowser:](https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://search.brave.com/help/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://search.brave.com/help){ .card-link title=Documentation} + +Brave Search is based in the United States. Their [privacy policy](https://search.brave.com/help/privacy-policy) states they collect aggregated usage metrics, which includes the operating system and browser in use, however no personally identifiable information is collected. IP addresses are temporarily processed, but are not retained. + +## DuckDuckGo + +!!! recommendation + + ![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg){ align=right } + + **DuckDuckGo** is one of the more mainstream private search engine options. Notable DuckDuckGo search features include [bangs](https://duckduckgo.com/bang) and many [instant answers](https://help.duckduckgo.com/duckduckgo-help-pages/features/instant-answers-and-other-features/). The search engine relies on a commercial Bing API to serve most results, but it does use numerous [other sources](https://help.duckduckgo.com/results/sources/) for instant answers and other non-primary results. + + DuckDuckGo is the default search engine for the Tor Browser and is one of the few available options on Apple’s Safari browser. + + [:octicons-home-16: Homepage](https://duckduckgo.com){ .md-button .md-button--primary } + [:simple-torbrowser:](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://duckduckgo.com/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://help.duckduckgo.com/){ .card-link title=Documentation} + +DuckDuckGo is based in the United States. Their [privacy policy](https://duckduckgo.com/privacy) states they **do** log your searches for product improvement purposes, but not your IP address or any other personally identifying information. + +DuckDuckGo offers two [other versions](https://help.duckduckgo.com/features/non-javascript/) of their search engine, both of which do not require JavaScript. These versions do lack features, however. These versions can also be used in conjunction with their [Tor onion address](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/) by appending [/lite](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/lite) or [/html](https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/html) for the respective version. + +## SearXNG + +!!! recommendation + + ![SearXNG logo](assets/img/search-engines/searxng.svg){ align=right } + + **SearXNG** is an open-source, self-hostable, metasearch engine, aggregating the results of other search engines while not storing any information itself. It is an actively maintained fork of [SearX](https://github.com/searx/searx). + + [:octicons-home-16: Homepage](https://searxng.org){ .md-button .md-button--primary } + [:octicons-server-16:](https://searx.space/){ .card-link title="Public Instances"} + [:octicons-code-16:](https://github.com/searxng/searxng){ .card-link title="Source Code" } + +SearXNG is a proxy between you and the search engines it aggregates from. Your search queries will still be sent to the search engines that SearXNG gets its results from. + +When self-hosting, it is important that you have other people using your instance so that the queries would blend in. You should be careful with where and how you are hosting SearXNG, as people looking up illegal content on your instance could draw unwanted attention from authorities. + +When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII. + +## Startpage + +!!! recommendation + + ![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ align=right } + ![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ align=right } + + **Startpage** is a private search engine known for serving Google search results. One of Startpage's unique features is the [Anonymous View](https://www.startpage.com/en/anonymous-view/), which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding [some](https://support.startpage.com/hc/en-us/articles/4455540212116-The-Anonymous-View-Proxy-technical-details) network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity. If you are looking for anonymity, use the [Tor Browser](tor.md#tor-browser) instead. + + [:octicons-home-16: Homepage](https://www.startpage.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.startpage.com/hc/en-us/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation} + +!!! warning + + Startpage regularly limits service access to certain IP addresses, such as IPs reserved for VPNs or Tor. [DuckDuckGo](#duckduckgo) and [Brave Search](#brave-search) are friendlier options if your threat model requires hiding your IP address from the search provider. + +Startpage is based in the Netherlands. According to their [privacy policy](https://www.startpage.com/en/privacy-policy/), they log details such as: operating system, type of browser, and language. They do not log your IP address, search queries, or other personally identifying information. + +Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service. We were satisfied with the answers we received. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +### Minimum Requirements + +- Must not collect personally identifiable information per their privacy policy. +- Must not allow users to create an account with them. + +### Best-Case + +Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. + +- Should be based on open-source software. +- Should not block Tor exit node IP addresses. diff --git a/i18n/ku/tools.md b/i18n/ku/tools.md new file mode 100644 index 00000000..ef945a94 --- /dev/null +++ b/i18n/ku/tools.md @@ -0,0 +1,475 @@ +--- +title: "Privacy Tools" +icon: material/tools +hide: + - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. +--- + +If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. + +If you want assistance figuring out the best privacy tools and alternative programs for your needs, start a discussion on our [forum](https://discuss.privacyguides.net/) or our [Matrix](https://matrix.to/#/#privacyguides:matrix.org) community! + +For more details about each project, why they were chosen, and additional tips or tricks we recommend, click the "Learn more" link in each section, or click on the recommendation itself to be taken to that specific section of the page. + +## Tor Network + +
    + +- ![Tor Browser logo](assets/img/browsers/tor.svg){ .twemoji } [Tor Browser](tor.md#tor-browser) +- ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ .twemoji } [Orbot (Smartphone Tor Proxy)](tor.md#orbot) +- ![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ .twemoji }![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ .twemoji } [Snowflake](tor.md#snowflake) (1) + +
    + +1. Snowflake does not increase privacy, however it allows you to easily contribute to the Tor network and help people in censored networks achieve better privacy. + +[Learn more :material-arrow-right-drop-circle:](tor.md) + +## Desktop Web Browsers + +
    + +- ![Firefox logo](assets/img/browsers/firefox.svg){ .twemoji } [Firefox](desktop-browsers.md#firefox) +- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave](desktop-browsers.md#brave) + +
    + +[Learn more :material-arrow-right-drop-circle:](desktop-browsers.md) + +### Additional Resources + +
    + +- ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](desktop-browsers.md#ublock-origin) + +
    + +[Learn more :material-arrow-right-drop-circle:](desktop-browsers.md#additional-resources) + +## Mobile Web Browsers + +
    + +- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave (Android)](mobile-browsers.md#brave) +- ![Safari logo](assets/img/browsers/safari.svg){ .twemoji } [Safari (iOS)](mobile-browsers.md#safari) + +
    + +[Learn more :material-arrow-right-drop-circle:](mobile-browsers.md) + +### Additional Resources + +
    + +- ![AdGuard logo](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard for iOS](mobile-browsers.md#adguard) + +
    + +[Learn more :material-arrow-right-drop-circle:](mobile-browsers.md#adguard) + +## Operating Systems + +### Mobile + +
    + +- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ .twemoji } [GrapheneOS](android.md#grapheneos) +- ![DivestOS logo](assets/img/android/divestos.svg){ .twemoji } [DivestOS](android.md#divestos) + +
    + +[Learn more :material-arrow-right-drop-circle:](android.md) + +#### Android Apps + +
    + +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) +- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) +- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) +- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer) + +
    + +[Learn more :material-arrow-right-drop-circle:](android.md#general-apps) + +### Desktop/PC + +
    + +- ![Qubes OS logo](assets/img/qubes/qubes_os.svg){ .twemoji } [Qubes OS (Xen VM Distribution)](desktop.md#qubes-os) +- ![Fedora logo](assets/img/linux-desktop/fedora-workstation.svg){ .twemoji } [Fedora Workstation](desktop.md#fedora-workstation) +- ![openSUSE Tumbleweed logo](assets/img/linux-desktop/opensuse-tumbleweed.svg){ .twemoji } [OpenSUSE Tumbleweed](desktop.md#opensuse-tumbleweed) +- ![Arch logo](assets/img/linux-desktop/archlinux.svg){ .twemoji } [Arch Linux](desktop.md#arch-linux) +- ![Fedora Silverblue logo](assets/img/linux-desktop/fedora-silverblue.svg){ .twemoji } [Fedora Silverblue & Kinoite](desktop.md#fedora-silverblue) +- ![nixOS logo](assets/img/linux-desktop/nixos.svg){ .twemoji } [NixOS](desktop.md#nixos) +- ![Whonix logo](assets/img/linux-desktop/whonix.svg){ .twemoji } [Whonix (Tor)](desktop.md#whonix) +- ![Tails logo](assets/img/linux-desktop/tails.svg){ .twemoji } [Tails (Live Boot)](desktop.md#tails) + +
    + +[Learn more :material-arrow-right-drop-circle:](desktop.md) + +### Router Firmware + +
    + +- ![OpenWrt logo](assets/img/router/openwrt.svg#only-light){ .twemoji }![OpenWrt logo](assets/img/router/openwrt-dark.svg#only-dark){ .twemoji } [OpenWrt](router.md#openwrt) +- ![OPNsense logo](assets/img/router/opnsense.svg){ .twemoji } [OPNsense](router.md#opnsense) + +
    + +[Learn more :material-arrow-right-drop-circle:](router.md) + +## Service Providers + +### Cloud Storage + +
    + +- ![Proton Drive logo](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive) + +
    + +[Learn more :material-arrow-right-drop-circle:](cloud.md) + +### DNS + +#### DNS Providers + +We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers based on a variety of criteria, such as [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) and [Quad9](https://quad9.net/) amongst others. We recommend for you to read our pages on DNS before choosing a provider. In many cases, using an alternative DNS provider is not recommended. + +[Learn more :material-arrow-right-drop-circle:](dns.md) + +#### Encrypted DNS Proxies + +
    + +- ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ .twemoji }![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ .twemoji } [RethinkDNS](dns.md#rethinkdns) +- ![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ .twemoji } [dnscrypt-proxy](dns.md#dnscrypt-proxy) + +
    + +[Learn more :material-arrow-right-drop-circle:](dns.md#encrypted-dns-proxies) + +#### Self-hosted Solutions + +
    + +- ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ .twemoji } [AdGuard Home](dns.md#adguard-home) +- ![Pi-hole logo](assets/img/dns/pi-hole.svg){ .twemoji } [Pi-hole](dns.md#pi-hole) + +
    + +[Learn more :material-arrow-right-drop-circle:](dns.md#self-hosted-solutions) + +### Email + +
    + +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
    + +[Learn more :material-arrow-right-drop-circle:](email.md) + +#### Email Aliasing Services + +
    + +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
    + +[Learn more :material-arrow-right-drop-circle:](email.md#email-aliasing-services) + +#### Self-Hosting Email + +
    + +- ![mailcow logo](assets/img/email/mailcow.svg){ .twemoji } [mailcow](email.md#self-hosting-email) +- ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ .twemoji } [Mail-in-a-Box](email.md#self-hosting-email) + +
    + +[Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) + +### Financial Services + +#### Payment Masking Services + +
    + +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
    + +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
    + +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
    + +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + +### Search Engines + +
    + +- ![Brave Search logo](assets/img/search-engines/brave-search.svg){ .twemoji } [Brave Search](search-engines.md#brave-search) +- ![DuckDuckGo logo](assets/img/search-engines/duckduckgo.svg){ .twemoji } [DuckDuckGo](search-engines.md#duckduckgo) +- ![SearXNG logo](assets/img/search-engines/searxng.svg){ .twemoji } [SearXNG](search-engines.md#searxng) +- ![Startpage logo](assets/img/search-engines/startpage.svg#only-light){ .twemoji }![Startpage logo](assets/img/search-engines/startpage-dark.svg#only-dark){ .twemoji } [Startpage](search-engines.md#startpage) + +
    + +[Learn more :material-arrow-right-drop-circle:](search-engines.md) + +### VPN Providers + +??? danger "VPNs do not provide anonymity" + + Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. + + If you are looking for **anonymity**, you should use the Tor Browser **instead** of a VPN. + + If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices. + + [Learn more :material-arrow-right-drop-circle:](vpn.md) + +
    + +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) + +
    + +[Learn more :material-arrow-right-drop-circle:](vpn.md) + +## Software + +### Calendar Sync + +
    + +- ![Tutanota logo](assets/img/calendar/tutanota.svg){ .twemoji } [Tutanota](calendar.md#tutanota) +- ![Proton Calendar logo](assets/img/calendar/proton-calendar.svg){ .twemoji } [Proton Calendar](calendar.md#proton-calendar) + +
    + +[Learn more :material-arrow-right-drop-circle:](calendar.md) + +### Cryptocurrency + +
    + +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
    + +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + +### Data and Metadata Redaction + +
    + +- ![MAT2 logo](assets/img/data-redaction/mat2.svg){ .twemoji } [MAT2](data-redaction.md#mat2) +- ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ .twemoji } [ExifEraser (Android)](data-redaction.md#exiferaser-android) +- ![Metapho logo](assets/img/data-redaction/metapho.jpg){ .twemoji } [Metapho (iOS)](data-redaction.md#metapho-ios) +- ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ .twemoji } [PrivacyBlur](data-redaction.md#privacyblur) +- ![ExifTool logo](assets/img/data-redaction/exiftool.png){ .twemoji } [ExifTool (CLI)](data-redaction.md#exiftool) + +
    + +[Learn more :material-arrow-right-drop-circle:](data-redaction.md) + +### Email Clients + +
    + +- ![Thunderbird logo](assets/img/email-clients/thunderbird.svg){ .twemoji } [Thunderbird](email-clients.md#thunderbird) +- ![Apple Mail logo](assets/img/email-clients/applemail.png){ .twemoji } [Apple Mail (macOS)](email-clients.md#apple-mail-macos) +- ![Canary Mail logo](assets/img/email-clients/canarymail.svg){ .twemoji } [Canary Mail (iOS)](email-clients.md#canary-mail-ios) +- ![FairEmail logo](assets/img/email-clients/fairemail.svg){ .twemoji } [FairEmail (Android)](email-clients.md#fairemail-android) +- ![GNOME Evolution logo](assets/img/email-clients/evolution.svg){ .twemoji } [GNOME Evolution (Linux)](email-clients.md#gnome-evolution-gnome) +- ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail-android) +- ![Kontact logo](assets/img/email-clients/kontact.svg){ .twemoji } [Kontact (Linux)](email-clients.md#kontact-kde) +- ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP in standard webmail)](email-clients.md#mailvelope-browser) +- ![NeoMutt logo](assets/img/email-clients/mutt.svg){ .twemoji } [NeoMutt (CLI)](email-clients.md#neomutt-cli) + +
    + +[Learn more :material-arrow-right-drop-circle:](email-clients.md) + +### Encryption Software + +??? info "Operating System Disk Encryption" + + For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and typically use hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt do not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems. + + [Learn more :material-arrow-right-drop-circle:](encryption.md##operating-system-included-full-disk-encryption-fde) + +
    + +- ![Cryptomator logo](assets/img/encryption-software/cryptomator.svg){ .twemoji } [Cryptomator](encryption.md#cryptomator-cloud) +- ![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ .twemoji } [Picocrypt](encryption.md#picocrypt-file) +- ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ .twemoji }![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ .twemoji } [VeraCrypt (FDE)](encryption.md#veracrypt-disk) +- ![Hat.sh logo](assets/img/encryption-software/hat-sh.png#only-light){ .twemoji }![Hat.sh logo](assets/img/encryption-software/hat-sh-dark.png#only-dark){ .twemoji } [Hat.sh (Browser-based)](encryption.md#hatsh) +- ![Kryptor logo](assets/img/encryption-software/kryptor.png){ .twemoji } [Kryptor](encryption.md#kryptor) +- ![Tomb logo](assets/img/encryption-software/tomb.png){ .twemoji } [Tomb](encryption.md#tomb) + +
    + +[Learn more :material-arrow-right-drop-circle:](encryption.md) + +#### OpenPGP Clients + +
    + +- ![GnuPG logo](assets/img/encryption-software/gnupg.svg){ .twemoji } [GnuPG](encryption.md#gnu-privacy-guard) +- ![GPG4Win logo](assets/img/encryption-software/gpg4win.svg){ .twemoji } [GPG4Win (Windows)](encryption.md#gpg4win) +- ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ .twemoji } [GPG Suite (macOS)](encryption.md#gpg-suite) +- ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ .twemoji } [OpenKeychain](encryption.md#openkeychain) + +
    + +[Learn more :material-arrow-right-drop-circle:](encryption.md#openpgp) + +### File Sharing and Sync + +
    + +- ![Send logo](assets/img/file-sharing-sync/send.svg){ .twemoji } [Send](file-sharing.md#send) +- ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ .twemoji } [OnionShare](file-sharing.md#onionshare) +- ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ .twemoji } [FreedomBox](file-sharing.md#freedombox) +- ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ .twemoji } [Nextcloud (Self-Hostable)](productivity.md#nextcloud) +- ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ .twemoji } [Syncthing](file-sharing.md#syncthing) + +
    + +[Learn more :material-arrow-right-drop-circle:](file-sharing.md) + +### Frontends + +
    + +- ![Librarian logo](assets/img/frontends/librarian.svg#only-light){ .twemoji }![Librarian logo](assets/img/frontends/librarian-dark.svg#only-dark){ .twemoji } [Librarian (LBRY, Web)](frontends.md#librarian) +- ![Nitter logo](assets/img/frontends/nitter.svg){ .twemoji } [Nitter (Twitter, Web)](frontends.md#nitter) +- ![FreeTube logo](assets/img/frontends/freetube.svg){ .twemoji } [FreeTube (YouTube, Desktop)](frontends.md#freetube) +- ![Yattee logo](assets/img/frontends/yattee.svg){ .twemoji } [Yattee (YouTube; iOS, tvOS, macOS)](frontends.md#yattee) +- ![LibreTube logo](assets/img/frontends/libretube.svg#only-light){ .twemoji }![LibreTube logo](assets/img/frontends/libretube-dark.svg#only-dark){ .twemoji } [LibreTube (YouTube, Android)](frontends.md#libretube-android) +- ![NewPipe logo](assets/img/frontends/newpipe.svg){ .twemoji } [NewPipe (YouTube, Android)](frontends.md#newpipe-android) +- ![Invidious logo](assets/img/frontends/invidious.svg#only-light){ .twemoji }![Invidious logo](assets/img/frontends/invidious-dark.svg#only-dark){ .twemoji } [Invidious (YouTube, Web)](frontends.md#invidious) +- ![Piped logo](assets/img/frontends/piped.svg){ .twemoji } [Piped (YouTube, Web)](frontends.md#piped) + +
    + +[Learn more :material-arrow-right-drop-circle:](frontends.md) + +### Multi-Factor Authentication Tools + +
    + +- ![YubiKeys](assets/img/multi-factor-authentication/mini/yubico.svg){ .twemoji } [YubiKey](multi-factor-authentication.md#yubikey) +- ![Nitrokey](assets/img/multi-factor-authentication/mini/nitrokey.svg){ .twemoji } [Nitrokey](multi-factor-authentication.md#nitrokey-librem-key) +- ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ .twemoji } [Aegis Authenticator](multi-factor-authentication.md#aegis-authenticator) +- ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ .twemoji } [Raivo OTP](multi-factor-authentication.md#raivo-otp) + +
    + +[Learn more :material-arrow-right-drop-circle:](multi-factor-authentication.md) + +### News Aggregators + +
    + +- ![Akregator logo](assets/img/news-aggregators/akregator.svg){ .twemoji } [Akregator](news-aggregators.md#akregator) +- ![Feeder logo](assets/img/news-aggregators/feeder.png){ .twemoji} [Feeder](news-aggregators.md#feeder) +- ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ .twemoji } [Fluent Reader](news-aggregators.md#fluent-reader) +- ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ .twemoji } [GNOME Feeds](news-aggregators.md#gnome-feeds) +- ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ .twemoji }![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ .twemoji } [Miniflux](news-aggregators.md#miniflux) +- ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ .twemoji } [NetNewsWire](news-aggregators.md#netnewswire) +- ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ .twemoji } [Newsboat](news-aggregators.md#newsboat) + +
    + +[Learn more :material-arrow-right-drop-circle:](news-aggregators.md) + +### Notebooks + +
    + +- ![Joplin logo](assets/img/notebooks/joplin.svg){ .twemoji } [Joplin](notebooks.md#joplin) +- ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ .twemoji } [Standard Notes](notebooks.md#standard-notes) +- ![Cryptee logo](assets/img/notebooks/cryptee.svg#only-light){ .twemoji }![Cryptee logo](assets/img/notebooks/cryptee-dark.svg#only-dark){ .twemoji } [Cryptee](notebooks.md#cryptee) +- ![Org-mode logo](assets/img/notebooks/org-mode.svg){ .twemoji } [Org-mode](notebooks.md#org-mode) + +
    + +[Learn more :material-arrow-right-drop-circle:](notebooks.md) + +### Password Managers + +
    + +- ![Bitwarden logo](assets/img/password-management/bitwarden.svg){ .twemoji } [Bitwarden](passwords.md#bitwarden) +- ![1Password logo](assets/img/password-management/1password.svg){ .twemoji } [1Password](passwords.md#1password) +- ![Psono logo](assets/img/password-management/psono.svg){ .twemoji } [Psono](passwords.md#psono) +- ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ .twemoji } [KeePassXC](passwords.md#keepassxc) +- ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ .twemoji } [KeePassDX (Android)](passwords.md#keepassdx-android) +- ![Strongbox logo](assets/img/password-management/strongbox.svg){ .twemoji } [Strongbox (iOS & macOS)](passwords.md#strongbox-ios-macos) +- ![gopass logo](assets/img/password-management/gopass.svg){ .twemoji } [gopass](passwords.md#gopass) + +
    + +[Learn more :material-arrow-right-drop-circle:](passwords.md) + +### Productivity Tools + +
    + +- ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ .twemoji } [Nextcloud (Self-Hostable)](productivity.md#nextcloud) +- ![LibreOffice logo](assets/img/productivity/libreoffice.svg){ .twemoji } [LibreOffice](productivity.md#libreoffice) +- ![OnlyOffice logo](assets/img/productivity/onlyoffice.svg){ .twemoji } [OnlyOffice](productivity.md#onlyoffice) +- ![CryptPad logo](assets/img/productivity/cryptpad.svg){ .twemoji } [CryptPad](productivity.md#cryptpad) +- ![PrivateBin logo](assets/img/productivity/privatebin.svg){ .twemoji } [PrivateBin (Pastebin)](productivity.md#privatebin) + +
    + +[Learn more :material-arrow-right-drop-circle:](productivity.md) + +### Real-Time Communication + +
    + +- ![Signal logo](assets/img/messengers/signal.svg){ .twemoji } [Signal](real-time-communication.md#signal) +- ![Briar logo](assets/img/messengers/briar.svg){ .twemoji } [Briar](real-time-communication.md#briar) +- ![SimpleX Chat logo](assets/img/messengers/simplex.svg){ .twemoji } [SimpleX Chat](real-time-communication.md#simplex-chat) +- ![Element logo](assets/img/messengers/element.svg){ .twemoji } [Element](real-time-communication.md#element) +- ![Session logo](assets/img/messengers/session.svg){ .twemoji } [Session](real-time-communication.md#session) + +
    + +[Learn more :material-arrow-right-drop-circle:](real-time-communication.md) + +### Video Streaming Clients + +
    + +- ![LBRY logo](assets/img/video-streaming/lbry.svg){ .twemoji } [LBRY](video-streaming.md#lbry) + +
    + +[Learn more :material-arrow-right-drop-circle:](video-streaming.md) diff --git a/i18n/ku/tor.md b/i18n/ku/tor.md new file mode 100644 index 00000000..ce93c961 --- /dev/null +++ b/i18n/ku/tor.md @@ -0,0 +1,117 @@ +--- +title: "Tor Network" +icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. +--- + +![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } + +The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool. + +[:octicons-home-16:](https://www.torproject.org){ .card-link title=Homepage } +[:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" } +[:octicons-info-16:](https://tb-manual.torproject.org/){ .card-link title=Documentation} +[:octicons-code-16:](https://gitweb.torproject.org/tor.git){ .card-link title="Source Code" } +[:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute } + +Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. + +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} + +## Connecting to Tor + +There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for anonymous browsing for desktop computers and Android. In addition to the apps listed below, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser. + +### Tor Browser + +!!! recommendation + + ![Tor Browser logo](assets/img/browsers/tor.svg){ align=right } + + **Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor network and bridges, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*. + + [:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary } + [:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" } + [:octicons-info-16:](https://tb-manual.torproject.org/){ .card-link title=Documentation } + [:octicons-code-16:](https://gitweb.torproject.org/tor-browser.git/){ .card-link title="Source Code" } + [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.torbrowser) + - [:simple-android: Android](https://www.torproject.org/download/#android) + - [:simple-windows11: Windows](https://www.torproject.org/download/) + - [:simple-apple: macOS](https://www.torproject.org/download/) + - [:simple-linux: Linux](https://www.torproject.org/download/) + - [:simple-freebsd: FreeBSD](https://www.freshports.org/security/tor) + +!!! danger + + You should **never** install any additional extensions on Tor Browser or edit `about:config` settings, including the ones we suggest for Firefox. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting). + +The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/). + +### Orbot + +!!! recommendation + + ![Orbot logo](assets/img/self-contained-networks/orbot.svg){ align=right } + + **Orbot** is a free Tor VPN for smartphones which routes traffic from any app on your device through the Tor network. + + [:octicons-home-16: Homepage](https://orbot.app/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://orbot.app/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://orbot.app/faqs){ .card-link title=Documentation} + [:octicons-code-16:](https://orbot.app/code){ .card-link title="Source Code" } + [:octicons-heart-16:](https://orbot.app/donate){ .card-link title=Contribute } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.torproject.android) + - [:simple-appstore: App Store](https://apps.apple.com/us/app/orbot/id1609461599) + - [:simple-github: GitHub](https://github.com/guardianproject/orbot/releases) + +For resistance against traffic analysis attacks, consider enabling *Isolate Destination Address* in :material-menu: → **Settings** → **Connectivity**. This will use a completely different Tor Circuit (different middle relay and exit nodes) for every domain you connect to. + +!!! tip "Tips for Android" + + Orbot can proxy individual apps if they support SOCKS or HTTP proxying. It can also proxy all your network connections using [VpnService](https://developer.android.com/reference/android/net/VpnService) and can be used with the VPN killswitch in :gear: **Settings** → **Network & internet** → **VPN** → :gear: → **Block connections without VPN**. + + Orbot is often outdated on the Guardian Project's [F-Droid repository](https://guardianproject.info/fdroid) and [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android), so consider downloading directly from the [GitHub repository](https://github.com/guardianproject/orbot/releases) instead. + + All versions are signed using the same signature so they should be compatible with each other. + +## Relays and Bridges + +### Snowflake + +!!! recommendation + + ![Snowflake logo](assets/img/browsers/snowflake.svg#only-light){ align=right } + ![Snowflake logo](assets/img/browsers/snowflake-dark.svg#only-dark){ align=right } + + **Snowflake** allows you to donate bandwidth to the Tor Project by operating a "Snowflake proxy" within your browser. + + People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don't have the technical know-how to run a Tor relay or bridge. + + [:octicons-home-16: Homepage](https://snowflake.torproject.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/Technical%20Overview){ .card-link title=Documentation} + [:octicons-code-16:](https://gitweb.torproject.org/pluggable-transports/snowflake.git/){ .card-link title="Source Code" } + [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute } + + ??? downloads + + - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/en-US/firefox/addon/torproject-snowflake/) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/snowflake/mafpmfcccpbjnhfhjnllmmalhifmlcie) + - [:octicons-browser-16: Web](https://snowflake.torproject.org/embed "Leave this page open to be a Snowflake proxy") + +??? tip "Embedded Snowflake" + + You can enable Snowflake in your browser by clicking the switch below and ==leaving this page open==. You can also install Snowflake as a browser extension to have it always run while your browser is open, however adding third-party extensions can increase your attack surface. + +
    + If the embed does not appear for you, ensure you are not blocking the third-party frame from `torproject.org`. Alternatively, visit [this page](https://snowflake.torproject.org/embed.html). + +Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. + +Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. diff --git a/i18n/ku/video-streaming.md b/i18n/ku/video-streaming.md new file mode 100644 index 00000000..8f8ebd0b --- /dev/null +++ b/i18n/ku/video-streaming.md @@ -0,0 +1,51 @@ +--- +title: "Video Streaming" +icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. +--- + +The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. + +## LBRY + +!!! recommendation + + ![LBRY logo](assets/img/video-streaming/lbry.svg){ align=right } + + **The LBRY network** is a decentralized video sharing network. It uses a [BitTorrent](https://wikipedia.org/wiki/BitTorrent)-like network to store the video content, and a [blockchain](https://wikipedia.org/wiki/Blockchain) to store the indexes for those videos. The main benefit of this design is censorship resistance. + + **The LBRY desktop client** helps you stream videos from the LBRY network and stores your subscription list in your own LBRY wallet. + + [:octicons-home-16: Homepage](https://lbry.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://lbry.com/privacypolicy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://lbry.com/faq){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/lbryio/lbry-desktop){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-windows11: Windows](https://lbry.com/windows) + - [:simple-apple: macOS](https://lbry.com/osx) + - [:simple-linux: Linux](https://lbry.com/linux) + +!!! note + + Only the **LBRY desktop client** is recommended, as the [Odysee](https://odysee.com) website and the LBRY clients in F-Droid, Play Store, and the App Store have mandatory synchronization and telemetry. + +!!! warning + + While watching and hosting videos, your IP address is visible to the LBRY network. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + +We recommend **against** synchronizing your wallet with LBRY Inc., as synchronizing encrypted wallets is not supported yet. If you synchronize your wallet with LBRY Inc., you have to trust them to not look at your subscription list, [LBC](https://lbry.com/faq/earn-credits) funds, or take control of your channel. + +You can disable *Save hosting data to help the LBRY network* option in :gear: **Settings** → **Advanced Settings**, to avoid exposing your IP address and watched videos when using LBRY for a prolonged period of time. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Must not require a centralized account to view videos. + - Decentralized authentication, such as via a mobile wallet's private key is acceptable. diff --git a/i18n/ku/vpn.md b/i18n/ku/vpn.md new file mode 100644 index 00000000..a8839363 --- /dev/null +++ b/i18n/ku/vpn.md @@ -0,0 +1,327 @@ +--- +title: "VPN Services" +icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. +--- + +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: + +
    + +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
    + +!!! danger "VPNs do not provide anonymity" + + Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. + + If you are looking for **anonymity**, you should use the Tor Browser **instead** of a VPN. + + If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices. + + [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } + +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} + +## دابینکەرانی پێشنیارکراو + +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. + +### IVPN + +!!! recommendation + + ![IVPN logo](assets/img/vpn/ivpn.svg){ align=right } + + **IVPN** is another premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar. + + [:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-android: Android](https://www.ivpn.net/apps-android/) + - [:simple-appstore: App Store](https://apps.apple.com/app/ivpn-serious-privacy-protection/id1193122683) + - [:simple-windows11: Windows](https://www.ivpn.net/apps-windows/) + - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) + - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) + +#### :material-check:{ .pg-green } 35 Countries + +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } + +1. Last checked: 2022-09-16 + +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). + +#### :material-check:{ .pg-green } Independently Audited + +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. + +#### :material-check:{ .pg-green } WireGuard Support + +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. + +### Mullvad + +!!! recommendation + + ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } + + **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since **2009**. Mullvad is based in Sweden and does not have a free trial. + + [:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary } + [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" } + [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) + - [:simple-appstore: App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) + - [:simple-github: GitHub](https://github.com/mullvad/mullvadvpn-app/releases) + - [:simple-windows11: Windows](https://mullvad.net/en/download/windows/) + - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) + - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) + +#### :material-check:{ .pg-green } 41 Countries + +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } + +1. Last checked: 2023-01-19 + +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). + +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } + + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. + + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } + + ??? downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) + +#### :material-check:{ .pg-green } 67 Countries + +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } + +1. Last checked: 2022-09-16 + +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). + +#### :material-check:{ .pg-green } Independently Audited + +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). + +#### :material-check:{ .pg-green } Open-Source Clients + +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). + +#### :material-check:{ .pg-green } Accepts Cash + +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. + +#### :material-check:{ .pg-green } WireGuard Support + +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. + +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. + +## Criteria + +!!! danger + + It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy. + +**Please note we are not affiliated with any of the providers we recommend. This allows us to provide completely objective recommendations.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any VPN provider wishing to be recommended, including strong encryption, independent security audits, modern technology, and more. We suggest you familiarize yourself with this list before choosing a VPN provider, and conduct your own research to ensure the VPN provider you choose is as trustworthy as possible. + +### Technology + +We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client. **If** a VPN provides their own custom client, we require a killswitch to block network data leaks when disconnected. + +**Minimum to Qualify:** + +- Support for strong protocols such as WireGuard & OpenVPN. +- Killswitch built in to clients. +- Multihop support. Multihopping is important to keep data private in case of a single node compromise. +- If VPN clients are provided, they should be [open-source](https://en.wikipedia.org/wiki/Open_source), like the VPN software they generally have built into them. We believe that [source code](https://en.wikipedia.org/wiki/Source_code) availability provides greater transparency about what your device is actually doing. + +**Best Case:** + +- WireGuard and OpenVPN support. +- Killswitch with highly configurable options (enable/disable on certain networks, on boot, etc.) +- Easy-to-use VPN clients +- Supports [IPv6](https://en.wikipedia.org/wiki/IPv6). We expect that servers will allow incoming connections via IPv6 and allow you to access services hosted on IPv6 addresses. +- Capability of [remote port forwarding](https://en.wikipedia.org/wiki/Port_forwarding#Remote_port_forwarding) assists in creating connections when using P2P ([Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer)) file sharing software or hosting a server (e.g., Mumble). + +### Privacy + +We prefer our recommended providers to collect as little data as possible. Not collecting personal information on registration, and accepting anonymous forms of payment are required. + +**Minimum to Qualify:** + +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. +- No personal information required to register: Only username, password, and email at most. + +**Best Case:** + +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). + +### Security + +A VPN is pointless if it can't even provide adequate security. We require all our recommended providers to abide by current security standards for their OpenVPN connections. Ideally, they would use more future-proof encryption schemes by default. We also require an independent third-party to audit the provider's security, ideally in a very comprehensive manner and on a repeated (yearly) basis. + +**Minimum to Qualify:** + +- Strong Encryption Schemes: OpenVPN with SHA-256 authentication; RSA-2048 or better handshake; AES-256-GCM or AES-256-CBC data encryption. +- Perfect Forward Secrecy (PFS). +- Published security audits from a reputable third-party firm. + +**Best Case:** + +- Strongest Encryption: RSA-4096. +- Perfect Forward Secrecy (PFS). +- Comprehensive published security audits from a reputable third-party firm. +- Bug-bounty programs and/or a coordinated vulnerability-disclosure process. + +### Trust + +You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data? We require our recommended providers to be public about their ownership or leadership. We also would like to see frequent transparency reports, especially in regard to how government requests are handled. + +**Minimum to Qualify:** + +- Public-facing leadership or ownership. + +**Best Case:** + +- Public-facing leadership. +- Frequent transparency reports. + +### Marketing + +With the VPN providers we recommend we like to see responsible marketing. + +**Minimum to Qualify:** + +- Must self-host analytics (i.e., no Google Analytics). The provider's site must also comply with [DNT (Do Not Track)](https://en.wikipedia.org/wiki/Do_Not_Track) for people who want to opt-out. + +Must not have any marketing which is irresponsible: + +- Making guarantees of protecting anonymity 100%. When someone makes a claim that something is 100% it means there is no certainty for failure. We know people can quite easily deanonymize themselves in a number of ways, e.g.: + - Reusing personal information (e.g., email accounts, unique pseudonyms, etc) that they accessed without anonymity software (Tor, VPN, etc.) + - [Browser fingerprinting](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) +- Claim that a single circuit VPN is "more anonymous" than Tor, which is a circuit of three or more hops that regularly changes. +- Use responsible language: i.e., it is okay to say that a VPN is "disconnected" or "not connected", however claiming that someone is "exposed", "vulnerable" or "compromised" is needless use of alarming language that may be incorrect. For example, that person might simply be on another VPN provider's service or using Tor. + +**Best Case:** + +Responsible marketing that is both educational and useful to the consumer could include: + +- An accurate comparison to when [Tor](tor.md) should be used instead. +- Availability of the VPN provider's website over a [.onion service](https://en.wikipedia.org/wiki/.onion) + +### Additional Functionality + +While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. diff --git a/i18n/nl/404.md b/i18n/nl/404.md index be1bb643..fc9b878f 100644 --- a/i18n/nl/404.md +++ b/i18n/nl/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Niet gevonden @@ -13,5 +17,3 @@ We konden de pagina die je zoekt niet vinden! Misschien was je op zoek naar een - [Beste VPN-providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Onze Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/criteria.md b/i18n/nl/about/criteria.md index 9913777a..a35f5f32 100644 --- a/i18n/nl/about/criteria.md +++ b/i18n/nl/about/criteria.md @@ -38,5 +38,3 @@ Wij stellen deze eisen aan ontwikkelaars die hun project of software in overwegi - Moeten aangeven wat het exacte dreigingsmodel is van hun project. - Het moet voor potentiële gebruikers duidelijk zijn wat het project kan bieden, en wat niet. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/donate.md b/i18n/nl/about/donate.md index 007d3a72..a61bbbdb 100644 --- a/i18n/nl/about/donate.md +++ b/i18n/nl/about/donate.md @@ -48,5 +48,3 @@ Wij hosten [internetdiensten](https://privacyguides.net) voor het testen en tone Wij kopen af en toe producten en diensten aan om onze [aanbevolen instrumenten te testen](../tools.md). We werken nog steeds samen met onze fiscale host (de Open Collective Foundation) om donaties in cryptogeld te ontvangen, op dit moment is de boekhouding onhaalbaar voor veel kleinere transacties, maar dit zou in de toekomst moeten veranderen. In de tussentijd, als je een aanzienlijke (> $100) crypto donatie wilt doen, neem dan contact op met [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/index.md b/i18n/nl/about/index.md index a2c4584b..861f5928 100644 --- a/i18n/nl/about/index.md +++ b/i18n/nl/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "Over Privacy Guides" +description: Privacy Guides is een sociaal gemotiveerde website die informatie biedt voor de bescherming van jouw gegevens en privacy. --- -**Privacy Guides** is een sociaal gemotiveerde website die informatie verstrekt voor de bescherming van jouw gegevensbeveiliging en privacy. Wij zijn een non-profit collectief dat volledig wordt beheerd door vrijwillige [teamleden](https://discuss.privacyguides.net/g/team) en bijdragers. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Steun het project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is een sociaal gemotiveerde website die [informatie biedt](/kb) voor de bescherming van jouw gegevens en privacy. Wij zijn een non-profit collectief dat volledig wordt beheerd door vrijwillige [teamleden](https://discuss.privacyguides.net/g/team) en bijdragers. Onze website is vrij van advertenties en niet geaffilieerd met andere aanbieders in de lijst. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Broncide" } +[:octicons-heart-16:](donate.md){ .card-link title=Bijdrage leveren } + +Het doel van Privacy Guides is om onze community te informeren over het belang van online privacy en overheidsprogramma 's die zijn ontworpen om al jouw online activiteiten te controleren. + +> Om [privacygerichte alternatieve] apps te vinden, kunt je kijken op sites als Good Reports en **Privacy Guides**, waar privacygerichte apps in verschillende categorieën worden genoemd, waaronder e-mailproviders (meestal tegen betaling) die niet worden beheerd door de grote techbedrijven. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) [Vertaald uit het Engels] + +> Als je op zoek bent naar een nieuwe vpn, kun je terecht bij de kortingscode van zowat iedere willekeurige podcast. Als je op zoek bent naar een **goéde** vpn, heb je professionele hulp nodig. Hetzelfde geldt voor e-mailclients, browsers, besturingssystemen en wachtwoordmanagers. Hoe weet je welke daarvan de beste, privacyvriendelijkste optie is? Daarvoor is er **Privacy Guides**, een platform waarop een aantal vrijwilligers dag in, dag uit zoekt naar de beste privacyvriendelijke tools om internet mee op te gaan. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) + +Ook uitgelicht op: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], en [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## Geschiedenis + +Privacy Guides werd gelanceerd in september 2021 als voortzetting van het [verouderde](privacytools.md) "PrivacyTools" open-source onderwijsproject. We erkenden het belang van onafhankelijke, criteriagerichte productaanbevelingen en algemene kennis op het gebied van privacy, en daarom moesten we het werk dat sinds 2015 door zo veel medewerkers was gecreëerd bewaren en ervoor zorgen dat die informatie voor onbepaalde tijd een stabiel thuis op het web had. + +In 2022 hebben we de overgang van ons belangrijkste websiteframework van Jekyll naar MkDocs voltooid, met behulp van de `mkdocs-material` documentatiesoftware. Deze wijziging maakte open-sourcebijdragen aan onze site aanzienlijk eenvoudiger voor buitenstaanders, omdat in plaats van ingewikkelde syntaxis te moeten kennen om berichten effectief te kunnen schrijven, bijdragen nu net zo eenvoudig is als het schrijven van een standaard Markdown-document. + +Daarnaast lanceerden we ons nieuwe discussieforum op [discuss.privacyguides.net](https://discuss.privacyguides.net/) als een gemeenschapsplatform om ideeën te delen en vragen te stellen over onze missie. Dit vergroot onze bestaande community op Matrix, en vervangt ons vorige GitHub Discussieplatform, waardoor we minder afhankelijk worden van discussieplatformen van derden. + +Tot nu toe hebben we in 2023 internationale vertalingen van onze website gelanceerd in [Frans](/fr/), [Hebreeuws](/he/), en [Nederlands](/nl/), met meer talen op komst, mogelijk gemaakt door ons uitstekende vertaalteam op [Crowdin](https://crowdin.com/project/privacyguides). We zijn van plan onze missie van voorlichting en educatie voort te zetten en manieren te vinden om de gevaren van een gebrek aan privacybewustzijn in het moderne digitale tijdperk en de prevalentie en schade van beveiligingsinbreuken in de technologie-industrie duidelijker te benadrukken. ## Ons Team @@ -48,7 +76,7 @@ title: "Over Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Bovendien hebben [veel mensen](https://github.com/privacyguides/privacyguides.org/graphs/contributors) bijgedragen aan het project. Jij kunt het ook, we zijn open source op GitHub! +Bovendien hebben [veel mensen](https://github.com/privacyguides/privacyguides.org/graphs/contributors) bijgedragen aan het project. Jij kunt dat ook, we zijn open source op GitHub, en accepteren vertaalsuggesties op [Crowdin](https://crowdin.com/project/privacyguides). Onze teamleden bekijken alle wijzigingen aan de website en nemen administratieve taken op zich zoals webhosting en financiën, maar zij profiteren niet persoonlijk van bijdragen aan deze site. Onze financiën worden transparant gehost door de Open Collective Foundation 501(c)(3) op [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Giften aan Privacy Guides zijn in het algemeen aftrekbaar van de belasting in de Verenigde Staten. @@ -59,5 +87,3 @@ Onze teamleden bekijken alle wijzigingen aan de website en nemen administratieve :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Tenzij anders vermeld, wordt de oorspronkelijke inhoud van deze website beschikbaar gesteld onder de [Creative Commons Naamsvermelding-Niet-afgeleide producten 4.0 Internationale Openbare Licentie](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). Dit betekent dat u vrij bent om het materiaal te kopiëren en opnieuw te verspreiden in elk medium of formaat voor elk doel, zelfs commercieel; zolang u gepaste eer geeft aan `Privacy Guides (www.privacyguides.org)` en een link geeft naar de licentie. U **mag de Privacy Guides branding niet** gebruiken in uw eigen project zonder uitdrukkelijke toestemming van dit project. Als u de inhoud van deze website remixt, transformeert of erop voortbouwt, mag u het gewijzigde materiaal niet verspreiden. Deze licentie is er om te voorkomen dat mensen ons werk delen zonder de juiste credits te geven, en om te voorkomen dat mensen ons werk aanpassen op een manier die gebruikt kan worden om mensen te misleiden. Als u de voorwaarden van deze licentie te beperkend vindt voor het project waaraan u werkt, neem dan contact met ons op via `jonah@privacyguides.org`. Wij bieden graag alternatieve licentiemogelijkheden voor goedbedoelde projecten op het gebied van privacy! - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/notices.md b/i18n/nl/about/notices.md index 971ba2b5..b18c0287 100644 --- a/i18n/nl/about/notices.md +++ b/i18n/nl/about/notices.md @@ -41,5 +41,3 @@ Je mag geen systematische of geautomatiseerde gegevensverzamelingsactiviteiten u * Schrapen * Datamining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/privacy-policy.md b/i18n/nl/about/privacy-policy.md index bbf61460..00321048 100644 --- a/i18n/nl/about/privacy-policy.md +++ b/i18n/nl/about/privacy-policy.md @@ -59,5 +59,3 @@ Voor meer algemene klachten in het kader van de GDPR kun je terecht bij jouw lok Eventuele nieuwe versies van deze verklaring [zullen wij hier](privacy-policy.md)plaatsen. Wij kunnen de wijze waarop wij wijzigingen aankondigen in toekomstige versies van dit document wijzigen. In de tussentijd kunnen wij onze contactgegevens te allen tijde bijwerken zonder een wijziging aan te kondigen. Raadpleeg het [Privacybeleid](privacy-policy.md) voor de meest recente contactinformatie op elk moment. Een volledige revisie [geschiedenis](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) van deze pagina is te vinden op GitHub. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/privacytools.md b/i18n/nl/about/privacytools.md index 9e4cf32d..0dea09d7 100644 --- a/i18n/nl/about/privacytools.md +++ b/i18n/nl/about/privacytools.md @@ -35,7 +35,6 @@ Medio 2021 nam het PrivacyTools team contact op met Jonah, die ermee instemde zi ## Gemeenschaps oproep tot actie Eind juli 2021 hebben we - de PrivacyTools gemeenschap op de hoogte gebracht van ons voornemen om een nieuwe naam te kiezen en het project voort te zetten op een nieuw domein, dat [gekozen zal worden](https://web.archive.org/web/20210729190935/https://aragon.cloud/apps/forms/cMPxG9KyopapBbcw) op 2 augustus 2022. Uiteindelijk werd "Privacy Guides" gekozen, met het domein `privacyguides.org` dat Jonah al bezat voor een zijproject uit 2020 dat onontwikkeld bleef.

    @@ -142,5 +141,3 @@ Dit onderwerp is uitgebreid besproken binnen onze gemeenschappen op verschillend - [2 apr 2022 reactie van u/dng99 op beschuldigende blogpost van PrivacyTools](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [16 mei 2022 reactie door @TommyTran732 op Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post op Techlore's forum door @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/services.md b/i18n/nl/about/services.md index 38234548..d542b52a 100644 --- a/i18n/nl/about/services.md +++ b/i18n/nl/about/services.md @@ -36,5 +36,3 @@ We draaien een aantal webdiensten om functies te testen en coole gedecentralisee - Beschikbaarheid: Semi-Openbaar Wij hosten Invidious voornamelijk om ingesloten YouTube-video's op onze website weer te geven, deze instantie is niet bedoeld voor algemeen gebruik en kan op elk moment worden beperkt. - Bron: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/about/statistics.md b/i18n/nl/about/statistics.md index bc71e4e0..8973be93 100644 --- a/i18n/nl/about/statistics.md +++ b/i18n/nl/about/statistics.md @@ -59,5 +59,3 @@ title: Verkeersstatistieken }) }) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/advanced/communication-network-types.md b/i18n/nl/advanced/communication-network-types.md index c230fb05..7f0ee06f 100644 --- a/i18n/nl/advanced/communication-network-types.md +++ b/i18n/nl/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Soorten communicatienetwerken" icon: 'material/transit-connection-variant' +description: Een overzicht van verschillende netwerkarchitecturen die vaak door instant messaging toepassingen worden gebruikt. --- Er zijn verschillende netwerkarchitecturen die gewoonlijk worden gebruikt om berichten tussen mensen door te geven. Deze netwerken kunnen verschillende privacygaranties bieden, en daarom is het de moeite waard jouw [bedreigingsmodel](../basics/threat-modeling.md) in overweging te nemen bij de beslissing welke app je gaat gebruiken. @@ -100,5 +101,3 @@ Het zelf hosten van een knooppunt in een anoniem routenetwerk biedt de hoster ge - Minder betrouwbaar als de knooppunten worden geselecteerd door gerandomiseerde routering, kunnen sommige knooppunten zeer ver van de verzender en de ontvanger verwijderd zijn, waardoor vertraging optreedt of zelfs berichten niet worden verzonden als een van de knooppunten offline gaat. - Ingewikkelder om mee te beginnen omdat de creatie en beveiligde backup van een cryptografische private sleutel vereist is. - Net als bij andere gedecentraliseerde platforms is het toevoegen van functies ingewikkelder voor ontwikkelaars dan op een gecentraliseerd platform. Daarom kunnen functies ontbreken of onvolledig zijn geïmplementeerd, zoals het offline doorgeven van berichten of het verwijderen van berichten. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/advanced/dns-overview.md b/i18n/nl/advanced/dns-overview.md index a32e26bb..4ec883a7 100644 --- a/i18n/nl/advanced/dns-overview.md +++ b/i18n/nl/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "Inleiding tot DNS" icon: material/dns +description: Het Domain Name System is het "telefoonboek van het internet", dat jouw browser helpt de website te vinden die hij zoekt. --- Het [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is het "telefoonboek van het internet". DNS vertaalt domeinnamen naar IP-adressen zodat browsers en andere diensten internetbronnen kunnen laden, via een gedecentraliseerd netwerk van servers. @@ -303,5 +304,3 @@ Het [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is ee Het is bedoeld om de levering van gegevens te "versnellen" door de client een antwoord te geven dat toebehoort aan een server die zich dicht bij hem bevindt, zoals een [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), die vaak worden gebruikt bij videostreaming en het serveren van JavaScript-webapps. Deze functie gaat wel ten koste van de privacy, aangezien de DNS-server informatie krijgt over de locatie van de client. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/advanced/payments.md b/i18n/nl/advanced/payments.md new file mode 100644 index 00000000..1a593c4d --- /dev/null +++ b/i18n/nl/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Privé betalingen +icon: material/hand-coin +--- + +Er is een reden waarom gegevens over jouw koopgedrag word beschouwd als de heilige graal van gerichte advertenties: jouw aankopen kunnen een ware schat aan gegevens over je lekken. Helaas is het huidige financiële systeem anti-privacy by design, waardoor banken, andere bedrijven en overheden transacties gemakkelijk kunnen traceren. Toch heb je tal van opties als het gaat om het maken van betalingen privé. + +## Contant + +Eeuwenlang was **contant geld** de belangrijkste vorm van particuliere betaling. Cash heeft in de meeste gevallen uitstekende privacy-eigenschappen, wordt in de meeste landen algemeen geaccepteerd en is **vervangbaar**, wat betekent dat het niet uniek en volledig verwisselbaar is. + +De wetgeving inzake contante betaling verschilt per land. In de Verenigde Staten is voor contante betalingen van meer dan 10.000 dollar een speciale melding aan de IRS vereist op [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). Het ontvangende bedrijf moet de naam, het adres, het beroep, de geboortedatum en het burgerservicenummer of een ander TIN van de begunstigde verifiëren (met enkele uitzonderingen). Lagere limieten zonder ID zoals $ 3.000 of minder bestaan voor uitwisselingen en geldoverdracht. Contant geld bevat ook serienummers. Deze worden bijna nooit door handelaren getraceerd, maar kunnen door rechtshandhavingsinstanties worden gebruikt bij gerichte onderzoeken. + +Toch is het meestal de beste optie. + +## Prepaidkaarten & Cadeaubonnen + +Het is relatief eenvoudig om cadeaubonnen en prepaidkaarten te kopen bij de meeste supermarkten en gemakswinkels met contant geld. Cadeaukaarten hebben meestal geen geen kosten, maar prepaidkaarten vaak wel, dus let goed op deze kosten en vervaldata. Sommige winkels kunnen vragen om je legitimatiebewijs te zien bij het afrekenen om fraude te verminderen. + +Cadeaubonnen hebben meestal limieten tot $ 200 per kaart, maar sommige bieden limieten tot $ 2.000 per kaart. Prepaidkaarten (bijv. van Visa of Mastercard) hebben meestal limieten tot $ 1.000 per kaart. + +Cadeaubonnen hebben het nadeel dat ze onderworpen zijn aan het winkelbeleid, dat vreselijke voorwaarden en beperkingen kan hebben. Sommige verkopers accepteren bijvoorbeeld niet uitsluitend betaling met cadeaubonnen, of ze kunnen de waarde van de kaart annuleren als ze je als een gebruiker met een hoog risico beschouwen. Zodra je een cadeaubon hebt, heeft de winkel een sterke mate van controle over dit krediet. + +Prepaidkaarten staan geen geldopnames van geldautomaten of "peer-to-peer" -betalingen in Venmo en soortgelijke apps toe. + +Cash blijft de beste optie voor persoonlijke aankopen voor de meeste mensen. Cadeaubonnen kunnen nuttig zijn voor de besparingen die ze opleveren. Prepaidkaarten kunnen handig zijn voor plaatsen die geen contant geld accepteren. Cadeaubonnen en prepaidkaarten zijn gemakkelijker online te gebruiken dan contant geld en ze zijn gemakkelijker te verkrijgen met cryptocurrencies dan contant geld. + +### Online marktplaatsen + +Als je [cryptocurrency](../cryptocurrency.md) hebt, kun je cadeaubonnen kopen bij een online cadeaubon marktplaats. Sommige van deze services bieden opties voor ID-verificatie voor hogere limieten, maar ze staan ook accounts toe met alleen een e-mailadres. Basislimieten beginnen bij $ 5.000-10.000 per dag voor basisaccounts en aanzienlijk hogere limieten voor ID geverifieerde accounts (indien aangeboden). + +Bij het online kopen van cadeaukaarten is er meestal een kleine korting. Prepaidkaarten worden meestal online verkocht tegen nominale waarde of tegen een vergoeding. Als je prepaidkaarten en cadeaubonnen met cryptocurrencies koopt, moet je sterk de voorkeur geven aan betalen met Monero, wat een sterke privacy biedt, meer hierover hieronder. Het betalen voor een cadeaukaart met een traceerbare betaalmethode doet de voordelen teniet die een cadeaukaart kan bieden wanneer deze met contant geld of Monero wordt gekocht. + +- [Online marktplaatsen voor cadeaubonnen :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtuele kaarten + +Een andere manier om jouw informatie te beschermen tegen online handelaars is het gebruik van virtuele kaarten voor eenmalig gebruik die jouw werkelijke bank- of factureringsgegevens maskeren. Dit is vooral handig om je te beschermen tegen inbreuken op de gegevens van verkopers, minder geavanceerde tracking of aankoopcorrelatie door marketingbureaus en online gegevensdiefstal. Ze helpen je **niet** om een aankoop volledig anoniem te doen, noch verbergen ze informatie voor de bankinstelling zelf. Reguliere financiële instellingen die virtuele kaarten aanbieden zijn onderworpen aan "Know Your Customer" (KYC) wetten, wat betekent dat zij jouw ID of andere identificerende informatie kunnen verlangen. + +- [Aanbevolen betalingsmaskeringsdiensten :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +Dit zijn meestal goede opties voor online terugkerende betalingen/abonnementen, terwijl de voorkeur wordt gegeven aan vooraf betaalde cadeaubonnen voor eenmalige transacties. + +## Cryptocurrency + +Cryptocurrencies zijn een digitale vorm van valuta die is ontworpen om te werken zonder centrale autoriteiten zoals een overheid of bank. Hoewel *sommige* cryptocurrency-projecten je in staat stellen online privétransacties te verrichten, gebruiken vele een openbare blockchain die geen enkele transactieprivacy biedt. Cryptovaluta's zijn ook zeer volatiele assets, wat betekent dat hun waarde op elk moment snel en aanzienlijk kan veranderen. Als zodanig raden we over het algemeen niet aan om cryptocurrency te gebruiken als een lange termijn opslag van waarde. Als je besluit cryptocurrency online te gebruiken, zorg er dan voor dat je vooraf volledig op de hoogte bent van de privacy-aspecten ervan, en investeer alleen bedragen die niet rampzalig zijn om te verliezen. + +!!! danger "Gevaar" + + De overgrote meerderheid van de cryptocurrencies werkt op een **publieke** blockchain, wat betekent dat elke transactie publiekelijk bekend is. Dit omvat zelfs de meeste bekende cryptocurrencies zoals Bitcoin en Ethereum. Transacties met deze cryptocurrencies mogen niet als privé worden beschouwd en zullen jouw anonimiteit niet beschermen. + + Daarnaast zijn veel of misschien niet de meeste cryptovaluta's oplichters. Voer transacties zorgvuldig uit met alleen projecten die je vertrouwt. + +### Privacy Coins + +Er zijn een aantal cryptocurrency-projecten die beweren privacy te bieden door transacties anoniem te maken. Wij raden aan er een te gebruiken die standaard transactie anonimiteit **biedt** om menselijke fouten te voorkomen. + +- [Aanbevolen cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacymunten worden steeds kritischer bekeken door overheidsinstanties. In 2020 publiceerde [de IRS een bounty van $625.000](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) voor tools die het Bitcoin Lightning Network en/of de transactieprivacy van Monero kunnen doorbreken. Ze hebben uiteindelijk [twee bedrijven](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis en Integra Fec) samen 1,25 miljoen dollar betaald voor tools die dit pretenderen te doen (het is onbekend op welk cryptocurrency netwerk deze tools zich richten). Vanwege de geheimhouding rond tools zoals deze, is geen van deze methoden voor het traceren van cryptocurrencies onafhankelijk bevestigd.== Het is vrij waarschijnlijk dat er instrumenten bestaan die gericht onderzoek naar particuliere munttransacties ondersteunen, en dat privacymunten er alleen in slagen massasurveillance te dwarsbomen. + +### Andere munten (Bitcoin, Ethereum, enz.) + +De overgrote meerderheid van cryptocurrency-projecten maakt gebruik van een openbare blockchain, wat betekent dat alle transacties zowel gemakkelijk traceerbaar als permanent zijn. Als zodanig raden we het gebruik van de meeste cryptocurrency om privacygerelateerde redenen ten zeerste af. + +Anonieme transacties op een openbare blockchain zijn *theoretisch* mogelijk en de Bitcoin wiki [geeft een voorbeeld van een "volledig anonieme" transactie](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). Hiervoor is echter een ingewikkelde configuratie nodig waarbij Tor en "solo-mining" een blok nodig is om volledig onafhankelijke cryptovaluta te genereren een praktijk die al jaren voor bijna geen enkele enthousiasteling praktisch is. + +==Jouw beste optie is om deze cryptocurrencies volledig te vermijden en vast te houden aan een die standaard privacy biedt.== Pogingen om andere cryptocurrency te gebruiken vallen buiten het bereik van deze site en worden sterk afgeraden. + +### Wallet Bewaring + +Bij cryptocurrency zijn er twee vormen van wallets: custodial wallets en noncustodial wallets. Custodial wallets worden beheerd door gecentraliseerde bedrijven/beurzen, waar de privésleutel voor jouw wallet in handen is van dat bedrijf, en je kunt er overal bij met een gewone gebruikersnaam en wachtwoord. Niet-custodiale portemonnees zijn portemonnees waarbij jij de privé-sleutels om toegang te krijgen controleert en beheert. Ervan uitgaande dat je de privésleutels van jouw portemonnee veilig bewaart en er een back-up van maakt, bieden niet-custodial wallets meer veiligheid en weerstand tegen censuur dan custodial wallets, omdat jouw cryptocurrency niet kan worden gestolen of bevroren door een bedrijf dat jouw privésleutels bewaart. Sleutelbewaring is vooral belangrijk als het gaat om privacy-munten: Custodial wallets geven de exploitatiemaatschappij de mogelijkheid om jouw transacties te bekijken, waardoor de privacyvoordelen van die cryptocurrencies teniet worden gedaan. + +### Aankoop + +Het particulier verwerven van [cryptocurrencies](../cryptocurrency.md) zoals Monero kan moeilijk zijn. P2P-marktplaatsen zoals [LocalMonero](https://localmonero.co/), een platform dat handel tussen mensen vergemakkelijkt, zijn een optie die kan worden gebruikt. Als het gebruik van een exchange die KYC vereist een aanvaardbaar risico voor je is zolang latere transacties niet kunnen worden getraceerd, is een veel eenvoudigere optie om Monero te kopen op een exchange zoals [Kraken](https://kraken.com/), of Bitcoin/Litecoin te kopen van een KYC exchange die dan kan worden omgewisseld voor Monero. Vervolgens kun je de aangekochte Monero opnemen in jouw eigen, niet-vrijwillige portemonnee om vanaf dat moment privé te gebruiken. + +Als je voor deze route kiest, zorg er dan voor dat je Monero koopt op andere tijdstippen en in andere hoeveelheden dan waar je het zult uitgeven. Als je $5000 aan Monero koopt op een beurs en een uur later een aankoop van $5000 in Monero doet, kunnen die acties mogelijk gecorreleerd worden door een buitenstaander, ongeacht welke weg de Monero aflegde. Door aankopen te spreiden en vooraf grotere hoeveelheden Monero te kopen om later uit te geven aan meerdere kleinere transacties, kan deze valkuil worden vermeden. + +## Aanvullende overwegingen + +Zorg ervoor dat je privacy in gedachten houdt wanneer je een betaling in persoon doet met contanten. Beveiligingscamera 's zijn alomtegenwoordig. Overweeg het dragen van onopvallende kleding en een gezichtsmasker (zoals een chirurgisch masker of N95). Meld je niet aan voor beloningsprogramma's en geef geen andere informatie over jezelf. + +Bij online aankopem, gebruik dan bij voorkeur [Tor](tor-overview.md). Veel handelaren staan echter geen aankopen bij Tor toe. U kunt overwegen een [aanbevolen VPN](../vpn.md) te gebruiken (betaald met contant geld, cadeaubond, of Monero), of het doen in een koffiewinkel of bibliotheek met gratis wifi. Als je een fysiek voorwerp bestelt dat geleverd moet worden, moet je een afleveradres opgeven. Overweeg een postvak, privépostvak of werkadres te gebruiken. diff --git a/i18n/nl/advanced/tor-overview.md b/i18n/nl/advanced/tor-overview.md index 1b1d3612..ea1d91b8 100644 --- a/i18n/nl/advanced/tor-overview.md +++ b/i18n/nl/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overzicht" icon: 'simple/torproject' +description: Tor is een gratis te gebruiken, gedecentraliseerd netwerk dat is ontworpen om het internet met zoveel mogelijk privacy te gebruiken. --- Tor is een gratis te gebruiken, gedecentraliseerd netwerk dat is ontworpen om het internet met zoveel mogelijk privacy te gebruiken. Bij correct gebruik maakt het netwerk privé en anoniem browsen en communicatie mogelijk. @@ -74,8 +75,6 @@ Als je Tor wilt gebruiken om op het web te surfen, raden we alleen de **officië - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.nl.txt" - [^1]: De entry node in jouw circuit wordt een "bewaker" of "Guard" genoemd. Het is een snel en stabiel node dat gedurende 2-3 maanden de eerste blijft in jouw circuit, ter bescherming tegen een bekende anonimiteitsdoorbrekende aanval. De rest van je circuit verandert bij elke nieuwe website die je bezoekt, en alles bij elkaar bieden deze relays de volledige privacybescherming van Tor. Voor meer informatie over de werking van guard nodes, zie deze [blogpost](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) en [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) over inloopbeveiliging. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relaysvlag: een speciale (dis-)kwalificatie van relais voor circuitposities (bijvoorbeeld "Guard", "Exit", "BadExit"), circuiteigenschappen (bijvoorbeeld "Fast", "Stable"), of rollen (bijvoorbeeld "Authority", "HSDir"), zoals toegewezen door de directory-autoriteiten en nader gedefinieerd in de specificatie van het directory-protocol. ([https://metrics.torproject.org/glossary.html/](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/nl/android.md b/i18n/nl/android.md index f4d7140c..87d57238 100644 --- a/i18n/nl/android.md +++ b/i18n/nl/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: Je kunt het besturingssysteem op jouw Android-telefoon vervangen door deze veilige en privacy respecterende alternatieven. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ Het **Android Open Source Project** is een open-source mobiel besturingssysteem Dit zijn de Android-besturingssystemen, apparaten en apps die wij aanbevelen om de beveiliging en privacy van jouw mobiele apparaat te maximaliseren. aanbeveling -- [Algemeen Android-overzicht en -aanbevelingen :material-arrow-right-drop-circle:](os/android-overview.md) -- [Waarom we GrapheneOS aanbevelen boven CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[Algemeen Android-overzicht en -aanbevelingen :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Waarom we GrapheneOS aanbevelen boven CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP-derivaten @@ -41,7 +43,7 @@ Wij raden je aan een van deze aangepaste Android-besturingssystemen op jouw toes [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Broncode" } [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Bijdragen } -DivestOS heeft geautomatiseerde kernel kwetsbaarheden ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), minder eigen blobs, een aangepaste [hosts](https://divested.dev/index.php?page=dnsbl) bestand, en [F-Droid](https://www.f-droid.org) als de app store. Zijn geharde WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), maakt [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) mogelijk voor alle architecturen en [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), en ontvangt out-of-band updates. +GrapheneOS ondersteunt [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), die draait [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) volledig sandboxed als elke andere gewone app. Dit betekent dat je kunt profiteren van de meeste Google Play-services, zoals [pushmeldingen](https://firebase.google.com/docs/cloud-messaging/), terwijl je volledige controle hebt over hun machtigingen en toegang, en terwijl je ze bevat in een specifiek [werkprofiel](os/android-overview.md#work-profile) of [gebruikersprofiel](os/android-overview.md#user-profiles) van jouw keuze. Google Pixel-telefoons zijn de enige apparaten die momenteel voldoen aan GrapheneOS's [hardware beveiligingseisen](https://grapheneos.org/faq#device-support). @@ -61,11 +63,11 @@ Google Pixel-telefoons zijn de enige apparaten die momenteel voldoen aan Graphen [:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Broncode" } [:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Bijdragen } -DivestOS heeft geautomatiseerde kernel kwetsbaarheden ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), minder propriëtaire blobs, en een aangepaste [hosts](https://divested.dev/index.php?page=dnsbl) bestand. waarschuwing DivestOS bevat ook kernelpatches van GrapheneOS en schakelt alle beschikbare kernelbeveiligingsfuncties in via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). Alle kernels nieuwer dan versie 3.4 bevatten volledige pagina [sanitization](https://lwn.net/Articles/334747/) en alle ~22 Clang-gecompileerde kernels hebben [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) ingeschakeld. +DivestOS heeft geautomatiseerde kernel kwetsbaarheden ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), minder propriëtaire blobs, en een aangepaste [hosts](https://divested.dev/index.php?page=dnsbl) bestand. Zijn geharde WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), maakt [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) mogelijk voor alle architecturen en [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), en ontvangt out-of-band updates. DivestOS bevat ook kernelpatches van GrapheneOS en schakelt alle beschikbare kernelbeveiligingsfuncties in via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). Alle kernels nieuwer dan versie 3.4 bevatten volledige pagina [sanitization](https://lwn.net/Articles/334747/) en alle ~22 Clang-gecompileerde kernels hebben [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) ingeschakeld. -DivestOS implementeert enkele systeemhardingspatches die oorspronkelijk voor GrapheneOS zijn ontwikkeld. De software en firmware van mobiele toestellen worden slechts een beperkte tijd ondersteund, dus door nieuw te kopen wordt die levensduur zoveel mogelijk verlengd. 17.1 en hoger bevat GrapheneOS's per-netwerk volledige [MAC randomisatie](https://en.wikipedia.org/wiki/MAC_address#Randomization) optie, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) controle, en automatische reboot/Wi-Fi/Bluetooth [timeout opties](https://grapheneos.org/features). +DivestOS implementeert enkele systeemhardingspatches die oorspronkelijk voor GrapheneOS zijn ontwikkeld. DivestOS 16.0 en hoger implementeert GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) en SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](android/grapheneos-vs-calyxos.md#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), en partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 en hoger bevat GrapheneOS's per-netwerk volledige [MAC randomisatie](https://en.wikipedia.org/wiki/MAC_address#Randomization) optie, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) controle, en automatische reboot/Wi-Fi/Bluetooth [timeout opties](https://grapheneos.org/features). -CalyxOS bevat optioneel [microG](https://microg.org/), een gedeeltelijk open-source herimplementatie van Play Services die een bredere app compatibiliteit biedt. Het bundelt ook alternatieve locatiediensten: [Mozilla](https://location.services.mozilla.com/) en [DejaVu](https://github.com/n76/DejaVu). Op DivestOS is dat echter niet mogelijk; de ontwikkelaars werken hun apps bij via hun eigen F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) en [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). Wij raden aan de officiële F-Droid app uit te schakelen en [Neo Store](https://github.com/NeoApplications/Neo-Store/) te gebruiken met de DivestOS repositories ingeschakeld om die componenten up-to-date te houden. Voor andere apps gelden nog steeds onze aanbevolen methoden om ze te verkrijgen. +DivestOS gebruikt F-Droid als standaard app store. Normaal gesproken raden we aan om F-Droid te vermijden vanwege de vele [beveiligingsproblemen](#f-droid). Op DivestOS is dat echter niet mogelijk; de ontwikkelaars werken hun apps bij via hun eigen F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) en [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). Wij raden aan de officiële F-Droid app uit te schakelen en [Neo Store](https://github.com/NeoApplications/Neo-Store/) te gebruiken met de DivestOS repositories ingeschakeld om die componenten up-to-date te houden. Voor andere apps gelden nog steeds onze aanbevolen methoden om ze te verkrijgen. !!! warning @@ -77,7 +79,7 @@ CalyxOS bevat optioneel [microG](https://microg.org/), een gedeeltelijk open-sou Wanneer je een apparaat koopt, raden wij je aan er een zo nieuw als mogelijk te kopen. De software en firmware van mobiele apparaten worden slechts een beperkte tijd ondersteund, dus door nieuw te kopen wordt die levensduur zoveel mogelijk verlengd. -Vermijd het kopen van telefoons van mobiele netwerkoperatoren. Deze hebben vaak een **vergrendelde bootloader** en bieden geen ondersteuning voor [OEM-ontgrendeling](https://source.android.com/devices/bootloader/locking_unlocking). Deze telefoonvarianten voorkomen dat je enige vorm van alternatieve Android-distributie installeert. +Vermijd het kopen van telefoons van jouw mobiele provider. Deze hebben vaak een **vergrendelde bootloader** en bieden geen ondersteuning voor [OEM-ontgrendeling](https://source.android.com/devices/bootloader/locking_unlocking). Deze telefoonvarianten voorkomen dat je enige vorm van alternatieve Android-distributie installeert. Wees zeer **voorzichtig** met het kopen van tweedehands telefoons van online marktplaatsen. Controleer altijd de reputatie van de verkoper. Als het apparaat is gestolen, is het mogelijk [IMEI geblacklist](https://www.gsma.com/security/resources/imei-blacklisting/) is. Er is ook een risico dat je in verband wordt gebracht met de activiteiten van de vorige eigenaar. @@ -101,9 +103,9 @@ Google Pixel-telefoons zijn de **enige** toestellen die we aanraden om te kopen. [:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary } -Secure Elements zoals de Titan M2 zijn beperkter dan de Trusted Execution Environment van de processor die door de meeste andere telefoons gebruikt wordt, omdat ze alleen gebruikt worden voor geheimen opslag, hardware attestatie, en snelheidsbeperking van het invoeren van wachtwoorden, niet voor het draaien van "vertrouwde" programma's. Telefoons zonder een Secure Element moeten de TEE gebruiken voor *alle* van die functies, wat resulteert in een groter aanvalsoppervlak. +Secure Elements zoals de Titan M2 zijn beperkter dan de Trusted Execution Environment van de processor die door de meeste andere telefoons gebruikt wordt, omdat ze alleen gebruikt worden voor geheimen opslag, hardware attestatie, en snelheidsbeperking van het invoeren van wachtwoorden, niet voor het draaien van "vertrouwde" programma's. Telefoons zonder een Secure Element moeten de TEE gebruiken voor *alle* van deze functies. Dat leidt tot een groter aanvalsoppervlak. -Google Pixel-telefoons gebruiken een TEE OS genaamd Trusty dat [open-source](https://source.android.com/security/trusty#whyTrusty)is, in tegenstelling tot veel andere telefoons. +Google Pixel-telefoons gebruiken een TEE OS genaamd Trusty dat [open-source](https://source.android.com/security/trusty#whyTrusty) is, in tegenstelling tot veel andere telefoons. De installatie van GrapheneOS op een Pixel telefoon is eenvoudig met hun [web installer](https://grapheneos.org/install/web). Als je zich niet op jouw gemak voelt om het zelf te doen en bereid bent om een beetje extra geld uit te geven, kijk dan eens naar de [NitroPhone](https://shop.nitrokey.com/shop). Deze zijn voorgeladen met GrapheneOS van het gerenommeerde bedrijf [Nitrokey](https://www.nitrokey.com/about). @@ -116,7 +118,7 @@ Nog een paar tips voor de aanschaf van een Google Pixel: ## Algemene toepassingen -De volgende OEM's worden alleen genoemd omdat zij telefoons hebben die compatibel zijn met de door ons aanbevolen besturingssystemen. Als je een nieuw toestel koopt, raden we alleen aan om een Google Pixel te kopen. +Wij bevelen op deze site een groot aantal Android-apps aan. De hier vermelde apps zijn exclusief voor Android en verbeteren of vervangen specifiek belangrijke systeemfuncties. ### Shelter @@ -169,7 +171,7 @@ Auditor voert attest en inbraakdetectie uit door: - De *auditor* kan een ander exemplaar van de Auditor app zijn of de [Remote Attestation Service](https://attestation.app). - De *auditor* registreert de huidige toestand en configuratie van de *auditee*. - Mocht er met het besturingssysteem van de *auditee worden geknoeid* nadat de koppeling is voltooid, dan zal de auditor op de hoogte zijn van de verandering in de toestand en de configuraties van het apparaat. -- U zult op de hoogte worden gebracht van de wijziging. +- Je zult op de hoogte worden gebracht van de wijziging. Er wordt geen persoonlijk identificeerbare informatie aan de attestatiedienst verstrekt. Wij raden je aan je aan te melden met een anonieme account en attestatie op afstand in te schakelen voor voortdurende controle. @@ -199,7 +201,7 @@ De belangrijkste privacyfuncties zijn: - Automatisch verwijderen van [Exif](https://en.wikipedia.org/wiki/Exif) metadata (standaard ingeschakeld) - Gebruik van de nieuwe [Media](https://developer.android.com/training/data-storage/shared/media) API, daarom zijn [opslagmachtigingen](https://developer.android.com/training/data-storage) niet vereist -- Microfoontoestemming niet vereist, tenzij u geluid wilt opnemen +- Microfoontoestemming niet vereist, tenzij je geluid wilt opnemen !!! note @@ -232,11 +234,11 @@ De belangrijkste privacyfuncties zijn: ### GrapheneOS App Store -De app store van GrapheneOS is beschikbaar op [GitHub](https://github.com/GrapheneOS/Apps/releases). Het ondersteunt Android 12 en hoger en is in staat om zichzelf te updaten. De app store heeft standalone applicaties gebouwd door het GrapheneOS project zoals de [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), en [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). Als je op zoek bent naar deze applicaties, raden wij je ten zeerste aan ze te halen uit de app-winkel van GrapheneOS in plaats van de Play Store, omdat de apps in hun winkel zijn ondertekend door de eigen handtekening van het GrapheneOS-project waar Google geen toegang toe heeft. +De app store van GrapheneOS is beschikbaar op [GitHub](https://github. com/GrapheneOS/Apps/releases). Het ondersteunt Android 12 en hoger en is in staat om zichzelf te updaten. De app store heeft losstaande applicaties gebouwd door het GrapheneOS project, zoals de [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), en [PDF-viewer](https://github.com/GrapheneOS/PdfViewer). Als je op zoek bent naar deze applicaties, raden wij je ten zeerste aan ze te halen uit de app-winkel van GrapheneOS in plaats van de Play Store, omdat de apps in hun winkel zijn ondertekend door de eigen handtekening van het GrapheneOS-project waar Google geen toegang toe heeft. ### Aurora Store -De Google Play Store vereist een Google-account om in te loggen, wat de privacy niet ten goede komt. U kunt dit omzeilen door een alternatieve client te gebruiken, zoals Aurora Store. +De Google Play Store vereist een Google-account om in te loggen, wat de privacy niet ten goede komt. Je kunt dit omzeilen door een alternatieve client te gebruiken, zoals Aurora Store. !!! recommendation @@ -257,7 +259,7 @@ Met de Aurora Store kun je geen betaalde apps downloaden met hun anonieme accoun Voor apps die worden uitgebracht op platforms als GitHub en GitLab, kun je misschien een RSS-feed toevoegen aan je [nieuwsaggregator](/news-aggregators) waarmee je nieuwe releases kunt volgen. -![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK wijzigingen](./assets/img/android/rss-changes-light.png#only-light) ![APK wijzigingen](./assets/img/android/rss-changes-dark.png#only-dark) +![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark) #### GitHub @@ -349,5 +351,3 @@ Dat gezegd zijnde, de [F-Droid](https://f-droid.org/en/packages/) en [IzzyOnDroi - Toepassingen op deze pagina mogen niet van toepassing zijn op andere softwarecategorieën op de site. - Algemene toepassingen moeten de kernfunctionaliteit van het systeem uitbreiden of vervangen. - Toepassingen moeten regelmatig worden bijgewerkt en onderhouden. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/basics/account-creation.md b/i18n/nl/basics/account-creation.md index 93002d83..e609c988 100644 --- a/i18n/nl/basics/account-creation.md +++ b/i18n/nl/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Het aanmaken van accounts" icon: 'material/account-plus' +description: Online accounts aanmaken is bijna een internetbehoefte, neem deze stappen om ervoor te zorgen dat je privé blijft. --- Vaak melden mensen zich aan voor diensten zonder na te denken. Misschien is het een streamingdienst zodat je die nieuwe show kunt bekijken waar iedereen het over heeft, of een account waarmee je korting krijgt op uw favoriete fastfood zaak. Wat het geval ook is, je moet nu en later rekening houden met de implicaties voor jouw gegevens. @@ -78,5 +79,3 @@ In veel gevallen moet je een nummer opgeven waarvan je smsjes of telefoontjes ku ### Gebruikersnaam en wachtwoord Bij sommige diensten kunt je je zonder e-mailadres registreren en hoeft je alleen een gebruikersnaam en wachtwoord in te stellen. Deze diensten kunnen meer anonimiteit bieden in combinatie met een VPN of Tor. Houd er rekening mee dat er voor deze accounts hoogstwaarschijnlijk **geen manier is om jouw account** te herstellen als je jouw gebruikersnaam of wachtwoord vergeet. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/basics/account-deletion.md b/i18n/nl/basics/account-deletion.md index 762100c9..966cbc7e 100644 --- a/i18n/nl/basics/account-deletion.md +++ b/i18n/nl/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account verwijderen" icon: 'material/account-remove' +description: Het is gemakkelijk om een groot aantal internetaccounts op te bouwen, hier zijn enkele tips over hoe je jouw verzameling kunt snoeien. --- Na verloop van tijd kan het gemakkelijk zijn om een aantal online accounts te verzamelen, waarvan je er vele misschien niet meer gebruikt. Het verwijderen van deze ongebruikte accounts is een belangrijke stap in het terugwinnen van jouw privacy, aangezien slapende accounts kwetsbaar zijn voor gegevensinbreuken. Van een datalek is sprake wanneer de beveiliging van een dienst wordt gecompromitteerd en beschermde informatie door onbevoegden wordt ingezien, doorgegeven of gestolen. Inbreuken op gegevens zijn tegenwoordig helaas al [te gewoon](https://haveibeenpwned.com/PwnedWebsites), en dus is een goede digitale hygiëne de beste manier om de impact ervan op jouw leven te minimaliseren. Het doel van deze gids is je door het vervelende proces van accountverwijdering te loodsen, vaak bemoeilijkt door [bedrieglijk ontwerp](https://www.deceptive.design/), ten voordele van uw online aanwezigheid. @@ -59,5 +60,3 @@ Zelfs wanneer je een account kunt verwijderen, is er geen garantie dat al jouw i ## Vermijd nieuwe accounts Zoals het oude gezegde luidt: "Voorkomen is beter dan genezen." Telkens wanneer je in de verleiding komt om een nieuwe account aan te maken, vraag jezelf dan af: "Heb ik dit echt nodig? Kan ik doen wat ik moet doen zonder een account?" Het kan vaak veel moeilijker zijn om een account te verwijderen dan om er een aan te maken. En zelfs na het verwijderen of wijzigen van de info op jouw account, kan er een cache-versie van een derde partij zijn, zoals het [Internet Archive](https://archive.org/). Vermijd de verleiding als je kunt. Je toekomstige ik zal je dankbaar zijn! - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/basics/common-misconceptions.md b/i18n/nl/basics/common-misconceptions.md index 5f7df183..c44a413f 100644 --- a/i18n/nl/basics/common-misconceptions.md +++ b/i18n/nl/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Veel voorkomende misvattingen" icon: 'material/robot-confused' +description: Privacy is geen eenvoudig onderwerp, en men raakt gemakkelijk verstrikt in marketingclaims en andere desinformatie. --- ## "Open source software is altijd veilig" of "Private software is veiliger" @@ -56,6 +57,4 @@ Een van de duidelijkste dreigingsmodellen is een model waarbij mensen *weten wie Het gebruik van Tor kan hierbij helpen. Ook moet worden opgemerkt dat een grotere anonimiteit mogelijk is door asynchrone communicatie: Real-time communicatie is kwetsbaar voor analyse van typpatronen (d.w.z. meer dan een alinea tekst, verspreid op een forum, via e-mail, enz.) ---8<-- "includes/abbreviations.nl.txt" - [^1]: Een opmerkelijk voorbeeld hiervan is het incident van [2021, waarbij onderzoekers van de Universiteit van Minnesota drie kwetsbaarheden in het Linux-kernelontwikkelingsproject](https://cse.umn.edu/cs/linux-incident)introduceerden. diff --git a/i18n/nl/basics/common-threats.md b/i18n/nl/basics/common-threats.md index 2c25b3b5..06a90e65 100644 --- a/i18n/nl/basics/common-threats.md +++ b/i18n/nl/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Veel voorkomende bedreigingen" icon: 'material/eye-outline' +description: Jouw dreigingsmodel is persoonlijk voor je, maar dit zijn enkele van de dingen die veel bezoekers van deze site belangrijk vinden. --- In grote lijnen delen wij onze aanbevelingen in in deze algemene categorieën van [bedreigingen](threat-modeling.md) of doelstellingen die voor de meeste mensen gelden. ==U kunt zich bezighouden met geen, een, enkele, of al deze mogelijkheden==, en de instrumenten en diensten die je gebruikt hangen af van wat jouw doelstellingen zijn. Misschien heb je ook specifieke bedreigingen buiten deze categorieën, en dat is prima! Het belangrijkste is dat je inzicht krijgt in de voordelen en tekortkomingen van de middelen die je gebruikt, want vrijwel geen enkel middel beschermt je tegen elke denkbare bedreiging. @@ -140,8 +141,6 @@ Mensen die bezorgd zijn over de dreiging van censuur kunnen technologieën als [ Je moet altijd rekening houden met de risico 's van het proberen om censuur te omzeilen, de mogelijke gevolgen en hoe geavanceerd je tegenstander kan zijn. Je moet voorzichtig zijn met jouw software selectie, en een back-up plan hebben voor het geval je betrapt wordt. ---8<-- "includes/abbreviations.nl.txt" - [^1]: United States Privacy and Civil Liberties Oversight Board: [Rapport over het telefoongegevens programma, uitgevoerd onder Section 215](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^2]: Wikipedia: [Surveillance kapitalisme](https://en.wikipedia.org/wiki/Surveillance_capitalism) [^3]: Wikipedia: [*Surveillancekapitalisme*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/nl/basics/email-security.md b/i18n/nl/basics/email-security.md index 29e5c907..7fbeabe3 100644 --- a/i18n/nl/basics/email-security.md +++ b/i18n/nl/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email beveiliging icon: material/email +description: E-mail is op vele manieren inherent onveilig, en dit zijn enkele van de redenen waarom het niet onze eerste keuze is voor veilige communicatie. --- E-mail is standaard een onveilige vorm van communicatie. Je kunt je e-mailbeveiliging verbeteren met tools als OpenPGP, die end-to-end encryptie toevoegen aan je berichten, maar OpenPGP heeft nog steeds een aantal nadelen in vergelijking met encryptie in andere berichtentoepassingen, en sommige e-mailgegevens kunnen nooit inherent worden versleuteld als gevolg van de manier waarop e-mail is ontworpen. @@ -38,5 +39,3 @@ E-mail metadata wordt beschermd tegen externe waarnemers met [Opportunistic TLS] ### Waarom kan metadata niet E2EE zijn? E-mail metadata is van cruciaal belang voor de meest elementaire functionaliteit van e-mail (waar het vandaan komt, en waar het naartoe moet). E2EE was oorspronkelijk niet in de e-mailprotocollen ingebouwd; in plaats daarvan was extra software zoals OpenPGP nodig. Omdat OpenPGP-berichten nog steeds met traditionele e-mailproviders moeten werken, kan het niet de metagegevens van e-mail versleutelen, alleen de inhoud van het bericht zelf. Dat betekent dat zelfs wanneer OpenPGP wordt gebruikt, externe waarnemers veel informatie over jouw berichten kunnen zien, zoals wie je e-mailt, de onderwerpregels, wanneer je e-mailt, enz. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/basics/multi-factor-authentication.md b/i18n/nl/basics/multi-factor-authentication.md index 98000e06..2795891a 100644 --- a/i18n/nl/basics/multi-factor-authentication.md +++ b/i18n/nl/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multifactor-authenticatie" icon: 'material/two-factor-authentication' +description: MFA is een cruciaal beveiligingsmechanisme voor de beveiliging van jouw online accounts, maar sommige methoden zijn sterker dan andere. --- **Multifactorauthenticatie** is een beveiligingsmechanisme dat extra stappen vereist naast het invoeren van jouw gebruikersnaam (of e-mail) en wachtwoord. De meest gebruikelijke methode zijn codes met tijdsbeperking die je via sms of een app kunt ontvangen. @@ -206,5 +207,3 @@ SSH MFA kan ook worden ingesteld met TOTP. DigitalOcean heeft een tutorial besch ### KeePass (en KeePassXC) KeePass en KeePassXC databases kunnen worden beveiligd met Challenge-Response of HOTP als een tweede-factor authenticatie. Yubico heeft een document beschikbaar gesteld voor KeePass [Uw YubiKey gebruiken met KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) en er is er ook een op de [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/basics/passwords-overview.md b/i18n/nl/basics/passwords-overview.md index 4b98cf02..4665cbbe 100644 --- a/i18n/nl/basics/passwords-overview.md +++ b/i18n/nl/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Inleiding tot wachtwoorden" icon: 'material/form-textbox-password' +description: Dit zijn enkele tips en trucs om de sterkste wachtwoorden te maken en jouw accounts veilig te houden. --- Wachtwoorden zijn een essentieel onderdeel van ons dagelijkse digitale leven. We gebruiken ze om onze accounts, onze apparaten en onze geheimen te beschermen. Hoewel ze vaak het enige zijn tussen ons en een tegenstander die uit is op onze privégegevens, wordt er niet veel aandacht aan besteed, wat er vaak toe leidt dat mensen wachtwoorden gebruiken die gemakkelijk geraden of gebruteforcet kunnen worden. @@ -108,5 +109,3 @@ Er zijn veel goede opties om uit te kiezen, zowel cloud-gebaseerd als lokaal. Ki ### Back-ups Je moet een [gecodeerde](../encryption.md) back-up van jouw wachtwoorden opslaan op meerdere opslagapparaten of een cloud-opslagprovider. Dit kan nuttig zijn als er iets gebeurt met jouw toestel of de dienst die je gebruikt. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/basics/threat-modeling.md b/i18n/nl/basics/threat-modeling.md index b4af4912..a010348c 100644 --- a/i18n/nl/basics/threat-modeling.md +++ b/i18n/nl/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Bedreiging Modellering" icon: 'material/target-account' +description: Een evenwicht vinden tussen veiligheid, privacy en gebruiksvriendelijkheid is een van de eerste en moeilijkste taken die je op jouw privacyreis tegenkomt. --- Een evenwicht vinden tussen veiligheid, privacy en gebruiksvriendelijkheid is een van de eerste en moeilijkste taken die je op jouw privacyreis tegenkomt. Alles is een afweging: hoe veiliger iets is, hoe beperkter of onhandiger het over het algemeen is, enzovoort. Vaak vinden mensen het probleem met de hulpmiddelen die ze aanbevolen zien, dat ze gewoon te moeilijk zijn om te beginnen gebruiken! @@ -107,5 +108,3 @@ Voor mensen die hun privacy en veiligheid online willen vergroten, hebben we een ## Bronnen - [EFF Surveillance Zelfverdediging: Jouw Beveiligingsplan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/basics/vpn-overview.md b/i18n/nl/basics/vpn-overview.md index 9d0ff3b5..baa7229f 100644 --- a/i18n/nl/basics/vpn-overview.md +++ b/i18n/nl/basics/vpn-overview.md @@ -1,6 +1,7 @@ --- title: VPN-overzicht icon: material/vpn +description: Virtual Private Networks verleggen het risico van jouw ISP naar een derde partij die je vertrouwt. Je moet deze dingen in gedachten houden. --- Virtual Private Networks zijn een manier om het einde van jouw netwerk uit te breiden tot een uitgang ergens anders in de wereld. Een ISP kan de stroom van internetverkeer zien dat jouw netwerkaansluitapparaat (d.w.z. modem) binnenkomt en verlaat. @@ -74,5 +75,3 @@ Voor dit soort situaties, of als je een andere dwingende reden hebt, zijn de VPN - [Gratis VPN-app onderzoek](https://www.top10vpn.com/free-vpn-app-investigation/) - [Verborgen VPN-eigenaars onthuld: 101 VPN-producten van slechts 23 bedrijven](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [Dit Chinese bedrijf zit in het geheim achter 24 populaire apps die gevaarlijke toestemmingen zoeken](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/calendar.md b/i18n/nl/calendar.md index f59a03c4..e060fe73 100644 --- a/i18n/nl/calendar.md +++ b/i18n/nl/calendar.md @@ -1,6 +1,7 @@ --- title: "Kalendersynchronisatie" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Kalenders en contactpersonen bevatten enkele van jouw gevoeligste gegevens; gebruik producten die E2EE in rust implementeren om te voorkomen dat een provider ze kan lezen. @@ -67,5 +68,3 @@ Kalenders en contactpersonen bevatten enkele van jouw gevoeligste gegevens; gebr Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte project in deze categorie. Het is mogelijk dat onze aanbevelingen geen of niet alle functies bevatten, maar degene die dat wel doen kunnen hoger gerangschikt worden dan andere op deze pagina. - Moet integreren met native OS agenda en contact management apps indien van toepassing. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/cloud.md b/i18n/nl/cloud.md index bdc0b66a..6d177779 100644 --- a/i18n/nl/cloud.md +++ b/i18n/nl/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud opslag" icon: material/file-cloud +description: Veel aanbieders van cloud-opslag eisen jouw volledige vertrouwen dat zij niet in jouw bestanden zullen kijken. Dit zijn de privé alternatieven! --- Veel aanbieders van cloud-opslag eisen uw volledige vertrouwen dat zij niet in uw bestanden zullen kijken. De onderstaande alternatieven nemen de behoefte aan vertrouwen weg door u de controle over uw gegevens te geven of door E2EE te implementeren. @@ -29,7 +30,6 @@ Als deze alternatieven niet aan uw behoeften voldoen, raden wij u aan te kijken - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -De mobiele clients van Proton Drive werden in december 2022 uitgebracht en zijn nog niet open-source. Proton heeft in het verleden zijn broncode releases uitgesteld tot na de eerste product releases, en [is van plan om](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) de broncode vrij te geven tegen eind 2023. Proton Drive desktop clients zijn nog in ontwikkeling. ## Criteria @@ -58,5 +58,3 @@ Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte pr - Deze clients moeten integreren met native OS tools voor cloud storage providers, zoals Files app integratie op iOS, of DocumentsProvider functionaliteit op Android. - Moet het gemakkelijk delen van bestanden met andere gebruikers ondersteunen. - Moet ten minste een basisfunctionaliteit voor het bekijken en bewerken van bestanden op de webinterface bieden. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/cryptocurrency.md b/i18n/nl/cryptocurrency.md new file mode 100644 index 00000000..8f5b958f --- /dev/null +++ b/i18n/nl/cryptocurrency.md @@ -0,0 +1,58 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Online betalen is een van de grootste uitdagingen voor privacy. Deze cryptocurrencies bieden standaard transactieprivacy (iets wat door de meeste cryptocurrencies **niet** wordt gegarandeerd), mits je goed begrijpt hoe je private betalingen effectief kunt uitvoeren. Wij raden je sterk aan eerst ons overzichtsartikel over betalingen te lezen voordat je aankopen doet: + +[Privébetalingen maken :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger "Gevaar" + + Veel zo niet de meeste cryptocurrency projecten zijn zwendel. Voer transacties zorgvuldig uit met alleen projecten die je vertrouwt. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** gebruikt een blockchain met privacyverbeterende technologieën die transacties versluieren om anonimiteit te bereiken. Elke Monero-transactie verbergt het transactiebedrag, het verzenden en ontvangen van adressen en de bron van fondsen zonder hoepels om doorheen te springen, waardoor het een ideale keuze is voor beginners met cryptocurrency. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +Met Monero kunnen externe waarnemers geen adressen ontcijferen die handelen in Monero, transactiebedragen, adresbalansen of transactiegeschiedenissen. + +Voor optimale privacy, zorg ervoor dat je een noncustodial wallet gebruikt waar de view key op het apparaat blijft. Dit betekent dat alleen jij je geld kunt uitgeven en de inkomende en uitgaande transacties kunt zien. Als je een custodial wallet gebruikt, kan de provider **alles zien wat** je doet; als je een "lichtgewicht" wallet gebruikt waarbij de provider jouw privé view key bewaard, kan de provider bijna alles zien wat u doet. Sommige niet-custodiale wallets omvatten: + +- [Officiële Monero-client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet ondersteunt meerdere cryptocurrencies. Een Monero-only versie van Cake Wallet is beschikbaar op [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +Voor maximale privacy (zelfs met een niet-custodiale wallet) moet je jouw eigen Monero-knooppunt beheren. Als je een knooppunt van een ander gebruikt, krijgt hij enige informatie, zoals het IP-adres van waaruit je verbinding maakt, de tijdstempels waarmee je jouw portemonnee synchroniseert, en de transacties die je vanuit jouw portemonnee verstuurt (maar geen andere details over die transacties). Als alternatief kun je via Tor of i2p verbinding maken met het Monero-knooppunt van iemand anders. + +In augustus 2021 kondigde CipherTrace [](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) verbeterde Monero-tracing-mogelijkheden aan voor overheidsinstanties. Uit openbare berichten blijkt dat het Financial Crimes Enforcement Network van het Amerikaanse ministerie van Financiën [eind 2022 een licentie heeft verleend aan](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module". + +De privacy van de Monero-transactiegrafiek wordt beperkt door de relatief kleine ringhandtekeningen, vooral tegen gerichte aanvallen. De privacyfuncties van Monero zijn ook + +in twijfel getrokken door sommige beveiligingsonderzoekers, en in het verleden zijn een aantal ernstige kwetsbaarheden gevonden en gepatcht, dus de beweringen van organisaties als CipherTrace zijn niet uitgesloten. Hoewel het onwaarschijnlijk is dat er voor Monero massa surveillance instrumenten bestaan zoals voor Bitcoin en andere, is het zeker dat opsporingstools helpen bij gerichte onderzoeken.

    + +Uiteindelijk is Monero de sterkste mededinger voor een privacyvriendelijke cryptocurrency, maar zijn privacyclaims zijn **niet** definitief bewezen. Er is meer tijd en onderzoek nodig om te beoordelen of Monero weerbaar genoeg is tegen aanvallen om altijd voldoende privacy te bieden. + + + +## Criteria + +**Wij zijn niet verbonden aan de projecten die wij aanbevelen.** Naast [onze standaardcriteria](about/criteria.md)hebben wij een duidelijke reeks eisen ontwikkeld om objectieve aanbevelingen te kunnen doen. Wij stellen voor dat je zich vertrouwd maakt met deze lijst voordat je een project kiest, en jouw eigen onderzoek uitvoert om er zeker van te zijn dat het de juiste keuze voor je is. + +!!! example "Deze sectie is nieuw" + + We werken aan het vaststellen van gedefinieerde criteria voor elk deel van onze site, en dit kan onderhevig zijn aan verandering. Als je vragen hebt over onze criteria, stel ze dan [op ons forum](https://discuss.privacyguides.net/latest) en neem niet aan dat we iets niet in overweging hebben genomen bij het opstellen van onze aanbevelingen als het hier niet vermeld staat. Er zijn veel factoren die worden overwogen en besproken wanneer wij een project aanbevelen, en het documenteren van elke factor is een werk in uitvoering. + + +- Cryptocurrency moet standaard private/ontraceerbare transacties bieden. diff --git a/i18n/nl/data-redaction.md b/i18n/nl/data-redaction.md index 8ba8764f..803621e9 100644 --- a/i18n/nl/data-redaction.md +++ b/i18n/nl/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Redactie van gegevens en metagegevens" icon: material/tag-remove +description: Gebruik deze hulpmiddelen om metadata zoals GPS-locatie en andere identificerende informatie te verwijderen uit foto's en bestanden die je deelt. --- Wanneer je bestanden deelt, is het belangrijk om de bijbehorende metadata te verwijderen. Beeldbestanden bevatten gewoonlijk [Exif](https://en.wikipedia.org/wiki/Exif) gegevens. Foto's bevatten soms zelfs GPS-coördinaten in de metagegevens van het bestand. @@ -142,5 +143,3 @@ De app biedt meerdere manieren om metadata uit afbeeldingen te wissen. Namelijk: - Apps ontwikkeld voor open-source besturingssystemen moeten open-source zijn. - Apps moeten gratis zijn en mogen geen advertenties of andere beperkingen bevatten. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/desktop-browsers.md b/i18n/nl/desktop-browsers.md index 22534cb1..b807d7d4 100644 --- a/i18n/nl/desktop-browsers.md +++ b/i18n/nl/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox en Brave zijn onze aanbevelingen voor standaard/niet-anoniem browsen. --- Dit zijn momenteel onze aanbevolen mobiele webbrowsers en configuraties. In het algemeen raden we aan om extensies tot een minimum te beperken: ze hebben geprivilegieerde toegang binnen jouw browser, vereisen dat je de ontwikkelaar vertrouwt, kunnen je [doen opvallen](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), en [verzwakken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-Uchnm34/m/lDaXwQhzBAAJ) site-isolatie. In het algemeen raden wij aan jouw browserextensies tot een minimum te beperken; ze hebben bevoorrechte toegang binnen jouw browser, vereisen dat je de ontwikkelaar vertrouwt, kunnen je [doen opvallen](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), en [verzwakt](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) de site-isolatie. @@ -259,6 +260,4 @@ Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte pr - Mag geen ingebouwde browser- of OS-functionaliteit repliceren. - Moet rechtstreeks van invloed zijn op de privacy van de gebruiker, d.w.z. mag niet gewoon informatie verstrekken. ---8<-- "includes/abbreviations.nl.txt" - [^1]: De implementatie van Brave wordt gedetailleerd beschreven op [Brave Privacy Updates: Partitionering van netwerkstatus voor privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/nl/desktop.md b/i18n/nl/desktop.md index da215503..00baa502 100644 --- a/i18n/nl/desktop.md +++ b/i18n/nl/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux-distributies worden algemeen aanbevolen voor privacybescherming en softwarevrijheid. --- Linux-distributies worden algemeen aanbevolen voor privacybescherming en softwarevrijheid. Als je nog geen Linux gebruikt, zijn hieronder enkele distributies die we aanraden om uit te proberen, evenals enkele algemene tips om je privacy en veiligheid te verbeteren die op veel Linux-distributies van toepassing zijn. @@ -178,5 +179,3 @@ Onze aanbevolen besturingssystemen: - Moet tijdens de installatie volledige schijfversleuteling ondersteunen. - Mag regelmatige releases niet langer dan 1 jaar bevriezen. Wij [raden](os/linux-overview.md#release-cycle) "Long Term Support" of "stabiele" distro-uitgaven niet aan voor desktopgebruik. - Moet een grote verscheidenheid aan hardware ondersteunen. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/dns.md b/i18n/nl/dns.md index 332947b8..7a739207 100644 --- a/i18n/nl/dns.md +++ b/i18n/nl/dns.md @@ -1,13 +1,12 @@ --- title: "DNS-resolvers" icon: material/dns +description: Dit zijn enkele versleutelde DNS-providers die wij aanbevelen, ter vervanging van de standaardconfiguratie van jouw ISP. --- -!!! question "Moet ik versleutelde DNS gebruiken?" +Versleutelde DNS met servers van derden zou alleen moeten worden gebruikt om simpele [DNS-blokkering](https://en.wikipedia.org/wiki/DNS_blocking) te omzeilen en als je er zeker van bent dat er geen gevolgen zullen zijn. Versleutelde DNS zal je niet helpen jouw surfactiviteiten te verbergen. - Versleutelde DNS met servers van derden zou alleen moeten worden gebruikt om simpele [DNS-blokkering](https://en.wikipedia.org/wiki/DNS_blocking) te omzeilen als u er zeker van kunt zijn dat er geen gevolgen zullen zijn. Versleutelde DNS zal je niet helpen jouw surfactiviteiten te verbergen. - - [Leer meer over DNS](advanced/dns-overview.md){ .md-button } +[Meer informatie over DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Aanbevolen Providers @@ -132,8 +131,6 @@ Een zelf gehoste DNS-oplossing is handig voor het bieden van filtering op gecont [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Broncode" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Bijdrage leveren } ---8<-- "includes/abbreviations.nl.txt" - [^1]: AdGuard slaat geaggregeerde prestatiecijfers van hun DNS-servers op, namelijk het aantal volledige verzoeken aan een bepaalde server, het aantal geblokkeerde verzoeken, en de snelheid waarmee verzoeken worden verwerkt. Zij houden ook de database bij van domeinen die in de laatste 24 uur zijn aangevraagd. "We hebben deze informatie nodig om nieuwe trackers en bedreigingen te identificeren en te blokkeren." "We houden ook bij hoe vaak deze of gene tracker geblokkeerd is. We hebben deze informatie nodig om verouderde regels uit onze filters te verwijderen." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare verzamelt en bewaart alleen de beperkte DNS-querygegevens die naar de 1.1.1.1 resolver worden gestuurd. De 1.1.1.1 resolver dienst logt geen persoonsgegevens, en het grootste deel van de beperkte niet-persoonlijk identificeerbare query-gegevens wordt slechts 25 uur bewaard. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D logt alleen voor Premium resolvers met aangepaste DNS-profielen. Gratis resolvers loggen geen gegevens. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/nl/email-clients.md b/i18n/nl/email-clients.md index 5ba3959f..c273aae5 100644 --- a/i18n/nl/email-clients.md +++ b/i18n/nl/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email clients" icon: material/email-open +description: Deze e-mailclients respecteren de privacy en ondersteunen OpenPGP e-mail versleuteling. --- Onze aanbevelingslijst bevat e-mailcliënten die zowel [OpenPGP](encryption.md#openpgp) als sterke authenticatie ondersteunen, zoals [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). Met OAuth kunt u [Multi-Factor Authentication](basics/multi-factor-authentication.md) gebruiken en accountdiefstal voorkomen. @@ -235,5 +236,3 @@ Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte pr - Verzamelt standaard geen telemetrie. - Moet OpenPGP native ondersteunen, dat wil zeggen zonder extensies. - Moet ondersteuning bieden voor het lokaal opslaan van OpenPGP-versleutelde e-mails. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/email.md b/i18n/nl/email.md index be78812f..6104e593 100644 --- a/i18n/nl/email.md +++ b/i18n/nl/email.md @@ -1,6 +1,7 @@ --- title: "Email Diensten" icon: material/email +description: Deze e-mailproviders bieden een uitstekende plaats om jouw e-mails veilig op te slaan, en vele bieden interoperabele OpenPGP versleuteling met andere providers. --- E-mail is bijna een noodzaak voor het gebruik van elke online dienst, maar wij raden het niet aan voor gesprekken van persoon tot persoon. In plaats van e-mail te gebruiken om andere mensen te contacteren, kunt u overwegen een instant messaging medium te gebruiken dat forward secrecy ondersteunt. @@ -9,15 +10,27 @@ E-mail is bijna een noodzaak voor het gebruik van elke online dienst, maar wij r Voor al het andere raden wij verschillende e-mailproviders aan op basis van duurzame bedrijfsmodellen en ingebouwde beveiligings- en privacyfuncties. +- [OpenPGP-compatibele e-mailproviders :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Andere versleutelde aanbieders :material-arrow-right-drop-circle:](#more-providers) +- [E-mail Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Zelf-gehoste opties :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP compatibele diensten -Deze providers ondersteunen native OpenPGP-encryptie/decryptie, waardoor provider-agnostische E2EE-e-mails mogelijk zijn. Een Proton Mail-gebruiker zou bijvoorbeeld een E2EE-bericht kunnen sturen naar een Mailbox.org-gebruiker, of je zou OpenPGP-versleutelde meldingen kunnen ontvangen van internetdiensten die dit ondersteunen. +Deze providers ondersteunen standaard OpenPGP-encryptie/decryptie en het Web Key Directory (WKD) -standaard, waardoor provider-agnostische E2EE-e-mails mogelijk zijn. Een Proton Mail-gebruiker zou bijvoorbeeld een E2EE-bericht kunnen sturen naar een Mailbox.org-gebruiker, of je zou OpenPGP-versleutelde meldingen kunnen ontvangen van internetdiensten die dit ondersteunen. + +
    + +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
    !!! warning "Waarschuwing" Wanneer gebruik wordt gemaakt van E2EE-technologie zoals OpenPGP, zullen e-mailberichten nog steeds metagegevens bevatten die niet zijn versleuteld in de header van het e-mailbericht. Lees meer over [e-mail metadata](basics/email-security.md#email-metadata-overview). - OpenPGP ondersteunt ook geen Forward secrecy, wat betekent dat als uw of de geadresseerde's privésleutel ooit wordt gestolen, alle eerdere berichten die ermee zijn versleuteld, openbaar worden. [Hoe bescherm ik mijn privésleutels?](basics/email-security.md#how-do-i-protect-my-private-keys) + OpenPGP ondersteunt ook geen forward secrecy, wat betekent dat als uw of de geadresseerde's privésleutel ooit wordt gestolen, alle eerdere berichten die ermee zijn versleuteld, openbaar worden. [Hoe bescherm ik mijn privésleutels?](basics/email-security.md#how-do-i-protect-my-private-keys) ### Proton Mail @@ -49,41 +62,41 @@ Als je Proton Unlimited, Business of Visionary hebt, krijg je ook [SimpleLogin]( Proton Mail heeft interne crash rapporten die ze **niet** delen met derden. Dit kan worden uitgeschakeld in: **Instellingen** > **Ga naar Instellingen** > **Account** > **Beveiliging en privacy** > **Crashmeldingen versturen**. -??? success "Aangepaste domeinen en aliassen" +#### :material-check:{ .pg-green } Aangepaste domeinen en aliassen - Betalende Proton Mail-abonnees kunnen hun eigen domein bij de dienst gebruiken of een [catch-all](https://proton.me/support/catch-all) adres. Proton Mail ondersteunt ook [subaddressing](https://proton.me/support/creating-aliases), wat handig is voor mensen die geen domein willen kopen. +Betaalde Proton Mail abonnees kunnen hun eigen domein met de dienst gebruiken of een [catch-all](https://proton.me/support/catch-all) adres. Proton Mail ondersteunt ook [subadressering](https://proton.me/support/creating-aliases), wat handig is voor mensen die geen domein willen kopen. -??? success "Privé betaalmethoden" +#### :material-check:{ .pg-green } Privé betaalmethodes - Proton Mail [accepteerd](https://proton.me/support/payment-options) Bitcoin en contant geld per post naast de standaard credit/debetkaart en PayPal-betalingen. +Proton Mail [accepteert](https://proton.me/support/payment-options) contant geld per post, naast standaard creditcard/debetkaart, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), en PayPal-betalingen. -??? success "Account beveiliging" +#### :material-check:{ .pg-green } Accountbeveiliging - Proton Mail ondersteunt alleen TOTP [tweefactorauthenticatie](https://proton.me/support/two-factor-authentication-2fa). Het gebruik van een U2F beveiligingssleutel wordt nog niet ondersteund. Proton Mail is van plan U2F te implementeren na voltooiing van hun [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail ondersteunt alleen TOTP [twee factor authenticatie](https://proton.me/support/two-factor-authentication-2fa). Het gebruik van een U2F beveiligingssleutel wordt nog niet ondersteund. Proton Mail is van plan U2F te implementeren na voltooiing van hun \[Single Sign On (SSO)\](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Gegevens beveiliging" +#### :material-check:{ .pg-green } Gegevensbeveiliging - Proton Mail heeft [zero-access encryption](https://proton.me/blog/zero-access-encryption) in rust voor jouw e-mails en [calendars](https://proton.me/news/protoncalendar-security-model). Gegevens die zijn beveiligd met zero-access encryptie zijn alleen voor jouw toegankelijk. - - Bepaalde in [Proton Contacts](https://proton.me/support/proton-contacts) opgeslagen informatie, zoals namen en e-mailadressen, zijn niet beveiligd met zero access encryptie. Contact velden die zero-access encryptie ondersteunen, zoals telefoonnummers, worden aangegeven met een hangslot pictogram. +Proton Mail heeft [zero-access encryptie](https://proton.me/blog/zero-access-encryption) in rust voor jouw e-mails en [agenda's](https://proton.me/news/protoncalendar-security-model). Gegevens die zijn beveiligd met zero-access encryptie zijn alleen voor jouw toegankelijk. -??? success "Email Encryptiie" +Bepaalde in \[Proton Contacts\](https://proton.me/support/proton-contacts) opgeslagen informatie, zoals namen en e-mailadressen, zijn niet beveiligd met zero access encryptie. Contact velden die zero-access encryptie ondersteunen, zoals telefoonnummers, worden aangegeven met een hangslot pictogram. - Proton Mail heeft [geïntegreerde OpenPGP-encryptie](https://proton.me/support/how-to-use-pgp) in hun webmail. E-mails naar andere Proton Mail-accounts worden automatisch versleuteld, en versleuteling naar niet-Proton Mail-adressen met een OpenPGP-sleutel kan eenvoudig worden ingeschakeld in jouw accountinstellingen. Zij laten u ook toe [berichten te coderen naar niet-Proton Mail adressen](https://proton.me/support/password-protected-emails) zonder dat zij zich moeten aanmelden voor een Proton Mail account of software zoals OpenPGP moeten gebruiken. - - Proton Mail ondersteunt ook de ontdekking van openbare sleutels via HTTP vanuit hun [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Hierdoor kunnen mensen die geen Proton Mail gebruiken de OpenPGP sleutels van Proton Mail accounts gemakkelijk vinden, voor cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryptie -??? warning "Digitale erfgoed" +Proton Mail heeft [OpenPGP encryptie](https://proton.me/support/how-to-use-pgp) geïntegreerd in hun webmail. E-mails naar andere Proton Mail-accounts worden automatisch versleuteld, en versleuteling naar niet-Proton Mail-adressen met een OpenPGP-sleutel kan eenvoudig worden ingeschakeld in jouw accountinstellingen. U kunt hiermee ook [berichten versleutelen naar niet-Proton Mail adressen](https://proton.me/support/password-protected-emails) zonder dat zij zich hoeven aan te melden voor een Proton Mail account of software zoals OpenPGP hoeven te gebruiken. - Proton Mail biedt geen digitale erfenisfunctie. +Proton Mail ondersteunt ook de ontdekking van openbare sleutels via HTTP van hun [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Hierdoor kunnen mensen die geen Proton Mail gebruiken de OpenPGP sleutels van Proton Mail accounts gemakkelijk vinden, voor cross-provider E2EE. -??? info "Account beëindiging" +#### :material-alert-outline:{ .pg-orange } Digitale erfenis - Als je een betaalde account hebt en je [rekening is onbetaald](https://proton.me/support/delinquency) na 14 dagen, krijg je geen toegang tot je gegevens. Na 30 dagen wordt uw account delinquent en ontvangt u geen inkomende e-mail. Tijdens deze periode wordt u nog steeds gefactureerd. +Proton Mail biedt geen digitale erfenisfunctie. -??? info "Aanvullende Functionaliteit" +#### :material-information-outline:{ .pg-blue } Beëindiging van account - Proton Mail biedt een "Unlimited" account voor €9,99/maand, die ook toegang geeft tot Proton VPN, naast meerdere accounts, domeinen, aliassen en 500GB opslagruimte. +Als je een betaalde account hebt en je \[rekening is onbetaald\](https://proton.me/support/delinquency) na 14 dagen, krijg je geen toegang tot je gegevens. Na 30 dagen wordt uw account delinquent en ontvangt u geen inkomende e-mail. Tijdens deze periode wordt u nog steeds gefactureerd. + +#### :material-information-outline:{ .pg-blue } Extra functionaliteit + +Proton Mail biedt een "Unlimited" account voor €9,99/maand, die ook toegang geeft tot Proton VPN, naast meerdere accounts, domeinen, aliassen en 500GB opslagruimte. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail heeft interne crash rapporten die ze **niet** delen met derden. Dit - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Aangepaste domeinen en aliassen" +#### :material-check:{ .pg-green } Aangepaste domeinen en aliassen - Mailbox.org staat je toe jouw eigen domein te gebruiken, en zij ondersteunen [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) adressen. Mailbox.org ondersteunt ook [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), wat handig is als je geen domein wilt kopen. +Mailbox.org laat je je eigen domein gebruiken en ze ondersteunen [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) adressen. Mailbox.org ondersteunt ook [subadressering](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), wat handig is als je geen domein wilt kopen. -??? info "Privé betaalmethoden" +#### :material-check:{ .pg-green } Privé betaalmethodes - Mailbox.org accepteert geen Bitcoin of andere cryptocurrencies als gevolg van het feit dat hun betalingsverwerker BitPay zijn activiteiten in Duitsland heeft opgeschort. Zij aanvaarden echter wel Contant geld per post, contante betaling op bankrekening, bankoverschrijving, kredietkaart, PayPal en een paar Duits-specifieke verwerkers: paydirekt en Sofortüberweisung. +Mailbox.org accepteert geen Bitcoin of andere cryptocurrencies als gevolg van het feit dat hun betalingsverwerker BitPay zijn activiteiten in Duitsland heeft opgeschort. Zij aanvaarden echter wel Contant geld per post, contante betaling op bankrekening, bankoverschrijving, kredietkaart, PayPal en een paar Duits-specifieke verwerkers: paydirekt en Sofortüberweisung. -??? success "Account beveiliging" +#### :material-check:{ .pg-green } Accountbeveiliging - Mailbox.org ondersteunt [tweefactorauthenticatie](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) alleen voor hun webmail. U kunt zowel TOTP als een [Yubikey](https://en.wikipedia.org/wiki/YubiKey) gebruiken via de [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Webstandaarden zoals [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) worden nog niet ondersteund. +Mailbox.org ondersteunt [twee-factor authenticatie](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) alleen voor hun webmail. Je kunt TOTP of een [Yubikey](https://en.wikipedia.org/wiki/YubiKey) gebruiken via de [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Webstandaarden zoals [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) worden nog niet ondersteund. -??? info "Gegevens beveiliging" +#### :material-information-outline:{ .pg-blue } Gegevensbeveiliging - Mailbox.org maakt versleuteling van inkomende mail mogelijk door gebruik te maken van hun [versleutelde mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). Nieuwe berichten die je ontvangt, worden dan onmiddellijk versleuteld met jouw openbare sleutel. - - [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), het softwareplatform dat door Mailbox.org wordt gebruikt, [ondersteunt echter niet](https://kb.mailbox.org/display/BMBOKBEN/Encryption+van+kalender+en+adres+boek) de encryptie van jouw adresboek en agenda. Een [standalone optie](calendar.md) is misschien meer geschikt voor die informatie. +Mailbox.org maakt encryptie van inkomende mail mogelijk met behulp van hun [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). Nieuwe berichten die je ontvangt, worden dan onmiddellijk versleuteld met jouw openbare sleutel. -??? success "Email Encryptiie" +Echter, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), het softwareplatform dat wordt gebruikt door Mailbox.org, [ondersteunt niet](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) de versleuteling van jouw adresboek en agenda. Een [zelfstandige optie](calendar.md) kan geschikter zijn voor die informatie. - Mailbox.org heeft [geïntegreerde encryptie](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in hun webmail, wat het verzenden van berichten naar mensen met openbare OpenPGP-sleutels vereenvoudigt. Zij staan ook [ontvangers op afstand toe een e-mail te ontsleutelen](https://kb.mailbox.org/display/MBOKBEN/My+ontvanger+gebruikt+geen+PGP) op de servers van Mailbox.org. Deze functie is nuttig wanneer de ontvanger op afstand geen OpenPGP heeft en geen kopie van de e-mail in zijn eigen mailbox kan ontsleutelen. - - Mailbox.org ondersteunt ook de ontdekking van openbare sleutels via HTTP vanuit hun [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Hierdoor kunnen mensen buiten Mailbox.org gemakkelijk de OpenPGP sleutels van Mailbox.org accounts vinden, voor cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryptie -??? success "Digitale erfgoed" +Mailbox.org heeft [geïntegreerde encryptie](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in hun webmail, wat het verzenden van berichten naar mensen met openbare OpenPGP-sleutels vereenvoudigt. Ze staan ook [externe ontvangers toe om een e-mail](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) op de servers van Mailbox.org te ontsleutelen. Deze functie is nuttig wanneer de ontvanger op afstand geen OpenPGP heeft en geen kopie van de e-mail in zijn eigen mailbox kan ontsleutelen. - Mailbox.org heeft een digitale erfenis voor alle plannen. Je kunt kiezen of je wilt dat jouw gegevens worden doorgegeven aan jouw erfgenamen, mits zij een aanvraag indienen en jouw testament overleggen. Je kunt ook een persoon nomineren met naam en adres. +Mailbox.org ondersteunt ook de ontdekking van publieke sleutels via HTTP vanuit hun [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). Hierdoor kunnen mensen buiten Mailbox.org gemakkelijk de OpenPGP sleutels van Mailbox.org accounts vinden, voor cross-provider E2EE. -??? info "Account beëindiging" +#### :material-check:{ .pg-green } Digitale erfenis - Jouw account zal worden ingesteld op een beperkte gebruikersaccount wanneer jouw contract eindigt, na [30 dagen zal het onherroepelijk worden verwijderd](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org heeft een digitale erfenis voor alle plannen. Je kunt kiezen of je wilt dat jouw gegevens worden doorgegeven aan jouw erfgenamen, mits zij een aanvraag indienen en jouw testament overleggen. Je kunt ook een persoon nomineren met naam en adres. -??? info "Aanvullende Functionaliteit" +#### :material-information-outline:{ .pg-blue } Beëindiging van account - Je kunt toegang krijgen tot jouw Mailbox.org account via IMAP/SMTP door gebruik te maken van hun [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+van+mailbox.org). Hun webmailinterface is echter niet toegankelijk via hun .onion dienst en je kunt TLS-certificaatfouten ondervinden. - - Alle accounts worden geleverd met beperkte cloudopslag die [kan worden versleuteld](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org biedt ook de alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), die de TLS-encryptie afdwingt op de verbinding tussen mailservers, anders wordt het bericht helemaal niet verzonden. Mailbox.org ondersteunt ook [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync), naast standaard toegangsprotocollen zoals IMAP en POP3. +Je account wordt ingesteld op een beperkt gebruikersaccount zodra je contract is beëindigd, na [30 dagen wordt deze onherroepelijk verwijderd](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Beëindiging van account + +Je hebt toegang tot jouw Mailbox.org account via IMAP/SMTP met behulp van hun [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). Hun webmailinterface is echter niet toegankelijk via hun .onion dienst en je kunt TLS-certificaatfouten ondervinden. + +Alle accounts worden geleverd met beperkte cloud-opslag die [kan worden versleuteld](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org biedt ook de alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), die de TLS-versleuteling op de verbinding tussen mailservers afdwingt, anders wordt het bericht helemaal niet verzonden. Mailbox.org ondersteunt ook [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) naast standaard toegangs protocollen zoals IMAP en POP3. + +## Meer providers + +Deze providers slaan jouw e-mails op met zero-knowledge encryptie, waardoor ze geweldige opties zijn om jouw opgeslagen e-mails veilig te houden. Zij ondersteunen echter geen interoperabele versleutelingsnormen voor E2EE-communicatie tussen aanbieders. + +
    + +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
    ### StartMail @@ -156,43 +180,39 @@ Proton Mail heeft interne crash rapporten die ze **niet** delen met derden. Dit - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Aangepaste domeinen en aliassen" +#### :material-check:{ .pg-green } Aangepaste domeinen en aliassen - Persoonlijke accounts kunnen [Custom of Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliassen gebruiken. [Eigen domeinen](https://support.startmail.com/hc/nl-nl/articles/4403911432209-Setup-a-custom-domain) zijn ook beschikbaar. +Persoonlijke accounts kunnen [aangepaste of Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliassen gebruiken. [Aangepaste domeinen](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) zijn ook beschikbaar. -??? warning "Privé betaalmethoden" +#### :material-alert-outline:{ .pg-orange } Privé betaalmethodes - StartMail accepteert Visa, MasterCard, American Express en Paypal. StartMail heeft ook andere [betalingsopties](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) zoals Bitcoin (momenteel alleen voor Persoonlijke accounts) en SEPA Direct Debit voor accounts ouder dan een jaar. +StartMail accepteert Visa, MasterCard, American Express en Paypal. StartMail heeft ook andere [betalingsopties](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) zoals [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (momenteel alleen voor Persoonlijke accounts) en SEPA Direct Debit voor accounts ouder dan een jaar. -??? success "Account beveiliging" +#### :material-check:{ .pg-green } Accountbeveiliging - StartMail ondersteunt TOTP tweefactorauthenticatie [alleen voor webmail](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). Zij staan geen U2F-authenticatie met beveiligingssleutel toe. +StartMail ondersteunt TOTP tweefactorauthenticatie [alleen voor webmail](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). Zij staan geen U2F-authenticatie met beveiligingssleutel toe. -??? info "Gegevens beveiliging" +#### :material-information-outline:{ .pg-blue } Gegevensbeveiliging - StartMail heeft [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), met behulp van hun "user vault" systeem. Wanneer je inlogt, wordt de kluis geopend, en de e-mail wordt dan uit de wachtrij naar de kluis verplaatst, waar hij wordt ontsleuteld met de bijbehorende privésleutel. - - StartMail ondersteunt het importeren van [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts), maar deze zijn alleen toegankelijk in de webmail en niet via protocollen zoals [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacten worden ook niet opgeslagen met behulp van zero knowledge encryptie. +StartMail heeft [zero access encryptie bij rust](https://www.startmail.com/en/whitepaper/#_Toc458527835), met behulp van hun "user vault" systeem. Wanneer je inlogt, wordt de kluis geopend, en de e-mail wordt dan uit de wachtrij naar de kluis verplaatst, waar hij wordt ontsleuteld met de bijbehorende privésleutel. -??? success "Email Encryptiie" +StartMail ondersteunt het importeren van [contacten](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) echter, ze zijn alleen toegankelijk in de webmail en niet via protocollen zoals [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacten worden ook niet opgeslagen met behulp van zero knowledge encryptie. - StartMail heeft [geïntegreerde encryptie](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in hun webmail, wat het verzenden van versleutelde berichten met openbare OpenPGP-sleutels vergemakkelijkt. +#### :material-check:{ .pg-green } Email Encryptie -??? warning "Digitale erfgoed" +StartMail heeft [encryptie](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) geïntegreerd in hun webmail, wat het versturen van versleutelde berichten met openbare OpenPGP-sleutels vereenvoudigt. Ze ondersteunen echter niet de Web Key Directory-standaard, waardoor de ontdekking van de openbare sleutel van een Startmail-postvak uitdagender wordt voor andere e-mailproviders of -clients. - StartMail biedt geen digitale erfenisfunctie. +#### :material-alert-outline:{ .pg-orange } Digitale erfenis -??? info "Account beëindiging" +StartMail biedt geen digitale erfenisfunctie. - Bij afloop van de account zal StartMail jouw account definitief verwijderen na [6 maanden in 3 fasen](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Beëindiging van account -??? info "Aanvullende Functionaliteit" +Bij afloop van jouw account, zal StartMail jouw account definitief verwijderen na [6 maanden in 3 fasen](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail maakt proxying van afbeeldingen in e-mails mogelijk. Als je toestaat dat het beeld op afstand wordt geladen, weet de verzender niet wat jouw IP-adres is. +#### :material-information-outline:{ .pg-blue } extra functionaliteit -## Meer providers - -Deze providers slaan jouw e-mails op met zero-knowledge encryptie, waardoor ze geweldige opties zijn om jouw opgeslagen e-mails veilig te houden. Zij ondersteunen echter geen interoperabele versleutelingsnormen voor E2EE-communicatie tussen aanbieders. +StartMail maakt proxying van afbeeldingen in e-mails mogelijk. Als je toestaat dat het beeld op afstand wordt geladen, weet de verzender niet wat jouw IP-adres is. ### Tutanota @@ -220,44 +240,51 @@ Deze providers slaan jouw e-mails op met zero-knowledge encryptie, waardoor ze g Tutanota ondersteunt het [IMAP protocol](https://tutanota.com/faq/#imap) em het gebruik van e-mailclients van derden niet[](email-clients.md), en je zult ook niet in staat zijn om [externe e-mailaccounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) toe te voegen aan de Tutanota app. Beide [E-mail import](https://github.com/tutao/tutanota/issues/630) of [submappen](https://github.com/tutao/tutanota/issues/927) worden momenteel ondersteund, hoewel dit binnenkort [zal worden gewijzigd](https://tutanota.com/blog/posts/kickoff-import). E-mails kunnen [individueel of per bulk selectie](https://tutanota.com/howto#generalMail) per map worden geëxporteerd, wat onhandig kan zijn als je veel mappen hebt. -??? success "Aangepaste domeinen en aliassen" +#### :material-check:{ .pg-green } Aangepaste domeinen en aliassen - Betaalde Tutanota accounts kunnen tot 5 [aliases](https://tutanota.com/faq#alias) en [aangepaste domeinen](https://tutanota.com/faq#custom-domain) gebruiken. Tutanota staat geen [subadressering (plus adressen)](https://tutanota.com/faq#plus) toe, maar je kunt een [catch-all](https://tutanota.com/howto#settings-global) gebruiken met een aangepast domein. +Betaalde Tutanota accounts kunnen tot 5 [aliassen gebruiken](https://tutanota.com/faq#alias) en [aangepaste domeinen](https://tutanota.com/faq#custom-domain). Tutanota staat geen [subadressering (plus adressen)](https://tutanota.com/faq#plus)toe, maar je kunt een [catch-all](https://tutanota.com/howto#settings-global) gebruiken met een aangepast domein. -??? warning "Privé betaalmethoden" +#### :material-information-outline:{ .pg-blue } Privé betaalmethodes - Tutanota accepteert alleen rechtstreeks creditcards en PayPal, maar Bitcoin en Monero kunnen worden gebruikt om cadeaubonnen te kopen via hun [partnership](https://tutanota.com/faq/#cryptocurrency) met Proxystore. +Tutanota accepteert alleen rechtstreeks creditcards en PayPal, maar Bitcoin en Monero kunnen worden gebruikt om cadeaubonnen te kopen via hun [partnerschap](https://tutanota.com/faq/#cryptocurrency) met Proxystore. -??? success "Account beveiliging" +#### :material-check:{ .pg-green } Accountbeveiliging - Tutanota ondersteunt [twee factor authenticatie](https://tutanota.com/faq#2fa) met TOTP of U2F. +Tutanota ondersteunt [twee-factor authenticatie](https://tutanota.com/faq#2fa) met TOTP of U2F. -??? success "Gegevens beveiliging" +#### :material-check:{ .pg-green } Gegevensbeveiliging - Tutanota heeft [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) voor jouw emails, [adresboek contacten](https://tutanota.com/faq#encrypted-address-book), en [calendars](https://tutanota.com/faq#calendar). Dit betekent dat de berichten en andere gegevens die in jouw account zijn opgeslagen, alleen door je kunnen worden gelezen. +Tutanota heeft [zero access encryptie bij rust](https://tutanota.com/faq#what-encrypted) voor jouw e-mails, [adresboek contacten](https://tutanota.com/faq#encrypted-address-book), en [kalenders](https://tutanota.com/faq#calendar). Dit betekent dat de berichten en andere gegevens die in jouw account zijn opgeslagen, alleen door je kunnen worden gelezen. -??? warning "Email Encryptie" +#### :material-information-outline:{ .pg-blue } Email Encryptie - Tutanota [gebruikt geen OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts kunnen alleen versleutelde e-mails ontvangen van niet-Tutanota e-mail accounts wanneer deze worden verzonden via een [tijdelijke Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [maakt geen gebruik van OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota-accounts kunnen alleen versleutelde e-mails ontvangen van niet-Tutanota-e-mailaccounts wanneer ze worden verzonden via een [tijdelijke Tutanota-postvak](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digitale erfgoed" +#### :material-alert-outline:{ .pg-orange } Digitale erfenis - Tutanota biedt geen digitale erfenis functie. +Tutanota biedt geen digitale erfenis functie. -??? info "Account beëindiging" +#### :material-information-outline:{ .pg-blue } Beëindiging van account - Tutanota zal [inactieve gratis accounts verwijderen](https://tutanota.com/faq#inactive-accounts) na zes maanden. Je kunt een gedeactiveerd gratis account opnieuw gebruiken als je betaalt. +Tutanota zal [inactieve gratis accounts](https://tutanota.com/faq#inactive-accounts) verwijderen na zes maanden. Je kunt een gedeactiveerd gratis account opnieuw gebruiken als je betaalt. -??? info "Aanvullende Functionaliteit" +#### :material-information-outline:{ .pg-blue } extra functionaliteit - Tutanota biedt de zakelijke versie van [Tutanota gratis of met zware korting aan organisaties zonder winstoogmerk](https://tutanota.com/blog/posts/secure-email-for-non-profit). - - Tutanota heeft ook een zakelijke functie genaamd [Secure Connect](https://tutanota.com/secure-connect/). Dit zorgt ervoor dat het klantcontact met het bedrijf gebruik maakt van E2EE. De functie kost €240/j. +Tutanota biedt de zakelijke versie van [Tutanota aan non-profitorganisaties](https://tutanota.com/blog/posts/secure-email-for-non-profit) gratis of met een fikse korting. + +Tutanota heeft ook een zakelijke functie genaamd [Secure Connect](https://tutanota.com/secure-connect/). Dit zorgt ervoor dat het klantcontact met het bedrijf gebruik maakt van E2EE. De functie kost €240/j. ## E-mail aliasing diensten Met een e-mail aliasing dienst kun je gemakkelijk een nieuw e-mailadres genereren voor elke website waarvoor je je aanmeldt. De e-mailaliassen die je aanmaakt worden dan doorgestuurd naar een e-mailadres vanjouw keuze, waardoor zowel jouw "hoofd"-e-mailadres als de identiteit van jouw e-mailprovider wordt verborgen. Echte e-mailaliasing is beter dan de door veel providers gebruikte en ondersteunde plus-adressering, waarmee je aliassen kunt maken als jouwnaam+[anythinghere]@voorbeeld.com, omdat websites, adverteerders en traceringsnetwerken triviaal alles na het +-teken kunnen verwijderen om jouw echte e-mailadres te ontdekken. +
    + +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
    + E-mailaliasing kan fungeren als een waarborg voor het geval jouw e-mailprovider ooit ophoudt te werken. In dat scenario kun je jouw aliassen gemakkelijk omleiden naar een nieuw e-mailadres. Op zijn beurt stelt je echter vertrouwen in de aliasingdienst om te blijven functioneren. Het gebruik van een speciale e-mail aliasing dienst heeft ook een aantal voordelen ten opzichte van een catch-all alias op een aangepast domein: @@ -411,7 +438,7 @@ Wij geven er de voorkeur aan dat de door ons aanbevolen aanbieders zo weinig mog **Beste geval:** -- Accepteert Bitcoin, contant geld en andere vormen van cryptocurrency en/of anonieme betalingsopties (cadeaubonnen, enz.) +- Accepteert [anonieme betalingsopties](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), contant geld, cadeaukaarten, etc.) ### Veiligheid @@ -428,10 +455,10 @@ Email servers verwerken veel zeer gevoelige gegevens. We verwachten dat provider - Geldige [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) en [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Geldige [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) en [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Zorg voor een correct [DMARC](https://en.wikipedia.org/wiki/DMARC) record en beleid of gebruik [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) voor verificatie. Als DMARC-authenticatie wordt gebruikt, moet het beleid worden ingesteld op `reject` of `quarantine`. -- Een voorkeur voor een server suite van TLS 1.2 of later en een plan voor [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- Een server suite voorkeur van TLS 1.2 of hoger en een plan voor [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) indiening, ervan uitgaande dat SMTP wordt gebruikt. - Beveiligingsnormen voor websites, zoals: - - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) + - [HTTP Strict Transport Security](https://nl.wikipedia.org/wiki/HTTP_Strict_Transport_Security) - [Subbron Integriteit](https://en.wikipedia.org/wiki/Subresource_Integrity) als dingen van externe domeinen worden geladen. - Moet het bekijken van [Message headers](https://en.wikipedia.org/wiki/Email#Message_header)ondersteunen, aangezien dit een cruciale forensische functie is om te bepalen of een e-mail een phishing-poging is. @@ -443,7 +470,7 @@ Email servers verwerken veel zeer gevoelige gegevens. We verwachten dat provider - Programma's voor bug-bounty's en/of een gecoördineerd proces voor de openbaarmaking van kwetsbaarheden. - Beveiligingsnormen voor websites, zoals: - [Inhoud beveiligingsbeleid (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Verwacht-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Vertrouwen @@ -481,5 +508,3 @@ Mag geen marketing hebben die onverantwoord is: ### Extra functionaliteit Hoewel het geen strikte vereisten zijn, zijn er nog enkele andere factoren met betrekking tot gemak of privacy die wij in aanmerking hebben genomen bij het bepalen van de aan te bevelen providers. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/encryption.md b/i18n/nl/encryption.md index bfd914ed..15c96076 100644 --- a/i18n/nl/encryption.md +++ b/i18n/nl/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryptie Software" icon: material/file-lock +description: Encryptie van gegevens is de enige manier om te controleren wie er toegang toe heeft. Met deze tools kun je jouw e-mails en andere bestanden versleutelen. --- Encryptie van gegevens is de enige manier om te controleren wie er toegang toe heeft. Als je momenteel geen encryptiesoftware gebruikt voor jouw harde schijf, e-mails of bestanden, moet je hier een optie kiezen. @@ -353,5 +354,3 @@ Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte pr - Toepassingen voor versleuteling van het besturingssysteem (FDE) moeten gebruik maken van hardwarebeveiliging zoals een TPM of Secure Enclave. - Bestandsversleutelingsapps moeten ondersteuning van eerste of derde partijen hebben voor mobiele platforms. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/file-sharing.md b/i18n/nl/file-sharing.md index 5f33a9a0..87c0e3f9 100644 --- a/i18n/nl/file-sharing.md +++ b/i18n/nl/file-sharing.md @@ -1,6 +1,7 @@ --- title: "Bestanden delen en synchroniseren" icon: material/share-variant +description: Ontdek hoe je jouw bestanden privé kunt delen tussen jouw apparaten, met jouw vrienden en familie, of anoniem online. --- Ontdek hoe je jouw bestanden privé kunt delen tussen jouw apparaten, met jouw vrienden en familie, of anoniem online. @@ -144,5 +145,3 @@ Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte pr - Heeft mobiele clients voor iOS en Android, die tenminste document previews ondersteunen. - Ondersteunt back-up van foto's van iOS en Android, en ondersteunt optioneel synchronisatie van bestanden/mappen op Android. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/financial-services.md b/i18n/nl/financial-services.md new file mode 100644 index 00000000..8ad93810 --- /dev/null +++ b/i18n/nl/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financiële diensten +icon: material/bank +--- + +Online betalen is een van de grootste uitdagingen voor privacy. Deze diensten kunnen je helpen jouw privacy te beschermen tegen handelaren en andere trackers, op voorwaarde dat je goed weet hoe je privébetalingen doeltreffend kunt verrichten. Wij raden je sterk aan eerst ons overzichtsartikel over betalingen te lezen voordat je aankopen doet: + +[Privébetalingen maken :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Maskerende betalingsdiensten + +Er zijn een aantal diensten die "virtuele debetkaarten" aanbieden die je bij online handelaren kunt gebruiken zonder in de meeste gevallen jouw werkelijke bank- of factureringsgegevens bekend te maken. Het is belangrijk op te merken dat deze financiële diensten **niet** anoniem zijn en onderworpen zijn aan "Know Your Customer" (KYC) wetten en jouw ID of andere identificerende informatie kunnen vereisen. Deze diensten zijn vooral nuttig om je te beschermen tegen inbreuken op gegevens van handelaars, minder gesofisticeerde tracking of aankoopcorrelatie door marketingbureaus, en online gegevensdiefstal; en **niet** om volledig anoniem een aankoop te doen. + +!!! tip "Controleer jouw huidige bank" + + Veel banken en kredietkaartaanbieders bieden hun eigen virtuele kaartfunctionaliteit. Als je er een gebruikt die deze optie al biedt, moet je deze in de meeste gevallen over de volgende aanbevelingen gebruiken. Op die manier vertrouw je niet meerdere partijen met jouw persoonlijke informatie. + +### Privacy.com (VS) + +!!! recommendation + + Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + Met het gratis plan van **Privacy.com** kunt je tot 12 virtuele kaarten per maand aanmaken, uitgavenlimieten op die kaarten instellen en kaarten onmiddellijk uitschakelen. Met hun betaalde plan kunt je tot 36 kaarten per maand aanmaken, 1% cashback krijgen op aankopen en transactiegegevens voor jouw bank verbergen. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacybeleid" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentatie} + +Privacy.com geeft standaard informatie over de handelaren bij wie je koopt door aan jouw bank. Hun betaalde functie "discrete handelaars" verbergt handelaarsinformatie voor jouw bank, zodat jouw bank alleen ziet dat een aankoop werd gedaan bij Privacy.com maar niet waar dat geld werd uitgegeven, maar dat is niet waterdicht, en natuurlijk heeft Privacy.com nog steeds kennis over de handelaars waar je geld uitgeeft. + +### MySudo (VS, Betaald) + +!!! recommendation + + MySudo logo](assets/img/financiële-diensten/mysudo.svg#alleen-licht){ align=right } + MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** biedt tot 9 virtuele kaarten, afhankelijk van het plan dat je koopt. Hun betaalde plannen omvatten bovendien functionaliteit die nuttig kan zijn om privé aankopen te doen, zoals virtuele telefoonnummers en e-mailadressen, hoewel wij gewoonlijk andere [email aliasing providers](email.md) aanbevelen voor uitgebreid e-mail aliasing gebruik. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Wij zijn niet verbonden aan de projecten die wij aanbevelen.** Naast [onze standaardcriteria](about/criteria.md)hebben wij een duidelijke reeks eisen ontwikkeld om objectieve aanbevelingen te kunnen doen. Wij stellen voor dat je zich vertrouwd maakt met deze lijst voordat je een project kiest, en jouw eigen onderzoek uitvoert om er zeker van te zijn dat het de juiste keuze voor je is. + +!!! example "Deze sectie is nieuw" + + We werken aan het vaststellen van gedefinieerde criteria voor elk deel van onze site, en dit kan onderhevig zijn aan verandering. Als je vragen hebt over onze criteria, stel ze dan [op ons forum](https://discuss.privacyguides.net/latest) en neem niet aan dat we iets niet in overweging hebben genomen bij het opstellen van onze aanbevelingen als het hier niet vermeld staat. Er zijn veel factoren die worden overwogen en besproken wanneer wij een project aanbevelen, en het documenteren van elke factor is een werk in uitvoering. + +- Maakt het mogelijk om meerdere kaarten aan te maken die functioneren als een schild tussen de handelaar en jouw persoonlijke financiën. +- Kaarten mogen je niet verplichten de handelaar nauwkeurige informatie over het factuuradres te verstrekken. + +## Marktplaatsen voor cadeaubonnen + +Met deze diensten kunt je online cadeaubonnen kopen voor verschillende handelaren met [cryptocurrency](cryptocurrency.md). Sommige van deze services bieden opties voor ID-verificatie voor hogere limieten, maar ze staan ook accounts toe met alleen een e-mailadres. Basislimieten beginnen bij $ 5.000-10.000 per dag voor basisaccounts en aanzienlijk hogere limieten voor ID geverifieerde accounts (indien aangeboden). + +### Cake Pay + +!!! recommendation + + CakePay logo](assets/img/financiële-diensten/cakepay.svg){ align=right } + + Met **Cake Pay** kunt je cadeaubonnen en aanverwante producten kopen met Monero. Aankopen voor Amerikaanse handelaren zijn beschikbaar in de Cake Wallet mobiele app, terwijl de Cake Pay web app een brede selectie van wereldwijde handelaren bevat. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacybeleid" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentatie} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + ** CoinCards ** (beschikbaar in de VS, Canada en het VK) kunt je cadeaubonnen kopen voor een grote verscheidenheid aan verkopers. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacybeleid" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentatie} + +### Criteria + +**Wij zijn niet verbonden aan de projecten die wij aanbevelen.** Naast [onze standaardcriteria](about/criteria.md)hebben wij een duidelijke reeks eisen ontwikkeld om objectieve aanbevelingen te kunnen doen. Wij stellen voor dat je zich vertrouwd maakt met deze lijst voordat je een project kiest, en jouw eigen onderzoek uitvoert om er zeker van te zijn dat het de juiste keuze voor je is. + +!!! example "Deze sectie is nieuw" + + We werken aan het vaststellen van gedefinieerde criteria voor elk deel van onze site, en dit kan onderhevig zijn aan verandering. Als je vragen hebt over onze criteria, stel ze dan [op ons forum](https://discuss.privacyguides.net/latest) en neem niet aan dat we iets niet in overweging hebben genomen bij het opstellen van onze aanbevelingen als het hier niet vermeld staat. Er zijn veel factoren die worden overwogen en besproken wanneer wij een project aanbevelen, en het documenteren van elke factor is een werk in uitvoering. + +- Accepteert betaling in [een aanbevolen cryptocurrency](cryptocurrency.md). +- Geen identificatieplicht. diff --git a/i18n/nl/frontends.md b/i18n/nl/frontends.md index 3def0440..981d4850 100644 --- a/i18n/nl/frontends.md +++ b/i18n/nl/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: Deze open-source frontends voor verschillende internetdiensten geven je toegang tot inhoud zonder JavaScript of andere ergernissen. --- Soms proberen diensten je te dwingen zich aan te melden voor een account door de toegang tot inhoud te blokkeren met vervelende popups. Ze kunnen ook breken zonder JavaScript. Met deze frontends kunt je deze beperkingen omzeilen. @@ -264,5 +265,3 @@ Aanbevolen frontends... We overwegen alleen frontends voor websites die... - Niet normaal toegankelijk zonder JavaScript. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/index.md b/i18n/nl/index.md index 54a86313..90b72082 100644 --- a/i18n/nl/index.md +++ b/i18n/nl/index.md @@ -11,7 +11,7 @@ hide: ##### "Ik heb niets te verbergen. Waarom zou ik me zorgen maken over mijn privacy?" -Net zoals het recht op interraciale huwelijken, het kiesrecht voor vrouwen, de vrijheid van meningsuiting en vele andere, hadden wij niet altijd recht op privacy. In verschillende dictaturen hebben velen dat nog steeds niet. Generaties voor ons vochten voor ons recht op privacy. ==Privacy is een mensenrecht, inherent aan ons allen,== waar we recht op hebben (zonder discriminatie). +Net zoals het recht op interraciale huwelijken, het kiesrecht voor vrouwen, de vrijheid van meningsuiting en vele andere, hadden wij niet altijd recht op privacy. In verschillende dictaturen is dat nog steeds niet het geval. Generaties voor ons vochten voor ons recht op privacy. ==Privacy is een mensenrecht, inherent aan ons allen,== waar we recht op hebben (zonder discriminatie). Je moet privacy niet verwarren met geheimzinnigheid. We weten wat er in de badkamer gebeurt, maar je doet nog steeds de deur dicht. Dat is omdat je privacy wilt, geen geheimzinnigheid. **Iedereen** heeft iets te beschermen. Privacy is iets wat ons menselijk maakt. @@ -40,5 +40,3 @@ Het is onpraktisch, duur en vermoeiend om te proberen al jouw gegevens altijd te [:material-hand-coin-outline:](about/donate.md){ title="Steun het project" } Het is belangrijk voor een website zoals Privacy Guides om altijd up-to-date te blijven. Ons publiek moet software-updates in de gaten houden voor de toepassingen die op onze site staan en recent nieuws volgen over aanbieders die wij aanbevelen. Het is moeilijk om het hoge tempo van het internet bij te houden, maar we doen ons best. Als je een fout ziet, denkt dat een provider niet in de lijst thuishoort, merkt dat een gekwalificeerde provider ontbreekt, denkt dat een browserplugin niet langer de beste keuze is, of een ander probleem ontdekt, laat het ons dan weten. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/kb-archive.md b/i18n/nl/kb-archive.md index 5db41d4a..2c6dcee5 100644 --- a/i18n/nl/kb-archive.md +++ b/i18n/nl/kb-archive.md @@ -1,11 +1,12 @@ --- title: KB Archief icon: material/archive +description: Sommige pagina's die vroeger in onze kennisbank zaten, zijn nu te vinden op onze blog. --- # Pagina's verplaatst naar Blog -Sommige pagina's die vroeger in onze kennisbank stonden, staan nu op onze blog: +Sommige pagina's die vroeger in onze kennisbank zaten, zijn nu te vinden op onze blog: - [GrapheneOS vs CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) - [Signal configuratie en verharding](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) @@ -14,5 +15,3 @@ Sommige pagina's die vroeger in onze kennisbank stonden, staan nu op onze blog: - [Veilig wissen van gegevens](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integreren van metadata verwijdering](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS configuratiegids](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/meta/brand.md b/i18n/nl/meta/brand.md index da25e798..0237502d 100644 --- a/i18n/nl/meta/brand.md +++ b/i18n/nl/meta/brand.md @@ -20,5 +20,3 @@ Aanvullende merkrichtlijnen zijn te vinden op [github.com/privacyguides/brand](h "Privacy Guides" en het schild logo zijn handelsmerken in eigendom van Jonah Aragon, onbeperkt gebruik is toegekend aan de Privacy Guides project. Zonder af te zien van haar rechten, adviseert Privacy Guides anderen niet over de reikwijdte van haar intellectuele-eigendomsrechten. Privacy Guides staat geen gebruik van haar handelsmerken toe op een manier die verwarring kan veroorzaken door associatie met of sponsoring door Privacy Guides te impliceren, en geeft daar ook geen toestemming voor. Als u op de hoogte bent van dergelijk gebruik, neem dan contact op met Jonah Aragon via jonah@privacyguides.org. Raadpleeg uw juridisch adviseur als u vragen hebt. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/meta/git-recommendations.md b/i18n/nl/meta/git-recommendations.md index c11fb3e7..bb81b6a8 100644 --- a/i18n/nl/meta/git-recommendations.md +++ b/i18n/nl/meta/git-recommendations.md @@ -44,5 +44,3 @@ Als je aan jouw eigen branch werkt, voer dan deze commando's uit voordat je een git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/meta/uploading-images.md b/i18n/nl/meta/uploading-images.md index 79b6a59c..4de7106d 100644 --- a/i18n/nl/meta/uploading-images.md +++ b/i18n/nl/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/meta/writing-style.md b/i18n/nl/meta/writing-style.md index 9ceb6b7b..999f73cc 100644 --- a/i18n/nl/meta/writing-style.md +++ b/i18n/nl/meta/writing-style.md @@ -85,5 +85,3 @@ Bron: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversationa > - "mag niet" voor een verbod > - "kan" voor een discretionaire actie > - “zou moeten” voor een aanbeveling - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/mobile-browsers.md b/i18n/nl/mobile-browsers.md index 3728c037..340c5dde 100644 --- a/i18n/nl/mobile-browsers.md +++ b/i18n/nl/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobiele browsers" icon: material/cellphone-information +description: Deze browsers zijn wat we momenteel aanbevelen voor standaard/niet-anoniem internetten op jouw telefoon. --- Dit zijn onze momenteel aanbevolen mobiele webbrowsers en configuraties voor standaard/niet-anoniem internetten. In het algemeen raden we aan om extensies tot een minimum te beperken: ze hebben geprivilegieerde toegang binnen jouw browser, vereisen dat je de ontwikkelaar vertrouwt, kunnen je [doen opvallen](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), en [verzwakken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-Uchnm34/m/lDaXwQhzBAAJ) site-isolatie. In het algemeen raden we aan om extensies tot een minimum te beperken: ze hebben geprivilegieerde toegang binnen jouw browser, vereisen dat u de ontwikkelaar vertrouwt, kunnen je [doen opvallen](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), en [verzwakken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site-isolatie. @@ -189,5 +190,3 @@ Extra filterlijsten vertragen de zaken en kunnen uw aanvalsoppervlak vergroten, - Mag geen ingebouwde browser- of OS-functionaliteit repliceren. - Moet rechtstreeks van invloed zijn op de privacy van de gebruiker, d.w.z. mag niet gewoon informatie verstrekken. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/multi-factor-authentication.md b/i18n/nl/multi-factor-authentication.md index 77bf7c3b..c85aa986 100644 --- a/i18n/nl/multi-factor-authentication.md +++ b/i18n/nl/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: Deze tools helpen je jouw internetaccounts te beveiligen met Multi-Factor Authentication zonder jouw geheimen naar een derde partij te sturen. --- ## Hardware Veiligheidssleutels @@ -139,5 +140,3 @@ Wij raden je ten zeerste aan om mobiele TOTP apps te gebruiken in plaats van des - Moet geen internetverbinding vereisen. - Mag niet synchroniseren met een cloud sync/backup service van derden. - **Optioneel is** E2EE sync-ondersteuning met OS-native tools aanvaardbaar, bv. versleutelde sync via iCloud. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/news-aggregators.md b/i18n/nl/news-aggregators.md index 9f043911..46689662 100644 --- a/i18n/nl/news-aggregators.md +++ b/i18n/nl/news-aggregators.md @@ -1,6 +1,7 @@ --- title: "Nieuws Aggregators" icon: material/rss +description: Met deze news aggregator clients kunt je op de hoogte blijven van jouw favoriete blogs en nieuwssites via internetstandaarden zoals RSS. --- Een [nieuwsaggregator](https://en.wikipedia.org/wiki/News_aggregator) is een manier om op de hoogte te blijven van jouw favoriete blogs en nieuwssites. @@ -169,5 +170,3 @@ Je kunt zich abonneren op YouTube-kanalen zonder in te loggen en gebruiksinforma ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/notebooks.md b/i18n/nl/notebooks.md index 5667751d..6e847757 100644 --- a/i18n/nl/notebooks.md +++ b/i18n/nl/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notitieboekjes" icon: material/notebook-edit-outline +description: Met deze versleutelde notitie-apps kun je je notities bijhouden zonder ze aan derden te geven. --- Houd jouw notities en aantekeningen bij zonder ze aan derden te geven. @@ -111,5 +112,3 @@ Cryptee biedt gratis 100MB opslag, met betaalde opties als je meer nodig hebt. A - De lokale backup/sync-functie moet encryptie ondersteunen. - Cloud-platforms moeten het delen van documenten ondersteunen. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/os/android-overview.md b/i18n/nl/os/android-overview.md index 55243cf3..171bee14 100644 --- a/i18n/nl/os/android-overview.md +++ b/i18n/nl/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overzicht icon: simple/android +description: Android is een open-source besturingssysteem met sterke beveiliging, waardoor het onze topkeuze is voor telefoons. --- Android is een veilig besturingssysteem met sterke [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), en een robuust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ Het is belangrijk om geen [end-of-life](https://endoflife.date/android) versie v ## Android-machtigingen -[Machtigingen op Android](https://developer.android.com/guide/topics/permissions/overview) geven je controle over welke apps toegang krijgen. Google brengt regelmatig [verbeteringen aan](https://developer.android.com/about/versions/11/privacy/permissions) in het toestemmingssysteem in elke opeenvolgende versie. Alle apps die je installeert zijn strikt [sandboxed](https://source.android.com/security/app-sandbox), daarom is het niet nodig om antivirus apps te installeren. Een smartphone met de nieuwste versie van Android zal altijd veiliger zijn dan een oude smartphone met een antivirus waarvoor je betaald heeft. Het is beter om niet te betalen voor antivirussoftware en geld te sparen om een nieuwe smartphone te kopen, zoals een Google Pixel. +[Machtigingen op Android](https://developer.android.com/guide/topics/permissions/overview) geven je controle over waar apps toegang tot toe krijgen. Google brengt regelmatig [verbeteringen aan](https://developer.android.com/about/versions/11/privacy/permissions) in het machtigingssysteem in elke opeenvolgende versie. Alle apps die je installeert zijn strikt [sandboxed](https://source.android.com/security/app-sandbox), daarom is het niet nodig om antivirus apps te installeren. -Als je een app wilt gebruiken waar je niet zeker van bent, kun je overwegen een gebruikers- of werkprofiel te gebruiken. +Een smartphone met de nieuwste versie van Android zal altijd veiliger zijn dan een oude smartphone met een betaalde antivirus. Het is beter om niet te betalen voor antivirussoftware en geld te sparen om een nieuwe smartphone te kopen, zoals een Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) geeft je meer controle over jouw bestanden en kan beperken wat [toegang heeft tot externe opslag](https://developer.android.com/training/data-storage#permissions). Apps kunnen een specifieke map in externe opslag hebben en de mogelijkheid om daar specifieke soorten media op te slaan. +- Strengere toegang op [apparaatlocatie](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) door invoering van de machtiging `ACCESS_BACKGROUND_LOCATION`. Dit voorkomt dat apps op de achtergrond toegang krijgen tot de locatie zonder uitdrukkelijke toestemming van de gebruiker. + +Android 11: + +- [Eenmalige toestemmingen](https://developer.android.com/about/versions/11/privacy/permissions#one-time) waarmee je eenmalig een machtiging kunt verlenen aan een app. +- [Automatische reset machtigingen](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), die [runtime machtigingen](https://developer.android.com/guide/topics/permissions/overview#runtime) terugzet die werden toegekend toen de app werd geopend. +- Machtigingen voor toegang tot [telefoon nummer](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) gerelateerde functies. + +Android 12: + +- Een machtiging om alleen de [geschatte locatie](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location) toe te kennen. +- Auto-reset van [apps in slaapstand](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) die het gemakkelijker maakt om te bepalen welk deel van een app een bepaald type gegevenstoegang gebruikt. + +Android 13: + +- Een permissie voor [nabijgelegen wifi toegang](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). De MAC-adressen van WiFi-toegangspunten in de buurt waren een populaire manier voor apps om de locatie van een gebruiker te traceren. +- Een meer [granulaire mediatoestemmingen](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), wat betekent dat je alleen toegang kan verlenen tot afbeeldingen, video's of audiobestanden. +- Achtergrondgebruik van sensoren vereist nu de toestemming [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission). + +Een app kan een toestemming vragen voor een specifieke functie die hij heeft. Bijvoorbeeld, elke app die QR-codes kan scannen heeft toestemming voor de camera nodig. Sommige apps kunnen meer toestemmingen vragen dan ze nodig hebben. + +[Exodus](https://exodus-privacy.eu.org/) kan nuttig zijn bij het vergelijken van apps die vergelijkbare doelen hebben. Als een app veel machtigingen nodig heeft en veel advertenties en analytics heeft, is dit waarschijnlijk een slecht teken. Wij raden aan de individuele trackers te bekijken en hun beschrijvingen te lezen in plaats van eenvoudigweg **het totaal** te tellen en aan te nemen dat alle vermelde items gelijk zijn. + +!!! warning + + Als een app vooral een webdienst is, kan de tracking aan de serverzijde plaatsvinden. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) toont "geen trackers", maar volgt zeker de interesses en het gedrag van gebruikers op de site. Apps kunnen detectie omzeilen door geen gebruik te maken van door de reclame-industrie geproduceerde standaardcodebibliotheken, hoewel dit onwaarschijnlijk is. + +!!! note + + Privacy-vriendelijke apps zoals [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) kunnen sommige trackers tonen zoals [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). Deze bibliotheek bevat [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) die [pushmeldingen](https://en.wikipedia.org/wiki/Push_technology) in apps kan bieden. Dit [is het geval](https://fosstodon.org/@bitwarden/109636825700482007) met Bitwarden. Dat betekent niet dat Bitwarden alle analysefuncties gebruikt die Google Firebase Analytics biedt. ## Mediatoegang @@ -131,5 +167,3 @@ Je krijgt de optie om jouw advertentie-ID te verwijderen of om *af te melden voo [SafetyNet](https://developer.android.com/training/safetynet/attestation) en de [Play Integrity API's](https://developer.android.com/google/play/integrity) worden over het algemeen gebruikt voor [bankapps](https://grapheneos.org/usage#banking-apps). Veel bank apps zullen prima werken in GrapheneOS met sandboxed Play services, maar sommige niet-financiële apps hebben hun eigen grove anti-tampering mechanismen die kunnen falen. GrapheneOS doorstaat de `basicIntegrity` check, maar niet de certificeringscheck `ctsProfileMatch`. Toestellen met Android 8 of later hebben hardware-attestondersteuning die niet kan worden omzeild zonder gelekte sleutels of ernstige kwetsbaarheden. Wat Google Wallet betreft, wij raden dit niet aan vanwege hun [privacybeleid](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), waarin staat dat je zich moet afmelden als je niet wilt dat jouw kredietwaardigheid en persoonlijke gegevens worden gedeeld met affiliate marketingdiensten. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/os/linux-overview.md b/i18n/nl/os/linux-overview.md index d9c50977..6235e883 100644 --- a/i18n/nl/os/linux-overview.md +++ b/i18n/nl/os/linux-overview.md @@ -1,6 +1,7 @@ --- title: Linux Overzicht icon: simple/linux +description: Linux is een open-source, privacy-gericht desktop besturingssysteem alternatief, maar niet alle distributies zijn gelijk. --- Vaak wordt aangenomen dat [open-source](https://en.wikipedia.org/wiki/Open-source_software) software inherent veilig is omdat de broncode beschikbaar is. Er wordt verwacht dat er regelmatig communautaire verificatie plaatsvindt; dit is echter niet altijd [het geval](https://seirdy.one/posts/2022/02/02/floss-security/). Het hangt af van een aantal factoren, zoals de activiteit van het project, de ervaring van de ontwikkelaar, de striktheid waarmee [code wordt gereviewd](https://en.wikipedia.org/wiki/Code_review), en hoe vaak aandacht wordt besteed aan specifieke delen van de [codebase](https://en.wikipedia.org/wiki/Codebase) die misschien jarenlang onaangeroerd zijn gebleven. @@ -139,5 +140,3 @@ Het Fedora Project [telt](https://fedoraproject.org/wiki/Changes/DNF_Better_Coun Deze [optie](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) staat momenteel standaard uit. We raden aan om `countme=false` toe te voegen aan `/etc/dnf/dnf.conf` voor het geval het in de toekomst wordt ingeschakeld. Op systemen die `rpm-ostree` gebruiken, zoals Silverblue, wordt de countme optie uitgeschakeld door de [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer te maskeren. openSUSE gebruikt ook een [unieke ID](https://en.opensuse.org/openSUSE:Statistics) om systemen te tellen, die kan worden uitgeschakeld door het bestand `/var/lib/zypp/AnonymousUniqueId` te verwijderen. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/os/qubes-overview.md b/i18n/nl/os/qubes-overview.md index cbc30885..8e51575c 100644 --- a/i18n/nl/os/qubes-overview.md +++ b/i18n/nl/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overzicht" icon: simple/qubesos +description: Qubes is een besturingssysteem dat apps isoleert binnen virtuele machines voor een betere beveiliging. --- [**Qubes OS**](../desktop.md#qubes-os) is een besturingssysteem dat gebruik maakt van de [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor om sterke beveiliging te bieden voor desktop computing via geïsoleerde virtuele machines. Elke VM wordt een *Qube* genoemd en je kunt elke Qube een vertrouwensniveau toewijzen op basis van het doel ervan. Omdat Qubes OS beveiliging biedt door isolatie te gebruiken en alleen acties per geval toe te staan, is dit het tegenovergestelde van [slechtheids opsomming](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ Voor aanvullende informatie raden wij je aan de uitgebreide Qubes OS documentati - J. Rutkowska: [*Softwarecompartimentering versus fysieke scheiding*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*De verdeling van mijn digitale leven in veiligheidsdomeinen*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Verwante artikelen*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/passwords.md b/i18n/nl/passwords.md index 2c5a94ce..a42cd28b 100644 --- a/i18n/nl/passwords.md +++ b/i18n/nl/passwords.md @@ -1,6 +1,7 @@ --- title: "Wachtwoord managers" icon: material/form-textbox-password +description: Met wachtwoord Managers kunt je wachtwoorden en andere geheimen veilig opslaan en beheren met behulp van een hoofdwachtwoord. --- Met wachtwoord Managers kunt je wachtwoorden en andere geheimen veilig opslaan en beheren met behulp van een hoofdwachtwoord. @@ -226,5 +227,3 @@ Deze producten zijn minimale wachtwoordmanagers die kunnen worden gebruikt binne We werken aan het vaststellen van gedefinieerde criteria voor elk deel van onze site, en dit kan onderhevig zijn aan verandering. Als je vragen hebt over onze criteria, stel ze dan [op ons forum](https://discuss.privacyguides.net/latest) en neem niet aan dat we iets niet in overweging hebben genomen bij het opstellen van onze aanbevelingen als het hier niet vermeld staat. Er zijn veel factoren die worden overwogen en besproken wanneer wij een project aanbevelen, en het documenteren van elke factor is een werk in uitvoering. - Moet cross-platform zijn. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/productivity.md b/i18n/nl/productivity.md index 20f218f9..18745373 100644 --- a/i18n/nl/productivity.md +++ b/i18n/nl/productivity.md @@ -1,6 +1,7 @@ --- title: "Productiviteitshulpmiddelen" icon: material/file-sign +description: De meeste online office suites ondersteunen geen E2EE, wat betekent dat de cloud provider toegang heeft tot alles wat je doet. --- De meeste online office suites ondersteunen geen E2EE, wat betekent dat de cloud provider toegang heeft tot alles wat je doet. Het privacybeleid kan jouw rechten wettelijk beschermen, maar het voorziet niet in technische toegangsbeperkingen. @@ -152,5 +153,3 @@ In het algemeen definiëren wij kantoorsuites als toepassingen die voor de meest [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentatie} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Broncode" } - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/real-time-communication.md b/i18n/nl/real-time-communication.md index 5e840077..23d88cd7 100644 --- a/i18n/nl/real-time-communication.md +++ b/i18n/nl/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communicatie" icon: material/chat-processing +description: Andere instant messengers maken al je privégesprekken beschikbaar voor het bedrijf dat ze beheert. --- Dit zijn onze aanbevelingen voor versleutelde real-time communicatie. @@ -191,5 +192,3 @@ Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte pr - Moet gedecentraliseerd zijn, d.w.z. gefedereerd of P2P. - Moet standaard E2EE gebruiken voor privé-berichten. - Moet Linux, macOS, Windows, Android en iOS ondersteunen. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/router.md b/i18n/nl/router.md index ffa3eddb..64180ac1 100644 --- a/i18n/nl/router.md +++ b/i18n/nl/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: Deze alternatieve besturingssystemen kunnen worden gebruikt om jouw router of Wi-Fi-toegangspunt te beveiligen. --- Hieronder staan een paar alternatieve besturingssystemen, die gebruikt kunnen worden op routers, Wi-Fi access points, enz. @@ -47,5 +48,3 @@ OPNsense werd oorspronkelijk ontwikkeld als een fork van [pfSense](https://en.wi - Moet open source zijn. - Moet regelmatig updates ontvangen. - Moet een grote verscheidenheid aan hardware ondersteunen. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/search-engines.md b/i18n/nl/search-engines.md index 4de94b18..c7fdeb5f 100644 --- a/i18n/nl/search-engines.md +++ b/i18n/nl/search-engines.md @@ -1,6 +1,7 @@ --- title: "Zoekmachines" icon: material/search-web +description: Deze privacy respecterende zoekmachines bouwen geen advertentieprofiel op basis van jouw zoekopdrachten. --- Gebruik een zoekmachine die geen advertentieprofiel opbouwt op basis van jouw zoekopdrachten. @@ -105,5 +106,3 @@ Onze best-case criteria geven aan wat wij zouden willen zien van het perfecte pr - Moet gebaseerd zijn op open-source software. - Mag geen Tor exit node IP adressen blokkeren. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/tools.md b/i18n/nl/tools.md index 60b81393..428b606c 100644 --- a/i18n/nl/tools.md +++ b/i18n/nl/tools.md @@ -3,6 +3,7 @@ title: "Privacy Hulpmiddelen" icon: material/tools hide: - toc +description: Privacy Guides is de meest transparante en betrouwbare website voor het vinden van software, apps en diensten die jouw persoonlijke gegevens beschermen tegen massa surveillance programma's en andere internetbedreigingen. --- Als je op zoek bent naar een specifieke oplossing voor iets, dan zijn dit de hardware en software tools die wij aanbevelen in verschillende categorieën. Onze aanbevolen privacytools zijn in de eerste plaats gekozen op basis van beveiligingskenmerken, met extra nadruk op gedecentraliseerde en open-source tools. Ze zijn van toepassing op een verscheidenheid aan dreigingsmodellen, variërend van bescherming tegen wereldwijde massasurveillanceprogramma's en het vermijden van grote technologiebedrijven tot het beperken van aanvallen, maar alleen jij kunt bepalen wat het beste werkt voor jouw behoeften. @@ -84,10 +85,10 @@ Voor meer details over elk project, waarom ze werden gekozen, en extra tips of t
    -- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) -- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Werkprofielen)](android.md#shelter) -- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Ondersteunde apparaten)](android.md#auditor) -- ![Beveiligde camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Beveiligde camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Beveiligde camera](android.md#secure-camera) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) +- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) +- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) - ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
    @@ -199,6 +200,29 @@ Wij [bevelen](dns.md#recommended-providers) een aantal versleutelde DNS servers [Meer informatie :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financiële diensten + +#### Maskerende betalingsdiensten + +
    + +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
    + +[Meer informatie :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online marktplaatsen voor cadeaubonnen + +
    + +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
    + +[Meer informatie :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Zoekmachines
    @@ -226,9 +250,9 @@ Wij [bevelen](dns.md#recommended-providers) een aantal versleutelde DNS servers
    -- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
    @@ -247,6 +271,16 @@ Wij [bevelen](dns.md#recommended-providers) een aantal versleutelde DNS servers [Meer informatie :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
    + +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
    + +[Meer informatie :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Redactie van gegevens en metagegevens
    @@ -439,5 +473,3 @@ Wij [bevelen](dns.md#recommended-providers) een aantal versleutelde DNS servers
    [Meer informatie :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/tor.md b/i18n/nl/tor.md index 14116883..6d61dc55 100644 --- a/i18n/nl/tor.md +++ b/i18n/nl/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Netwerk" icon: simple/torproject +description: Bescherm je surf gedrag tegen nieuwsgierige ogen door gebruik te maken van het Tor netwerk, een beveiligd netwerk dat censuur omzeilt. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -13,13 +14,7 @@ Het **Tor** netwerk is een groep vrijwilligersservers waarmee je gratis verbindi Tor werkt door je internetverkeer om te leiden via deze door vrijwilligers beheerde servers, in plaats van een directe verbinding te maken met de site die je probeert te bezoeken. Dit versluiert waar het verkeer vandaan komt, en geen enkele server in het verbindingspad kan het volledige pad zien van waar het verkeer vandaan komt en naartoe gaat, wat betekent dat zelfs de servers die je gebruikt om verbinding te maken jouw anonimiteit niet kunnen doorbreken. -
    - Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
    Tor circuit pathway - Knooppunten in het pad kunnen alleen de servers zien waarmee ze direct verbonden zijn, bijvoorbeeld het getoonde "Entry" knooppunt kan je IP adres zien, en het adres van het "Middle" knooppunt, maar kan niet zien welke website je bezoekt.
    -
    - -- [Meer informatie over hoe Tor werkt :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Gedetailleerd Tor-overzicht :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Verbinding maken met Tor @@ -118,5 +113,3 @@ Om weerstand te bieden tegen verkeersanalyse aanvallen, kunt je overwegen om *Is Snowflake verhoogt jouw privacy op geen enkele manier, en wordt ook niet gebruikt om verbinding te maken met het Tor-netwerk binnen jouw persoonlijke browser. Als jouw internetverbinding echter ongecensureerd is, zou je moeten overwegen het te gebruiken om mensen in gecensureerde netwerken te helpen zelf betere privacy te krijgen. Je hoeft je geen zorgen te maken over welke websites mensen via je proxy bezoeken- hun zichtbare surf IP adres zal overeenkomen met hun Tor exit node, niet met die van jou. Het runnen van een Snowflake proxy is weinig riskant, zelfs meer dan het runnen van een Tor relay of bridge, wat al geen bijzonder riskante onderneming is. Het stuurt echter nog steeds verkeer door jouw netwerk, wat in sommige opzichten gevolgen kan hebben, vooral als jouw netwerk een beperkte bandbreedte heeft. Zorg ervoor dat je [begrijpt hoe Snowflake werkt](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) voordat je beslist of je een proxy wilt gebruiken. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/video-streaming.md b/i18n/nl/video-streaming.md index 04a1663c..cce00403 100644 --- a/i18n/nl/video-streaming.md +++ b/i18n/nl/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Videostreaming" icon: material/video-wireless +description: Met deze netwerken kunt je internet content streamen zonder een advertentieprofiel op te bouwen op basis van jouw interesses. --- Het grootste gevaar bij het gebruik van een videostreamingplatform is dat uw streaminggewoonten en abonneelijsten kunnen worden gebruikt om u te profileren. Je zou deze tools moeten combineren met een [VPN](vpn.md) of [Tor](https://www.torproject.org/) om het moeilijker te maken je gebruik te profileren. @@ -48,5 +49,3 @@ Je kunt de optie *Hostinggegevens opslaan om het LBRY-netwerk te helpen* uitscha - Mag geen gecentraliseerde account vereisen om video's te bekijken. - Gedecentraliseerde authenticatie, bijvoorbeeld via de privésleutel van een mobiele portemonnee, is aanvaardbaar. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/nl/vpn.md b/i18n/nl/vpn.md index 92674839..a2419c1f 100644 --- a/i18n/nl/vpn.md +++ b/i18n/nl/vpn.md @@ -1,94 +1,34 @@ --- title: "VPN-diensten" icon: material/vpn +description: Dit zijn de beste VPN-diensten om jouw privacy en veiligheid online te beschermen. Vind hier een provider die er niet op uit is om je te bespioneren. --- -Zoek een no-logging VPN-operator die er niet op uit is jouw webverkeer te verkopen of te lezen. +Als je op zoek bent naar extra **privacy** van uw ISP, op een openbaar Wi-Fi-netwerk, of tijdens het torrenten van bestanden, kan een VPN de oplossing voor je zijn, zolang je de risico's ervan begrijpt. Wij denken dat deze aanbieders een stuk beter zijn dan de rest: -??? danger "VPN's zorgen niet voor anonimiteit" +
    - Het gebruik van een VPN houdt jouw surfgedrag niet anoniem, noch voegt het extra beveiliging toe aan niet-beveiligd (HTTP) verkeer. +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
    + +!!! danger "VPN's zorgen niet voor anonimiteit" + + Het gebruik van een VPN houdt jouw surfgedrag niet anoniem, ook voegt het geen extra beveiliging toe aan niet-beveiligd (HTTP) verkeer. - Als je op zoek bent naar **anonimiteit**, kunt je beter de Tor Browser **in plaats** van een VPN gebruiken. + Als je op zoek bent naar **anonimiteit**, moet je de Tor Browser gebruiken **in plaats** van een VPN. Als je op zoek bent naar extra **veiligheid**, moet je er altijd voor zorgen dat je verbinding maakt met websites via HTTPS. Een VPN is geen vervanging voor goede beveiligingspraktijken. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Mythen & FAQ](advanced/tor-overview.md){ .md-button } -??? question "Wanneer zijn VPN's nuttig?" - - Als je op zoek bent naar extra **privacy** van uw ISP, op een openbaar Wi-Fi-netwerk, of tijdens het torrenten van bestanden, kan een VPN de oplossing voor je zijn, zolang je de risico's ervan begrijpt. - - [Meer info](basics/vpn-overview.md){ .md-button } +[Gedetailleerd VPN-overzicht :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Aanbevolen Providers -!!! abstract "Criteria" - - Onze aanbevolen providers gebruiken encryptie, accepteren Monero, ondersteunen WireGuard & OpenVPN, en hebben een no logging beleid. Lees onze [volledige lijst van criteria](#onze-criteria) voor meer informatie. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is een sterke speler in de VPN-ruimte, en ze zijn in bedrijf sinds 2016. Proton AG is gevestigd in Zwitserland en biedt een beperkt gratis niveau en een meer uitgebreide premium optie. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentatie} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Broncode" } - - ??? downloads "Downloaden" - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Landen" - - Proton VPN heeft [servers in 67 landen](https://protonvpn.com/vpn-servers) (1). Door een VPN-provider te kiezen met een server het dichtst bij jou in de buurt, verminder je de latentie van het netwerkverkeer dat je verstuurt. Dit komt door een kortere route (minder hops) naar de bestemming. - - Wij denken ook dat het voor de veiligheid van de privé-sleutels van de VPN-provider beter is als zij [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service) gebruiken, in plaats van goedkopere gedeelde oplossingen (met andere klanten) zoals [virtuele privé-servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Laatst gecontroleerd: 2022-09-16 - -??? success "Onafhankelijk Gecontroleerd" - - Vanaf januari 2020, heeft Proton VPN een onafhankelijke audit door SEC Consult ondergaan. SEC Consult vond enkele kwetsbaarheden met een gemiddeld en laag risico in de Windows-, Android- en iOS-applicaties van Proton VPN, die allemaal door Proton VPN "naar behoren waren verholpen" voordat de rapporten werden gepubliceerd. Geen van de geconstateerde problemen zou een aanvaller op afstand toegang hebben verschaft tot jouw apparaat of verkeer. Je kunt de afzonderlijke verslagen voor elk platform bekijken op [protonvpn.com](https://protonvpn.com/blog/open-source/). In april 2022 onderging Proton VPN [nog een audit](https://protonvpn.com/blog/no-logs-audit/) en het verslag werd [opgesteld door Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). Voor de apps van Proton VPN is op 9 november 2021 een [attestbrief](https://proton.me/blog/security-audit-all-proton-apps) verstrekt door [Securitum](https://research.securitum.com). - -??? success "Open-Source Cliënts" - - Proton VPN biedt de broncode voor hun desktop en mobiele clients in hun [GitHub organisatie](https://github.com/ProtonVPN). - -??? success "Accepteert Cash" - - Proton VPN accepteert naast creditcards en PayPal ook Bitcoin en **contant geld/lokale valuta** als anonieme vormen van betaling. - -??? success "WireGuard Support" - - Proton VPN ondersteunt hoofdzakelijk het WireGuard® protocol. [WireGuard](https://www.wireguard.com) is een nieuwer protocol dat gebruik maakt van het modernste [cryptography](https://www.wireguard.com/protocol/). Bovendien wil WireGuard eenvoudiger en performanter zijn. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) het gebruik van WireGuard met hun dienst. Op Proton VPN's Windows, macOS, iOS, Android, ChromeOS, en Android TV apps is WireGuard het standaard protocol; [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) voor het protocol is echter niet aanwezig in hun Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN ondersteunt momenteel alleen remote [port forwarding](https://protonvpn.com/support/port-forwarding/) op Windows, wat gevolgen kan hebben voor sommige toepassingen. Vooral Peer-to-peer-toepassingen zoals Torrent-cliënten. - -??? success "Mobiele klanten" - - Naast het leveren van standaard OpenVPN-configuratiebestanden, heeft Proton VPN mobiele clients voor [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=nl_US), en [GitHub](https://github.com/ProtonVPN/android-app/releases) die eenvoudige verbindingen met hun servers mogelijk maken. - -??? info "Aanvullende Functionaliteit" - - Proton VPN heeft eigen servers en datacenters in Zwitserland, IJsland en Zweden. Ze bieden adblocking en het blokkeren van bekende malware domeinen met hun DNS service. Ze bieden adblocking en blokkering van bekende malwaredomeinen met hun DNS-dienst. Daarnaast biedt Proton VPN ook "Tor" servers waarmee je gemakkelijk verbinding kunt maken met onion sites, maar we raden nog steeds sterk aan om hiervoor [de officiële Tor Browser](https://www.torproject.org/) te gebruiken. - -!!! danger "De killswitch-functionaliteit werkt niet op Intel-gebaseerde Macs" - - Systeemcrashes [kunnen optreden](https://protonvpn.com/support/macos-t2-chip-kill-switch/) op Intel-gebaseerde Macs bij gebruik van de VPN killswitch. Als je deze functie nodig hebt, en je gebruikt een Mac met Intel-chipset, moet je overwegen een andere VPN-dienst te gebruiken. +Onze aanbevolen providers gebruiken encryptie, accepteren Monero, ondersteunen WireGuard & OpenVPN, en hebben een no logging beleid. Lees onze [volledige lijst met criteria](#criteria) voor meer informatie. ### IVPN @@ -96,10 +36,10 @@ Zoek een no-logging VPN-operator die er niet op uit is jouw webverkeer te verkop ![IVPN logo](assets/img/vpn/ivpn.svg){ align=right } - **IVPN** is een andere premium VPN provider, en ze zijn actief sinds 2009. IVPN is gevestigd in Gibraltar. + **IVPN** is een premium VPN-provider en zijn actief sinds 2009. IVPN is gevestigd in Gibraltar. [:octicons-home-16: Homepage](https://www.ivpn.net/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacy Policy" } + [:octicons-eye-16:](https://www.ivpn.net/privacy/){ .card-link title="Privacybeleid" } [:octicons-info-16:](https://www.ivpn.net/knowledgebase/general/){ .card-link title=Documentatie} [:octicons-code-16:](https://github.com/ivpn){ .card-link title="Broncode" } @@ -111,43 +51,44 @@ Zoek een no-logging VPN-operator die er niet op uit is jouw webverkeer te verkop - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Landen" +#### :material-check:{ .pg-green } 35 Landen - IVPN heeft [servers in 35 landen](https://www.ivpn.net/server-locations) (1). Door een VPN-provider te kiezen met een server het dichtst bij jou in de buurt, verminder je de latentie van het netwerkverkeer dat je verstuurt. Dit komt door een kortere route (minder hops) naar de bestemming. - - Wij denken ook dat het voor de veiligheid van de privé-sleutels van de VPN-provider beter is als zij [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service) gebruiken, in plaats van goedkopere gedeelde oplossingen (met andere klanten) zoals [virtuele privé-servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN heeft [servers in 35 landen](https://www.ivpn.net/server-locations).(1) Door een VPN-provider te kiezen met een server die het dichtst bij je in de buurt staat, verminder je de vertraging van het netwerkverkeer die je verstuurt. Dit komt door een kortere route (minder hops) naar de bestemming. +{ .annotate } 1. Laatst gecontroleerd: 2022-09-16 -??? success "Onafhankelijk Gecontroleerd" +Wij denken ook dat het beter is voor de veiligheid van de privésleutels van de VPN-provider als ze [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service) gebruiken, in plaats van goedkopere gedeelde servers (met andere klanten) zoals [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN heeft een [no-logging audit van Cure53](https://cure53.de/audit-report_ivpn.pdf) ondergaan die concludeerde in overeenstemming met de no-logging claim van IVPN. IVPN heeft in januari 2020 ook een [uitgebreid pentestrapport Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) afgerond. IVPN heeft ook gezegd dat zij van plan zijn in de toekomst [jaarverslagen](https://www.ivpn.net/blog/independent-security-audit-concluded) uit te brengen. Er is nog een evaluatie uitgevoerd [in april 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) en deze is opgesteld door Cure53 [op hun website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Onafhankelijk geaudit -??? success "Open-Source Cliënts" +IVPN heeft een [no-logging audit ondergaan van Cure53](https://cure53.de/audit-report_ivpn.pdf) die concludeerde in overeenstemming met de no-logging claim van IVPN. IVPN heeft ook een [uitgebreid pentest rapport afgerond Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in januari 2020. IVPN heeft ook gezegd dat het van plan is om in de toekomst [jaarverslagen](https://www.ivpn.net/blog/independent-security-audit-concluded) te publiceren. In april 2022 werd een verdere evaluatie uitgevoerd [](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) en door Cure53 [geproduceerd op hun website](https://cure53.de/pentest-report_IVPN_2022.pdf). - Sinds februari 2020 zijn [IVPN applicaties nu open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Broncode kan worden verkregen van hun [GitHub organisatie](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-source clients -??? success "Accepteert contant geld en Monero" +Vanaf februari 2020 zijn [IVPN-toepassingen nu open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Broncode kan worden verkregen van hun [GitHub organisatie](https://github.com/ivpn). - Naast creditcards/debetkaarten en PayPal accepteert IVPN ook Bitcoin, **Monero** en **cash/lokale valuta** (op jaarplannen) als anonieme betalingsvormen. +#### :material-check:{ .pg-green } Accepteert contant geld en Monero -??? success "WireGuard Support" +Mullvad accepteert naast creditcards en PayPal ook Bitcoin, Bitcoin Cash, **Monero** en **contant geld/lokale valuta** als anonieme vormen van betaling. - IVPN ondersteunt het WireGuard® protocol. [WireGuard](https://www.wireguard.com) is een nieuwer protocol dat gebruik maakt van het modernste [cryptography](https://www.wireguard.com/protocol/). Bovendien wil WireGuard eenvoudiger en performanter zijn. - - IVPN [raad](https://www.ivpn.net/wireguard/) het gebruik van WireGuard aan en hierom is het protocol de standaard in alle apps van IVPN. IVPN biedt ook een WireGuard configuratie generator voor gebruik met de officiële WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard ondersteuning -??? success "Remote Port Forwarding" +IVPN ondersteunt het WireGuard® protocol. [WireGuard](https://www.wireguard.com) is een nieuwer protocol dat gebruik maakt van geavanceerde [cryptografie](https://www.wireguard.com/protocol/). Bovendien wil WireGuard eenvoudiger en performanter zijn. - Remote [port forwarding] (https://en.wikipedia.org/wiki/Port_forwarding) is mogelijk met een Pro-abonnement. Port forwarding [kan geactiveerd worden](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via de client area. Port forwarding is alleen beschikbaar op IVPN bij gebruik van WireGuard of OpenVPN protocollen en is [uitgeschakeld op US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [adviseert](https://www.ivpn.net/wireguard/) het gebruik van WireGuard met hun dienst en daarom is het protocol de standaard op alle apps van IVPN. IVPN biedt ook een WireGuard configuratie generator voor gebruik met de officiële WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobiele klanten" +#### :material-check:{ .pg-green } Remote Port Forwarding - Naast het leveren van standaard OpenVPN-configuratiebestanden, heeft IVPN mobiele clients voor [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), en [GitHub](https://github.com/ivpn/android-app/releases) die eenvoudige verbindingen met hun servers mogelijk maken. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is mogelijk met een Pro-abonnement. Port forwarding [kan](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) geactiveerd worden via de client area. Port forwarding is alleen beschikbaar op IVPN bij gebruik van WireGuard- of OpenVPN-protocollen en is [uitgeschakeld op Amerikaanse servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Aanvullende Functionaliteit" +#### :material-check:{ .pg-green } Mobiele Clients - IVPN-clients ondersteunen tweefactorauthenticatie (de clients van Mullvad niet). IVPN biedt ook de "[AntiTracker](https://www.ivpn.net/antitracker)" functionaliteit, die advertentienetwerken en trackers op netwerkniveau blokkeert. +Naast het leveren van standaard OpenVPN-configuratiebestanden, heeft IVPN mobiele clients voor [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), en [GitHub](https://github.com/ivpn/android-app/releases) die gemakkelijke verbindingen met hun servers mogelijk maken. + +#### :material-information-outline:{ .pg-blue } Aanvullende functionaliteit + +IVPN-clients ondersteunen tweefactorauthenticatie (de clients van Mullvad niet). IVPN biedt ook "[AntiTracker](https://www.ivpn.net/antitracker)" functionaliteit, die advertentienetwerken en trackers op netwerkniveau blokkeert. ### Mullvad @@ -159,7 +100,7 @@ Zoek een no-logging VPN-operator die er niet op uit is jouw webverkeer te verkop [:octicons-home-16: Homepage](https://mullvad.net){ .md-button .md-button--primary } [:simple-torbrowser:](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacy Policy" }. + [:octicons-eye-16:](https://mullvad.net/en/help/privacy-policy/){ .card-link title="Privacybeleid" }. [:octicons-info-16:](https://mullvad.net/en/help/){ .card-link title=Documentatie} [:octicons-code-16:](https://github.com/mullvad){ .card-link title="Broncode" } @@ -172,55 +113,120 @@ Zoek een no-logging VPN-operator die er niet op uit is jouw webverkeer te verkop - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 landen" +#### :material-check:{ .pg-green } 41 Landen - Mullvad heeft [servers in 41 landen](https://mullvad.net/servers/) (1). Door een VPN-provider te kiezen met een server het dichtst bij jou in de buurt, verminder je de latentie van het netwerkverkeer dat je verstuurt. Dit komt door een kortere route (minder hops) naar de bestemming. - - Wij denken ook dat het voor de veiligheid van de privé-sleutels van de VPN-provider beter is als zij [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service) gebruiken, in plaats van goedkopere gedeelde oplossingen (met andere klanten) zoals [virtuele privé-servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad heeft [servers in 41 landen](https://mullvad.net/servers/).(1) Door een VPN-provider te kiezen met een server die het dichtst bij je in de buurt staat, verminder je de vertraging van het netwerkverkeer die je verstuurt. Dit komt door een kortere route (minder hops) naar de bestemming. +{ .annotate } 1. Laatst gecontroleerd: 2023-01-19 -??? success "Onafhankelijk Gecontroleerd" +Wij denken ook dat het beter is voor de veiligheid van de privésleutels van de VPN-provider als ze [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service) gebruiken, in plaats van goedkopere gedeelde servers (met andere klanten) zoals [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - De VPN-clients van Mullvad zijn gecontroleerd door Cure53 en Assured AB in een pentest-rapport [gepubliceerd op cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). De beveiligingsonderzoekers concludeerden: +#### :material-check:{ .pg-green } Onafhankelijk geaudit + +De VPN-clients van Mullvad zijn geaudit door Cure53 en Assured AB in een pentest-rapport [gepubliceerd op cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). De beveiligingsonderzoekers concludeerden: + +> Cure53 en Assured AB zijn blij met de resultaten van de audit en de software laat over het algemeen een positieve indruk achter. Dankzij de inzet van het interne team van Mullvad VPN, twijfelen de testers er niet aan dat het project vanuit een beveiligingsoogpunt op het juiste spoor zit. + +In 2020 werd een tweede audit [aangekondigd](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) en werd het [definitieve auditverslag ](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) beschikbaar gesteld op de website van Cure53: + +> De resultaten van dit mei-juni 2020-project gericht op het Mullvad-complex zijn vrij positief. [...] Het totale applicatie-ecosysteem dat door Mullvad wordt gebruikt, laat een goede en gestructureerde indruk achter. De algemene structuur van de applicatie maakt het gemakkelijk om patches en fixes op een gestructureerde manier uit te rollen. De bevindingen van Cure53 laten vooral zien hoe belangrijk het is om de huidige lekken voortdurend te controleren en opnieuw te beoordelen, om de privacy van de eindgebruikers altijd te waarborgen. Dat gezegd hebbende, Mullvad beschermt de eindgebruiker uitstekend tegen veelvoorkomende lekken van PII en privacygerelateerde risico's. + +In 2020 werd een infstrastructuuraudit [aangekondigd](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) en werd het [definitieve auditverslag ](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) beschikbaar gesteld op de website van Cure53. Een ander rapport werd in opdracht gegeven [in juni 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) en is beschikbaar op [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-source clients + +Mullvad levert de broncode voor hun desktop en mobiele clients in hun [GitHub organisatie](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepteert contant geld en Monero + +Mullvad accepteert naast creditcards en PayPal ook Bitcoin, Bitcoin Cash, **Monero** en **contant geld/lokale valuta** als anonieme vormen van betaling. Ze aanvaarden ook Swish en bankoverschrijvingen. + +#### :material-check:{ .pg-green } WireGuard ondersteuning + +Mullvad ondersteunt het WireGuard® protocol. [WireGuard](https://www.wireguard.com) is een nieuwer protocol dat gebruik maakt van geavanceerde [cryptografie](https://www.wireguard.com/protocol/). Bovendien wil WireGuard eenvoudiger en performanter zijn. + +Mullvad [adviseert](https://mullvad.net/en/help/why-wireguard/) het gebruik van WireGuard met hun dienst. Het is het standaard of enige protocol op Mullvad's Android, iOS, macOS en Linux apps, maar op Windows moet je [handmatig](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard inschakelen. Mullvad biedt ook een WireGuard configuratiegenerator voor gebruik met de officiële WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6-ondersteuning + +Mullvad ondersteunt de toekomst van netwerken [IPv6](https://en.wikipedia.org/wiki/IPv6). Hun netwerk geeft u [toegang tot diensten die gehost worden op IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) in tegenstelling tot andere providers die IPv6-verbindingen blokkeren. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is toegestaan voor mensen die eenmalige betalingen doen, maar niet voor rekeningen met een terugkerende/abonnementsgebaseerde betalingsmethode. Dit is om te voorkomen dat Mullvad je kan identificeren op basis van jouw poortgebruik en opgeslagen abonnementsinformatie. Zie [Port forwarding met Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) voor meer informatie. + +#### :material-check:{ .pg-green } Mobiele Clients + +Mullvad heeft [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) en [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients gepubliceerd, die beide een gebruiksvriendelijke interface ondersteunen in plaats van dat je jouw WireGuard-verbinding handmatig moet configureren. De Android client is ook beschikbaar op [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Aanvullende functionaliteit + +Mullvad is zeer transparant over welke knooppunten zij [bezitten of huren](https://mullvad.net/en/servers/). Ze gebruiken [ShadowSocks](https://shadowsocks.org/) in hun ShadowSocks + OpenVPN-configuratie, waardoor ze beter bestand zijn tegen firewalls met [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) die VPN's proberen te blokkeren. Vermoedelijk moet [China een andere methode gebruiken om ShadowSocks servers te blokkeren](https://github.com/net4people/bbs/issues/22). Mullvad's website is ook toegankelijk via Tor via [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 en Assured AB zijn blij met de resultaten van de audit en de software laat een algehele positieve indruk achter. Dankzij de inzet van het interne team van Mullvad VPN, twijfelen de testers er niet aan dat het project vanuit beveiligingsoogpunt op het juiste spoor zit. + **Proton VPN** is een sterke speler in de VPN-ruimte en is in bedrijf sinds 2016. Proton AG is gevestigd in Zwitserland en biedt een beperkte gratis versie aan en ook een meer uitgebreide premium optie. - In 2020 werd een tweede audit [aangekondigd](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) en werd het [definitieve auditverslag](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) beschikbaar gesteld op de website van Cure53: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacybeleid" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentatie} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Broncode" } - > De resultaten van dit mei-juni 2020 project gericht op het Mullvad complex zijn vrij positief. [...] Het door Mullvad gebruikte totale applicatie-ecosysteem maakt een degelijke en gestructureerde indruk. De algemene structuur van de applicatie maakt het gemakkelijk om patches en fixes op een gestructureerde manier uit te rollen. De bevindingen van Cure53 laten vooral zien hoe belangrijk het is om de huidige lekvectoren voortdurend te controleren en opnieuw te beoordelen, om de privacy van de eindgebruikers altijd te waarborgen. Dat gezegd hebbende, Mullvad beschermt de eindgebruiker uitstekend tegen veelvoorkomende lekken van PII en privacygerelateerde risico's. + ??? downloads "Downloaden" - In 2021 werd een infrastructuuraudit [aangekondigd](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) en werd het [definitieve auditverslag](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) beschikbaar gesteld op de website van Cure53. Een ander rapport werd [in juni 2022] besteld (https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) en is beschikbaar op [de website van Assured](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Cliënts" +#### :material-check:{ .pg-green } 67 Landen - Mullvad biedt de broncode voor hun desktop en mobiele clients in hun [GitHub organisatie](https://github.com/mullvad/mullvadvpn-app). +Proton VPN heeft [servers in 67 landen](https://protonvpn.com/vpn-servers).(1) Door een VPN-provider te kiezen met een server die het dichtst bij je in de buurt staat, verminder je de vertraging van het netwerkverkeer die je verstuurt. Dit komt door een kortere route (minder hops) naar de bestemming. +{ .annotate } -??? success "Accepteert contant geld en Monero" +1. Laatst gecontroleerd: 2022-09-16 - Mullvad accepteert naast creditcards en PayPal ook Bitcoin, Bitcoin Cash, **Monero** en **contant geld/lokale valuta** als anonieme vormen van betaling. Zij aanvaarden ook Swish en bankoverschrijvingen. +Wij denken ook dat het beter is voor de veiligheid van de privésleutels van de VPN-provider als ze [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service) gebruiken, in plaats van goedkopere gedeelde servers (met andere klanten) zoals [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Onafhankelijk geaudit - Mullvad ondersteunt het WireGuard® protocol. [WireGuard](https://www.wireguard.com) is een nieuwer protocol dat gebruik maakt van het modernste [cryptography](https://www.wireguard.com/protocol/). Bovendien wil WireGuard eenvoudiger en performanter zijn. - - Mullvad [recommends](https://mullvad.net/nl/help/why-wireguard/) het gebruik van WireGuard met hun service. Het is het standaard of enige protocol op Mullvad 's Android-, iOS-, macOS- en Linux-apps, maar op Windows moet je [handmatig inschakelen](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad biedt ook een WireGuard configuratie generator aan voor gebruik met de officiële WireGuard [apps](https://www.wireguard.com/install/). +Vanaf januari 2020, heeft Proton VPN een onafhankelijke audit door SEC Consult ondergaan. SEC Consult vond enkele kwetsbaarheden met een gemiddeld en laag risico in de Windows-, Android- en iOS-applicaties van Proton VPN, die allemaal door Proton VPN "naar behoren waren verholpen" voordat de rapporten werden gepubliceerd. Geen van de geconstateerde problemen zou een aanvaller op afstand toegang hebben verschaft tot jouw apparaat of verkeer. Je kunt individuele rapporten voor elk platform bekijken op [protonvpn.com](https://protonvpn.com/blog/open-source/). In april 2022 onderging Proton VPN [nog een audit](https://protonvpn.com/blog/no-logs-audit/) en het rapport werd [opgesteld door Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). Een [attestatiebrief](https://proton.me/blog/security-audit-all-proton-apps) werd op 9 november 2021 voor de apps van Proton VPN verstrekt door [Securitum](https://research.securitum.com). -??? success "IPv6 ondersteuning" +#### :material-check:{ .pg-green } Open-source clients - Mullvad ondersteunt de toekomst van networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Hun netwerk laat je toe [toegang te krijgen tot diensten die gehost worden op IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) in tegenstelling tot andere providers die IPv6-verbindingen blokkeren. +Proton VPN levert de broncode voor hun desktop en mobiele clients in hun [GitHub organisatie](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepteert contant geld - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is toegestaan voor mensen die eenmalige betalingen doen, maar niet voor rekeningen met een terugkerende/abonnementsgebaseerde betalingsmethode. Dit is om te voorkomen dat Mullvad je kan identificeren op basis van jouw poortgebruik en opgeslagen abonnementsinformatie. Zie [Port forwarding met Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) voor meer informatie. +Proton VPN accepteert, naast credit/debit cards, PayPal en [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), ook **contant geld** als anonieme vorm van betaling. -??? success "Mobiele klanten" +#### :material-check:{ .pg-green } WireGuard ondersteuning - Mullvad heeft [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) en [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients gepubliceerd, die beide een gebruiksvriendelijke interface ondersteunen in plaats van je te verplichten jouw WireGuard-verbinding handmatig te configureren. De Android-client is ook beschikbaar op [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN ondersteunt hoofdzakelijk het WireGuard® protocol. [WireGuard](https://www.wireguard.com) is een nieuwer protocol dat gebruik maakt van geavanceerde [cryptografie](https://www.wireguard.com/protocol/). Bovendien wil WireGuard eenvoudiger en performanter zijn. -??? info "Aanvullende Functionaliteit" +Proton VPN [adviseert](https://protonvpn.com/blog/wireguard/) het gebruik van WireGuard met hun dienst. Op de Windows, macOS, iOS, Android, ChromeOS en Android TV apps van Proton VPN is WireGuard het standaardprotocol; [ondersteuning](https://protonvpn.com/support/how-to-change-vpn-protocols/) voor het protocol is echter niet aanwezig in hun Linux app. - Mullvad is zeer transparant over welke knooppunten zij [bezitten of huren] (https://mullvad.net/en/servers/). Ze gebruiken [ShadowSocks](https://shadowsocks.org/) in hun ShadowSocks + OpenVPN configuratie, waardoor ze beter bestand zijn tegen firewalls met [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) die VPN's proberen te blokkeren. Vermoedelijk, [China moet een andere methode gebruiken om ShadowSocks servers te blokkeren](https://github.com/net4people/bbs/issues/22). De website van Mullvad is ook toegankelijk via Tor op [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN ondersteunt momenteel alleen remote [port forwarding](https://protonvpn.com/support/port-forwarding/) op Windows, wat van invloed kan zijn op sommige toepassingen. Vooral Peer-to-peer-toepassingen zoals Torrent-cliënten. + +#### :material-check:{ .pg-green } Mobiele Clients + +Naast het leveren van standaard OpenVPN-configuratiebestanden, heeft Proton VPN mobiele clients voor [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), en [GitHub](https://github.com/ProtonVPN/android-app/releases) die eenvoudige verbindingen met hun servers mogelijk maken. + +#### :material-information-outline:{ .pg-blue } Aanvullende functionaliteit + +Proton VPN heeft eigen servers en datacenters in Zwitserland, IJsland en Zweden. Ze bieden adblocking en het blokkeren van bekende malware domeinen met hun DNS service. Ze bieden adblocking en blokkering van bekende malwaredomeinen met hun DNS-dienst. Bovendien biedt Proton VPN ook "Tor" -servers waarmee je eenvoudig verbinding kunt maken met. onion sites, maar we raden je nog steeds ten zeerste aan om hiervoor [de officiële Tor Browser](https://www.torproject.org/) te gebruiken. + +#### :material-alert-outline:{ .pg-orange } Killswitch-functie is kapot op Intel-gebaseerde Macs + +Systeemcrashes [kunnen optreden](https://protonvpn.com/support/macos-t2-chip-kill-switch/) op Intel-gebaseerde Macs bij het gebruik van de VPN killswitch. Als je deze functie nodig hebt, en je gebruikt een Mac met Intel-chipset, moet je overwegen een andere VPN-dienst te gebruiken. ## Criteria @@ -255,13 +261,13 @@ Wij geven er de voorkeur aan dat de door ons aanbevolen aanbieders zo weinig mog **Minimum om in aanmerking te komen:** -- Monero of contante betaling. +- [Anonieme cryptocurrency](cryptocurrency.md) **of** cash betalingsoptie. - Geen persoonlijke informatie nodig om te registreren: Hooguit gebruikersnaam, wachtwoord en e-mail. **Beste geval:** -- Accepteert Monero, contant geld, en andere vormen van anonieme betalingsopties (cadeaubonnen, enz.) -- Geen persoonlijke informatie aanvaard (automatisch gegenereerde gebruikersnaam, geen e-mail nodig, enz.) +- Accepteert meerdere [anonieme betalingsopties](advanced/payments.md). +- Er wordt geen persoonlijke informatie geaccepteerd (automatisch gegenereerde gebruikersnaam, geen e-mail vereist, enz.). ### Veiligheid @@ -319,5 +325,3 @@ Verantwoorde marketing die zowel educatief als nuttig is voor de consument zou k ### Extra functionaliteit Hoewel het geen strikte vereisten zijn, zijn er enkele factoren die wij in aanmerking hebben genomen bij het bepalen van de aanbieders die wij aanbevelen. Deze omvatten adblocking/tracker-blocking-functionaliteit, warrant canaries, multihop-verbindingen, uitstekende klantenondersteuning, het aantal toegestane gelijktijdige verbindingen, enz. - ---8<-- "includes/abbreviations.nl.txt" diff --git a/i18n/pl/404.md b/i18n/pl/404.md index f0f4bec0..3c0a285c 100644 --- a/i18n/pl/404.md +++ b/i18n/pl/404.md @@ -1,17 +1,19 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- -# 404 - Not Found +# 404 - Nie znaleziono We couldn't find the page you were looking for! Maybe you were looking for one of these? -- [Introduction to Threat Modeling](basics/threat-modeling.md) -- [Recommended DNS Providers](dns.md) -- [Best Desktop Web Browsers](desktop-browsers.md) -- [Best VPN Providers](vpn.md) -- [Privacy Guides Forum](https://discuss.privacyguides.net) -- [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.pl.txt" +- [Wprowadzenie do modelowania zagrożeń](basics/threat-modeling.md) +- [Polecani dostawcy DNS](dns.md) +- [Najlepsze przeglądarki internetowe na komputer](desktop-browsers.md) +- [Najlepszy VPN](vpn.md) +- [Forum Privacy Guides](https://discuss.privacyguides.net) +- [Nasz blog](https://blog.privacyguides.org) diff --git a/i18n/pl/about/criteria.md b/i18n/pl/about/criteria.md index f2e96c12..3084230b 100644 --- a/i18n/pl/about/criteria.md +++ b/i18n/pl/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/about/donate.md b/i18n/pl/about/donate.md index 73bae286..192953b8 100644 --- a/i18n/pl/about/donate.md +++ b/i18n/pl/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin Od czasu do czasu kupujemy produkty oraz usługi w celu przetestowania naszych [polecanych narzędzi](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/about/index.md b/i18n/pl/about/index.md index 950ea827..619406fe 100644 --- a/i18n/pl/about/index.md +++ b/i18n/pl/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/about/notices.md b/i18n/pl/about/notices.md index 47d7c3f4..78800766 100644 --- a/i18n/pl/about/notices.md +++ b/i18n/pl/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/about/privacy-policy.md b/i18n/pl/about/privacy-policy.md index 3f7f65c0..c1522756 100644 --- a/i18n/pl/about/privacy-policy.md +++ b/i18n/pl/about/privacy-policy.md @@ -1,5 +1,5 @@ --- -title: "Privacy Policy" +title: "Polityka prywatności" --- Privacy Guides to projekt społecznościowy prowadzony przez wielu aktywnych wolontariuszy. Publiczna lista członków zespołu [jest dostępna na GitHub](https://github.com/orgs/privacyguides/people). @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). Zastrzegamy sobie prawo do zmiany sposobu ogłaszania zmian w przyszłych wersjach tego dokumentu. W międzyczasie możemy aktualizować nasze informacje kontaktowe w dowolnym momencie bez ogłaszania tej zmiany. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/about/privacytools.md b/i18n/pl/about/privacytools.md index 46af2add..515c21f5 100644 --- a/i18n/pl/about/privacytools.md +++ b/i18n/pl/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/about/services.md b/i18n/pl/about/services.md index a5af3086..71f2c95b 100644 --- a/i18n/pl/about/services.md +++ b/i18n/pl/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/about/statistics.md b/i18n/pl/about/statistics.md index d5cc14ac..8f17240c 100644 --- a/i18n/pl/about/statistics.md +++ b/i18n/pl/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/advanced/communication-network-types.md b/i18n/pl/advanced/communication-network-types.md index 7acf22fa..1f07a2c4 100644 --- a/i18n/pl/advanced/communication-network-types.md +++ b/i18n/pl/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/advanced/dns-overview.md b/i18n/pl/advanced/dns-overview.md index 01f96575..8457d85b 100644 --- a/i18n/pl/advanced/dns-overview.md +++ b/i18n/pl/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/advanced/payments.md b/i18n/pl/advanced/payments.md new file mode 100644 index 00000000..7e046ecd --- /dev/null +++ b/i18n/pl/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/pl/advanced/tor-overview.md b/i18n/pl/advanced/tor-overview.md index d92addd8..69cc70f2 100644 --- a/i18n/pl/advanced/tor-overview.md +++ b/i18n/pl/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.pl.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/pl/android.md b/i18n/pl/android.md index 58e9121a..cfe21b0d 100644 --- a/i18n/pl/android.md +++ b/i18n/pl/android.md @@ -1,11 +1,12 @@ --- title: "Android" icon: 'fontawesome/brands/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } -The **Android Open Source Project** is an open-source mobile operating system led by Google which powers the majority of the world's mobile devices. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features. +**Android Open Source Project** to system operacyjny o otwartym kodzie źródłowym przeznaczony na urządzenia mobilne, który jest rozwijany przez Google i działa na większości urządzeń mobilnych na Ziemi. Most phones sold with Android are modified to include invasive integrations and apps such as Google Play Services, so you can significantly improve your privacy on your mobile device by replacing your phone's default installation with a version of Android without these invasive features. [:octicons-home-16:](https://source.android.com/){ .card-link title=Homepage } [:octicons-info-16:](https://source.android.com/docs){ .card-link title=Documentation} @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. rekomendacja -- [Ogólny przegląd Androida i zalecenia :hero-arrow-circle-right-fill:](os/android-overview.md) -- [Dlaczego polecamy GrapheneOS zamiast CalyxOS :hero-arrow-circle-right-fill:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## Pochodne AOSP @@ -41,7 +43,7 @@ We recommend installing one of these custom Android operating systems on your de [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } -DivestOS posiada zautomatyzowane [naprawianie](https://gitlab.com/divested-mobile/cve_checker) luk bezpieczeństwa jądra ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)), mniej zastrzeżonych moduów, własny plik [hosts](https://divested.dev/index.php?page=dnsbl) oraz [F-Droid](https://www.f-droid.org) jako sklep z aplikacjami. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. +GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). @@ -63,9 +65,9 @@ Google Pixel phones are the only devices that currently meet GrapheneOS's [hardw DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. -DivestOS implements some system hardening patches originally developed for GrapheneOS. Systemy oraz oprogramowanie sprzętowe urządzeń mobilnych są wspierane tylko przez ograniczony czas, więc kupno nowego urządzenia wydłuża jego żywotność do maksimum. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). +DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). -Unikaj kupowania urządzeń od operatorów sieci komórkowych. Posiadają one często **zablokowany program rozruchowy** i nie mają wsparcia dla [odblokowania OEM](https://source.android.com/devices/bootloader/locking_unlocking). Te warianty urządzeń uniemożliwią Ci zainstalowanie jakiejkolwiek alternatywnej dystrybucji Androida. We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. +DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. !!! warning @@ -77,14 +79,14 @@ Unikaj kupowania urządzeń od operatorów sieci komórkowych. Posiadają one cz When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. -Urządzenia Google Pixel są **jedynymi** urządzeniami, które polecamy zakupić. Te urządzenia posiadają silniejsze zabezpieczenia sprzętowe niż jakiekolwiek inne urządzenia z Androidem obecnie dostępne na rynku dzięki odpowiedniemu wsparciu AVB dla alternatywnych systemów operacyjnych oraz układom bezpieczeństwa Google [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) działającymi jako Bezpieczna enklawa. These phone variants will prevent you from installing any kind of alternative Android distribution. +Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution. Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner. A few more tips regarding Android devices and operating system compatibility: -- Nie kupuj urządzeń, których okres wsparcia dobiegł końca lub zbliża się do tego momentu, ponieważ dodatkowe aktualizacje bezpieczeństwa muszą zostać dostarczone przez producenta. -- Nie kupuj urządzeń z fabrycznie wgranym LineageOS lub /e/ OS lub jakiegokolwiek urządzenia z Androidem bez odpowiedniego wsparcia dla [Zweryfikowanego rozruchu](https://source.android.com/security/verifiedboot) oraz aktualizacji oprogramowania. Na tych urządzeniach nie można również sprawdzić, czy ktoś z nimi nie eksperymentował. +- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer. +- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with. - In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net/) to find details! ### Google Pixel @@ -251,7 +253,7 @@ The Google Play Store requires a Google account to login which is not great for - [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases) -Aurora Store does not allow you to download paid apps with their anonymous account feature. [Aurora Store](https://auroraoss.com/download/AuroraStore/) (klient Sklepu Google Play) tego nie wymaga i działa w większości przypadków. +Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device. ### GrapheneOS App Store @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/basics/account-creation.md b/i18n/pl/basics/account-creation.md index 40dbcd5a..afa5d429 100644 --- a/i18n/pl/basics/account-creation.md +++ b/i18n/pl/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/basics/account-deletion.md b/i18n/pl/basics/account-deletion.md index abcaa507..ead15df3 100644 --- a/i18n/pl/basics/account-deletion.md +++ b/i18n/pl/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/basics/common-misconceptions.md b/i18n/pl/basics/common-misconceptions.md index a85efe59..41997417 100644 --- a/i18n/pl/basics/common-misconceptions.md +++ b/i18n/pl/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.pl.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/pl/basics/common-threats.md b/i18n/pl/basics/common-threats.md index 0de46265..e278c0cb 100644 --- a/i18n/pl/basics/common-threats.md +++ b/i18n/pl/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.pl.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/pl/basics/email-security.md b/i18n/pl/basics/email-security.md index 9593ee2c..f0c2fb57 100644 --- a/i18n/pl/basics/email-security.md +++ b/i18n/pl/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/basics/multi-factor-authentication.md b/i18n/pl/basics/multi-factor-authentication.md index 3f50a6c7..9259d8b7 100644 --- a/i18n/pl/basics/multi-factor-authentication.md +++ b/i18n/pl/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Uwierzytelnianie wieloskładnikowe" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Uwierzytelnianie wieloskładnikowe** to mechanizm zabezpieczeń, który wymaga dodatkowych czynności poza wprowadzeniem nazwy użytkownika (lub e-maila) oraz hasła. Najczęściej spotykaną metodą są ograniczone czasowo kody otrzymywane poprzez wiadomość SMS lub aplikację. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/basics/passwords-overview.md b/i18n/pl/basics/passwords-overview.md index c596d8b0..a18b788e 100644 --- a/i18n/pl/basics/passwords-overview.md +++ b/i18n/pl/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Kopie zapasowe You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/basics/threat-modeling.md b/i18n/pl/basics/threat-modeling.md index a9786ffe..2b52e6ae 100644 --- a/i18n/pl/basics/threat-modeling.md +++ b/i18n/pl/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Czym są modele zagrożeń" icon: 'material/target-account' +description: Osiągnięcie kompromisu pomiędzy bezpieczeństwem, prywatnością oraz łatwością korzystania jest pierwszym, a zarazem najtrudniejszym zadaniem z jakim przyjdzie Ci się zmierzyć na swojej drodze do prywatności. --- Osiągnięcie kompromisu pomiędzy bezpieczeństwem, prywatnością oraz łatwością korzystania jest pierwszym, a zarazem najtrudniejszym zadaniem z jakim przyjdzie Ci się zmierzyć na swojej drodze do prywatności. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Źródła - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/basics/vpn-overview.md b/i18n/pl/basics/vpn-overview.md index 6c7660e4..a1a007f5 100644 --- a/i18n/pl/basics/vpn-overview.md +++ b/i18n/pl/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/calendar.md b/i18n/pl/calendar.md index de724097..4d5b9f55 100644 --- a/i18n/pl/calendar.md +++ b/i18n/pl/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -68,5 +69,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/cloud.md b/i18n/pl/cloud.md index 4a9c053e..1ec79fa5 100644 --- a/i18n/pl/cloud.md +++ b/i18n/pl/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/cryptocurrency.md b/i18n/pl/cryptocurrency.md new file mode 100644 index 00000000..8721af78 --- /dev/null +++ b/i18n/pl/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! rekomendacja + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/pl/data-redaction.md b/i18n/pl/data-redaction.md index 15cfda67..4cace524 100644 --- a/i18n/pl/data-redaction.md +++ b/i18n/pl/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/desktop-browsers.md b/i18n/pl/desktop-browsers.md index 0c8d6b45..ac30fb8a 100644 --- a/i18n/pl/desktop-browsers.md +++ b/i18n/pl/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.pl.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/pl/desktop.md b/i18n/pl/desktop.md index 3f4000b3..7466b4b8 100644 --- a/i18n/pl/desktop.md +++ b/i18n/pl/desktop.md @@ -1,6 +1,7 @@ --- title: "Magazyny chmurowe" icon: fontawesome/brands/linux +description: Dystrybucje systemu Linux są powszechnie polecane, jeśli chodzi o ochronę prywatności oraz wolne oprogramowanie. --- Dystrybucje systemu Linux są powszechnie polecane, jeśli chodzi o ochronę prywatności oraz wolne oprogramowanie. Jeśli nie korzystasz jeszcze z systemu Linux, poniżej znajdziesz kilka dystrybucji, które polecamy wypróbować oraz kilka ogólnych porad dotyczących lepszej prywatności i bezpieczeństwa, które mają zastosowanie dla wielu dystrybucji systemu Linux. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/dns.md b/i18n/pl/dns.md index f326defd..0275f479 100644 --- a/i18n/pl/dns.md +++ b/i18n/pl/dns.md @@ -1,24 +1,23 @@ --- -title: "DNS Resolvers" +title: "Rekursywne serwery nazw" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Szyfrowany DNS nie pomoże Ci w ukryciu jakiejkolwiek aktywności w Internecie. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} -## Recommended Providers +## Rekomendowani dostawcy -| DNS Provider | Privacy Policy | Protocols | Logging | ECS | Filtering | -| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------ | -| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
    DoH/3
    DoT
    DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | -| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
    DoH/3
    DoT | Some[^2] | No | Based on server choice. | -| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
    DoH/3
    DoT
    DoQ | Optional[^3] | No | Based on server choice. | -| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
    DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | -| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
    DoH/3
    DoT | Optional[^5] | Optional | Based on server choice. | -| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
    DoH
    DoT
    DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. | +| Dostawca DNS | Polityka prywatności | Protokoły | Rejestrowane dane | ECS | Filtrowanie | +| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ----------------- | --------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
    DoH/3
    DoT
    DNSCrypt | Niektóre[^1] | Nie | Zależne od wybranego serwera. Listę filtrowania możesz znaleźć tutaj: [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
    DoH/3
    DoT | Niektóre[^2] | Nie | Zależne od wybranego serwera. | +| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
    DoH/3
    DoT
    DoQ | Do wyboru[^3] | Nie | Zależne od wybranego serwera. | +| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
    DoT | Żadne[^4] | Nie | Zależne od wybranego serwera. Listę filtrowania możesz znaleźć tutaj: [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | +| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
    DoH/3
    DoT | Do wyboru[^5] | Do wyboru | Zależne od wybranego serwera. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
    DoH
    DoT
    DNSCrypt | Niektóre[^6] | Do wyboru | Zależne od wybranego serwera. Złośliwe zasoby blokowane automatycznie. | ## Criteria @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.pl.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/pl/email-clients.md b/i18n/pl/email-clients.md index 09dfdfe4..db8baa99 100644 --- a/i18n/pl/email-clients.md +++ b/i18n/pl/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/email.md b/i18n/pl/email.md index e820464b..2cc31c53 100644 --- a/i18n/pl/email.md +++ b/i18n/pl/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
    + +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
    !!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
    + +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
    ### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
    + +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
    + Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/encryption.md b/i18n/pl/encryption.md index ccb3fbf1..ac015322 100644 --- a/i18n/pl/encryption.md +++ b/i18n/pl/encryption.md @@ -1,6 +1,7 @@ --- title: "Oprogramowanie szyfrujące" icon: material/file-lock +description: Szyfrowanie danych to jedyny sposób na kontrolowanie tego, kto ma do nich dostęp. These tools allow you to encrypt your emails and any other files. --- Szyfrowanie danych to jedyny sposób na kontrolowanie tego, kto ma do nich dostęp. Jeśli obecnie nie używasz oprogramowania szyfrującego dla swojego dysku, e-maili lub plików, możesz wybrać jedną z tych opcji. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/file-sharing.md b/i18n/pl/file-sharing.md index 7c5c2668..1868bf2f 100644 --- a/i18n/pl/file-sharing.md +++ b/i18n/pl/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Dowiedz się, jak prywatnie udostępniać piki pomiędzy swoimi urządzeniami, ze znajomymi lub rodziną lub anonimowo w sieci. --- Dowiedz się, jak prywatnie udostępniać piki pomiędzy swoimi urządzeniami, ze znajomymi lub rodziną lub anonimowo w sieci. @@ -152,5 +153,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/financial-services.md b/i18n/pl/financial-services.md new file mode 100644 index 00000000..95af41ad --- /dev/null +++ b/i18n/pl/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! rekomendacja + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! rekomendacja + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! rekomendacja + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! rekomendacja + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/pl/frontends.md b/i18n/pl/frontends.md index 3b041ef0..dd2122b6 100644 --- a/i18n/pl/frontends.md +++ b/i18n/pl/frontends.md @@ -1,6 +1,7 @@ --- title: "Menedżery haseł" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/index.md b/i18n/pl/index.md index 19b703ce..36687c09 100644 --- a/i18n/pl/index.md +++ b/i18n/pl/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/kb-archive.md b/i18n/pl/kb-archive.md index 629dbfe2..e588f3c5 100644 --- a/i18n/pl/kb-archive.md +++ b/i18n/pl/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integracja usuwania metadanych](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/meta/brand.md b/i18n/pl/meta/brand.md index 896f1703..53cb9ac4 100644 --- a/i18n/pl/meta/brand.md +++ b/i18n/pl/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/meta/git-recommendations.md b/i18n/pl/meta/git-recommendations.md index 7d1c2668..f59b5f81 100644 --- a/i18n/pl/meta/git-recommendations.md +++ b/i18n/pl/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/meta/uploading-images.md b/i18n/pl/meta/uploading-images.md index 58a7b0f4..55f136f8 100644 --- a/i18n/pl/meta/uploading-images.md +++ b/i18n/pl/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/meta/writing-style.md b/i18n/pl/meta/writing-style.md index b5b31357..b9e47a71 100644 --- a/i18n/pl/meta/writing-style.md +++ b/i18n/pl/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/mobile-browsers.md b/i18n/pl/mobile-browsers.md index a89eebfc..9d6b80ca 100644 --- a/i18n/pl/mobile-browsers.md +++ b/i18n/pl/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Przeglądarki mobilne" icon: octicons/device-mobile-16 +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- Oto obecnie polecane przez nas przeglądarki mobilne oraz ich konfiguracje. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. Ogólnie rzecz biorąc, zalecamy ograniczenie rozszerzeń do minimum; posiadają one uprzywilejowany dostęp do Twojej przeglądarki, wymagają zaufania do twórcy, mogą wspomóc [personalizowanie](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint) oraz [osłabić](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) izolację witryn. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/multi-factor-authentication.md b/i18n/pl/multi-factor-authentication.md index cb7f9e88..e222c7e0 100644 --- a/i18n/pl/multi-factor-authentication.md +++ b/i18n/pl/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/news-aggregators.md b/i18n/pl/news-aggregators.md index 65538dc6..8068bf49 100644 --- a/i18n/pl/news-aggregators.md +++ b/i18n/pl/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/notebooks.md b/i18n/pl/notebooks.md index 4540fd5f..cb812f44 100644 --- a/i18n/pl/notebooks.md +++ b/i18n/pl/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notatniki" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Prowadź swoje notatniki i dzienniki bez udostępniania ich stronom trzecim. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/os/android-overview.md b/i18n/pl/os/android-overview.md index b705b0df..7787caaf 100644 --- a/i18n/pl/os/android-overview.md +++ b/i18n/pl/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: fontawesome/brands/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android to bezpieczny system operacyjny, który posiada silną [izolację aplikacji](https://source.android.com/security/app-sandbox), [Weryfikację rozruchu](https://source.android.com/security/verifiedboot) (AVB), oraz solidny system kontroli [uprawnień](https://developer.android.com/guide/topics/permissions/overview). @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Uprawnienia systemu Android -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Profile użytkowników @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/os/linux-overview.md b/i18n/pl/os/linux-overview.md index 78e266ce..e0d85bc3 100644 --- a/i18n/pl/os/linux-overview.md +++ b/i18n/pl/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: fontawesome/brands/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/os/qubes-overview.md b/i18n/pl/os/qubes-overview.md index 0e92c5dc..1325d97c 100644 --- a/i18n/pl/os/qubes-overview.md +++ b/i18n/pl/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/passwords.md b/i18n/pl/passwords.md index 4c958bd1..48f2b1ec 100644 --- a/i18n/pl/passwords.md +++ b/i18n/pl/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/productivity.md b/i18n/pl/productivity.md index f45343ad..1b6b6db2 100644 --- a/i18n/pl/productivity.md +++ b/i18n/pl/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/real-time-communication.md b/i18n/pl/real-time-communication.md index afbe3471..7e9c8a31 100644 --- a/i18n/pl/real-time-communication.md +++ b/i18n/pl/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/router.md b/i18n/pl/router.md index c495b5c0..7653b9ac 100644 --- a/i18n/pl/router.md +++ b/i18n/pl/router.md @@ -1,6 +1,7 @@ --- title: "Oprogramowanie routera" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Poniżej wymieniono kilka alternatywnych systemów operacyjnych, które możesz zainstalować na swoim routerze, punkcie dostępowym Wi-Fi itp. @@ -48,5 +49,3 @@ OPNsense zostało pierwotnie opracowane na podstawie [pfSense](https://en.wikipe - Wymagane jest otwarte źródło. - Wymagane są regularne aktualizacje. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/search-engines.md b/i18n/pl/search-engines.md index 1669cfaf..22c86ff0 100644 --- a/i18n/pl/search-engines.md +++ b/i18n/pl/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/tools.md b/i18n/pl/tools.md index ec3295aa..b8c002fa 100644 --- a/i18n/pl/tools.md +++ b/i18n/pl/tools.md @@ -3,6 +3,7 @@ title: "Narzędzia ochrony prywatności" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- Jeśli szukasz konkretnego rozwiązania, oto polecane przez nas narzędzia oraz oprogramowanie w różnych kategoriach. Polecane przez nas narzędzia zostały wybrane głównie na podstawie funkcji zabezpieczeń z dodatkowym naciskiem na te o zdecentralizowane i o otwartym kodzie żródłowym. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
    -- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Dowiedz się więcej :hero-arrow-circle-right-fill:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
    + +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
    + +[Dowiedz się więcej :hero-arrow-circle-right-fill:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
    + +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
    + +[Dowiedz się więcej :hero-arrow-circle-right-fill:](financial-services.md#gift-card-marketplaces) + ### Search Engines
    @@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
    @@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Dowiedz się więcej :hero-arrow-circle-right-fill:](calendar.md) +### Cryptocurrency + +
    + +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
    + +[Dowiedz się więcej :hero-arrow-circle-right-fill:](cryptocurrency.md) + ### Data and Metadata Redaction
    @@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    [Dowiedz się więcej :hero-arrow-circle-right-fill:](video-streaming.md) - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/tor.md b/i18n/pl/tor.md index 63a26275..2d448841 100644 --- a/i18n/pl/tor.md +++ b/i18n/pl/tor.md @@ -1,6 +1,7 @@ --- title: "Przeglądarki internetowe" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
    - ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
    Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
    -
    - -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/video-streaming.md b/i18n/pl/video-streaming.md index d51c7c01..a89a6ffd 100644 --- a/i18n/pl/video-streaming.md +++ b/i18n/pl/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Strumieniowanie filmów" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- Podstawowym zagrożeniem związanym z korzystaniem z platformy do strumieniowania filmów jest to, że Twoje nawyki dotyczące strumieniowania oraz listy subskrypcyjne mogą zostać wykorzystane do profilowania Ciebie. Warto połączyć te narzędzia z [VPN](vpn.md) lub [Tor](https://www.torproject.org/), aby utrudnić profilowanie. @@ -50,5 +51,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pl/vpn.md b/i18n/pl/vpn.md index 2073c392..8f4738b0 100644 --- a/i18n/pl/vpn.md +++ b/i18n/pl/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
    + +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
    + +!!! danger "VPNs do not provide anonymity" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +## Rekomendowani dostawcy -## Recommended Providers - -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.pl.txt" diff --git a/i18n/pt-BR/404.md b/i18n/pt-BR/404.md index 0b626e1e..a2ee2ba0 100644 --- a/i18n/pt-BR/404.md +++ b/i18n/pt-BR/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Não encontrado @@ -13,5 +17,3 @@ Não conseguimos encontrar a página que você estava procurando! Talvez você e - [Melhores serviços de VPN](vpn.md) - [Fórum do Privacy Guides](https://discuss.privacyguides.net) - [Nosso Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/criteria.md b/i18n/pt-BR/about/criteria.md index cfb1252c..3084230b 100644 --- a/i18n/pt-BR/about/criteria.md +++ b/i18n/pt-BR/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/donate.md b/i18n/pt-BR/about/donate.md index 490497a9..32e48ff0 100644 --- a/i18n/pt-BR/about/donate.md +++ b/i18n/pt-BR/about/donate.md @@ -48,5 +48,3 @@ Nós hospedamos [serviços de internet](https://privacyguides.net) para teste e Ocasionamente adquirimos produtos e serviços com o propósito de testar as nossas [ferramentas recomendadas](../tools.md). Ainda estamos a trabalhar com o nosso anfitrião fiscal (a Open Collective Foundation) para receber doações em criptomoeda. No momento a contabilidade não é viável para muitas transações menores, mas isso deve mudar no futuro. Enquanto isso, se você deseja fazer uma doação de criptomoeda considerável (> $100), entre em contato com [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/index.md b/i18n/pt-BR/about/index.md index 1869f484..619406fe 100644 --- a/i18n/pt-BR/about/index.md +++ b/i18n/pt-BR/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/notices.md b/i18n/pt-BR/about/notices.md index c6fdff4a..57185994 100644 --- a/i18n/pt-BR/about/notices.md +++ b/i18n/pt-BR/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Mineração de dados * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/privacy-policy.md b/i18n/pt-BR/about/privacy-policy.md index 4299a53c..e8c74d87 100644 --- a/i18n/pt-BR/about/privacy-policy.md +++ b/i18n/pt-BR/about/privacy-policy.md @@ -1,5 +1,5 @@ --- -title: "Privacy Policy" +title: "Política de Privacidade" --- Privacy Guides is a community project operated by a number of active volunteer contributors. The public list of team members [can be found on GitHub](https://github.com/orgs/privacyguides/people). @@ -8,12 +8,12 @@ Privacy Guides is a community project operated by a number of active volunteer c The privacy of our website visitors is important to us, so we do not track any individual people. As a visitor to our website: -- No personal information is collected +- Nenhuma informação pessoal é coletada - No information such as cookies are stored in the browser - No information is shared with, sent to or sold to third-parties - No information is shared with advertising companies - No information is mined and harvested for personal and behavioral trends -- No information is monetized +- Nenhuma informação é monetizada You can view the data we collect on our [statistics](statistics.md) page. @@ -29,7 +29,7 @@ To sign up for most accounts, we will collect a name, username, email, and passw We use your account data to identify you on the website and to create pages specific to you, such as your profile page. We will also use your account data to publish a public profile for you on our services. -We use your email to: +Nós usamos o seu e-mail para: - Notify you about posts and other activity on the websites or services. - Reset your password and help keep your account secure. @@ -40,7 +40,7 @@ On some websites and services you may provide additional information for your ac We will store your account data as long as your account remains open. After closing an account, we may retain some or all of your account data in the form of backups or archives for up to 90 days. -## Contacting Us +## Fale Conosco The Privacy Guides team generally does not have access to personal data outside of limited access granted via some moderation panels. Inquiries regarding your personal information should be sent directly to: @@ -54,10 +54,8 @@ For all other inquiries, you can contact any member of our team. Para queixas no âmbito da GDPR em geral, você pode apresentar queixas às suas autoridades supervisoras locais de proteção de dados. Na França, é a Commission Nationale de l'Informatique et des Libertés que cuida e lida com as queixas. Eles fornecem um [modelo de carta de reclamação](https://www.cnil.fr/en/plaintes) para usar. -## About This Policy +## Sobre esta Política We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/privacytools.md b/i18n/pt-BR/about/privacytools.md index f74ea6bd..dc483628 100644 --- a/i18n/pt-BR/about/privacytools.md +++ b/i18n/pt-BR/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/services.md b/i18n/pt-BR/about/services.md index d4a69ebc..48ee99c4 100644 --- a/i18n/pt-BR/about/services.md +++ b/i18n/pt-BR/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Disponibilidade: Semi-Público Hospedamos o Invidious principalmente para veicular vídeos incorporados do YouTube em nosso site, esta instância não se destina ao uso geral e pode ser limitada a qualquer momento. - Fonte: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/about/statistics.md b/i18n/pt-BR/about/statistics.md index 517109ad..8f17240c 100644 --- a/i18n/pt-BR/about/statistics.md +++ b/i18n/pt-BR/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/advanced/communication-network-types.md b/i18n/pt-BR/advanced/communication-network-types.md index dda1fcfe..ec863db5 100644 --- a/i18n/pt-BR/advanced/communication-network-types.md +++ b/i18n/pt-BR/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Tipos de redes de comunicação" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- Existem várias arquiteturas de rede comumente usadas para retransmitir mensagens entre pessoas. Essas redes podem fornecer diferentes garantias de privacidade, e é por isso que vale a pena considerar seu [modelo de ameaça](../basics/threat-modeling.md) ao decidir qual aplicativo usar. @@ -100,5 +101,3 @@ A auto-hospedagem de um nó em uma rede de roteamento anônimo não fornece ao h - Menos confiável se os nós são selecionados por roteamento randomizado, alguns nós podem estar muito longe do remetente e do receptor, adicionando latência ou mesmo não transmitindo mensagens se um dos nós ficar offline. - Mais complexo para começar, pois é necessária a criação e o backup seguro de uma chave privada criptográfica. - Assim como outras plataformas descentralizadas, adicionar recursos é mais complexo para os desenvolvedores do que em uma plataforma centralizada. Assim, os recursos podem estar faltando ou incompletamente implementados, como retransmissão de mensagens offline ou exclusão de mensagens. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/advanced/dns-overview.md b/i18n/pt-BR/advanced/dns-overview.md index 429b36cd..bd4061cc 100644 --- a/i18n/pt-BR/advanced/dns-overview.md +++ b/i18n/pt-BR/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "Introdução ao DNS" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/advanced/payments.md b/i18n/pt-BR/advanced/payments.md new file mode 100644 index 00000000..cbc1846f --- /dev/null +++ b/i18n/pt-BR/advanced/payments.md @@ -0,0 +1,85 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Criptomoedas + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! aviso + Você **nunca** deve instalar quaisquer extensões adicionais no Tor Browser, incluindo as que sugerimos para o Firefox. + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/pt-BR/advanced/tor-overview.md b/i18n/pt-BR/advanced/tor-overview.md index 25cc0834..61dc2ec4 100644 --- a/i18n/pt-BR/advanced/tor-overview.md +++ b/i18n/pt-BR/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [Como funciona o Tor - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Serviços Tor Onion - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.pt-BR.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/pt-BR/android.md b/i18n/pt-BR/android.md index aa7a84d1..c98fc633 100644 --- a/i18n/pt-BR/android.md +++ b/i18n/pt-BR/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,20 +14,21 @@ O **Android Open Source Project** é um sistema operacional de código aberto li Estes são os sistemas operacionais, dispositivos e aplicações Android que recomendamos para maximizar a segurança e privacidade do seu dispositivo móvel. Para saber mais sobre o Android: -- [Visão geral do Android :material-arrow-right-drop-circle:](os/android-overview.md) -- [Por que recomendamos o GrapheneOS em vez do CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[Visão Geral do Android :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Por que recomendamos o GrapheneOS em vez do CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## Derivados do AOSP Recomendamos instalar um desses sistemas operacionais Android personalizados em seu dispositivo, listados em ordem de preferência, dependendo da compatibilidade do seu dispositivo com esses sistemas operacionais. -!!! note +!!! nota Os dispositivos em fim de vida útil (como os dispositivos GrapheneOS ou "suporte estendido" da CalyxOS) não possuem patches de segurança completos (atualizações de firmware) devido à interrupção do suporte do OEM. Estes dispositivos não podem ser considerados completamente seguros, independentemente do software instalado. ### GrapheneOS -!!! recommendation +!!! recomendação ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ align=right } ![GrapheneOS logo](assets/img/android/grapheneos-dark.svg#only-dark){ align=right } @@ -41,13 +43,13 @@ Recomendamos instalar um desses sistemas operacionais Android personalizados em [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } -GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. +GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. Isso significa que você pode tirar proveito da maioria dos Google Play Services, como [notificações push](https://firebase.google.com/docs/cloud-messaging/), enquanto lhe dá controle total sobre suas permissões e acesso, e ao mesmo tempo contê-los para um perfil de trabalho [específico](os/android-overview.md#work-profile) ou [perfil de usuário](os/android-overview.md#user-profiles) de sua escolha. -Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). +Os telefones Google Pixel são os únicos dispositivos que atualmente atendem aos [requisitos de segurança de hardware do GrapheneOS](https://grapheneos.org/faq#device-support). ### DivestOS -!!! recommendation +!!! recomendação ![DivestOS logo](assets/img/android/divestos.svg){ align=right } @@ -63,11 +65,11 @@ Google Pixel phones are the only devices that currently meet GrapheneOS's [hardw DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. -DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). +O DivestOS implementa alguns patches de fortalecimento desenvolvidos originalmente para o GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 e superior apresenta a opção de [ randomização do MAC](https://en.wikipedia.org/wiki/MAC_address#Randomization) completa por rede do GrapheneOS, controle [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) e [opções de tempo limite](https://grapheneos.org/features) de reinicialização automática/Wi-Fi/Bluetooth. DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. -!!! warning +!!! aviso DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative. @@ -75,7 +77,7 @@ DivestOS uses F-Droid as its default app store. Normally, we would recommend avo ## Android Devices -When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. +Ao adquirir um dispositivo, recomendamos que o adquira o mais novo possível. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution. @@ -310,9 +312,9 @@ If you download APK files to install manually, you can verify their signature wi Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. -Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. No entanto, não é algo que podemos recomendar, já que normalmente os aplicativos são [removidos](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) desse repositório quando vão para o repositório oficial do F-Droid. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates. +Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates. -Com isso em mente, os repositórios do [F-Droid](https://f-droid.org/en/packages/) e [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) hospedam milhares de projetos, então eles podem ser boas ferramentas para pesquisar e descobrir aplicativos open-source que você pode, então, obter pela Play Store, Aurora Store ou baixando o APK disponibilizado pelo desenvolvedor. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method. +That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method. !!! note @@ -337,7 +339,7 @@ Com isso em mente, os repositórios do [F-Droid](https://f-droid.org/en/packages - Must **not** enable Google Play Services by default. - Must **not** require system modification to support Google Play Services. -### Devices +### Dispositivos - Must support at least one of our recommended custom operating systems. - Must be currently sold new in stores. @@ -349,5 +351,3 @@ Com isso em mente, os repositórios do [F-Droid](https://f-droid.org/en/packages - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/basics/account-creation.md b/i18n/pt-BR/basics/account-creation.md index 7e82dedf..afa5d429 100644 --- a/i18n/pt-BR/basics/account-creation.md +++ b/i18n/pt-BR/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/basics/account-deletion.md b/i18n/pt-BR/basics/account-deletion.md index 01266fb3..d1463f8a 100644 --- a/i18n/pt-BR/basics/account-deletion.md +++ b/i18n/pt-BR/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Exclusão de Conta" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Com o tempo, pode ser fácil acumular várias contas online, muitas das quais você pode não mais usar. Excluir essas contas não utilizadas é um passo importante para recuperar sua privacidade, pois contas inativas são vulneráveis a violações de dados. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Evite Novas Contas As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/basics/common-misconceptions.md b/i18n/pt-BR/basics/common-misconceptions.md index a5e7a019..7e0257f1 100644 --- a/i18n/pt-BR/basics/common-misconceptions.md +++ b/i18n/pt-BR/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Equívocos Comuns" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Software de código aberto é sempre seguro" ou "Software proprietário é mais seguro" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.pt-BR.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/pt-BR/basics/common-threats.md b/i18n/pt-BR/basics/common-threats.md index 2d4f6b0c..a2b297d4 100644 --- a/i18n/pt-BR/basics/common-threats.md +++ b/i18n/pt-BR/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Ameaças Comuns" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.pt-BR.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/pt-BR/basics/email-security.md b/i18n/pt-BR/basics/email-security.md index a95f97e8..24a8cfc3 100644 --- a/i18n/pt-BR/basics/email-security.md +++ b/i18n/pt-BR/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Segurança de Email icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Por Que os Metadados Não Podem Ser E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/basics/multi-factor-authentication.md b/i18n/pt-BR/basics/multi-factor-authentication.md index cefa281d..0e9fb706 100644 --- a/i18n/pt-BR/basics/multi-factor-authentication.md +++ b/i18n/pt-BR/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Autenticação de Múltiplos Fatores" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/basics/passwords-overview.md b/i18n/pt-BR/basics/passwords-overview.md index fce59c5f..6858d8b5 100644 --- a/i18n/pt-BR/basics/passwords-overview.md +++ b/i18n/pt-BR/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/basics/threat-modeling.md b/i18n/pt-BR/basics/threat-modeling.md index e405f4a0..0940d141 100644 --- a/i18n/pt-BR/basics/threat-modeling.md +++ b/i18n/pt-BR/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Modelagem de Ameaças" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Fontes - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/basics/vpn-overview.md b/i18n/pt-BR/basics/vpn-overview.md index 4f9a7736..b1d59230 100644 --- a/i18n/pt-BR/basics/vpn-overview.md +++ b/i18n/pt-BR/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -17,7 +18,7 @@ VPNs cannot encrypt data outside of the connection between your device and the V However, they do hide your actual IP from a third-party service, provided that there are no IP leaks. They help you blend in with others and mitigate IP based tracking. -## When shouldn't I use a VPN? +## Quando não deveria usar uma VPN? Using a VPN in cases where you're using your [known identity](common-threats.md#common-misconceptions) is unlikely be useful. @@ -43,11 +44,11 @@ By using a VPN with Tor, you're creating essentially a permanent entry node, oft ## E se eu precisar de anonimato? -VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead. +As VPNs não podem fornecer anonimato. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) em vez disso. ## E os provedores de VPN que fornecem nós Tor? -Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit). +Não use esse recurso. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit). The feature should be viewed as a convenient way to access the Tor Network, not to stay anonymous. For proper anonymity, use the Tor Browser, TorSocks, or a Tor gateway. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/calendar.md b/i18n/pt-BR/calendar.md index ba913cf1..bbcb033a 100644 --- a/i18n/pt-BR/calendar.md +++ b/i18n/pt-BR/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/cloud.md b/i18n/pt-BR/cloud.md index df89a2de..2bcc2596 100644 --- a/i18n/pt-BR/cloud.md +++ b/i18n/pt-BR/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/cryptocurrency.md b/i18n/pt-BR/cryptocurrency.md new file mode 100644 index 00000000..7c0606c8 --- /dev/null +++ b/i18n/pt-BR/cryptocurrency.md @@ -0,0 +1,54 @@ +--- +title: Criptomoedas +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! aviso + Você **nunca** deve instalar quaisquer extensões adicionais no Tor Browser, incluindo as que sugerimos para o Firefox. + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/pt-BR/data-redaction.md b/i18n/pt-BR/data-redaction.md index ca0f8552..961594a8 100644 --- a/i18n/pt-BR/data-redaction.md +++ b/i18n/pt-BR/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/desktop-browsers.md b/i18n/pt-BR/desktop-browsers.md index 7481af53..0f5ca515 100644 --- a/i18n/pt-BR/desktop-browsers.md +++ b/i18n/pt-BR/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Navegadores Desktop" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.pt-BR.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/pt-BR/desktop.md b/i18n/pt-BR/desktop.md index 5076ac4d..2db4d119 100644 --- a/i18n/pt-BR/desktop.md +++ b/i18n/pt-BR/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/dns.md b/i18n/pt-BR/dns.md index 1eb4b838..79a7144f 100644 --- a/i18n/pt-BR/dns.md +++ b/i18n/pt-BR/dns.md @@ -1,24 +1,23 @@ --- title: "Introdução ao DNS" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! Devo usar DNS criptografado? +DNS criptografado com servidores de terceiros só deve ser usado para contornar o [bloqueio básico de DNS](https://en.wikipedia.org/wiki/DNS_blocking) quando você pode ter certeza de que não haverá nenhuma consequência. DNS encriptada não irá te ajudar a esconder qualquer uma das suas atividades de navegação. - Encrypted DNS with a 3rd party should only be used to get around redirects and basic DNS blocking when you can be sure there won't be any consequences or you're interested in a provider that does some rudimentary filtering. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Saiba mais sobre DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Provedores Recomendados -| DNS | Privacy Policy | Protocol | Logging | ECS | Filtering | -| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
    DoH/3
    DoT
    DNSCrypt | Some[^1] | 2 | Based on server choice. Filter list being used can be found here. [**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS) as defined in [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) packages queries in the [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) protocol and provides security with HTTPS. Support was first added in web browsers such as Firefox 60 and Chrome 83. | -| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
    DoH/3
    DoT | Some[^2] | 2 | Based on server choice. | -| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
    DoH/3
    DoT
    DoQ | Optional[^3] | 2 | Based on server choice. | -| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
    DoT | No[^4] | 2 | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | -| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
    DoH/3
    DoT | Optional[^5] | Optional | Based on server choice. | -| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
    DoH
    DoT
    DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. | +| Provedor de DNS | Política de Privacidade | Protocolos | Registro | ECS | Filtragem | +| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
    DoH/3
    DoT
    DNSCrypt | Some[^1] | Não | Baseado na escolha do servidor. As listas de filtragem usadas podem ser encontradas aqui. [**DNS over HTTPS**](https://en.wikipedia.org/wiki/DNS_over_HTTPS) as defined in [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) packages queries in the [HTTP/2](https://en.wikipedia.org/wiki/HTTP/2) protocol and provides security with HTTPS. Support was first added in web browsers such as Firefox 60 and Chrome 83. | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
    DoH/3
    DoT | Some[^2] | Não | Baseado na escolha do servidor. | +| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
    DoH/3
    DoT
    DoQ | Optional[^3] | Não | Baseado na escolha do servidor. | +| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
    DoT | No[^4] | Não | Baseado na escolha do servidor. As listas de filtragem usadas podem ser encontradas aqui. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | +| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
    DoH/3
    DoT | Optional[^5] | Optional | Baseado na escolha do servidor. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
    DoH
    DoT
    DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. | ## Criteria @@ -131,8 +130,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.pt-BR.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/pt-BR/email-clients.md b/i18n/pt-BR/email-clients.md index d052838f..e2821a14 100644 --- a/i18n/pt-BR/email-clients.md +++ b/i18n/pt-BR/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/email.md b/i18n/pt-BR/email.md index eae629b8..60db1d4f 100644 --- a/i18n/pt-BR/email.md +++ b/i18n/pt-BR/email.md @@ -1,41 +1,52 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- -Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. +Email é praticamente uma necessidade para utilizar qualquer serviço online, contudo não recomendamos ele para conversas pessoas pessoa-a-pessoa. Ao invés de utilizar email para falar com outras pessoas, considere utilizar um meio de mensagens instantâneas que suporte sigilo encaminhado. -[Recommended Instant Messengers](real-time-communication.md ""){.md-button} +[Mensageiros Instantâneos Recomendados](real-time-communication.md ""){.md-button} -For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +Para qualquer outra coisa, recomendamos uma variedade de provedores de email baseados em modelos de negócio sustentáveis e recursos de segurança e privacidade incorporados. -## OpenPGP Compatible Services +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +## Serviços Compatíveis com OpenPGP -!!! warning +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. Por exemplo, um usuário do Proton Mail pode mandar uma mensagem E2EE para um usuário de Mailbox.org, ou você pode receber notificações OpenPGP-encriptadas de serviços de internet que suportam isso. - When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about [email metadata](basics/email-security.md#email-metadata-overview). +
    + +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
    + +!!! aviso + + Quando usada tecnologia E2EE como OpenPGP, o email ainda terá alguns metadados que não são encriptados no cabeçalho do email. Leia mais sobre [metadados de email](basics/email-security.md#email-metadata-overview). - OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys) + OpenPGP também não suporta Sigilo Encaminhado, isso significa que se a sua chave ou a do destinatário é alguma vez roubada, todas as mensagens anteriores encriptadas com essa chave serão expostas. [Como eu protejo minhas chaves privadas?](basics/email-security.md#how-do-i-protect-my-private-keys) ### Proton Mail !!! recommendation - ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } + ![logo do Proton Mail](assets/img/email/protonmail.svg){ align=right } - **Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan. + **Proton Mail** é um serviço de email com foco na privacidade, criptografia, segurança, e facilidade de uso. Eles estão operando desde **2013**. Proton AG é localizado em Genève, Suíça. As contas começam com 500 MB de armazenamento com seu plano grátis. - [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } - [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Source Code" } + [:octicons-home-16: Página Inicial](https://proton.me/mail){ .md-button .md-button--primary } + [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Serviço Onion" } + [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Política de Privacidade" } + [:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentação} + [:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Código-Fonte" } - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android) + ??? - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android) - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id979659905) - [:simple-github: GitHub](https://github.com/ProtonMail/proton-mail-android/releases) - [:simple-windows11: Windows](https://proton.me/mail/bridge#download) @@ -43,47 +54,47 @@ These providers natively support OpenPGP encryption/decryption, allowing for pro - [:simple-linux: Linux](https://proton.me/mail/bridge#download) - [:octicons-browser-16: Web](https://mail.proton.me) -Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com). +Contas gratuitas têm algumas limitações, como não poderem pesquisar no corpo de texto e não ter acesso à [Ponte Proton Mail](https://proton.me/mail/bridge), o que é requerido para usar um [cliente de email desktop recomendado](email-clients.md) (ex. Thunderbird). Contas pagas incluem funcionalidades como a Ponte Proton Mail, mais armazenamento, e suporte para domínios customizados. Uma [carta de atestação](https://proton.me/blog/security-audit-all-proton-apps) foi fornecida para os apps do Proton Mail em 9 de Novembro de 2021 pela [Securitium](https://research.securitum.com). -If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free. +Se você tem o Proton Unlimited, Bussiness, ou Visionary Plan, você também ganha o [SimpleLogin](#simplelogin) Premium de graça. Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +112,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
    + +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
    ### StartMail @@ -156,43 +178,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +238,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
    + +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
    + Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +436,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Aceita [opções de pagamento anônimas](advanced/payments.md) ([criptomoedas](cryptocurrency.md), dinheiro, cartões-presente, etc.) ### Security @@ -428,7 +453,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +468,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +506,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/encryption.md b/i18n/pt-BR/encryption.md index c8a2fafa..aba09710 100644 --- a/i18n/pt-BR/encryption.md +++ b/i18n/pt-BR/encryption.md @@ -1,6 +1,7 @@ --- title: "Softwares de Criptografia" icon: material/file-lock +description: A criptografia de dados é a única maneira de controlar quem pode acessá-los. These tools allow you to encrypt your emails and any other files. --- A criptografia de dados é a única maneira de controlar quem pode acessá-los. Se você atualmente não está usando “software” de criptografia para seu disco rígido, e-mails ou arquivos, você deve escolher uma opção aqui. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/file-sharing.md b/i18n/pt-BR/file-sharing.md index a6820567..aafc6486 100644 --- a/i18n/pt-BR/file-sharing.md +++ b/i18n/pt-BR/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -145,5 +146,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/financial-services.md b/i18n/pt-BR/financial-services.md new file mode 100644 index 00000000..e2f0a043 --- /dev/null +++ b/i18n/pt-BR/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Serviços Financeiros +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Serviços de Mascaramento de Pagamento + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/pt-BR/frontends.md b/i18n/pt-BR/frontends.md index 149badab..9638c15a 100644 --- a/i18n/pt-BR/frontends.md +++ b/i18n/pt-BR/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/index.md b/i18n/pt-BR/index.md index adedf2fd..89289ce6 100644 --- a/i18n/pt-BR/index.md +++ b/i18n/pt-BR/index.md @@ -40,5 +40,3 @@ Tentar proteger todos os seus dados de todos — o tempo todo — é impraticáv [:material-hand-coin-outline:](about/donate.md){ title="Apoie o projeto" } É importante que um site como o Privacy Guides esteja sempre atualizado. Precisamos que nosso público fique de olho nas atualizações de software para os aplicativos listados em nosso site e acompanhe as notícias recentes sobre os serviços que recomendamos. É difícil acompanhar o ritmo acelerado da internet, mas tentamos o nosso melhor. Se você detectar um erro, achar que um serviço não deve ser listado, notar que um serviço qualificado está faltando, acreditar que uma extensão de navegador não é mais a melhor escolha ou descobrir qualquer outro problema, informe-nos. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/kb-archive.md b/i18n/pt-BR/kb-archive.md index ab4c65c7..9cb406b2 100644 --- a/i18n/pt-BR/kb-archive.md +++ b/i18n/pt-BR/kb-archive.md @@ -1,11 +1,12 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog -Some pages that used to be in our knowledge base can now be found on our blog: +Algumas páginas que costumavam estar em nossa base de conhecimento agora podem ser encontradas em nosso blog: - [GrapheneOS vs. CalyxOS](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) - [Signal Configuration Hardening](https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/) @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrando a remoção de metadados](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/meta/brand.md b/i18n/pt-BR/meta/brand.md index 8f6197c2..53cb9ac4 100644 --- a/i18n/pt-BR/meta/brand.md +++ b/i18n/pt-BR/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/meta/git-recommendations.md b/i18n/pt-BR/meta/git-recommendations.md index 48582c34..f59b5f81 100644 --- a/i18n/pt-BR/meta/git-recommendations.md +++ b/i18n/pt-BR/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/meta/uploading-images.md b/i18n/pt-BR/meta/uploading-images.md index 57a21a59..7003af70 100644 --- a/i18n/pt-BR/meta/uploading-images.md +++ b/i18n/pt-BR/meta/uploading-images.md @@ -1,10 +1,10 @@ --- -title: Uploading Images +title: Enviando Imagens --- Here are a couple of general rules for contributing to Privacy Guides: -## Images +## Imagens - We **prefer** SVG images, but if those do not exist we can use PNG images @@ -13,7 +13,7 @@ Company logos have canvas size of: - 128x128px - 384x128px -## Optimization +## Otimização ### PNG @@ -31,7 +31,7 @@ optipng -o7 file.png In Inkscape: -1. File Save As.. +1. Salvar Arquivo Como.. 2. Set type to Optimized SVG (*.svg) In the **Options** tab: @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/meta/writing-style.md b/i18n/pt-BR/meta/writing-style.md index d816f95d..b9e47a71 100644 --- a/i18n/pt-BR/meta/writing-style.md +++ b/i18n/pt-BR/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/mobile-browsers.md b/i18n/pt-BR/mobile-browsers.md index ebe3dd95..8b829fd6 100644 --- a/i18n/pt-BR/mobile-browsers.md +++ b/i18n/pt-BR/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/multi-factor-authentication.md b/i18n/pt-BR/multi-factor-authentication.md index bdf3c00c..41030fe3 100644 --- a/i18n/pt-BR/multi-factor-authentication.md +++ b/i18n/pt-BR/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/news-aggregators.md b/i18n/pt-BR/news-aggregators.md index 4ab18287..2dad5ac0 100644 --- a/i18n/pt-BR/news-aggregators.md +++ b/i18n/pt-BR/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/notebooks.md b/i18n/pt-BR/notebooks.md index 62bd4482..19e867a3 100644 --- a/i18n/pt-BR/notebooks.md +++ b/i18n/pt-BR/notebooks.md @@ -1,27 +1,28 @@ --- -title: "Notebooks" +title: "Blocos de Notas" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- -Keep track of your notes and journalings without giving them to a third-party. +Mantenha o controle de suas anotações e registros de atividades sem entregá-los a terceiros. -If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE. +Se você estiver usando atualmente um aplicativo como Evernote, Google Keep, ou Microsoft OneNote, sugerimos que escolha uma alternativa que suporte E2EE. -## Cloud-based +## Baseado na nuvem ### Joplin !!! recommendation - ![Joplin logo](assets/img/notebooks/joplin.svg){ align=right } + ![Logotipo Joplin](assets/img/notebooks/joplin.svg){ align=right } - **Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes. + * *Joplin** é um aplicativo de anotações e tarefas gratuito, de código aberto e com todos os recursos que pode lidar com um grande número de anotações organizadas em blocos de anotações e tags. Ele oferece E2EE e pode sincronizar através do Nextcloud, Dropbox e muito mais. Oferece também uma importação fácil a partir do Evernote e notas de texto simples. [:octicons-home-16: Homepage](https://joplinapp.org/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://joplinapp.org/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://joplinapp.org/help/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Source Code" } - [:octicons-heart-16:](https://joplinapp.org/donate/){ .card-link title=Contribute } + [:octicons-eye-16:](https://joplinapp.org/privacy/){ .card-link title="Política de privacidade" } + [:octicons-info-16:](https://joplinapp.org/help/){ .card-link title=Documentação} + [:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Código fonte" } + [:octicons-heart-16:](https://joplinapp.org/donate/){ .card-link title=Contribua } ??? downloads @@ -34,21 +35,21 @@ If you are currently using an application like Evernote, Google Keep, or Microso - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/) - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek) -Joplin does not support password/PIN protection for the [application itself or individual notes and notebooks](https://github.com/laurent22/joplin/issues/289). However, your data is still encrypted in transit and at the sync location using your master key. Desde Janeiro de 2023, Joplin suporta bloqueio de aplicativo por biometria no [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) e [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z). +O Joplin não suporta proteção por senha/PIN para o [próprio aplicativo ou notas e blocos de anotações individuais](https://github.com/laurent22/joplin/issues/289). No entanto, seus dados ainda são criptografados em trânsito e no local de sincronização usando sua chave mestra. Desde janeiro de 2023, Joplin suporta bloqueio de aplicativo por biometria no [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) e [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z). ### Standard Notes !!! recommendation - ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right } + ![Logotipo do Standard Notes](assets/img/notebooks/standard-notes.svg){ align=right } - **Standard Notes** is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf). + **Standard Notes** é um aplicativo de notas simples e privado que torna suas notas fáceis e disponíveis em qualquer lugar que você esteja. Possui E2EE em todas as plataformas e uma poderosa experiência de desktop com temas e editores personalizados. Também foi [auditado independentemente (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf). [:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" } - [:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribute } + [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Política de privacidade" } + [:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentação} + [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Código fonte" } + [:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribua } ??? downloads @@ -60,7 +61,7 @@ Joplin does not support password/PIN protection for the [application itself or i - [:simple-linux: Linux](https://standardnotes.com) - [:octicons-globe-16: Web](https://app.standardnotes.com/) -### Cryptee +### Criptee !!! recommendation @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/os/android-overview.md b/i18n/pt-BR/os/android-overview.md index 6b63bb45..d6eeef27 100644 --- a/i18n/pt-BR/os/android-overview.md +++ b/i18n/pt-BR/os/android-overview.md @@ -1,11 +1,12 @@ --- -title: Android Overview +title: Visão geral do Android icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. -## Choosing an Android Distribution +## Escolhendo uma Distribuição Android When you buy an Android phone, the device's default operating system often comes with invasive integration with apps and services that are not part of the [Android Open-Source Project](https://source.android.com/). An example of such is Google Play Services, which has irrevocable privileges to access your files, contacts storage, call logs, SMS messages, location, camera, microphone, hardware identifiers, and so on. These apps and services increase the attack surface of your device and are the source of various privacy concerns with Android. @@ -15,7 +16,7 @@ Ideally, when choosing a custom Android distribution, you should make sure that [Our Android System Recommendations :material-arrow-right-drop-circle:](../android.md ""){.md-button} -## Avoid Rooting +## Evite Roteamento [Rooting](https://en.wikipedia.org/wiki/Rooting_(Android)) Android phones can decrease security significantly as it weakens the complete [Android security model](https://en.wikipedia.org/wiki/Android_(operating_system)#Security_and_privacy). This can decrease privacy should there be an exploit that is assisted by the decreased security. Common rooting methods involve directly tampering with the boot partition, making it impossible to perform successful Verified Boot. Apps that require root will also modify the system partition meaning that Verified Boot would have to remain disabled. Having root exposed directly in the user interface also increases the [attack surface](https://en.wikipedia.org/wiki/Attack_surface) of your device and may assist in [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation) vulnerabilities and SELinux policy bypasses. @@ -37,7 +38,7 @@ Unfortunately, OEMs are only obliged to support Verified Boot on their stock And Many OEMs also have broken implementation of Verified Boot that you have to be aware of beyond their marketing. For example, the Fairphone 3 and 4 are not secure by default, as the [stock bootloader trusts the public AVB signing key](https://forum.fairphone.com/t/bootloader-avb-keys-used-in-roms-for-fairphone-3-4/83448/11). This breaks verified boot on a stock Fairphone device, as the system will boot alternative Android operating systems such (such as /e/) [without any warning](https://source.android.com/security/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust) about custom operating system usage. -## Firmware Updates +## Atualizações de Firmware Firmware updates are critical for maintaining security and without them your device cannot be secure. OEMs have support agreements with their partners to provide the closed-source components for a limited support period. These are detailed in the monthly [Android Security Bulletins](https://source.android.com/security/bulletin). @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/os/linux-overview.md b/i18n/pt-BR/os/linux-overview.md index b9cef89c..f2fc40aa 100644 --- a/i18n/pt-BR/os/linux-overview.md +++ b/i18n/pt-BR/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/os/qubes-overview.md b/i18n/pt-BR/os/qubes-overview.md index e34dd3d6..ae4916df 100644 --- a/i18n/pt-BR/os/qubes-overview.md +++ b/i18n/pt-BR/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Artigos Relacionados*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/passwords.md b/i18n/pt-BR/passwords.md index ca2df2f2..e81f1186 100644 --- a/i18n/pt-BR/passwords.md +++ b/i18n/pt-BR/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/productivity.md b/i18n/pt-BR/productivity.md index 21c49a05..2fd0637e 100644 --- a/i18n/pt-BR/productivity.md +++ b/i18n/pt-BR/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -153,5 +154,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/real-time-communication.md b/i18n/pt-BR/real-time-communication.md index 2c7cdbb3..68f9d767 100644 --- a/i18n/pt-BR/real-time-communication.md +++ b/i18n/pt-BR/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/router.md b/i18n/pt-BR/router.md index 3931a5bc..6fae038a 100644 --- a/i18n/pt-BR/router.md +++ b/i18n/pt-BR/router.md @@ -1,6 +1,7 @@ --- title: "Firmware para Roteadores" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Abaixo estão alguns sistemas operacionais alternativos, que podem ser usados em roteadores, pontos de acesso Wi-Fi, etc. @@ -47,5 +48,3 @@ OPNsense foi originalmente desenvolvido como um fork do [pfSense](https://en.wik - Deve ser de código aberto. - Deve receber atualizações regulares. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/search-engines.md b/i18n/pt-BR/search-engines.md index edb2f30f..392dd4db 100644 --- a/i18n/pt-BR/search-engines.md +++ b/i18n/pt-BR/search-engines.md @@ -1,6 +1,7 @@ --- -title: "Search Engines" +title: "Motores de busca" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -13,9 +14,9 @@ Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org/) if your thr !!! recommendation - ![Brave Search logo](assets/img/search-engines/brave-search.svg){ align=right } + [brave Search logo](assets/img/search-engines/brave-search.svg){ align=right } - **Brave Search** is developed by Brave and serves results primarily from its own, independent index. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives. + **Brave Search*** é desenvolvido pela Brave e serve resultados principalmente a partir do seu próprio índice independente. The index is optimized against Google Search and therefore may provide more contextually accurate results compared to other alternatives. Brave Search includes unique features such as Discussions, which highlights conversation-focused results—such as forum posts. @@ -65,7 +66,7 @@ When self-hosting, it is important that you have other people using your instanc When you are using a SearXNG instance, be sure to go read their privacy policy. Since SearXNG instances may be modified by their owners, they do not necessarily reflect their privacy policy. Some instances run as a Tor hidden service, which may grant some privacy as long as your search queries does not contain PII. -## Startpage +## Página inicial !!! recommendation @@ -94,7 +95,7 @@ Startpage's majority shareholder is System1 who is an adtech company. We don't b We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. -### Minimum Requirements +### Requisitos Mínimos - Must not collect personally identifiable information per their privacy policy. - Must not allow users to create an account with them. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/tools.md b/i18n/pt-BR/tools.md index b32bd2a1..423204a4 100644 --- a/i18n/pt-BR/tools.md +++ b/i18n/pt-BR/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
    -- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Serviços Financeiros + +#### Serviços de Mascaramento de Pagamento + +
    + +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
    + +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Mercados de Cartões-Presente Online + +
    + +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
    + +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
    @@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
    @@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Criptomoedas + +
    + +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
    + +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
    @@ -414,7 +448,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](productivity.md) +[Saiba mais :material-arrow-right-drop-circle:](productivity.md) ### Real-Time Communication @@ -428,7 +462,7 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](real-time-communication.md) +[Saiba mais :material-arrow-right-drop-circle:](real-time-communication.md) ### Video Streaming Clients @@ -438,6 +472,4 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.pt-BR.txt" +[Saiba mais :material-arrow-right-drop-circle:](video-streaming.md) diff --git a/i18n/pt-BR/tor.md b/i18n/pt-BR/tor.md index ead2daa5..e0599c65 100644 --- a/i18n/pt-BR/tor.md +++ b/i18n/pt-BR/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
    - ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
    Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
    -
    - -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detalhes do Tor :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -127,5 +122,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/video-streaming.md b/i18n/pt-BR/video-streaming.md index a8f9b868..8f8ebd0b 100644 --- a/i18n/pt-BR/video-streaming.md +++ b/i18n/pt-BR/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt-BR/vpn.md b/i18n/pt-BR/vpn.md index 73d8afbe..81faa530 100644 --- a/i18n/pt-BR/vpn.md +++ b/i18n/pt-BR/vpn.md @@ -1,11 +1,20 @@ --- -title: "Serviços VPN" +title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Encontre um operador de VPN sem rastreamento que não esteja fora para vender ou ler seu tráfego online. +Se você está procurando mais **privacidade** do seu ISP, em uma rede Wi-Fi pública, ou ao fazer torrent de arquivos, uma VPN pode ser a solução para você, desde que entenda os riscos envolvidos. We think these providers are a cut above the rest: -??? perigo "VPNs não fornecem anonimidade" +
    + +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
    + +!!! perigo "VPNs não fornecem anonimidade" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Encontre um operador de VPN sem rastreamento que não esteja fora para vender ou [Baixar Tor Browser](https://www.torproject.org/){ .md-button .md-button--primary } [Mitos sobre o Tor Browser & FAQ](advanced/tor-overview.md){ .md-button } -??? pergunta "Quando VPNs são úteis?" - - Se estiver à procura de **privacidade** adicional do seu ISP, numa rede Wi-Fi pública, ou enquanto faça torrent de arquivos, uma VPN pode ser a solução, desde que entenda os riscos envolvidos. - - [Mais Informações](basics/vpn-overview.md){ .md-button } +[Detalhes sobre VPNs :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Provedores Recomendados -!!! resumo "Critérios" - - Nossos fornecedores recomendados usam encriptação, aceitam Monero, suportam WireGuard e OpenVPN, e têm uma política de não-rastreamento. Leia nossa [lista completa de critérios](#our-criteria) para mais informações. - -### Proton VPN - -!!! anotar recomendação - - ![Logomarca ProtonVPN](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** é um forte concorrente no espaço VPN, e estão em funcionamento desde 2016. Proton AG está sediada na Suíça e oferece um plano gratuito limitado, bem como uma opção paga com mais recursos. - - [:octicons-home-16: Página Inicial](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Política de Privacidade" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentação} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Código Fonte" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? verificar anotação "64 Países" - - ProtonVPN tem [servidores em 64 países](https://protonvpn.com/vpn-servers) (1). Escolher um fornecedor de VPN com um servidor mais próximo de você irá reduzir a latência do tráfego de rede que você enviar. Isto deve-se a um caminho mais curto (menos pulos) até ao destino. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Última verificação: 16-09-2022 - -??? verificar "Auditado Independentemente" - - Em Janeiro de 2020, ProtonVPN foi submetida a uma auditoria independente pela SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? verificar "Clientes Código-Aberto" - - Proton VPN fornece o código fonte para os seus clientes desktop e móveis na sua [organização GitHub](https://github.com/ProtonVPN). - -??? verificar "Aceita Dinheiro" - - ProtonVPN, além de aceitar cartões de crédito/débito e PayPal, aceita Bitcoin, e **dinheiro/moeda local** como formas de pagamento anônimas. - -??? verificar "Suporta WireGuard" - - Proton VPN suporta principalmente o protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Nossos fornecedores recomendados usam encriptação, aceitam Monero, suportam WireGuard e OpenVPN, e têm uma política de não-rastreamento. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Encontre um operador de VPN sem rastreamento que não esteja fora para vender ou - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Escolher um fornecedor de VPN com um servidor mais próximo de você irá reduzir a latência do tráfego de rede que você enviar. Isto deve-se a um caminho mais curto (menos pulos) até ao destino. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Isto deve-se a um caminho mais curto (menos pulos) até ao destino. +{ .annotate } 1. Última verificação: 16-09-2022 -??? verificar "Auditado Independentemente" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? verificar "Clientes Código-Aberto" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? verificar "Suporta WireGuard" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Encontre um operador de VPN sem rastreamento que não esteja fora para vender ou - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? verificar anotação "39 Países" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Escolher um fornecedor de VPN com um servidor mais próximo de você irá reduzir a latência do tráfego de rede que você enviar. Isto deve-se a um caminho mais curto (menos pulos) até ao destino. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Isto deve-se a um caminho mais curto (menos pulos) até ao destino. +{ .annotate } 1. Última verificação: 16-09-2022 -??? verificar "Auditado Independentemente" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad suporta o protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! anotar recomendação + + ![Logomarca ProtonVPN](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** é um forte concorrente no espaço VPN, e estão em funcionamento desde 2016. Proton AG está sediada na Suíça e oferece um plano gratuito limitado, bem como uma opção paga com mais recursos. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Página Inicial](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Política de Privacidade" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentação} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Código Fonte" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? verificar "Clientes Código-Aberto" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Isto deve-se a um caminho mais curto (menos pulos) até ao destino. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Última verificação: 16-09-2022 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? verificar "Suporta WireGuard" +#### :material-check:{ .pg-green } Independently Audited - Mullvad suporta o protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +Em Janeiro de 2020, ProtonVPN foi submetida a uma auditoria independente pela SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? verificar "Suporte à IPv6" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN suporta principalmente o protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -256,13 +262,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Criptomoeda anônima](cryptocurrency.md) **ou** opção de pagamento em dinheiro. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Aceita múltiplas [opções de pagamento anônimas](advanced/payments.md). +- Nenhuma informação pessoal é aceita (nome de usuário gerado automaticamente, nenhum e-mail necessário, etc.). ### Security @@ -320,5 +326,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.pt-BR.txt" diff --git a/i18n/pt/404.md b/i18n/pt/404.md index 4ce56a66..cdd20ee4 100644 --- a/i18n/pt/404.md +++ b/i18n/pt/404.md @@ -1,17 +1,19 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- -# 404 - Not Found +# 404 - Não Encontrado -We couldn't find the page you were looking for! Maybe you were looking for one of these? +Não conseguimos encontrar a página que procura! Talvez esteja à procura de alguma destas? -- [Introduction to Threat Modeling](basics/threat-modeling.md) -- [Recommended DNS Providers](dns.md) -- [Best Desktop Web Browsers](desktop-browsers.md) -- [Best VPN Providers](vpn.md) -- [Privacy Guides Forum](https://discuss.privacyguides.net) -- [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.pt.txt" +- [Introdução à Modelação de Ameaças](basics/threat-modeling.md) +- [Provedores de DNS Recomendados](dns.md) +- [Melhores Navegadores da Web para Computadores](desktop-browsers.md) +- [Melhores Provedores de VPN](vpn.md) +- [Fórum do Privacy Guides](https://discuss.privacyguides.net) +- [O Nosso Blogue](https://blog.privacyguides.org) diff --git a/i18n/pt/about/criteria.md b/i18n/pt/about/criteria.md index 67965b73..3084230b 100644 --- a/i18n/pt/about/criteria.md +++ b/i18n/pt/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/about/donate.md b/i18n/pt/about/donate.md index c2ea2ae7..08986f13 100644 --- a/i18n/pt/about/donate.md +++ b/i18n/pt/about/donate.md @@ -48,5 +48,3 @@ Nós alojamos [ serviços na internet ](https://privacyguides.net) para teste e Ocasionamente adquirimos produtos e serviços com o propósito de testar as nossas [ferramentas recomendadas](../tools.md). Ainda estamos a trabalhar com o nosso anfitrião fiscal (a Open Collective Foundation) para receber donativos em criptomoeda, neste momento a contabilidade não é viável para muitas transacções mais pequenas, mas isso deverá mudar no futuro. Entretanto, se desejar fazer um donativo considerável em criptomoeda (> 100 USD), por favor contacte [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/about/index.md b/i18n/pt/about/index.md index 77759cad..ff510adc 100644 --- a/i18n/pt/about/index.md +++ b/i18n/pt/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. Você **não pode** utilizar a marca Privacy Guides no seu próprio projecto sem a aprovação expressa deste projecto. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/about/notices.md b/i18n/pt/about/notices.md index 5a7d1bd1..3da3d324 100644 --- a/i18n/pt/about/notices.md +++ b/i18n/pt/about/notices.md @@ -41,5 +41,3 @@ Você não deve conduzir nenhuma atividade sistemática ou automatizada de colet * Raspagem * Mineração de dados * "Enquadramento" (IFrames) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/about/privacy-policy.md b/i18n/pt/about/privacy-policy.md index ee4ee0f2..7a165f69 100644 --- a/i18n/pt/about/privacy-policy.md +++ b/i18n/pt/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/about/privacytools.md b/i18n/pt/about/privacytools.md index 48c7f874..515c21f5 100644 --- a/i18n/pt/about/privacytools.md +++ b/i18n/pt/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/about/services.md b/i18n/pt/about/services.md index aacf0655..71f2c95b 100644 --- a/i18n/pt/about/services.md +++ b/i18n/pt/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/about/statistics.md b/i18n/pt/about/statistics.md index 92e0e9b7..8f17240c 100644 --- a/i18n/pt/about/statistics.md +++ b/i18n/pt/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/advanced/communication-network-types.md b/i18n/pt/advanced/communication-network-types.md index d88cd343..1f07a2c4 100644 --- a/i18n/pt/advanced/communication-network-types.md +++ b/i18n/pt/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/advanced/dns-overview.md b/i18n/pt/advanced/dns-overview.md index 90a005f2..1a63dc47 100644 --- a/i18n/pt/advanced/dns-overview.md +++ b/i18n/pt/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- O [Domain Name System (DNS)](https://en.wikipedia.org/wiki/Domain_Name_System) é a 'lista telefónica da Internet'. DNS traduz nomes de domínio para [IP](https://en.wikipedia.org/wiki/Internet_Protocol) endereços para que os navegadores e outros serviços possam carregar recursos da Internet, através de uma rede descentralizada de servidores. @@ -303,5 +304,3 @@ O [subrede do cliente EDNS](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) é O objectivo é "acelerar" a entrega de dados, dando ao cliente uma resposta que pertence a um servidor que lhes está próximo, tal como um [content delivery network (CDN)](https://en.wikipedia.org/wiki/Content_delivery_network), que são frequentemente utilizados em streaming de vídeo e em aplicações web JavaScript. Este recurso tem um custo de privacidade, pois informa ao servidor DNS algumas informações sobre a localização do cliente. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/advanced/payments.md b/i18n/pt/advanced/payments.md new file mode 100644 index 00000000..9d974bff --- /dev/null +++ b/i18n/pt/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! Isto permite-nos fornecer recomendações completamente objectivas. Desenvolvemos um conjunto claro de requisitos para qualquer provedor de VPN que deseje ser recomendado, incluindo criptografia forte, auditorias de segurança independentes, tecnologia moderna, e muito mais. + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/pt/advanced/tor-overview.md b/i18n/pt/advanced/tor-overview.md index ec345059..3fccb9a3 100644 --- a/i18n/pt/advanced/tor-overview.md +++ b/i18n/pt/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.pt.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/pt/android.md b/i18n/pt/android.md index e32b1159..53bf09db 100644 --- a/i18n/pt/android.md +++ b/i18n/pt/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le Notavelmente, o GrapheneOS suporta [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play). Os Serviços Google Play podem ser executados como um aplicativo de usuário regular e contidos em um perfil de trabalho ou usuário [perfil](/android/#android-security-privacy) de sua escolha. -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## Derivados AOSP @@ -42,7 +44,7 @@ We recommend installing one of these custom Android operating systems on your de [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" } [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute } -Para acomodar usuários que precisam dos Serviços do Google Play, CalyxOS opcionalmente inclui [MicroG](https://microg.org/). Com o MicroG, CalyxOS também agrupa no [Mozilla](https://location.services.mozilla.com/) e [DejaVu](https://github.com/n76/DejaVu) serviços de localização. +GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). @@ -65,9 +67,9 @@ Google Pixel phones are the only devices that currently meet GrapheneOS's [hardw DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. -DivestOS tem vulnerabilidade automática do kernel ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), menos blobs proprietários, um personalizado [hosts](https://divested.dev/index.php?page=dnsbl) arquivo, e [F-Droid](https://www.f-droid.org) como a loja de aplicativos. Inclui [UnifiedNlp](https://github.com/microg/UnifiedNlp) para localização da rede. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). +DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). -DivestOS também inclui correções do kernel do GrapheneOS e habilita todos os recursos de segurança do kernel disponíveis via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). Todos os kernels mais novos que a versão 3.4 incluem página completa [sanitização](https://lwn.net/Articles/334747/) e todos os ~22 kernels compilados por Clang têm [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) activado. However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. +DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. !!! Recomendamos que você verifique o [documentação](https://developers.yubico.com/SSH/) de Yubico sobre como configurar isso. @@ -79,13 +81,13 @@ DivestOS também inclui correções do kernel do GrapheneOS e habilita todos os When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. -Vários perfis de usuário (Configurações → Sistema → Vários usuários) são a maneira mais simples de isolar no Android. Com perfis de usuário você pode limitar um usuário de fazer chamadas, SMS ou instalar aplicativos no dispositivo. These phone variants will prevent you from installing any kind of alternative Android distribution. +Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution. Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner. A few more tips regarding Android devices and operating system compatibility: -- Remoção automática de [Exif](https://en.wikipedia.org/wiki/Exif) metadados (ativados por padrão) +- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer. - Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with. - In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net/) to find details! @@ -108,12 +110,12 @@ Secure Elements like the Titan M2 are more limited than the processor's Trusted Google Pixel phones use a TEE OS called Trusty which is [open-source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -Os dados de cada usuário são criptografados usando sua própria chave de criptografia exclusiva, e os arquivos do sistema operacional são deixados não criptografados. O Boot Verificado garante a integridade dos arquivos do sistema operacional, impedindo que um adversário com acesso físico possa adulterar ou instalar malware no dispositivo. +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://www.nitrokey.com/about) company. A few more tips for purchasing a Google Pixel: - If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock. -- Apenas o Google e os aplicativos de terceiros verificados podem acessar os dados da conta +- Consider price beating options and specials offered at physical stores. - Look at online community bargain sites in your country. These can alert you to good sales. - Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day. @@ -169,8 +171,8 @@ We recommend a wide variety of Android apps throughout this site. The apps liste Auditor performs attestation and intrusion detection by: -- ⚙️ Configurações → Google → Anúncios -- ⚙️ Configurações → Privacidade → Anúncios +- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/) of the *Auditor*. +- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app). - The *auditor* records the current state and configuration of the *auditee*. - Should tampering with the operating system of the *auditee* happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations. - You will be alerted to the change. @@ -202,7 +204,7 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co Main privacy features include: - Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default) -- Considere as opções de preço e promoções oferecidas em [tijolo e argamassa](https://en.wikipedia.org/wiki/Brick_and_mortar) lojas. +- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required - Microphone permission not required unless you want to record sound !!! note @@ -361,5 +363,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/basics/account-creation.md b/i18n/pt/basics/account-creation.md index 65cb2148..87b8b03a 100644 --- a/i18n/pt/basics/account-creation.md +++ b/i18n/pt/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -79,5 +80,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/basics/account-deletion.md b/i18n/pt/basics/account-deletion.md index 8b5f315b..aef13b8d 100644 --- a/i18n/pt/basics/account-deletion.md +++ b/i18n/pt/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/basics/common-misconceptions.md b/i18n/pt/basics/common-misconceptions.md index 3d494826..14cc99fe 100644 --- a/i18n/pt/basics/common-misconceptions.md +++ b/i18n/pt/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -57,6 +58,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.pt.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/pt/basics/common-threats.md b/i18n/pt/basics/common-threats.md index 70d894a1..bdb3b2de 100644 --- a/i18n/pt/basics/common-threats.md +++ b/i18n/pt/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -143,8 +144,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.pt.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/pt/basics/email-security.md b/i18n/pt/basics/email-security.md index 72ce14ae..f0c2fb57 100644 --- a/i18n/pt/basics/email-security.md +++ b/i18n/pt/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/basics/multi-factor-authentication.md b/i18n/pt/basics/multi-factor-authentication.md index 8808043a..e9400dc1 100644 --- a/i18n/pt/basics/multi-factor-authentication.md +++ b/i18n/pt/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'O uso de AMF forte pode parar mais de 99% dos acessos não autorizados à conta, e é fácil de configurar nos serviços que você já usa.' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (e KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/basics/passwords-overview.md b/i18n/pt/basics/passwords-overview.md index b6030899..0c2c345f 100644 --- a/i18n/pt/basics/passwords-overview.md +++ b/i18n/pt/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Cópias de segurança You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/basics/threat-modeling.md b/i18n/pt/basics/threat-modeling.md index 5e6cbca5..c93feab9 100644 --- a/i18n/pt/basics/threat-modeling.md +++ b/i18n/pt/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "evergreen" icon: 'O que são modelos de ameaça?' +description: Equilibrar segurança, privacidade e usabilidade é uma das primeiras e mais difíceis tarefas que você enfrentará na sua jornada de privacidade. --- Equilibrar segurança, privacidade e usabilidade é uma das primeiras e mais difíceis tarefas que você enfrentará na sua jornada de privacidade. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Fontes - [Autodefesa de Vigilância EFF: Seu Plano de Segurança](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/basics/vpn-overview.md b/i18n/pt/basics/vpn-overview.md index 06129b83..a1a007f5 100644 --- a/i18n/pt/basics/vpn-overview.md +++ b/i18n/pt/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/calendar.md b/i18n/pt/calendar.md index 8c4526bd..de2f42e9 100644 --- a/i18n/pt/calendar.md +++ b/i18n/pt/calendar.md @@ -1,6 +1,7 @@ --- title: "Clientes de e-mail" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -85,5 +86,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/cloud.md b/i18n/pt/cloud.md index 380bf0ab..83e1c4c8 100644 --- a/i18n/pt/cloud.md +++ b/i18n/pt/cloud.md @@ -1,6 +1,7 @@ --- title: "Email" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -28,7 +29,6 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Framadate @@ -59,5 +59,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/cryptocurrency.md b/i18n/pt/cryptocurrency.md new file mode 100644 index 00000000..2566b514 --- /dev/null +++ b/i18n/pt/cryptocurrency.md @@ -0,0 +1,56 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! Isto permite-nos fornecer recomendações completamente objectivas. Desenvolvemos um conjunto claro de requisitos para qualquer provedor de VPN que deseje ser recomendado, incluindo criptografia forte, auditorias de segurança independentes, tecnologia moderna, e muito mais. + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! nota + Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Framadate + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! Considere o auto-hospedagem para mitigar esta ameaça. + + ![logo PrivateBin](/assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** é um pastebin online minimalista e de código aberto onde o servidor tem zero conhecimento de dados colados. Os dados são criptografados/descriptografados no navegador usando AES de 256 bits. Psono suporta compartilhamento seguro de senhas, arquivos, marcadores e e-mails. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/pt/data-redaction.md b/i18n/pt/data-redaction.md index fae1a0dc..fabc8601 100644 --- a/i18n/pt/data-redaction.md +++ b/i18n/pt/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Ferramentas de encriptação" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- Ao partilhar ficheiros, certifique-se de que remove os metadados associados. Os arquivos de imagem geralmente incluem [EXIF](https://en.wikipedia.org/wiki/Exif) dados. As fotos às vezes até incluem [GPS](https://en.wikipedia.org/wiki/Global_Positioning_System) coordenadas nos metadados do arquivo. @@ -160,5 +161,3 @@ The app offers multiple ways to erase metadata from images. 17.1 e 18.1 caracter - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/desktop-browsers.md b/i18n/pt/desktop-browsers.md index 1524707e..02a2b7ab 100644 --- a/i18n/pt/desktop-browsers.md +++ b/i18n/pt/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -254,6 +255,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.pt.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/pt/desktop.md b/i18n/pt/desktop.md index 0d2d0d16..d77baa96 100644 --- a/i18n/pt/desktop.md +++ b/i18n/pt/desktop.md @@ -1,6 +1,7 @@ --- title: "Armazenamento em nuvem" icon: fontawesome/brands/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -178,5 +179,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/dns.md b/i18n/pt/dns.md index 35783616..7726e2cc 100644 --- a/i18n/pt/dns.md +++ b/i18n/pt/dns.md @@ -1,13 +1,12 @@ --- title: "Introdução ao DNS" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! Devo utilizar DNS encriptado? +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. DNS criptografado não o ajudará a ocultar qualquer atividade de navegação. - DNS criptografado com uma terceira parte só deve ser usado para contornar redirecionamentos e bloqueio de DNS quando você pode ter certeza de que não haverá nenhuma consequência ou você está interessado em um provedor que faz alguma filtragem rudimentar. DNS criptografado não o ajudará a ocultar qualquer atividade de navegação. - - [Saiba mais sobre DNS](technology/dns.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Provedores recomendados @@ -137,8 +136,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.pt.txt" - [^1]: Armazenamos métricas agregadas de desempenho do nosso servidor DNS, nomeadamente o número de pedidos completos para um determinado servidor, o número de pedidos bloqueados, a velocidade de processamento dos pedidos. Nós mantemos e armazenamos a base de dados de domínios solicitados nas últimas 24 horas. Precisamos dessas informações para identificar e bloquear novos rastreadores e ameaças. Também registramos quantas vezes este ou aquele rastreador foi bloqueado. Precisamos desta informação para remover regras desactualizadas dos nossos filtros.[https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: O Cloudflare recolhe e armazena apenas os dados limitados da consulta DNS que são enviados para o resolvedor 1.1.1.1. O serviço resolver 1.1.1.1 não registra dados pessoais, e a maior parte dos dados de consulta limitados não identificáveis pessoalmente é armazenada apenas por 25 horas.[https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/pt/email-clients.md b/i18n/pt/email-clients.md index 2f6cfcdf..49ff7135 100644 --- a/i18n/pt/email-clients.md +++ b/i18n/pt/email-clients.md @@ -1,6 +1,7 @@ --- title: "Partilha de ficheiros" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Nossa lista de recomendações contém clientes de e-mail que suportam tanto [OpenPGP](/encryption/#openpgp) e autenticação forte como [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth permite-lhe utilizar [Multi-Factor Authentication](/multi-factor-authentication) e prevenir o roubo de contas. @@ -266,5 +267,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/email.md b/i18n/pt/email.md index e3ab3eb9..9b797f84 100644 --- a/i18n/pt/email.md +++ b/i18n/pt/email.md @@ -1,6 +1,7 @@ --- -title: "Provedores de e-mail privados" +title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Encontre um provedor de e-mail seguro que manterá sua privacidade em mente. Não se contente com plataformas suportadas por anúncios. @@ -9,9 +10,21 @@ Encontre um provedor de e-mail seguro que manterá sua privacidade em mente. Nã Para tudo o resto, recomendamos uma variedade de fornecedores de e-mail baseados em modelos de negócio sustentáveis e que incorporem funcionalidades de segurança e de privacidade. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## Serviços de e-mail recomendados -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
    + +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
    !!! Recomendamos que você verifique o [documentação](https://developers.yubico.com/SSH/) de Yubico sobre como configurar isso. @@ -42,43 +55,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. Verifique "Criptografia de E-mail". -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar ".onion Service" (Serviço de cebola) +#### :material-check:{ .pg-green } Custom Domains and Aliases - ![logo ProtonMail](/assets/img/email/protonmail.svg){ align=right } - - **ProtonMail** é um serviço de e-mail com foco em privacidade, criptografia, segurança e facilidade de uso. Eles estão em operação desde **2013***. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. nota Consulte a [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. +#### :material-check:{ .pg-green } Account Security - O ProtonMail suporta TOTP [autenticação de dois factores](https://protonmail.com/support/knowledge-base/two-factor-authentication/) apenas. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verifique "Domínios e Pseudônimos Personalizados". +#### :material-check:{ .pg-green } Data Security - ProtonMail suporta [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) [autenticação de dois fatores](https://protonmail.com/support/knowledge-base/two-factor-authentication/) apenas. O uso de uma chave de segurança [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor) ainda não é suportado. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). O uso de uma chave de segurança \[U2F\](https://en.wikipedia.org/wiki/Universal_2nd_Factor) ainda não é suportado. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Formas de pagamento privadas +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - ProtonMail tem [criptografia de acesso zero](https://protonmail.com/blog/zero-access-encryption) em repouso para seus e-mails, [contatos do catálogo de endereços](https://protonmail.com/blog/encrypted-contacts-manager), e [calendars](https://protonmail.com/blog/protoncalendar-security-model). Isto significa que as mensagens e outros dados armazenados na sua conta só são legíveis por si. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - O ProtonMail também suporta a descoberta de chaves públicas via HTTP a partir do seu [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. aviso "Métodos de pagamento privados". +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Isto significa que as mensagens e outros dados armazenados na sua conta só são legíveis por si. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Segurança de Dados +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes móveis". +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -97,46 +108,54 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v - [:octicons-browser-16: Web](https://login.mailbox.org) -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar ".onion Service" (Serviço de cebola) +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org permite aos usuários usar seu próprio domínio e eles suportam [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using catch-all alias with own domain) endereços. Mailbox.org também suporta [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What é um pseudônimo e como utilizá-lo), o que é útil para usuários que não querem comprar um domínio. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. cheque "Formas de pagamento privadas". +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org não aceita Bitcoin ou quaisquer outras moedas criptográficas como resultado de seu processador de pagamento BitPay suspender operações na Alemanha. No entanto, eles aceitam dinheiro pelo correio, pagamento em dinheiro para conta bancária, transferência bancária, cartão de crédito, PayPal e alguns processadores específicos da Alemanha: paydirekt e Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. No entanto, eles aceitam dinheiro pelo correio, pagamento em dinheiro para conta bancária, transferência bancária, cartão de crédito, PayPal e alguns processadores específicos da Alemanha: paydirekt e Sofortüberweisung. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. nota Consulte a [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. +#### :material-check:{ .pg-green } Account Security - Mailbox.org suporta [autenticação de dois fatores](https://kb.mailbox.org/display/MBOKBEN/How para usar autenticação de dois fatores - 2FA) apenas para o seu webmail. Você pode usar ou [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) ou um [Yubikey](https://en.wikipedia.org/wiki/YubiKey) através do [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Padrões web como [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) ainda não são suportados. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. cheque "Formas de pagamento privadas". +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Formas de pagamento privadas +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org tem [criptografia integrada](https://kb.mailbox.org/display/MBOKBEN/Send e-mails criptografados com Guard) em seu webmail, o que simplifica o envio de mensagens aos usuários com chaves públicas OpenPGP. Eles também permitem que [destinatários remotos descriptografem um e-mail](https://kb.mailbox.org/display/MBOKBEN/My destinatário não usa PGP) nos servidores da Mailbox.org. Esta funcionalidade é útil quando o destinatário remoto não tem o OpenPGP e não consegue desencriptar uma cópia do e-mail na sua própria caixa de correio. - - Mailbox.org também suporta a descoberta de chaves públicas via HTTP a partir de seu [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. aviso "Segurança de Dados". +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. Esta funcionalidade é útil quando o destinatário remoto não tem o OpenPGP e não consegue desencriptar uma cópia do e-mail na sua própria caixa de correio. - Você pode acessar sua conta Mailbox.org via IMAP/SMTP usando seu [.onion service](https://kb.mailbox.org/display/MBOKBEN/The Tor exit node of mailbox.org). No entanto, a sua interface de webmail não pode ser acessada através do seu serviço .onion, e os usuários podem experimentar erros no certificado TLS. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Segurança de Dados +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Você pode acessar sua conta Mailbox.org via IMAP/SMTP usando seu \[.onion service\](https://kb.mailbox.org/display/MBOKBEN/The Tor exit node of mailbox.org). No entanto, a sua interface de webmail não pode ser acessada através do seu serviço .onion, e os usuários podem experimentar erros no certificado TLS. Alternatively, you can nominate a person by name and address. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes móveis". +#### :material-information-outline:{ .pg-blue } Account Termination - ![Disroot logo](/assets/img/email/disroot.svg#only-light){ align=right } - ![Disroot logo](/assets/img/email/disroot-dark.svg#only-dark){ align=right } - - **Disroot** oferece e-mail entre [outros serviços](https://disroot.org/en/#services). O serviço é mantido por voluntários e sua comunidade. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). O serviço é mantido por voluntários e sua comunidade. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. aviso "Criptografia de e-mail". + +
    + +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
    ### Desarraigar @@ -153,43 +172,39 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v - [:octicons-browser-16: Web](https://mail.startmail.com/login) -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar ".onion Service" (Serviço de cebola) +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. Tutanota não tem planos de puxar e-mails de [contas de e-mail externas](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) usando o protocolo [IMAP](https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol) . +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - Disroot suporta [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) autenticação de dois fatores apenas para webmail. Eles não permitem [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor) autenticação da chave de segurança. +Disroot suporta \[TOTP\](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) autenticação de dois fatores apenas para webmail. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. nota Consulte a [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. +#### :material-check:{ .pg-green } Account Security - Disroot usa criptografia de disco completa. No entanto, não parece ser "acesso zero", o que significa que é tecnicamente possível para eles descriptografar os dados que têm se não forem adicionalmente encriptados com uma ferramenta como OpenPGP. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). No entanto, não parece ser "acesso zero", o que significa que é tecnicamente possível para eles descriptografar os dados que têm se não forem adicionalmente encriptados com uma ferramenta como OpenPGP. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. cheque "Formas de pagamento privadas". +#### :material-information-outline:{ .pg-blue } Data Security - Disroot permite o envio de e-mails criptografados a partir de sua aplicação de webmail usando OpenPGP. No entanto, Disroot não integrou um Web Key Directory (WKD) para os utilizadores na sua plataforma. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. No entanto, Disroot não integrou um Web Key Directory (WKD) para os utilizadores na sua plataforma. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Formas de pagamento privadas +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. aviso "Métodos de pagamento privados". +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Segurança de Dados +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes móveis". +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. aviso "Criptografia de e-mail". +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Software como um serviço (SaaS) apenas @@ -218,44 +233,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar ".onion Service" (Serviço de cebola) +#### :material-check:{ .pg-green } Custom Domains and Aliases - Tutanota suporta [autenticação de dois fatores](https://tutanota.com/faq#2fa). Os usuários podem usar [TOTP](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) ou [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor). +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. Tutanota não tem planos de puxar e-mails de [contas de e-mail externas](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) usando o protocolo [IMAP](https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol) . +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. nota Consulte a [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verifique "Domínios e Pseudônimos Personalizados". +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). O serviço é mantido por voluntários e sua comunidade. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). O serviço é mantido por voluntários e sua comunidade. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. aviso "Métodos de pagamento privados". +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Segurança de Dados +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes móveis". +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Visão Geral da Criptografia de E-mail An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
    + +- ![Joplin logo](/assets/img/notebooks/joplin.svg){ .twemoji } [Joplin](https://joplinapp.org/) +- ![Standard Notes logo](/assets/img/notebooks/standard-notes.svg){ .twemoji } [Standard Notes](https://standardnotes.org/) + +
    + Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -413,7 +435,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Privacidade @@ -430,7 +452,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -445,7 +467,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Programas de recompensa de bugs e/ou um processo coordenado de divulgação de vulnerabilidades. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Segurança @@ -483,5 +505,3 @@ Must not have any marketing which is irresponsible: ### Marketing While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/encryption.md b/i18n/pt/encryption.md index 7f3aeb76..237f5673 100644 --- a/i18n/pt/encryption.md +++ b/i18n/pt/encryption.md @@ -1,6 +1,7 @@ --- title: "Software de encriptação" icon: material/file-lock +description: A encriptação de dados é a única forma de controlar quem pode acessá-los. These tools allow you to encrypt your emails and any other files. --- A encriptação de dados é a única forma de controlar quem pode acessá-los. Se você não estiver usando software de criptografia para o seu disco rígido, e-mails ou arquivos, você deve escolher uma opção aqui. @@ -373,5 +374,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/file-sharing.md b/i18n/pt/file-sharing.md index 2c3f4ecf..b6081521 100644 --- a/i18n/pt/file-sharing.md +++ b/i18n/pt/file-sharing.md @@ -1,6 +1,7 @@ --- title: "Ferramentas de Autenticação Multi-Factor" icon: material/share-variant +description: Descubra como partilhar os seus ficheiros em privado entre os seus dispositivos, com os seus amigos e família, ou anonimamente online. --- Descubra como partilhar os seus ficheiros em privado entre os seus dispositivos, com os seus amigos e família, ou anonimamente online. @@ -165,5 +166,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/financial-services.md b/i18n/pt/financial-services.md new file mode 100644 index 00000000..73602ba2 --- /dev/null +++ b/i18n/pt/financial-services.md @@ -0,0 +1,102 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! nota + Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! nota + Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Framadate + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! Considere o auto-hospedagem para mitigar esta ameaça. + + ![logo PrivateBin](/assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** é um pastebin online minimalista e de código aberto onde o servidor tem zero conhecimento de dados colados. Os dados são criptografados/descriptografados no navegador usando AES de 256 bits. Psono suporta compartilhamento seguro de senhas, arquivos, marcadores e e-mails. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! nota + Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! nota + Consulte o [Tabela de Hardware](https://openwrt.org/toh/start) para verificar se o seu dispositivo é suportado. + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Framadate + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! Considere o auto-hospedagem para mitigar esta ameaça. + + ![logo PrivateBin](/assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** é um pastebin online minimalista e de código aberto onde o servidor tem zero conhecimento de dados colados. Os dados são criptografados/descriptografados no navegador usando AES de 256 bits. Psono suporta compartilhamento seguro de senhas, arquivos, marcadores e e-mails. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/pt/frontends.md b/i18n/pt/frontends.md index 9905b316..08ba1393 100644 --- a/i18n/pt/frontends.md +++ b/i18n/pt/frontends.md @@ -1,6 +1,7 @@ --- title: "Gestores de senhas" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -279,5 +280,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/index.md b/i18n/pt/index.md index 6e425673..f8eda126 100644 --- a/i18n/pt/index.md +++ b/i18n/pt/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/kb-archive.md b/i18n/pt/kb-archive.md index 15766695..ffc1166d 100644 --- a/i18n/pt/kb-archive.md +++ b/i18n/pt/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integração da Remoção de Metadados](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/meta/brand.md b/i18n/pt/meta/brand.md index 35a2225f..53cb9ac4 100644 --- a/i18n/pt/meta/brand.md +++ b/i18n/pt/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/meta/git-recommendations.md b/i18n/pt/meta/git-recommendations.md index 8e02a1f8..f59b5f81 100644 --- a/i18n/pt/meta/git-recommendations.md +++ b/i18n/pt/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/meta/uploading-images.md b/i18n/pt/meta/uploading-images.md index 7d49049b..55f136f8 100644 --- a/i18n/pt/meta/uploading-images.md +++ b/i18n/pt/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/meta/writing-style.md b/i18n/pt/meta/writing-style.md index e1e044e0..b9e47a71 100644 --- a/i18n/pt/meta/writing-style.md +++ b/i18n/pt/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/mobile-browsers.md b/i18n/pt/mobile-browsers.md index b855d61d..f0721521 100644 --- a/i18n/pt/mobile-browsers.md +++ b/i18n/pt/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -192,5 +193,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/multi-factor-authentication.md b/i18n/pt/multi-factor-authentication.md index efa783d1..f00d68a1 100644 --- a/i18n/pt/multi-factor-authentication.md +++ b/i18n/pt/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Autenticadores Multi-Factor" icon: 'O uso de AMF forte pode parar mais de 99% dos acessos não autorizados à conta, e é fácil de configurar nos serviços que você já usa.' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Chaves de Segurança de Hardware @@ -147,5 +148,3 @@ Recomendamos vivamente que utilize aplicações TOTP móveis em vez de alternati - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/news-aggregators.md b/i18n/pt/news-aggregators.md index d2430782..b28513ed 100644 --- a/i18n/pt/news-aggregators.md +++ b/i18n/pt/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "Comunicação em Tempo Real" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [agregador de notícias](https://en.wikipedia.org/wiki/News_aggregator) é uma forma de acompanhar os seus blogs e sites de notícias favoritos. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Clientes agregadores @@ -181,5 +182,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/notebooks.md b/i18n/pt/notebooks.md index 7fb14c0c..601d9063 100644 --- a/i18n/pt/notebooks.md +++ b/i18n/pt/notebooks.md @@ -1,6 +1,7 @@ --- title: "Cadernos de notas" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Mantenha um registo das suas notas e diários sem os entregar a terceiros. @@ -121,5 +122,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/os/android-overview.md b/i18n/pt/os/android-overview.md index 2d5c0254..941d7b81 100644 --- a/i18n/pt/os/android-overview.md +++ b/i18n/pt/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! Recomendamos que você verifique o [documentação](https://developers.yubico.com/SSH/) de Yubico sobre como configurar isso. + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/os/linux-overview.md b/i18n/pt/os/linux-overview.md index c548d2bb..74d8025d 100644 --- a/i18n/pt/os/linux-overview.md +++ b/i18n/pt/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Visão geral do Linux icon: fontawesome/brands/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -Existe uma crença comum que o *software* de [código aberto](https://pt. wikipedia. org/wiki/Software_de_c%C3%B3digo_aberto) é intrinsecamente seguro porque o código-fonte está disponível. Existe uma expectativa de que a verificação por parte da comunidade ocorre regularmente; contudo, esse nem sempre é [o caso](https://seirdy. one/2022/02/02/floss-security. html). A segurança do código está dependente de uma série de factores, tais como atividade do projecto, a experiência do programador, o nível de rigor aplicado em [revisões de código](https://en. wikipedia. org/wiki/Code_review) e a quantas vezes é dada atenção a partes específicas do [base de código](https://en. wikipedia. org/wiki/Codebase), que podem permanecer intocadas durante anos. +Existe uma crença comum que o *software* de [código aberto](https://pt. wikipedia. org/wiki/Software_de_c%C3%B3digo_aberto) é intrinsecamente seguro porque o código-fonte está disponível. Existe uma expectativa de que a verificação por parte da comunidade ocorre regularmente; contudo, esse nem sempre é [o caso](https://seirdy. one/2022/02/02/floss-security. html). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. Neste momento, a utilização de GNU/Linux em computadores pessoais tem algumas áreas que poderiam ser melhoradas quando comparadas com os seus equivalentes proprietários, por exemplo: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/os/qubes-overview.md b/i18n/pt/os/qubes-overview.md index 02c22221..06847aba 100644 --- a/i18n/pt/os/qubes-overview.md +++ b/i18n/pt/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/passwords.md b/i18n/pt/passwords.md index 545ef14a..ee59f1a2 100644 --- a/i18n/pt/passwords.md +++ b/i18n/pt/passwords.md @@ -1,6 +1,7 @@ --- title: "Redes Auto-Contidas" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Fique seguro e protegido on-line com um gerenciador de senhas criptografado e de código aberto. @@ -251,5 +252,3 @@ These products are minimal password managers that can be used within scripting a **PrivateBin** é um pastebin online minimalista e de código aberto onde o servidor tem zero conhecimento de dados colados. Os dados são criptografados/descriptografados no navegador usando AES de 256 bits. Psono suporta compartilhamento seguro de senhas, arquivos, marcadores e e-mails. - Must be cross-platform. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/productivity.md b/i18n/pt/productivity.md index e611bf1e..c00cc264 100644 --- a/i18n/pt/productivity.md +++ b/i18n/pt/productivity.md @@ -1,6 +1,7 @@ --- title: "Clientes de streaming de vídeo" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -178,5 +179,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/real-time-communication.md b/i18n/pt/real-time-communication.md index a84734c2..df81180a 100644 --- a/i18n/pt/real-time-communication.md +++ b/i18n/pt/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Clientes de streaming de vídeo" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -211,5 +212,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/router.md b/i18n/pt/router.md index 82164973..510b26a8 100644 --- a/i18n/pt/router.md +++ b/i18n/pt/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Abaixo estão alguns sistemas operacionais alternativos, que podem ser usados em roteadores, pontos de acesso Wi-Fi, etc. @@ -49,5 +50,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/search-engines.md b/i18n/pt/search-engines.md index 5d8e01b9..a0953385 100644 --- a/i18n/pt/search-engines.md +++ b/i18n/pt/search-engines.md @@ -1,6 +1,7 @@ --- title: "Motores de Busca" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use um motor de busca que não construa um perfil publicitário baseado nas suas pesquisas. @@ -107,5 +108,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/tools.md b/i18n/pt/tools.md index 63503b6b..75d7b6e4 100644 --- a/i18n/pt/tools.md +++ b/i18n/pt/tools.md @@ -3,6 +3,7 @@ title: "Ferramentas de Privacidade" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- Se você está procurando uma solução específica para algo, estas são as ferramentas de hardware e software que recomendamos em uma variedade de categorias. Nossas ferramentas de privacidade recomendadas são escolhidas principalmente com base em recursos de segurança, com ênfase adicional em ferramentas descentralizadas e de código aberto. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -93,10 +94,11 @@ For more details about each project, why they were chosen, and additional tips o
    -- ![Nextcloud logo](/assets/img/cloud/nextcloud.svg){ .twemoji } [Nextcloud (Self-Hostable)](https://nextcloud.com/) -- ![Proton Drive logo](/assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](https://drive.protonmail.com/) -- ![Cryptee logo](/assets/img/cloud/cryptee.svg#only-light){ .twemoji }![Logotipo de Cryptee](/assets/img/cloud/cryptee-dark.svg#only-dark){ .twemoji } [Cryptee](https://crypt.ee/) -- ![Logotipo de Tahoe-LAFS](/assets/img/cloud/tahoe-lafs.svg#only-light){ .twemoji }![Logotipo Tahoe-LAFS](/assets/img/cloud/tahoe-lafs-dark.svg#only-dark){ .twemoji } [Tahoe-LAFS (Avançado)](https://www.tahoe-lafs.org/) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) +- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) +- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) +- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
    @@ -210,6 +212,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Saiba mais...](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
    + +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
    + +[Saiba mais...](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
    + +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
    + +[Saiba mais...](financial-services.md#gift-card-marketplaces) + ### Motores de Busca
    @@ -239,10 +264,9 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v
    -- ![logo GnuPG](/assets/img/encryption-software/gnupg.svg){ .twemoji } [GnuPG](https://gnupg.org) -- ![GPG4Win logo](/assets/img/encryption-software/gpg4win.svg){ .twemoji } [GPG4Win (Windows)](https://gpg4win.org) -- ![GPG Suite logo](/assets/img/encryption-software/gpgsuite.png){ .twemoji } [GPG Suite (macOS)](https://gpgtools.org) -- ![OpenKeychain logo](/assets/img/encryption-software/openkeychain.svg){ .twemoji } [OpenKeychain](https://www.openkeychain.org/) +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
    @@ -264,6 +288,16 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v [Saiba mais...](calendar.md) +### Cryptocurrency + +
    + +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
    + +[Saiba mais...](cryptocurrency.md) + ### Ferramentas de encriptação
    @@ -451,5 +485,3 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v
    [Saiba mais...](video-streaming.md) - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/tor.md b/i18n/pt/tor.md index 429ca5bf..f46298ee 100644 --- a/i18n/pt/tor.md +++ b/i18n/pt/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
    - ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
    Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
    -
    - -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -129,5 +124,3 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/video-streaming.md b/i18n/pt/video-streaming.md index fac54af6..df2d5f54 100644 --- a/i18n/pt/video-streaming.md +++ b/i18n/pt/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Transmissão de vídeo" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- A principal ameaça ao usar uma plataforma de streaming de vídeo é que os seus hábitos de streaming e listas de assinaturas podem ser usados para traçar o seu perfil. Você deve combinar estas ferramentas com um [VPN](/vpn) ou [Tor](https://www.torproject.org/) para tornar mais difícil o perfil do seu uso. @@ -49,5 +50,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/pt/vpn.md b/i18n/pt/vpn.md index a5c3626c..59b37a3e 100644 --- a/i18n/pt/vpn.md +++ b/i18n/pt/vpn.md @@ -1,11 +1,20 @@ --- -title: "Serviços VPN" +title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Encontre um operador VPN sem registo que não esteja a vender ou a ler o seu tráfego web. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. perigo "As VPNs não proporcionam anonimato". +
    + +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
    + +!!! perigo "As VPNs não proporcionam anonimato". Usando uma VPN **não*** manterá seus hábitos de navegação anônimos, nem adicionará segurança adicional ao tráfego não seguro (HTTP). @@ -15,78 +24,11 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v [Baixar Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Mitos Tor & FAQ](https://medium.com/privacyguides/slicing-onions-part-1-myth-busting-tor-9ec188ae1904){ .md-button } -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. info "Quando é que as VPNs são úteis?" - - Se você está procurando por **privacidade adicional** do seu provedor, em uma rede Wi-Fi pública, ou enquanto estiver torrentando arquivos, uma VPN pode ser a solução para você, desde que você entenda os riscos envolvidos. - - [Mais informações](#vpn-overview){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Provedores recomendados -!!! exemplo "Critérios". - - Nossos provedores recomendados estão fora dos EUA, usam criptografia, aceitam Monero, suportam WireGuard & OpenVPN, e têm uma política de não registro. Leia a nossa [lista completa de critérios](#nossos-critérios) para mais informações. - -### Mullvad - -!!! recommendation annotate - - ![logo Mullvad](/assets/img/vpn/mullvad.svg#only-light){ align=right } - ![Mullvad logo](/assets/img/vpn/mullvad-dark.svg#only-dark){ align=right } - - **Mullvad** é uma VPN rápida e barata com um foco sério na transparência e segurança. Eles estão em operação desde **2009***. - - Mullvad está sediada na Suécia e não tem um teste gratuito. downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "35 Países". - - Mullvad tem [servidores em 35 países](https://mullvad.net/en/servers/) no momento de escrever esta página. Escolher um provedor VPN com um servidor mais próximo de você irá reduzir a latência do tráfego de rede que você envia. Isto é devido a uma rota mais curta (menos lúpulo) para o destino. - - Também achamos que é melhor para a segurança das chaves privadas do provedor de VPN se ele usar [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), ao invés de soluções compartilhadas mais baratas (com outros clientes), como [servidores virtuais privados](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Ocultar o seu tráfego de **apenas** o seu fornecedor de serviços de Internet. - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Auditado independentemente". - - Os clientes VPN da Mullvad foram auditados pela Cure53 e Assured AB num relatório de pentest [publicado na cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). Os investigadores de segurança concluíram: - - > Cure53 e Assured AB estão satisfeitos com os resultados da auditoria e o software deixa uma impressão geral positiva. Com a dedicação da equipe interna do complexo Mullvad VPN, os testadores não têm dúvidas de que o projeto está no caminho certo do ponto de vista de segurança. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes de código aberto". - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. cheque "Aceita Dinheiro". - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Suporte WireGuard". - - A Mullvad suporta o protocolo WireGuard®. [WireGuard](https://www.wireguard.com)[^1] é um protocolo mais recente que utiliza o estado da arte [cryptography](https://www.wireguard.com/protocol/). Além disso, o WireGuard pretende ser mais simples e mais performante. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) o uso do WireGuard com o seu serviço. É o protocolo padrão ou único protocolo nos aplicativos Android, iOS, macOS e Linux da Mullvad, enquanto os usuários de Windows têm de [habilitar manualmente](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Suporte IPv6". - - A Mullvad suporta o futuro do networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Sua rede permite aos usuários [acessar serviços hospedados em IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) em oposição a outros provedores que bloqueiam conexões IPv6. - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Remote Port Forwarding". - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes móveis". - - A Mullvad publicou clientes [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) e [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), ambos com suporte a uma interface fácil de usar, em vez de exigir que os usuários configurem manualmente suas conexões do WireGuard. O cliente móvel no Android também está disponível em [F-Droid](https://f-droid.org/packages/net.mullvad.mullvadvpn), o que garante que ele seja compilado com [builds reproduzíveis](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! info "Funcionalidade Adicional - - Mullvad é muito transparente sobre quais nós eles [possuem ou alugam](https://mullvad.net/en/servers/). Eles usam [ShadowSocks](https://shadowsocks.org/en/index.html) na sua configuração ShadowSocks OpenVPN, tornando-os mais resistentes contra firewalls com [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) tentando bloquear VPNs. +Nossos provedores recomendados estão fora dos EUA, usam criptografia, aceitam Monero, suportam WireGuard & OpenVPN, e têm uma política de não registro. Read our [full list of criteria](#criteria) for more information. ### ProtonVPN @@ -99,43 +41,44 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v Eles oferecem mais 14 iscount para a compra de uma assinatura de 2 anos. Também achamos que é melhor para a segurança das chaves privadas do provedor de VPN se ele usar [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), ao invés de soluções compartilhadas mais baratas (com outros clientes), como [servidores virtuais privados](https://en.wikipedia.org/wiki/Virtual_private_server). -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "44 Países". +#### :material-check:{ .pg-green } 35 Countries - ProtonVPN tem [servidores em 44 países](https://protonvpn.com/vpn-servers) no momento de escrever esta página. Escolher um provedor VPN com um servidor mais próximo de você irá reduzir a latência do tráfego de rede que você envia. Isto é devido a uma rota mais curta (menos lúpulo) para o destino. - - Também achamos que é melhor para a segurança das chaves privadas do provedor de VPN se ele usar [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), ao invés de soluções compartilhadas mais baratas (com outros clientes), como [servidores virtuais privados](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Isto é devido a uma rota mais curta (menos lúpulo) para o destino. +{ .annotate } 1. Ocultar o seu tráfego de **apenas** o seu fornecedor de serviços de Internet. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Auditado independentemente". +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes de código aberto". +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. cheque "Aceita Dinheiro". +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Suporte WireGuard". +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - ProtonVPN suporta principalmente o protocolo WireGuard®. [WireGuard](https://www.wireguard.com)[^1] é um protocolo mais recente que utiliza o estado da arte [cryptography](https://www.wireguard.com/protocol/). Além disso, o WireGuard pretende ser mais simples e mais performante. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. Falta o "Remote Port Forwarding". +ProtonVPN suporta principalmente o protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Além disso, o WireGuard pretende ser mais simples e mais performante. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Remote Port Forwarding". +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes móveis". +#### :material-check:{ .pg-green } Mobile Clients - ProtonVPN têm seus próprios servidores e datacenters na Suíça, Islândia e Suécia. Eles oferecem bloqueio de domínios malware conhecidos e de bloqueio com o seu serviço DNS. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +ProtonVPN têm seus próprios servidores e datacenters na Suíça, Islândia e Suécia. IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### IVPN @@ -157,55 +100,118 @@ Recomendamos armazenar uma chave de recuperação local em um local seguro, em v - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "32 Países". +#### :material-check:{ .pg-green } 41 Countries - IVPN tem [servidores em 32 países](https://www.ivpn.net/server-locations) no momento de escrever esta página. Escolher um provedor VPN com um servidor mais próximo de você irá reduzir a latência do tráfego de rede que você envia. Isto é devido a uma rota mais curta (menos lúpulo) para o destino. - - Também achamos que é melhor para a segurança das chaves privadas do provedor de VPN se ele usar [servidores dedicados](https://en.wikipedia.org/wiki/Dedicated_hosting_service), ao invés de soluções compartilhadas mais baratas (com outros clientes), como [servidores virtuais privados](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Isto é devido a uma rota mais curta (menos lúpulo) para o destino. +{ .annotate } 1. Ocultar o seu tráfego de **apenas** o seu fornecedor de serviços de Internet. -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Auditado independentemente". +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. \[WireGuard\](https://www.wireguard.com)\[^1] é um protocolo mais recente que utiliza o estado da arte [cryptography\](https://www.wireguard.com/protocol/). + +#### :material-check:{ .pg-green } WireGuard Support + +O IVPN suporta o protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Além disso, o WireGuard pretende ser mais simples e mais performante. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. O cliente móvel no Android também está disponível em \[F-Droid\](https://f-droid.org/en/packages/net.ivpn.client), o que garante que ele seja compilado com \[builds reproduzíveis\](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Mullvad + +!!! recommendation annotate + + ![logo Mullvad](/assets/img/vpn/mullvad.svg#only-light){ align=right } + ![Mullvad logo](/assets/img/vpn/mullvad-dark.svg#only-dark){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Mullvad** é uma VPN rápida e barata com um foco sério na transparência e segurança. Eles estão em operação desde **2009***. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + Mullvad está sediada na Suécia e não tem um teste gratuito. downloads - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. - - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes de código aberto". +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Isto é devido a uma rota mais curta (menos lúpulo) para o destino. +{ .annotate } -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. cheque "Aceita Dinheiro". +1. Ocultar o seu tráfego de **apenas** o seu fornecedor de serviços de Internet. - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. [WireGuard](https://www.wireguard.com)[^1] é um protocolo mais recente que utiliza o estado da arte [cryptography](https://www.wireguard.com/protocol/). +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Suporte WireGuard". +#### :material-check:{ .pg-green } Independently Audited - O IVPN suporta o protocolo WireGuard®. [WireGuard](https://www.wireguard.com)[^1] é um protocolo mais recente que utiliza o estado da arte [cryptography](https://www.wireguard.com/protocol/). Além disso, o WireGuard pretende ser mais simples e mais performante. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +Os clientes VPN da Mullvad foram auditados pela Cure53 e Assured AB num relatório de pentest \[publicado na cure53.de\](https://cure53.de/pentest-report_mullvad_v2.pdf). Os investigadores de segurança concluíram: -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Remote Port Forwarding". +> Cure53 e Assured AB estão satisfeitos com os resultados da auditoria e o software deixa uma impressão geral positiva. Com a dedicação da equipe interna do complexo Mullvad VPN, os testadores não têm dúvidas de que o projeto está no caminho certo do ponto de vista de segurança. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - O envio remoto [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) é possível com um plano Pro. Port forwarding [pode ser ativado](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) através da área do cliente. +#### :material-check:{ .pg-green } Open-Source Clients -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. Falta o "Remote Port Forwarding". +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - Além de fornecer arquivos de configuração padrão OpenVPN, o IVPN tem clientes móveis para [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683) e [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), permitindo fácil conexão com seus servidores. O cliente móvel no Android também está disponível em [F-Droid](https://f-droid.org/en/packages/net.ivpn.client), o que garante que ele seja compilado com [builds reproduzíveis](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +#### :material-check:{ .pg-green } Accepts Cash -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Remote Port Forwarding". +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. - Clientes IVPN suportam dois factores de autenticação (clientes Mullvad e ProtonVPN não suportam). IVPN também fornece a funcionalidade "[AntiTracker](https://www.ivpn.net/antitracker)", que bloqueia redes de publicidade e rastreadores a partir do nível da rede. +#### :material-check:{ .pg-green } WireGuard Support -Recomendamos armazenar uma chave de recuperação local em um local seguro, em vez de utilizar a recuperação do iCloud FileVault. verificar "Clientes móveis". +A Mullvad suporta o protocolo WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Além disso, o WireGuard pretende ser mais simples e mais performante. - É importante notar que a utilização de um provedor VPN não o tornará anônimo, mas lhe dará melhor privacidade em certas situações. Uma VPN não é uma ferramenta para actividades ilegais. Não confies numa política de "sem registo". Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. + +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Sua rede permite aos usuários \[acessar serviços hospedados em IPv6\](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) em oposição a outros provedores que bloqueiam conexões IPv6. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +A Mullvad publicou clientes \[App Store\](https://apps.apple.com/app/mullvad-vpn/id1488466513) e \[Google Play\](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn), ambos com suporte a uma interface fácil de usar, em vez de exigir que os usuários configurem manualmente suas conexões do WireGuard. O cliente móvel no Android também está disponível em \[F-Droid\](https://f-droid.org/packages/net.mullvad.mullvadvpn), o que garante que ele seja compilado com \[builds reproduzíveis\](https://www.f-droid.org/en/2019/05/05/trust-privacy-and-free-software.html). They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. Eles usam \[ShadowSocks\](https://shadowsocks.org/en/index.html) na sua configuração ShadowSocks OpenVPN, tornando-os mais resistentes contra firewalls com \[Deep Packet Inspection\](https://en.wikipedia.org/wiki/Deep_packet_inspection) tentando bloquear VPNs. ## Framadate @@ -240,13 +246,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **O melhor caso:** -- Suporte para protocolos fortes como o WireGuard & OpenVPN. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - Killswitch construído para os clientes. **Best Case:** -- Suporte WireGuard e OpenVPN. -- Killswitch com opções altamente configuráveis (ativar/desativar em certas redes, no boot, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Privacidade @@ -304,5 +310,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Marketing While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.pt.txt" diff --git a/i18n/ru/404.md b/i18n/ru/404.md index b10bd9ac..79accdfa 100644 --- a/i18n/ru/404.md +++ b/i18n/ru/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Страница Не Найдена @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/criteria.md b/i18n/ru/about/criteria.md index a633946e..3084230b 100644 --- a/i18n/ru/about/criteria.md +++ b/i18n/ru/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/donate.md b/i18n/ru/about/donate.md index 965414b8..54eda387 100644 --- a/i18n/ru/about/donate.md +++ b/i18n/ru/about/donate.md @@ -48,5 +48,3 @@ Privacy Guides - это **некоммерческая** организация. Иногда мы приобретаем продукты и услуги для тестирования [рекомендуемых нами инструментов](../tools.md). Мы всё ещё работаем над нашим фискальным хостом (Фонд Open Collective), чтобы получать пожертвования в криптовалюте, сейчас учёт множества мелких операций невозможен, но мы постараемся изменить это в будущем. А пока, если вы хотите сделать большое (> $100) пожертвование в криптовалюте, пожалуйста обратитесь по адресу [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/index.md b/i18n/ru/about/index.md index e86f19ae..f695a040 100644 --- a/i18n/ru/about/index.md +++ b/i18n/ru/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. Однако вы **не можете** использовать бренд PrivacyGuides в своем проекте без нашего специального разрешения. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/notices.md b/i18n/ru/about/notices.md index ce7b4b0f..a5318431 100644 --- a/i18n/ru/about/notices.md +++ b/i18n/ru/about/notices.md @@ -41,5 +41,3 @@ PrivacyGuides - это проект с открытым исходным код * Скрейпинг * Data mining (просев информации, добыча данных, извлечение данных) * "Фрейминг" (IFrames) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/privacy-policy.md b/i18n/ru/about/privacy-policy.md index 9b040630..7288aaca 100644 --- a/i18n/ru/about/privacy-policy.md +++ b/i18n/ru/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). Мы можем изменить способ объявления изменений в будущих версиях политики. В то же время мы можем обновить контактные данные в любое время без объявления об изменениях. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/privacytools.md b/i18n/ru/about/privacytools.md index 74fe67e5..515c21f5 100644 --- a/i18n/ru/about/privacytools.md +++ b/i18n/ru/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/services.md b/i18n/ru/about/services.md index 6997f3b3..7046475d 100644 --- a/i18n/ru/about/services.md +++ b/i18n/ru/about/services.md @@ -36,5 +36,3 @@ - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/about/statistics.md b/i18n/ru/about/statistics.md index 8dbab7e9..efcec7bd 100644 --- a/i18n/ru/about/statistics.md +++ b/i18n/ru/about/statistics.md @@ -59,5 +59,3 @@ title: Статистика посещений }) }) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/advanced/communication-network-types.md b/i18n/ru/advanced/communication-network-types.md index cd6b353e..0b800360 100644 --- a/i18n/ru/advanced/communication-network-types.md +++ b/i18n/ru/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/advanced/dns-overview.md b/i18n/ru/advanced/dns-overview.md index a31164bb..63d85a91 100644 --- a/i18n/ru/advanced/dns-overview.md +++ b/i18n/ru/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/advanced/payments.md b/i18n/ru/advanced/payments.md new file mode 100644 index 00000000..0948c652 --- /dev/null +++ b/i18n/ru/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! recommendation + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/ru/advanced/tor-overview.md b/i18n/ru/advanced/tor-overview.md index 6b51d05a..334fd28e 100644 --- a/i18n/ru/advanced/tor-overview.md +++ b/i18n/ru/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.ru.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/ru/android.md b/i18n/ru/android.md index 969671ae..619e8bb0 100644 --- a/i18n/ru/android.md +++ b/i18n/ru/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## Деривативы AOSP @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/basics/account-creation.md b/i18n/ru/basics/account-creation.md index 5599ad05..afa5d429 100644 --- a/i18n/ru/basics/account-creation.md +++ b/i18n/ru/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/basics/account-deletion.md b/i18n/ru/basics/account-deletion.md index 9b163e23..e32160b2 100644 --- a/i18n/ru/basics/account-deletion.md +++ b/i18n/ru/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/basics/common-misconceptions.md b/i18n/ru/basics/common-misconceptions.md index a4397502..41997417 100644 --- a/i18n/ru/basics/common-misconceptions.md +++ b/i18n/ru/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.ru.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/ru/basics/common-threats.md b/i18n/ru/basics/common-threats.md index 7a525ce7..e278c0cb 100644 --- a/i18n/ru/basics/common-threats.md +++ b/i18n/ru/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.ru.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/ru/basics/email-security.md b/i18n/ru/basics/email-security.md index d7ce0046..f0c2fb57 100644 --- a/i18n/ru/basics/email-security.md +++ b/i18n/ru/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/basics/multi-factor-authentication.md b/i18n/ru/basics/multi-factor-authentication.md index 5a72547d..9bae2263 100644 --- a/i18n/ru/basics/multi-factor-authentication.md +++ b/i18n/ru/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (и KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/basics/passwords-overview.md b/i18n/ru/basics/passwords-overview.md index 482da401..944921cf 100644 --- a/i18n/ru/basics/passwords-overview.md +++ b/i18n/ru/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/basics/threat-modeling.md b/i18n/ru/basics/threat-modeling.md index f32915b4..bd784b8f 100644 --- a/i18n/ru/basics/threat-modeling.md +++ b/i18n/ru/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Моделирование угроз" icon: 'material/target-account' +description: Баланс между безопасностью, конфиденциальностью и удобством использования - одна из первых и самых сложных задач, с которыми вы столкнетесь на пути к конфиденциальности. --- Баланс между безопасностью, конфиденциальностью и удобством использования - одна из первых и самых сложных задач, с которыми вы столкнетесь на пути к конфиденциальности. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Источники - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/basics/vpn-overview.md b/i18n/ru/basics/vpn-overview.md index 8da6876c..a1a007f5 100644 --- a/i18n/ru/basics/vpn-overview.md +++ b/i18n/ru/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/calendar.md b/i18n/ru/calendar.md index 2480f51a..eee93684 100644 --- a/i18n/ru/calendar.md +++ b/i18n/ru/calendar.md @@ -1,6 +1,7 @@ --- title: "Синхронизация календаря" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Ваши события в календаре - одни из самых конфиденциальных данных. Используйте продукты с поддержкой автоматического E2EE, чтобы предотвратить их чтение провайдером. @@ -67,5 +68,3 @@ icon: material/calendar Эти критерии представляют собой то, что мы хотели бы видеть от идеального проекта в этой категории. Наши рекомендации могут не соответствовать всем или нескольким из этих критериев, но проекты, которые им соответствуют, расположены выше остальных. - По возможности должна быть интеграция с родными приложениями "календарь" и "контакты" в операционной системе. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/cloud.md b/i18n/ru/cloud.md index 76140452..428e6ba8 100644 --- a/i18n/ru/cloud.md +++ b/i18n/ru/cloud.md @@ -1,6 +1,7 @@ --- title: "Облачное хранилище" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Многие сервисы облачного хранилища требуют от вас полного доверия, что они не будут просматривать ваши файлы. Альтернативы, перечисленные ниже, устраняют необходимость в доверии, либо предоставляя вам контроль над вашими данными, либо используя E2EE. @@ -29,7 +30,6 @@ icon: material/file-cloud - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Мобильные клиенты Proton Drive были выпущены в декабре 2022 года и пока не имеют открытого исходного кода. Исторически сложилось так, что компания "Proton" откладывает выпуск исходного кода до окончания выпуска первоначального продукта, и выпуск исходного кода [запланирован](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) на конец 2023 года. Клиенты Proton Drive для ПК все еще находятся в разработке. ## Критерии @@ -58,5 +58,3 @@ icon: material/file-cloud - Эти клиенты должны интегрироваться с собственными инструментами ОС для сервисов облачных хранилищ, такими как интеграция приложения Files на iOS или функциональность DocumentsProvider на Android. - Должны поддерживать простой обмен файлами с другими пользователями. - Должны предлагать, по крайней мере, базовые функции предварительного просмотра и редактирования файлов в веб-интерфейсе. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/cryptocurrency.md b/i18n/ru/cryptocurrency.md new file mode 100644 index 00000000..6616a28e --- /dev/null +++ b/i18n/ru/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! recommendation + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! Для уменьшения этой угрозы рассмотрите возможность самостоятельного хостинга. + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. Мы учитываем и обсуждаем много факторов, перед тем как рекомендовать какой-то проект, и документирование каждого из них ещё не завершено. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/ru/data-redaction.md b/i18n/ru/data-redaction.md index 7b74bfb6..42ec0dcb 100644 --- a/i18n/ru/data-redaction.md +++ b/i18n/ru/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Инструменты для шифрования" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- Когда вы делитесь с кем-то файлами, то не забудьте удалить связанные с ними метаданные. Файлы изображений обычно содержат [данные EXIF](https://ru.wikipedia.org/wiki/Exif). Иногда фотографии даже включают ваши [GPS](https://ru.wikipedia.org/wiki/GPS) координаты в метаданные файла. @@ -136,5 +137,3 @@ The app offers multiple ways to erase metadata from images. recommendation - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/desktop-browsers.md b/i18n/ru/desktop-browsers.md index 5fc02de1..8e31ef0e 100644 --- a/i18n/ru/desktop-browsers.md +++ b/i18n/ru/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -248,6 +249,4 @@ These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashb - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.ru.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/ru/desktop.md b/i18n/ru/desktop.md index ba9950ca..5b9320e4 100644 --- a/i18n/ru/desktop.md +++ b/i18n/ru/desktop.md @@ -1,6 +1,7 @@ --- title: "Облачные хранилища" icon: fontawesome/brands/linux +description: Дистрибутивы Linux часто рекомендуются для защиты конфиденциальности и свободы пользователей. --- Дистрибутивы Linux часто рекомендуются для защиты конфиденциальности и свободы пользователей. Если вы еще не используете Linux, ниже приведены некоторые дистрибутивы, которые мы рекомендуем попробовать, а также несколько общих советов по улучшению конфиденциальности и безопасности, которые применимы ко многим дистрибутивам Linux. @@ -176,5 +177,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/dns.md b/i18n/ru/dns.md index 1760375b..b5dd0c01 100644 --- a/i18n/ru/dns.md +++ b/i18n/ru/dns.md @@ -1,13 +1,12 @@ --- title: "DNS-провайдеры" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! faq "Следует ли мне использовать зашифрованный DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Зашифрованный DNS не поможет вам скрыть какую-либо активность в интернете. - Зашифрованный DNS со сторонними серверами должен использоваться только для обхода базовой [DNS-блокировки](https://en.wikipedia.org/wiki/DNS_blocking) если вы уверены, что это не повлечет за собой никаких последствий. Зашифрованный DNS не поможет вам скрыть какую-либо активность в интернете. - - [Подробнее о DNS](technology/dns.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Рекомендованные провайдеры @@ -131,8 +130,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.ru.txt" - [^1]: AdGuard хранит показатели производительности их DNS серверов, содержащие в себе количество выполненных запросов к определенному серверу, количество заблокированных запросов и скорость обработки. Они также ведут и хранят базу данных доменов, запрошенных в течение последних 24 часов. "Нам нужна эта информация, чтобы выявлять и блокировать новые трекеры и угрозы." "Также мы храним информацию о том, сколько раз тот или иной трекер был заблокирован. Нам нужна эта информация, чтобы удалять устаревшие правила из наших фильтров." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare собирает и хранит только DNS-запросы, направленные на 1.1.1.1. Сервис не хранит персональные данные; большая часть неперсональных данных хранится только в течение 25 часов. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/ru/email-clients.md b/i18n/ru/email-clients.md index df60116f..6c58ca50 100644 --- a/i18n/ru/email-clients.md +++ b/i18n/ru/email-clients.md @@ -1,6 +1,7 @@ --- title: "Обмен Файлами" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Наш список рекомендаций содержит только почтовые клиенты, которые поддерживают [OpenPGP](/encryption/#openpgp) и безопасную аутентификацию (например, [OAuth](https://ru.wikipedia.org/wiki/OAuth)). OAuth позволяет использовать [многофакторную аутентификацию](/multi-factor-authentication) и предотвратить кражу учетных записей. @@ -226,5 +227,3 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/email.md b/i18n/ru/email.md index 3efb2141..719f7df7 100644 --- a/i18n/ru/email.md +++ b/i18n/ru/email.md @@ -1,6 +1,7 @@ --- -title: "Провайдеры приватной электронной почты" +title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Электронная почта практически необходима для использования любого онлайн-сервиса, однако мы не рекомендуем использовать её для общения с людьми. Вместо того чтобы использовать электронную почту для связи с другими людьми, советуем использовать мессенджеры, которые поддерживают прямую секретность. @@ -9,9 +10,21 @@ icon: material/email Для всего остального, мы рекомендуем различных провайдеров электронной почты, которые базируются на устойчивых бизнес-моделях и встроенных функциях безопасности и конфиденциальности. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
    + +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
    !!! note @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
    + +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
    ### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,52 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
    + +- ![Логотип Proton VPN](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#protonvpn) +- ![Логотип IVPN](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) +- ![Логотип Mullvad](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) + +
    + Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +439,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +456,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +471,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +509,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/encryption.md b/i18n/ru/encryption.md index 38139b8d..99d89405 100644 --- a/i18n/ru/encryption.md +++ b/i18n/ru/encryption.md @@ -1,6 +1,7 @@ --- title: "Инструменты для шифрования" icon: material/file-lock +description: Шифрование данных - единственный способ контролировать доступ к ним. These tools allow you to encrypt your emails and any other files. --- Шифрование данных - единственный способ контролировать доступ к ним. Если вы еще не используете какие-либо инструменты шифрования диска, электронной почты или файлов, то вы можете выбрать один из них тут. @@ -320,5 +321,3 @@ When encrypting with PGP, you have the option to configure different options in - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/file-sharing.md b/i18n/ru/file-sharing.md index ea50c68f..dab56bbf 100644 --- a/i18n/ru/file-sharing.md +++ b/i18n/ru/file-sharing.md @@ -1,6 +1,7 @@ --- title: "Синхронизация и обмен файлами" icon: material/share-variant +description: Узнайте, как конфиденциально обмениваться файлами между устройствами, с друзьями и родственниками или анонимно в Интернете. --- Узнайте, как конфиденциально обмениваться файлами между устройствами, с друзьями и родственниками или анонимно в Интернете. @@ -144,5 +145,3 @@ ffsend upload --host https://send.vis.ee/ FILE - Есть мобильные клиенты для iOS и Android, которые, как минимум, поддерживают предварительный просмотр документов. - Есть резервное копирование фотографий с iOS и Android, а также опциональная поддержка синхронизации файлов/папок на Android. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/financial-services.md b/i18n/ru/financial-services.md new file mode 100644 index 00000000..45becd74 --- /dev/null +++ b/i18n/ru/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! Для уменьшения этой угрозы рассмотрите возможность самостоятельного хостинга. + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. Мы учитываем и обсуждаем много факторов, перед тем как рекомендовать какой-то проект, и документирование каждого из них ещё не завершено. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! Для уменьшения этой угрозы рассмотрите возможность самостоятельного хостинга. + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. Мы учитываем и обсуждаем много факторов, перед тем как рекомендовать какой-то проект, и документирование каждого из них ещё не завершено. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/ru/frontends.md b/i18n/ru/frontends.md index 80b695ed..d7df9bfc 100644 --- a/i18n/ru/frontends.md +++ b/i18n/ru/frontends.md @@ -1,6 +1,7 @@ --- title: "Менеджеры паролей" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/index.md b/i18n/ru/index.md index 895f5188..8a06ee5c 100644 --- a/i18n/ru/index.md +++ b/i18n/ru/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/kb-archive.md b/i18n/ru/kb-archive.md index fa8dd888..92daee33 100644 --- a/i18n/ru/kb-archive.md +++ b/i18n/ru/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/meta/brand.md b/i18n/ru/meta/brand.md index fa2593ef..53cb9ac4 100644 --- a/i18n/ru/meta/brand.md +++ b/i18n/ru/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/meta/git-recommendations.md b/i18n/ru/meta/git-recommendations.md index 3d948add..f59b5f81 100644 --- a/i18n/ru/meta/git-recommendations.md +++ b/i18n/ru/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/meta/uploading-images.md b/i18n/ru/meta/uploading-images.md index e6d86017..55f136f8 100644 --- a/i18n/ru/meta/uploading-images.md +++ b/i18n/ru/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/meta/writing-style.md b/i18n/ru/meta/writing-style.md index b612615e..b9e47a71 100644 --- a/i18n/ru/meta/writing-style.md +++ b/i18n/ru/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/mobile-browsers.md b/i18n/ru/mobile-browsers.md index ce09af5e..9e52a55b 100644 --- a/i18n/ru/mobile-browsers.md +++ b/i18n/ru/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -182,5 +183,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/multi-factor-authentication.md b/i18n/ru/multi-factor-authentication.md index f20cf937..aa1abea8 100644 --- a/i18n/ru/multi-factor-authentication.md +++ b/i18n/ru/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Многофакторная аутентификация" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Аппаратные ключи безопасности @@ -138,5 +139,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/news-aggregators.md b/i18n/ru/news-aggregators.md index c3881c18..9b8a7622 100644 --- a/i18n/ru/news-aggregators.md +++ b/i18n/ru/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "Мессенджеры" icon: octicons/rss-24 +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -[Новостные агрегаторы](https://en.wikipedia.org/wiki/News_aggregator) - это простой способ следить за любимыми блогами и новостями. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Клиенты-агрегаторы @@ -174,5 +175,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/notebooks.md b/i18n/ru/notebooks.md index 15ce4e9c..ba0137f7 100644 --- a/i18n/ru/notebooks.md +++ b/i18n/ru/notebooks.md @@ -1,6 +1,7 @@ --- title: "Заметки" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Сохраняйте свои заметки и дневники, не передавая их третьим лицам. @@ -111,5 +112,3 @@ Cryptee предлагает 100 МБ хранилища бесплатно, а - Функции локального резервного копирования/синхронизации должны поддерживать шифрование. - Облачные платформы должны поддерживать обмен документами. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/os/android-overview.md b/i18n/ru/os/android-overview.md index 5e279802..97b44e98 100644 --- a/i18n/ru/os/android-overview.md +++ b/i18n/ru/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! note + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/os/linux-overview.md b/i18n/ru/os/linux-overview.md index b5216b30..f7ed6c27 100644 --- a/i18n/ru/os/linux-overview.md +++ b/i18n/ru/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: fontawesome/brands/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/os/qubes-overview.md b/i18n/ru/os/qubes-overview.md index c2c5edb2..0f51cc85 100644 --- a/i18n/ru/os/qubes-overview.md +++ b/i18n/ru/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: pg/qubes-os +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/passwords.md b/i18n/ru/passwords.md index 673abbdf..eaf6cf4a 100644 --- a/i18n/ru/passwords.md +++ b/i18n/ru/passwords.md @@ -1,6 +1,7 @@ --- title: "Менеджеры паролей" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Менеджеры паролей позволяют безопасно хранить и управлять паролями и другими данными с помощью мастер-пароля. @@ -226,5 +227,3 @@ KeePassXC хранит экспортированные данные в виде Мы пока работаем над установлением определенных критериев для каждого раздела нашего сайта, и они могут поменяться в будущем. Если у вас есть вопросы по поводу наших критериев, пожалуйста, [задавайте их на нашем форуме](https://discuss.privacyguides.net/latest) и не думайте, что мы не учли что-то при составлении наших рекомендаций, если это не указано здесь. Мы учитываем и обсуждаем много факторов, перед тем как рекомендовать какой-то проект, и документирование каждого из них ещё не завершено. - Программа должна быть кроссплатформенной. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/productivity.md b/i18n/ru/productivity.md index 978ff34e..948919ce 100644 --- a/i18n/ru/productivity.md +++ b/i18n/ru/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/real-time-communication.md b/i18n/ru/real-time-communication.md index 555abdff..989f6799 100644 --- a/i18n/ru/real-time-communication.md +++ b/i18n/ru/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Мессенджеры" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -188,5 +189,3 @@ Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/router.md b/i18n/ru/router.md index aec4bd01..8fd062a2 100644 --- a/i18n/ru/router.md +++ b/i18n/ru/router.md @@ -1,6 +1,7 @@ --- title: "Прошивки для роутера" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Ниже приведены альтернативные операционные системы, которые могут использоваться на роутерах, точках доступа Wi-Fi и т. п. @@ -47,5 +48,3 @@ OPNsense был изначально разработан как форк [pfSen - Исходный код проекта должен быть открыт. - Проект должен регулярно обновляться. - Проект должен поддерживать широкий спектр устройств. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/search-engines.md b/i18n/ru/search-engines.md index d91197a1..42828131 100644 --- a/i18n/ru/search-engines.md +++ b/i18n/ru/search-engines.md @@ -1,6 +1,7 @@ --- title: "Поисковые системы" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Используйте поисковую систему, которая не строит рекламный профиль на основе ваших запросов. @@ -101,5 +102,3 @@ Startpage's majority shareholder is System1 who is an adtech company. We don't b - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/tools.md b/i18n/ru/tools.md index 67d18958..c6db2205 100644 --- a/i18n/ru/tools.md +++ b/i18n/ru/tools.md @@ -3,6 +3,7 @@ title: "Инструменты обеспечения приватности" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- Если вы ищете какое-либо решение, то в этом списке все аппаратные и программные средства, которые мы рекомендуем. Рекомендуемые инструменты для обеспечения приватности/конфиденциальности выбираются в первую очередь на основе функций безопасности с дополнительным акцентом на децентрализованные инструменты с открытым исходным кодом. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -99,9 +100,11 @@ For more details about each project, why they were chosen, and additional tips o
    -- ![Логотип Cryptee](assets/img/cloud/cryptee.svg#only-light){ .twemoji }![Логотип Cryptee](assets/img/cloud/cryptee-dark.svg#only-dark){ .twemoji } [Cryptee](cloud.md#cryptee) -- ![Логотип Nextcloud](assets/img/cloud/nextcloud.svg){ .twemoji } [Nextcloud (Самостоятельный хостинг)](cloud.md#nextcloud) -- ![Логотип Proton Drive](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) +- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) +- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) +- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
    @@ -212,6 +215,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Подробнее :hero-arrow-circle-right-fill:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
    + +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
    + +[Подробнее :hero-arrow-circle-right-fill:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
    + +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
    + +[Подробнее :hero-arrow-circle-right-fill:](financial-services.md#gift-card-marketplaces) + ### Поисковые системы
    @@ -239,9 +265,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
    @@ -264,6 +290,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Подробнее :hero-arrow-circle-right-fill:](calendar.md) +### Cryptocurrency + +
    + +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
    + +[Подробнее :hero-arrow-circle-right-fill:](cryptocurrency.md) + ### Инструменты для шифрования
    @@ -450,5 +486,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    [Подробнее :hero-arrow-circle-right-fill:](video-streaming.md) - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/tor.md b/i18n/ru/tor.md index fdbb105d..2b25df12 100644 --- a/i18n/ru/tor.md +++ b/i18n/ru/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
    - ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
    Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
    -
    - -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -126,5 +121,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/video-streaming.md b/i18n/ru/video-streaming.md index 85a5d513..99c85456 100644 --- a/i18n/ru/video-streaming.md +++ b/i18n/ru/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Видеохостинги" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- Основная угроза при использовании платформ потокового видео заключается в том, что ваши интересы и списки подписчиков могут быть использованы чтобы отслеживать вас. Вам следует сочетать эти инструменты с [VPN](/vpn) или [Tor](https://www.torproject.org/), чтобы усложнить отслеживание вашего использования. @@ -46,5 +47,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/ru/vpn.md b/i18n/ru/vpn.md index 65da3db3..8ca2e1a6 100644 --- a/i18n/ru/vpn.md +++ b/i18n/ru/vpn.md @@ -1,11 +1,20 @@ --- -title: "VPN сервисы" +title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Найдите VPN-оператора, который не занимается продажей или чтением вашего веб-трафика. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPN не обеспечивает анонимность" +
    + +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
    + +!!! danger "VPN не обеспечивает анонимность" Использование VPN **не обеспечивает** анонимность ваших привычек при просмотре веб-страниц, а также **не прибавляет** безопасности при использовании незащищенного (HTTP) трафика. @@ -15,78 +24,11 @@ icon: material/vpn [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? info "Когда полезны VPN сервисы?" - - Если вам нужна дополнительная **приватность** от вашего провайдера, в публичных сетях Wi-Fi или во время скачивания торрентов, VPN может быть правильным решением для вас, если вы понимаете связанные с этим риски. - - [Подробнее](#vpn-overview){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Рекомендованные провайдеры -!!! example "Критерии" - - Рекомендуемые нами провайдеры находятся за пределами США, используют шифрование, принимают Monero, поддерживают WireGuard и OpenVPN и не сохраняют логи вашего трафика. Для дополнительной информации ознакомьтесь с нашим [полным списком критериев](#our-criteria). - -### Mullvad - -!!! recommendation annotate - - ![Логотип Mullvad](/assets/img/vpn/mullvad.svg#only-light){ align=right } - ![Логотип Mullvad](/assets/img/vpn/mullvad-dark.svg#only-dark){ align=right } - - **Mullvad** - это быстрый и недорогой VPN с серьезным акцентом на прозрачность и безопасность. Они работают с **2009 года**. - - Mullvad базируется в Швеции и не имеет бесплатной пробной версии. downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? check "35 Стран" - - На момент написания этой страницы Mullvad имеет [серверы в 35 странах](https://mullvad.net/en/servers/). Выбор VPN-провайдера с ближайшим к вам сервером позволит снизить задержку передаваемого вами сетевого трафика. Это происходит из-за более короткого маршрута (меньше промежуточных серверов) до пункта назначения. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? check "Независимо проверены" - - VPN-клиенты Mullvad были проверены компаниями Cure53 и Assured AB в отчете по пентесту [опубликовано на сайте cure53.de] (https://cure53.de/pentest-report_mullvad_v2.pdf). Исследователи безопасности заключили: - - > Cure53 и Assured AB довольны результатами аудита, и программное обеспечение оставляет общее положительное впечатление. Учитывая преданность безопасности в команде Mullvad VPN, проверяющие не сомневаются, что проект находится на правильном пути с точки зрения безопасности. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? check "Клиенты с открытым исходным кодом" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? check "Принимает наличные" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? check "Поддержка WireGuard" - - Mullvad поддерживает протокол WireGuard®. [WireGuard](https://www.wireguard.com)[^1] - это более новый протокол, использующий самую современную [криптографию](https://www.wireguard.com/protocol/). Кроме того, WireGuard стремится быть более простым и производительным. - - Mullvad [рекомендует](https://mullvad.net/en/help/why-wireguard/) использовать WireGuard в их продукте. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Рекомендуемые нами провайдеры находятся за пределами США, используют шифрование, принимают Monero, поддерживают WireGuard и OpenVPN и не сохраняют логи вашего трафика. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -104,43 +46,44 @@ icon: material/vpn - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? check "Независимо проверены" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Выбор VPN-провайдера с ближайшим к вам сервером позволит снизить задержку передаваемого вами сетевого трафика. Это происходит из-за более короткого маршрута (меньше промежуточных серверов) до пункта назначения. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Это происходит из-за более короткого маршрута (меньше промежуточных серверов) до пункта назначения. +{ .annotate } 1. Last checked: 2022-09-16 -??? check "Независимо проверены" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? check "Клиенты с открытым исходным кодом" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? check "Принимает наличные" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? check "Поддержка WireGuard" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com)[^1] - это более новый протокол, использующий самую современную [криптографию](https://www.wireguard.com/protocol/). Кроме того, WireGuard стремится быть более простым и производительным. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Кроме того, WireGuard стремится быть более простым и производительным. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -165,55 +108,118 @@ icon: material/vpn - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? check "Независимо проверены" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Выбор VPN-провайдера с ближайшим к вам сервером позволит снизить задержку передаваемого вами сетевого трафика. Это происходит из-за более короткого маршрута (меньше промежуточных серверов) до пункта назначения. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Это происходит из-за более короткого маршрута (меньше промежуточных серверов) до пункта назначения. +{ .annotate } 1. Last checked: 2023-01-19 -??? check "Независимо проверены" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. \[WireGuard\](https://www.wireguard.com)\[^1] - это более новый протокол, использующий самую современную [криптографию\](https://www.wireguard.com/protocol/). + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Кроме того, WireGuard стремится быть более простым и производительным. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Mullvad + +!!! recommendation annotate + + ![Логотип Mullvad](/assets/img/vpn/mullvad.svg#only-light){ align=right } + ![Логотип Mullvad](/assets/img/vpn/mullvad-dark.svg#only-dark){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Mullvad** - это быстрый и недорогой VPN с серьезным акцентом на прозрачность и безопасность. Они работают с **2009 года**. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + Mullvad базируется в Швеции и не имеет бесплатной пробной версии. downloads - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. - - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? check "Клиенты с открытым исходным кодом" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Это происходит из-за более короткого маршрута (меньше промежуточных серверов) до пункта назначения. +{ .annotate } -??? check "Принимает наличные" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. [WireGuard](https://www.wireguard.com)[^1] - это более новый протокол, использующий самую современную [криптографию](https://www.wireguard.com/protocol/). +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? check "Поддержка WireGuard" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com)[^1] - это более новый протокол, использующий самую современную [криптографию](https://www.wireguard.com/protocol/). Кроме того, WireGuard стремится быть более простым и производительным. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +VPN-клиенты Mullvad были проверены компаниями Cure53 и Assured AB в отчете по пентесту \[опубликовано на сайте cure53.de\] (https://cure53.de/pentest-report_mullvad_v2.pdf). Исследователи безопасности заключили: -??? check "Поддержка WireGuard" +> Cure53 и Assured AB довольны результатами аудита, и программное обеспечение оставляет общее положительное впечатление. Учитывая преданность безопасности в команде Mullvad VPN, проверяющие не сомневаются, что проект находится на правильном пути с точки зрения безопасности. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Remote Port Forwarding" +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +#### :material-check:{ .pg-green } Accepts Cash -??? success "Mobile Clients" +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +#### :material-check:{ .pg-green } WireGuard Support -??? info "Additional Functionality" +Mullvad поддерживает протокол WireGuard®. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Кроме того, WireGuard стремится быть более простым и производительным. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. + +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -248,13 +254,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -312,5 +318,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.ru.txt" diff --git a/i18n/sv/404.md b/i18n/sv/404.md index 9b7b3198..25c1c780 100644 --- a/i18n/sv/404.md +++ b/i18n/sv/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Not Found @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/CODE_OF_CONDUCT.md b/i18n/sv/CODE_OF_CONDUCT.md index 88a0e910..e7f92a8b 100644 --- a/i18n/sv/CODE_OF_CONDUCT.md +++ b/i18n/sv/CODE_OF_CONDUCT.md @@ -1,53 +1,53 @@ -# Community Code of Conduct +# Gemenskapens uppförandekod -**We pledge** to make our community a harassment-free experience for everyone. +**Vi lovar** att göra vår community till en upplevelse utan trakasserier för alla. -**We strive** to create a positive environment, using welcoming and inclusive language, and being respectful of the viewpoints of others. +**Vi strävar** efter att skapa en positiv miljö genom att använda ett välkomnande och inkluderande språk och genom att respektera andras åsikter. -**We do not allow** inappropriate or otherwise unacceptable behavior, such as sexualized language, trolling and insulting comments, or otherwise promoting intolerance or harassment. +**Vi tillåter inte** olämpligt eller på annat sätt oacceptabelt beteende, t. ex. sexualiserat språk, trollande och förolämpande kommentarer eller annat som främjar intolerans eller trakasserier. -## Community Standards +## Gemenskapsnormer -What we expect from members of our communities: +Vad vi förväntar oss av medlemmarna i våra samhällen: -1. **Don't spread misinformation** +1. **Sprid inte felaktig information** - We are creating an evidence-based educational community around information privacy and security, not a home for conspiracy theories. For example, when making a claim that a certain piece of software is malicious or that certain telemetry data is privacy invasive, explain in detail what is collected and how it collected. Claims of this nature must be backed by technical evidence. + Vi skapar en evidensbaserad utbildningsgemenskap kring sekretess och säkerhet, inte ett hem för konspirationsteorier. Om du till exempel hävdar att en viss programvara är skadlig eller att vissa telemetriuppgifter inkräktar på privatlivet, förklara i detalj vad som samlas in och hur det sker. Påståenden av detta slag måste stödjas av tekniska bevis. -1. **Don't abuse our willingness to help** +1. **Missbruka inte vår vilja att hjälpa till** - Our community members are not your free tech support. We are happy to help you with specific steps on your privacy journey if you are willing to put in effort on your end. We are not willing to answer endlessly repeated questions about generic computer problems you could have answered yourself with a 30-second internet search. Don't be a [help vampire](https://slash7.com/2006/12/22/vampires/). + Våra medlemmar är inte gratis teknisk support. Vi hjälper dig gärna med specifika steg på din integritetsresa om du är villig att anstränga dig från din sida. Vi är inte villiga att svara på oändligt upprepade frågor om generiska datorproblem som du skulle ha kunnat besvara själv med en 30-sekunders sökning på internet. Var inte en [hjälp vampyr](https://slash7.com/2006/12/22/vampires/). -1. **Behave in a positive and constructive manner** +1. **Uppför dig på ett positivt och konstruktivt sätt** - Examples of behavior that contributes to a positive environment for our community include: + Exempel på beteende som bidrar till en positiv miljö för vårt samhälle är: - - Demonstrating empathy and kindness toward other people - - Being respectful of differing opinions, viewpoints, and experiences - - Giving and gracefully accepting constructive feedback - - Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience - - Focusing on what is best not just for us as individuals, but for the overall community + - Visa empati och vänlighet mot andra människor + - Respektera olika åsikter, synpunkter och erfarenheter + - Ge och acceptera konstruktiv feedback på ett elegant sätt + - Att ta ansvar och be om ursäkt till dem som drabbats av våra misstag och lära sig av erfarenheten + - Fokusera på vad som är bäst, inte bara för oss som individer utan för hela samhället -### Unacceptable Behavior +### Oacceptabelt beteende -The following behaviors are considered harassment and are unacceptable within our community: +Följande beteenden betraktas som trakasserier och är oacceptabla inom vår community: -- The use of sexualized language or imagery, and sexual attention or advances of any kind -- Trolling, insulting or derogatory comments, and personal or political attacks -- Public or private harassment -- Publishing others' private information, such as a physical or email address, without their explicit permission -- Other conduct which could reasonably be considered inappropriate in a professional setting +- Användning av sexualiserat språk eller bildspråk, och sexuell uppmärksamhet eller framsteg av något slag +- Trolling, förolämpande eller nedsättande kommentarer och personliga eller politiska attacker +- Offentliga eller privata trakasserier +- Publicera andras privata information, till exempel en fysisk eller e-postadress, utan deras uttryckliga tillstånd +- Annan handling som rimligen kan anses vara olämplig i en professionell tillställning -## Scope +## Omfattning -Our Code of Conduct applies within all project spaces, as well as when an individual is representing the Privacy Guides project in other communities. +Vår uppförandekod gäller inom alla projektutrymmen, samt när en individ representerar Privacy Guides-projektet i andra samhällen. -We are responsible for clarifying the standards of our community, and have the right to remove or alter the comments of those participating within our community, as necessary and at our discretion. +Vi är ansvariga för att klargöra normerna för vår community och har rätt att ta bort eller ändra kommentarerna från dem som deltar i vår community, efter behov och efter eget gottfinnande. -### Contact +### Kontakt -If you observe a problem on a platform like Matrix or Reddit, please contact our moderators on that platform in chat, via DM, or through any designated "Modmail" system. +Om du observerar ett problem på en plattform som Matrix eller Reddit kan du kontakta våra moderatorer på den plattformen i chatt, via DM eller genom ett särskilt "Modmail"-system. -If you have a problem elsewhere, or a problem our community moderators are unable to resolve, reach out to `jonah@privacyguides.org` and/or `dngray@privacyguides.org`. +Om du har ett problem någon annanstans, eller ett problem som våra moderatorer inte kan lösa, kan du vända dig till `jonah@privacyguides.org` och/eller `dngray@privacyguides.org`. -All community leaders are obligated to respect the privacy and security of the reporter of any incident. +Alla samhällsledare är skyldiga att respektera privatlivet och säkerheten för reportern för varje incident. diff --git a/i18n/sv/about/criteria.md b/i18n/sv/about/criteria.md index ec789f80..c0c83301 100644 --- a/i18n/sv/about/criteria.md +++ b/i18n/sv/about/criteria.md @@ -1,42 +1,40 @@ --- -title: General Criteria +title: Allmänna kriterier --- -!!! example "Work in Progress" +!!! exempel "Pågående arbete" - The following page is a work in progress, and does not reflect the full criteria for our recommendations at this time. Past discussion on this topic: [#24](https://github.com/privacyguides/privacyguides.org/discussions/24) + Följande sida är ett pågående arbete och återspeglar för närvarande inte alla kriterier för våra rekommendationer. Tidigare diskussion om detta ämne: [#24](https://github.com/privacyguides/privacyguides.org/discussions/24) -Below are some things that must apply to all submissions to Privacy Guides. Each category will have additional requirements for inclusion. +Nedan följer några saker som måste gälla för alla inlagor till integritetsguider. Varje kategori kommer att ha ytterligare krav för inkludering. -## Financial Disclosure +## Finansiell information -We do not make money from recommending certain products, we do not use affiliate links, and we do not provide special consideration to project donors. +Vi tjänar inga pengar på att rekommendera vissa produkter, vi använder inga affiliate-länkar och vi ger inga särskilda överväganden till projektdonatorer. -## General Guidelines +## Allmänna riktlinjer -We apply these priorities when considering new recommendations: +Vi tillämpar dessa prioriteringar när vi överväger nya rekommendationer: -- **Secure**: Tools should follow security best-practices wherever applicable. -- **Source Availability**: Open source projects are generally preferred over equivalent proprietary alternatives. -- **Cross-Platform**: We typically prefer recommendations to be cross-platform, to avoid vendor lock-in. -- **Active Development**: The tools that we recommend should be actively developed, unmaintained projects will be removed in most cases. -- **Usability**: Tools should be accessible to most computer users, an overly technical background should not be required. -- **Documented**: Tools should have clear and extensive documentation for use. +- **Säker**: Verktyg bör följa bästa säkerhetspraxis där det är tillämpligt. +- **Källa Tillgänglighet**: Projekt med öppen källkod föredras i allmänhet framför likvärdiga proprietära alternativ. +- **Plattformsoberoende**: Vi föredrar vanligtvis att rekommendationerna är plattformsoberoende för att undvika leverantörslåsning. +- **Aktiv utveckling**: De verktyg som vi rekommenderar bör vara aktivt utvecklade, ounderhållna projekt kommer i de flesta fall att tas bort. +- **Användbarhet**: Verktyg bör vara tillgängliga för de flesta datoranvändare, en alltför teknisk bakgrund bör inte krävas. +- **Dokumenterad**: Verktyg ska ha tydlig och omfattande dokumentation för användning. -## Developer Self-Submissions +## Utvecklarens självinlämningar -We have these requirements in regard to developers which wish to submit their project or software for consideration. +Vi har dessa krav på utvecklare som vill lämna in sitt projekt eller sin programvara för bedömning. -- Must disclose affiliation, i.e. your position within the project being submitted. +- Måste uppge tillhörighet, det vill säga din position inom projektet som lämnas in. -- Must have a security whitepaper if it is a project that involves handling of sensitive information like a messenger, password manager, encrypted cloud storage etc. - - Third party audit status. We want to know if you have one, or have one planned. If possible please mention who will be conducting the audit. +- Måste ha ett säkerhetsdokument om det är ett projekt som innebär hantering av känslig information som en budbärare, lösenordshanterare, krypterad molnlagring etc. + - Tredje parts revisionsstatus. Vi vill veta om du har en sådan, eller om du har en planerad sådan. Om möjligt, ange vem som kommer att genomföra revisionen. -- Must explain what the project brings to the table in regard to privacy. - - Does it solve any new problem? - - Why should anyone use it over the alternatives? +- Måste förklara vad projektet tillför när det gäller integritetsskydd. + - Löser det något nytt problem? + - Varför skulle någon använda det framför alternativen? -- Must state what the exact threat model is with their project. - - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.sv.txt" +- Måste ange vilken exakt hotmodell som gäller för deras projekt. + - Det bör vara tydligt för potentiella användare vad projektet kan erbjuda och vad det inte kan erbjuda. diff --git a/i18n/sv/about/donate.md b/i18n/sv/about/donate.md index 155097ab..8accd67a 100644 --- a/i18n/sv/about/donate.md +++ b/i18n/sv/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/about/index.md b/i18n/sv/about/index.md index b91ba857..f7bec6c2 100644 --- a/i18n/sv/about/index.md +++ b/i18n/sv/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides är en socialt motiverad webbplats som ger information om hur du skyddar din datasäkerhet och integritet. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides-logotyp](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** är en socialt motiverad webbplats som tillhandahåller [information](/kb) för att skydda din datasäkerhet och integritet. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Vår webbplats är fri från reklam och är inte ansluten till någon av de listade leverantörerna. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Källkod" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +Syftet med Privacy Guides är att utbilda vårt samhälle om vikten av integritet på nätet och om regeringsprogram internationellt som är utformade för att övervaka alla dina aktiviteter på nätet. + +> För att hitta [integritetsfokuserade alternativ] appar, kolla in sajter som Goda Rapporter och **integritetsguider**, som lista sekretessfokuserade appar i en mängd olika kategorier, särskilt inklusive e-postleverantörer (vanligtvis på betalda planer) som inte drivs av de stora teknikföretag. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) [Översatt från engelska] + +> Om du letar efter en ny VPN kan du gå till rabattkoden för nästan alla poddar. Om du letar efter en **bra** VPN behöver du professionell hjälp. Samma sak gäller för e-postklienter, webbläsare, operativsystem och lösenordshanterare. Hur vet du vilket av dessa alternativ som är det bästa och mest integritetsvänliga? För det finns **Sekretessguider**, en plattform där ett antal volontärer söker dag i, dag ut för de bästa integritetsvänliga verktyg att använda på internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Översatt från nederländska] + +Finns även på: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], och [trådbunden](https://www.wired.com/story/firefox-mozilla-2022/). + +## Historik + +Privacy Guides lanserades i september 2021 som en fortsättning på [nedlagda](privacytools.md) "PrivacyTools" projekt med öppen källkod. Vi insåg vikten av oberoende, kriteriefokuserade produktrekommendationer och allmän kunskap inom integritetsområdet, och därför behövde vi bevara det arbete som skapats av så många bidragsgivare sedan 2015 och se till att informationen hade ett stabilt hem på webben på obestämd tid. + +År 2022, avslutade vi övergången av vår huvudsakliga webbplats ramverk från Jekyll till MkDocs, med `mkdocs-material` dokumentation programvara. Den här ändringen gjorde det betydligt enklare för utomstående att bidra med öppen källkod till vår webbplats, eftersom det nu är lika enkelt att bidra som att skriva ett standarddokument i Markdown som att kunna en komplicerad syntax för att skriva inlägg på ett effektivt sätt. + +Dessutom lanserade vi vårt nya diskussionsforum på [discuss.privacyguides.net](https://discuss.privacyguides.net/) som en gemenskapsplattform för att dela idéer och ställa frågor om vårt uppdrag. Detta förstärker vår befintliga gemenskap på Matrix, och ersatte vår tidigare GitHub diskussionsplattform, vilket minskar vårt beroende av egna diskussionsplattformar. + +Hittills i 2023 har vi lanserat internationella översättningar av vår webbplats i [Franska](/fr/), [Hebreiska](/he/), och [Holländska](/nl/), med fler språk på vägen, möjliggörs av vår utmärkta översättningsteam på [Crowdin](https://crowdin.com/project/privacyguides). Vi planerar att fortsätta vårt uppdrag att sprida och utbilda och hitta sätt att tydligare belysa farorna med bristande medvetenhet om integritet i den moderna digitala tidsåldern, samt förekomsten och skadorna av säkerhetsöverträdelser i hela teknikbranschen. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. Du kan också göra det, vi har öppen källkod på GitHub och tar emot översättningsförslag på [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donationer till Privacy Guides är i allmänhet avdragsgilla i USA. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/about/notices.md b/i18n/sv/about/notices.md index 035d43a1..bb32edd5 100644 --- a/i18n/sv/about/notices.md +++ b/i18n/sv/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/about/privacy-policy.md b/i18n/sv/about/privacy-policy.md index 629e87f6..26c668d1 100644 --- a/i18n/sv/about/privacy-policy.md +++ b/i18n/sv/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/about/privacytools.md b/i18n/sv/about/privacytools.md index c308bf63..35d4ce42 100644 --- a/i18n/sv/about/privacytools.md +++ b/i18n/sv/about/privacytools.md @@ -1,10 +1,10 @@ --- -title: "PrivacyTools FAQ" +title: "Vanliga frågor om PrivacyTools" --- -# Why we moved on from PrivacyTools +# Varför vi gick vidare från PrivacyTools -In September 2021, every active contributor unanimously agreed to move from PrivacyTools to work on this site: Privacy Guides. This decision was made because PrivacyTools’ founder and controller of the domain name had disappeared for an extended period of time and could not be contacted. +I september 2021 kom alla aktiva medarbetare enhälligt överens om att flytta från PrivacyTools till den här webbplatsen: Sekretessguider. This decision was made because PrivacyTools’ founder and controller of the domain name had disappeared for an extended period of time and could not be contacted. Having built a reputable site and set of services on PrivacyTools.io, this caused grave concerns for the future of PrivacyTools, as any future disruption could wipe out the entire organization with no recovery method. This transition was communicated to the PrivacyTools community many months in advance via a variety of channels including its blog, Twitter, Reddit, and Mastodon to ensure the entire process went as smoothly as possible. We did this to ensure nobody was kept in the dark, which has been our modus operandi since our team was created, and to make sure Privacy Guides was recognized as the same reliable organization that PrivacyTools was before the transition. @@ -56,32 +56,32 @@ This change [entailed:](https://www.reddit.com/r/PrivacyGuides/comments/pnhn4a/r - Redirecting www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). - Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site. -- Posting announcements to our subreddit and various other communities informing people of the official change. -- Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible. +- Publicera meddelanden på vår subreddit och i andra forum för att informera om den officiella ändringen. +- Formellt stänga tjänsterna på privacytools.io, som Matrix och Mastodon, och uppmana befintliga användare att flytta över så snart som möjligt. -Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped. +Allt verkade gå smidigt och de flesta av våra aktiva medlemmar gick över till vårt nya projekt precis som vi hoppades. -## Following Events +## Följande händelser -Roughly a week following the transition, BurungHantu returned online for the first time in nearly a year, however nobody on our team was willing to return to PrivacyTools because of his historic unreliability. Rather than apologize for his prolonged absence, he immediately went on the offensive and positioned the transition to Privacy Guides as an attack against him and his project. He subsequently [deleted](https://www.reddit.com/r/privacytoolsIO/comments/pp9yie/comment/hd49wbn) many of these posts when it was pointed out by the community that he had been absent and abandoned the project. +Ungefär en vecka efter övergången återkom BurungHantu online för första gången på nästan ett år, men ingen i vårt team var villig att återvända till PrivacyTools på grund av hans historiska opålitlighet. Istället för att be om ursäkt för sin långa frånvaro gick han omedelbart till offensiv och såg övergången till Privacy Guides som ett angrepp mot honom och hans projekt. Därefter raderade han [](https://www.reddit.com/r/privacytoolsIO/comments/pp9yie/comment/hd49wbn) många av dessa inlägg när gemenskapen påpekade att han hade varit frånvarande och övergivit projektet. -At this point, BurungHantu claimed he wanted to continue working on privacytools.io on his own and requested that we remove the redirect from www.privacytools.io to [www.privacyguides.org](https://www.privacyguides.org). We obliged and requested that he keep the subdomains for Matrix, Mastodon, and PeerTube active for us to run as a public service to our community for at least a few months, in order to allow users on those platforms to easily migrate to other accounts. Due to the federated nature of the services we provided, they were tied to specific domain names making it very difficult to migrate (and in some cases impossible). +BurungHantu hävdade att han ville fortsätta att arbeta med privacytools.io på egen hand och bad oss ta bort omdirigeringen från www.privacytools.io till [www.privacyguides.org](https://www.privacyguides.org). Vi gick med på det och bad honom att hålla subdomänerna för Matrix, Mastodon och PeerTube aktiva så att vi kan köra dem som en offentlig tjänst för vår gemenskap under åtminstone några månader, så att användare på dessa plattformar enkelt kan flytta över till andra konton. På grund av den federerade karaktären hos de tjänster vi tillhandahöll var de bundna till specifika domännamn, vilket gjorde det mycket svårt att migrera (och i vissa fall omöjligt). -Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were [cut off](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) at the beginning of October, ending any migration possibilities to any users still using those services. +Eftersom BurungHantu inte fick tillbaka kontrollen över underreddit r/privacytoolsIO när han begärde det (mer information nedan), stängdes dessa underdomäner tyvärr av från [](https://www.reddit.com/r/PrivacyGuides/comments/pymthv/comment/hexwrps/) i början av oktober, vilket innebar att alla användare som fortfarande använde dessa tjänster inte längre hade möjlighet att flytta. -Following this, BurungHantu made false accusations about Jonah stealing donations from the project. BurungHantu had over a year since the alleged incident occurred, and yet he never made anyone aware of it until after the Privacy Guides migration. BurungHantu has been repeatedly asked for proof and to comment on the reason for his silence by the team [and the community](https://twitter.com/TommyTran732/status/1526153536962281474), and has not done so. +BurungHantu gjorde därefter falska anklagelser om att Jonah skulle ha stulit donationer från projektet. BurungHantu hade över ett år på nacken sedan den påstådda händelsen inträffade, men han informerade aldrig någon om den förrän efter att Privacy Guides migration hade genomförts. BurungHantu har upprepade gånger ombetts av teamet [och gemenskapen](https://twitter.com/TommyTran732/status/1526153536962281474)att lämna bevis och att kommentera orsaken till sin tystnad, men han har inte gjort det. -BurungHantu also made a [twitter post](https://twitter.com/privacytoolsIO/status/1510560676967710728) alleging that an "attorney" had reached out to him on Twitter and was providing advice, in another attempt to bully us into giving him control of our subreddit, and as part of his smear campaign to muddy the waters surrounding the launch of Privacy Guides while pretending to be a victim. +BurungHantu gjorde också ett twitterinlägg på [](https://twitter.com/privacytoolsIO/status/1510560676967710728) där han påstod att en "advokat" hade kontaktat honom på Twitter och gav honom råd, i ett annat försök att tvinga oss att ge honom kontroll över vår subreddit, och som en del av hans smutskastningskampanj för att fördunkla vattnet kring lanseringen av Privacy Guides samtidigt som han låtsas vara ett offer. -## PrivacyTools.io Now +## PrivacyTools.io nu -As of September 25th 2022 we are seeing BurungHantu's overall plans come to fruition on privacytools.io, and this is the very reason we decided to create this explainer page today. The website he is operating appears to be a heavily SEO-optimized version of the site which recommends tools in exchange for financial compensation. Very recently, IVPN and Mullvad, two VPN providers near-universally [recommended](../vpn.md) by the privacy community and notable for their stance against affiliate programs were removed from PrivacyTools. In their place? NordVPN, Surfshark, ExpressVPN, and hide.me; Giant VPN corporations with untrustworthy platforms and business practices, notorious for their aggressive marketing and affiliate programs. +Sedan den 25 september 2022 ser vi hur BurungHantus övergripande planer förverkligas på privacytools.io, och det är just därför som vi beslutade att skapa den här förklarande sidan idag. Den webbplats som han driver verkar vara en starkt SEO-optimerad version av den webbplats som rekommenderar verktyg i utbyte mot ekonomisk ersättning. Nyligen togs IVPN och Mullvad, två VPN-leverantörer som nästan alla rekommenderar [](../vpn.md) av integritetsgruppen och som är kända för sin inställning till affiliateprogram, bort från PrivacyTools. I deras ställe? NordVPN, Surfshark, ExpressVPN och hide.me: Stora VPN-företag med opålitliga plattformar och affärsmetoder som är ökända för sin aggressiva marknadsföring och sina affiliateprogram. -==**PrivacyTools has become exactly the type of site we [warned against](https://web.archive.org/web/20210729205249/https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews/) on the PrivacyTools blog in 2019.**== We've tried to keep our distance from PrivacyTools since the transition, but their continued harassment towards our project and now their absurd abuse of the credibility their brand gained over 6 years of open source contributions is extremely troubling to us. Those of us actually fighting for privacy are not fighting against each other, and are not getting our advice from the highest bidder. +==**PrivacyTools har blivit exakt den typ av webbplats som vi [varnade för](https://web.archive.org/web/20210729205249/https://blog.privacytools.io/the-trouble-with-vpn-and-privacy-reviews/) på bloggen PrivacyTools 2019.**== Vi har försökt att hålla oss på avstånd från PrivacyTools sedan övergången, men deras fortsatta trakasserier mot vårt projekt och nu deras absurda missbruk av den trovärdighet som deras varumärke har fått under 6 år av bidrag till öppen källkod är extremt oroande för oss. De av oss som faktiskt kämpar för integritet kämpar inte mot varandra och får inte råd från den högstbjudande. -## r/privacytoolsIO Now +## privacyTools. io nu -After the launch of [r/PrivacyGuides](https://www.reddit.com/r/privacyguides), it was impractical for u/trai_dep to continue moderating both subreddits, and with the community on-board with the transition, r/privacytoolsIO was [made](https://www.reddit.com/r/privacytoolsIO/comments/qk7qrj/a_new_era_why_rptio_is_now_a_restricted_sub/) a restricted sub in a post on November 1st, 2021: +Efter lanseringen av [r/PrivacyGuides](https://www.reddit.com/r/privacyguides)blev det opraktiskt för u/trai_dep att fortsätta moderera båda underredaktionerna, och eftersom gemenskapen var med på övergången gjordes r/privacytoolsIO [till](https://www.reddit.com/r/privacytoolsIO/comments/qk7qrj/a_new_era_why_rptio_is_now_a_restricted_sub/) en begränsad underredaktion i ett inlägg den 1 november 2021: > [...] The growth of this Sub was the result of great effort, across several years, by the PrivacyGuides.org team. And by every one of you. > @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/about/services.md b/i18n/sv/about/services.md index 373bdf6a..71f2c95b 100644 --- a/i18n/sv/about/services.md +++ b/i18n/sv/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/about/statistics.md b/i18n/sv/about/statistics.md index 6ec66006..8f17240c 100644 --- a/i18n/sv/about/statistics.md +++ b/i18n/sv/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/advanced/communication-network-types.md b/i18n/sv/advanced/communication-network-types.md index 5dbefe14..1f07a2c4 100644 --- a/i18n/sv/advanced/communication-network-types.md +++ b/i18n/sv/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/advanced/dns-overview.md b/i18n/sv/advanced/dns-overview.md index 5c63c550..b47af280 100644 --- a/i18n/sv/advanced/dns-overview.md +++ b/i18n/sv/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/advanced/payments.md b/i18n/sv/advanced/payments.md new file mode 100644 index 00000000..6758c2a2 --- /dev/null +++ b/i18n/sv/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! fara + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/sv/advanced/tor-overview.md b/i18n/sv/advanced/tor-overview.md index d28cfc70..77f2ebfe 100644 --- a/i18n/sv/advanced/tor-overview.md +++ b/i18n/sv/advanced/tor-overview.md @@ -1,29 +1,30 @@ --- -title: "Tor Overview" +title: "Tor Översikt" icon: 'simple/torproject' +description: Tor är ett decentraliserat nätverk som är gratis att använda och som är utformat för att använda internet med så mycket integritet som möjligt. --- -Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. +Tor är ett decentraliserat nätverk som är gratis att använda och som är utformat för att använda internet med så mycket integritet som möjligt. Om nätverket används på rätt sätt möjliggör det privat och anonym surfning och kommunikation. -## Path Building +## Vägbyggnad -Tor works by routing your traffic through a network comprised of thousands of volunteer-run servers called nodes (or relays). +Tor fungerar genom att din trafik dirigeras genom ett nätverk bestående av tusentals servrar som drivs av frivilliga och som kallas noder (eller reläer). -Every time you connect to Tor, it will choose three nodes to build a path to the internet—this path is called a "circuit." Each of these nodes has its own function: +Varje gång du ansluter till Tor kommer det att välja tre noder för att bygga en väg till internet - denna väg kallas en "krets" Var och en av dessa noder har sin egen funktion: -### The Entry Node +### Entrénod -The entry node, often called the guard node, is the first node to which your Tor client connects. The entry node is able to see your IP address, however it is unable to see what you are connecting to. +Ingångsnoden, ofta kallad guard-noden, är den första noden som din Tor-klient ansluter till. Ingångsnoden kan se din IP-adress, men den kan inte se vad du ansluter till. -Unlike the other nodes, the Tor client will randomly select an entry node and stick with it for two to three months to protect you from certain attacks.[^1] +Till skillnad från andra noder väljer Tor-klienten slumpmässigt en ingångsnod och håller sig till den i två till tre månader för att skydda dig mot vissa attacker.[^1] -### The Middle Node +### Den mellersta noden -The middle node is the second node to which your Tor client connects. It can see which node the traffic came from—the entry node—and to which node it goes to next. The middle node cannot, see your IP address or the domain you are connecting to. +Den mellersta noden är den andra noden som din Tor-klient ansluter till. Den kan se vilken nod trafiken kom från - ingångsnoden - och vilken nod den går vidare till härnäst. Mellannoden kan inte se din IP-adress eller den domän du ansluter till. -For each new circuit, the middle node is randomly selected out of all available Tor nodes. +För varje ny krets väljs mittnoden slumpmässigt ut av alla tillgängliga Tor-noder. -### The Exit Node +### Entrénod The exit node is the point in which your web traffic leaves the Tor network and is forwarded to your desired destination. The exit node is unable to see your IP address, but it does know what site it's connecting to. @@ -61,21 +62,19 @@ Tor allows us to connect to a server without any single party knowing the entire Though Tor does provide strong privacy guarantees, one must be aware that Tor is not perfect: -- Well-funded adversaries with the capability to passively watch most network traffic over the globe have a chance of deanonymizing Tor users by means of advanced traffic analysis. Nor does Tor protect you from exposing yourself by mistake, such as if you share too much information about your real identity. -- Tor exit nodes can also monitor traffic that passes through them. This means traffic which is not encrypted, such as plain HTTP traffic, can be recorded and monitored. If such traffic contains personally identifiable information, then it can deanonymize you to that exit node. Thus, we recommend using HTTPS over Tor where possible. +- Välfinansierade motståndare som har möjlighet att passivt övervaka den mesta nätverkstrafiken över hela världen har en chans att avanonymisera Tor-användare med hjälp av avancerad trafikanalys. Tor skyddar dig inte heller från att avslöja dig själv av misstag, till exempel om du delar för mycket information om din verkliga identitet. +- Tor-utgångsnoderna kan också övervaka trafiken som passerar genom dem. Detta innebär att trafik som inte är krypterad, såsom vanlig HTTP-trafik, kan registreras och övervakas. Om sådan trafik innehåller personligt identifierbar information kan den avanonymisera dig till den utgångsnoden. Därför rekommenderar vi att du använder https över Tor där det är möjligt. -If you wish to use Tor for browsing the web, we only recommend the **official** Tor Browser—it is designed to prevent fingerprinting. +Om du vill använda Tor för att surfa på webben rekommenderar vi endast den officiella **** Tor Browser - den är utformad för att förhindra fingeravtryck. -- [Tor Browser :material-arrow-right-drop-circle:](../tor.md#tor-browser) +- [Läs mer :material-arrow-right-drop-circle:](../tor.md#tor-browser) -## Additional Resources +## Ytterligare resurser -- [Tor Browser User Manual](https://tb-manual.torproject.org) -- [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) -- [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) +- [Användarhandbok för Tor Browser](https://tb-manual.torproject.org) +- [Hur Tor fungerar - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) +- [Tor Lök Tjänster - Datorfil](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.sv.txt" +[^1]: Det första reläet i din krets kallas "entry guard" eller "guard". Det är ett snabbt och stabilt relä som förblir det första i din krets i 2-3 månader för att skydda mot en känd attack som bryter anonymiteten. Resten av din krets ändras med varje ny webbplats du besöker, och alla dessa reläer ger Tor: s fullständiga integritetsskydd. För mer information om hur skyddsreläer fungerar, se detta [blogginlägg](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) och [papper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) på ingångsvakter. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) -[^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) - -[^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) +[^2]: Reläflagga: en särskild (diskvalificering) av reläer för kretslägen (t.ex. "Guard", "Exit", "BadExit"), kretsegenskaper (t.ex. "Fast", "Stable") eller roller (t.ex. "Authority", "HSDir") som tilldelats av katalogmyndigheterna och som definieras ytterligare i specifikationen för katalogprotokollet. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/sv/android.md b/i18n/sv/android.md index 47be1987..9e5e839c 100644 --- a/i18n/sv/android.md +++ b/i18n/sv/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,14 +14,15 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems. -!!! note +!!! anmärkning End-of-life devices (such as GrapheneOS or CalyxOS's "extended support" devices) do not have full security patches (firmware updates) due to the OEM discontinuing support. These devices cannot be considered completely secure regardless of installed software. @@ -67,7 +69,7 @@ DivestOS implements some system hardening patches originally developed for Graph DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. -!!! warning +!!! varning DivestOS firmware update [status](https://gitlab.com/divested-mobile/firmware-empty/-/blob/master/STATUS) and quality control varies across the devices it supports. We still recommend GrapheneOS depending on your device's compatibility. For other devices, DivestOS is a good alternative. @@ -136,7 +138,7 @@ We recommend a wide variety of Android apps throughout this site. The apps liste - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.typeblog.shelter) -!!! warning +!!! varning Shelter is recommended over [Insular](https://secure-system.gitlab.io/Insular/) and [Island](https://github.com/oasisfeng/island) as it supports [contact search blocking](https://secure-system.gitlab.io/Insular/faq.html). @@ -201,7 +203,7 @@ Main privacy features include: - Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required - Microphone permission not required unless you want to record sound -!!! note +!!! anmärkning Metadata is not currently deleted from video files but that is planned. @@ -314,21 +316,21 @@ Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysof That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method. -!!! note +!!! anmärkning In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org/) is one example of this). If you really need an app like that, we recommend using [Neo Store](https://github.com/NeoApplications/Neo-Store/) instead of the official F-Droid app to obtain it. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Operating Systems +### Operativsystem -- Must be open-source software. +- Måste vara programvara med öppen källkod. - Must support bootloader locking with custom AVB key support. - Must receive major Android updates within 0-1 months of release. - Must receive Android feature updates (minor version) within 0-14 days of release. @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/assets/img/how-tor-works/tor-path-dark.svg b/i18n/sv/assets/img/how-tor-works/tor-path-dark.svg index 9002c9b1..7747be79 100644 --- a/i18n/sv/assets/img/how-tor-works/tor-path-dark.svg +++ b/i18n/sv/assets/img/how-tor-works/tor-path-dark.svg @@ -24,8 +24,8 @@ - Your - Device + Din + -enhet diff --git a/i18n/sv/assets/img/how-tor-works/tor-path.svg b/i18n/sv/assets/img/how-tor-works/tor-path.svg index cb53d8b1..c0612131 100644 --- a/i18n/sv/assets/img/how-tor-works/tor-path.svg +++ b/i18n/sv/assets/img/how-tor-works/tor-path.svg @@ -24,27 +24,27 @@ - Your - Device + Din + -enhet - Entry + Inträde - Middle + Inträde - Exit + Inträde - PrivacyGuides.org + Inträde diff --git a/i18n/sv/basics/account-creation.md b/i18n/sv/basics/account-creation.md index 90344981..522e4363 100644 --- a/i18n/sv/basics/account-creation.md +++ b/i18n/sv/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -27,7 +28,7 @@ There are usually multiple ways to sign up for an account, each with their own b The most common way to create a new account is by an email address and password. When using this method, you should use a password manager and follow [best practices](passwords-overview.md) regarding passwords. -!!! tip +!!! tips You can use your password manager to organize other authentication methods too! Just add the new entry and fill the appropriate fields, you can add notes for things like security questions or a backup key. @@ -45,7 +46,7 @@ Should a service get hacked, you might start receiving phishing or spam emails t ### Single sign-on -!!! note +!!! anmärkning We are discussing Single sign-on for personal use, not enterprise users. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/basics/account-deletion.md b/i18n/sv/basics/account-deletion.md index 04e64ab6..15faba7d 100644 --- a/i18n/sv/basics/account-deletion.md +++ b/i18n/sv/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -24,7 +25,7 @@ Desktop platforms also often have a password manager which may help you recover - iOS [Passwords](https://support.apple.com/en-us/HT211146) - Linux, Gnome Keyring, which can be accessed through [Seahorse](https://help.gnome.org/users/seahorse/stable/passwords-view.html.en) or [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager) -### Email +### E-postadress If you didn't use a password manager in the past or you think you have accounts that were never added to your password manager, another option is to search the email account(s) that you believe you signed up on. On your email client, search for keywords such as "verify" or "welcome." Almost every time you make an online account, the service will send a verification link or an introductory message to your email. This can be a good way to find old, forgotten accounts. @@ -38,26 +39,24 @@ When attempting to regain access, if the site returns an error message saying th ### GDPR (EEA residents only) -Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://www.gdpr.org/regulation/article-17.html) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. If the service does not respect your right to erasure, you can contact your national [Data Protection Authority](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) and you may be entitled to monetary compensation. +Residents of the EEA have additional rights regarding data erasure specified in [Article 17](https://www.gdpr.org/regulation/article-17.html) of the GDPR. If it's applicable to you, read the privacy policy for any given service to find information on how to exercise your right to erasure. Reading the privacy policy can prove important, as some services have a "Delete Account" option that only disables your account and for real deletion you have to take additional action. Sometimes actual deletion may involve filling out surveys, emailing the data protection officer of the service or even proving your residence in the EEA. If you plan to go this way, do **not** overwrite account information—your identity as an EEA resident may be required. Note that the location of the service does not matter; GDPR applies to anyone serving European users. Om tjänsten inte respekterar din rätt till radering kan du kontakta din nationella dataskyddsmyndighet [](https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en) och du kan ha rätt till ekonomisk kompensation. -### Overwriting Account information +### Överskrivning av kontoinformation -In some situations where you plan to abandon an account, it may make sense to overwrite the account information with fake data. Once you've made sure you can log in, change all the information in your account to falsified information. The reason for this is that many sites will retain information you previously had even after account deletion. The hope is that they will overwrite the previous information with the newest data you entered. However, there is no guarantee that there won't be backups with the prior information. +I vissa situationer där du planerar att överge ett konto kan det vara klokt att skriva över kontoinformationen med falska uppgifter. När du har sett till att du kan logga in kan du ändra all information i ditt konto till förfalskad information. Anledningen till detta är att många webbplatser kommer att behålla information som du tidigare hade även efter att kontot raderats. Förhoppningen är att de kommer att skriva över den tidigare informationen med de senaste uppgifterna du angav. Det finns dock ingen garanti för att det inte kommer att finnas säkerhetskopior med den tidigare informationen. -For the account email, either create a new alternate email account via your provider of choice or create an alias using an [email aliasing service](../email.md#email-aliasing-services). You can then delete your alternate email address once you are done. We recommend against using temporary email providers, as oftentimes it is possible to reactivate temporary emails. +För e-postkontot skapar du antingen ett nytt alternativt e-postkonto via din valfria leverantör eller skapar ett alias med hjälp av en e-postaliaseringstjänst på [](../email.md#email-aliasing-services). Du kan sedan ta bort din alternativa e-postadress när du är klar. Vi rekommenderar att du inte använder tillfälliga e-postleverantörer, eftersom det ofta är möjligt att återaktivera tillfälliga e-postmeddelanden. -### Delete +### Radera -You can check [JustDeleteMe](https://justdeleteme.xyz) for instructions on deleting the account for a specific service. Some sites will graciously have a "Delete Account" option, while others will go as far as to force you to speak with a support agent. The deletion process can vary from site to site, with account deletion being impossible on some. +Du kan kontrollera [JustDeleteMe](https://justdeleteme.xyz) för instruktioner om hur du tar bort kontot för en specifik tjänst. Vissa webbplatser har ett alternativ för att ta bort kontot, medan andra går så långt som att tvinga dig att prata med en supportmedarbetare. Raderingen kan variera från webbplats till webbplats, och på vissa webbplatser är det omöjligt att radera konton. -For services that don't allow account deletion, the best thing to do is falsify all your information as previously mentioned and strengthen account security. To do so, enable [MFA](multi-factor-authentication.md) and any extra security features offered. As well, change the password to a randomly-generated one that is the maximum allowed size (a [password manager](../passwords.md) can be useful for this). +För tjänster som inte tillåter radering av konton är det bästa du kan göra att förfalska all din information som tidigare nämnts och stärka kontosäkerheten. För att göra det, aktivera [MFA](multi-factor-authentication.md) och eventuella extra säkerhetsfunktioner som erbjuds. Ändra också lösenordet till ett slumpmässigt genererat lösenord som har den högsta tillåtna storleken (en lösenordshanterare [](../passwords.md) kan vara användbar för detta). -If you're satisfied that all information you care about is removed, you can safely forget about this account. If not, it might be a good idea to keep the credentials stored with your other passwords and occasionally re-login to reset the password. +Om du är nöjd med att all information du bryr dig om tas bort kan du säkert glömma det här kontot. Om inte kan det vara en bra idé att spara uppgifterna tillsammans med dina andra lösenord och ibland logga in igen för att återställa lösenordet. -Even when you are able to delete an account, there is no guarantee that all your information will be removed. In fact, some companies are required by law to keep certain information, particularly when related to financial transactions. It's mostly out of your control what happens to your data when it comes to websites and cloud services. +Även om du kan radera ett konto finns det ingen garanti för att all din information tas bort. Vissa företag är faktiskt skyldiga enligt lag att spara viss information, särskilt när det gäller finansiella transaktioner. Det är mestadels utom din kontroll vad som händer med dina data när det gäller webbplatser och molntjänster. -## Avoid New Accounts +## Undvik nya konton -As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.sv.txt" +Som det gamla talesättet säger: "Ett uns av förebyggande åtgärder är värt ett pund av botemedel" När du känner dig frestad att registrera dig för ett nytt konto, fråga dig själv, "Behöver jag verkligen det här? Kan jag uppnå det jag behöver utan ett konto?" Det kan ofta vara mycket svårare att radera ett konto än att skapa ett. Och även efter att du har raderat eller ändrat informationen på ditt konto kan det finnas en cachad version från en tredje part, till exempel [Internet Archive](https://archive.org/). Undvik frestelsen när du kan - ditt framtida jag kommer att tacka dig! diff --git a/i18n/sv/basics/common-misconceptions.md b/i18n/sv/basics/common-misconceptions.md index d9e4bd15..87fce017 100644 --- a/i18n/sv/basics/common-misconceptions.md +++ b/i18n/sv/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -44,7 +45,7 @@ One of the clearest threat models is one where people *know who you are* and one We don't suggest using a VPN or Tor for any of these things, as your identity is already known through other means. - !!! tip + !!! tips When shopping online, the use of a [parcel locker](https://en.wikipedia.org/wiki/Parcel_locker) can help keep your physical address private. @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.sv.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/sv/basics/common-threats.md b/i18n/sv/basics/common-threats.md index 0e6a456b..d01dc000 100644 --- a/i18n/sv/basics/common-threats.md +++ b/i18n/sv/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -22,128 +23,126 @@ Some of these threats may be more important to you than others, depending on you Anonymity is often confused with privacy, but they're distinct concepts. While privacy is a set of choices you make about how your data is used and shared, anonymity is the complete disassociation of your online activities from your real identity. -Whistleblowers and journalists, for example, can have a much more extreme threat model which requires total anonymity. That's not only hiding what they do, what data they have, and not getting hacked by malicious actors or governments, but also hiding who they are entirely. They will often sacrifice any kind of convenience if it means protecting their anonymity, privacy, or security, because their lives could depend on it. Most people don't need to go so far. +Whistleblowers and journalists, for example, can have a much more extreme threat model which requires total anonymity. That's not only hiding what they do, what data they have, and not getting hacked by malicious actors or governments, but also hiding who they are entirely. They will often sacrifice any kind of convenience if it means protecting their anonymity, privacy, or security, because their lives could depend on it. De flesta behöver inte gå så långt. -## Security and Privacy +## Säkerhet och sekretess -:material-bug-outline: Passive Attacks +:material-bug-outline: Passiva attacker -Security and privacy are also often confused, because you need security to obtain any semblance of privacy: Using tools—even if they're private by design—is futile if they could be easily exploited by attackers who later release your data. However, the inverse isn't necessarily true: The most secure service in the world *isn't necessarily* private. The best example of this is trusting data to Google who, given their scale, have had few security incidents by employing industry-leading security experts to secure their infrastructure. Even though Google provides very secure services, very few people would consider their data private in Google's free consumer products (Gmail, YouTube, etc.) +Säkerhet och integritet förväxlas också ofta, eftersom man behöver säkerhet för att få ett sken av integritet: Det är meningslöst att använda verktyg - även om de är privata till sin utformning - om de lätt kan utnyttjas av angripare som senare släpper ut dina uppgifter. Men det omvända är inte nödvändigtvis sant: Den säkraste tjänsten i världen *är inte nödvändigtvis* privat. Det bästa exemplet på detta är att lita på data till Google som, med tanke på deras skala, har haft få säkerhetsincidenter genom att anställa branschledande säkerhetsexperter för att säkra sin infrastruktur. Även om Google tillhandahåller mycket säkra tjänster, skulle mycket få människor betrakta sina data privat i Googles gratis konsumentprodukter (Gmail, YouTube, etc.) -When it comes to application security, we generally don't (and sometimes can't) know if the software we use is malicious, or might one day become malicious. Even with the most trustworthy developers, there's generally no guarantee that their software doesn't have a serious vulnerability that could later be exploited. +När det gäller applikationssäkerhet vet vi i allmänhet inte (och kan ibland inte) om programvaran vi använder är skadlig, eller kanske en dag blir skadlig. Även med de mest pålitliga utvecklarna finns det i allmänhet ingen garanti för att deras programvara inte har en allvarlig sårbarhet som senare kan utnyttjas. -To minimize the damage that a malicious piece of software *could* do, you should employ security by compartmentalization. For example, this could come in the form of using different computers for different jobs, using virtual machines to separate different groups of related applications, or using a secure operating system with a strong focus on application sandboxing and mandatory access control. +För att minimera den skada som en skadlig programvara ** kan orsaka bör du använda säkerhet genom uppdelning. Det kan till exempel handla om att använda olika datorer för olika jobb, att använda virtuella maskiner för att separera olika grupper av relaterade program eller att använda ett säkert operativsystem med starkt fokus på sandlåda för program och obligatorisk åtkomstkontroll. -!!! tip +!!! tips - Mobile operating systems generally have better application sandboxing than desktop operating systems: Apps can't obtain root access, and require permission for access to system resources. + Mobila operativsystem har i allmänhet bättre applikationssandlåda än stationära operativsystem: Appar kan inte få root-åtkomst och kräver tillstånd för åtkomst till systemresurser. - Desktop operating systems generally lag behind on proper sandboxing. ChromeOS has similar sandboxing capabilities to Android, and macOS has full system permission control (and developers can opt-in to sandboxing for applications). However, these operating systems do transmit identifying information to their respective OEMs. Linux tends to not submit information to system vendors, but it has poor protection against exploits and malicious apps. This can be mitigated somewhat with specialized distributions which make significant use of virtual machines or containers, such as [Qubes OS](../../desktop/#qubes-os). + Skrivbordsoperativsystem släpar i allmänhet efter vid korrekt sandlåda. ChromeOS har liknande sandlådor som Android och macOS har fullständig kontroll över systembehörigheter (och utvecklare kan välja att sandlådor ska användas för program). Dessa operativsystem överför dock identifieringsinformation till sina respektive OEM-tillverkare. Linux tenderar att inte lämna information till systemleverantörer, men har dåligt skydd mot exploateringar och skadliga program. Detta kan mildras något med specialiserade distributioner som i stor utsträckning använder sig av virtuella maskiner eller behållare, såsom [Qubes OS](../../desktop/#qubes-os). -:material-target-account: Targeted Attacks +:material-target-account: Riktade attacker -Targeted attacks against a specific person are more problematic to deal with. Common attacks include sending malicious documents via email, exploiting vulnerabilities (e.g. in browsers and operating systems), and physical attacks. If this is a concern for you, you should employ more advanced threat mitigation strategies. +Riktade attacker mot en specifik person är mer problematiska att hantera. Vanliga attacker är att skicka skadliga dokument via e-post, utnyttja sårbarheter (t.ex. i webbläsare och operativsystem) och fysiska attacker. Om detta är ett problem för dig bör du använda mer avancerade strategier för att minska hoten. -!!! tip +!!! tips - By design, **web browsers**, **email clients**, and **office applications** typically run untrusted code, sent to you from third parties. Running multiple virtual machines—to separate applications like these from your host system, as well as each other—is one technique you can use to mitigate the chance of an exploit in these applications compromising the rest of your system. For example, technologies like Qubes OS or Microsoft Defender Application Guard on Windows provide convenient methods to do this. + I **webbläsare**, **emailklienter** och **kontorsprogram** körs vanligtvis kod som inte är tillförlitlig och som skickas till dig från tredje part. Att köra flera virtuella maskiner för att separera sådana här program från värdsystemet och från varandra är en teknik som du kan använda för att minska risken för att en exploatering i dessa program ska kunna äventyra resten av systemet. Tekniker som Qubes OS eller Microsoft Defender Application Guard på Windows ger till exempel praktiska metoder för att göra detta. -If you are concerned about **physical attacks** you should use an operating system with a secure verified boot implementation, such as Android, iOS, macOS, or [Windows (with TPM)](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process). You should also make sure that your drive is encrypted, and that the operating system uses a TPM or Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) or [Element](https://developers.google.com/android/security/android-ready-se) to rate limit attempts to enter the encryption passphrase. You should avoid sharing your computer with people you don't trust, because most desktop operating systems don't encrypt data separately per-user. +Om du är orolig för **fysiska attacker** bör du använda ett operativsystem med en säker verifierad uppstart, t.ex. Android, iOS, macOS eller [Windows (med TPM)](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process). Du bör också se till att enheten är krypterad och att operativsystemet använder en TPM eller Secure [Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1) eller [Element](https://developers.google.com/android/security/android-ready-se) för att begränsa försöken att ange krypteringsfrasen. Du bör undvika att dela din dator med personer du inte litar på, eftersom de flesta stationära operativsystem inte krypterar data separat per användare. -## Privacy From Service Providers +## Sekretess från tjänsteleverantörer -:material-server-network: Service Providers +:material-server-network: Tjänsteleverantörer -We live in a world where almost everything is connected to the internet. Our "private" messages, emails, and social interactions are typically stored on a server, somewhere. Generally, when you send someone a message it's stored on a server, and when your friend wants to read the message the server will show it to them. +Vi lever i en värld där nästan allt är anslutet till internet. Våra "privata" meddelanden, e-postmeddelanden och sociala interaktioner lagras vanligtvis på en server, någonstans. I allmänhet, när du skickar ett meddelande till någon lagras det på en server, och när din vän vill läsa meddelandet kommer servern att visa det för dem. -The obvious problem with this is that the service provider (or a hacker who has compromised the server) can access your conversations whenever and however they want, without you ever knowing. This applies to many common services, like SMS messaging, Telegram, and Discord. +Det uppenbara problemet med detta är att tjänsteleverantören (eller en hackare som har äventyrat servern) kan komma åt dina konversationer när och hur de vill, utan att du någonsin vet. Detta gäller många vanliga tjänster, som SMS-meddelanden, Telegram och Discord. -Thankfully, E2EE can alleviate this issue by encrypting communications between you and your desired recipients before they are even sent to the server. The confidentiality of your messages is guaranteed, assuming the service provider doesn't have access to the private keys of either party. +Tack och lov kan E2EE lindra detta problem genom att kryptera kommunikationen mellan dig och dina önskade mottagare innan den ens skickas till servern. Sekretessen för dina meddelanden garanteras, förutsatt att tjänsteleverantören inte har tillgång till någon av parternas privata nycklar. -!!! note "Note on Web-based Encryption" +!!! anmärkning "Anmärkning om webbaserad kryptering" - In practice, the effectiveness of different E2EE implementations varies. Applications, such as [Signal](../real-time-communication.md#signal), run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) in their application—in an attempt to steal your private keys—it could later be detected with [reverse engineering](https://en.wikipedia.org/wiki/Reverse_engineering). + I praktiken varierar effektiviteten i olika E2EE-genomföranden. Applikationer, till exempel [Signal](../real-time-communication.md#signal), körs naturligt på din enhet, och varje kopia av applikationen är densamma över olika installationer. Om tjänsteleverantören skulle införa en [backdoor](https://en.wikipedia.org/wiki/Backdoor_(computing)) i sitt program - i ett försök att stjäla dina privata nycklar - skulle det senare kunna upptäckas med [reverse engineering] (https://en.wikipedia.org/wiki/Reverse_engineering). - On the other hand, web-based E2EE implementations, such as Proton Mail's webmail or Bitwarden's *Web Vault*, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. A malicious server can target you and send you malicious JavaScript code to steal your encryption key (and it would be extremely hard to notice). Because the server can choose to serve different web clients to different people—even if you noticed the attack—it would be incredibly hard to prove the provider's guilt. + Å andra sidan är webbaserade E2EE-implementationer, som Proton Mail-webmail eller Bitwardens *Web Vault*, beroende av att servern dynamiskt serverar JavaScript-kod till webbläsaren för att hantera kryptografi. En skadlig server kan rikta dig och skicka skadlig JavaScript-kod för att stjäla din krypteringsnyckel (och det skulle vara extremt svårt att märka). Eftersom servern kan välja att betjäna olika webbklienter till olika människor - även om du märkte attacken - skulle det vara otroligt svårt att bevisa leverantörens skuld. - Therefore, you should use native applications over web clients whenever possible. + Därför bör du använda inbyggda applikationer över webbklienter när det är möjligt. -Even with E2EE, service providers can still profile you based on **metadata**, which typically isn't protected. While the service provider can't read your messages, they can still observe important things, such as who you're talking to, how often you message them, and when you're typically active. Protection of metadata is fairly uncommon, and—if it's within your [threat model](threat-modeling.md)—you should pay close attention to the technical documentation of the software you're using to see if there's any metadata minimization or protection at all. +Även med E2EE kan tjänsteleverantörer fortfarande profilera dig utifrån **metadata**, som vanligtvis inte är skyddade. Medan tjänsteleverantören inte kan läsa dina meddelanden kan de fortfarande observera viktiga saker, till exempel vem du pratar med, hur ofta du skickar meddelanden till dem och när du vanligtvis är aktiv. Skydd av metadata är ganska ovanligt, och om det ingår i din hotmodell [](threat-modeling.md)- bör du vara uppmärksam på den tekniska dokumentationen för den programvara du använder för att se om det finns någon minimering eller något skydd av metadata överhuvudtaget. -## Mass Surveillance Programs +## Massövervakningsprogram -:material-eye-outline: Mass Surveillance +:material-eye-outline: Massövervakning -Mass surveillance is the intricate effort to monitor the "behavior, many activities, or information" of an entire (or substantial fraction of a) population.[^1] It often refers to government programs, such as the ones [disclosed by Edward Snowden in 2013](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)). However, it can also be carried out by corporations, either on behalf of government agencies or by their own initiative. +Massövervakning är ett komplicerat försök att övervaka "beteende, många aktiviteter eller information" hos en hel (eller en stor del av en) befolkning.[^1] Det hänvisar ofta till statliga program, t.ex. de [som Edward Snowden avslöjade 2013](https://en.wikipedia.org/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)). Det kan dock också utföras av företag, antingen på uppdrag av myndigheter eller på eget initiativ. -!!! abstract "Atlas of Surveillance" +!!! sammanfattning av "Atlas of Surveillance" - If you want to learn more about surveillance methods and how they're implemented in your city you can also take a look at the [Atlas of Surveillance](https://atlasofsurveillance.org/) by the [Electronic Frontier Foundation](https://www.eff.org/). + Om du vill veta mer om övervakningsmetoder och hur de tillämpas i din stad kan du också ta en titt på [Atlas of Surveillance] (https://atlasofsurveillance.org/) från [Electronic Frontier Foundation] (https://www.eff.org/). - In France you can take a look at the [Technolopolice website](https://technopolice.fr/villes/) maintained by the non-profit association La Quadrature du Net. + I Frankrike kan du ta en titt på [Technolopolices webbplats](https://technopolice.fr/villes/) som upprätthålls av den ideella föreningen La Quadrature du Net. -Governments often justify mass surveillance programs as necessary means to combat terrorism and prevent crime. However, breaching human rights, it's most often used to disproportionately target minority groups and political dissidents, among others. +Regeringar rättfärdigar ofta massövervakningsprogram som nödvändiga medel för att bekämpa terrorism och förebygga brottslighet. Men kränker de mänskliga rättigheterna, är det oftast används för att oproportionerligt rikta minoritetsgrupper och politiska dissidenter, bland annat. -!!! quote "ACLU: [*The Privacy Lesson of 9/11: Mass Surveillance is Not the Way Forward*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)" +!!! citat "ACLU: [*Det är en viktig fråga för den personliga integriteten: Massövervakning är inte vägen framåt*](https://www.aclu.org/news/national-security/the-privacy-lesson-of-9-11-mass-surveillance-is-not-the-way-forward)" - In the face of [Edward Snowden's disclosures of government programs such as [PRISM](https://en.wikipedia.org/wiki/PRISM) and [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)], intelligence officials also admitted that the NSA had for years been secretly collecting records about virtually every American’s phone calls — who’s calling whom, when those calls are made, and how long they last. This kind of information, when amassed by the NSA day after day, can reveal incredibly sensitive details about people’s lives and associations, such as whether they have called a pastor, an abortion provider, an addiction counselor, or a suicide hotline. + Med anledning av [Edward Snowdens avslöjanden om regeringsprogram som [PRISM](https://en.wikipedia.org/wiki/PRISM) och [Upstream](https://en.wikipedia.org/wiki/Upstream_collection)] erkände underrättelsetjänstemännen också att NSA i åratal i hemlighet hade samlat in uppgifter om praktiskt taget alla amerikaners telefonsamtal - vem som ringer till vem, när samtalen görs och hur länge de varar. Den här typen av information kan, när den samlas in av NSA dag efter dag, avslöja otroligt känsliga detaljer om människors liv och umgänge, t. ex. om de har ringt till en pastor, en abortvårdare, en missbruksrådgivare eller en självmordshotline. -Despite growing mass surveillance in the United States, the government has found that mass surveillance programs like Section 215 have had "little unique value" with respect to stopping actual crimes or terrorist plots, with efforts largely duplicating the FBI's own targeted surveillance programs.[^2] +Trots den ökande massövervakningen i USA har regeringen konstaterat att massövervakningsprogram som avsnitt 215 har haft "litet unikt värde" när det gäller att stoppa faktiska brott eller terroristplaner, och att insatserna i stort sett har varit en kopia av FBI:s egna riktade övervakningsprogram.[^2] -Online, you can be tracked via a variety of methods: +På nätet kan du spåras på olika sätt: -- Your IP address -- Browser cookies -- The data you submit to websites -- Your browser or device fingerprint -- Payment method correlation +- Din IP adress +- Webbläsarcookies +- Uppgifter som du skickar till webbplatser +- Fingeravtryck från din webbläsare eller enhet +- Betalningsmetod korrelation -\[This list isn't exhaustive]. +\[Denna lista är inte uttömmande]. -If you're concerned about mass surveillance programs, you can use strategues like compartmentalizing your online identities, blending in with other users, or, whenever possible, simply avoiding giving out identifying information. +Om du är orolig för massövervakningsprogram kan du använda strategier som att dela upp din identitet på nätet, smälta in bland andra användare eller, när det är möjligt, helt enkelt undvika att lämna ut identifieringsuppgifter. -:material-account-cash: Surveillance Capitalism +:material-account-cash: Övervakningskapitalism -> Surveillance capitalism is an economic system centered around the capture and commodification of personal data for the core purpose of profit-making.[^3] +> Övervakningskapitalism är ett ekonomiskt system som är centrerat kring insamling och kommersialisering av personuppgifter i syfte att skapa vinst.[^3] -For many people, tracking and surveillance by private corporations is a growing concern. Pervasive ad networks, such as those operated by Google and Facebook, span the internet far beyond just the sites they control, tracking your actions along the way. Using tools like content blockers to limit network requests to their servers, and reading the privacy policies of the services you use can help you avoid many basic adversaries (although it can't completely prevent tracking).[^4] +För många människor är spårning och övervakning av privata företag ett växande problem. Genomgripande annonsnätverk, som de som drivs av Google och Facebook, spänner över internet långt bortom bara de webbplatser de kontrollerar och spårar dina handlingar längs vägen. Genom att använda verktyg som innehållsblockerare för att begränsa nätverksförfrågningar till deras servrar och läsa sekretesspolicyn för de tjänster du använder kan du undvika många grundläggande motståndare (även om det inte helt kan förhindra spårning).[^4] -Additionally, even companies outside of the *AdTech* or tracking industry can share your information with [data brokers](https://en.wikipedia.org/wiki/Information_broker) (such as Cambridge Analytica, Experian, or Datalogix) or other parties. You can't automatically assume your data is safe just because the service you're using doesn't fall within the typical AdTech or tracking business model. The strongest protection against corporate data collection is to encrypt or obfuscate your data whenever possible, making it difficult for different providers to correlate data with each other and build a profile on you. +Dessutom kan även företag utanför *AdTech* eller spårningsbranschen dela din information med [datamäklare](https://en.wikipedia.org/wiki/Information_broker) (t.ex. Cambridge Analytica, Experian eller Datalogix) eller andra parter. Du kan inte automatiskt anta att dina data är säkra bara för att den tjänst du använder inte faller inom den typiska AdTech- eller spårningsaffärsmodellen. Det starkaste skyddet mot företags datainsamling är att kryptera eller dölja dina data när det är möjligt, vilket gör det svårt för olika leverantörer att korrelera data med varandra och bygga en profil på dig. -## Limiting Public Information +## Begränsning av offentlig information -:material-account-search: Public Exposure +:material-account-search: Offentlig exponering -The best way to keep your data private is simply not making it public in the first place. Deleting unwanted information you find about yourself online is one of the best first steps you can take to regain your privacy. +Det bästa sättet att hålla dina uppgifter hemliga är att helt enkelt inte offentliggöra dem från början. Att ta bort oönskad information du hittar om dig själv online är ett av de bästa första stegen du kan ta för att återfå din integritet. -- [View our guide on account deletion :material-arrow-right-drop-circle:](account-deletion.md) +- [Se vår guide om radering av konto :material-arrow-right-drop-circle:](account-deletion.md) -On sites where you do share information, checking the privacy settings of your account to limit how widely that data is spread is very important. For example, enable "private mode" on your accounts if given the option: This ensures that your account isn't being indexed by search engines, and that it can't be viewed without your permission. +På webbplatser där du delar med dig av information är det mycket viktigt att du kontrollerar sekretessinställningarna för ditt konto för att begränsa hur mycket informationen sprids. Aktivera till exempel "privat läge" på dina konton om du får alternativet: Detta säkerställer att ditt konto inte indexeras av sökmotorer och att det inte kan visas utan ditt tillstånd. -If you've already submitted your real information to sites which shouldn't have it, consider using disinformation tactics, like submitting fictitious information related to that online identity. This makes your real information indistinguishable from the false information. +Om du redan har skickat in din riktiga information till webbplatser som inte borde ha den, kan du överväga att använda en taktik för desinformation, som att skicka in fiktiv information om din identitet på nätet. Detta gör att din riktiga information inte kan särskiljas från den falska informationen. -## Avoiding Censorship +## Undvik censur -:material-close-outline: Censorship +:material-close-outline: Censur -Censorship online can be carried out (to varying degrees) by actors including totalitarian governments, network administrators, and service providers. These efforts to control communication and restrict access to information will always be incompatible with the human right to Freedom of Expression.[^5] +Censur på nätet kan utföras (i varierande grad) av aktörer som totalitära regeringar, nätverksadministratörer och tjänsteleverantörer. Dessa försök att kontrollera kommunikation och begränsa tillgången till information kommer alltid att vara oförenliga med den mänskliga rätten till yttrandefrihet.[^5] -Censorship on corporate platforms is increasingly common, as platforms like Twitter and Facebook give in to public demand, market pressures, and pressures from government agencies. Government pressures can be covert requests to businesses, such as the White House [requesting the takedown](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html) of a provocative YouTube video, or overt, such as the Chinese government requiring companies to adhere to a strict regime of censorship. +Censur på företagsplattformar blir allt vanligare, eftersom plattformar som Twitter och Facebook ger efter för allmänhetens efterfrågan, marknadstryck och påtryckningar från myndigheter. Statliga påtryckningar kan vara dolda förfrågningar till företag, till exempel när Vita huset [begär att en provocerande YouTube-video ska tas bort](https://www.nytimes.com/2012/09/17/technology/on-the-web-a-fine-line-on-free-speech-across-globe.html), eller öppna förfrågningar, till exempel när den kinesiska regeringen kräver att företag ska följa en strikt censurregim. -People concerned with the threat of censorship can use technologies like [Tor](../advanced/tor-overview.md) to circumvent it, and support censorship-resistant communication platforms like [Matrix](../real-time-communication.md#element), which doesn't have a centralized account authority that can close accounts arbitrarily. +Människor som oroar sig för hotet om censur kan använda teknik som [Tor](../advanced/tor-overview.md) för att kringgå den och stödja censurresistenta kommunikationsplattformar som [Matrix](../real-time-communication.md#element), som inte har någon centraliserad kontoinspektion som kan stänga konton godtyckligt. -!!! tip +!!! tips - While evading censorship itself can be easy, hiding the fact that you are doing it can be very problematic. + Även om det kan vara lätt att undvika censur, kan det vara mycket problematiskt att dölja det faktum att du gör det. - You should consider which aspects of the network your adversary can observe, and whether you have plausible deniability for your actions. For example, using [encrypted DNS](../advanced/dns-overview.md#what-is-encrypted-dns) can help you bypass rudimentary, DNS-based censorship systems, but it can't truly hide what you are visiting from your ISP. A VPN or Tor can help hide what you are visiting from network administrators, but can't hide that you're using those networks in the first place. Pluggable transports (such as Obfs4proxy, Meek, or Shadowsocks) can help you evade firewalls that block common VPN protocols or Tor, but your circumvention attempts can still be detected by methods like probing or [deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection). + Du bör överväga vilka aspekter av nätverket din motståndare kan observera, och om du har trovärdigt förnekande för dina handlingar. Om du till exempel använder [encrypted DNS](../advanced/dns-overview.md#what-is-encrypted-dns) kan det hjälpa dig att kringgå rudimentära DNS-baserade censursystem, men det kan inte dölja vad du besöker för din internetleverantör. En VPN eller Tor kan hjälpa till att dölja vad du besöker för nätverksadministratörer, men kan inte dölja att du använder nätverken överhuvudtaget. Pluggable transports (t.ex. Obfs4proxy, Meek eller Shadowsocks) kan hjälpa dig att undvika brandväggar som blockerar vanliga VPN-protokoll eller Tor, men dina försök att kringgå dem kan fortfarande upptäckas med metoder som probing eller [deep packet inspection] (https://en.wikipedia.org/wiki/Deep_packet_inspection). -You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. +Du måste alltid överväga riskerna med att försöka kringgå censur, de potentiella konsekvenserna och hur sofistikerad din motståndare kan vara. Du bör vara försiktig när du väljer programvara och ha en backup-plan om du skulle bli upptäckt. ---8<-- "includes/abbreviations.sv.txt" - -[^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). -[^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) -[^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) -[^4]: "[Enumerating badness](https://www.ranum.com/security/computer_security/editorials/dumb/)" (or, "listing all the bad things that we know about"), as many adblockers and antivirus programs do, fails to adequately protect you from new and unknown threats because they have not yet been added to the filter list. You should also employ other mitigation techniques. -[^5]: United Nations: [*Universal Declaration of Human Rights*](https://www.un.org/en/about-us/universal-declaration-of-human-rights). +[^1]: Wikipedia: [*Massövervakning*](https://en.wikipedia.org/wiki/Mass_surveillance) och [*Övervakning*](https://en.wikipedia.org/wiki/Surveillance). +[^2]: Usa: s tillsynsnämnd för integritet och medborgerliga fri- och rättigheter: [*Rapport om telefonregistreringsprogrammet som genomförts enligt avsnitt 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) +[^3]: Wikipedia: [*Övervakningskapitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) +[^4]: "[Räkna badness](https://www.ranum.com/security/computer_security/editorials/dumb/)" (eller "lista alla de dåliga saker som vi vet om"), som många adblockers och antivirusprogram gör, misslyckas med att tillräckligt skydda dig från nya och okända hot eftersom de ännu inte har lagts till i filterlistan. Du bör också använda andra metoder för att minska risken. +[^5]: Förenta nationerna: [*Universella förklaringen om de mänskliga rättigheterna*](https://www.un.org/en/about-us/universal-declaration-of-human-rights). diff --git a/i18n/sv/basics/email-security.md b/i18n/sv/basics/email-security.md index 74707842..59f59b3d 100644 --- a/i18n/sv/basics/email-security.md +++ b/i18n/sv/basics/email-security.md @@ -1,42 +1,41 @@ --- -title: Email Security +title: E-postsäkerhet icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- -Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. +E-post är som standard en osäker kommunikationsform. Du kan förbättra din e-postsäkerhet med verktyg som OpenPGP, som lägger till End-to-End-kryptering till dina meddelanden, men OpenPGP har fortfarande ett antal nackdelar jämfört med kryptering i andra meddelandeprogram, och vissa e-postdata kan aldrig krypteras av naturliga skäl på grund av hur e-post är utformad. -As a result, email is best used for receiving transactional emails (like notifications, verification emails, password resets, etc.) from the services you sign up for online, not for communicating with others. +E-post används därför bäst för att ta emot transaktionsmeddelanden (t. ex. meddelanden, verifieringsmeddelanden, lösenordsåterställning osv.) från de tjänster du registrerar dig för online, inte för att kommunicera med andra. -## Email Encryption Overview +## E-post-krypteringsnycklar -The standard way to add E2EE to emails between different email providers is by using OpenPGP. There are different implementations of the OpenPGP standard, the most common being [GnuPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) and [OpenPGP.js](https://openpgpjs.org). +Standardmetoden för att lägga till E2EE i e-postmeddelanden mellan olika e-postleverantörer är att använda OpenPGP. Det finns olika implementeringar av OpenPGP-standarden, de vanligaste är [GnuPG](https://en.wikipedia.org/wiki/GNU_Privacy_Guard) och [OpenPGP.js](https://openpgpjs.org). -There is another standard which is popular with business called [S/MIME](https://en.wikipedia.org/wiki/S/MIME), however, it requires a certificate issued from a [Certificate Authority](https://en.wikipedia.org/wiki/Certificate_authority) (not all of them issue S/MIME certificates). It has support in [Google Workplace](https://support.google.com/a/topic/9061730?hl=en&ref_topic=9061731) and [Outlook for Web or Exchange Server 2016, 2019](https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480). +Det finns en annan standard som är populär bland företag och som heter [S/MIME](https://en.wikipedia.org/wiki/S/MIME), men den kräver ett certifikat som utfärdats av en [Certifikatmyndighet](https://en.wikipedia.org/wiki/Certificate_authority) (alla utfärdar inte S/MIME-certifikat). Den har stöd för [Google Workplace](https://support.google.com/a/topic/9061730?hl=en&ref_topic=9061731) och [Outlook for Web eller Exchange Server 2016, 2019](https://support.office.com/en-us/article/encrypt-messages-by-using-s-mime-in-outlook-on-the-web-878c79fc-7088-4b39-966f-14512658f480). -Even if you use OpenPGP, it does not support [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend [instant messengers](../real-time-communication.md) which implement forward secrecy over email for person-to-person communications whenever possible. +Även om du använder OpenPGP har det inte stöd för [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), vilket innebär att om antingen din eller mottagarens privata nyckel någonsin stjäls kommer alla tidigare meddelanden som krypterats med den att avslöjas. Det är därför vi rekommenderar [snabbmeddelanden](../real-time-communication.md) som implementerar vidarebefordran av sekretess via e-post för person-till-person-kommunikation när det är möjligt. -### What Email Clients Support E2EE? +### Vilka e-postklienter stöder E2EE? -Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the [email clients we recommend](../email-clients.md). Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as [multi-factor authentication](multi-factor-authentication.md) is not possible with plain password authentication. +E-postleverantörer som tillåter dig att använda standardprotokoll som IMAP och SMTP kan användas med någon av de e-postklienter på [som vi rekommenderar](../email-clients.md). Beroende på autentiseringsmetoden kan detta leda till sämre säkerhet om leverantören eller e-postklienten inte stöder OATH eller en bryggapplikation, eftersom [multi-faktorautentisering](multi-factor-authentication.md) inte är möjlig med vanlig lösenordsautentisering. -### How Do I Protect My Private Keys? +### Hur skyddar jag mina privata nycklar? -A smartcard (such as a [Yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) or [Nitrokey](https://www.nitrokey.com)) works by receiving an encrypted email message from a device (phone, tablet, computer, etc) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device. +Ett smartkort (t.ex. [Yubikey](https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP) eller [Nitrokey](https://www.nitrokey.com)) fungerar genom att ta emot ett krypterat e-postmeddelande från en enhet (telefon, surfplatta, dator osv.) som kör en e-post-/webbmail-klient. Meddelandet dekrypteras sedan av smartkortet och det dekrypterade innehållet skickas tillbaka till enheten. -It is advantageous for the decryption to occur on the smartcard so as to avoid possibly exposing your private key to a compromised device. +Det är fördelaktigt att dekrypteringen sker på smartkortet för att undvika att den privata nyckeln exponeras för en komprometterad enhet. -## Email Metadata Overview +## Översikt över metadata för e-post -Email metadata is stored in the [message header](https://en.wikipedia.org/wiki/Email#Message_header) of the email message and includes some visible headers that you may have seen such as: `To`, `From`, `Cc`, `Date`, `Subject`. There are also a number of hidden headers included by many email clients and providers that can reveal information about your account. +E-postmetadata lagras i e-postmeddelandets [meddelandehuvud](https://en.wikipedia.org/wiki/Email#Message_header) och innehåller några synliga rubriker som du kanske har sett, t.ex: `To`, `From`, `Cc`, `Date`, `Subject`. Det finns också ett antal dolda rubriker som ingår i många e-postklienter och e-postleverantörer och som kan avslöja information om ditt konto. -Client software may use email metadata to show who a message is from and what time it was received. Servers may use it to determine where an email message must be sent, among [other purposes](https://en.wikipedia.org/wiki/Email#Message_header) which are not always transparent. +Klientprogram kan använda metadata för e-post för att visa vem ett meddelande är från och när det togs emot. Servrar kan använda den för att avgöra var ett e-postmeddelande måste skickas, bland [andra ändamål](https://en.wikipedia.org/wiki/Email#Message_header) som inte alltid är transparenta. -### Who Can View Email Metadata? +### Vem kan se metadata för e-post? -Email metadata is protected from outside observers with [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS) protecting it from outside observers, but it is still able to be seen by your email client software (or webmail) and any servers relaying the message from you to any recipients including your email provider. Sometimes email servers will also use third-party services to protect against spam, which generally also have access to your messages. +E-postmetadata skyddas från utomstående observatörer med [Opportunistic TLS](https://en.wikipedia.org/wiki/Opportunistic_TLS) som skyddar dem från utomstående observatörer, men de kan fortfarande ses av din e-postklientprogramvara (eller webbmail) och alla servrar som vidarebefordrar meddelandet från dig till mottagare, inklusive din e-postleverantör. Ibland använder e-postservrar också tjänster från tredje part för att skydda sig mot skräppost, som i allmänhet också har tillgång till dina meddelanden. -### Why Can't Metadata be E2EE? +### Varför kan metadata inte vara E2EE? -Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.sv.txt" +Metadata för e-post är avgörande för e-postens mest grundläggande funktionalitet (varifrån den kom och vart den ska ta vägen). E2EE var ursprungligen inte inbyggt i e-postprotokollen, utan krävde istället tilläggsprogram som OpenPGP. Eftersom OpenPGP-meddelanden fortfarande måste fungera med traditionella e-postleverantörer kan de inte kryptera metadata, utan endast själva meddelandet. Det innebär att även om du använder OpenPGP kan utomstående observatörer se mycket information om dina meddelanden, t. ex. vem du skickar e-post till, ämnesraden, när du skickar e-post osv. diff --git a/i18n/sv/basics/multi-factor-authentication.md b/i18n/sv/basics/multi-factor-authentication.md index ac6602c2..ac27dacf 100644 --- a/i18n/sv/basics/multi-factor-authentication.md +++ b/i18n/sv/basics/multi-factor-authentication.md @@ -1,25 +1,26 @@ --- -title: "Multi-Factor Authentication" +title: "Multi-Faktor Autentisering" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- -**Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. +**Flerfaktorsautentisering** (**MFA**) är en säkerhetsmekanism som kräver ytterligare steg utöver att ange användarnamn (eller e-post) och lösenord. Den vanligaste metoden är tidsbegränsade koder som du kan få från SMS eller en app. -Normally, if a hacker (or adversary) is able to figure out your password then they’d gain access to the account that password belongs to. An account with MFA forces the hacker to have both the password (something you *know*) and a device that you own (something you *have*), like your phone. +Om en hackare (eller motståndare) kan ta reda på ditt lösenord får han eller hon normalt sett tillgång till det konto som lösenordet tillhör. Ett konto med MFA tvingar hackaren att ha både lösenordet (något som du *känner till*) och en enhet som du äger (något som du *har*), t. ex. din telefon. -MFA methods vary in security, but are based on the premise that the more difficult it is for an attacker to gain access to your MFA method, the better. Examples of MFA methods (from weakest to strongest) include SMS, Email codes, app push notifications, TOTP, Yubico OTP and FIDO. +MFA-metoder varierar i säkerhet, men bygger på förutsättningen att ju svårare det är för en angripare att få tillgång till din MFA-metod, desto bättre. Exempel på MFA-metoder (från svagaste till starkaste) inkluderar SMS, e-postkoder, app push-meddelanden, TOTP, Yubico OTP och FIDO. -## MFA Method Comparison +## Jämförelse av MFA-metod -### SMS or Email MFA +### SMS eller e-post MFA -Receiving OTP codes via SMS or email are one of the weaker ways to secure your accounts with MFA. Obtaining a code by email or SMS takes away from the "something you *have*" idea, because there are a variety of ways a hacker could [take over your phone number](https://en.wikipedia.org/wiki/SIM_swap_scam) or gain access to your email without having physical access to any of your devices at all. If an unauthorized person gained access to your email, they would be able to use that access to both reset your password and receive the authentication code, giving them full access to your account. +Att ta emot OTP-koder via SMS eller e-post är ett av de svagare sätten att säkra dina konton med MFA. Att få en kod via e-post eller sms är inte längre något som du *har*", eftersom det finns många olika sätt för en hackare att [ta över ditt telefonnummer](https://en.wikipedia.org/wiki/SIM_swap_scam) eller få tillgång till din e-post utan att ha fysisk tillgång till någon av dina enheter överhuvudtaget. Om en obehörig person får tillgång till din e-post kan han eller hon använda den för att både återställa ditt lösenord och få autentiseringskoden, vilket ger honom eller henne full tillgång till ditt konto. -### Push Notifications +### Pushnotiser -Push notification MFA takes the form of a message being sent to an app on your phone asking you to confirm new account logins. This method is a lot better than SMS or email, since an attacker typically wouldn't be able to get these push notifications without having an already logged-in device, which means they would need to compromise one of your other devices first. +MFA med push-notiser är ett meddelande som skickas till en app på din telefon där du uppmanas att bekräfta nya kontoinloggningar. Den här metoden är mycket bättre än SMS eller e-post, eftersom en angripare vanligtvis inte kan få dessa push-notiser utan att ha en redan inloggad enhet, vilket innebär att de måste äventyra en av dina andra enheter först. -We all make mistakes, and there is the risk that you might accept the login attempt by accident. Push notification login authorizations are typically sent to *all* your devices at once, widening the availability of the MFA code if you have many devices. +Vi gör alla misstag, och det finns risk för att du kan acceptera inloggningsförsöket av misstag. Push notification login authorizations are typically sent to *all* your devices at once, widening the availability of the MFA code if you have many devices. The security of push notification MFA is dependent on both the quality of the app, the server component and the trust of the developer who produces it. Installing an app may also require you to accept invasive privileges that grant access to other data on your device. An individual app also requires that you have a specific app for each service which may not require a password to open, unlike a good TOTP generator app. @@ -83,84 +84,82 @@ This presentation discusses the history of password authentication, the pitfalls FIDO2 and WebAuthn have superior security and privacy properties when compared to any MFA methods. -Typically for web services it is used with WebAuthn which is a part of the [W3C recommendations](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). It uses public key authentication and is more secure than shared secrets used in Yubico OTP and TOTP methods, as it includes the origin name (usually, the domain name) during authentication. Attestation is provided to protect you from phishing attacks, as it helps you to determine that you are using the authentic service and not a fake copy. +För webbtjänster används det vanligtvis tillsammans med WebAuthn som är en del av [W3C:s rekommendationer](https://en.wikipedia.org/wiki/World_Wide_Web_Consortium#W3C_recommendation_(REC)). Det använder autentisering med offentliga nycklar och är säkrare än delade hemligheter som används i Yubico OTP- och TOTP-metoder, eftersom det innehåller ursprungsnamnet (vanligtvis domännamnet) under autentisering. Intyg tillhandahålls för att skydda dig från nätfiskeattacker, eftersom det hjälper dig att avgöra att du använder den autentiska tjänsten och inte en falsk kopia. -Unlike Yubico OTP, WebAuthn does not use any public ID, so the key is **not** identifiable across different websites. It also does not use any third-party cloud server for authentication. All communication is completed between the key and the website you are logging into. FIDO also uses a counter which is incremented upon use in order to prevent session reuse and cloned keys. +Till skillnad från Yubico OTP använder WebAuthn inget offentligt ID, så nyckeln är **inte** identifierbar på olika webbplatser. Det använder inte heller någon tredje parts molnserver för autentisering. All kommunikation sker mellan nyckeln och den webbplats du loggar in på. FIDO använder också en räknare som ökas vid användning för att förhindra återanvändning av sessioner och klonade tangenter. -If a website or service supports WebAuthn for the authentication, it is highly recommended that you use it over any other form of MFA. +Om en webbplats eller tjänst stöder WebAuthn för autentisering rekommenderas det starkt att du använder den över alla andra former av MFA. -## General Recommendations +## Allmänna rekommendationer -We have these general recommendations: +Vi har dessa allmänna rekommendationer: -### Which Method Should I Use? +### Vilken metod ska jag använda? -When configuring your MFA method, keep in mind that it is only as secure as your weakest authentication method you use. This means it is important that you only use the best MFA method available. For instance, if you are already using TOTP, you should disable email and SMS MFA. If you are already using FIDO2/WebAuthn, you should not be using Yubico OTP or TOTP on your account. +När du konfigurerar din MFA-metod, kom ihåg att den bara är lika säker som den svagaste autentiseringsmetoden du använder. Det är därför viktigt att du endast använder den bästa MFA-metoden som finns tillgänglig. Om du till exempel redan använder TOTP bör du inaktivera MFA för e-post och SMS. Om du redan använder FIDO2/WebAuthn bör du inte använda Yubico OTP eller TOTP på ditt konto. -### Backups +### Säkerhetskopior -You should always have backups for your MFA method. Hardware security keys can get lost, stolen or simply stop working over time. It is recommended that you have a pair of hardware security keys with the same access to your accounts instead of just one. +Du bör alltid ha säkerhetskopior av din MFA-metod. Säkerhetsnycklar för maskinvara kan förloras, stjälas eller helt enkelt sluta fungera med tiden. Det rekommenderas att du har ett par hårdvarusäkerhetsnycklar med samma åtkomst till dina konton istället för bara en. -When using TOTP with an authenticator app, be sure to back up your recovery keys or the app itself, or copy the "shared secrets" to another instance of the app on a different phone or to an encrypted container (e.g. [VeraCrypt](../encryption.md#veracrypt)). +När du använder TOTP med en autentiseringsapp ska du se till att säkerhetskopiera dina återställningsnycklar eller själva appen, eller kopiera de "delade hemligheterna" till en annan instans av appen på en annan telefon eller till en krypterad behållare (t.ex. [VeraCrypt](../encryption.md#veracrypt)). -### Initial Set Up +### Inledande inställning -When buying a security key, it is important that you change the default credentials, set up password protection for the key, and enable touch confirmation if your key supports it. Products such as the YubiKey have multiple interfaces with separate credentials for each one of them, so you should go over each interface and set up protection as well. +När du köper en säkerhetsnyckel är det viktigt att du ändrar standardinloggningsuppgifterna, ställer in lösenordsskydd för nyckeln och aktiverar touchbekräftelse om nyckeln stöder det. Produkter som YubiKey har flera gränssnitt med separata referenser för var och en av dem, så du bör gå över varje gränssnitt och ställa in skydd också. -### Email and SMS +### E-post och SMS -If you have to use email for MFA, make sure that the email account itself is secured with a proper MFA method. +Om du måste använda e-post för MFA ska du se till att e-postkontot i sig är skyddat med en lämplig MFA-metod. -If you use SMS MFA, use a carrier who will not switch your phone number to a new SIM card without account access, or use a dedicated VoIP number from a provider with similar security to avoid a [SIM swap attack](https://en.wikipedia.org/wiki/SIM_swap_scam). +Om du använder SMS MFA, använd en operatör som inte byter ditt telefonnummer till ett nytt SIM-kort utan tillgång till kontot, eller använd ett dedikerat VoIP-nummer från en leverantör med liknande säkerhet för att undvika en [SIM swap-attack](https://en.wikipedia.org/wiki/SIM_swap_scam). -[MFA tools we recommend](../multi-factor-authentication.md ""){.md-button} +[MFA-verktyg som vi rekommenderar](../multi-factor-authentication.md ""){.md-button} -## More Places to Set Up MFA +## Fler ställen att inrätta MFA -Beyond just securing your website logins, multi-factor authentication can be used to secure your local logins, SSH keys or even password databases as well. +Flerfaktorsautentisering kan användas för att säkra lokala inloggningar, SSH-nycklar eller till och med lösenordsdatabaser. ### Windows -Yubico has a dedicated [Credential Provider](https://docs.microsoft.com/en-us/windows/win32/secauthn/credential-providers-in-windows) that adds Challenge-Response authentication for the username + password login flow for local Windows accounts. If you have a YubiKey with Challenge-Response authentication support, take a look at the [Yubico Login for Windows Configuration Guide](https://support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide), which will allow you to set up MFA on your Windows computer. +Yubico har en dedikerad [Credential Provider](https://docs.microsoft.com/en-us/windows/win32/secauthn/credential-providers-in-windows) som lägger till Challenge-Response-autentisering för inloggningsflödet med användarnamn och lösenord för lokala Windows-konton. Om du har en YubiKey med stöd för autentisering med utmaningssvar kan du ta en titt på [Yubico Login for Windows Configuration Guide](https://support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide), där du kan konfigurera MFA på din Windows-dator. ### macOS -macOS has [native support](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) for authentication with smart cards (PIV). If you have a smartcard or a hardware security key that supports the PIV interface such as the YubiKey, we recommend that you follow your smartcard/hardware security vendor's documentation and set up second factor authentication for your macOS computer. +macOS har [inbyggt stöd](https://support.apple.com/guide/deployment/intro-to-smart-card-integration-depd0b888248/web) för autentisering med smarta kort (PIV). Om du har ett smartkort eller en hårdvarunyckel som stöder PIV-gränssnittet, till exempel YubiKey, rekommenderar vi att du följer dokumentationen från leverantören av smartkortet eller hårdvarunyckeln och konfigurerar andrafaktorsautentisering för din macOS-dator. -Yubico have a guide [Using Your YubiKey as a Smart Card in macOS](https://support.yubico.com/hc/en-us/articles/360016649059) which can help you set up your YubiKey on macOS. +[Använda din YubiKey som ett smartkort i macOS](https://support.yubico.com/hc/en-us/articles/360016649059) som kan hjälpa dig att ställa in din YubiKey på macOS. -After your smartcard/security key is set up, we recommend running this command in the Terminal: +När din smartkort/säkerhetsnyckel har ställts in rekommenderar vi att du kör det här kommandot i terminalen: ```text sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES ``` -The command will prevent an adversary from bypassing MFA when the computer boots. +Kommandot förhindrar att en motståndare kringgår MFA när datorn startar. ### Linux -!!! warning +!!! varning - If the hostname of your system changes (such as due to DHCP), you would be unable to login. It is vital that you set up a proper hostname for your computer before following this guide. + Om värdnamnet på ditt system ändras (till exempel på grund av DHCP), skulle du inte kunna logga in. Det är viktigt att du skapar ett korrekt värdnamn för din dator innan du följer den här guiden. -The `pam_u2f` module on Linux can provide two-factor authentication for logging in on most popular Linux distributions. If you have a hardware security key that supports U2F, you can set up MFA authentication for your login. Yubico has a guide [Ubuntu Linux Login Guide - U2F](https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) which should work on any distribution. The package manager commands—such as `apt-get`—and package names may however differ. This guide does **not** apply to Qubes OS. +Modulen `pam_u2f` på Linux kan ge tvåfaktorsautentisering för inloggning på de flesta populära Linuxdistributioner. Om du har en maskinvarusäkerhetsnyckel som stöder U2F kan du konfigurera MFA-autentisering för inloggning. Yubico har en guide [Ubuntu Linux Login Guide - U2F](https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F) som borde fungera för alla distributioner. Pakethanteraren kommandon-såsom `apt-get`-och paketnamn kan dock skilja sig. Den här guiden gäller **inte** för Qubes OS. ### Qubes OS -Qubes OS has support for Challenge-Response authentication with YubiKeys. If you have a YubiKey with Challenge-Response authentication support, take a look at the Qubes OS [YubiKey documentation](https://www.qubes-os.org/doc/yubikey/) if you want to set up MFA on Qubes OS. +Qubes OS har stöd för autentisering med Challenge-Response-autentisering med YubiKeys. Om du har en YubiKey med stöd för autentisering med utmaningssvar kan du ta en titt på dokumentationen för Qubes OS [YubiKey](https://www.qubes-os.org/doc/yubikey/) om du vill konfigurera MFA på Qubes OS. ### SSH -#### Hardware Security Keys +#### Hårdvarusäkerhetsnycklar -SSH MFA could be set up using multiple different authentication methods that are popular with hardware security keys. We recommend that you check out Yubico's [documentation](https://developers.yubico.com/SSH/) on how to set this up. +SSH MFA kan konfigureras med flera olika autentiseringsmetoder som är populära med hårdvarusäkerhetsnycklar. Vi rekommenderar att du läser Yubicos dokumentation på [](https://developers.yubico.com/SSH/) om hur du ställer in detta. -#### Time-based One-time Password (TOTP) +#### Tidsbaserat engångslösenord (TOTP) -SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How To Set Up Multi-Factor Authentication for SSH on Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Most things should be the same regardless of distribution, however the package manager commands—such as `apt-get`—and package names may differ. +SSH MFA kan också ställas in med TOTP. DigitalOcean har tillhandahållit en handledning [Hur man ställer in flerfaktorsautentisering för SSH på Ubuntu 20.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04). Det mesta bör vara likadant oavsett distribution, men kommandona för pakethanteraren - t. ex. `apt-get`- och paketnamnen kan skilja sig åt. -### KeePass (and KeePassXC) +### KeePass (och KeePassXC) -KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.sv.txt" +KeePass- och KeePassXC-databaser kan säkras med hjälp av Challenge-Response eller HOTP som andrafaktorsautentisering. Yubico har tillhandahållit ett dokument för KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) och det finns också ett dokument på webbplatsen [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa). diff --git a/i18n/sv/basics/passwords-overview.md b/i18n/sv/basics/passwords-overview.md index 9f0d3b05..00a21179 100644 --- a/i18n/sv/basics/passwords-overview.md +++ b/i18n/sv/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -47,7 +48,7 @@ An example of a diceware passphrase is `viewable fastness reluctant squishy seve To generate a diceware passphrase using real dice, follow these steps: -!!! note +!!! anmärkning These instructions assume that you are using [EFF's large wordlist](https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other wordlists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy. @@ -89,7 +90,7 @@ To sum it up, diceware passphrases are your best option when you need something ## Storing Passwords -### Password Managers +### Lösenordshanterare The best way to store your passwords is by using a password manager. They allow you to store your passwords in a file or in the cloud and protect them with a single master password. That way, you will only have to remember one strong password, which lets you access the rest of them. @@ -105,8 +106,6 @@ There are many good options to choose from, both cloud-based and local. Choose o Furthermore, we do not recommend storing single-use recovery codes in your password manager. Those should be stored separately such as in an encrypted container on an offline storage device. -### Backups +### Säkerhetskopior You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/basics/threat-modeling.md b/i18n/sv/basics/threat-modeling.md index c0786041..fc1b3b41 100644 --- a/i18n/sv/basics/threat-modeling.md +++ b/i18n/sv/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/basics/vpn-overview.md b/i18n/sv/basics/vpn-overview.md index abcc36da..28f43bba 100644 --- a/i18n/sv/basics/vpn-overview.md +++ b/i18n/sv/basics/vpn-overview.md @@ -1,78 +1,77 @@ --- -title: VPN Overview +title: VPN-översikt icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- -Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). +Virtuella privata nätverk är ett sätt att förlänga slutet av ditt nätverk till en utgång någon annanstans i världen. En internetleverantör kan se flödet av internettrafik som kommer in i och ut ur din nätverksavslutningsenhet (dvs. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). -A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. +En VPN kan hjälpa dig eftersom den kan flytta förtroendet till en server någon annanstans i världen. ISP: n ser då bara att du är ansluten till en VPN och ingenting om den aktivitet som du skickar in i den. -## Should I use a VPN? +## Ska jag använda en VPN? -**Yes**, unless you are already using Tor. A VPN does two things: shifting the risks from your Internet Service Provider to itself and hiding your IP from a third-party service. +**Ja**, om du inte redan använder Tor. En VPN gör två saker: den flyttar riskerna från din Internetleverantör till sig själv och döljer din IP för en tredjepartstjänst. -VPNs cannot encrypt data outside of the connection between your device and the VPN server. VPN providers can see and modify your traffic the same way your ISP could. And there is no way to verify a VPN provider's "no logging" policies in any way. +VPN-tjänster kan inte kryptera data utanför anslutningen mellan din enhet och VPN-servern. VPN-leverantörer kan se och ändra din trafik på samma sätt som din internetleverantör. Och det finns inget sätt att verifiera en VPN-leverantörs policy om "ingen loggning" på något sätt. -However, they do hide your actual IP from a third-party service, provided that there are no IP leaks. They help you blend in with others and mitigate IP based tracking. +De döljer dock din faktiska IP-adress för en tredjepartstjänst, förutsatt att det inte finns några IP-läckor. De hjälper dig att smälta in bland andra och minskar IP-baserad spårning. -## When shouldn't I use a VPN? +## När ska jag inte använda en VPN? -Using a VPN in cases where you're using your [known identity](common-threats.md#common-misconceptions) is unlikely be useful. +Att använda en VPN i fall där du använder din [kända identitet](common-threats.md#common-misconceptions) är sannolikt inte användbart. -Doing so may trigger spam and fraud detection systems, such as if you were to log into your bank's website. +Om du gör det kan det utlösa system för att upptäcka skräppost och bedrägerier, till exempel om du skulle logga in på din banks webbplats. -## What about encryption? +## Hur är det med kryptering? -Encryption offered by VPN providers are between your devices and their servers. It guarantees that this specific link is secure. This is a step up from using unencrypted proxies where an adversary on the network can intercept the communications between your devices and said proxies and modify them. However, encryption between your apps or browsers with the service providers are not handled by this encryption. +Den kryptering som erbjuds av VPN-leverantörer sker mellan dina enheter och deras servrar. Det garanterar att den specifika länken är säker. Detta är ett steg upp från att använda okrypterade proxies där en motståndare i nätverket kan avlyssna kommunikationen mellan dina enheter och proxies och ändra den. Kryptering mellan dina appar eller webbläsare och tjänsteleverantörerna hanteras dock inte av denna kryptering. -In order to keep what you actually do on the websites you visit private and secure, you must use HTTPS. This will keep your passwords, session tokens, and queries safe from the VPN provider. Consider enabling "HTTPS everywhere" in your browser to mitigate downgrade attacks like [SSL Strip](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf). +För att det du gör på de webbplatser du besöker ska vara privat och säkert måste du använda HTTPS. Detta kommer att hålla dina lösenord, sessionstoken och frågor säkra från VPN-leverantören. Överväg att aktivera "HTTPS everywhere" i webbläsaren för att förhindra nedgraderingsattacker som [SSL Strip](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf). -## Should I use encrypted DNS with a VPN? +## Ska jag använda krypterad DNS med en VPN? -Unless your VPN provider hosts the encrypted DNS servers, **no**. Using DOH/DOT (or any other form of encrypted DNS) with third-party servers will simply add more entities to trust and does **absolutely nothing** to improve your privacy/security. Your VPN provider can still see which websites you visit based on the IP addresses and other methods. Instead of just trusting your VPN provider, you are now trusting both the VPN provider and the DNS provider. +Om inte din VPN-leverantör är värd för de krypterade DNS-servrarna finns **ingen**. Att använda DOH/DOT (eller någon annan form av krypterad DNS) med servrar från tredje part innebär helt enkelt att fler enheter måste lita på och gör **absolut ingenting** för att förbättra din integritet/säkerhet. Din VPN-leverantör kan fortfarande se vilka webbplatser du besöker baserat på IP-adresser och andra metoder. I stället för att bara lita på din VPN-leverantör litar du nu på både VPN-leverantören och DNSleverantören. -A common reason to recommend encrypted DNS is that it helps against DNS spoofing. However, your browser should already be checking for [TLS certificates](https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates) with **HTTPS** and warn you about it. If you are not using **HTTPS**, then an adversary can still just modify anything other than your DNS queries and the end result will be little different. +Ett vanligt skäl att rekommendera krypterad DNS är att det hjälper mot DNS-spoofing. Din webbläsare bör dock redan kontrollera om [TLS-certifikat](https://en.wikipedia.org/wiki/Transport_Layer_Security#Digital_certificates) med **HTTPS** och varna dig för det. Om du inte använder **HTTPS**kan en motståndare fortfarande ändra allt annat än dina DNS-frågor och slutresultatet blir inte mycket annorlunda. -Needless to say, **you shouldn't use encrypted DNS with Tor**. This would direct all of your DNS requests through a single circuit and would allow the encrypted DNS provider to deanonymize you. +Självfallet bör du **inte använda krypterad DNS med Tor**. Detta skulle leda alla dina DNS-förfrågningar genom en enda krets och göra det möjligt för den krypterade DNS-leverantören att avanonymisera dig. -## Should I use Tor *and* a VPN? +## Ska jag använda Tor *och* en VPN? -By using a VPN with Tor, you're creating essentially a permanent entry node, often with a money trail attached. This provides zero additional benefits to you, while increasing the attack surface of your connection dramatically. If you wish to hide your Tor usage from your ISP or your government, Tor has a built-in solution for that: Tor bridges. [Read more about Tor bridges and why using a VPN is not necessary](../advanced/tor-overview.md). +Genom att använda en VPN med Tor skapar du i princip en permanent ingångsnod, ofta med en pengastig kopplad till den. Detta ger inga ytterligare fördelar för dig, samtidigt som angreppsytan för din anslutning ökar dramatiskt. Om du vill dölja din användning av Tor för din internetleverantör eller din regering har Tor en inbyggd lösning för detta: Tor bridges. [Läs mer om Tor bridges och varför det inte är nödvändigt att använda en VPN](../advanced/tor-overview.md). -## What if I need anonymity? +## Vad händer om jag behöver anonymitet? -VPNs cannot provide anonymity. Your VPN provider will still see your real IP address, and often has a money trail that can be linked directly back to you. You cannot rely on "no logging" policies to protect your data. Use [Tor](https://www.torproject.org/) instead. +VPN-tjänster kan inte ge anonymitet. Din VPN-leverantör ser fortfarande din riktiga IP-adress och har ofta ett pengaspår som kan kopplas direkt till dig. Du kan inte förlita dig på att policyer för "ingen loggning" skyddar dina uppgifter. Använd istället [Tor](https://www.torproject.org/). -## What about VPN providers that provide Tor nodes? +## Hur är det med VPN-leverantörer som tillhandahåller Tor-noder? -Do not use that feature. The point of using Tor is that you do not trust your VPN provider. Currently Tor only supports the [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) protocol. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (used in [WebRTC](https://en.wikipedia.org/wiki/WebRTC) for voice and video sharing, the new [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) protocol, etc), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) and other packets will be dropped. To compensate for this, VPN providers typically will route all non-TCP packets through their VPN server (your first hop). This is the case with [ProtonVPN](https://protonvpn.com/support/tor-vpn/). Additionally, when using this Tor over VPN setup, you do not have control over other important Tor features such as [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (using a different Tor circuit for every domain you visit). +Använd inte den här funktionen. Poängen med att använda Tor är att du inte litar på din VPN-leverantör. För närvarande stöder Tor endast [TCP](https://en.wikipedia.org/wiki/Transmission_Control_Protocol) -protokollet. [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) (används i [WebRTC](https://en.wikipedia.org/wiki/WebRTC) för röst- och videodelning, det nya [HTTP3/QUIC](https://en.wikipedia.org/wiki/HTTP/3) -protokollet etc.), [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) och andra paket kommer att tappas. För att kompensera för detta dirigerar VPN-leverantörer vanligtvis alla paket som inte är TCP-paket genom sin VPN-server (ditt första hopp). Detta är fallet med [ProtonVPN](https://protonvpn.com/support/tor-vpn/). När du använder denna Tor-över-VPN-inställning har du inte heller kontroll över andra viktiga Tor-funktioner, t.ex. [Isolated Destination Address](https://www.whonix.org/wiki/Stream_Isolation) (använder en annan Tor-krets för varje domän du besöker). -The feature should be viewed as a convenient way to access the Tor Network, not to stay anonymous. For proper anonymity, use the Tor Browser, TorSocks, or a Tor gateway. +Funktionen bör ses som ett bekvämt sätt att komma åt Tor-nätverket, inte att vara anonym. För riktig anonymitet ska du använda Tor Browser, TorSocks eller en Tor-gateway. -## When are VPNs useful? +## När är VPN-tjänster användbara? -A VPN may still be useful to you in a variety of scenarios, such as: +En VPN kan fortfarande vara användbar för dig i en rad olika situationer, till exempel: -1. Hiding your traffic from **only** your Internet Service Provider. -1. Hiding your downloads (such as torrents) from your ISP and anti-piracy organizations. -1. Hiding your IP from third-party websites and services, preventing IP based tracking. +1. Om du döljer din trafik från **kan du bara** din Internetleverantör. +1. Dölja dina nedladdningar (t. ex. torrents) för din internetleverantör och organisationer som bekämpar piratkopiering. +1. Dölja din IP-adress från webbplatser och tjänster från tredje part och förhindra IP-baserad spårning. -For situations like these, or if you have another compelling reason, the VPN providers we listed above are who we think are the most trustworthy. However, using a VPN provider still means you're *trusting* the provider. In pretty much any other scenario you should be using a secure**-by-design** tool such as Tor. +I sådana situationer, eller om du har en annan övertygande anledning, är de VPN-leverantörer som vi listat ovan de som vi anser vara mest pålitliga. Att använda en VPN-leverantör innebär dock fortfarande att du *litar på* leverantören. I nästan alla andra situationer bör du använda ett säkert**-by-design** verktyg som Tor. -## Sources and Further Reading +## Källor och vidare läsning -1. [VPN - a Very Precarious Narrative](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) by Dennis Schubert -1. [Tor Network Overview](../advanced/tor-overview.md) -1. [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides) -1. ["Do I need a VPN?"](https://www.doineedavpn.com), a tool developed by IVPN to challenge aggressive VPN marketing by helping individuals decide if a VPN is right for them. +1. [VPN - en mycket osäker berättelse](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) av Dennis Schubert +1. [Översikt över Tor-nätverket](../advanced/tor-overview.md) +1. [IVPN sekretessguider](https://www.ivpn.net/privacy-guides) +1. ["Behöver jag en VPN?"](https://www.doineedavpn.com), ett verktyg som utvecklats av IVPN för att utmana aggressiv VPN-marknadsföring genom att hjälpa enskilda personer att avgöra om en VPN är rätt för dem. -## Related VPN Information +## Relevant information -- [The Trouble with VPN and Privacy Review Sites](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/) -- [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) -- [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) -- [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.sv.txt" +- [Problemet med VPN- och integritetsgranskningswebbplatser](https://blog.privacyguides.org/2019/11/20/the-trouble-with-vpn-and-privacy-review-sites/) +- [Undersökning av gratis VPN-app](https://www.top10vpn.com/free-vpn-app-investigation/) +- [Dolda VPN-ägare avslöjas: 101 VPN-produkter som drivs av endast 23 företag](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) +- [Det här kinesiska företaget ligger i hemlighet bakom 24 populära appar som kräver farliga behörigheter](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) diff --git a/i18n/sv/calendar.md b/i18n/sv/calendar.md index 2b6b77f1..da7f6ca7 100644 --- a/i18n/sv/calendar.md +++ b/i18n/sv/calendar.md @@ -1,6 +1,7 @@ --- -title: "Calendar Sync" +title: "Kalendersynkronisering" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -50,22 +51,20 @@ Calendars contain some of your most sensitive data; use products that implement - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.calendar) - [:octicons-browser-16: Web](https://calendar.proton.me) -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Minimum Qualifications +### Minimikrav - Must sync and store information with E2EE to ensure data is not visible to the service provider. -### Best-Case +### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/cloud.md b/i18n/sv/cloud.md index 8fc5e00f..c1456903 100644 --- a/i18n/sv/cloud.md +++ b/i18n/sv/cloud.md @@ -1,62 +1,60 @@ --- -title: "Cloud Storage" +title: "Molnlagring" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- -Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. +Många molnlagringsleverantörer kräver ditt fulla förtroende för att de inte kommer att titta på dina filer. Alternativen nedan eliminerar behovet av förtroende genom att antingen ge dig kontroll över dina data eller genom att implementera E2EE. -If these alternatives do not fit your needs, we suggest you look into [Encryption Software](encryption.md). +Om dessa alternativ inte passar dina behov föreslår vi att du tittar på [Encryption Software](encryption.md). -??? question "Looking for Nextcloud?" +??? fråga "Letar du efter Nextcloud?" - Nextcloud is [still a recommended tool](productivity.md) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do not recommend Nextcloud's built-in E2EE functionality for home users. + Nextcloud är [fortfarande ett rekommenderat verktyg](productivity.md) för att själv hosta en filhanteringssvit, men vi rekommenderar inte tredjepartsleverantörer av Nextcloud-lagring för tillfället, eftersom vi inte rekommenderar Nextclouds inbyggda E2EE-funktionalitet för hemanvändare. ## Proton Drive !!! recommendation - ![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right } + ![Proton Drive-logotyp](assets/img/cloud/protondrive.svg){ align=right } - **Proton Drive** is an E2EE general file storage service by the popular encrypted email provider [Proton Mail](https://proton.me/mail). + **Proton Drive** är en E2EE-tjänst för allmän fillagring från den populära leverantören av krypterad e-post [Proton Mail] (https://proton.me/mail). - [:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary } - [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://proton.me/support/drive){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://proton.me/support/drive/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Minimum Requirements +### Minimikrav -- Must enforce end-to-end encryption. -- Must offer a free plan or trial period for testing. -- Must support TOTP or FIDO2 multi-factor authentication, or Passkey logins. -- Must offer a web interface which supports basic file management functionality. -- Must allow for easy exports of all files/documents. -- Must use standard, audited encryption. +- Måste genomdriva end-to-end-kryptering. +- Måste erbjuda en gratis plan eller provperiod för testning. +- Måste stödja TOTP- eller FIDO2-multifaktorautentisering eller inloggning med lösenord. +- Måste erbjuda ett webbgränssnitt som stöder grundläggande filhanteringsfunktioner. +- Måste möjliggöra enkel export av alla filer/dokument. +- Måste använda standard, granskad kryptering. -### Best-Case +### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. -- Clients should be open-source. -- Clients should be audited in their entirety by an independent third-party. -- Should offer native clients for Linux, Android, Windows, macOS, and iOS. - - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. -- Should support easy file-sharing with other users. -- Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.sv.txt" +- Klienterna bör ha öppen källkod. +- Klienterna bör granskas i sin helhet av en oberoende tredje part. +- De bör erbjuda inhemska klienter för Linux, Android, Windows, macOS och iOS. + - Dessa klienter bör integreras med operativsystemets verktyg för leverantörer av molnlagring, t. ex. integrering av Files-appen i iOS eller DocumentsProvider-funktionen i Android. +- Det bör vara enkelt att dela filer med andra användare. +- Bör erbjuda åtminstone grundläggande funktioner för förhandsgranskning och redigering av filer i webbgränssnittet. diff --git a/i18n/sv/cryptocurrency.md b/i18n/sv/cryptocurrency.md new file mode 100644 index 00000000..25efd838 --- /dev/null +++ b/i18n/sv/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! fara + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Kriterier + +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. + +!!! exempel "Det här avsnittet är nytt" + + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/sv/data-redaction.md b/i18n/sv/data-redaction.md index 54972d37..40f4450e 100644 --- a/i18n/sv/data-redaction.md +++ b/i18n/sv/data-redaction.md @@ -1,34 +1,35 @@ --- -title: "Data and Metadata Redaction" +title: "Redigering av data och metadata" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- -When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. +När du delar filer ska du se till att ta bort tillhörande metadata. Bildfiler innehåller vanligtvis [Exif](https://en.wikipedia.org/wiki/Exif) data. Foton innehåller ibland även GPS-koordinater i filmetadata. -## Desktop +## Skrivbord ### MAT2 !!! recommendation - ![MAT2 logo](assets/img/data-redaction/mat2.svg){ align=right } + ![MAT2-logotyp](assets/img/data-redaction/mat2.svg){ align=right } - **MAT2** is free software, which allows the metadata to be removed from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an [extension for Nautilus](https://0xacab.org/jvoisin/mat2/-/tree/master/nautilus), the default file manager of [GNOME](https://www.gnome.org), and [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin), the default file manager of [KDE](https://kde.org). + **MAT2** är en gratis programvara som gör det möjligt att ta bort metadata från bild-, ljud-, torrent- och dokumentfiler. Den tillhandahåller både ett kommandoradsverktyg och ett grafiskt användargränssnitt via ett [tillägg för Nautilus] (https://0xacab.org/jvoisin/mat2/-/tree/master/nautilus), standardfilhanteraren för [GNOME](https://www.gnome.org), och [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin), standardfilhanteraren för [KDE](https://kde.org). - On Linux, a third-party graphical tool [Metadata Cleaner](https://gitlab.com/rmnvgr/metadata-cleaner) powered by MAT2 exists and is [available on Flathub](https://flathub.org/apps/details/fr.romainvigier.MetadataCleaner). + På Linux finns ett grafiskt verktyg från tredje part [Metadata Cleaner] (https://gitlab.com/rmnvgr/metadata-cleaner) som drivs av MAT2 och är [tillgängligt på Flathub] (https://flathub.org/apps/details/fr.romainvigier.MetadataCleaner). [:octicons-repo-16: Repository](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary } [:octicons-info-16:](https://0xacab.org/jvoisin/mat2/-/blob/master/README.md){ .card-link title=Documentation} [:octicons-code-16:](https://0xacab.org/jvoisin/mat2){ .card-link title="Source Code" } - ??? downloads + ??? nedladdningar - [:simple-windows11: Windows](https://pypi.org/project/mat2) - [:simple-apple: macOS](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew) - [:simple-linux: Linux](https://pypi.org/project/mat2) - [:octicons-globe-16: Web](https://0xacab.org/jvoisin/mat2#web-interface) -## Mobile +## Mobil ### ExifEraser (Android) @@ -36,48 +37,48 @@ When sharing files, be sure to remove associated metadata. Image files commonly ![ExifEraser logo](assets/img/data-redaction/exiferaser.svg){ align=right } - **ExifEraser** is a modern, permissionless image metadata erasing application for Android. + **ExifEraser** är ett modernt program för radering av bildmetadata för Android, utan behörighet. - It currently supports JPEG, PNG and WebP files. + För närvarande stöds JPEG-, PNG- och WebP-filer. - [:octicons-repo-16: Repository](https://github.com/Tommy-Geenexus/exif-eraser){ .md-button .md-button--primary } - [:octicons-info-16:](https://github.com/Tommy-Geenexus/exif-eraser#readme){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/Tommy-Geenexus/exif-eraser){ .card-link title="Source Code" } + [:octicons-repo-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" } + [:octicons-code-16:](https://github.com/Tommy-Geenexus/exif-eraser){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.none.tom.exiferaser) - [:octicons-moon-16: Accrescent](https://accrescent.app/app/com.none.tom.exiferaser) - [:simple-github: GitHub](https://github.com/Tommy-Geenexus/exif-eraser/releases) -The metadata that is erased depends on the image's file type: +Vilka metadata som raderas beror på bildens filtyp: -* **JPEG**: ICC Profile, Exif, Photoshop Image Resources and XMP/ExtendedXMP metadata will be erased if it exists. -* **PNG**: ICC Profile, Exif and XMP metadata will be erased if it exists. -* **WebP**: ICC Profile, Exif and XMP metadata will be erased if it exists. +* **JPEG**: ICC-profil, Exif, Photoshop Image Resources och XMP/ExtendedXMP-metadata raderas om de finns. +* **PNG**: ICC-profil, Exif- och XMP-metadata raderas om de finns. +* **PNG**: ICC-profil, Exif- och XMP-metadata raderas om de finns. -After processing the images, ExifEraser provides you with a full report about what exactly was removed from each image. +Efter att ha behandlat bilderna ger ExifEraser dig en fullständig rapport om exakt vad som togs bort från varje bild. -The app offers multiple ways to erase metadata from images. Namely: +Appen erbjuder flera sätt att radera metadata från bilder. Namn: -* You can share an image from another application with ExifEraser. -* Through the app itself, you can select a single image, multiple images at once, or even an entire directory. -* It features a "Camera" option, which uses your operating system's camera app to take a photo, and then it removes the metadata from it. -* It allows you to drag photos from another app into ExifEraser when they are both open in split-screen mode. -* Lastly, it allows you to paste an image from your clipboard. +* Du kan dela en bild från ett annat program med ExifEraser. +* I appen kan du välja en enda bild, flera bilder samtidigt eller till och med en hel katalog. +* Den har ett "kamera"-alternativ som använder operativsystemets kameraapp för att ta ett foto och sedan tar bort metadata från det. +* Du kan dra foton från en annan app till ExifEraser när båda är öppna i delad skärm. +* Slutligen kan du klistra in en bild från klippbordet. ### Metapho (iOS) !!! recommendation - ![Metapho logo](assets/img/data-redaction/metapho.jpg){ align=right } + ![Metapho logotyp](assets/img/data-redaction/metapho.jpg){ align=right } - **Metapho** is a simple and clean viewer for photo metadata such as date, file name, size, camera model, shutter speed, and location. + **Metapho** är en enkel och ren visare för fotometadata som datum, filnamn, storlek, kameramodell, slutartid och plats. [:octicons-home-16: Homepage](https://zininworks.com/metapho){ .md-button .md-button--primary } - [:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Privacy Policy" } + [:octicons-eye-16:](https://zininworks.com/privacy/){ .card-link title="Sekretesspolicy" } - ??? downloads + ??? nedladdningar - [:simple-appstore: App Store](https://apps.apple.com/us/app/metapho/id914457352) @@ -85,25 +86,25 @@ The app offers multiple ways to erase metadata from images. Namely: !!! recommendation - ![PrivacyBlur logo](assets/img/data-redaction/privacyblur.svg){ align=right } + ![PrivacyBlur-logotyp](assets/img/data-redaction/privacyblur.svg){ align=right } - **PrivacyBlur** is a free app which can blur sensitive portions of pictures before sharing them online. + **PrivacyBlur** är en gratis app som kan sudda ut känsliga delar av bilder innan de delas på nätet. - [:octicons-home-16: Homepage](https://privacyblur.app/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://privacyblur.app/privacy.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/MATHEMA-GmbH/privacyblur#readme/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/MATHEMA-GmbH/privacyblur){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=de.mathema.privacyblur) - [:simple-appstore: App Store](https://apps.apple.com/us/app/privacyblur/id1536274106) -!!! warning +!!! varning - You should **never** use blur to redact [text in images](https://bishopfox.com/blog/unredacter-tool-never-pixelation). If you want to redact text in an image, draw a box over the text. For this, we suggest apps like [Pocket Paint](https://github.com/Catrobat/Paintroid). + Du bör **aldrig** använda oskärpa för att redigera [text i bilder] (https://bishopfox.com/blog/unredacter-tool-never-pixelation). Om du vill redigera text i en bild ritar du en ruta över texten. För detta föreslår vi appar som [Pocket Paint] (https://github.com/Catrobat/Paintroid). -## Command-line +## Kommandorad ### ExifTool @@ -111,36 +112,32 @@ The app offers multiple ways to erase metadata from images. Namely: ![ExifTool logo](assets/img/data-redaction/exiftool.png){ align=right } - **ExifTool** is the original perl library and command-line application for reading, writing, and editing meta information (Exif, IPTC, XMP, and more) in a wide variety of file formats (JPEG, TIFF, PNG, PDF, RAW, and more). + **ExifTool** är det ursprungliga perl-biblioteket och kommandoradstillämpningen för att läsa, skriva och redigera metainformation (Exif, IPTC, XMP med mera) i en mängd olika filformat (JPEG, TIFF, PNG, PDF, RAW med mera). - It's often a component of other Exif removal applications and is in most Linux distribution repositories. + Det är ofta en del av andra program för att ta bort Exif-filer och finns i de flesta Linuxdistributioners arkiv. - [:octicons-home-16: Homepage](https://exiftool.org){ .md-button .md-button--primary } - [:octicons-info-16:](https://exiftool.org/faq.html){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/exiftool/exiftool){ .card-link title="Source Code" } - [:octicons-heart-16:](https://exiftool.org/#donate){ .card-link title=Contribute } - - ??? downloads + [:octicons-heart-16:](https://exiftool.org/#donate){ .card-link title=Contribute??? nedladdningar - [:simple-windows11: Windows](https://exiftool.org) - [:simple-apple: macOS](https://exiftool.org) - [:simple-linux: Linux](https://exiftool.org) -!!! example "Deleting data from a directory of files" +!!! exempel "Radera data från en katalog med filer" ```bash exiftool -all= *.file_extension ``` -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -- Apps developed for open-source operating systems must be open-source. -- Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.sv.txt" +- Appar som utvecklas för operativsystem med öppen källkod måste vara med öppen källkod. +- Apparna måste vara gratis och får inte innehålla annonser eller andra begränsningar. diff --git a/i18n/sv/desktop-browsers.md b/i18n/sv/desktop-browsers.md index 56f3b0cc..38492bd1 100644 --- a/i18n/sv/desktop-browsers.md +++ b/i18n/sv/desktop-browsers.md @@ -1,9 +1,10 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- -These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. +These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. Om du vill surfa anonymt på internet bör du använda [Tor](tor.md) i stället. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. ## Firefox @@ -29,9 +30,9 @@ These are our currently recommended desktop web browsers and configurations for !!! warning Firefox includes a unique [download token](https://bugzilla.mozilla.org/show_bug.cgi?id=1677497#c0) in downloads from Mozilla's website and uses telemetry in Firefox to send the token. The token is **not** included in releases from the [Mozilla FTP](https://ftp.mozilla.org/pub/firefox/releases/). -### Recommended Configuration +### Rekommenderad konfiguration -Tor Browser is the only way to truly browse the internet anonymously. When you use Firefox, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. +Tor Browser är det enda sättet att verkligen surfa anonymt på internet. When you use Firefox, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. These options can be found in :material-menu: → **Settings** → **Privacy & Security**. @@ -90,17 +91,16 @@ The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of ca ![Brave logo](assets/img/browsers/brave.svg){ align=right } - **Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features/), many of which are enabled by default. + **Brave Browser** innehåller en inbyggd innehållsblockerare och [integritetsfunktioner] (https://brave.com/privacy-features/), varav många är aktiverade som standard. - Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues. + Brave bygger på webbläsarprojektet Chromium, så den bör kännas bekant och ha minimala problem med webbkompatibilitet. - [:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary } - [:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads annotate + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://lbry.com/faq/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/lbryio/lbry-desktop){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? downloads annotate - [:simple-github: GitHub](https://github.com/brave/brave-browser/releases) - [:simple-windows11: Windows](https://brave.com/download/) @@ -109,36 +109,36 @@ The [Arkenfox project](https://github.com/arkenfox/user.js) provides a set of ca 1. We advise against using the Flatpak version of Brave, as it replaces Chromium's sandbox with Flatpak's, which is less effective. Additionally, the package is not maintained by Brave Software, Inc. -### Recommended Configuration +### Rekommenderad konfiguration -Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. +Tor Browser är det enda sättet att verkligen surfa anonymt på internet. När du använder Brave rekommenderar vi att du ändrar följande inställningar för att skydda din integritet från vissa parter, men alla andra webbläsare än [Tor Browser](tor.md#tor-browser) kommer att kunna spåras av *någon* i något avseende. These options can be found in :material-menu: → **Settings**. -##### Shields +##### Sköldar -Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) feature. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit. +Brave har några åtgärder mot fingeravtryck i sin funktion [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-). Vi föreslår att du konfigurerar dessa alternativ [globalt](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) på alla sidor som du besöker. -Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following: +Shields alternativ kan nedgraderas vid behov för varje enskild plats, men som standard rekommenderar vi att du ställer in följande:
    - [x] Select **Prevent sites from fingerprinting me based on my language preferences** - [x] Select **Aggressive** under Trackers & ads blocking - ??? warning "Use default filter lists" - Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use. + ??? varning "Use default filter lists" + Brave låter dig välja ytterligare innehållsfilter på den interna sidan `brave://adblock`. Vi avråder från att använda den här funktionen; behåll istället standardfilterlistorna. Om du använder extra listor sticker du ut från andra Brave-användare och kan också öka angreppsytan om det finns en exploit i Brave och en skadlig regel läggs till i en av de listor du använder. - [x] (Optional) Select **Block Scripts** (1) - [x] Select **Strict, may break sites** under Block fingerprinting
    -1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension. +1. Det här alternativet ger funktioner som liknar uBlock Origin avancerade blockeringslägen för [](https://github.com/gorhill/uBlock/wiki/Blocking-mode) eller tillägget [NoScript](https://noscript.net/). ##### Social media blocking -- [ ] Uncheck all social media components +- [ ] Avmarkera alla komponenter för sociala medier ##### Privacy and security @@ -170,7 +170,7 @@ Disable built-in extensions you do not use in **Extensions** ##### IPFS -InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it. +InterPlanetary File System (IPFS) är ett decentraliserat peer-to-peer-nätverk för lagring och delning av data i ett distribuerat filsystem. Om du inte använder funktionen, inaktivera den. - [x] Select **Disabled** on Method to resolve IPFS resources @@ -188,9 +188,9 @@ Under the *System* menu ### Brave Sync -[Brave Sync](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE. +[Brave Sync](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) gör det möjligt att få tillgång till dina webbläsardata (historik, bokmärken osv.) på alla dina enheter utan att du behöver ett konto och skyddar dem med E2EE. -## Additional Resources +## Ytterligare resurser We generally do not recommend installing any extensions as they increase your attack surface. However, uBlock Origin may prove useful if you value content blocking functionality. @@ -222,27 +222,27 @@ These are some other [filter lists](https://github.com/gorhill/uBlock/wiki/Dashb - [x] Check **Privacy** > **AdGuard URL Tracking Protection** - Add [Actually Legitimate URL Shortener Tool](https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt) -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Minimum Requirements +### Minimikrav -- Must be open-source software. +- Måste vara programvara med öppen källkod. - Supports automatic updates. - Receives engine updates in 0-1 days from upstream release. - Available on Linux, macOS, and Windows. -- Any changes required to make the browser more privacy-respecting should not negatively impact user experience. +- Eventuella ändringar som krävs för att göra webbläsaren mer integritetsvänlig bör inte påverka användarupplevelsen negativt. - Blocks third-party cookies by default. - Supports [state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning) to mitigate cross-site tracking.[^1] -### Best-Case +### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. - Includes built-in content blocking functionality. - Supports cookie compartmentalization (à la [Multi-Account Containers](https://support.mozilla.org/en-US/kb/containers)). @@ -253,11 +253,9 @@ Our best-case criteria represents what we would like to see from the perfect pro - Provides open-source sync server implementation. - Defaults to a [private search engine](search-engines.md). -### Extension Criteria +### Kriterier för förlängning -- Must not replicate built-in browser or OS functionality. -- Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.sv.txt" +- Får inte replikera inbyggda webbläsar- eller OS-funktioner. +- Måste direkt påverka användarens integritet, det vill säga får inte bara ge information. [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/sv/desktop.md b/i18n/sv/desktop.md index 7361cc69..265ab503 100644 --- a/i18n/sv/desktop.md +++ b/i18n/sv/desktop.md @@ -1,6 +1,7 @@ --- -title: "Desktop/PC" +title: "Skrivbord" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -164,13 +165,13 @@ Qubes OS is a Xen-based operating system meant to provide strong security for de The Qubes OS operating system secures the computer by isolating subsystems (e.g., networking, USB, etc.) and applications in separate VMs. Should one part of the system be compromised, the extra isolation is likely to protect the rest of the system. For further details see the Qubes [FAQ](https://www.qubes-os.org/faq/). -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. Our recommended operating systems: @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/dns.md b/i18n/sv/dns.md index ae3b912c..01ba9e71 100644 --- a/i18n/sv/dns.md +++ b/i18n/sv/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -20,13 +19,13 @@ icon: material/dns | [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
    DoH/3
    DoT | Optional[^5] | Optional | Based on server choice. | | [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
    DoH
    DoT
    DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. | -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. - Must support [DNSSEC](advanced/dns-overview.md#what-is-dnssec). - [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization). @@ -53,7 +52,7 @@ Apple does not provide a native interface for creating encrypted DNS profiles. [ `systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. -## Encrypted DNS Proxies +## Krypterade DNS-proxyservrar Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns). @@ -97,7 +96,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad - [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS) - [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux) -## Self-hosted Solutions +## Egenstyrda lösningar A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed. @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.sv.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/sv/email-clients.md b/i18n/sv/email-clients.md index c6469a70..cae032da 100644 --- a/i18n/sv/email-clients.md +++ b/i18n/sv/email-clients.md @@ -1,6 +1,7 @@ --- -title: "Email Clients" +title: "E-postklienter" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -35,7 +36,7 @@ Our recommendation list contains email clients that support both [OpenPGP](encry - [:simple-linux: Linux](https://www.thunderbird.net) - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.mozilla.Thunderbird) -#### Recommended Configuration +#### Rekommenderad konfiguration We recommend changing some of these settings to make Thunderbird a little more private. @@ -86,7 +87,7 @@ These options can be found in :material-menu: → **Settings** → **Privacy & S - [:simple-appstore: App Store](https://apps.apple.com/app/id1236045954) - [:simple-windows11: Windows](https://canarymail.io/downloads.html) -!!! warning +!!! varning Canary Mail only recently released a Windows and Android client, though we don't believe they are as stable as their iOS and Mac counterparts. @@ -150,7 +151,7 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.fsck.k9) - [:simple-github: GitHub](https://github.com/k9mail/k-9/releases) -!!! warning +!!! varning When replying to someone on a mailing list the "reply" option may also include the mailing list. For more information see [thundernest/k-9 #3738](https://github.com/thundernest/k-9/issues/3738). @@ -212,28 +213,26 @@ Canary Mail is closed-source. We recommend it due to the few choices there are f - [:simple-apple: macOS](https://neomutt.org/distro) - [:simple-linux: Linux](https://neomutt.org/distro) -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Minimum Qualifications +### Minimikrav -- Apps developed for open-source operating systems must be open-source. +- Appar som utvecklas för operativsystem med öppen källkod måste vara med öppen källkod. - Must not collect telemetry, or have an easy way to disable all telemetry. - Must support OpenPGP message encryption. -### Best-Case +### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. - Should be open-source. - Should be cross-platform. - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/email.md b/i18n/sv/email.md index 1977815d..2333d74a 100644 --- a/i18n/sv/email.md +++ b/i18n/sv/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,11 +10,23 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. -!!! warning +
    + +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
    + +!!! varning When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about [email metadata](basics/email-security.md#email-metadata-overview). @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
    + +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
    ### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. -## Email Aliasing Services +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. + +## E-postaliaseringstjänster An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
    + +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
    + Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -340,7 +367,7 @@ Notable free features: - [x] Unlimited Replies - [x] 1 Recipient Mailbox -## Self-Hosting Email +## Självhanterande e-post Advanced system administrators may consider setting up their own email server. Mail servers require attention and continuous maintenance in order to keep things secure and mail delivery reliable. @@ -372,7 +399,7 @@ For a more manual approach we've picked out these two articles: - [Setting up a mail server with OpenSMTPD, Dovecot and Rspamd](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/) (2019) - [How To Run Your Own Mail Server](https://www.c0ffee.net/blog/mail-server-guide/) (August 2017) -## Criteria +## Kriterier **Please note we are not affiliated with any of the providers we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements for any Email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an Email provider, and conduct your own research to ensure the Email provider you choose is the right choice for you. @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/encryption.md b/i18n/sv/encryption.md index 5019a63c..38e6c936 100644 --- a/i18n/sv/encryption.md +++ b/i18n/sv/encryption.md @@ -1,6 +1,7 @@ --- title: "Programvara för kryptering" icon: material/file-lock +description: Kryptering av data är det enda sättet att kontrollera vem som har tillgång till dem. These tools allow you to encrypt your emails and any other files. --- Kryptering av data är det enda sättet att kontrollera vem som har tillgång till dem. Om du för närvarande inte använder krypteringsprogram för din hårddisk, e-post eller filer bör du välja ett alternativ här. @@ -66,66 +67,64 @@ I Cryptomators dokumentation beskrivs närmare det avsedda [säkerhetsmålet](ht **VeraCrypt** är ett källkod-tillgängligt freeware-verktyg som används för on-the-fly kryptering. Det kan skapa en virtuell krypterad disk i en fil, kryptera en partition eller kryptera hela lagringsenheten med autentisering före start. - [:octicons-home-16: Homepage](https://veracrypt.fr){ .md-button .md-button--primary } - [:octicons-info-16:](https://veracrypt.fr/en/Documentation.html){ .card-link title=Documentation} - [:octicons-code-16:](https://veracrypt.fr/code/){ .card-link title="Source Code" } - [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute } - - ??? downloads + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} + [:octicons-code-16:](https://veracrypt.fr/code){ .card-link title="Source Code" } + [:octicons-heart-16:](https://veracrypt.fr/en/Donation.html){ .card-link title=Contribute??? nedladdningar - [:simple-windows11: Windows](https://www.veracrypt.fr/en/Downloads.html) - [:simple-apple: macOS](https://www.veracrypt.fr/en/Downloads.html) - [:simple-linux: Linux](https://www.veracrypt.fr/en/Downloads.html) -VeraCrypt is a fork of the discontinued TrueCrypt project. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed. +VeraCrypt är en gaffel i det nedlagda TrueCrypt-projektet. Enligt utvecklarna har säkerhetsförbättringar genomförts och problem som togs upp vid den första TrueCrypt-kodgranskningen har åtgärdats. -When encrypting with VeraCrypt, you have the option to select from different [hash functions](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). We suggest you **only** select [SHA-512](https://en.wikipedia.org/wiki/SHA-512) and stick to the [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) block cipher. +När du krypterar med VeraCrypt kan du välja mellan olika hashfunktioner [](https://en.wikipedia.org/wiki/VeraCrypt#Encryption_scheme). Vi föreslår att du **endast** väljer [SHA-512](https://en.wikipedia.org/wiki/SHA-512) och håller dig till [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) blockchiffer. -Truecrypt has been [audited a number of times](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), and VeraCrypt has also been [audited separately](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit). +Truecrypt har granskats [ett antal gånger](https://en.wikipedia.org/wiki/TrueCrypt#Security_audits), och VeraCrypt har också granskats [separat](https://en.wikipedia.org/wiki/VeraCrypt#VeraCrypt_audit). -## OS Full Disk Encryption +## Fullständig diskkryptering -Modern operating systems include [FDE](https://en.wikipedia.org/wiki/Disk_encryption) and will have a [secure cryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor). +Moderna operativsystem inkluderar [FDE](https://en.wikipedia.org/wiki/Disk_encryption) och har en [säker kryptoprocessor](https://en.wikipedia.org/wiki/Secure_cryptoprocessor). ### BitLocker !!! recommendation - ![BitLocker logo](assets/img/encryption-software/bitlocker.png){ align=right } + ![BitLocker-logotyp](assets/img/encryption-software/bitlocker.png){ align=right } - **BitLocker** is the full volume encryption solution bundled with Microsoft Windows. The main reason we recommend it is because of its [use of TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [ElcomSoft](https://en.wikipedia.org/wiki/ElcomSoft), a forensics company, has written about it in [Understanding BitLocker TPM Protection](https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/). + **BitLocker** är den lösning för fullständig volymkryptering som ingår i Microsoft Windows. Den främsta anledningen till att vi rekommenderar den är att den [använder TPM] (https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). [ElcomSoft](https://en.wikipedia.org/wiki/ElcomSoft), ett företag som arbetar med kriminalteknik, har skrivit om det i [Understanding BitLocker TPM Protection] (https://blog.elcomsoft.com/2021/01/understanding-BitLocker-tpm-protection/). [:octicons-info-16:](https://docs.microsoft.com/en-us/windows/security/information-protection/BitLocker/BitLocker-overview){ .card-link title=Documentation} -BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) on Pro, Enterprise and Education editions of Windows. It can be enabled on Home editions provided that they meet the prerequisites. +BitLocker stöds endast av [](https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) i Windows utgåvorna Pro, Enterprise och Education. Den kan aktiveras i Home-utgåvorna om de uppfyller förutsättningarna. -??? example "Enabling BitLocker on Windows Home" +??? exempel "Aktivering av BitLocker på Windows Home" - To enable BitLocker on "Home" editions of Windows, you must have partitions formatted with a [GUID Partition Table](https://en.wikipedia.org/wiki/GUID_Partition_Table) and have a dedicated TPM (v1.2, 2.0+) module. + För att aktivera BitLocker i Windows Home-utgåvor måste du ha partitioner som är formaterade med en [GUID Partition Table] (https://en.wikipedia.org/wiki/GUID_Partition_Table) och ha en dedikerad TPM-modul (v1.2, 2.0+). - 1. Open a command prompt and check your drive's partition table format with the following command. You should see "**GPT**" listed under "Partition Style": + 1. Öppna en kommandotolk och kontrollera enhetens partitionstabellformat med följande kommando. Du bör se "**GPT**" listad under "Partition Style": ``` powershell Get-Disk ``` - 2. Run this command (in an admin command prompt) to check your TPM version. You should see `2.0` or `1.2` listed next to `SpecVersion`: + 2. Kör det här kommandot (i en administratörskommandotolk) för att kontrollera din TPM-version. Du bör se `2.0` eller `1.2` bredvid `SpecVersion`: ``` powershell Get-WmiObject -Namespace "root/cimv2/security/microsofttpm" -Class WIN32_tpm ``` - 3. Access [Advanced Startup Options](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). You need to reboot while pressing the F8 key before Windows starts and go into the *command prompt* in **Troubleshoot** → **Advanced Options** → **Command Prompt**. + 3. Access [Avancerade startalternativ](https://support.microsoft.com/en-us/windows/advanced-startup-options-including-safe-mode-b90e7808-80b5-a291-d4b8-1a1af602b617). Du måste starta om och samtidigt trycka på F8-tangenten innan Windows startar och gå in i kommandotolken ** i **Felsökning** → **Avancerade alternativ** → **Kommandotolk**. - 4. Login with your admin account and type this in the command prompt to start encryption: + 4. Logga in med ditt administratörskonto och skriv detta i kommandotolken för att starta kryptering: ``` manage-bde -on c: -used ``` - 5. Close the command prompt and continue booting to regular Windows. + 5. Stäng kommandotolken och fortsätt att starta upp till vanligt Windows. - 6. Open an admin command prompt and run the following commands: + 6. Öppna en administratörskommandotolk och kör följande kommandon: ``` manage-bde c: -protectors -add -rp -tpm @@ -133,35 +132,35 @@ BitLocker is [only supported](https://support.microsoft.com/en-us/windows/turn-o manage-bde -protectors -get c: > %UserProfile%\Desktop\BitLocker-Recovery-Key.txt ``` - !!! tip + !!! tips - Backup `BitLocker-Recovery-Key.txt` on your Desktop to a separate storage device. Loss of this recovery code may result in loss of data. + Säkerhetskopiera `BitLocker-Recovery-Key.txt` på skrivbordet till en separat lagringsenhet. Förlust av denna återställningskod kan leda till förlust av data. ### FileVault !!! recommendation - ![FileVault logo](assets/img/encryption-software/filevault.png){ align=right } + ![FileVaults logotyp](assets/img/encryption-software/filevault.png){ align=right } - **FileVault** is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) hardware security capabilities present on an Apple silicon SoC or T2 Security Chip. + **FileVault** är en lösning för volymkryptering i farten som är inbyggd i macOS. FileVault rekommenderas eftersom det finns [leverages](https://support.apple.com/guide/security/volume-encryption-with-filevault-sec4c6dc1b6e/web) maskinvarusäkerhetsfunktioner på ett Apple Silicon SoC- eller T2-säkerhetschip. [:octicons-info-16:](https://support.apple.com/guide/mac-help/encrypt-mac-data-with-filevault-mh11785/mac){ .card-link title=Documentation} -We recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery. +Vi rekommenderar att du lagrar en lokal återställningsnyckel på en säker plats i stället för att använda ditt iCloud-konto för återställning. ### Linux Unified Key Setup !!! recommendation - ![LUKS logo](assets/img/encryption-software/luks.png){ align=right } + ![LUKS-logotyp](assets/img/encryption-software/luks.png){ align=right } - **LUKS** is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers. + **LUKS** är standardmetoden för FDE för Linux. Den kan användas för att kryptera hela volymer, partitioner eller skapa krypterade behållare. - [:octicons-home-16: Homepage](https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/README.md){ .md-button .md-button--primary } - [:octicons-info-16:](https://gitlab.com/cryptsetup/cryptsetup/-/wikis/home){ .card-link title=Documentation} - [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup/){ .card-link title="Source Code" } + [:octicons-home-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary } + [:octicons-info-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" } + [:octicons-code-16:](https://gitlab.com/cryptsetup/cryptsetup){ .card-link title=Contribute } -??? example "Creating and opening encrypted containers" +??? exempel "Skapa och öppna krypterade behållare" ``` dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress @@ -169,59 +168,59 @@ We recommend storing a local recovery key in a secure place as opposed to using ``` - #### Opening encrypted containers - We recommend opening containers and volumes with `udisksctl` as this uses [Polkit](https://en.wikipedia.org/wiki/Polkit). Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like [udiskie](https://github.com/coldfix/udiskie) can run in the system tray and provide a helpful user interface. + #### Öppna krypterade behållare + Vi rekommenderar att du öppnar behållare och volymer med `udisksctl` eftersom detta använder [Polkit](https://en.wikipedia.org/wiki/Polkit). De flesta filhanterare, t. ex. de som ingår i populära skrivbordsmiljöer, kan låsa upp krypterade filer. Verktyg som [udiskie](https://github.com/coldfix/udiskie) kan köras i systemfältet och ge ett användbart användargränssnitt. ``` udisksctl loop-setup -f /path-to-file - udisksctl unlock -b /dev/loop0 + udisksctl låsa upp -b /dev/loop0 ``` -!!! note "Remember to back up volume headers" +!!! note "Kom ihåg att säkerhetskopiera volymrubriker" - We recommend you always [back up your LUKS headers](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) in case of partial drive failure. This can be done with: + Vi rekommenderar att du alltid [säkerhetskopierar dina LUKS-rubriker] (https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Backup_and_restore) om en del av enheten skulle gå sönder. Detta kan göras genom att: ``` cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img ``` -## Browser-based +## Webbläsarbaserad -Browser-based encryption can be useful when you need to encrypt a file but cannot install software or apps on your device. +Webbläsarbaserad kryptering kan vara användbar när du behöver kryptera en fil men inte kan installera programvara eller appar på enheten. ### hat.sh !!! recommendation - ![hat.sh logo](assets/img/encryption-software/hat-sh.png#only-light){ align=right } - ![hat.sh logo](assets/img/encryption-software/hat-sh-dark.png#only-dark){ align=right } + ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ align=right } + ![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ align=right } - **Hat.sh** is a web application that provides secure client-side file encryption in your browser. It can also be self-hosted and is useful if you need to encrypt a file but cannot install any software on your device due to organizational policies. + **VeraCrypt** är ett källkod-tillgängligt freeware-verktyg som används för on-the-fly kryptering. Det kan också vara värd för sig själv och är användbart om du behöver kryptera en fil men inte kan installera någon programvara på din enhet på grund av organisationspolicyer. - [:octicons-globe-16: Website](https://hat.sh){ .md-button .md-button--primary } - [:octicons-eye-16:](https://hat.sh/about/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://hat.sh/about/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/sh-dv/hat.sh){ .card-link title="Source Code" } - [:octicons-heart-16:](https://github.com/sh-dv/hat.sh#donations){ .card-link title="Donations methods can be found at the bottom of the website" } + [:octicons-globe-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://hat.sh/about/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/sh-dv/hat.sh){ .card-link title="Källkod" } + [:octicons-heart-16:](https://github.com/sh-dv/hat.sh#donations/){ .card-link title=Contribute" } -## Command-line +## Kommandorad -Tools with command-line interfaces are useful for integrating [shell scripts](https://en.wikipedia.org/wiki/Shell_script). +Verktyg med kommandoradsgränssnitt är användbara för att integrera [skalskript](https://en.wikipedia.org/wiki/Shell_script). ### Kryptor !!! recommendation - ![Kryptor logo](assets/img/encryption-software/kryptor.png){ align=right } + ![Kryptor-logotyp](assets/img/encryption-software/kryptor.png){ align=right } - **Kryptor** is a free and open-source file encryption and signing tool that makes use of modern and secure cryptographic algorithms. It aims to be a better version of [age](https://github.com/FiloSottile/age) and [Minisign](https://jedisct1.github.io/minisign/) to provide a simple, easier alternative to GPG. + ** Kryptor** är ett gratis och öppet källkodsverktyg för filkryptering och signering som använder moderna och säkra kryptografiska algoritmer. Det syftar till att vara en bättre version av [age](https://github.com/FiloSottile/age) och [Minisign](https://jedisct1.github.io/minisign/) för att ge ett enkelt, enklare alternativ till GPG. - [:octicons-home-16: Homepage](https://www.kryptor.co.uk){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.kryptor.co.uk/features#privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://www.kryptor.co.uk/tutorial){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Source Code" } - [:octicons-heart-16:](https://www.kryptor.co.uk/#donate){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://www.kryptor.co.uk/tutorial/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/samuel-lucas6/Kryptor){ .card-link title="Källkod" } + [:octicons-heart-16:](https://www.kryptor.co.uk/#donate/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-windows11: Windows](https://www.kryptor.co.uk) - [:simple-apple: macOS](https://www.kryptor.co.uk) @@ -231,24 +230,24 @@ Tools with command-line interfaces are useful for integrating [shell scripts](ht !!! recommendation - ![Tomb logo](assets/img/encryption-software/tomb.png){ align=right } + ![Tomb-logotyp](assets/img/encryption-software/tomb.png){ align=right } - **Tomb** is a command-line shell wrapper for LUKS. It supports steganography via [third-party tools](https://github.com/dyne/Tomb#how-does-it-work). + * * Tomb * * är ett kommandoradsskal för LUKS. Den stöder steganografi via [verktyg från tredje part] (https://github.com/dyne/Tomb#how-does-it-work). - [:octicons-home-16: Homepage](https://www.dyne.org/software/tomb){ .md-button .md-button--primary } - [:octicons-info-16:](https://github.com/dyne/Tomb/wiki){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/dyne/Tomb){ .card-link title="Source Code" } [:octicons-heart-16:](https://www.dyne.org/donate){ .card-link title=Contribute } ## OpenPGP -OpenPGP is sometimes needed for specific tasks such as digitally signing and encrypting email. PGP has many features and is [complex](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) as it has been around a long time. For tasks such as signing or encrypting files, we suggest the above options. +OpenPGP behövs ibland för specifika uppgifter som digital signering och kryptering av e-post. PGP har många funktioner och är [komplext](https://latacora.micro.blog/2019/07/16/the-pgp-problem.html) eftersom det har funnits länge. För uppgifter som signering eller kryptering av filer föreslår vi ovanstående alternativ. -When encrypting with PGP, you have the option to configure different options in your `gpg.conf` file. We recommend staying with the standard options specified in the [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf). +Vid kryptering med PGP har du möjlighet att konfigurera olika alternativ i din `gpg.conf` -fil. Vi rekommenderar att du använder de standardalternativ som anges i [GnuPG user FAQ](https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf). -!!! tip "Use future defaults when generating a key" +!!! tips "Använd framtida standardvärden när du skapar en nyckel" - When [generating keys](https://www.gnupg.org/gph/en/manual/c14.html) we suggest using the `future-default` command as this will instruct GnuPG use modern cryptography such as [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) and [Ed25519](https://ed25519.cr.yp.to/): + När du [genererar nycklar] (https://www.gnupg.org/gph/en/manual/c14.html) föreslår vi att du använder kommandot `future-default`, eftersom detta kommer att instruera GnuPG att använda modern kryptografi som [Curve25519](https://en.wikipedia.org/wiki/Curve25519#History) och [Ed25519](https://ed25519.cr.yp.to/): ```bash gpg --quick-gen-key alice@example.com future-default @@ -258,100 +257,98 @@ When encrypting with PGP, you have the option to configure different options in !!! recommendation - ![GNU Privacy Guard logo](assets/img/encryption-software/gnupg.svg){ align=right } + ![GNU Privacy Guard-logotypen](assets/img/encryption-software/gnupg.svg){ align=right } - **GnuPG** is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with [RFC 4880](https://tools.ietf.org/html/rfc4880), which is the current IETF specification of OpenPGP. The GnuPG project has been working on an [updated draft](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) from the German government. + **GnuPG * * är ett GPL-licensierat alternativ till PGP-paketet med kryptografisk programvara. GnuPG är kompatibel med [RFC 4880](https://tools.ietf.org/html/rfc4880), som är den aktuella IETF-specifikationen för OpenPGP. GnuPG-projektet har arbetat med ett [uppdaterat utkast](https://datatracker.ietf.org/doc/draft-ietf-openpgp-crypto-refresh/) i ett försök att modernisera OpenPGP. GnuPG är en del av Free Software Foundations GNU-programvaruprojekt och har fått stora [funding](https://gnupg.org/blog/20220102-a-new-future-for-gnupg.html) från den tyska regeringen. - [:octicons-home-16: Homepage](https://gnupg.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://gnupg.org/privacy-policy.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://gnupg.org/documentation/index.html){ .card-link title=Documentation} - [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) - - [:simple-windows11: Windows](https://gpg4win.org/download.html) - - [:simple-apple: macOS](https://gpgtools.org) - - [:simple-linux: Linux](https://gnupg.org/download/index.html#binary) + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://gnupg.org/documentation/index.html/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) - [:simple-windows11: App Store](download.html) + - [:simple-apple: Android]() + - [:simple-linux: Windows]() + - [ macOS]() + - [ Linux]() + - [ Flathub) ### GPG4win !!! recommendation - ![GPG4win logo](assets/img/encryption-software/gpg4win.svg){ align=right } + ![GPG4win-logotyp](assets/img/enkrypteringsprogram/gpg4win.svg){ align=right } - **GPG4win** is a package for Windows from [Intevation and g10 Code](https://gpg4win.org/impressum.html). It includes [various tools](https://gpg4win.org/about.html) that can assist you in using GPG on Microsoft Windows. The project was initiated and originally [funded by](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Germany's Federal Office for Information Security (BSI) in 2005. + **GPG4win** är ett paket för Windows från [Intevation and g10 Code] (https://gpg4win.org/impressum.html). Den innehåller [olika verktyg] (https://gpg4win.org/about.html) som kan hjälpa dig att använda GPG i Microsoft Windows. Projektet initierades och finansierades ursprungligen [av](https://web.archive.org/web/20190425125223/https://joinup.ec.europa.eu/news/government-used-cryptography) Tysklands federala kontor för informationssäkerhet (BSI) 2005. - [:octicons-home-16: Homepage](https://gpg4win.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://gpg4win.org/privacy-policy.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://gpg4win.org/documentation.html){ .card-link title=Documentation} - [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Source Code" } - [:octicons-heart-16:](https://gpg4win.org/donate.html){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](documentation.html/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=summary){ .card-link title="Källkod" } + [:octicons-heart-16:](donate.html/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-windows11: Windows](https://gpg4win.org/download.html) ### GPG Suite -!!! note +!!! anmärkning - We suggest [Canary Mail](email-clients.md#canary-mail) for using PGP with email on iOS devices. + Vi rekommenderar [Canary Mail](email-clients.md#canary-mail) för att använda PGP med e-post på iOS-enheter. !!! recommendation ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ align=right } - **GPG Suite** provides OpenPGP support for [Apple Mail](email-clients.md#apple-mail) and macOS. + **GPG Suite** ger OpenPGP-stöd för [Apple Mail](email-clients.md#apple-mail) och macOS. - We recommend taking a look at their [First steps](https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) and [Knowledge base](https://gpgtools.tenderapp.com/kb) for support. + Vi rekommenderar att du tar en titt på deras [First steps] (https://gpgtools.tenderapp.com/kb/how-to/first-steps-where-do-i-start-where-do-i-begin-setup-gpgtools-create-a-new-key-your-first-encrypted-email) och [Knowledge base] (https://gpgtools.tenderapp.com/kb) för stöd. - [:octicons-home-16: Homepage](https://gpgtools.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://gpgtools.org/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://gpgtools.tenderapp.com/kb){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://gpgtools.tenderapp.com/kb/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/GPGTools){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - - [:simple-apple: macOS](https://gpgtools.org) + - [:simple-apple: Flathub](https://gpgtools.org) ### OpenKeychain !!! recommendation - ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ align=right } + ![OpenKeychain-logotyp](assets/img/encryption-software/openkeychain.svg){ align=right } - **OpenKeychain** is an Android implementation of GnuPG. It's commonly required by mail clients such as [K-9 Mail](email-clients.md#k-9-mail) and [FairEmail](email-clients.md#fairemail) and other Android apps to provide encryption support. Cure53 completed a [security audit](https://www.openkeychain.org/openkeychain-3-6) of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015). + **OpenKeychain** är en Android-implementering av GnuPG. Det krävs vanligtvis av e-postklienter som [K-9 Mail](email-clients.md#k-9-mail) och [FairEmail](email-clients.md#fairemail) och andra Android-appar för att ge krypteringsstöd. Cure53 genomförde en [säkerhetsrevision] (https://www.openkeychain.org/openkeychain-3-6) av OpenKeychain 3.6 i oktober 2015. Tekniska detaljer om granskningen och OpenKeychains lösningar finns på [here](https://github.com/open-keychain/open-keychain/wiki/cure53-Security-Audit-2015). - [:octicons-home-16: Homepage](https://www.openkeychain.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.openkeychain.org/help/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://www.openkeychain.org/faq/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/open-keychain/open-keychain){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) + - [:simple-googleplay: Google Play] (https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Minimum Qualifications +### Minimikrav - Cross-platform encryption apps must be open-source. - File encryption apps must support decryption on Linux, macOS, and Windows. - External disk encryption apps must support decryption on Linux, macOS, and Windows. - Internal (OS) disk encryption apps must be cross-platform or built in to the operating system natively. -### Best-Case +### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/file-sharing.md b/i18n/sv/file-sharing.md index a61427d1..34218aa3 100644 --- a/i18n/sv/file-sharing.md +++ b/i18n/sv/file-sharing.md @@ -1,27 +1,28 @@ --- -title: "File Sharing and Sync" +title: "Fildelning och synkronisering" icon: material/share-variant +description: Upptäck hur du kan dela dina filer privat mellan dina enheter, med vänner och familj eller anonymt på nätet. --- -Discover how to privately share your files between your devices, with your friends and family, or anonymously online. +Upptäck hur du kan dela dina filer privat mellan dina enheter, med vänner och familj eller anonymt på nätet. -## File Sharing +## Fildelningsprogram -### Send +### Skicka !!! recommendation ![Send logo](assets/img/file-sharing-sync/send.svg){ align=right } - **Send** is a fork of Mozilla’s discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a [public instance](https://send.vis.ee/). You can use other public instances, or you can host Send yourself. + **Send** är en förgrening av Mozillas nedlagda Firefox Send-tjänst som låter dig skicka filer till andra med en länk. Filerna krypteras på din enhet så att de inte kan läsas av servern, och de kan också skyddas med lösenord. Den som upprätthåller Send är värd för en [offentlig instans] (https://send.vis.ee/). Du kan använda andra offentliga instanser, eller du kan vara värd för Skicka själv. - [:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary } - [:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"} - [:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" } - [:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-server-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/timvisee/send#readme/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Källkod" } + [:octicons-heart-16:](https://github.com/sponsors/timvisee/){ .card-link title=Contribute } -Send can be used via its web interface or via the [ffsend](https://github.com/timvisee/ffsend) CLI. If you are familiar with the command-line and send files frequently, we recommend using the CLI client to avoid JavaScript-based encryption. You can specify the `--host` flag to use a specific server: +Send kan användas via webbgränssnittet eller via [ffsend](https://github.com/timvisee/ffsend) CLI. Om du känner till kommandoraden och skickar filer ofta rekommenderar vi att du använder CLI-klienten för att undvika JavaScript-baserad kryptering. Du kan ange flaggan `- värd` för att använda en specifik server: ```bash ffsend upload --host https://send.vis.ee/ FILE @@ -31,63 +32,63 @@ ffsend upload --host https://send.vis.ee/ FILE !!! recommendation - ![OnionShare logo](assets/img/file-sharing-sync/onionshare.svg){ align=right } + ![OnionShare-logotyp](assets/img/file-sharing-sync/onionshare.svg){ align=right } - **OnionShare** is an open-source tool that lets you securely and anonymously share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files. + **OnionShare** är ett verktyg med öppen källkod som låter dig dela en fil av valfri storlek på ett säkert och anonymt sätt. Det fungerar genom att starta en webbserver som är tillgänglig som en Tor onion-tjänst, med en oigenkännlig URL som du kan dela med mottagarna för att ladda ner eller skicka filer. - [:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary } - [:simple-torbrowser:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title="Onion Service" } - [:octicons-info-16:](https://docs.onionshare.org){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:simple-torbrowser:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.onionshare.org/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-windows11: Windows](https://onionshare.org/#download) - [:simple-apple: macOS](https://onionshare.org/#download) - [:simple-linux: Linux](https://onionshare.org/#download) -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -- Must not store decrypted data on a remote server. -- Must be open-source software. -- Must either have clients for Linux, macOS, and Windows; or have a web interface. +- Får inte lagra dekrypterade data på en fjärrserver. +- Måste vara programvara med öppen källkod. +- Måste antingen ha klienter för Linux, macOS och Windows eller ha ett webbgränssnitt. ## FreedomBox !!! recommendation - ![FreedomBox logo](assets/img/file-sharing-sync/freedombox.svg){ align=right } + ![FreedomBox-logotyp](assets/img/file-sharing-sync/freedombox.svg){ align=right } - **FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to self-host. + **FreedomBox** är ett operativsystem som är utformat för att köras på en [single-board computer (SBC)] (https://en.wikipedia.org/wiki/Single-board_computer). Syftet är att göra det enkelt att konfigurera serverprogram som du kanske vill vara värd för själv. - [:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary } - [:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" } - [:octicons-heart-16:](https://freedomboxfoundation.org/donate/){ .card-link title=Contribute } + [:octicons-heart-16:](https://freedomboxfoundation.org/donate){ .card-link title=Contribute } -## File Sync +## Filsynkronisering -### Nextcloud (Client-Server) +### Nextcloud (klient-server) !!! recommendation - ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ align=right } + ![Nextcloud-logotyp](assets/img/productivity/nextcloud.svg){ align=right } - **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. + **Nextcloud** är en svit med gratis klient-serverprogramvara med öppen källkod för att skapa egna filhostingtjänster på en privat server som du kontrollerar. - [:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Källkod" } [:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client) - [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102) @@ -97,24 +98,22 @@ ffsend upload --host https://send.vis.ee/ FILE - [:simple-linux: Linux](https://nextcloud.com/install/#install-clients) - [:simple-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud) -!!! danger +!!! fara - We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. + Vi rekommenderar inte att du använder [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) för Nextcloud eftersom det kan leda till dataförluster; det är mycket experimentellt och inte av produktionskvalitet. -### Syncthing (P2P) +### Synkronisering (P2P) !!! recommendation - ![Syncthing logo](assets/img/file-sharing-sync/syncthing.svg){ align=right } + ![Synkronisera logotyp](assets/img/file-sharing-sync/syncthing.svg){ align=right } - **Syncthing** is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html#bep-v1) to transfer data between devices. All data is encrypted using TLS. + **Syncthing** är ett verktyg för kontinuerlig filsynkronisering med öppen källkod. Det används för att synkronisera filer mellan två eller flera enheter över det lokala nätverket eller internet. Synkronisering använder inte en centraliserad server; den använder [Block Exchange Protocol](https://docs.syncthing.net/specs/bep-v1.html #bep-v1) för att överföra data mellan enheter. All data krypteras med TLS. - [:octicons-home-16: Homepage](https://syncthing.net){ .md-button .md-button--primary } - [:octicons-info-16:](https://docs.syncthing.net){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/syncthing){ .card-link title="Source Code" } - [:octicons-heart-16:](https://syncthing.net/donations/){ .card-link title=Contribute } - - ??? downloads + [:octicons-heart-16:](https://syncthing.net/donations){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nutomic.syncthingandroid) - [:simple-windows11: Windows](https://syncthing.net/downloads/) @@ -124,25 +123,23 @@ ffsend upload --host https://send.vis.ee/ FILE - [:simple-openbsd: OpenBSD](https://syncthing.net/downloads/) - [:simple-netbsd: NetBSD](https://syncthing.net/downloads/) -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -#### Minimum Requirements +#### Minimikrav -- Must not require a third-party remote/cloud server. -- Must be open-source software. -- Must either have clients for Linux, macOS, and Windows; or have a web interface. +- Får inte kräva en fjärr-/molnserver från tredje part. +- Måste vara programvara med öppen källkod. +- Måste antingen ha klienter för Linux, macOS och Windows eller ha ett webbgränssnitt. -#### Best-Case +#### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. -- Has mobile clients for iOS and Android, which at least support document previews. -- Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.sv.txt" +- Har mobila klienter för iOS och Android, som åtminstone stöder förhandsgranskning av dokument. +- Stöder säkerhetskopiering av foton från iOS och Android, och stöder som tillval synkronisering av filer och mappar på Android. diff --git a/i18n/sv/financial-services.md b/i18n/sv/financial-services.md new file mode 100644 index 00000000..030c6f9a --- /dev/null +++ b/i18n/sv/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Kriterier + +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. + +!!! exempel "Det här avsnittet är nytt" + + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Kriterier + +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. + +!!! exempel "Det här avsnittet är nytt" + + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/sv/frontends.md b/i18n/sv/frontends.md index 3cab5e22..c8889a93 100644 --- a/i18n/sv/frontends.md +++ b/i18n/sv/frontends.md @@ -1,6 +1,7 @@ --- -title: "Frontends" +title: "Frontend" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -23,11 +24,11 @@ Sometimes services will try to force you to sign up for an account by blocking a [:octicons-info-16:](https://codeberg.org/librarian/librarian/wiki){ .card-link title=Documentation} [:octicons-code-16:](https://codeberg.org/librarian/librarian){ .card-link title="Source Code" } -!!! warning +!!! varning Librarian does not proxy video streams by default. Videos watched through Librarian will still make direct connections to Odysee's servers (e.g. `odycdn.com`); however, some instances may enable proxying which would be detailed in the instance's privacy policy. -!!! tip +!!! tips Librarian is useful if you want watch LBRY content on mobile without mandatory telemetry and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level. @@ -53,7 +54,7 @@ When you are using a Librarian instance, make sure to read the privacy policy of [:octicons-code-16:](https://github.com/zedeus/nitter){ .card-link title="Source Code" } [:octicons-heart-16:](https://github.com/zedeus/nitter#nitter){ .card-link title=Contribute } -!!! tip +!!! tips Nitter is useful if you want to browse Twitter content without having to log in and if you want to disable JavaScript in your browser, as is the case with [Tor Browser](https://www.torproject.org/) on the Safest security level. It also allows you to [create RSS feeds for Twitter](news-aggregators.md#twitter). @@ -78,7 +79,7 @@ When you are using a Nitter instance, make sure to read the privacy policy of th [:octicons-info-16:](https://github.com/pablouser1/ProxiTok/wiki){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/pablouser1/ProxiTok){ .card-link title="Source Code" } -!!! tip +!!! tips ProxiTok is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level. @@ -111,9 +112,9 @@ When you are using a ProxiTok instance, make sure to read the privacy policy of - [:simple-linux: Linux](https://freetubeapp.io/#download) - [:simple-flathub: Flathub](https://flathub.org/apps/details/io.freetubeapp.FreeTube) -!!! warning +!!! varning - When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + When using FreeTube, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Överväg att använda en [VPN](vpn.md) eller [Tor](https://www.torproject.org) om din [hotmodell](basics/threat-modelling.md) kräver att du döljer din IP-adress. ### Yattee @@ -136,9 +137,9 @@ When you are using a ProxiTok instance, make sure to read the privacy policy of - [:simple-apple: App Store](https://apps.apple.com/us/app/yattee/id1595136629) - [:simple-github: GitHub](https://github.com/yattee/yattee/releases) -!!! warning +!!! varning - When using Yattee, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + When using Yattee, your IP address may still be known to YouTube, [Invidious](https://instances.invidious.io), [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Överväg att använda en [VPN](vpn.md) eller [Tor](https://www.torproject.org) om din [hotmodell](basics/threat-modelling.md) kräver att du döljer din IP-adress. By default, Yattee blocks all YouTube advertisements. In addition, Yattee optionally integrates with [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. @@ -162,9 +163,9 @@ By default, Yattee blocks all YouTube advertisements. In addition, Yattee option - [:simple-github: GitHub](https://github.com/libre-tube/LibreTube/releases) -!!! warning +!!! varning - When using LibreTube, your IP address will be visible to the [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) instance you choose and/or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + When using LibreTube, your IP address will be visible to the [Piped](https://github.com/TeamPiped/Piped/wiki/Instances) instance you choose and/or [SponsorBlock](https://sponsor.ajay.app/) depending on your configuration. Överväg att använda en [VPN](vpn.md) eller [Tor](https://www.torproject.org) om din [hotmodell](basics/threat-modelling.md) kräver att du döljer din IP-adress. By default, LibreTube blocks all YouTube advertisements. Additionally, Libretube uses [SponsorBlock](https://sponsor.ajay.app) to help you skip sponsored video segments. You are able to fully configure the types of segments that SponsorBlock will skip, or disable it completely. There is also a button on the video player itself to disable it for a specific video if desired. @@ -192,7 +193,7 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, Libretube !!! Warning - When using NewPipe, your IP address will be visible to the video providers used. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + When using NewPipe, your IP address will be visible to the video providers used. Överväg att använda en [VPN](vpn.md) eller [Tor](https://www.torproject.org) om din [hotmodell](basics/threat-modelling.md) kräver att du döljer din IP-adress. ### Invidious @@ -211,11 +212,11 @@ By default, LibreTube blocks all YouTube advertisements. Additionally, Libretube [:octicons-code-16:](https://github.com/iv-org/invidious){ .card-link title="Source Code" } [:octicons-heart-16:](https://invidious.io/donate/){ .card-link title=Contribute } -!!! warning +!!! varning Invidious does not proxy video streams by default. Videos watched through Invidious will still make direct connections to Google's servers (e.g. `googlevideo.com`); however, some instances support video proxying—simply enable *Proxy videos* within the instances' settings or add `&local=true` to the URL. -!!! tip +!!! tips Invidious is useful if you want to disable JavaScript in your browser, such as [Tor Browser](https://www.torproject.org/) on the Safest security level. It does not provide privacy by itself, and we don’t recommend logging into any accounts. @@ -239,7 +240,7 @@ When you are using an Invidious instance, make sure to read the privacy policy o [:octicons-code-16:](https://github.com/TeamPiped/Piped){ .card-link title="Source Code" } [:octicons-heart-16:](https://github.com/TeamPiped/Piped#donations){ .card-link title=Contribute } -!!! tip +!!! tips Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) without installing an extension or to access age-restricted content without an account. It does not provide privacy by itself, and we don’t recommend logging into any accounts. @@ -247,22 +248,20 @@ When self-hosting, it is important that you have other people using your instanc When you are using a Piped instance, make sure to read the privacy policy of that specific instance. Piped instances can be modified by their owners and therefore may not reflect their associated privacy policy. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. Recommended frontends... -- Must be open-source software. +- Måste vara programvara med öppen källkod. - Must be self-hostable. - Must provide all basic website functionality available to anonymous users. We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/index.md b/i18n/sv/index.md index 7683d68e..a58d3bee 100644 --- a/i18n/sv/index.md +++ b/i18n/sv/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/kb-archive.md b/i18n/sv/kb-archive.md index 7faf93b6..92daee33 100644 --- a/i18n/sv/kb-archive.md +++ b/i18n/sv/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/meta/brand.md b/i18n/sv/meta/brand.md index 84007ff8..c65279f3 100644 --- a/i18n/sv/meta/brand.md +++ b/i18n/sv/meta/brand.md @@ -1,24 +1,22 @@ --- -title: Branding Guidelines +title: Riktlinjer för varumärket --- -The name of the website is **Privacy Guides** and should **not** be changed to: +Webbplatsen heter **Privacy Guides** och bör **inte** ändras till:
    - PrivacyGuides -- Privacy guides +- Sekretessguider - PG - PG.org
    -The name of the subreddit is **r/PrivacyGuides** or **the Privacy Guides Subreddit**. +Namnet på underreddit är **r/PrivacyGuides** eller **the Privacy Guides Subreddit**. -Additional branding guidelines can be found at [github.com/privacyguides/brand](https://github.com/privacyguides/brand) +Ytterligare riktlinjer för varumärket finns på [github.com/privacyguides/brand](https://github.com/privacyguides/brand) -## Trademark +## Varumärke -"Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. +"Privacy Guides" och sköldlogotypen är varumärken som ägs av Jonah Aragon, obegränsad användning är tillåten för Privacy Guides-projektet. -Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.sv.txt" +Utan att avstå från någon av sina rättigheter ger Privacy Guides inte råd till andra om omfattningen av sina immateriella rättigheter. Privacy Guides varken tillåter eller samtycker till att dess varumärken används på ett sätt som kan orsaka förvirring genom att antyda att de är associerade med eller sponsras av Privacy Guides. Om du känner till någon sådan användning, vänligen kontakta Jonah Aragon på jonah@privacyguides.org. Kontakta din juridiska rådgivare om du har frågor. diff --git a/i18n/sv/meta/git-recommendations.md b/i18n/sv/meta/git-recommendations.md index 95693241..f096a09c 100644 --- a/i18n/sv/meta/git-recommendations.md +++ b/i18n/sv/meta/git-recommendations.md @@ -1,10 +1,10 @@ --- -title: Git Recommendations +title: Git-rekommendationer --- -If you make changes to this website on GitHub.com's web editor directly, you shouldn't have to worry about this. If you are developing locally and/or are a long-term website editor (who should probably be developing locally!), consider these recommendations. +Om du gör ändringar på denna webbplats på GitHub.coms webbredigerare direkt, borde du inte behöva oroa dig för detta. Om du utvecklar lokalt och/eller är en långsiktig webbplatsredaktör (som förmodligen borde utveckla lokalt!), bör du överväga dessa rekommendationer. -## Enable SSH Key Commit Signing +## Aktivera signering av SSH-nyckeln för åtagande You can use an existing SSH key for signing, or [create a new one](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent). @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/meta/uploading-images.md b/i18n/sv/meta/uploading-images.md index 5c266c67..55f136f8 100644 --- a/i18n/sv/meta/uploading-images.md +++ b/i18n/sv/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/meta/writing-style.md b/i18n/sv/meta/writing-style.md index 44968302..b9e47a71 100644 --- a/i18n/sv/meta/writing-style.md +++ b/i18n/sv/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/mobile-browsers.md b/i18n/sv/mobile-browsers.md index 99cf8823..7d484b56 100644 --- a/i18n/sv/mobile-browsers.md +++ b/i18n/sv/mobile-browsers.md @@ -1,13 +1,14 @@ --- -title: "Mobile Browsers" +title: "Mobila webbläsare" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- -These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. +Detta är våra för närvarande rekommenderade mobila webbläsare och konfigurationer för standardiserad/icke-anonym surfning på internet. Om du vill surfa anonymt på internet bör du använda [Tor](tor.md) i stället. I allmänhet rekommenderar vi att du håller ett minimum av tillägg; de har privilegierad åtkomst i din webbläsare, kräver att du litar på utvecklaren, kan få dig [att sticka ut](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)och [försvagar](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) webbplatsens isolering. ## Android -On Android, Firefox is still less secure than Chromium-based alternatives: Mozilla's engine, [GeckoView](https://mozilla.github.io/geckoview/), has yet to support [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) or enable [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196). +På Android är Firefox fortfarande mindre säkert än Chromium-baserade alternativ: Mozillas motor, [GeckoView](https://mozilla.github.io/geckoview/), har ännu inte stöd för [site isolation](https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture) eller aktiverar [isolatedProcess](https://bugzilla.mozilla.org/show_bug.cgi?id=1565196). ### Brave @@ -15,137 +16,136 @@ On Android, Firefox is still less secure than Chromium-based alternatives: Mozil ![Brave logo](assets/img/browsers/brave.svg){ align=right } - **Brave Browser** includes a built-in content blocker and [privacy features](https://brave.com/privacy-features/), many of which are enabled by default. + **Brave Browser** innehåller en inbyggd innehållsblockerare och [integritetsfunktioner] (https://brave.com/privacy-features/), varav många är aktiverade som standard. - Brave is built upon the Chromium web browser project, so it should feel familiar and have minimal website compatibility issues. + Brave bygger på webbläsarprojektet Chromium, så den bör kännas bekant och ha minimala problem med webbkompatibilitet. - [:octicons-home-16: Homepage](https://brave.com/){ .md-button .md-button--primary } - [:simple-torbrowser:](https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://brave.com/privacy/browser/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://support.brave.com/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/brave/brave-browser){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads annotate + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://lbry.com/faq/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/lbryio/lbry-desktop){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.brave.browser) - - [:simple-github: GitHub](https://github.com/brave/brave-browser/releases) + - [:simple-github: App Store](https://github.com/brave/brave-browser/releases) -#### Recommended Configuration +#### Rekommenderad konfiguration -Tor Browser is the only way to truly browse the internet anonymously. When you use Brave, we recommend changing the following settings to protect your privacy from certain parties, but all browsers other than the [Tor Browser](tor.md#tor-browser) will be traceable by *somebody* in some regard or another. +Tor Browser är det enda sättet att verkligen surfa anonymt på internet. När du använder Brave rekommenderar vi att du ändrar följande inställningar för att skydda din integritet från vissa parter, men alla andra webbläsare än [Tor Browser](tor.md#tor-browser) kommer att kunna spåras av *någon* i något avseende. -These options can be found in :material-menu: → **Settings** → **Brave Shields & privacy** +Dessa alternativ finns i :material-menu: → **Inställningar** → **Modiga sköldar & sekretess** -##### Shields +##### Sköldar -Brave includes some anti-fingerprinting measures in its [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-) feature. We suggest configuring these options [globally](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) across all pages that you visit. +Brave har några åtgärder mot fingeravtryck i sin funktion [Shields](https://support.brave.com/hc/en-us/articles/360022973471-What-is-Shields-). Vi föreslår att du konfigurerar dessa alternativ [globalt](https://support.brave.com/hc/en-us/articles/360023646212-How-do-I-configure-global-and-site-specific-Shields-settings-) på alla sidor som du besöker. -##### Brave shields global defaults +##### Brave skyddar globala standardvärden -Shields' options can be downgraded on a per-site basis as needed, but by default we recommend setting the following: +Shields alternativ kan nedgraderas vid behov för varje enskild plats, men som standard rekommenderar vi att du ställer in följande:
    -- [x] Select **Aggressive** under Block trackers & ads +- [x] Välj **Aggressiv** under Blockera spårare och annonser - ??? warning "Use default filter lists" - Brave allows you to select additional content filters within the internal `brave://adblock` page. We advise against using this feature; instead, keep the default filter lists. Using extra lists will make you stand out from other Brave users and may also increase attack surface if there is an exploit in Brave and a malicious rule is added to one of the lists you use. +??? varning "Use default filter lists" + Brave låter dig välja ytterligare innehållsfilter på den interna sidan `brave://adblock`. Vi avråder från att använda den här funktionen; behåll istället standardfilterlistorna. Om du använder extra listor sticker du ut från andra Brave-användare och kan också öka angreppsytan om det finns en exploit i Brave och en skadlig regel läggs till i en av de listor du använder. -- [x] Select **Upgrade connections to HTTPS** -- [x] (Optional) Select **Block Scripts** (1) -- [x] Select **Strict, may break sites** under **Block fingerprinting** +- [x] Välj **Uppgradera anslutningar till HTTPS** +- [x] (valfritt) Välj **Blocka skript** (1) +- [x] Välj **Strikt, kan skada webbplatser** under **Blocka fingeravtryck**
    -1. This option provides functionality similar to uBlock Origin's advanced [blocking modes](https://github.com/gorhill/uBlock/wiki/Blocking-mode) or the [NoScript](https://noscript.net/) extension. +1. Det här alternativet ger funktioner som liknar uBlock Origin avancerade blockeringslägen för [](https://github.com/gorhill/uBlock/wiki/Blocking-mode) eller tillägget [NoScript](https://noscript.net/). -##### Clear browsing data +##### Rensa surfhistorik -- [x] Select **Clear data on exit** +- [x] Välj **Rensa uppgifter vid avslut** -##### Social Media Blocking +##### Blockering av sociala medier -- [ ] Uncheck all social media components +- [ ] Avmarkera alla komponenter för sociala medier -##### Other privacy settings +##### Andra sekretessinställningar
    -- [x] Select **Disable non-proxied UDP** under [WebRTC IP Handling Policy](https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc) -- [ ] Uncheck **Allow sites to check if you have payment methods saved** -- [ ] Uncheck **IPFS Gateway** (1) -- [x] Select **Close tabs on exit** -- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)** -- [ ] Uncheck **Automatically send diagnostic reports** -- [ ] Uncheck **Automatically send daily usage ping to Brave** +- [x] Välj **Disable non-proxied UDP** under [WebRTC IP Handling Policy] (https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings-#webrtc) +- [ ] Avmarkera **Allow sites to check if you have payment methods saved** +- [ ] Avmarkera **IPFS Gateway** (1) +- [ ] [x] Välj **Slut flikar vid avslut** +- [ ] Avmarkera **Allow privacy-preserving product analytics (P3A)** +- [ ] Avmarkera **Automatiskt skicka diagnostiska rapporter** +- [ ] Avmarkera **Automatiskt skicka daglig användningsping till Brave** -1. InterPlanetary File System (IPFS) is a decentralized, peer-to-peer network for storing and sharing data in a distributed filesystem. Unless you use the feature, disable it. +1. InterPlanetary File System (IPFS) är ett decentraliserat peer-to-peer-nätverk för lagring och delning av data i ett distribuerat filsystem. Om du inte använder funktionen, inaktivera den.
    #### Brave Sync -[Brave Sync](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) allows your browsing data (history, bookmarks, etc.) to be accessible on all your devices without requiring an account and protects it with E2EE. +[Brave Sync](https://support.brave.com/hc/en-us/articles/360059793111-Understanding-Brave-Sync) gör det möjligt att få tillgång till dina webbläsardata (historik, bokmärken osv.) på alla dina enheter utan att du behöver ett konto och skyddar dem med E2EE. ## iOS -On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so there is little reason to use a third-party web browser. +I iOS är alla appar som kan surfa på webben [](https://developer.apple.com/app-store/review/guidelines) begränsade till att använda Apples WebKit-ramverk [WebKit](https://developer.apple.com/documentation/webkit), så det finns få skäl att använda en tredjepartswebbläsare. ### Safari !!! recommendation - ![Safari logo](assets/img/browsers/safari.svg){ align=right } + ![Safari-logotyp](assets/img/browsers/safari.svg){ align=right } - **Safari** is the default browser in iOS. It includes [privacy features](https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) such as Intelligent Tracking Protection, Privacy Report, isolated Private Browsing tabs, iCloud Private Relay, and automatic HTTPS upgrades. + **Safari** är standardwebbläsaren i iOS. Den innehåller [integritetsfunktioner] (https://support.apple.com/guide/iphone/browse-the-web-privately-iphb01fc3c85/15.0/ios/15.0) som intelligent spårningsskydd, integritetsrapport, isolerade flikar för privat surfning, iCloud Private Relay och automatiska HTTPS-uppgraderingar. - [:octicons-home-16: Homepage](https://www.apple.com/safari/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.apple.com/legal/privacy/data/en/safari/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Documentation} + [:octicons-home-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" } + [:octicons-info-16:](https://support.apple.com/guide/safari/welcome/mac){ .card-link title=Contribute} -#### Recommended Configuration +#### Rekommenderad konfiguration -These options can be found in :gear: **Settings** → **Safari** → **Privacy and Security**. +Dessa alternativ finns i :gear: **Inställningar** → **Safari** → **Sekretess och säkerhet**. -##### Cross-Site Tracking Prevention +##### Förebyggande av spårning på olika webbplatser -- [x] Enable **Prevent Cross-Site Tracking** +- [x] Aktivera **Förhindra spårning på andra webbplatser** -This enables WebKit's [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). The feature helps protect against unwanted tracking by using on-device machine learning to stop trackers. ITP protects against many common threats, but it does not block all tracking avenues because it is designed to not interfere with website usability. +Detta aktiverar WebKits [Intelligent Tracking Protection](https://webkit.org/tracking-prevention/#intelligent-tracking-prevention-itp). Funktionen hjälper till att skydda mot oönskad spårning genom att använda maskininlärning på enheten för att stoppa spårare. ITP skyddar mot många vanliga hot, men blockerar inte alla spårningsvägar eftersom den är utformad för att inte störa användbarheten av webbplatser. -##### Privacy Report +##### Integritetsrapport -Privacy Report provides a snapshot of cross-site trackers currently prevented from profiling you on the website you're visiting. It can also display a weekly report to show which trackers have been blocked over time. +Privacy Report ger en ögonblicksbild av de spårare som för närvarande förhindras från att profilera dig på den webbplats du besöker. Den kan också visa en veckorapport som visar vilka spårare som har blockerats över tid. -Privacy Report is accessible via the Page Settings menu. +Rapporten om sekretess är tillgänglig via menyn Sidinställningar. -##### Privacy Preserving Ad Measurement +##### Sekretessbevarande annonsmätning -- [ ] Disable **Privacy Preserving Ad Measurement** +- [ ] Inaktivera **Integritetsbevarande annonsmätning** -Ad click measurement has traditionally used tracking technology that infringes on user privacy. [Private Click Measurement](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) is a WebKit feature and proposed web standard aimed towards allowing advertisers to measure the effectiveness of web campaigns without compromising on user privacy. +Vid mätning av annonsklick har man traditionellt använt spårningsteknik som inkräktar på användarnas integritet. [Privat klickmätning](https://webkit.org/blog/11529/introducing-private-click-measurement-pcm/) är en WebKit-funktion och föreslagen webbstandard som syftar till att göra det möjligt för annonsörer att mäta effektiviteten hos webbkampanjer utan att kompromissa med användarnas integritet. -The feature has little privacy concerns on its own, so while you can choose to leave it on, we consider the fact that it's automatically disabled in Private Browsing to be an indicator for disabling the feature. +Funktionen har i sig själv inga större problem med integriteten, så även om du kan välja att låta den vara aktiverad anser vi att det faktum att den automatiskt inaktiveras i privat surfning är en indikator för att inaktivera funktionen. -##### Always-on Private Browsing +##### Alltid privat surfning -Open Safari and tap the Tabs button, located in the bottom right. Then, expand the Tab Groups list. +Öppna Safari och tryck på knappen Flikar längst ner till höger. Expandera sedan listan Flikgrupper. -- [x] Select **Private** +- [x] Välj **Rensa uppgifter vid avslut** -Safari's Private Browsing mode offers additional privacy protections. Private Browsing uses a new [ephemeral](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) session for each tab, meaning tabs are isolated from one another. There are also other smaller privacy benefits with Private Browsing, such as not sending a webpage’s address to Apple when using Safari's translation feature. +Safaris läge för privat surfning ger ytterligare skydd för privatlivet. Privat surfning använder en ny [tillfällig](https://developer.apple.com/documentation/foundation/urlsessionconfiguration/1410529-ephemeral) -session för varje flik, vilket innebär att flikarna är isolerade från varandra. Det finns också andra mindre sekretessfördelar med privat surfning, till exempel att inte skicka en webbsidas adress till Apple när du använder Safaris översättningsfunktion. -Do note that Private Browsing does not save cookies and website data, so it won't be possible to remain signed into sites. This may be an inconvenience. +Observera att privat surfning inte sparar cookies och webbplatsdata, så det är inte möjligt att vara inloggad på webbplatser. Detta kan vara en olägenhet. -##### iCloud Sync +##### iCloud-synkronisering -Synchronization of Safari History, Tab Groups, iCloud Tabs and saved passwords are E2EE. However, by default, bookmarks are [not](https://support.apple.com/en-us/HT202303). Apple can decrypt and access them in accordance with their [privacy policy](https://www.apple.com/legal/privacy/en-ww/). +Synkronisering av Safari-historik, flikgrupper, iCloud-flikar och sparade lösenord är E2EE. Som standard är bokmärken dock [och inte](https://support.apple.com/en-us/HT202303). Apple kan dekryptera och komma åt dem i enlighet med sin sekretesspolicy för [](https://www.apple.com/legal/privacy/en-ww/). -You can enable E2EE for you Safari bookmarks and downloads by enabling [Advanced Data Protection](https://support.apple.com/en-us/HT212520). Go to your **Apple ID name → iCloud → Advanced Data Protection**. +Du kan aktivera E2EE för dig Safari-bokmärken och nedladdningar genom att aktivera [Avancerat dataskydd](https://support.apple.com/en-us/HT212520). Gå till ditt **Apple-ID-namn → iCloud → Avancerat dataskydd**. -- [x] Turn On **Advanced Data Protection** +- [x] Aktivera **Avancerat dataskydd** -If you use iCloud with Advanced Data Protection disabled, we also recommend checking to ensure Safari's default download location is set to locally on your device. This option can be found in :gear: **Settings** → **Safari** → **General** → **Downloads**. +Om du använder iCloud med avancerat dataskydd inaktiverat rekommenderar vi också att du kontrollerar att Safaris standardhämtningsplats är inställd på lokalt på din enhet. Detta alternativ finns i :gear: **Inställningar** → **Safari** → **Allmänt** → **Nedladdningar**. ### AdGuard @@ -153,41 +153,39 @@ If you use iCloud with Advanced Data Protection disabled, we also recommend chec ![AdGuard logo](assets/img/browsers/adguard.svg){ align=right } - **AdGuard for iOS** is a free and open-source content-blocking extension for Safari that uses the native [Content Blocker API](https://developer.apple.com/documentation/safariservices/creating_a_content_blocker). + **AdGuard för iOS** är ett gratis tillägg för innehållsspärrning för Safari med öppen källkod som använder det inhemska [Content Blocker API] (https://developer.apple.com/documentation/safariservices/creating_a_content_blocker). - AdGuard for iOS has some premium features; however, standard Safari content blocking is free of charge. + AdGuard för iOS har vissa premiumfunktioner, men standardblockeringen av innehåll i Safari är gratis. - [:octicons-home-16: Homepage](https://adguard.com/en/adguard-ios/overview.html){ .md-button .md-button--primary } - [:octicons-eye-16:](https://adguard.com/privacy/ios.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://kb.adguard.com/ios){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://kb.adguard.com/ios/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/AdguardTeam/AdguardForiOS){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1047223162) -Additional filter lists do slow things down and may increase your attack surface, so only apply what you need. +Ytterligare filterlistor saktar ner saker och kan öka din attackyta, så använd bara det du behöver. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Minimum Requirements +### Minimikrav -- Must support automatic updates. -- Must receive engine updates in 0-1 days from upstream release. -- Any changes required to make the browser more privacy-respecting should not negatively impact user experience. -- Android browsers must use the Chromium engine. - - Unfortunately, Mozilla GeckoView is still less secure than Chromium on Android. - - iOS browsers are limited to WebKit. +- Måste ha stöd för automatiska uppdateringar. +- Måste få motoruppdateringar inom 0-1 dagar från uppströmsutgåvan. +- Eventuella ändringar som krävs för att göra webbläsaren mer integritetsvänlig bör inte påverka användarupplevelsen negativt. +- Android webbläsare måste använda Chromium-motorn. + - Tyvärr är Mozilla GeckoView fortfarande mindre säkert än Chromium på Android. + - iOS-browsers är begränsade till WebKit. -### Extension Criteria +### Kriterier för förlängning -- Must not replicate built-in browser or OS functionality. -- Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.sv.txt" +- Får inte replikera inbyggda webbläsar- eller OS-funktioner. +- Måste direkt påverka användarens integritet, det vill säga får inte bara ge information. diff --git a/i18n/sv/multi-factor-authentication.md b/i18n/sv/multi-factor-authentication.md index 7fda25b9..b19930e5 100644 --- a/i18n/sv/multi-factor-authentication.md +++ b/i18n/sv/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -28,117 +29,115 @@ For models which support HOTP and TOTP, there are 2 slots in the OTP interface w !!! warning The firmware of YubiKey is not open-source and is not updatable. If you want features in newer firmware versions, or if there is a vulnerability in the firmware version you are using, you would need to purchase a new key. -### Nitrokey / Librem Key +### Nitrokey /Librem-nyckel !!! recommendation ![Nitrokey](assets/img/multi-factor-authentication/nitrokey.jpg){ align=right } - **Nitrokey** has a security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) called the **Nitrokey FIDO2**. For PGP support, you need to purchase one of their other keys such as the **Nitrokey Start**, **Nitrokey Pro 2** or the **Nitrokey Storage 2**. + **Nitrokey** har en säkerhetsnyckel som kan [FIDO2 och WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) som heter **Nitrokey FIDO2**. För PGP-stöd måste du köpa en av deras andra nycklar som * * Nitrokey Start * *, * *NitrokeyPro 2** eller **NitrokeyStorage 2**. - [:octicons-home-16: Homepage](https://www.nitrokey.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://www.nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://docs.nitrokey.com/){ .card-link title=Documentation} + [:octicons-home-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" } + [:octicons-info-16:](https://docs.nitrokey.com){ .card-link title=Contribute} -The [comparison table](https://www.nitrokey.com/#comparison) shows the features and how the Nitrokey models compare. The **Nitrokey 3** listed will have a combined feature set. +Jämförelsetabellen [](https://www.nitrokey.com/#comparison) visar funktionerna och hur Nitrokey-modellerna jämför. De **Nitrokey 3** listade kommer att ha en kombinerad funktionsuppsättning. -Nitrokey models can be configured using the [Nitrokey app](https://www.nitrokey.com/download). +Nitrokey-modeller kan konfigureras med [Nitrokey-appen](https://www.nitrokey.com/download). -For the models which support HOTP and TOTP, there are 3 slots for HOTP and 15 for TOTP. Some Nitrokeys can act as a password manager. They can store 16 different credentials and encrypt them using the same password as the OpenPGP interface. +För de modeller som stöder HOTP och TOTP finns det 3 platser för HOTP och 15 för TOTP. Vissa Nitrokeys kan fungera som en lösenordshanterare. De kan lagra 16 olika autentiseringsuppgifter och kryptera dem med samma lösenord som OpenPGP-gränssnittet. -!!! warning +!!! varning - While Nitrokeys do not release the HOTP/TOTP secrets to the device they are plugged into, the HOTP and TOTP storage is **not** encrypted and is vulnerable to physical attacks. If you are looking to store HOTP or TOTP these secrets, we highly recommend that you use a Yubikey instead. + Även om Nitrokeys inte lämnar ut HOTP/TOTP-hemligheterna till den enhet de är anslutna till, är HOTP- och TOTP-lagringen **inte** krypterad och sårbar för fysiska attacker. Om du vill lagra HOTP- eller TOTP-hemligheter rekommenderar vi starkt att du använder en Yubikey i stället. -!!! warning +!!! varning - Resetting the OpenPGP interface on a Nitrokey will also make the password database [inaccessible](https://docs.nitrokey.com/pro/linux/factory-reset). + Återställning av OpenPGP-gränssnittet på en Nitrokey kommer också att göra lösenordsdatabasen [inaccessible](https://docs.nitrokey.com/pro/linux/factory-reset). - The Nitrokey Pro 2, Nitrokey Storage 2, and the upcoming Nitrokey 3 supports system integrity verification for laptops with the [Coreboot](https://www.coreboot.org/) + [Heads](https://osresearch.net/) firmware. Purism's [Librem Key](https://puri.sm/products/librem-key/) is a rebranded NitroKey Pro 2 with similar firmware and can also be used for the same purposes. + Nitrokey Pro 2, Nitrokey Storage 2 och den kommande Nitrokey 3 stöder systemintegritetskontroll för bärbara datorer med [Coreboot](https://www.coreboot.org/) + [Heads](https://osresearch.net/) firmware. Purism 's [Librem Key](https://puri.sm/products/librem-key/) är en rebranded NitroKey Pro 2 med liknande firmware och kan också användas för samma ändamål. -Nitrokey's firmware is open-source, unlike the YubiKey. The firmware on modern NitroKey models (except the **NitroKey Pro 2**) is updatable. +Nitrokey firmware är öppen källkod, till skillnad från YubiKey. Den inbyggda programvaran på moderna NitroKey-modeller (utom **NitroKey Pro 2**) kan uppdateras. -!!! tip +!!! dricks - The Nitrokey app, while compatible with Librem Keys, requires `libnitrokey` version 3.6 or above to recognize them. Currently, the package is outdated on Windows, macOS, and most Linux distributions' repository, so you will likely have to compile the Nitrokey app yourself to get it working with the Librem Key. On Linux, you can obtain an up-to-date version from [Flathub](https://flathub.org/apps/details/com.nitrokey.nitrokey-app). + Nitrokey-appen är kompatibel med Librem Keys, men kräver "libnitrokey "version 3.6 eller senare för att känna igen dem. För närvarande är paketet föråldrat i Windows, macOS och de flesta Linuxdistributioners arkiv, så du måste troligen kompilera Nitrokey-appen själv för att få den att fungera med Librem Key. På Linux kan du få en uppdaterad version från [Flathub](https://flathub.org/apps/details/com.nitrokey.nitrokey-app). -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -#### Minimum Requirements +#### Minimikrav -- Must use high quality, tamper resistant hardware security modules. -- Must support the latest FIDO2 specification. -- Must not allow private key extraction. -- Devices which cost over $35 must support handling OpenPGP and S/MIME. +- Måste använda högkvalitativa, manipuleringssäkra hårdvarusäkerhetsmoduler. +- Måste stödja den senaste FIDO2-specifikationen. +- Får inte tillåta utvinning av privata nycklar. +- Enheter som kostar mer än 35 dollar måste ha stöd för hantering av OpenPGP och S/MIME. -#### Best-Case +#### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. -- Should be available in USB-C form-factor. -- Should be available with NFC. -- Should support TOTP secret storage. -- Should support secure firmware updates. +- Bör finnas tillgänglig i USB-C-format. +- Bör finnas tillgängligt med NFC. +- Bör stödja TOTP hemlig lagring. +- Bör stödja säkra uppdateringar av fast programvara. -## Authenticator Apps +## Autentiseringsapp -Authenticator Apps implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be. +Authenticator Apps implementerar en säkerhetsstandard som antagits av Internet Engineering Task Force (IETF) kallad **Time-based Engångslösenord**eller **TOTP**. Detta är en metod där webbplatser delar en hemlighet med dig som används av din autentiseringsapp för att generera en sex (vanligtvis) siffrig kod baserat på aktuell tid, som du anger när du loggar in för att webbplatsen ska kontrollera. Vanligtvis regenereras dessa koder var 30: e sekund, och när en ny kod genereras blir den gamla värdelös. Även om en hackare får tag på en sexsiffrig kod finns det inget sätt för dem att vända på koden för att få fram den ursprungliga hemligheten eller på annat sätt kunna förutsäga vad framtida koder kan vara. -We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and iOS have better security and app isolation than most desktop operating systems. +Vi rekommenderar starkt att du använder mobila TOTP-appar i stället för alternativ för datorer eftersom Android och iOS har bättre säkerhet och appisolering än de flesta operativsystem för datorer. ### Aegis Authenticator (Android) !!! recommendation - ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ align=right } + ![Aegis logotyp](assets/img/multi-factor-authentication/aegis.png){ align=right } - **Aegis Authenticator** is a free, secure and open-source app to manage your 2-step verification tokens for your online services. + **Aegis Authenticator** är en gratis, säker och öppen källkodsapp för att hantera dina tvåstegsverifieringstokens för dina onlinetjänster. - [:octicons-home-16: Homepage](https://getaegis.app){ .md-button .md-button--primary } - [:octicons-eye-16:](https://getaegis.app/aegis/privacy.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://github.com/beemdevelopment/Aegis/wiki){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/beemdevelopment/Aegis){ .card-link title="Source Code" } - [:octicons-heart-16:](https://www.buymeacoffee.com/beemdevelopment){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://github.com/beemdevelopment/Aegis/wiki/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/beemdevelopment/Aegis){ .card-link title="Källkod" } + [:octicons-heart-16:](https://www.buymeacoffee.com/beemdevelopment/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis) - - [:simple-github: GitHub](https://github.com/beemdevelopment/Aegis/releases) + - [:simple-github: App Store](https://github.com/beemdevelopment/Aegis/releases) ### Raivo OTP (iOS) !!! recommendation - ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ align=right } + ![Raivo OTP-logotyp](assets/img/multi-factor-authentication/raivo-otp.png){ align=right } - **Raivo OTP** is a native, lightweight and secure time-based (TOTP) & counter-based (HOTP) password client for iOS. Raivo OTP offers optional iCloud backup & sync. Raivo OTP is also available for macOS in the form of a status bar application, however the Mac app does not work independently of the iOS app. + **Raivo OTP** är en inbyggd, lätt och säker tidsbaserad (TOTP) & kontrabaserad (HOTP) lösenordsklient för iOS. Raivo OTP erbjuder valfri iCloud backup & synkronisering. Raivo OTP finns också tillgängligt för macOS i form av en applikation i statusfältet, men Mac-appen fungerar inte oberoende av iOS-appen. - [:octicons-home-16: Homepage](https://raivo-otp.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://raivo-otp.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-code-16:](https://github.com/raivo-otp/ios-application){ .card-link title="Source Code" } - [:octicons-heart-16:](https://raivo-otp.com/donate){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-code-16:](https://github.com/raivo-otp/ios-application/){ .card-link title=Dokumentation} + [:octicons-heart-16:](https://raivo-otp.com/donate){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-appstore: App Store](https://apps.apple.com/us/app/raivo-otp/id1459042137) -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -- Must be open-source software. -- Must not require internet connectivity. +- Måste vara programvara med öppen källkod. +- Får inte kräva internetuppkoppling. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/news-aggregators.md b/i18n/sv/news-aggregators.md index 24ced6fe..8e30a214 100644 --- a/i18n/sv/news-aggregators.md +++ b/i18n/sv/news-aggregators.md @@ -1,93 +1,94 @@ --- -title: "News Aggregators" +title: "Nyhetsaggregatorer" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. -## Aggregator clients +## Aggregatorklienter ### Akregator !!! recommendation - ![Akregator logo](assets/img/news-aggregators/akregator.svg){ align=right } + ![Akregators logotyp](assets/img/news-aggregators/akregator.svg){ align=right } - **Akregator** is a news feed reader that is a part of the [KDE](https://kde.org) project. It comes with a fast search, advanced archiving functionality and an internal browser for easy news reading. + **Akregator** är en nyhetsflödesläsare som är en del av projektet [KDE](https://kde.org). Den har en snabb sökning, avancerad arkiveringsfunktionalitet och en intern webbläsare för enkel läsning av nyheter. - [:octicons-home-16: Homepage](https://apps.kde.org/akregator){ .md-button .md-button--primary } - [:octicons-eye-16:](https://kde.org/privacypolicy-apps){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://docs.kde.org/?application=akregator){ .card-link title=Documentation} - [:octicons-code-16:](https://invent.kde.org/pim/akregator){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.kde.org/?application=akregator/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://invent.kde.org/pim/akregator){ .card-link title="Källkod" } [:octicons-heart-16:](https://kde.org/community/donations/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.kde.akregator) -### Feeder +### Matare !!! recommendation ![Feeder logo](assets/img/news-aggregators/feeder.png){ align=right } - **Feeder** is a modern RSS client for Android that has many [features](https://gitlab.com/spacecowboy/Feeder#features) and works well with folders of RSS feeds. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). + **Feeder** är en modern RSS-klient för Android som har många [features](https://gitlab. om/spacecowboy/Feeder#funktioner) och fungerar bra med mappar RSS-flöden. Den stöder [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) och [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). - [:octicons-repo-16: Repository](https://gitlab.com/spacecowboy/Feeder){ .md-button .md-button--primary } - [:octicons-code-16:](https://gitlab.com/spacecowboy/Feeder){ .card-link title="Source Code" } + [:octicons-repo-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary } + [:octicons-code-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" } [:octicons-heart-16:](https://ko-fi.com/spacecowboy){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play) + - [:simple-googleplay: Google Play] (https://play.google.com/store/apps/details?id=com.nononsenseapps.feeder.play) -### Fluent Reader +### Flytande läsare !!! recommendation - ![Fluent Reader logo](assets/img/news-aggregators/fluent-reader.svg){ align=right } + ![Fluent Reader-logotyp](assets/img/news-aggregators/fluent-reader.svg){ align=right } - **Fluent Reader** is a secure cross-platform news aggregator that has useful privacy features such as deletion of cookies on exit, strict [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) and proxy support, meaning you can use it over [Tor](tor.md). + **Fluent Reader** är en säker plattformsoberoende nyhetsaggregator som har användbara integritetsfunktioner som t.ex. radering av cookies vid avslut, strikt [content security policies (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) och proxystöd, vilket innebär att du kan använda den via [Tor](tor.md). - [:octicons-home-16: Homepage](https://hyliu.me/fluent-reader){ .md-button .md-button--primary } - [:octicons-eye-16:](https://github.com/yang991178/fluent-reader/wiki/Privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://github.com/yang991178/fluent-reader/wiki/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/yang991178/fluent-reader){ .card-link title="Source Code" } - [:octicons-heart-16:](https://github.com/sponsors/yang991178){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://docs.cryptomator.org/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/cryptomator){ .card-link title="Källkod" } + [:octicons-heart-16:](https://cryptomator.org/donate/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - - [:simple-windows11: Windows](https://hyliu.me/fluent-reader) + - [:simple-windows11: Google Play](https://hyliu.me/fluent-reader) - [:simple-appstore: App Store](https://apps.apple.com/app/id1520907427) -### GNOME Feeds +### GNOME-flöden !!! recommendation - ![GNOME Feeds logo](assets/img/news-aggregators/gfeeds.svg){ align=right } + ![GNOME Feeds logotyp](assets/img/news-aggregators/gfeeds.svg){ align=right } - **GNOME Feeds** is an [RSS](https://en.wikipedia.org/wiki/RSS) and [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) news reader for [GNOME](https://www.gnome.org). It has a simple interface and is quite fast. + **GNOME Feeds** är en nyhetsläsare för [RSS](https://en.wikipedia.org/wiki/RSS) och [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) för [GNOME](https://www.gnome.org). Det har ett enkelt gränssnitt och är ganska snabbt. - [:octicons-home-16: Homepage](https://gfeeds.gabmus.org){ .md-button .md-button--primary } - [:octicons-code-16:](https://gitlab.gnome.org/World/gfeeds){ .card-link title="Source Code" } - [:octicons-heart-16:](https://liberapay.com/gabmus/){ .card-link title=Contribute } + [:octicons-home-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary } + [:octicons-code-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" } + [:octicons-heart-16:](https://liberapay.com/gabmus){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - - [:simple-linux: Linux](https://gfeeds.gabmus.org/#install) - - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.gabmus.gfeeds) + - [:simple-linux: Google Play](https://gfeeds.gabmus.org/#install) + - [:simple-flathub: App Store](https://flathub.org/apps/details/org.gabmus.gfeeds) ### Miniflux !!! recommendation - ![Miniflux logo](assets/img/news-aggregators/miniflux.svg#only-light){ align=right } + ![Miniflux logotyp](assets/img/news-aggregators/miniflux.svg#only-light){ align=right } ![Miniflux logo](assets/img/news-aggregators/miniflux-dark.svg#only-dark){ align=right } - **Miniflux** is a web-based news aggregator that you can self-host. It supports [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) and [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). + **Miniflux** är en webbaserad nyhetsaggregator som du kan lägga upp själv. Den stöder [RSS](https://en.wikipedia.org/wiki/RSS), [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)), [RDF](https://en.wikipedia.org/wiki/RDF%2FXML) och [JSON Feed](https://en.wikipedia.org/wiki/JSON_Feed). - [:octicons-home-16: Homepage](https://miniflux.app){ .md-button .md-button--primary } - [:octicons-info-16:](https://miniflux.app/docs/index.html){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/miniflux/v2){ .card-link title="Source Code" } [:octicons-heart-16:](https://miniflux.app/#donations){ .card-link title=Contribute } @@ -97,14 +98,14 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k ![NetNewsWire logo](assets/img/news-aggregators/netnewswire.png){ align=right } - **NetNewsWire** a free and open-source feed reader for macOS and iOS with a focus on a native design and feature set. It supports the typical feed formats alongside built-in support for Twitter and Reddit feeds. + **NetNewsWire** är en gratis och öppen källkodsläsare för macOS och iOS med fokus på en inhemsk design och funktionalitet. Den stöder de vanliga feedformaten samt inbyggt stöd för Twitter- och Reddit-flöden. - [:octicons-home-16: Homepage](https://netnewswire.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://netnewswire.com/privacypolicy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://netnewswire.com/help/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/Ranchero-Software/NetNewsWire){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://netnewswire.com/help/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/Ranchero-Software/NetNewsWire){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-appstore: App Store](https://apps.apple.com/us/app/netnewswire-rss-reader/id1480640210) - [:simple-apple: macOS](https://netnewswire.com) @@ -113,35 +114,35 @@ A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to k !!! recommendation - ![Newsboat logo](assets/img/news-aggregators/newsboat.svg){ align=right } + ![Newsboat-logotyp](assets/img/news-aggregators/newsboat.svg){ align=right } - **Newsboat** is an RSS/Atom feed reader for the text console. It's an actively maintained fork of [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). It is very lightweight, and ideal for use over [Secure Shell](https://en.wikipedia.org/wiki/Secure_Shell). + **Newsboat** är en RSS/Atom-flödesläsare för textkonsolen. Det är en aktivt underhållen gaffel av [Newsbeuter](https://en.wikipedia.org/wiki/Newsbeuter). Den är mycket lätt och idealisk för användning via [Secure Shell] (https://en.wikipedia.org/wiki/Secure_Shell). - [:octicons-home-16: Homepage](https://newsboat.org){ .md-button .md-button--primary } - [:octicons-info-16:](https://newsboat.org/releases/2.27/docs/newsboat.html){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary }[:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/newsboat/newsboat){ .card-link title="Source Code" } + [](){ .card-link title=Contribute } -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -- Must be open-source software. -- Must operate locally, i.e. must not be a cloud service. +- Måste vara programvara med öppen källkod. +- Måste fungera lokalt, dvs. får inte vara en molntjänst. -## Social Media RSS Support +## RSS-support för sociala medier -Some social media services also support RSS although it's not often advertised. +Vissa sociala medietjänster har också stöd för RSS, även om det inte ofta annonseras. ### Reddit -Reddit allows you to subscribe to subreddits via RSS. +På Reddit kan du prenumerera på subreddits via RSS. -!!! example - Replace `subreddit_name` with the subreddit you wish to subscribe to. +!!! exempel + Ersätt `subreddit_name` med det subreddit du vill prenumerera på. ```text https://www.reddit.com/r/{{ subreddit_name }}/new/.rss @@ -149,11 +150,11 @@ Reddit allows you to subscribe to subreddits via RSS. ### Twitter -Using any of the Nitter [instances](https://github.com/zedeus/nitter/wiki/Instances) you can easily subscribe using RSS. +Med hjälp av någon av Nitter [-instanserna](https://github.com/zedeus/nitter/wiki/Instances) kan du enkelt prenumerera via RSS. -!!! example - 1. Pick an instance and set `nitter_instance`. - 2. Replace `twitter_account` with the account name. +!!! exempel + 1. Välj en instans och ställ in `nitter_instance`. + 2. Ersätt `twitter_account` med kontonamnet. ```text https://{{ nitter_instance }}/{{ twitter_account }}/rss @@ -161,13 +162,11 @@ Using any of the Nitter [instances](https://github.com/zedeus/nitter/wiki/Instan ### YouTube -You can subscribe YouTube channels without logging in and associating usage information with your Google Account. +Du kan prenumerera på YouTube-kanaler utan att logga in och koppla användningsinformation till ditt Google-konto. -!!! example +!!! exempel - To subscribe to a YouTube channel with an RSS client, first look for your [channel code](https://support.google.com/youtube/answer/6180214), replace `[CHANNEL ID]` below: + Om du vill prenumerera på en YouTube-kanal med en RSS-klient letar du först efter din [kanalkod] (https://support.google.com/youtube/answer/6180214) och ersätter `[KANAL-ID]` nedan: ```text - https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] + https://www.youtube.com/feeds/videos.xml?channel_id=[KANAL-ID] ``` - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/notebooks.md b/i18n/sv/notebooks.md index 98e3e20f..be23552b 100644 --- a/i18n/sv/notebooks.md +++ b/i18n/sv/notebooks.md @@ -1,29 +1,30 @@ --- -title: "Notebooks" +title: "Anteckningsböcker" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- -Keep track of your notes and journalings without giving them to a third-party. +Håll koll på dina anteckningar och dagboksanteckningar utan att ge dem till tredje part. -If you are currently using an application like Evernote, Google Keep, or Microsoft OneNote, we suggest you pick an alternative here that supports E2EE. +Om du för närvarande använder ett program som Evernote, Google Keep eller Microsoft OneNote föreslår vi att du väljer ett alternativ som stöder E2EE. -## Cloud-based +## Molnbaserad ### Joplin !!! recommendation - ![Joplin logo](assets/img/notebooks/joplin.svg){ align=right } + ![Joplin-logotyp](assets/img/notebooks/joplin.svg){ align=right } - **Joplin** is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes. + **Joplin** är ett kostnadsfritt, öppen källkod och fullt utrustat program för anteckningar och att göra som kan hantera ett stort antal markdown-noter organiserade i anteckningsböcker och taggar. Det erbjuder E2EE och kan synkroniseras via Nextcloud, Dropbox och mer. Det erbjuder också enkel import från Evernote och vanlig text anteckningar. - [:octicons-home-16: Homepage](https://joplinapp.org/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://joplinapp.org/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://joplinapp.org/help/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://joplinapp.org/help/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/laurent22/joplin){ .card-link title="Källkod" } [:octicons-heart-16:](https://joplinapp.org/donate/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.cozic.joplin) - [:simple-appstore: App Store](https://apps.apple.com/us/app/joplin/id1315599797) @@ -32,25 +33,25 @@ If you are currently using an application like Evernote, Google Keep, or Microso - [:simple-apple: macOS](https://joplinapp.org/#desktop-applications) - [:simple-linux: Linux](https://joplinapp.org/#desktop-applications) - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/joplin-web-clipper/) - - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmkdbbbgpnglcpdollgjjfek) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/joplin-web-clipper/alofnhikmmk -Joplin does not support password/PIN protection for the [application itself or individual notes and notebooks](https://github.com/laurent22/joplin/issues/289). However, your data is still encrypted in transit and at the sync location using your master key. Since January 2023, Joplin supports biometrics app lock for [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) and [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z). +Joplin stöder inte lösenord/PIN-skydd för [applikationen själv eller enskilda anteckningar och anteckningsböcker](https://github.com/laurent22/joplin/issues/289). Dina data är dock fortfarande krypterade under överföring och på synkroniseringsplatsen med hjälp av huvudnyckeln. Sedan januari 2023 stöder Joplin biometrisk applåsning för [Android](https://joplinapp.org/changelog_android/#android-v2-10-3-https-github-com-laurent22-joplin-releases-tag-android-v2-10-3-pre-release-2023-01-05t11-29-06z) och [iOS](https://joplinapp.org/changelog_ios/#ios-v12-10-2-https-github-com-laurent22-joplin-releases-tag-ios-v12-10-2-2023-01-20t17-41-13z). -### Standard Notes +### Standardnoteringar !!! recommendation ![Standard Notes logo](assets/img/notebooks/standard-notes.svg){ align=right } - **Standard Notes** is a simple and private notes app that makes your notes easy and available everywhere you are. It features E2EE on every platform, and a powerful desktop experience with themes and custom editors. It has also been [independently audited (PDF)](https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf). + **Standard Notes** är en enkel och privat anteckningsapp som gör dina anteckningar enkla och tillgängliga överallt. Den har E2EE på alla plattformar och en kraftfull skrivbordsupplevelse med teman och anpassade redaktörer. Den har också [reviderats av en oberoende revisionsbyrå (PDF)] (https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf). - [:octicons-home-16: Homepage](https://standardnotes.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://standardnotes.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://standardnotes.com/help){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Source Code" } - [:octicons-heart-16:](https://standardnotes.com/donate){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://standardnotes.com/help/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/standardnotes){ .card-link title="Källkod" } + [:octicons-heart-16:](https://standardnotes.com/donate/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.standardnotes) - [:simple-appstore: App Store](https://apps.apple.com/app/id1285392450) @@ -64,52 +65,50 @@ Joplin does not support password/PIN protection for the [application itself or i !!! recommendation - ![Cryptee logo](./assets/img/notebooks/cryptee.svg#only-light){ align=right } + ![Cryptee-logotyp](./assets/img/notebooks/cryptee.svg#only-light){ align=right } ![Cryptee logo](./assets/img/notebooks/cryptee-dark.svg#only-dark){ align=right } - **Cryptee** is an open-source, web-based E2EE document editor and photo storage application. Cryptee is a PWA, which means that it works seamlessly across all modern devices without requiring native apps for each respective platform. + **Cryptee** är en webbaserad E2EE-dokumentredigerare med öppen källkod och ett program för lagring av foton. Cryptee är en PWA, vilket innebär att den fungerar smidigt på alla moderna enheter utan att kräva inbyggda appar för varje plattform. - [:octicons-home-16: Homepage](https://crypt.ee){ .md-button .md-button--primary } - [:octicons-eye-16:](https://crypt.ee/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://crypt.ee/help){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/cryptee){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://crypt.ee/help/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/cryptee){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - - [:octicons-globe-16: PWA](https://crypt.ee/download) + - [:octicons-globe-16: Flathub](https://crypt.ee/download) -Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn't require an e-mail or other personally identifiable information. +Cryptee erbjuder 100 Mb lagring gratis, med betalalternativ om du behöver mer. För att registrera dig krävs ingen e-post eller annan personligt identifierbar information. -## Local notebooks +## Lokala anteckningsböcker -### Org-mode +### Org-läge !!! recommendation ![Org-mode logo](assets/img/notebooks/org-mode.svg){ align=right } - **Org-mode** is a [major mode](https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. Synchronization is possible with [file synchronization](file-sharing.md#file-sync) tools. + **Org-mode** är ett [major mode] (https://www.gnu.org/software/emacs/manual/html_node/elisp/Major-Modes.html) för GNU Emacs. Org-mode är till för att föra anteckningar, upprätthålla TODO-listor, planera projekt och skriva dokument med ett snabbt och effektivt system för klartext. Synkronisering är möjlig med [filsynkronisering](file-sharing.md#file-sync)-verktyg. - [:octicons-home-16: Homepage](https://orgmode.org){ .md-button .md-button--primary } - [:octicons-info-16:](https://orgmode.org/manuals.html){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://git.savannah.gnu.org/cgit/emacs/org-mode.git){ .card-link title="Source Code" } [:octicons-heart-16:](https://liberapay.com/bzg){ .card-link title=Contribute } -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -- Clients must be open-source. -- Any cloud sync functionality must be E2EE. -- Must support exporting documents into a standard format. +- Klienterna bör ha öppen källkod. +- Alla funktioner för molnsynkronisering måste vara E2EE. +- Måste stödja export av dokument till ett standardformat. -### Best Case +### Bästa fall -- Local backup/sync functionality should support encryption. -- Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.sv.txt" +- Funktioner för lokal säkerhetskopiering/synkronisering bör stödja kryptering. +- Molnbaserade plattformar bör stödja delning av dokument. diff --git a/i18n/sv/os/android-overview.md b/i18n/sv/os/android-overview.md index 8bc4aea7..c334d55e 100644 --- a/i18n/sv/os/android-overview.md +++ b/i18n/sv/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! varning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! anmärkning + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/os/linux-overview.md b/i18n/sv/os/linux-overview.md index b14b84a2..161a9aba 100644 --- a/i18n/sv/os/linux-overview.md +++ b/i18n/sv/os/linux-overview.md @@ -1,135 +1,136 @@ --- -title: Linux Overview +title: Översikt över Linux icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +Man tror ofta att [programvara med öppen källkod](https://en.wikipedia.org/wiki/Open-source_software) är säker i sig eftersom källkoden är tillgänglig. Det finns en förväntan på att gemenskapens kontroll sker regelbundet, men detta är inte alltid fallet [](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. -At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: +För närvarande har skrivbord Linux några områden som kan förbättras bättre jämfört med sina egenutvecklade motsvarigheter, t.ex.: -- A verified boot chain, like Apple’s [Secure Boot](https://support.apple.com/guide/security/startup-security-utility-secc7b34e5b5/web) (with [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1)), Android’s [Verified Boot](https://source.android.com/security/verifiedboot), ChromeOS' [Verified boot](https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview/#verified-boot), or Microsoft Windows’s [boot process](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process) with [TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). These features and hardware technologies can all help prevent persistent tampering by malware or [evil maid attacks](https://en.wikipedia.org/wiki/Evil_Maid_attack) -- A strong sandboxing solution such as that found in [macOS](https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html), [ChromeOS](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md), and [Android](https://source.android.com/security/app-sandbox). Commonly used Linux sandboxing solutions such as [Flatpak](https://docs.flatpak.org/en/latest/sandbox-permissions.html) and [Firejail](https://firejail.wordpress.com/) still have a long way to go -- Strong [exploit mitigations](https://madaidans-insecurities.github.io/linux.html#exploit-mitigations) +- En verifierad startkedja, som Apples [Secure Boot](https://support.apple.com/guide/security/startup-security-utility-secc7b34e5b5/web) (med [Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/1/web/1)), Androids [Verified Boot](https://source.android.com/security/verifiedboot), ChromeOS [Verified boot](https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview/#verified-boot)eller Microsoft Windows [bootprocess](https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process) med [TPM](https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/how-windows-uses-the-tpm). Dessa funktioner och hårdvarutekniker kan alla bidra till att förhindra ihållande manipulering av skadlig kod eller [evil maid-attacker](https://en.wikipedia.org/wiki/Evil_Maid_attack) +- En stark sandlådelösning som den som finns i [macOS](https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html), [ChromeOS](https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md)och [Android](https://source.android.com/security/app-sandbox). Vanligt förekommande sandboxing-lösningar för Linux, t.ex. [Flatpak](https://docs.flatpak.org/en/latest/sandbox-permissions.html) och [Firejail](https://firejail.wordpress.com/), har fortfarande en lång väg att gå +- Starka [åtgärder för att minska exploateringar](https://madaidans-insecurities.github.io/linux.html#exploit-mitigations) -Despite these drawbacks, desktop Linux distributions are great if you want to: +Trots dessa nackdelar är stationära Linux-distributioner bra om du vill: -- Avoid telemetry that often comes with proprietary operating systems -- Maintain [software freedom](https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms) -- Have privacy focused systems such as [Whonix](https://www.whonix.org) or [Tails](https://tails.boum.org/) +- Undvik telemetri som ofta kommer med egna operativsystem +- Bevara [frihet för programvara](https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms) +- Har system som är inriktade på integritet, t.ex. [Whonix](https://www.whonix.org) eller [Tails](https://tails.boum.org/) -Our website generally uses the term “Linux” to describe desktop Linux distributions. Other operating systems which also use the Linux kernel such as ChromeOS, Android, and Qubes OS are not discussed here. +På vår webbplats används i allmänhet termen "Linux" för att beskriva Linuxdistributioner för skrivbordsmiljöer. Andra operativsystem som också använder Linux-kärnan som ChromeOS, Android och Qubes OS diskuteras inte här. -[Our Linux Recommendations :material-arrow-right-drop-circle:](../desktop.md ""){.md-button} +[Våra Linux-rekommendationer :material-arrow-right-drop-circle:](../desktop.md ""){.md-button} -## Choosing your distribution +## Välja din distribution -Not all Linux distributions are created equal. While our Linux recommendation page is not meant to be an authoritative source on which distribution you should use, there are a few things you should keep in mind when choosing which distribution to use. +Inte alla Linux-distributioner är skapade lika. Medan vår Linux-rekommendationssida inte är avsedd att vara en auktoritativ källa på vilken distribution du ska använda, finns det några saker du bör tänka på när du väljer vilken distribution du ska använda. -### Release cycle +### Utgivningscykel -We highly recommend that you choose distributions which stay close to the stable upstream software releases, often referred to as rolling release distributions. This is because frozen release cycle distributions often don’t update package versions and fall behind on security updates. +Vi rekommenderar starkt att du väljer distributioner som ligger nära de stabila uppströmsutgåvorna, ofta kallade rullande utgåvor. Detta beror på att frysta utgåvor ofta inte uppdaterar paketversioner och hamnar bakom säkerhetsuppdateringar. -For frozen distributions such as [Debian](https://www.debian.org/security/faq#handling), package maintainers are expected to backport patches to fix vulnerabilities rather than bump the software to the “next version” released by the upstream developer. Some security fixes [do not](https://arxiv.org/abs/2105.14565) receive a [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result minor security fixes are sometimes held back until the next major release. +För frusna distributioner som [Debian](https://www.debian.org/security/faq#handling)förväntas paketansvariga backa patchar för att åtgärda sårbarheter snarare än att stöta programvaran till "nästa version" som släppts av uppströmsutvecklaren. Vissa säkerhetskorrigeringar [inte](https://arxiv.org/abs/2105.14565) får en [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) (särskilt mindre populär programvara) alls och därför inte göra det i distributionen med denna patching modell. Som ett resultat hålls mindre säkerhetskorrigeringar ibland tillbaka till nästa stora utgåva. -We don’t believe holding packages back and applying interim patches is a good idea, as it diverges from the way the developer might have intended the software to work. [Richard Brown](https://rootco.de/aboutme/) has a presentation about this: +Vi tror inte att hålla paket tillbaka och tillämpa tillfälliga patchar är en bra idé, eftersom det skiljer sig från hur utvecklaren kan ha avsett att programvaran ska fungera. [Richard Brown](https://rootco.de/aboutme/) har en presentation om detta:
    - +
    -### Traditional vs Atomic updates +### Traditionella och atomära uppdateringar -Traditionally, Linux distributions update by sequentially updating the desired packages. Traditional updates such as those used in Fedora, Arch Linux, and Debian based distributions can be less reliable if an error occurs while updating. +Traditionellt sett uppdaterar Linuxdistributioner genom att sekventiellt uppdatera de önskade paketen. Traditionella uppdateringar som de som används i Fedora-, Arch Linux- och Debianbaserade distributioner kan vara mindre tillförlitliga om ett fel uppstår under uppdateringen. -Atomic updating distributions apply updates in full or not at all. Typically, transactional update systems are also atomic. +Distributioner med atomär uppdatering tillämpar uppdateringar i sin helhet eller inte alls. Typiskt sett är transaktionella uppdateringssystem också atomära. -A transactional update system creates a snapshot that is made before and after an update is applied. If an update fails at any time (perhaps due to a power failure), the update can be easily rolled back to a “last known good state." +Ett system för transaktionsuppdatering skapar en ögonblicksbild som görs före och efter att en uppdatering tillämpas. Om en uppdatering misslyckas när som helst (till exempel på grund av ett strömavbrott) kan uppdateringen enkelt återställas till ett "senast kända goda tillstånd" -The Atomic update method is used for immutable distributions like Silverblue, Tumbleweed, and NixOS and can achieve reliability with this model. [Adam Šamalík](https://twitter.com/adsamalik) provided a presentation on how `rpm-ostree` works with Silverblue: +Atomic update-metoden används för oföränderliga distributioner som Silverblue, Tumbleweed och NixOS och kan uppnå tillförlitlighet med den här modellen. [Adam Šamalík](https://twitter.com/adsamalik) gav en presentation om hur `rpm-ostree` fungerar med Silverblue:
    - +
    -### “Security-focused” distributions +### "Säkerhetsfokuserad" distribution -There is often some confusion between “security-focused” distributions and “pentesting” distributions. A quick search for “the most secure Linux distribution” will often give results like Kali Linux, Black Arch and Parrot OS. These distributions are offensive penetration testing distributions that bundle tools for testing other systems. They don’t include any “extra security” or defensive mitigations intended for regular use. +Det råder ofta viss förvirring mellan "säkerhetsfokuserade" fördelningar och "pentesting"-fördelningar. En snabb sökning på "den säkraste Linuxdistributionen" ger ofta resultat som Kali Linux, Black Arch och Parrot OS. Dessa distributioner är offensiva distributioner för penetrationstestning som innehåller verktyg för att testa andra system. De innehåller ingen "extra säkerhet" eller defensiva åtgärder som är avsedda för vanlig användning. -### Arch-based distributions +### Arch Linux baserade distributioner -Arch based distributions are not recommended for those new to Linux, (regardless of distribution) as they require regular [system maintenance](https://wiki.archlinux.org/title/System_maintenance). Arch does not have an distribution update mechanism for the underlying software choices. As a result you have to stay aware with current trends and adopt technologies as they supersede older practices on your own. +Arch-baserade distributioner rekommenderas inte för dem som är nya i Linux (oavsett distribution) eftersom de kräver regelbundet underhåll av systemet [](https://wiki.archlinux.org/title/System_maintenance). Arch har ingen distributionsuppdateringsmekanism för de underliggande programvaruvalen. Därför måste du hålla dig uppdaterad om aktuella trender och ta till dig teknik när den ersätter äldre metoder på egen hand. -For a secure system, you are also expected to have sufficient Linux knowledge to properly set up security for their system such as adopting a [mandatory access control](https://en.wikipedia.org/wiki/Mandatory_access_control) system, setting up [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, hardening boot parameters, manipulating [sysctl](https://en.wikipedia.org/wiki/Sysctl) parameters, and knowing what components they need such as [Polkit](https://en.wikipedia.org/wiki/Polkit). +För ett säkert system förväntas du också ha tillräckliga Linuxkunskaper för att korrekt konfigurera säkerheten för deras system, t.ex. anta ett [obligatoriskt system för åtkomstkontroll](https://en.wikipedia.org/wiki/Mandatory_access_control), konfigurera [kernel module](https://en.wikipedia.org/wiki/Loadable_kernel_module#Security) blacklists, skärpa uppstartsparametrar, manipulera [sysctl](https://en.wikipedia.org/wiki/Sysctl) -parametrar och veta vilka komponenter de behöver, t.ex. [Polkit](https://en.wikipedia.org/wiki/Polkit). -Anyone using the [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **must** be comfortable in auditing PKGBUILDs that they install from that service. AUR packages are community-produced content and are not vetted in any way, and therefore are vulnerable to software supply chain attacks, which has in fact happened [in the past](https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/). AUR should always be used sparingly and often there is a lot of bad advice on various pages which direct people to blindly use [AUR helpers](https://wiki.archlinux.org/title/AUR_helpers) without sufficient warning. Similar warnings apply to use third-party Personal Package Archives (PPAs) on Debian based distributions or Community Projects (COPR) on Fedora. +Alla som använder [Arch User Repository (AUR)](https://wiki.archlinux.org/title/Arch_User_Repository), **måste** vara bekväma med att granska PKGBUILDs som de installerar från den tjänsten. AUR-paket är innehåll som produceras av gemenskapen och är inte granskade på något sätt, och är därför sårbara för attacker i programvarukedjan, vilket faktiskt har hänt [tidigare](https://www.bleepingcomputer.com/news/security/malware-found-in-arch-linux-aur-package-repository/). AUR bör alltid användas sparsamt och ofta finns det många dåliga råd på olika sidor som uppmanar folk att blint använda [AUR-hjälpmedel](https://wiki.archlinux.org/title/AUR_helpers) utan tillräcklig varning. Liknande varningar gäller för användning av tredje parts Personal Package Archives (PPAs) på Debianbaserade distributioner eller Community Projects (COPR) på Fedora. -If you are experienced with Linux and wish to use an Arch-based distribution, we only recommend mainline Arch Linux, not any of its derivatives. We recommend against these two Arch derivatives specifically: +Om du har erfarenhet av Linux och vill använda en Arch-baserad distribution rekommenderar vi endast huvudversionen av Arch Linux, inte något av dess derivat. Vi rekommenderar särskilt dessa två Arch-derivat: -- **Manjaro**: This distribution holds packages back for 2 weeks to make sure that their own changes don’t break, not to make sure that upstream is stable. When AUR packages are used, they are often built against the latest [libraries](https://en.wikipedia.org/wiki/Library_(computing)) from Arch’s repositories. -- **Garuda**: They use [Chaotic-AUR](https://aur.chaotic.cx/) which automatically and blindly compiles packages from the AUR. There is no verification process to make sure that the AUR packages don’t suffer from supply chain attacks. +- **Manjaro**: Denna distribution håller tillbaka paket i två veckor för att se till att deras egna ändringar inte går sönder, inte för att se till att uppströmsversionen är stabil. När AUR-paket används byggs de ofta med de senaste [-biblioteken](https://en.wikipedia.org/wiki/Library_(computing)) från Arch:s arkiv. +- **Garuda**: De använder [Chaotic-AUR](https://aur.chaotic.cx/) som automatiskt och blint kompilerar paket från AUR. Det finns ingen verifieringsprocess för att se till att AUR-paketen inte drabbas av attacker i leveranskedjan. ### Kicksecure -While we strongly recommend against using outdated distributions like Debian, there is a Debian based operating system that has been hardened to be much more secure than typical Linux distributions: [Kicksecure](https://www.kicksecure.com/). Kicksecure, in oversimplified terms, is a set of scripts, configurations, and packages that substantially reduce the attack surface of Debian. It covers a lot of privacy and hardening recommendations by default. +Vi rekommenderar starkt att du inte använder föråldrade distributioner som Debian, men det finns ett Debianbaserat operativsystem som har hårdgjorts för att vara mycket säkrare än vanliga Linuxdistributioner: [Kicksecure](https://www.kicksecure.com/). Kicksecure är, förenklat uttryckt, en uppsättning skript, konfigurationer och paket som avsevärt minskar angreppsytan för Debian. Den täcker många rekommendationer för sekretess och skydd av integritet som standard. -### Linux-libre kernel and “Libre” distributions +### Linux-libre-kärnan och "Libre"-distributioner -We strongly recommend **against** using the Linux-libre kernel, since it [removes security mitigations](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) and [suppresses kernel warnings](https://news.ycombinator.com/item?id=29674846) about vulnerable microcode for ideological reasons. +Vi rekommenderar starkt **att** inte använder Linux-libre-kärnan, eftersom den [tar bort säkerhetsåtgärder](https://www.phoronix.com/scan.php?page=news_item&px=GNU-Linux-Libre-5.7-Released) och [av ideologiska skäl undertrycker kärnans varningar](https://news.ycombinator.com/item?id=29674846) om sårbar mikrokod. -## General Recommendations +## Allmänna rekommendationer -### Drive Encryption +### Enhetskryptering -Most Linux distributions have an option within its installer for enabling [LUKS](../encryption.md#linux-unified-key-setup) FDE. If this option isn’t set at installation time, you will have to backup your data and re-install, as encryption is applied after [disk partitioning](https://en.wikipedia.org/wiki/Disk_partitioning), but before [file systems](https://en.wikipedia.org/wiki/File_system) are formatted. We also suggest securely erasing your storage device: +De flesta Linux-distributioner har ett alternativ i installationsprogrammet för att aktivera [LUKS](../encryption.md#linux-unified-key-setup) fde. Om det här alternativet inte är inställt vid installationstillfället måste du säkerhetskopiera dina data och installera om, eftersom krypteringen tillämpas efter [diskpartitionering](https://en.wikipedia.org/wiki/Disk_partitioning), men innan [filsystem](https://en.wikipedia.org/wiki/File_system) formateras. Vi föreslår också att du raderar din lagringsenhet på ett säkert sätt: -- [Secure Data Erasure :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) +- [Säker radering av data :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) -### Swap +### Växla -Consider using [ZRAM](https://wiki.archlinux.org/title/Swap#zram-generator) or [encrypted swap](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption) instead of unencrypted swap to avoid potential security issues with sensitive data being pushed to [swap space](https://en.wikipedia.org/wiki/Memory_paging). Fedora based distributions [use ZRAM by default](https://fedoraproject.org/wiki/Changes/SwapOnZRAM). +Överväg att använda [ZRAM](https://wiki.archlinux.org/title/Swap#zram-generator) eller [krypterad swap](https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption) i stället för okrypterad swap för att undvika potentiella säkerhetsproblem med känsliga data som flyttas till [swaputrymme](https://en.wikipedia.org/wiki/Memory_paging). Fedora-baserade distributioner [använder ZRAM som standard](https://fedoraproject.org/wiki/Changes/SwapOnZRAM). ### Wayland -We recommend using a desktop environment that supports the [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) display protocol as it was developed with security [in mind](https://lwn.net/Articles/589147/). Its predecessor, [X11](https://en.wikipedia.org/wiki/X_Window_System), does not support GUI isolation, allowing all windows to [record screen, log and inject inputs in other windows](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), making any attempt at sandboxing futile. While there are options to do nested X11 such as [Xpra](https://en.wikipedia.org/wiki/Xpra) or [Xephyr](https://en.wikipedia.org/wiki/Xephyr), they often come with negative performance consequences and are not convenient to set up and are not preferable over Wayland. +Vi rekommenderar att du använder en skrivbordsmiljö som stöder visningsprotokollet [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)) eftersom det har utvecklats med säkerheten [i åtanke](https://lwn.net/Articles/589147/). Dess föregångare, [X11](https://en.wikipedia.org/wiki/X_Window_System), har inte stöd för isolering av grafiska gränssnitt, vilket gör att alla fönster kan [spela in skärmen, logga och injicera inmatningar i andra fönster](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), vilket gör alla försök till sandboxing meningslösa. Även om det finns alternativ för att göra nested X11, t.ex. [Xpra](https://en.wikipedia.org/wiki/Xpra) eller [Xephyr](https://en.wikipedia.org/wiki/Xephyr), har de ofta negativa konsekvenser för prestandan och är inte bekväma att konfigurera och är inte att föredra framför Wayland. -Fortunately, common environments such as [GNOME](https://www.gnome.org), [KDE](https://kde.org), and the window manager [Sway](https://swaywm.org) have support for Wayland. Some distributions like Fedora and Tumbleweed use it by default, and some others may do so in the future as X11 is in [hard maintenance mode](https://www.phoronix.com/scan.php?page=news_item&px=X.Org-Maintenance-Mode-Quickly). If you’re using one of those environments it is as easy as selecting the “Wayland” session at the desktop display manager ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)). +Lyckligtvis har vanliga miljöer som [GNOME](https://www.gnome.org), [KDE](https://kde.org)och fönsterhanteraren [Sway](https://swaywm.org) stöd för Wayland. Vissa distributioner som Fedora och Tumbleweed använder det som standard, och andra kan komma att göra det i framtiden eftersom X11 är i [hard maintenance mode](https://www.phoronix.com/scan.php?page=news_item&px=X.Org-Maintenance-Mode-Quickly). Om du använder en av dessa miljöer är det lika enkelt som att välja "Wayland"-sessionen i skrivbordsdisplayhanteraren ([GDM](https://en.wikipedia.org/wiki/GNOME_Display_Manager), [SDDM](https://en.wikipedia.org/wiki/Simple_Desktop_Display_Manager)). -We recommend **against** using desktop environments or window managers that do not have Wayland support, such as Cinnamon (default on Linux Mint), Pantheon (default on Elementary OS), MATE, Xfce, and i3. +Vi rekommenderar **mot** om du använder skrivbordsmiljöer eller fönsterhanterare som inte har stöd för Wayland, till exempel Cinnamon (standard i Linux Mint), Pantheon (standard i Elementary OS), MATE, Xfce och i3. -### Proprietary Firmware (Microcode Updates) +### Proprietär fast programvara (uppdateringar av mikrokod) -Linux distributions such as those which are [Linux-libre](https://en.wikipedia.org/wiki/Linux-libre) or DIY (Arch Linux) don’t come with the proprietary [microcode](https://en.wikipedia.org/wiki/Microcode) updates that often patch vulnerabilities. Some notable examples of these vulnerabilities include [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)), [Meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)), [SSB](https://en.wikipedia.org/wiki/Speculative_Store_Bypass), [Foreshadow](https://en.wikipedia.org/wiki/Foreshadow), [MDS](https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling), [SWAPGS](https://en.wikipedia.org/wiki/SWAPGS_(security_vulnerability)), and other [hardware vulnerabilities](https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html). +Linuxdistributioner som [Linux-libre](https://en.wikipedia.org/wiki/Linux-libre) eller DIY (Arch Linux) levereras inte med de proprietära [mikrokodsuppdateringarna](https://en.wikipedia.org/wiki/Microcode) som ofta åtgärdar sårbarheter. Några anmärkningsvärda exempel på dessa sårbarheter är [Spectre](https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)), [Meltdown](https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)), [SSB](https://en.wikipedia.org/wiki/Speculative_Store_Bypass), [Foreshadow](https://en.wikipedia.org/wiki/Foreshadow), [MDS](https://en.wikipedia.org/wiki/Microarchitectural_Data_Sampling), [SWAPGS](https://en.wikipedia.org/wiki/SWAPGS_(security_vulnerability)), och andra [maskinvarusårbarheter](https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html). -We **highly recommend** that you install the microcode updates, as your CPU is already running the proprietary microcode from the factory. Fedora and openSUSE both have the microcode updates applied by default. +Vi rekommenderar **starkt** att du installerar mikrokodsuppdateringar, eftersom din CPU redan kör den egenutvecklade mikrokoden från fabriken. Fedora och openSUSE har båda mikrokoduppdateringar som standard. -### Updates +### Uppdateringar -Most Linux distributions will automatically install updates or remind you to do so. It is important to keep your OS up to date so that your software is patched when a vulnerability is found. +De flesta Linuxdistributioner installerar automatiskt uppdateringar eller påminner dig om att göra det. Det är viktigt att hålla operativsystemet uppdaterat så att programvaran korrigeras när en sårbarhet hittas. -Some distributions (particularly those aimed at advanced users) are more barebones and expect you to do things yourself (e.g. Arch or Debian). These will require running the "package manager" (`apt`, `pacman`, `dnf`, etc.) manually in order to receive important security updates. +Vissa distributioner (särskilt de som riktar sig till avancerade användare) är mer avskalade och förväntar sig att du gör saker själv (t.ex. Arch eller Debian). Dessa kräver att du kör "pakethanteraren" (`apt`, `pacman`, `dnf`, etc.) manuellt för att få viktiga säkerhetsuppdateringar. -Additionally, some distributions will not download firmware updates automatically. For that you will need to install [`fwupd`](https://wiki.archlinux.org/title/Fwupd). +Dessutom hämtar vissa distributioner inte uppdateringar av den fasta programvaran automatiskt. För detta måste du installera [`fwupd`](https://wiki.archlinux.org/title/Fwupd). -## Privacy Tweaks +## Verktyg för integritet -### MAC Address Randomization +### Randomisering av MAC-adresser -Many desktop Linux distributions (Fedora, openSUSE, etc) will come with [NetworkManager](https://en.wikipedia.org/wiki/NetworkManager), to configure Ethernet and Wi-Fi settings. +Många Linuxdistributioner för skrivbordssystem (Fedora, openSUSE osv.) levereras med [NetworkManager](https://en.wikipedia.org/wiki/NetworkManager), för att konfigurera Ethernet- och Wi-Fi-inställningar. -It is possible to [randomize](https://fedoramagazine.org/randomize-mac-address-nm/) the [MAC address](https://en.wikipedia.org/wiki/MAC_address) when using NetworkManager. This provides a bit more privacy on Wi-Fi networks as it makes it harder to track specific devices on the network you’re connected to. It does [**not**](https://papers.mathyvanhoef.com/wisec2016.pdf) make you anonymous. +Det är möjligt att [randomisera MAC-adressen](https://fedoramagazine.org/randomize-mac-address-nm/) [MAC-adressen](https://en.wikipedia.org/wiki/MAC_address) när du använder NetworkManager. Detta ger lite mer integritet i Wi-Fi-nätverk eftersom det är svårare att spåra specifika enheter i nätverket du är ansluten till. Den [**gör dig inte anonym**](https://papers.mathyvanhoef.com/wisec2016.pdf). -We recommend changing the setting to **random** instead of **stable**, as suggested in the [article](https://fedoramagazine.org/randomize-mac-address-nm/). +Vi rekommenderar att du ändrar inställningen till **random** i stället för **stable**, vilket föreslås i artikeln [](https://fedoramagazine.org/randomize-mac-address-nm/). -If you are using [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancillary_components), you will need to set [`MACAddressPolicy=random`](https://www.freedesktop.org/software/systemd/man/systemd.link.html#MACAddressPolicy=) which will enable [RFC 7844 (Anonymity Profiles for DHCP Clients)](https://www.freedesktop.org/software/systemd/man/systemd.network.html#Anonymize=). +Om du använder [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancillary_components)måste du ställa in [`MACAddressPolicy=random`](https://www.freedesktop.org/software/systemd/man/systemd.link.html#MACAddressPolicy=) vilket aktiverar [RFC 7844 (Anonymity Profiles for DHCP Clients)](https://www.freedesktop.org/software/systemd/man/systemd.network.html#Anonymize=). -There isn’t many points in randomizing the MAC address for Ethernet connections as a system administrator can find you by looking at the port you are using on the [network switch](https://en.wikipedia.org/wiki/Network_switch). Randomizing Wi-Fi MAC addresses depends on support from the Wi-Fi’s firmware. +Det finns inte många punkter i slumpmässig MAC-adress för Ethernet-anslutningar som en systemadministratör kan hitta dig genom att titta på den port du använder på [-nätverksväxeln](https://en.wikipedia.org/wiki/Network_switch). Randomisering av Wi-Fi- MAC-adresser beror på stöd från Wi-Fi-programmets fasta programvara. -### Other Identifiers +### Andra identifierare -There are other system identifiers which you may wish to be careful about. You should give this some thought to see if it applies to your [threat model](../basics/threat-modeling.md): +Det finns andra systemidentifierare som du bör vara försiktig med. Du bör fundera på om detta gäller för din hotmodell [](../basics/threat-modeling.md): -- **Hostnames:** Your system's hostname is shared with the networks you connect to. You should avoid including identifying terms like your name or operating system in your hostname, instead sticking to generic terms or random strings. -- **Usernames:** Similarly, your username is used in a variety of ways across your system. Consider using generic terms like "user" rather than your actual name. +- **Värdnamn:** Systemets värdnamn delas med de nätverk du ansluter till. Du bör undvika att inkludera identifierande termer som ditt namn eller operativsystem i ditt värdnamn och i stället hålla dig till generiska termer eller slumpmässiga strängar. +- **Användarnamn:** På samma sätt används ditt användarnamn på olika sätt i systemet. Överväg att använda generiska termer som "användare" snarare än ditt faktiska namn. - **Machine ID:**: During installation a unique machine ID is generated and stored on your device. Consider [setting it to a generic ID](https://madaidans-insecurities.github.io/guides/linux-hardening.html#machine-id). ### System Counting @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/os/qubes-overview.md b/i18n/sv/os/qubes-overview.md index 61ac3eb0..7bbe9cb6 100644 --- a/i18n/sv/os/qubes-overview.md +++ b/i18n/sv/os/qubes-overview.md @@ -1,56 +1,55 @@ --- -title: "Qubes Overview" +title: "Översikt över Qubes" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- -[**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). +[**Qubes OS**](../desktop.md#qubes-os) är ett operativsystem som använder hypervisorn [Xen](https://en.wikipedia.org/wiki/Xen) för att ge stark säkerhet för skrivbordsdatorer genom isolerade virtuella maskiner. Varje virtuell dator kallas *Qube* och du kan tilldela varje Qube en förtroendenivå baserat på dess syfte. Eftersom Qubes OS ger säkerhet genom att använda isolering och endast tillåta åtgärder från fall till fall är det motsatsen till [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). -## How does Qubes OS work? +## Hur fungerar Qubes OS? -Qubes uses [compartmentalization](https://www.qubes-os.org/intro/) to keep the system secure. Qubes are created from templates, the defaults being for Fedora, Debian and [Whonix](../desktop.md#whonix). Qubes OS also allows you to create once-use [disposable](https://www.qubes-os.org/doc/how-to-use-disposables/) virtual machines. +Qubes använder [compartmentalization](https://www.qubes-os.org/intro/) för att hålla systemet säkert. Qubes skapas från mallar, med Fedora, Debian och [Whonix](../desktop.md#whonix)som standard. Qubes OS låter dig också skapa en gång [engångs](https://www.qubes-os.org/doc/how-to-use-disposables/) virtuella maskiner. -![Qubes architecture](../assets/img/qubes/qubes-trust-level-architecture.png) -
    Qubes Architecture, Credit: What is Qubes OS Intro
    +![Qubes arkitektur](../assets/img/qubes/qubes-trust-level-architecture.png) +
    Qubes arkitektur, kredit: Vad är Qubes OS Intro
    -Each Qubes application has a [colored border](https://www.qubes-os.org/screenshots/) that can help you keep track of the virtual machine it is running in. You could, for example, use a specific color for your banking browser, while using a different color for a general untrusted browser. +Varje Qubes-program har en färgad kant på [](https://www.qubes-os.org/screenshots/) som kan hjälpa dig att hålla reda på vilken virtuell maskin programmet körs på. Du kan till exempel använda en särskild färg för din bankwebbläsare och en annan färg för en allmänt opålitlig webbläsare. -![Colored border](../assets/img/qubes/r4.0-xfce-three-domains-at-work.png) -
    Qubes window borders, Credit: Qubes Screenshots
    +![Färgad kant](../assets/img/qubes/r4.0-xfce-three-domains-at-work.png) +
    Qubes fönstergränser, kredit: Qubes Screenshots
    -## Why Should I use Qubes? +## Varför ska jag använda Qubes? -Qubes OS is useful if your [threat model](../basics/threat-modeling.md) requires strong compartmentalization and security, such as if you think you'll be opening untrusted files from untrusted sources. A typical reason for using Qubes OS is to open documents from unknown sources. +Qubes OS är användbart om din [hotmodell](../basics/threat-modeling.md) kräver stark uppdelning och säkerhet, t.ex. om du tror att du kommer att öppna opålitliga filer från opålitliga källor. En typisk anledning till att använda Qubes OS är att öppna dokument från okända källor. -Qubes OS utilizes [Dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM (i.e., an "AdminVM") for controlling other guest VMs or Qubes on the host OS. Other VMs display individual application windows within Dom0's desktop environment. It allows you to color code windows based on trust levels and run apps that can interact with each other with very granular control. +Qubes OS använder [Dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM (dvs. en "AdminVM") för att kontrollera andra gäst-VM:er eller Qubes på värdoperativsystemet. Andra virtuella datorer visar individuella programfönster i Dom0: s skrivbordsmiljö. Det gör det möjligt att färgkoda fönster baserat på förtroendenivåer och köra appar som kan interagera med varandra med mycket detaljerad kontroll. -### Copying and Pasting Text +### Kopiera och klistra in text -You can [copy and paste text](https://www.qubes-os.org/doc/how-to-copy-and-paste-text/) using `qvm-copy-to-vm` or the below instructions: +Du kan [kopiera och klistra in text](https://www.qubes-os.org/doc/how-to-copy-and-paste-text/) med hjälp av `qvm-copy-to-vm` eller nedanstående instruktioner: -1. Press **Ctrl+C** to tell the VM you're in that you want to copy something. -2. Press **Ctrl+Shift+C** to tell the VM to make this buffer available to the global clipboard. -3. Press **Ctrl+Shift+V** in the destination VM to make the global clipboard available. -4. Press **Ctrl+V** in the destination VM to paste the contents in the buffer. +1. Tryck på **Ctrl+C** för att tala om för den virtuella maskinen att du vill kopiera något. +2. Tryck på **Ctrl+Shift+C** för att be den virtuella maskinen att göra denna buffert tillgänglig för det globala klippbordet. +3. Tryck på **Ctrl+Shift+V** i destinations-VM för att göra det globala klippbordet tillgängligt. +4. Tryck på **Ctrl+V** i den virtuella maskinen för att klistra in innehållet i bufferten. -### File Exchange +### Filutbyte -To copy and paste files and directories (folders) from one VM to another, you can use the option **Copy to Other AppVM...** or **Move to Other AppVM...**. The difference is that the **Move** option will delete the original file. Either option will protect your clipboard from being leaked to any other Qubes. This is more secure than air-gapped file transfer because an air-gapped computer will still be forced to parse partitions or file systems. That is not required with the inter-qube copy system. +Om du vill kopiera och klistra in filer och kataloger (mappar) från en VM till en annan kan du använda alternativet **Kopiera till annan AppVM...** eller **Flytta till annan AppVM...**. Skillnaden är att alternativet **Move** raderar den ursprungliga filen. Båda alternativen skyddar ditt klippblock från att läcka till andra Qubes. Detta är säkrare än filöverföring med luftgranskning eftersom en dator med luftgranskning fortfarande tvingas analysera partitioner eller filsystem. Detta är inte nödvändigt med inter-qube-kopieringssystemet. -??? info "AppVMs or qubes do not have their own file systems" +??? info "AppVM eller qubes har inte egna filsystem" - You can [copy and move files](https://www.qubes-os.org/doc/how-to-copy-and-move-files/) between Qubes. When doing so the changes aren't immediately made and can be easily undone in case of an accident. + Du kan [kopiera och flytta filer] (https://www.qubes-os.org/doc/how-to-copy-and-move-files/) mellan Qubes. När du gör det görs inte ändringarna omedelbart och kan lätt ångras i händelse av en olycka. -### Inter-VM Interactions +### Inter-VM-interaktioner -The [qrexec framework](https://www.qubes-os.org/doc/qrexec/) is a core part of Qubes which allows virtual machine communication between domains. It is built on top of the Xen library *vchan*, which facilitates [isolation through policies](https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/). +Ramverket [qrexec](https://www.qubes-os.org/doc/qrexec/) är en central del av Qubes som gör det möjligt att kommunicera virtuella maskiner mellan domäner. Det bygger på Xen-biblioteket *vchan*, som underlättar [isolering genom policyer](https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/). -## Additional Resources +## Ytterligare resurser -For additional information we encourage you to consult the extensive Qubes OS documentation pages located on the [Qubes OS Website](https://www.qubes-os.org/doc/). Offline copies can be downloaded from the Qubes OS [documentation repository](https://github.com/QubesOS/qubes-doc). +För ytterligare information rekommenderar vi att du konsulterar de omfattande Qubes OS-dokumentationssidorna som finns på webbplatsen [Qubes OS](https://www.qubes-os.org/doc/). Offlinekopior kan laddas ner från dokumentationsarkivet för Qubes OS [](https://github.com/QubesOS/qubes-doc). -- Open Technology Fund: [*Arguably the world's most secure operating system*](https://www.opentech.fund/news/qubes-os-arguably-the-worlds-most-secure-operating-system-motherboard/) +- Fonden för öppen teknik: [*Världens förmodligen säkraste operativsystem*](https://www.opentech.fund/news/qubes-os-arguably-the-worlds-most-secure-operating-system-motherboard/) - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) -- J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) -- Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.sv.txt" +- J. Rutkowska: [*Partitionera mitt digitala liv i säkerhetsdomäner*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) +- Qubes OS: [*Relaterade artiklar*](https://www.qubes-os.org/news/categories/#articles) diff --git a/i18n/sv/passwords.md b/i18n/sv/passwords.md index b9265b2a..ab79e43f 100644 --- a/i18n/sv/passwords.md +++ b/i18n/sv/passwords.md @@ -1,36 +1,37 @@ --- -title: "Password Managers" +title: "Lösenordshanterare" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- -Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. +Lösenordshanterare gör att du kan lagra och hantera lösenord och andra autentiseringsuppgifter på ett säkert sätt med hjälp av ett huvudlösenord. -[Introduction to Passwords :material-arrow-right-drop-circle:](./basics/passwords-overview.md) +[Introduktion till lösenord :material-arrow-right-drop-circle:](./basics/passwords-overview.md) !!! info - Built-in password managers in software like browsers and operating systems are sometimes not as good as dedicated password manager software. The advantage of a built-in password manager is good integration with the software, but it can often be very simple and lack privacy and security features standalone offerings have. + Inbyggda lösenordshanterare i programvaror som webbläsare och operativsystem är ibland inte lika bra som en särskild programvara för lösenordshantering. Fördelen med en inbyggd lösenordshanterare är att den är väl integrerad med programvaran, men den kan ofta vara mycket enkel och saknar integritets- och säkerhetsfunktioner som fristående produkter har. - For example, the password manager in Microsoft Edge doesn't offer E2EE at all. Google's password manager has [optional](https://support.google.com/accounts/answer/11350823) E2EE, and [Apple's](https://support.apple.com/en-us/HT202303) offers E2EE by default. + Lösenordshanteraren i Microsoft Edge erbjuder till exempel inte alls E2EE. Googles lösenordshanterare har [optional](https://support.google.com/accounts/answer/11350823) E2EE, och [Apple's](https://support.apple.com/en-us/HT202303) erbjuder E2EE som standard. -## Cloud-based +## Molnbaserad -These password managers sync your passwords to a cloud server for easy accessibility from all your devices and safety against device loss. +Dessa lösenordshanterare synkroniserar dina lösenord till en molnserver så att du enkelt kan komma åt dem från alla dina enheter och för att skydda dig mot förlust av enheter. ### Bitwarden !!! recommendation - ![Bitwarden logo](assets/img/password-management/bitwarden.svg){ align=right } + ![Bitwardens logotyp](assets/img/password-management/bitwarden.svg){ align=right } - **Bitwarden** is a free and open-source password manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the best and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices. + **Bitwarden** är en gratis lösenordshanterare med öppen källkod. Syftet är att lösa problem med lösenordshantering för enskilda personer, grupper och företag. Bitwarden är en av de bästa och säkraste lösningarna för att lagra alla dina inloggningar och lösenord och samtidigt hålla dem synkroniserade mellan alla dina enheter. - [:octicons-home-16: Homepage](https://bitwarden.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://bitwarden.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://bitwarden.com/help/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/bitwarden){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://bitwarden.com/help/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/bitwarden){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? :simple-microsoftedge: nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden) - [:simple-appstore: App Store](https://apps.apple.com/app/bitwarden-password-manager/id1137397744) @@ -39,19 +40,18 @@ These password managers sync your passwords to a cloud server for easy accessibi - [:simple-linux: Linux](https://bitwarden.com/download) - [:simple-flathub: Flathub](https://flathub.org/apps/details/com.bitwarden.desktop) - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/bitwarden-password-manager) - - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password-m/nngceckbapebfimnlniiiahkandclblb) - - [:simple-microsoftedge: Edge](https://microsoftedge.microsoft.com/addons/detail/jbkfoedolllekgbhcbcoahefnbanhhlh) + - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/bitwarden-free-password- -Bitwarden also features [Bitwarden Send](https://bitwarden.com/products/send/), which allows you to share text and files securely with [end-to-end encryption](https://bitwarden.com/help/send-encryption). A [password](https://bitwarden.com/help/send-privacy/#send-passwords) can be required along with the send link. Bitwarden Send also features [automatic deletion](https://bitwarden.com/help/send-lifespan). +Bitwarden har också [Bitwarden Send](https://bitwarden.com/products/send/), vilket gör att du kan dela text och filer säkert med [end-to-end-kryptering](https://bitwarden.com/help/send-encryption). Ett lösenord [](https://bitwarden.com/help/send-privacy/#send-passwords) kan krävas tillsammans med sändningslänken. Bitwarden Send har också [automatisk radering](https://bitwarden.com/help/send-lifespan). -You need the [Premium Plan](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) to be able to share files. The free plan only allows text sharing. +Du behöver [Premium Plan](https://bitwarden.com/help/about-bitwarden-plans/#compare-personal-plans) för att kunna dela filer. Gratisabonnemanget tillåter endast textdelning. -Bitwarden's server-side code is [open-source](https://github.com/bitwarden/server), so if you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden sync server. +Bitwardens kod på serversidan är [öppen källkod](https://github.com/bitwarden/server), så om du inte vill använda Bitwardens moln kan du enkelt vara värd för din egen Bitwarden-synkroniseringsserver. -**Vaultwarden** is an alternative implementation of Bitwarden's sync server written in Rust and compatible with official Bitwarden clients, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal. If you are looking to self-host Bitwarden on your own server, you almost certainly want to use Vaultwarden over Bitwarden's official server code. +**Vaultwarden** är en alternativ implementering av Bitwardens synkroniseringsserver skriven i Rust och kompatibel med officiella Bitwarden-klienter, perfekt för självhostad distribution där körning av den officiella resurstunga tjänsten kanske inte är idealisk. Om du vill vara värd för Bitwarden på din egen server, vill du nästan säkert använda Vaultwarden över Bitwardens officiella serverkod. -[:octicons-repo-16: Vaultwarden Repository](https://github.com/dani-garcia/vaultwarden ""){.md-button} [:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ .card-link title=Documentation} -[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ .card-link title="Source Code" } +[:octicons-repo-16: Vaultwardens utvecklingskatalog](https://github.com/dani-garcia/vaultwarden ""){.md-button} [:octicons-info-16:](https://github.com/dani-garcia/vaultwarden/wiki){ . ard-link title=Dokumentation} +[:octicons-code-16:](https://github.com/dani-garcia/vaultwarden){ . ard-link title="Källkod" } [:octicons-heart-16:](https://github.com/sponsors/dani-garcia){ .card-link title=Contribute } ### 1Password @@ -60,40 +60,38 @@ Bitwarden's server-side code is [open-source](https://github.com/bitwarden/serve ![1Password logo](assets/img/password-management/1password.svg){ align=right } - **1Password** is a password manager with a strong focus on security and ease-of-use, which allows you to store passwords, credit cards, software licenses, and any other sensitive information in a secure digital vault. Your vault is hosted on 1Password's servers for a [monthly fee](https://1password.com/sign-up/). 1Password is [audited](https://support.1password.com/security-assessments/) on a regular basis and provides exceptional customer support. 1Password is closed source; however, the security of the product is thoroughly documented in their [security white paper](https://1passwordstatic.com/files/security/1password-white-paper.pdf). + **1Password** är en lösenordshanterare med starkt fokus på säkerhet och användarvänlighet, som gör att du kan lagra lösenord, kreditkort, programlicenser och annan känslig information i ett säkert digitalt valv. Ditt valv lagras på 1Passwords servrar för en [månadsavgift] (https://1password.com/sign-up/). 1Password är [audited](https://support.1password.com/security-assessments/) på regelbunden basis och erbjuder exceptionell kundsupport. 1Password är en sluten källa, men produktens säkerhet dokumenteras noggrant i deras [white paper om säkerhet](https://1passwordstatic.com/files/security/1password-white-paper.pdf). - [:octicons-home-16: Homepage](https://1password.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://support.1password.com/1password-privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://support.1password.com/){ .card-link title=Documentation} - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.onepassword.android) + [:octicons-home-16: Repository](https://github.com/Hackeralert/Picocrypt){ .md-button .md-button--primary } + [:octicons-eye-16:](https://github.com/Hackeralert/Picocrypt){ .card-link title="Source Code" } + [:octicons-info-16:](https://support.1password.com){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.onepassword.android) - [:simple-appstore: App Store](https://apps.apple.com/app/id1511601750?mt=8) - - [:simple-windows11: Windows](https://1password.com/downloads/windows/) - - [:simple-apple: macOS](https://1password.com/downloads/mac/) - - [:simple-linux: Linux](https://1password.com/downloads/linux/) + - [:simple-windows11: Android]() + - [:simple-apple: Windows]() + - [:simple-linux: macOS]() + - [ Linux]() + - [ Flathub/) -Traditionally, **1Password** has offered the best password manager user experience for people using macOS and iOS; however, it has now achieved feature-parity across all platforms. It boasts many features geared towards families and less technical people, as well as advanced functionality. +Traditionellt har **1Password** erbjudit den bästa användarupplevelsen av lösenordshanteraren för personer som använder macOS och iOS, men nu har den fått samma funktioner på alla plattformar. Den har många funktioner som är inriktade på familjer och mindre tekniska personer, samt avancerad funktionalitet. -Your 1Password vault is secured with both your master password and a randomized 34-character security key to encrypt your data on their servers. This security key adds a layer of protection to your data because your data is secured with high entropy regardless of your master password. Many other password manager solutions are entirely reliant on the strength of your master password to secure your data. +Ditt 1Password-valv är skyddat med både ditt huvudlösenord och en slumpmässig 34-teckig säkerhetsnyckel för att kryptera dina data på deras servrar. Den här säkerhetsnyckeln ger dina data ett extra skydd eftersom dina data är säkrade med hög entropi oavsett huvudlösenordet. Många andra lösenordshanteringslösningar är helt beroende av styrkan i ditt huvudlösenord för att säkra dina data. -One advantage 1Password has over Bitwarden is its first-class support for native clients. While Bitwarden relegates many duties, especially account management features, to their web vault interface, 1Password makes nearly every feature available within its native mobile or desktop clients. 1Password's clients also have a more intuitive UI, which makes them easier to use and navigate. +En fördel som 1Password har jämfört med Bitwarden är dess förstklassiga stöd för inhemska klienter. Medan Bitwarden hänvisar många uppgifter, särskilt kontohanteringsfunktioner, till sitt webbgränssnitt, gör 1Password nästan alla funktioner tillgängliga i sina mobila och stationära klienter. 1Password-klienterna har också ett mer intuitivt användargränssnitt, vilket gör dem lättare att använda och navigera. ### Psono !!! recommendation - ![Psono logo](assets/img/password-management/psono.svg){ align=right } + ![Psono-logotyp](assets/img/password-management/psono.svg){ align=right } - **Psono** is a free and open-source password manager from Germany, with a focus on password management for teams. Psono supports secure sharing of passwords, files, bookmarks, and emails. All secrets are protected by a master password. + **Psono** är en gratis lösenordshanterare med öppen källkod från Tyskland, med fokus på lösenordshantering för team. Psono stöder säker delning av lösenord, filer, bokmärken och e-post. Alla hemligheter skyddas av ett huvudlösenord. - [:octicons-home-16: Homepage](https://psono.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://psono.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://doc.psono.com){ .card-link title=Documentation} - [:octicons-code-16:](https://gitlab.com/psono){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://doc.psono.com/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://gitlab.com/psono){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.psono.psono) - [:simple-appstore: App Store](https://apps.apple.com/us/app/psono-password-manager/id1545581224) @@ -101,34 +99,34 @@ One advantage 1Password has over Bitwarden is its first-class support for native - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/psonopw-password-manager/eljmjmgjkbmpmfljlmklcfineebidmlo) - [:simple-docker: Docker Hub](https://hub.docker.com/r/psono/psono-client) -Psono provides extensive documentation for their product. The web-client for Psono can be self-hosted; alternatively, you can choose the full Community Edition or the Enterprise Edition with additional features. +Psono tillhandahåller omfattande dokumentation för sin produkt. Webbklienten för Psono kan vara självhyst, alternativt kan du välja den fullständiga Community Edition eller Enterprise Edition med ytterligare funktioner. -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -#### Minimum Requirements +#### Minimikrav -- Must utilize strong, standards-based/modern E2EE. -- Must have thoroughly documented encryption and security practices. -- Must have a published audit from a reputable, independent third-party. -- All non-essential telemetry must be optional. -- Must not collect more PII than is necessary for billing purposes. +- Måste använda starka, standardbaserade/moderna E2EE. +- Måste ha noggrant dokumenterade krypterings- och säkerhetsrutiner. +- Måste ha en publicerad revision från en välrenommerad, oberoende tredje part. +- All icke nödvändig telemetri måste vara frivillig. +- Får inte samla in mer PII än vad som är nödvändigt för fakturering. -#### Best-Case +#### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. -- Telemetry should be opt-in (disabled by default) or not collected at all. -- Should be open-source and reasonably self-hostable. +- Telemetri bör vara opt-in (inaktiverad som standard) eller inte samlas in alls. +- Den bör ha öppen källkod och vara någorlunda självhanterlig. -## Local Storage +## Lokal lagring -These options allow you to manage an encrypted password database locally. +Med dessa alternativ kan du hantera en krypterad lösenordsdatabas lokalt. ### KeePassXC @@ -136,15 +134,15 @@ These options allow you to manage an encrypted password database locally. ![KeePassXC logo](assets/img/password-management/keepassxc.svg){ align=right } - **KeePassXC** is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal to extend and improve it with new features and bugfixes to provide a feature-rich, cross-platform and modern open-source password manager. + **KeePassXC** är en gemenskapsfork av KeePassX, en inhemsk plattformsoberoende anpassning av KeePass Password Safe, med målet att utöka och förbättra den med nya funktioner och felrättningar för att tillhandahålla en funktionsrik, plattformsoberoende och modern lösenordshanterare med öppen källkod. - [:octicons-home-16: Homepage](https://keepassxc.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://keepassxc.org/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://keepassxc.org/docs/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/keepassxreboot/keepassxc){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://keepassxc.org/docs/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/keepassxreboot/keepassxc){ .card-link title="Källkod" } [:octicons-heart-16:](https://keepassxc.org/donate/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-windows11: Windows](https://keepassxc.org/download/#windows) - [:simple-apple: macOS](https://keepassxc.org/download/#mac) @@ -153,49 +151,47 @@ These options allow you to manage an encrypted password database locally. - [:simple-firefoxbrowser: Firefox](https://addons.mozilla.org/firefox/addon/keepassxc-browser) - [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/keepassxc-browser/oboonakemofpalcgghocfoadofidjkkk) -KeePassXC stores its export data as [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) files. This may mean data loss if you import this file into another password manager. We advise you check each record manually. +KeePassXC lagrar sina exportdata som [CSV](https://en.wikipedia.org/wiki/Comma-separated_values) -filer. Detta kan innebära att du förlorar data om du importerar filen till en annan lösenordshanterare. Vi rekommenderar att du kontrollerar varje post manuellt. ### KeePassDX (Android) !!! recommendation - ![KeePassDX logo](assets/img/password-management/keepassdx.svg){ align=right } + ![KeePassDX logotyp](assets/img/password-management/keepassdx.svg){ align=right } - **KeePassDX** is a lightweight password manager for Android, allows editing encrypted data in a single file in KeePass format and can fill in the forms in a secure way. [Contributor Pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) allows unlocking cosmetic content and non-standard protocol features, but more importantly, it helps and encourages development. + **KeePassDX** är en lättviktig lösenordshanterare för Android som gör det möjligt att redigera krypterade data i en enda fil i KeePass-format och fylla i formulär på ett säkert sätt. [Contributor Pro] (https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) gör det möjligt att låsa upp kosmetiskt innehåll och icke-standardiserade protokollfunktioner, men viktigare är att det hjälper och uppmuntrar till utveckling. - [:octicons-home-16: Homepage](https://www.keepassdx.com){ .md-button .md-button--primary } - [:octicons-info-16:](https://github.com/Kunzisoft/KeePassDX/wiki){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/Kunzisoft/KeePassDX){ .card-link title="Source Code" } - [:octicons-heart-16:](https://www.keepassdx.com/#donation){ .card-link title=Contribute } - - ??? downloads + [:octicons-heart-16:](https://www.keepassdx.com/#donation){ .card-link title=Contribute??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free) - - [:simple-github: GitHub](https://github.com/Kunzisoft/KeePassDX/releases) + - [:simple-github: App Store](https://github.com/Kunzisoft/KeePassDX/releases) ### Strongbox (iOS & macOS) !!! recommendation - ![Strongbox logo](assets/img/password-management/strongbox.svg){ align=right } + ![Strongbox-logotyp](assets/img/password-management/strongbox.svg){ align=right } - **Strongbox** is a native, open-source password manager for iOS and macOS. Supporting both KeePass and Password Safe formats, Strongbox can be used in tandem with other password managers, like KeePassXC, on non-Apple platforms. By employing a [freemium model](https://strongboxsafe.com/pricing/), Strongbox offers most features under its free tier with more convenience-oriented [features](https://strongboxsafe.com/comparison/)—such as biometric authentication—locked behind a subscription or perpetual license. + **Strongbox** är en inhemsk lösenordshanterare med öppen källkod för iOS och macOS. Strongbox stöder både KeePass- och Password Safe-format och kan användas tillsammans med andra lösenordshanterare, som KeePassXC, på andra plattformar än Apple-plattformar. Genom att använda en [freemium modell](https://strongboxsafe.com/pricing/), erbjuder Strongbox de flesta funktioner under sin fria nivå med mer bekvämlighetsinriktad [features](https://strongboxsafe. om/comparison/) – såsom biometrisk autentisering – låst bakom en prenumeration eller evig licens. - [:octicons-home-16: Homepage](https://strongboxsafe.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://strongboxsafe.com/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://strongboxsafe.com/getting-started/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/strongbox-password-safe/Strongbox){ .card-link title="Source Code" } - [:octicons-heart-16:](https://github.com/strongbox-password-safe/Strongbox#supporting-development){ .card-link title=Contribute } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://keepassxc.org/docs/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/keepassxreboot/keepassxc){ .card-link title="Källkod" } + [:octicons-heart-16:](https://keepassxc.org/donate/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-appstore: App Store](https://apps.apple.com/app/strongbox-keepass-pwsafe/id897283731) -Additionally, there is an offline-only version offered: [Strongbox Zero](https://apps.apple.com/app/strongbox-keepass-pwsafe/id1581589638). This version is stripped down in an attempt to reduce attack surface. +Dessutom finns det en offline-version som erbjuds: [Strongbox Zero](https://apps.apple.com/app/strongbox-keepass-pwsafe/id1581589638). Denna version är avskalad i ett försök att minska angreppsytan. -### Command-line +### Kommandorad -These products are minimal password managers that can be used within scripting applications. +Dessa produkter är minimala lösenordshanterare som kan användas inom skriptprogram. #### gopass @@ -203,28 +199,24 @@ These products are minimal password managers that can be used within scripting a ![gopass logo](assets/img/password-management/gopass.svg){ align=right } - **gopass** is a password manager for the command line written in Go. It works on all major desktop and server operating systems (Linux, macOS, BSD, Windows). + **gopass** är en lösenordshanterare för kommandoraden skriven i Go. Det fungerar på alla större skrivbords- och serveroperativsystem (Linux, macOS, BSD, Windows). - [:octicons-home-16: Homepage](https://www.gopass.pw){ .md-button .md-button--primary } - [:octicons-info-16:](https://github.com/gopasspw/gopass/tree/master/docs){ .card-link title=Documentation} + [:octicons-home-16: Homepage](https://openwrt.org){ .md-button .md-button--primary } + [:octicons-info-16:](https://openwrt.org/docs/start){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/gopasspw/gopass){ .card-link title="Source Code" } - [:octicons-heart-16:](https://github.com/sponsors/dominikschulz){ .card-link title=Contribute } - - ??? downloads + [:octicons-heart-16:](https://github.com/sponsors/dominikschulz){ .card-link title=Contribute??? nedladdningar - [:simple-windows11: Windows](https://www.gopass.pw/#install-windows) - [:simple-apple: macOS](https://www.gopass.pw/#install-macos) - [:simple-linux: Linux](https://www.gopass.pw/#install-linux) - [:simple-freebsd: FreeBSD](https://www.gopass.pw/#install-bsd) -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -- Must be cross-platform. - ---8<-- "includes/abbreviations.sv.txt" +- Måste vara plattformsoberoende. diff --git a/i18n/sv/productivity.md b/i18n/sv/productivity.md index bd250f49..b5af915e 100644 --- a/i18n/sv/productivity.md +++ b/i18n/sv/productivity.md @@ -1,6 +1,7 @@ --- -title: "Productivity Tools" +title: "Produktivitetsverktyg" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -11,17 +12,17 @@ Most online office suites do not support E2EE, meaning the cloud provider has ac !!! recommendation - ![Nextcloud logo](assets/img/productivity/nextcloud.svg){ align=right } + ![Nextcloud-logotyp](assets/img/productivity/nextcloud.svg){ align=right } - **Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. + **Nextcloud** är en svit med gratis klient-serverprogramvara med öppen källkod för att skapa egna filhostingtjänster på en privat server som du kontrollerar. - [:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://nextcloud.com/support/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Källkod" } [:octicons-heart-16:](https://nextcloud.com/contribute/){ .card-link title=Contribute } - ??? downloads + ??? nedladdningar - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client) - [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102) @@ -31,9 +32,9 @@ Most online office suites do not support E2EE, meaning the cloud provider has ac - [:simple-linux: Linux](https://nextcloud.com/install/#install-clients) - [:simple-freebsd: FreeBSD](https://www.freshports.org/www/nextcloud) -!!! danger +!!! fara - We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers. + Vi rekommenderar inte att du använder [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) för Nextcloud eftersom det kan leda till dataförluster; det är mycket experimentellt och inte av produktionskvalitet. For this reason, we don't recommend third-party Nextcloud providers. ### CryptPad @@ -49,13 +50,13 @@ Most online office suites do not support E2EE, meaning the cloud provider has ac [:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" } [:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Contribute } -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. In general, we define collaboration platforms as full-fledged suites which could reasonably act as a replacement to collaboration platforms like Google Drive. @@ -66,9 +67,9 @@ In general, we define collaboration platforms as full-fledged suites which could - Supports real-time document collaboration. - Supports exporting documents to standard document formats (e.g. ODF). -#### Best-Case +#### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. - Should store files in a conventional filesystem. - Should support TOTP or FIDO2 multi-factor authentication support, or Passkey logins. @@ -122,18 +123,18 @@ Our best-case criteria represents what we would like to see from the perfect pro - [:simple-flathub: Flathub](https://flathub.org/apps/details/org.onlyoffice.desktopeditors) - [:simple-freebsd: FreeBSD](https://www.freshports.org/www/onlyoffice-documentserver/) -### Criteria +### Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. In general, we define office suites as applications which could reasonably act as a replacement for Microsoft Word for most needs. -- Must be cross-platform. -- Must be open-source software. +- Måste vara plattformsoberoende. +- Måste vara programvara med öppen källkod. - Must function offline. - Must support editing documents, spreadsheets, and slideshows. - Must export files to standard document formats. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/real-time-communication.md b/i18n/sv/real-time-communication.md index c48832a0..d9157869 100644 --- a/i18n/sv/real-time-communication.md +++ b/i18n/sv/real-time-communication.md @@ -1,6 +1,7 @@ --- -title: "Real-Time Communication" +title: "Realtidskommunikation" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -100,7 +101,7 @@ Briar supports perfect forward secrecy by using the Bramble [Handshake](https:// ## Additional Options -!!! warning +!!! varning These messengers do not have Perfect [Forward Secrecy](https://en.wikipedia.org/wiki/Forward_secrecy) (PFS), and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of **all** past communications. @@ -169,27 +170,25 @@ Oxen requested an independent audit for Session in March of 2020. The audit [con Session has a [whitepaper](https://arxiv.org/pdf/2002.04609.pdf) describing the technicals of the app and protocol. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. - Must have open-source clients. - Must use E2EE for private messages by default. - Must support E2EE for all messages. - Must have been independently audited. -### Best-Case +### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. - Should have Perfect Forward Secrecy. - Should have open-source servers. - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/router.md b/i18n/sv/router.md index 51b99466..ac86ded6 100644 --- a/i18n/sv/router.md +++ b/i18n/sv/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Nedan följer några alternativa operativsystem som kan användas på routrar, Wi-Fi-accesspunkter osv. @@ -36,16 +37,14 @@ Du kan se OpenWrts [tabell över maskinvara](https://openwrt.org/toh/start) för OPNsense utvecklades ursprungligen som en gaffel av [pfSense](https://en.wikipedia.org/wiki/PfSense), och båda projekten är kända för att vara fria och pålitliga brandväggsdistributioner som erbjuder funktioner som ofta endast finns i dyra kommersiella brandväggar. Utvecklarna av OPNsense [, som lanserades 2015, citerade](https://docs.opnsense.org/history/thefork.html) ett antal säkerhets- och kodkvalitetsproblem med pfSense som de ansåg nödvändiggjorde en delning av projektet, samt oro över Netgates majoritetsförvärv av pfSense och pfSense-projektets framtida inriktning. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. - Måste vara öppen källkod. - Måste få regelbundna uppdateringar. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/search-engines.md b/i18n/sv/search-engines.md index 51cab885..e4318c7e 100644 --- a/i18n/sv/search-engines.md +++ b/i18n/sv/search-engines.md @@ -1,6 +1,7 @@ --- -title: "Search Engines" +title: "Sökmotorer" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -78,7 +79,7 @@ When you are using a SearXNG instance, be sure to go read their privacy policy. [:octicons-eye-16:](https://www.startpage.com/en/privacy-policy){ .card-link title="Privacy Policy" } [:octicons-info-16:](https://support.startpage.com/hc/en-us/categories/4481917470356-Startpage-Search-Engine){ .card-link title=Documentation} -!!! warning +!!! varning Startpage regularly limits service access to certain IP addresses, such as IPs reserved for VPNs or Tor. [DuckDuckGo](#duckduckgo) and [Brave Search](#brave-search) are friendlier options if your threat model requires hiding your IP address from the search provider. @@ -86,24 +87,22 @@ Startpage is based in the Netherlands. According to their [privacy policy](https Startpage's majority shareholder is System1 who is an adtech company. We don't believe that to be an issue as they have a distinctly separate [privacy policy](https://system1.com/terms/privacy-policy). The Privacy Guides team reached out to Startpage [back in 2020](https://web.archive.org/web/20210118031008/https://blog.privacytools.io/relisting-startpage/) to clear up any concerns with System1's sizeable investment into the service. We were satisfied with the answers we received. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -### Minimum Requirements +### Minimikrav - Must not collect personally identifiable information per their privacy policy. - Must not allow users to create an account with them. -### Best-Case +### Bästa fall -Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. +Våra kriterier för bästa fall representerar vad vi skulle vilja se av det perfekta projektet i denna kategori. Våra rekommendationer kanske inte innehåller alla eller några av dessa funktioner, men de som gör det kan vara högre rankade än andra på den här sidan. - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/sv/tools.md b/i18n/sv/tools.md index 88d941ee..7a84a465 100644 --- a/i18n/sv/tools.md +++ b/i18n/sv/tools.md @@ -1,17 +1,18 @@ --- -title: "Privacy Tools" +title: "Verktyg för integritet" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- -If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. +Om du letar efter en specifik lösning på något är det här hård- och mjukvaruverktyg som vi rekommenderar i olika kategorier. Våra rekommenderade verktyg för integritetsskydd är i första hand valda utifrån säkerhetsfunktioner, med ytterligare betoning på decentraliserade verktyg och verktyg med öppen källkod. De kan tillämpas på en mängd olika hotmodeller, från skydd mot globala massövervakningsprogram och undvikande av stora teknikföretag till begränsning av attacker, men det är bara du som kan avgöra vad som fungerar bäst för dina behov. -If you want assistance figuring out the best privacy tools and alternative programs for your needs, start a discussion on our [forum](https://discuss.privacyguides.net/) or our [Matrix](https://matrix.to/#/#privacyguides:matrix.org) community! +Om du vill ha hjälp med att hitta de bästa verktygen för sekretess och alternativa program för dina behov kan du starta en diskussion i vårt forum [](https://discuss.privacyguides.net/) eller i vår community [Matrix](https://matrix.to/#/#privacyguides:matrix.org)! -For more details about each project, why they were chosen, and additional tips or tricks we recommend, click the "Learn more" link in each section, or click on the recommendation itself to be taken to that specific section of the page. +Om du vill ha mer information om varje projekt, varför de valdes ut och ytterligare tips och tricks som vi rekommenderar, kan du klicka på länken "Läs mer" i varje avsnitt eller klicka på själva rekommendationen för att komma till det specifika avsnittet på sidan. -## Tor Network +## Tor-nätverket
    @@ -21,32 +22,32 @@ For more details about each project, why they were chosen, and additional tips o
    -1. Snowflake does not increase privacy, however it allows you to easily contribute to the Tor network and help people in censored networks achieve better privacy. +1. Snowflake ökar inte integriteten, men det gör det möjligt för dig att enkelt bidra till Tor-nätverket och hjälpa människor i censurerade nätverk att få bättre integritet. -[Learn more :material-arrow-right-drop-circle:](tor.md) +[Läs mer :material-arrow-right-drop-circle:](tor.md) -## Desktop Web Browsers +## Webbläsare för skrivbordet
    -- ![Firefox logo](assets/img/browsers/firefox.svg){ .twemoji } [Firefox](desktop-browsers.md#firefox) -- ![Brave logo](assets/img/browsers/brave.svg){ .twemoji } [Brave](desktop-browsers.md#brave) +- ![Firefox logotyp](assets/img/browsers/firefox.svg){ .twemoji } [Firefox](desktop-browsers.md#firefox) +- ![Brave logotyp](assets/img/browsers/brave.svg){ .twemoji } [Brave](desktop-browsers.md#brave)
    -[Learn more :material-arrow-right-drop-circle:](desktop-browsers.md) +[Läs mer :material-arrow-right-drop-circle:](desktop-browsers.md) -### Additional Resources +### Ytterligare resurser
    -- ![uBlock Origin logo](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](desktop-browsers.md#ublock-origin) +- ![uBlock Origin-logotyp](assets/img/browsers/ublock_origin.svg){ .twemoji } [uBlock Origin](desktop-browsers.md#ublock-origin)
    -[Learn more :material-arrow-right-drop-circle:](desktop-browsers.md#additional-resources) +[Läs mer :material-arrow-right-drop-circle:](desktop-browsers.md#additional-resources) -## Mobile Web Browsers +## Webbläsare för mobiler
    @@ -55,21 +56,21 @@ For more details about each project, why they were chosen, and additional tips o
    -[Learn more :material-arrow-right-drop-circle:](mobile-browsers.md) +[Läs mer :material-arrow-right-drop-circle:](mobile-browsers.md) -### Additional Resources +### Ytterligare resurser
    -- ![AdGuard logo](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard for iOS](mobile-browsers.md#adguard) +- ![AdGuard logotyp](assets/img/browsers/adguard.svg){ .twemoji } [AdGuard för iOS](mobile-browsers.md#adguard)
    -[Learn more :material-arrow-right-drop-circle:](mobile-browsers.md#adguard) +[Läs mer :material-arrow-right-drop-circle:](mobile-browsers.md#adguard) -## Operating Systems +## Operativsystem -### Mobile +### Mobil
    @@ -78,13 +79,13 @@ For more details about each project, why they were chosen, and additional tips o
    -[Learn more :material-arrow-right-drop-circle:](android.md) +[Läs mer :material-arrow-right-drop-circle:](android.md) -#### Android Apps +#### Android-app
    -- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -92,9 +93,9 @@ For more details about each project, why they were chosen, and additional tips o
    -[Learn more :material-arrow-right-drop-circle:](android.md#general-apps) +[Läs mer :material-arrow-right-drop-circle:](android.md#general-apps) -### Desktop/PC +### Skrivbord
    @@ -109,51 +110,51 @@ For more details about each project, why they were chosen, and additional tips o
    -[Learn more :material-arrow-right-drop-circle:](desktop.md) +[Läs mer :material-arrow-right-drop-circle:](desktop.md) ### Router Firmware
    -- ![OpenWrt logo](assets/img/router/openwrt.svg#only-light){ .twemoji }![OpenWrt logo](assets/img/router/openwrt-dark.svg#only-dark){ .twemoji } [OpenWrt](router.md#openwrt) -- ![OPNsense logo](assets/img/router/opnsense.svg){ .twemoji } [OPNsense](router.md#opnsense) +- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/openwrt-dark.svg#only-dark){ .twemoji } [OpenWrt](router.md#openwrt) +- ![DivestOS logo](assets/img/android/opnsense.svg){ .twemoji } [OPNsense](router.md#opnsense)
    -[Learn more :material-arrow-right-drop-circle:](router.md) +[Läs mer :material-arrow-right-drop-circle:](router.md) -## Service Providers +## Tjänsteleverantörer -### Cloud Storage +### Molnlagring
    -- ![Proton Drive logo](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive) +- ![Proton Drive-logotyp](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive)
    -[Learn more :material-arrow-right-drop-circle:](cloud.md) +[Läs mer :material-arrow-right-drop-circle:](cloud.md) ### DNS -#### DNS Providers +#### DNS Leverantörer -We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers based on a variety of criteria, such as [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) and [Quad9](https://quad9.net/) amongst others. We recommend for you to read our pages on DNS before choosing a provider. In many cases, using an alternative DNS provider is not recommended. +Vi [rekommenderar](dns.md#recommended-providers) ett antal krypterade DNS-servrar utifrån olika kriterier, t.ex. [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) och [Quad9](https://quad9.net/). Vi rekommenderar att du läser våra sidor om DNS innan du väljer en leverantör. I många fall är det inte rekommenderat att använda en alternativ DNS-leverantör. -[Learn more :material-arrow-right-drop-circle:](dns.md) +[Läs mer :material-arrow-right-drop-circle:](dns.md) -#### Encrypted DNS Proxies +#### Krypterade DNS-proxyservrar
    -- ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ .twemoji }![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ .twemoji } [RethinkDNS](dns.md#rethinkdns) -- ![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ .twemoji } [dnscrypt-proxy](dns.md#dnscrypt-proxy) +- ![GrapheneOS logo](assets/img/android/grapheneos.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ .twemoji } [RethinkDNS](dns.md#rethinkdns) +- ![DivestOS logo](assets/img/android/dnscrypt-proxy.svg){ .twemoji } [dnscrypt-proxy](dns.md#dnscrypt-proxy)
    -[Learn more :material-arrow-right-drop-circle:](dns.md#encrypted-dns-proxies) +[Läs mer :material-arrow-right-drop-circle:](dns.md#encrypted-dns-proxies) -#### Self-hosted Solutions +#### Egenstyrda lösningar
    @@ -162,22 +163,22 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](dns.md#self-hosted-solutions) +[Läs mer :material-arrow-right-drop-circle:](dns.md#self-hosted-solutions) -### Email +### E-postadress
    - ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) - ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) -- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmaildark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) - ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota)
    -[Learn more :material-arrow-right-drop-circle:](email.md) +[Läs mer :material-arrow-right-drop-circle:](email.md) -#### Email Aliasing Services +#### E-postaliaseringstjänster
    @@ -186,9 +187,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](email.md#email-aliasing-services) +[Läs mer :material-arrow-right-drop-circle:](email.md#email-aliasing-services) -#### Self-Hosting Email +#### Självhanterande e-post
    @@ -197,9 +198,32 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +[Läs mer :material-arrow-right-drop-circle:](email.md#self-hosting-email) -### Search Engines +### Financial Services + +#### Payment Masking Services + +
    + +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
    + +[Läs mer :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
    + +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
    + +[Läs mer :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + +### Sökmotorer
    @@ -210,33 +234,33 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](search-engines.md) +[Läs mer :material-arrow-right-drop-circle:](search-engines.md) -### VPN Providers +### DNS Leverantörer -??? danger "VPNs do not provide anonymity" +??? vPN-tjänster kan inte ge anonymitet" - Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. + En VPN kommer **inte** att hålla dina surfvanor anonyma, och inte heller kommer den att lägga till ytterligare säkerhet för icke-säker (HTTP) trafik. - If you are looking for **anonymity**, you should use the Tor Browser **instead** of a VPN. + Om du är ute efter **anonymitet** bör du använda Tor Browser **i stället** för en VPN. - If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices. + Om du vill öka **säkerheten** bör du alltid se till att du ansluter till webbplatser med HTTPS. En VPN är inte en ersättning för goda säkerhetsrutiner. - [Learn more :material-arrow-right-drop-circle:](vpn.md) + [Läs mer :material-arrow-right-drop-circle:](vpn.md)
    -- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
    -[Learn more :material-arrow-right-drop-circle:](vpn.md) +[Läs mer :material-arrow-right-drop-circle:](vpn.md) -## Software +## Programvara -### Calendar Sync +### Kalendersynkronisering
    @@ -245,9 +269,19 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](calendar.md) +[Läs mer :material-arrow-right-drop-circle:](calendar.md) -### Data and Metadata Redaction +### Cryptocurrency + +
    + +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
    + +[Läs mer :material-arrow-right-drop-circle:](cryptocurrency.md) + +### Redigering av data och metadata
    @@ -259,9 +293,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](data-redaction.md) +[Läs mer :material-arrow-right-drop-circle:](data-redaction.md) -### Email Clients +### E-postklienter
    @@ -272,20 +306,20 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b - ![GNOME Evolution logo](assets/img/email-clients/evolution.svg){ .twemoji } [GNOME Evolution (Linux)](email-clients.md#gnome-evolution-gnome) - ![K-9 Mail logo](assets/img/email-clients/k9mail.svg){ .twemoji } [K-9 Mail (Android)](email-clients.md#k-9-mail-android) - ![Kontact logo](assets/img/email-clients/kontact.svg){ .twemoji } [Kontact (Linux)](email-clients.md#kontact-kde) -- ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP in standard webmail)](email-clients.md#mailvelope-browser) +- ![Mailvelope logo](assets/img/email-clients/mailvelope.svg){ .twemoji } [Mailvelope (PGP i standardwebmail)](email-clients.md#mailvelope-browser) - ![NeoMutt logo](assets/img/email-clients/mutt.svg){ .twemoji } [NeoMutt (CLI)](email-clients.md#neomutt-cli)
    -[Learn more :material-arrow-right-drop-circle:](email-clients.md) +[Läs mer :material-arrow-right-drop-circle:](email-clients.md) ### Programvara för kryptering -??? info "Operating System Disk Encryption" +??? info "Diskryptering av operativsystemet" - For encrypting your operating system drive, we typically recommend using whichever encryption tool your operating system provides, whether that is **BitLocker** on Windows, **FileVault** on macOS, or **LUKS** on Linux. These tools are included with the operating system and typically use hardware encryption elements such as a TPM that other full-disk encryption software like VeraCrypt do not. VeraCrypt is still suitable for non-operating system disks such as external drives, especially drives that may be accessed from multiple operating systems. + För att kryptera din operativsystemenhet rekommenderar vi vanligtvis att du använder det krypteringsverktyg som operativsystemet tillhandahåller, oavsett om det är **BitLocker** i Windows, **FileVault** i macOS eller **LUKS** i Linux. Dessa verktyg ingår i operativsystemet och använder vanligtvis hårdvarukrypteringselement, t. ex. en TPM, som andra krypteringsprogram för hela hårddiskar, t. ex. VeraCrypt, inte gör. VeraCrypt lämpar sig fortfarande för diskar som inte är i driftssystemet, t. ex. externa enheter, särskilt enheter som kan nås från flera olika operativsystem. - [Learn more :material-arrow-right-drop-circle:](encryption.md##operating-system-included-full-disk-encryption-fde) + [Läs mer :material-arrow-right-drop-circle:](encryption.md##operating-system-included-full-disk-encryption-fde)
    @@ -293,27 +327,27 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b - ![Picocrypt logo](assets/img/encryption-software/picocrypt.svg){ .twemoji } [Picocrypt](encryption.md#picocrypt-file) - ![VeraCrypt logo](assets/img/encryption-software/veracrypt.svg#only-light){ .twemoji }![VeraCrypt logo](assets/img/encryption-software/veracrypt-dark.svg#only-dark){ .twemoji } [VeraCrypt (FDE)](encryption.md#veracrypt-disk) - ![Hat.sh logo](assets/img/encryption-software/hat-sh.png#only-light){ .twemoji }![Hat.sh logo](assets/img/encryption-software/hat-sh-dark.png#only-dark){ .twemoji } [Hat.sh (Browser-based)](encryption.md#hatsh) -- ![Kryptor logo](assets/img/encryption-software/kryptor.png){ .twemoji } [Kryptor](encryption.md#kryptor) -- ![Tomb logo](assets/img/encryption-software/tomb.png){ .twemoji } [Tomb](encryption.md#tomb) +- ![Kryptor logo](assets/img/encryption software/kryptor.png){ .twemoji } [Kryptor](encryption.md#kryptor) +- ![Tomb logo](assets/img/encryption software/tomb.png){ .twemoji } [Tomb](encryption.md#tomb)
    -[Learn more :material-arrow-right-drop-circle:](encryption.md) +[Läs mer :material-arrow-right-drop-circle:](encryption.md) -#### OpenPGP Clients +#### OpenPGP-klienter
    - ![GnuPG logo](assets/img/encryption-software/gnupg.svg){ .twemoji } [GnuPG](encryption.md#gnu-privacy-guard) - ![GPG4Win logo](assets/img/encryption-software/gpg4win.svg){ .twemoji } [GPG4Win (Windows)](encryption.md#gpg4win) -- ![GPG Suite logo](assets/img/encryption-software/gpgsuite.png){ .twemoji } [GPG Suite (macOS)](encryption.md#gpg-suite) -- ![OpenKeychain logo](assets/img/encryption-software/openkeychain.svg){ .twemoji } [OpenKeychain](encryption.md#openkeychain) +- ![GPG Suite logo](assets/img/encryption software/gpgsuite.png){ .twemoji } [GPG Suite (macOS)](encryption.md#gpg-suite) +- ![OpenKeychain logo](assets/img/encryption software/openkeychain.svg){ .twemoji } [OpenKeychain](encryption.md#openkeychain)
    -[Learn more :material-arrow-right-drop-circle:](encryption.md#openpgp) +[Läs mer :material-arrow-right-drop-circle:](encryption.md#openpgp) -### File Sharing and Sync +### Fildelning och synkronisering
    @@ -325,9 +359,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](file-sharing.md) +[Läs mer :material-arrow-right-drop-circle:](file-sharing.md) -### Frontends +### Frontend
    @@ -342,22 +376,22 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](frontends.md) +[Läs mer :material-arrow-right-drop-circle:](frontends.md) -### Multi-Factor Authentication Tools +### Multi-Faktor Autentisering
    -- ![YubiKeys](assets/img/multi-factor-authentication/mini/yubico.svg){ .twemoji } [YubiKey](multi-factor-authentication.md#yubikey) -- ![Nitrokey](assets/img/multi-factor-authentication/mini/nitrokey.svg){ .twemoji } [Nitrokey](multi-factor-authentication.md#nitrokey-librem-key) -- ![Aegis logo](assets/img/multi-factor-authentication/aegis.png){ .twemoji } [Aegis Authenticator](multi-factor-authentication.md#aegis-authenticator) +- ![YubiKeys](assets/img/multifactor-authentication/mini/yubico.svg){ .twemoji } [YubiKey](multi-factor-authentication.md#yubikey) +- ![Nitrokey](assets/img/multifactor-authentication/mini/nitrokey.svg){ .twemoji } [Nitrokey](multi-factor-authentication.md#nitrokey-librem-key) +- ![Aegis logo](assets/img/multifactor-authentication/aegis.png){ .twemoji } [Aegis Authenticator](multi-factor-authentication.md#aegis-authenticator) - ![Raivo OTP logo](assets/img/multi-factor-authentication/raivo-otp.png){ .twemoji } [Raivo OTP](multi-factor-authentication.md#raivo-otp)
    -[Learn more :material-arrow-right-drop-circle:](multi-factor-authentication.md) +[Läs mer :material-arrow-right-drop-circle:](multi-factor-authentication.md) -### News Aggregators +### Nyhetsaggregatorer
    @@ -371,9 +405,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](news-aggregators.md) +[Läs mer :material-arrow-right-drop-circle:](news-aggregators.md) -### Notebooks +### Anteckningsböcker
    @@ -384,9 +418,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](notebooks.md) +[Läs mer :material-arrow-right-drop-circle:](notebooks.md) -### Password Managers +### Lösenordshanterare
    @@ -400,9 +434,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](passwords.md) +[Läs mer :material-arrow-right-drop-circle:](passwords.md) -### Productivity Tools +### Produktivitetsverktyg
    @@ -414,9 +448,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](productivity.md) +[Läs mer :material-arrow-right-drop-circle:](productivity.md) -### Real-Time Communication +### Realtidskommunikation
    @@ -428,9 +462,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](real-time-communication.md) +[Läs mer :material-arrow-right-drop-circle:](real-time-communication.md) -### Video Streaming Clients +### Klienter för videoströmning
    @@ -438,6 +472,4 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -[Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.sv.txt" +[Läs mer :material-arrow-right-drop-circle:](video-streaming.md) diff --git a/i18n/sv/tor.md b/i18n/sv/tor.md index 99f83cf3..dfc50cc7 100644 --- a/i18n/sv/tor.md +++ b/i18n/sv/tor.md @@ -1,6 +1,7 @@ --- -title: "Tor Network" +title: "Tor-nätverket" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
    - ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
    Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
    -
    - -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -50,7 +45,7 @@ There are a variety of ways to connect to the Tor network from your device, the - [:simple-linux: Linux](https://www.torproject.org/download/) - [:simple-freebsd: FreeBSD](https://www.freshports.org/security/tor) -!!! danger +!!! fara You should **never** install any additional extensions on Tor Browser or edit `about:config` settings, including the ones we suggest for Firefox. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting). @@ -115,10 +110,8 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest You can enable Snowflake in your browser by clicking the switch below and ==leaving this page open==. You can also install Snowflake as a browser extension to have it always run while your browser is open, however adding third-party extensions can increase your attack surface.
    - If the embed does not appear for you, ensure you are not blocking the third-party frame from `torproject.org`. Alternatively, visit [this page](https://snowflake.torproject.org/embed.html). + Om inbäddningen inte visas för dig, kontrollera att du inte blockerar tredjepartsramen från `torproject.org`. Du kan också besöka [denna sida] (https://snowflake.torproject.org/embed.html). -Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. +Snowflake ökar inte din integritet på något sätt och används inte heller för att ansluta till Tor-nätverket i din webbläsare. Om din internetanslutning är ocensurerad bör du dock överväga att använda den för att hjälpa människor i censurerade nätverk att själva få bättre integritet. Det finns ingen anledning att oroa sig för vilka webbplatser människor kommer åt via din proxy - deras synliga IP-adress kommer att matcha deras Tor exit-nod, inte din. -Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.sv.txt" +Att driva en Snowflake-proxy är en låg risk, till och med mer än att driva en Tor-relä eller en bro, som redan inte är särskilt riskfyllda verksamheter. Men det gör fortfarande proxy-trafik genom ditt nätverk som kan vara effektiva på vissa sätt, särskilt om ditt nätverk är bandbredd-begränsad. Se till att du förstår [hur Snowflake fungerar](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) innan du bestämmer dig för att köra en proxy. diff --git a/i18n/sv/video-streaming.md b/i18n/sv/video-streaming.md index 8ac8a92d..9e53efdf 100644 --- a/i18n/sv/video-streaming.md +++ b/i18n/sv/video-streaming.md @@ -1,52 +1,51 @@ --- -title: "Video Streaming" +title: "Videouppspelning" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- -The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. +Det främsta hotet när du använder en plattform för videostreaming är att dina streamingvanor och prenumerationslistor kan användas för att profilera dig. Du bör kombinera dessa verktyg med en [VPN](vpn.md) eller [Tor](https://www.torproject.org/) för att göra det svårare att profilera din användning. ## LBRY !!! recommendation - ![LBRY logo](assets/img/video-streaming/lbry.svg){ align=right } + ![LBRY-logotyp](assets/img/video-streaming/lbry.svg){ align=right } - **The LBRY network** is a decentralized video sharing network. It uses a [BitTorrent](https://wikipedia.org/wiki/BitTorrent)-like network to store the video content, and a [blockchain](https://wikipedia.org/wiki/Blockchain) to store the indexes for those videos. The main benefit of this design is censorship resistance. + **LBRY-nätverket** är ett decentraliserat nätverk för videodelning. Den använder ett [BitTorrent](https://wikipedia.org/wiki/BitTorrent)-liknande nätverk för att lagra videoinnehållet och ett [blockchain](https://wikipedia.org/wiki/Blockchain) för att lagra indexen för dessa videor. Den största fördelen med denna design är censurmotstånd. - **The LBRY desktop client** helps you stream videos from the LBRY network and stores your subscription list in your own LBRY wallet. + **LBRY-klienten** hjälper dig att strömma videor från LBRY-nätverket och lagrar din prenumerationslista i din egen LBRY-plånbok. - [:octicons-home-16: Homepage](https://lbry.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://lbry.com/privacypolicy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://lbry.com/faq){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/lbryio/lbry-desktop){ .card-link title="Source Code" } + [:octicons-home-16: Startsida](https://cryptomator.org){ .md-button .md-button--primary } - ??? downloads + [:octicons-eye-16:](https://cryptomator.org/privacy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://lbry.com/faq/){ .card-link title=Dokumentation} + [:octicons-code-16:](https://github.com/lbryio/lbry-desktop){ .card-link title="Källkod" } + [](/){ .card-link title=Contribute??? nedladdningar - [:simple-windows11: Windows](https://lbry.com/windows) - [:simple-apple: macOS](https://lbry.com/osx) - [:simple-linux: Linux](https://lbry.com/linux) -!!! note +!!! anmärkning - Only the **LBRY desktop client** is recommended, as the [Odysee](https://odysee.com) website and the LBRY clients in F-Droid, Play Store, and the App Store have mandatory synchronization and telemetry. + Endast **LBRY-klienten** rekommenderas, eftersom webbplatsen [Odysee](https://odysee.com) och LBRY-klienterna i F-Droid, Play Store och App Store har obligatorisk synkronisering och telemetri. -!!! warning +!!! varning - While watching and hosting videos, your IP address is visible to the LBRY network. Consider using a [VPN](vpn.md) or [Tor](https://www.torproject.org) if your [threat model](basics/threat-modeling.md) requires hiding your IP address. + När du tittar på och är värd för videor är din IP-adress synlig för LBRY-nätverket. Överväg att använda en [VPN](vpn.md) eller [Tor](https://www.torproject.org) om din [hotmodell](basics/threat-modelling.md) kräver att du döljer din IP-adress. -We recommend **against** synchronizing your wallet with LBRY Inc., as synchronizing encrypted wallets is not supported yet. If you synchronize your wallet with LBRY Inc., you have to trust them to not look at your subscription list, [LBC](https://lbry.com/faq/earn-credits) funds, or take control of your channel. +Vi rekommenderar **att inte** synkroniserar din plånbok med LBRY Inc. eftersom synkronisering av krypterade plånböcker inte stöds ännu. Om du synkroniserar din plånbok med LBRY Inc. du måste lita på att de inte tittar på din prenumerationslista, [LBC](https://lbry.com/faq/earn-credits) pengar, eller ta kontroll över din kanal. -You can disable *Save hosting data to help the LBRY network* option in :gear: **Settings** → **Advanced Settings**, to avoid exposing your IP address and watched videos when using LBRY for a prolonged period of time. +Du kan inaktivera *Spara värddata för att hjälpa LBRY-nätverket* alternativet i :gear: **Inställningar** → **Avancerade inställningar**, för att undvika att din IP-adress och dina videor exponeras när du använder LBRY under en längre tid. -## Criteria +## Kriterier -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Observera att vi inte är knutna till något av de projekt som vi rekommenderar.** Förutom [våra standardkriterier](about/criteria.md)har vi utvecklat en tydlig uppsättning krav som gör det möjligt för oss att ge objektiva rekommendationer. Vi föreslår att du bekantar dig med den här listan innan du väljer att använda ett projekt, och att du gör din egen forskning för att se till att det är rätt val för dig. -!!! example "This section is new" +!!! exempel "Det här avsnittet är nytt" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Vi arbetar med att fastställa kriterier för varje del av vår webbplats, och detta kan komma att ändras. Om du har några frågor om våra kriterier, vänligen [fråga på vårt forum] (https://discuss.privacyguides.net/latest) och tro inte att vi inte har beaktat något när vi gjorde våra rekommendationer om det inte finns med här. Det finns många faktorer som beaktas och diskuteras när vi rekommenderar ett projekt, och att dokumentera varje enskild faktor är ett pågående arbete. -- Must not require a centralized account to view videos. - - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.sv.txt" +- Får inte kräva ett centralt konto för att visa videor. + - Decentraliserad autentisering, t. ex. via en mobil plånboks privata nyckel, är acceptabel. diff --git a/i18n/sv/vpn.md b/i18n/sv/vpn.md index a9573cf7..2516951d 100644 --- a/i18n/sv/vpn.md +++ b/i18n/sv/vpn.md @@ -1,94 +1,34 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
    - Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
    + +!!! vPN-tjänster kan inte ge anonymitet" + + En VPN kommer **inte** att hålla dina surfvanor anonyma, och inte heller kommer den att lägga till ytterligare säkerhet för icke-säker (HTTP) trafik. - If you are looking for **anonymity**, you should use the Tor Browser **instead** of a VPN. + Om du är ute efter **anonymitet** bör du använda Tor Browser **i stället** för en VPN. - If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices. + Om du vill öka **säkerheten** bör du alltid se till att du ansluter till webbplatser med HTTPS. En VPN är inte en ersättning för goda säkerhetsrutiner. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,59 +113,124 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding -## Criteria +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. -!!! danger +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. + +## Kriterier + +!!! fara It is important to note that using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy. @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.sv.txt" diff --git a/i18n/tr/404.md b/i18n/tr/404.md index d1961f6c..c1d0c7c5 100644 --- a/i18n/tr/404.md +++ b/i18n/tr/404.md @@ -1,11 +1,15 @@ --- hide: - - feedback + - geri bildirim +meta: + - + property: "robotlar" + content: "noindex, nofollow" --- # 404 - Sayfa Bulunamadı -Aradığınız sayfayı bulamadık! Belki de bunlardan birini arıyordunuz? +We couldn't find the page you were looking for! Maybe you were looking for one of these? - [Tehdit Modellemesine Giriş](basics/threat-modeling.md) - [Önerilen DNS Sağlayıcıları](dns.md) @@ -13,5 +17,3 @@ Aradığınız sayfayı bulamadık! Belki de bunlardan birini arıyordunuz? - [En İyi VPN Sağlayıcıları](vpn.md) - [Privacy Guides Forumu](https://discuss.privacyguides.net) - [Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/criteria.md b/i18n/tr/about/criteria.md index 35794d71..d1c6a707 100644 --- a/i18n/tr/about/criteria.md +++ b/i18n/tr/about/criteria.md @@ -38,5 +38,3 @@ Projelerini veya yazılımlarını değerlendirmeye göndermek isteyen geliştir - Projelerinde tam tehdit modelinin ne olduğunu belirtmelidir. - Potansiyel kullanıcılar için projenin neleri sağlayabileceği ve neleri sağlayamayacağı açık olmalıdır. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/donate.md b/i18n/tr/about/donate.md index 80298330..6f604134 100644 --- a/i18n/tr/about/donate.md +++ b/i18n/tr/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin We occasionally purchase products and services for the purposes of testing our [recommended tools](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/index.md b/i18n/tr/about/index.md index 79c9d46a..8d58f996 100644 --- a/i18n/tr/about/index.md +++ b/i18n/tr/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "Privacy Guides Hakkında" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** veri güvenliğinizi ve gizliliğinizi korumaya yönelik bilgiler sağlayan sosyal amaçlı bir web sitesidir. Tamamen gönüllü [ekip üyeleri](https://discuss.privacyguides.net/g/team) ve katkıda bulunanlar tarafından işletilen, kâr amacı gütmeyen bir kolektifiz. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Projeyi destekleyin](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. Tamamen gönüllü [ekip üyeleri](https://discuss.privacyguides.net/g/team) ve katkıda bulunanlar tarafından işletilen, kâr amacı gütmeyen bir kolektifiz. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Ekibimiz @@ -48,9 +76,9 @@ title: "Privacy Guides Hakkında" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Ekibimizin haricinde [birçok kişi](https://github.com/privacyguides/privacyguides.org/graphs/contributors) projeye katkıda bulunmuştur. Projeye siz de katkı sağlayabilirsiniz, çünkü bu açık kaynaklı bir proje! +Ekibimizin haricinde [birçok kişi](https://github.com/privacyguides/privacyguides.org/graphs/contributors) projeye katkıda bulunmuştur. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Ekip üyelerimiz web sitesinde yapılan tüm değişiklikleri gözden geçirir; web sitesini yayınlama ve finans gibi idari görevleri yerine getirir, ancak bu siteye yapılan herhangi bir katkıdan kişisel olarak kar elde etmezler. Finansal bilgilerimiz Open Collective Foundation 501(c)(3) tarafından [opencollective.com/privacyguides](https://opencollective.com/privacyguides)adresinde şeffaf bir şekilde barındırılmaktadır. Privacy Guides'a yapılan bağışlar genellikle Amerika Birleşik Devletleri'nde vergiden düşülebilir. +Ekip üyelerimiz web sitesinde yapılan tüm değişiklikleri gözden geçirir; web sitesini yayınlama ve finans gibi idari görevleri yerine getirir, ancak bu siteye yapılan herhangi bir katkıdan kişisel olarak kar elde etmezler. Finansal bilgilerimiz Open Collective Foundation 501(c)(3) tarafından [opencollective.com/privacyguides](https://opencollective.com/privacyguides)adresinde şeffaf bir şekilde barındırılmaktadır. Donations to Privacy Guides are generally tax-deductible in the United States. ## Site Lisansı @@ -59,5 +87,3 @@ Ekip üyelerimiz web sitesinde yapılan tüm değişiklikleri gözden geçirir; :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Aksi belirtilmedikçe, bu web sitesindeki orijinal içerik [Creative Commons Attribution-NoDerivatives 4.0 Uluslararası Kamu Lisansı](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE) altında kullanıma sunulmuştur. Bu, `Privacy Guides (www.privacyguides.org)` adresine uygun şekilde atıfta bulunduğunuz ve lisansa bir bağlantı verdiğiniz sürece, materyali ticari olarak bile herhangi bir amaçla herhangi bir ortamda veya formatta kopyalamakta ve yeniden dağıtmakta özgür olduğunuz anlamına gelir. Bunu herhangi bir makul bir şekilde yapabilirsiniz, ancak Gizlilik Kılavuzları (Privacy Guides) sizi veya kullanımınızı onayladığı hiçbir şekilde değil. Bu web sitesinin içeriğini yeniden düzenler, dönüştürür veya oluşturursanız, değiştirilen materyali dağıtamazsınız. Bu lisans; insanların, çalışmalarımızı uygun şekilde kredi vermeden paylaşmalarını ve çalışmalarımızı insanları yanlış yönlendirmek için kullanılabilecek şekilde değiştirmelerini önlemek için mevcuttur. Bu lisansın koşullarını üzerinde çalıştığınız proje için çok kısıtlayıcı buluyorsanız, lütfen `jonah@privacyguides.org`adresinden bize ulaşın. Gizlilik alanındaki iyi niyetli projeler için alternatif lisanslama seçenekleri sunmaktan mutluluk duyuyoruz! - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/notices.md b/i18n/tr/about/notices.md index e98aedcf..2af84bb3 100644 --- a/i18n/tr/about/notices.md +++ b/i18n/tr/about/notices.md @@ -41,5 +41,3 @@ Aşağıdakiler de dahil olmak üzere, bu web sitesinde veya bu web sitesine gö * Kazıma (Scraping) * Veri Madenciliği (Data Mining) * Çerçeveleme (Framing, IFrames) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/privacy-policy.md b/i18n/tr/about/privacy-policy.md index c7dcd243..eaa58ef5 100644 --- a/i18n/tr/about/privacy-policy.md +++ b/i18n/tr/about/privacy-policy.md @@ -1,5 +1,5 @@ --- -title: "Privacy Policy" +title: "Gizlilik Politikası" --- Privacy Guides is a community project operated by a number of active volunteer contributors. The public list of team members [can be found on GitHub](https://github.com/orgs/privacyguides/people). @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/privacytools.md b/i18n/tr/about/privacytools.md index 5220dd4d..515c21f5 100644 --- a/i18n/tr/about/privacytools.md +++ b/i18n/tr/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/services.md b/i18n/tr/about/services.md index a47e82c5..fcb67a15 100644 --- a/i18n/tr/about/services.md +++ b/i18n/tr/about/services.md @@ -36,5 +36,3 @@ - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/about/statistics.md b/i18n/tr/about/statistics.md index e527df39..7bc644bf 100644 --- a/i18n/tr/about/statistics.md +++ b/i18n/tr/about/statistics.md @@ -59,5 +59,3 @@ title: Trafik İstatistikleri }) }) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/advanced/communication-network-types.md b/i18n/tr/advanced/communication-network-types.md index 6e0b8cc1..1f07a2c4 100644 --- a/i18n/tr/advanced/communication-network-types.md +++ b/i18n/tr/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/advanced/dns-overview.md b/i18n/tr/advanced/dns-overview.md index fc9577fc..b47af280 100644 --- a/i18n/tr/advanced/dns-overview.md +++ b/i18n/tr/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/advanced/payments.md b/i18n/tr/advanced/payments.md new file mode 100644 index 00000000..7e046ecd --- /dev/null +++ b/i18n/tr/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/tr/advanced/tor-overview.md b/i18n/tr/advanced/tor-overview.md index 10ca4765..dd9d2a95 100644 --- a/i18n/tr/advanced/tor-overview.md +++ b/i18n/tr/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.tr.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/tr/android.md b/i18n/tr/android.md index 326f7db7..da50e124 100644 --- a/i18n/tr/android.md +++ b/i18n/tr/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/basics/account-creation.md b/i18n/tr/basics/account-creation.md index e4b38b3c..afa5d429 100644 --- a/i18n/tr/basics/account-creation.md +++ b/i18n/tr/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/basics/account-deletion.md b/i18n/tr/basics/account-deletion.md index 8e997e6c..2498d604 100644 --- a/i18n/tr/basics/account-deletion.md +++ b/i18n/tr/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/basics/common-misconceptions.md b/i18n/tr/basics/common-misconceptions.md index 7329f5f3..41997417 100644 --- a/i18n/tr/basics/common-misconceptions.md +++ b/i18n/tr/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.tr.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/tr/basics/common-threats.md b/i18n/tr/basics/common-threats.md index 37bd133a..e278c0cb 100644 --- a/i18n/tr/basics/common-threats.md +++ b/i18n/tr/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.tr.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/tr/basics/email-security.md b/i18n/tr/basics/email-security.md index e55d27a1..f0c2fb57 100644 --- a/i18n/tr/basics/email-security.md +++ b/i18n/tr/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/basics/multi-factor-authentication.md b/i18n/tr/basics/multi-factor-authentication.md index ac147f75..bcf5ceb5 100644 --- a/i18n/tr/basics/multi-factor-authentication.md +++ b/i18n/tr/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/basics/passwords-overview.md b/i18n/tr/basics/passwords-overview.md index 8c4e276e..6858d8b5 100644 --- a/i18n/tr/basics/passwords-overview.md +++ b/i18n/tr/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/basics/threat-modeling.md b/i18n/tr/basics/threat-modeling.md index f570ca53..a35b694c 100644 --- a/i18n/tr/basics/threat-modeling.md +++ b/i18n/tr/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Tehdit Modellemesi" icon: 'material/target-account' +description: Gizlilik yolculuğunuzda yüzleşeceğiniz ilk ve en zorlu görev; güvenliği, gizliliği ve kullanılabilirliği dengeleyebilmektir. --- Gizlilik yolculuğunuzda yüzleşeceğiniz ilk ve en zorlu görev; güvenliği, gizliliği ve kullanılabilirliği dengeleyebilmektir. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Kaynaklar - [EFF Surveillance Self Defense: Güvenlik Planınız](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/basics/vpn-overview.md b/i18n/tr/basics/vpn-overview.md index 32756e08..a1a007f5 100644 --- a/i18n/tr/basics/vpn-overview.md +++ b/i18n/tr/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/calendar.md b/i18n/tr/calendar.md index e33d25f4..24929326 100644 --- a/i18n/tr/calendar.md +++ b/i18n/tr/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/cloud.md b/i18n/tr/cloud.md index fbe90316..a9343c63 100644 --- a/i18n/tr/cloud.md +++ b/i18n/tr/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/cryptocurrency.md b/i18n/tr/cryptocurrency.md new file mode 100644 index 00000000..bb268f7a --- /dev/null +++ b/i18n/tr/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! öneri + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/tr/data-redaction.md b/i18n/tr/data-redaction.md index 0a608129..bbb28647 100644 --- a/i18n/tr/data-redaction.md +++ b/i18n/tr/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/desktop-browsers.md b/i18n/tr/desktop-browsers.md index 3fcf827a..57a7108c 100644 --- a/i18n/tr/desktop-browsers.md +++ b/i18n/tr/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Masaüstü Tarayıcıları" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- Bunlar, standart/anonim olmayan gezinti için şu anda önerilen masaüstü web tarayıcılarımız ve yapılandırmalarımızdır. İnternette anonim olarak gezinmeniz gerekiyorsa, bunun yerine [Tor](tor.md) kullanmalısınız. Genel olarak, tarayıcı uzantılarınızı en az miktarda tutmanızı öneririz; tarayıcınızda ayrıcalıklı erişime sahiptirler, geliştiriciye güvenmenizi gerektirirler, sizi [](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint)öne çıkarabilir ve [](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site izolasyonunu zayıflatabilirler. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.tr.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/tr/desktop.md b/i18n/tr/desktop.md index d4e0cdba..79666c71 100644 --- a/i18n/tr/desktop.md +++ b/i18n/tr/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/dns.md b/i18n/tr/dns.md index 8785ff6e..57d649cd 100644 --- a/i18n/tr/dns.md +++ b/i18n/tr/dns.md @@ -1,49 +1,48 @@ --- -title: "DNS Resolvers" +title: "DNS Çözümleyicileri" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Şifrelenmiş DNS internet faaliyetlerinizi gizlemenize yardımcı olmaz. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Önerilen Sağlayıcılar -| DNS Provider | Privacy Policy | Protocols | Logging | ECS | Filtering | -| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------ | -| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
    DoH/3
    DoT
    DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | -| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
    DoH/3
    DoT | Some[^2] | No | Based on server choice. | -| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
    DoH/3
    DoT
    DoQ | Optional[^3] | No | Based on server choice. | -| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
    DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | -| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
    DoH/3
    DoT | Optional[^5] | Optional | Based on server choice. | -| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
    DoH
    DoT
    DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. | +| DNS Sağlayıcısı | Gizlilik Politikası | Protokoller | Günlük kaydı | ECS | Filtreleme | +| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ---------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------- | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
    DoH/3
    DoT
    DNSCrypt | Bazı[^1] | Hayır | Sunucu seçimine göre. Kullanılan filtre listesine buradan ulaşabilirsiniz. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
    DoH/3
    DoT | Bazı[^2] | Hayır | Sunucu seçimine göre. | +| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
    DoH/3
    DoT
    DoQ | İsteğe bağlı[^3] | Hayır | Sunucu seçimine göre. | +| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
    DoT | Hayır[^4] | Hayır | Sunucu seçimine göre. Kullanılan filtre listesine buradan ulaşabilirsiniz. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | +| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
    DoH/3
    DoT | İsteğe bağlı[^5] | İsteğe bağlı | Sunucu seçimine göre. | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
    DoH
    DoT
    DNSCrypt | Bazı[^6] | İsteğe bağlı | Sunucu seçimine bağlı olarak, Malware varsayılan olarak engellenir. | -## Criteria +## Kriterler -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**Lütfen önerdiğimiz projelerin hiçbirine bağlı olmadığımızı unutmayın.** [standart kriterlerimize](about/criteria.md)ek olarak, objektif tavsiyelerde bulunabilmemiz için bir dizi gereklilik geliştirdik. Bir projeyi kullanmayı seçmeden önce bu listeye aşina olmanızı ve sizin için doğru seçim olduğundan emin olmak için kendi araştırmanızı yapmanızı öneririz. -!!! example "This section is new" +!!! örnek "Bu bölüm yenidir" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + Sitemizin her bölümü için tanımlanmış kriterler oluşturmaya çalışıyoruz ve bu değişebilir. Kriterlerimizle ilgili herhangi bir sorunuz varsa, lütfen [forumumuzda sorun](https://discuss.privacyguides.net/latest) ve burada listelenmemişse, önerilerimizi yaparken dikkate almadığımızı düşünmeyin. Bir projeyi önerdiğimizde dikkate alınan ve tartışılan birçok faktör vardır ve her birini belgelemek devam eden bir çalışmadır. -- Must support [DNSSEC](advanced/dns-overview.md#what-is-dnssec). -- [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization). -- Allow for [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) to be disabled. -- Prefer [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support or geo-steering support. +- [DNSSEC](advanced/dns-overview.md#what-is-dnssec) desteklemelidir. +- [QNAME Minimizasyonu](advanced/dns-overview.md#what-is-qname-minimization). +- [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) adresinin devre dışı bırakılmasına izin verilmelidir. +- [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) desteği veya coğrafi yönlendirme desteği tercih edilmelidir. -## Native Operating System Support +## İşletim Sistemi Desteği ### Android -Android 9 and above support DNS over TLS. The settings can be found in: **Settings** → **Network & Internet** → **Private DNS**. +Android 9 ve üstü, TLS üzerinden DNS'yi destekler. Ayarlar şurada bulunabilir: **Ayarlar** → **Ağ & İnternet** → **Özel DNS**. -### Apple Devices +### Apple Cihazları -The latest versions of iOS, iPadOS, tvOS, and macOS, support both DoT and DoH. Both protocols are supported natively via [configuration profiles](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) or through the [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings). +iOS, iPadOS, tvOS ve macOS'in en son sürümleri hem DoT hem de DoH'yi desteklemektedir. Her iki protokol de [yapılandırma profilleri](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) veya [DNS Ayarları API'si](https://developer.apple.com/documentation/networkextension/dns_settings)aracılığıyla doğal olarak desteklenmektedir. -After installation of either a configuration profile or an app that uses the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings. +Bir yapılandırma profili veya DNS Ayarları API'sini kullanan bir uygulama yüklendikten sonra DNS yapılandırması seçilebilir. Bir VPN etkinse, VPN tüneli içindeki çözünürlük, sistem genelindeki ayarlarınızı değil VPN'in DNS ayarlarını kullanacaktır. #### Signed Profiles @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.tr.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/tr/email-clients.md b/i18n/tr/email-clients.md index 5a9cfb97..18831df4 100644 --- a/i18n/tr/email-clients.md +++ b/i18n/tr/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/email.md b/i18n/tr/email.md index 8134df1c..4f29f25b 100644 --- a/i18n/tr/email.md +++ b/i18n/tr/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
    + +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
    !!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
    + +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
    ### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
    + +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
    + Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/encryption.md b/i18n/tr/encryption.md index d803b8c7..b12cdc8b 100644 --- a/i18n/tr/encryption.md +++ b/i18n/tr/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/file-sharing.md b/i18n/tr/file-sharing.md index be9a510f..90cd02f9 100644 --- a/i18n/tr/file-sharing.md +++ b/i18n/tr/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/financial-services.md b/i18n/tr/financial-services.md new file mode 100644 index 00000000..6b6b5e7c --- /dev/null +++ b/i18n/tr/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! öneri + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! öneri + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! öneri + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! öneri + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/tr/frontends.md b/i18n/tr/frontends.md index 4f903c97..4fea69e5 100644 --- a/i18n/tr/frontends.md +++ b/i18n/tr/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/index.md b/i18n/tr/index.md index 47de6971..5b23a6ca 100644 --- a/i18n/tr/index.md +++ b/i18n/tr/index.md @@ -3,42 +3,40 @@ template: overrides/home.tr.html hide: - navigation - toc - - feedback + - geri bildirim --- -## Why should I care? +## Neden önemsemeliyim? -##### “I have nothing to hide. Why should I care about my privacy?” +##### "Saklayacak bir şeyim yok. Mahremiyetimi neden önemseyeyim ki?" -Much like the right to interracial marriage, woman's suffrage, freedom of speech, and many others, our right to privacy hasn't always been upheld. In several dictatorships, it still isn't. Generations before ours fought for our right to privacy. ==Privacy is a human right, inherent to all of us,== that we are entitled to (without discrimination). +Tıpkı ırklar arası evlilik hakkı, kadınların oy hakkı, ifade özgürlüğü ve diğer pek çok hak gibi, mahremiyet hakkımız da her zaman desteklenmemiştir. Birçok diktatörlükte hala desteklenmiyor. Bizden önceki nesiller mahremiyet hakkımız için savaştı. ==Mahremiyet, hepimizin doğasında var olan ve sahip olmamız gereken bir insan hakkıdır. -You shouldn't confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That's because you want privacy, not secrecy. **Everyone** has something to protect. Privacy is something that makes us human. +Mahremiyet ile gizliliği birbirine karıştırmamalısınız. Banyoda ne olduğunu biliyoruz ama yine de kapıyı kapatıyoruz. Çünkü gizlilik değil, mahremiyet istiyorsunuz. **Herkesin** koruyacak bir şeyi vardır. Mahremiyet bizi insan yapan bir şeydir. -[:material-target-account: Common Internet Threats](basics/common-threats.md ""){.md-button.md-button--primary} +[:material-target-account: Yaygın İnternet Tehditleri](basics/common-threats.md ""){.md-button.md-button--primary} -## What should I do? +## Ne yapmalıyım? -##### First, you need to make a plan +##### Öncelikle bir plan yapmalısınız -Trying to protect all your data from everyone all the time is impractical, expensive, and exhausting. But don't worry! Security is a process, and, by thinking ahead, you can put together a plan that's right for you. Security isn't just about the tools you use or the software you download. Rather, it begins by understanding the unique threats you face, and how you can mitigate them. +Tüm verilerinizi her zaman herkesten korumaya çalışmak pratik değildir, pahalıdır ve yorucudur. Ama endişelenmeyin! Güvenlik bir süreçtir ve ileriyi düşünerek sizin için doğru olan bir plan oluşturabilirsiniz. Güvenlik sadece kullandığınız araçlar veya indirdiğiniz yazılımlarla ilgili değildir. Aksine, karşılaştığınız benzersiz tehditleri ve bunları nasıl azaltabileceğinizi anlayarakle ilgilidir. -==This process of identifying threats and defining countermeasures is called **threat modeling**==, and it forms the basis of every good security and privacy plan. +==Tehditleri belirleme ve karşı önlemleri tanımlama sürecine **tehdit modelleme**== denir ve her iyi güvenlik ve gizlilik planının temelini oluşturur. -[:material-book-outline: Learn More About Threat Modeling](basics/threat-modeling.md ""){.md-button.md-button--primary} +[:material-book-outline: Tehdit Modellemesi Hakkında Daha Fazla Bilgi Edinin](basics/threat-modeling.md ""){.md-button.md-button--primary} --- -## We need you! Here's how to get involved: +## Sana ihtiyacımız var! Nasıl dahil olabilirsiniz: -[:simple-discourse:](https://discuss.privacyguides.net/){ title="Join our Forum" } -[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Follow us on Mastodon" } -[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Contribute to this website" } -[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Help translate this website" } -[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Chat with us on Matrix" } -[:material-information-outline:](about/index.md){ title="Learn more about us" } -[:material-hand-coin-outline:](about/donate.md){ title="Support the project" } +[:simple-discourse:](https://discuss.privacyguides.net/){ title="Forumumuza Katılın" } +[:simple-mastodon:](https://mastodon.neat.computer/@privacyguides){ rel=me title="Bizi Mastodon'da takip edin" } +[:material-book-edit:](https://github.com/privacyguides/privacyguides.org){ title="Bu web sitesine katkıda bulunun" } +[:material-translate:](https://matrix.to/#/#pg-i18n:aragon.sh){ title="Bu web sitesini çevirmeye yardımcı olun" } +[:simple-matrix:](https://matrix.to/#/#privacyguides:matrix.org){ title="Matrix'te bizimle sohbet edin" } +[:material-information-outline:](about/index.md){ title="Hakkımızda daha fazla bilgi edinin" } +[:material-hand-coin-outline:](about/donate.md){ title="Projeyi destekleyin" } -It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.tr.txt" +Privacy Guides gibi bir web sitesinin her zaman güncel kalması önemlidir. Hedef kitlemizin sitemizde listelenen uygulamalar için yazılım güncellemelerini takip etmesine ve önerdiğimiz sağlayıcılarla ilgili son haberleri izlemesine ihtiyacımız var. İnternetin hızlı temposuna ayak uydurmak zor, ancak elimizden gelenin en iyisini yapmaya çalışıyoruz. Bir hata tespit ederseniz, bir sağlayıcının listelenmemesi gerektiğini düşünürseniz, nitelikli bir sağlayıcının eksik olduğunu fark ederseniz, bir tarayıcı eklentisinin artık en iyi seçenek olmadığını düşünürseniz veya başka bir sorunu ortaya çıkarırsanız, lütfen bize bildirin. diff --git a/i18n/tr/kb-archive.md b/i18n/tr/kb-archive.md index a18dad70..92daee33 100644 --- a/i18n/tr/kb-archive.md +++ b/i18n/tr/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/meta/brand.md b/i18n/tr/meta/brand.md index d09cd6ae..53cb9ac4 100644 --- a/i18n/tr/meta/brand.md +++ b/i18n/tr/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/meta/git-recommendations.md b/i18n/tr/meta/git-recommendations.md index 20c090ca..f59b5f81 100644 --- a/i18n/tr/meta/git-recommendations.md +++ b/i18n/tr/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/meta/uploading-images.md b/i18n/tr/meta/uploading-images.md index 1acd5d71..55f136f8 100644 --- a/i18n/tr/meta/uploading-images.md +++ b/i18n/tr/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/meta/writing-style.md b/i18n/tr/meta/writing-style.md index e2665d6e..b9e47a71 100644 --- a/i18n/tr/meta/writing-style.md +++ b/i18n/tr/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/mobile-browsers.md b/i18n/tr/mobile-browsers.md index cec5e4ca..3d125b20 100644 --- a/i18n/tr/mobile-browsers.md +++ b/i18n/tr/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. İnternette anonim olarak gezinmeniz gerekiyorsa, bunun yerine [Tor](tor.md) kullanmalısınız. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/multi-factor-authentication.md b/i18n/tr/multi-factor-authentication.md index f5799410..a24f65ea 100644 --- a/i18n/tr/multi-factor-authentication.md +++ b/i18n/tr/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/news-aggregators.md b/i18n/tr/news-aggregators.md index 783e2784..ad937431 100644 --- a/i18n/tr/news-aggregators.md +++ b/i18n/tr/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/notebooks.md b/i18n/tr/notebooks.md index 225c0b74..270be0ef 100644 --- a/i18n/tr/notebooks.md +++ b/i18n/tr/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/os/android-overview.md b/i18n/tr/os/android-overview.md index 3a211f36..a78631a2 100644 --- a/i18n/tr/os/android-overview.md +++ b/i18n/tr/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/os/linux-overview.md b/i18n/tr/os/linux-overview.md index fc875136..a02e10a8 100644 --- a/i18n/tr/os/linux-overview.md +++ b/i18n/tr/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/os/qubes-overview.md b/i18n/tr/os/qubes-overview.md index b22034da..17b286b9 100644 --- a/i18n/tr/os/qubes-overview.md +++ b/i18n/tr/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/passwords.md b/i18n/tr/passwords.md index cb59ed71..adb44bbe 100644 --- a/i18n/tr/passwords.md +++ b/i18n/tr/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/productivity.md b/i18n/tr/productivity.md index 093457d8..85315429 100644 --- a/i18n/tr/productivity.md +++ b/i18n/tr/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/real-time-communication.md b/i18n/tr/real-time-communication.md index 76cfe448..15baf3b5 100644 --- a/i18n/tr/real-time-communication.md +++ b/i18n/tr/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/router.md b/i18n/tr/router.md index 33d3a8c4..9212dc02 100644 --- a/i18n/tr/router.md +++ b/i18n/tr/router.md @@ -1,6 +1,7 @@ --- title: "Yönlendirici Yazılımı" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Aşağıda; yönlendiricilerde, Wi-Fi erişim noktalarında vb. kullanılabilecek birkaç alternatif işletim sistemi bulunmaktadır. @@ -45,5 +46,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/search-engines.md b/i18n/tr/search-engines.md index 130781f4..72087382 100644 --- a/i18n/tr/search-engines.md +++ b/i18n/tr/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/tools.md b/i18n/tr/tools.md index 559b67e0..47dc004f 100644 --- a/i18n/tr/tools.md +++ b/i18n/tr/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
    -- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
    + +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
    + +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
    + +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
    + +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
    @@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
    @@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
    + +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
    + +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
    @@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    [Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/tor.md b/i18n/tr/tor.md index 978a354e..ddca770e 100644 --- a/i18n/tr/tor.md +++ b/i18n/tr/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
    - ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
    Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
    -
    - -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/video-streaming.md b/i18n/tr/video-streaming.md index cf70217b..47795ce2 100644 --- a/i18n/tr/video-streaming.md +++ b/i18n/tr/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/tr/vpn.md b/i18n/tr/vpn.md index f03f5236..bf3851d3 100644 --- a/i18n/tr/vpn.md +++ b/i18n/tr/vpn.md @@ -1,11 +1,20 @@ --- -title: "VPN Hizmetleri" +title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Web trafiğinizi satmaya veya okumaya çalışmayan, kayıt tutmayan bir VPN operatörü bulun. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? "VPN'ler anonimlik sağlamaz" +
    + +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
    + +!!! "VPN'ler anonimlik sağlamaz" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,17 +24,128 @@ Web trafiğinizi satmaya veya okumaya çalışmayan, kayıt tutmayan bir VPN ope [Tor'u İndir](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](basics/tor-overview.md){ .md-button } -??? "VPN'ler ne zaman kullanışlı?" sorusu - - İSS'nizden, halka açık bir Wi-Fi ağından veya torrent dosyaları indirirken ek **gizlilik** arıyorsanız, ilgili riskleri anladığınız sürece VPN sizin için bir çözüm olabilir. - - [Daha Fazla Bilgi](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Önerilen Sağlayıcılar -!!! özetle "Kriterler" +Önerdiğimiz sağlayıcılar şifreleme kullanır, Monero kabul eder, WireGuard & OpenVPN'i destekler ve kayıt tutmama politikasına sahiptir. Read our [full list of criteria](#criteria) for more information. - Önerdiğimiz sağlayıcılar şifreleme kullanır, Monero kabul eder, WireGuard & OpenVPN'i destekler ve kayıt tutmama politikasına sahiptir. Daha fazla bilgi için [tam kriter listemizi](#kriterlerimiz) okuyun. +### IVPN + +!!! öneri + + ![IVPN logo](assets/img/vpn/ivpn.svg){ align=right } + + **IVPN** is another premium VPN provider, and they have been in operation since 2009. Size en yakın sunucuya sahip bir VPN sağlayıcısı seçmek, gönderdiğiniz ağ trafiğinin gecikme süresini azaltacaktır. + + Bunun nedeni hedefe giden rotanın daha kısa olmasıdır (daha az atlama). Ayrıca VPN sağlayıcısının özel anahtarlarının güvenliği için [sanal özel sunucular](https://en.wikipedia.org/wiki/Virtual_private_server) gibi daha ucuz paylaşımlı çözümler (diğer müşterilerle) yerine [özel sunucular](https://en.wikipedia.org/wiki/Dedicated_hosting_service) kullanmasının daha iyi olduğunu düşünüyoruz. + +#### :material-check:{ .pg-green } 35 Countries + +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Bunun nedeni hedefe giden rotanın daha kısa olmasıdır (daha az atlama). +{ .annotate } + +1. 2 yıllık abonelikle (119,76 $) %10 daha indirimli. + +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). + +#### :material-check:{ .pg-green } Independently Audited + +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. + +#### :material-check:{ .pg-green } WireGuard Support + +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. + +### Mullvad + +!!! öneri + + ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } + + **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. Size en yakın sunucuya sahip bir VPN sağlayıcısı seçmek, gönderdiğiniz ağ trafiğinin gecikme süresini azaltacaktır. Bunun nedeni hedefe giden rotanın daha kısa olmasıdır (daha az atlama). + + Ayrıca VPN sağlayıcısının özel anahtarlarının güvenliği için [sanal özel sunucular](https://en.wikipedia.org/wiki/Virtual_private_server) gibi daha ucuz paylaşımlı çözümler (diğer müşterilerle) yerine [özel sunucular](https://en.wikipedia.org/wiki/Dedicated_hosting_service) kullanmasının daha iyi olduğunu düşünüyoruz. downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) + - [:simple-appstore: App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) + - [:simple-github: GitHub](https://github.com/mullvad/mullvadvpn-app/releases) + - [:simple-windows11: Windows](https://mullvad.net/en/download/windows/) + - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) + - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) + +#### :material-check:{ .pg-green } 41 Countries + +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Bunun nedeni hedefe giden rotanın daha kısa olmasıdır (daha az atlama). +{ .annotate } + +1. 2 yıllık abonelikle (119,76 $) %10 daha indirimli. + +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). + +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). ### Proton VPN @@ -47,162 +167,48 @@ Web trafiğinizi satmaya veya okumaya çalışmayan, kayıt tutmayan bir VPN ope - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? "63 Ülke" açıklamasını kontrol edin +#### :material-check:{ .pg-green } 67 Countries - Proton VPN'in [63 ülkede sunucuları] vardır (https://protonvpn.com/vpn-servers) (1). Size en yakın sunucuya sahip bir VPN sağlayıcısı seçmek, gönderdiğiniz ağ trafiğinin gecikme süresini azaltacaktır. Bunun nedeni hedefe giden rotanın daha kısa olmasıdır (daha az atlama). - - Ayrıca VPN sağlayıcısının özel anahtarlarının güvenliği için [sanal özel sunucular](https://en.wikipedia.org/wiki/Virtual_private_server) gibi daha ucuz paylaşımlı çözümler (diğer müşterilerle) yerine [özel sunucular](https://en.wikipedia.org/wiki/Dedicated_hosting_service) kullanmasının daha iyi olduğunu düşünüyoruz. +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. Bunun nedeni hedefe giden rotanın daha kısa olmasıdır (daha az atlama). +{ .annotate } 1. 2 yıllık abonelikle (119,76 $) %10 daha indirimli. -??? "Bağımsız Denetimden Geçmiş" seçeneğini işaretleyin +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Ocak 2020 itibarıyla Proton VPN, SEC Consult tarafından bağımsız bir denetimden geçmiştir. SEC Consult, Proton VPN'in Windows, Android ve iOS uygulamalarında bazı orta ve düşük riskli güvenlik açıklarını buldu ve bunların tümü raporlar yayınlanmadan önce Proton VPN tarafından "uygun şekilde düzeltildi". Tespit edilen sorunların hiçbiri bir saldırganın cihazınıza veya trafiğinize uzaktan erişim sağlamasına neden olmaz. Her platform için ayrı raporları [protonvpn.com](https://protonvpn.com/blog/open-source/) adresinden görüntüleyebilirsiniz. Nisan 2022'de Proton VPN [başka bir denetim](https://protonvpn.com/blog/no-logs-audit/) geçirdi ve rapor [Securitum tarafından hazırlandı](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). +#### :material-check:{ .pg-green } Independently Audited -??? "Açık Kaynak İstemcileri" kontrol edin +Ocak 2020 itibarıyla Proton VPN, SEC Consult tarafından bağımsız bir denetimden geçmiştir. SEC Consult, Proton VPN'in Windows, Android ve iOS uygulamalarında bazı orta ve düşük riskli güvenlik açıklarını buldu ve bunların tümü raporlar yayınlanmadan önce Proton VPN tarafından "uygun şekilde düzeltildi". Tespit edilen sorunların hiçbiri bir saldırganın cihazınıza veya trafiğinize uzaktan erişim sağlamasına neden olmaz. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - Proton VPN, masaüstü ve mobil istemcileri için kaynak kodunu [GitHub organizasyonu] (https://github.com/ProtonVPN) adresinde sağlar. +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash" +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - Proton VPN, kredi/banka kartları ve PayPal'ı kabul etmenin yanı sıra, Bitcoin ve **nakit/yerel para birimini** anonim ödeme biçimleri olarak kabul eder. +#### :material-check:{ .pg-green } Accepts Cash -??? success "WireGuard Support" +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. +#### :material-check:{ .pg-green } WireGuard Support -??? warning "Remote Port Forwarding" +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. -??? success "Mobile Clients" +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. -!!! danger "Killswitch feature is broken on Intel-based Macs" +#### :material-information-outline:{ .pg-blue } Additional Functionality - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. -### IVPN +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs -!!! öneri - - ![IVPN logo](assets/img/vpn/ivpn.svg){ align=right } - - **IVPN** is another premium VPN provider, and they have been in operation since 2009. Size en yakın sunucuya sahip bir VPN sağlayıcısı seçmek, gönderdiğiniz ağ trafiğinin gecikme süresini azaltacaktır. - - Bunun nedeni hedefe giden rotanın daha kısa olmasıdır (daha az atlama). Ayrıca VPN sağlayıcısının özel anahtarlarının güvenliği için [sanal özel sunucular](https://en.wikipedia.org/wiki/Virtual_private_server) gibi daha ucuz paylaşımlı çözümler (diğer müşterilerle) yerine [özel sunucular](https://en.wikipedia.org/wiki/Dedicated_hosting_service) kullanmasının daha iyi olduğunu düşünüyoruz. - -??? "Bağımsız Denetimden Geçmiş" seçeneğini işaretleyin - - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Size en yakın sunucuya sahip bir VPN sağlayıcısı seçmek, gönderdiğiniz ağ trafiğinin gecikme süresini azaltacaktır. Bunun nedeni hedefe giden rotanın daha kısa olmasıdır (daha az atlama). - - Ayrıca VPN sağlayıcısının özel anahtarlarının güvenliği için [sanal özel sunucular](https://en.wikipedia.org/wiki/Virtual_private_server) gibi daha ucuz paylaşımlı çözümler (diğer müşterilerle) yerine [özel sunucular](https://en.wikipedia.org/wiki/Dedicated_hosting_service) kullanmasının daha iyi olduğunu düşünüyoruz. - -1. 2 yıllık abonelikle (119,76 $) %10 daha indirimli. - -??? "Bağımsız Denetimden Geçmiş" seçeneğini işaretleyin - - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - -??? "Açık Kaynak İstemcileri" kontrol edin - - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - -??? success "Accepts Cash and Monero" - - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - -??? success "WireGuard Support" - - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). - -??? success "Remote Port Forwarding" - - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. - -### Mullvad - -!!! öneri - - ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } - - **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. Size en yakın sunucuya sahip bir VPN sağlayıcısı seçmek, gönderdiğiniz ağ trafiğinin gecikme süresini azaltacaktır. Bunun nedeni hedefe giden rotanın daha kısa olmasıdır (daha az atlama). - - Ayrıca VPN sağlayıcısının özel anahtarlarının güvenliği için [sanal özel sunucular](https://en.wikipedia.org/wiki/Virtual_private_server) gibi daha ucuz paylaşımlı çözümler (diğer müşterilerle) yerine [özel sunucular](https://en.wikipedia.org/wiki/Dedicated_hosting_service) kullanmasının daha iyi olduğunu düşünüyoruz. downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) - - [:simple-appstore: App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) - - [:simple-github: GitHub](https://github.com/mullvad/mullvadvpn-app/releases) - - [:simple-windows11: Windows](https://mullvad.net/en/download/windows/) - - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) - -??? "Bağımsız Denetimden Geçmiş" seçeneğini işaretleyin - - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Size en yakın sunucuya sahip bir VPN sağlayıcısı seçmek, gönderdiğiniz ağ trafiğinin gecikme süresini azaltacaktır. Bunun nedeni hedefe giden rotanın daha kısa olmasıdır (daha az atlama). - - Ayrıca VPN sağlayıcısının özel anahtarlarının güvenliği için [sanal özel sunucular](https://en.wikipedia.org/wiki/Virtual_private_server) gibi daha ucuz paylaşımlı çözümler (diğer müşterilerle) yerine [özel sunucular](https://en.wikipedia.org/wiki/Dedicated_hosting_service) kullanmasının daha iyi olduğunu düşünüyoruz. - -1. 2 yıllık abonelikle (119,76 $) %10 daha indirimli. - -??? "Bağımsız Denetimden Geçmiş" seçeneğini işaretleyin - - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: - - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. - - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: - - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. - - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). - -??? "Açık Kaynak İstemcileri" kontrol edin - - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). - -??? success "Accepts Cash and Monero" - - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. - -??? success "WireGuard Support" - - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). - -??? success "IPv6 Support" - - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. - -??? success "Remote Port Forwarding" - - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. - -??? success "Mobile Clients" - - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). - -??? info "Additional Functionality" - - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -237,13 +243,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -301,5 +307,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.tr.txt" diff --git a/i18n/uk/404.md b/i18n/uk/404.md index 11114a71..25c1c780 100644 --- a/i18n/uk/404.md +++ b/i18n/uk/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Not Found @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/about/criteria.md b/i18n/uk/about/criteria.md index e9f4fd4b..3084230b 100644 --- a/i18n/uk/about/criteria.md +++ b/i18n/uk/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/about/donate.md b/i18n/uk/about/donate.md index d75bb00f..dc612436 100644 --- a/i18n/uk/about/donate.md +++ b/i18n/uk/about/donate.md @@ -48,5 +48,3 @@ Privacy Guides - це **некомерційна** організація. Ми Час від часу ми купуємо продукти та послуги з метою тестування наших [рекомендованих інструментів](../tools.md). Ми все ще працюємо з нашим фіскальним хостом (Open Collective Foundation), щоб отримувати пожертви криптовалюти, на цей час облік неможливий для багатьох дрібніших транзакцій, але це має змінитися в майбутньому. Однак, якщо ви хочете зробити значну пожертву в криптовалюті (> $100), будь ласка, зв'яжіться з [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/about/index.md b/i18n/uk/about/index.md index dbebd91c..a83d39fb 100644 --- a/i18n/uk/about/index.md +++ b/i18n/uk/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. Ви **не маєте права** використовувати брендинг Privacy Guides у своєму власному проєкті без прямого схвалення цього проєкту. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/about/notices.md b/i18n/uk/about/notices.md index 680be1f6..bd342929 100644 --- a/i18n/uk/about/notices.md +++ b/i18n/uk/about/notices.md @@ -41,5 +41,3 @@ Privacy Guides-це проект з відкритим вихідним кодо * Скрейпінг * Інтелектуальний аналіз даних * "Фреймінг" (IFrames) - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/about/privacy-policy.md b/i18n/uk/about/privacy-policy.md index 47210337..4f6573f9 100644 --- a/i18n/uk/about/privacy-policy.md +++ b/i18n/uk/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). Ми можемо змінити спосіб оголошення змін у наступних версіях цього документа. В той же час ми можемо оновити нашу контактну інформацію в будь-який час, не оголошуючи про зміни. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/about/privacytools.md b/i18n/uk/about/privacytools.md index 5eaf16ce..515c21f5 100644 --- a/i18n/uk/about/privacytools.md +++ b/i18n/uk/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/about/services.md b/i18n/uk/about/services.md index a55e218c..71f2c95b 100644 --- a/i18n/uk/about/services.md +++ b/i18n/uk/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/about/statistics.md b/i18n/uk/about/statistics.md index 9a52062b..8f17240c 100644 --- a/i18n/uk/about/statistics.md +++ b/i18n/uk/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/advanced/communication-network-types.md b/i18n/uk/advanced/communication-network-types.md index 74eaabf0..1f07a2c4 100644 --- a/i18n/uk/advanced/communication-network-types.md +++ b/i18n/uk/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/advanced/dns-overview.md b/i18n/uk/advanced/dns-overview.md index 100dba51..b47af280 100644 --- a/i18n/uk/advanced/dns-overview.md +++ b/i18n/uk/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/advanced/payments.md b/i18n/uk/advanced/payments.md new file mode 100644 index 00000000..7e046ecd --- /dev/null +++ b/i18n/uk/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/uk/advanced/tor-overview.md b/i18n/uk/advanced/tor-overview.md index d22a8fd1..dd9d2a95 100644 --- a/i18n/uk/advanced/tor-overview.md +++ b/i18n/uk/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.uk.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/uk/android.md b/i18n/uk/android.md index 586f8004..ad976a6e 100644 --- a/i18n/uk/android.md +++ b/i18n/uk/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/basics/account-creation.md b/i18n/uk/basics/account-creation.md index e6bab984..afa5d429 100644 --- a/i18n/uk/basics/account-creation.md +++ b/i18n/uk/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/basics/account-deletion.md b/i18n/uk/basics/account-deletion.md index 3146f527..2498d604 100644 --- a/i18n/uk/basics/account-deletion.md +++ b/i18n/uk/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/basics/common-misconceptions.md b/i18n/uk/basics/common-misconceptions.md index 1c3ed8b1..41997417 100644 --- a/i18n/uk/basics/common-misconceptions.md +++ b/i18n/uk/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.uk.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/uk/basics/common-threats.md b/i18n/uk/basics/common-threats.md index d19afea1..e278c0cb 100644 --- a/i18n/uk/basics/common-threats.md +++ b/i18n/uk/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.uk.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/uk/basics/email-security.md b/i18n/uk/basics/email-security.md index 4a310710..f0c2fb57 100644 --- a/i18n/uk/basics/email-security.md +++ b/i18n/uk/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/basics/multi-factor-authentication.md b/i18n/uk/basics/multi-factor-authentication.md index 7b26f905..ae57848d 100644 --- a/i18n/uk/basics/multi-factor-authentication.md +++ b/i18n/uk/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/basics/passwords-overview.md b/i18n/uk/basics/passwords-overview.md index f5aab0a8..6858d8b5 100644 --- a/i18n/uk/basics/passwords-overview.md +++ b/i18n/uk/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/basics/threat-modeling.md b/i18n/uk/basics/threat-modeling.md index fe6b111c..fc1b3b41 100644 --- a/i18n/uk/basics/threat-modeling.md +++ b/i18n/uk/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/basics/vpn-overview.md b/i18n/uk/basics/vpn-overview.md index e5eaaa4f..a1a007f5 100644 --- a/i18n/uk/basics/vpn-overview.md +++ b/i18n/uk/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/calendar.md b/i18n/uk/calendar.md index bd8d21db..93b2b93d 100644 --- a/i18n/uk/calendar.md +++ b/i18n/uk/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/cloud.md b/i18n/uk/cloud.md index e3ce4f6e..44186b7a 100644 --- a/i18n/uk/cloud.md +++ b/i18n/uk/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/cryptocurrency.md b/i18n/uk/cryptocurrency.md new file mode 100644 index 00000000..9c7289a8 --- /dev/null +++ b/i18n/uk/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! рекомендації + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/uk/data-redaction.md b/i18n/uk/data-redaction.md index a3389e8a..9cb58e36 100644 --- a/i18n/uk/data-redaction.md +++ b/i18n/uk/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/desktop-browsers.md b/i18n/uk/desktop-browsers.md index 4f82f4fe..f03413d7 100644 --- a/i18n/uk/desktop-browsers.md +++ b/i18n/uk/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.uk.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/uk/desktop.md b/i18n/uk/desktop.md index 81920f8d..591949fb 100644 --- a/i18n/uk/desktop.md +++ b/i18n/uk/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/dns.md b/i18n/uk/dns.md index 94c28ff9..b8786fe7 100644 --- a/i18n/uk/dns.md +++ b/i18n/uk/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.uk.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/uk/email-clients.md b/i18n/uk/email-clients.md index 12738a7f..108dbb64 100644 --- a/i18n/uk/email-clients.md +++ b/i18n/uk/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/email.md b/i18n/uk/email.md index 7856aeaa..2e69a5e0 100644 --- a/i18n/uk/email.md +++ b/i18n/uk/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
    + +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
    !!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
    + +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
    ### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
    + +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
    + Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/encryption.md b/i18n/uk/encryption.md index 67c207d7..ad322182 100644 --- a/i18n/uk/encryption.md +++ b/i18n/uk/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/file-sharing.md b/i18n/uk/file-sharing.md index d4198195..d19f5379 100644 --- a/i18n/uk/file-sharing.md +++ b/i18n/uk/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/financial-services.md b/i18n/uk/financial-services.md new file mode 100644 index 00000000..07a6787d --- /dev/null +++ b/i18n/uk/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! рекомендації + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! рекомендації + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! рекомендації + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! рекомендації + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/uk/frontends.md b/i18n/uk/frontends.md index bb77cdeb..d071e178 100644 --- a/i18n/uk/frontends.md +++ b/i18n/uk/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/index.md b/i18n/uk/index.md index 9bf141a8..01aa4ed4 100644 --- a/i18n/uk/index.md +++ b/i18n/uk/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/kb-archive.md b/i18n/uk/kb-archive.md index 3be0dd60..92daee33 100644 --- a/i18n/uk/kb-archive.md +++ b/i18n/uk/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/meta/brand.md b/i18n/uk/meta/brand.md index 0003425a..53cb9ac4 100644 --- a/i18n/uk/meta/brand.md +++ b/i18n/uk/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/meta/git-recommendations.md b/i18n/uk/meta/git-recommendations.md index 087f5703..f59b5f81 100644 --- a/i18n/uk/meta/git-recommendations.md +++ b/i18n/uk/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/meta/uploading-images.md b/i18n/uk/meta/uploading-images.md index c631c37a..55f136f8 100644 --- a/i18n/uk/meta/uploading-images.md +++ b/i18n/uk/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/meta/writing-style.md b/i18n/uk/meta/writing-style.md index 6db275a0..b9e47a71 100644 --- a/i18n/uk/meta/writing-style.md +++ b/i18n/uk/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/mobile-browsers.md b/i18n/uk/mobile-browsers.md index 219a07f7..4091d53f 100644 --- a/i18n/uk/mobile-browsers.md +++ b/i18n/uk/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/multi-factor-authentication.md b/i18n/uk/multi-factor-authentication.md index a47c3f78..a5be1fb1 100644 --- a/i18n/uk/multi-factor-authentication.md +++ b/i18n/uk/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/news-aggregators.md b/i18n/uk/news-aggregators.md index 61e1d8a9..fcb6cd9e 100644 --- a/i18n/uk/news-aggregators.md +++ b/i18n/uk/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/notebooks.md b/i18n/uk/notebooks.md index 1659ee5c..f5afad19 100644 --- a/i18n/uk/notebooks.md +++ b/i18n/uk/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/os/android-overview.md b/i18n/uk/os/android-overview.md index 3c0e307a..f96281e1 100644 --- a/i18n/uk/os/android-overview.md +++ b/i18n/uk/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Огляд Android icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android - це безпечна операційна система, яка має надійну [пісочницю для додатків](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), та систему управління [дозволами](https://developer.android.com/guide/topics/permissions/overview). @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Дозволи Android -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Профілі користувачів @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) та [Play API цілісність](https://developer.android.com/google/play/integrity) зазвичай використовуються для [банківських додатків](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS проходить перевірку `basicIntegrity`, але не перевірку сертифікації `ctsProfileMatch`. Пристрої з Android 8 або пізнішою версією мають підтримку апаратної атестації, яку неможливо обійти без витоку ключів або серйозних вразливостей. Що стосується Google Wallet, ми не рекомендуємо це використовувати через їхню [політику конфіденційності](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en) яка стверджує, що ви повинні відмовитися, якщо ви не хочете, щоб ваш кредитний рейтинг та особиста інформація надавалися партнерським маркетинговим службам. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/os/linux-overview.md b/i18n/uk/os/linux-overview.md index 2123801f..8ec2c9e7 100644 --- a/i18n/uk/os/linux-overview.md +++ b/i18n/uk/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/os/qubes-overview.md b/i18n/uk/os/qubes-overview.md index 12a9a198..5bba1170 100644 --- a/i18n/uk/os/qubes-overview.md +++ b/i18n/uk/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: pg/qubes-os +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/passwords.md b/i18n/uk/passwords.md index 289a29f3..9b779e97 100644 --- a/i18n/uk/passwords.md +++ b/i18n/uk/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/productivity.md b/i18n/uk/productivity.md index e7b39f27..76406e03 100644 --- a/i18n/uk/productivity.md +++ b/i18n/uk/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/real-time-communication.md b/i18n/uk/real-time-communication.md index f780d05f..1062db12 100644 --- a/i18n/uk/real-time-communication.md +++ b/i18n/uk/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/router.md b/i18n/uk/router.md index 5864b52f..8a63b1af 100644 --- a/i18n/uk/router.md +++ b/i18n/uk/router.md @@ -1,6 +1,7 @@ --- title: "Прошивка роутера" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Нижче наведено кілька альтернативних операційних систем, які можна використовувати на маршрутизаторах, точках доступу Wi-Fi тощо. @@ -44,5 +45,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/search-engines.md b/i18n/uk/search-engines.md index 94a2c615..5eccf292 100644 --- a/i18n/uk/search-engines.md +++ b/i18n/uk/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/tools.md b/i18n/uk/tools.md index d0bc0746..e0990c88 100644 --- a/i18n/uk/tools.md +++ b/i18n/uk/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
    -- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
    + +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
    + +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
    + +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
    + +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
    @@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
    @@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
    + +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
    + +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
    @@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    [Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/tor.md b/i18n/uk/tor.md index cd0d7c36..985fc253 100644 --- a/i18n/uk/tor.md +++ b/i18n/uk/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
    - ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
    Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
    -
    - -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/video-streaming.md b/i18n/uk/video-streaming.md index 542f9af3..a6654d12 100644 --- a/i18n/uk/video-streaming.md +++ b/i18n/uk/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/uk/vpn.md b/i18n/uk/vpn.md index 3e35887f..9c7c95e0 100644 --- a/i18n/uk/vpn.md +++ b/i18n/uk/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
    + +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
    + +!!! danger "VPNs do not provide anonymity" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.uk.txt" diff --git a/i18n/vi/404.md b/i18n/vi/404.md index 50ddd38e..25c1c780 100644 --- a/i18n/vi/404.md +++ b/i18n/vi/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Not Found @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/about/criteria.md b/i18n/vi/about/criteria.md index a15c41a1..3084230b 100644 --- a/i18n/vi/about/criteria.md +++ b/i18n/vi/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/about/donate.md b/i18n/vi/about/donate.md index 108a1b8f..c1635996 100644 --- a/i18n/vi/about/donate.md +++ b/i18n/vi/about/donate.md @@ -48,5 +48,3 @@ Chúng tôi tổ chức [dịch vụ internet](https://privacyguides.net) để Thỉnh thoảng chúng tôi mua sản phẩm và dịch vụ cho mục đích thử nghiệm [công cụ được đề xuất của chúng tôi](../tools.md). We are still working with our fiscal host (the Open Collective Foundation) to receive cryptocurrency donations, at the moment the accounting is unfeasible for many smaller transactions, but this should change in the future. In the meantime, if you wish to make a sizable (> $100) cryptocurrency donation, please reach out to [jonah@privacyguides.org](mailto:jonah@privacyguides.org). - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/about/index.md b/i18n/vi/about/index.md index 2544954c..50df4407 100644 --- a/i18n/vi/about/index.md +++ b/i18n/vi/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. Bạn **không được** sử dụng thương hiệu Privacy Guides trong dự án của riêng bạn mà không có sự chấp thuận rõ ràng từ dự án này. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/about/notices.md b/i18n/vi/about/notices.md index 08cc8ebb..8d1facef 100644 --- a/i18n/vi/about/notices.md +++ b/i18n/vi/about/notices.md @@ -41,5 +41,3 @@ Bạn không được tiến hành bất kỳ hoạt động thu thập dữ li * Quét dữ liệu * Khai thác dữ liệu * 'Khung' (IFrames) - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/about/privacy-policy.md b/i18n/vi/about/privacy-policy.md index cb6652d4..b6c1e1c0 100644 --- a/i18n/vi/about/privacy-policy.md +++ b/i18n/vi/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/about/privacytools.md b/i18n/vi/about/privacytools.md index 83d18bae..515c21f5 100644 --- a/i18n/vi/about/privacytools.md +++ b/i18n/vi/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/about/services.md b/i18n/vi/about/services.md index 962c5de7..71f2c95b 100644 --- a/i18n/vi/about/services.md +++ b/i18n/vi/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/about/statistics.md b/i18n/vi/about/statistics.md index ae1945a9..8f17240c 100644 --- a/i18n/vi/about/statistics.md +++ b/i18n/vi/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/advanced/communication-network-types.md b/i18n/vi/advanced/communication-network-types.md index 50e200cf..1f07a2c4 100644 --- a/i18n/vi/advanced/communication-network-types.md +++ b/i18n/vi/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/advanced/dns-overview.md b/i18n/vi/advanced/dns-overview.md index b96cd32d..b47af280 100644 --- a/i18n/vi/advanced/dns-overview.md +++ b/i18n/vi/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS Overview" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS translates domain names to IP addresses so browsers and other services can load Internet resources, through a decentralized network of servers. @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/advanced/payments.md b/i18n/vi/advanced/payments.md new file mode 100644 index 00000000..7e046ecd --- /dev/null +++ b/i18n/vi/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/vi/advanced/tor-overview.md b/i18n/vi/advanced/tor-overview.md index 1390df35..dd9d2a95 100644 --- a/i18n/vi/advanced/tor-overview.md +++ b/i18n/vi/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor Overview" icon: 'simple/torproject' +description: Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. --- Tor is a free to use, decentralized network designed for using the internet with as much privacy as possible. If used properly, the network enables private and anonymous browsing and communications. @@ -74,8 +75,6 @@ If you wish to use Tor for browsing the web, we only recommend the **official** - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.vi.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/vi/android.md b/i18n/vi/android.md index e9e20767..faa095d8 100644 --- a/i18n/vi/android.md +++ b/i18n/vi/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'fontawesome/brands/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. khuyến nghị -- [Tổng quan chung về Android và Đề xuất :material-arrow-right:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -37,7 +39,7 @@ We recommend installing one of these custom Android operating systems on your de [Homepage](https://grapheneos.org/){ .md-button .md-button--primary } [Chính Sách Bảo Mật](https://grapheneos.org/faq#privacy-policy){ .md-button } -Đối với những người cần Google Play Services, CalyxOS tùy chọn bao gồm [microG](https://microg.org/). CalyxOS cũng bao gồm các dịch vụ định vị thay thế, [Mozilla](https://location.services.mozilla.com/) và [DejaVu](https://github.com/n76/DejaVu). +GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). @@ -57,11 +59,11 @@ Google Pixel phones are the only devices that currently meet GrapheneOS's [hardw [:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" } [:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Contribute } -DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Nó bao gồm [UnifiedNlp](https://github.com/microg/UnifiedNlp) cho vị trí mạng. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. +DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). -DivestOS thực hiện một số bản vá tăng cường hệ thống được phát triển ban đầu cho GrapheneOS. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. +DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. !!! warning @@ -75,14 +77,14 @@ DivestOS thực hiện một số bản vá tăng cường hệ thống được When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. -Avoid buying phones from mobile network operators. Luôn kiểm tra uy tín của người bán. These phone variants will prevent you from installing any kind of alternative Android distribution. +Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution. Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner. A few more tips regarding Android devices and operating system compatibility: -- Không mua các thiết bị đã đạt hoặc gần hết tuổi thọ, các bản cập nhật firmware bổ sung phải do nhà sản xuất cung cấp. -- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. Các thiết bị này cũng không có cách nào để bạn kiểm tra xem chúng có bị giả mạo hay không. +- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer. +- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with. - In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net/) to find details! ### DivestOS @@ -107,9 +109,9 @@ The installation of GrapheneOS on a Pixel phone is easy with their [web installe A few more tips for purchasing a Google Pixel: -- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Giảm giá thường có sẵn vì Google sẽ cố gắng dọn hàng của họ. +- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock. - Consider price beating options and specials offered at physical stores. -- Look at online community bargain sites in your country. Những điều này có thể cảnh báo bạn về doanh số bán hàng tốt. +- Look at online community bargain sites in your country. These can alert you to good sales. - Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day. ## Ứng dụng chung @@ -163,7 +165,7 @@ Auditor performs attestation and intrusion detection by: - The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app). - The *auditor* records the current state and configuration of the *auditee*. - Should tampering with the operating system of the *auditee* happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations. -- Bạn sẽ được thông báo về sự thay đổi. +- You will be alerted to the change. No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring. @@ -195,7 +197,7 @@ Main privacy features include: - Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default) - Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required -- Không cần có quyền đối với micrô trừ khi bạn muốn ghi lại âm thanh +- Microphone permission not required unless you want to record sound !!! note @@ -245,7 +247,7 @@ The Google Play Store requires a Google account to login which is not great for - [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases) -Aurora Store does not allow you to download paid apps with their anonymous account feature. khuyến nghị +Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device. ### Trình xem PDF an toàn @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/basics/account-creation.md b/i18n/vi/basics/account-creation.md index a3f3af8f..afa5d429 100644 --- a/i18n/vi/basics/account-creation.md +++ b/i18n/vi/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "Account Creation" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- Often people sign up for services without thinking. Maybe it's a streaming service so you can watch that new show everyone's talking about, or an account that gives you a discount for your favorite fast food place. Whatever the case may be, you should consider the implications for your data now and later on down the line. @@ -78,5 +79,3 @@ In many cases you will need to provide a number that you can receive SMS or call ### Username and password Some services allow you to register without using an email address and only require you to set a username and password. These services may provide increased anonymity when combined with a VPN or Tor. Keep in mind that for these accounts there will most likely be **no way to recover your account** in the event you forget your username or password. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/basics/account-deletion.md b/i18n/vi/basics/account-deletion.md index 7ea7a71f..2498d604 100644 --- a/i18n/vi/basics/account-deletion.md +++ b/i18n/vi/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "Account Deletion" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://www.deceptive.design/), for the betterment of your online presence. @@ -59,5 +60,3 @@ Even when you are able to delete an account, there is no guarantee that all your ## Avoid New Accounts As the old saying goes, "an ounce of prevention is worth a pound of cure." Whenever you feel tempted to sign up for a new account, ask yourself, "Do I really need this? Can I accomplish what I need to without an account?" It can often be much harder to delete an account than to create one. And even after deleting or changing the info on your account, there might be a cached version from a third-party—like the [Internet Archive](https://archive.org/). Avoid the temptation when you're able to—your future self will thank you! - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/basics/common-misconceptions.md b/i18n/vi/basics/common-misconceptions.md index 59223e57..41997417 100644 --- a/i18n/vi/basics/common-misconceptions.md +++ b/i18n/vi/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "Common Misconceptions" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## "Open-source software is always secure" or "Proprietary software is more secure" @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one Using Tor can help with this. It is also worth noting that greater anonymity is possible through asynchronous communication: Real-time communication is vulnerable to analysis of typing patterns (i.e. more than a paragraph of text, distributed on a forum, via email, etc.) ---8<-- "includes/abbreviations.vi.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/vi/basics/common-threats.md b/i18n/vi/basics/common-threats.md index f437fef5..e278c0cb 100644 --- a/i18n/vi/basics/common-threats.md +++ b/i18n/vi/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- Broadly speaking, we categorize our recommendations into the [threats](threat-modeling.md) or goals that apply to most people. ==You may be concerned with none, one, a few, or all of these possibilities==, and the tools and services you use depend on what your goals are. You may have specific threats outside of these categories as well, which is perfectly fine! The important part is developing an understanding of the benefits and shortcomings of the tools you choose to use, because virtually none of them will protect you from every threat. @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.vi.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/vi/basics/email-security.md b/i18n/vi/basics/email-security.md index 16f22f1a..f0c2fb57 100644 --- a/i18n/vi/basics/email-security.md +++ b/i18n/vi/basics/email-security.md @@ -1,6 +1,7 @@ --- title: Email Security icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed. @@ -38,5 +39,3 @@ Email metadata is protected from outside observers with [Opportunistic TLS](http ### Why Can't Metadata be E2EE? Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/basics/multi-factor-authentication.md b/i18n/vi/basics/multi-factor-authentication.md index edceeb29..ae57848d 100644 --- a/i18n/vi/basics/multi-factor-authentication.md +++ b/i18n/vi/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authentication" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **Multi-Factor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app. @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/basics/passwords-overview.md b/i18n/vi/basics/passwords-overview.md index 730b4dbd..6858d8b5 100644 --- a/i18n/vi/basics/passwords-overview.md +++ b/i18n/vi/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### Backups You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/basics/threat-modeling.md b/i18n/vi/basics/threat-modeling.md index 51af42d4..fc1b3b41 100644 --- a/i18n/vi/basics/threat-modeling.md +++ b/i18n/vi/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/basics/vpn-overview.md b/i18n/vi/basics/vpn-overview.md index 9ae1522e..a1a007f5 100644 --- a/i18n/vi/basics/vpn-overview.md +++ b/i18n/vi/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/calendar.md b/i18n/vi/calendar.md index c9f92469..86494966 100644 --- a/i18n/vi/calendar.md +++ b/i18n/vi/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -89,5 +90,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/cloud.md b/i18n/vi/cloud.md index 94b69e73..a3b74136 100644 --- a/i18n/vi/cloud.md +++ b/i18n/vi/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -26,7 +27,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Framadate @@ -61,5 +61,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/cryptocurrency.md b/i18n/vi/cryptocurrency.md new file mode 100644 index 00000000..3a9abb2c --- /dev/null +++ b/i18n/vi/cryptocurrency.md @@ -0,0 +1,59 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! khuyến nghị + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Framadate + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! cảnh báo + PrivateBin sử dụng JavaScript để xử lý mã hóa, vì vậy bạn phải tin tưởng nhà cung cấp ở mức độ họ không đưa bất kỳ JavaScript độc hại nào vào để lấy khóa cá nhân của bạn. + + ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** là một pastebin trực tuyến mã nguồn mở, tối giản, nơi máy chủ không có kiến ​​thức về dữ liệu đã dán. Dữ liệu được mã hóa/giải mã trong trình duyệt bằng 256-bit AES. tải xuống + + - [:fontawesome-brands-docker: Dockerhub](https://hub.docker.com/r/vaultwarden/server) + - [:fontawesome-brands-github: Mã nguồn](https://github.com/dani-garcia/vaultwarden) + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/vi/data-redaction.md b/i18n/vi/data-redaction.md index 43cf6bdd..cbbc4113 100644 --- a/i18n/vi/data-redaction.md +++ b/i18n/vi/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- When sharing files, be sure to remove associated metadata. Image files commonly include [Exif](https://en.wikipedia.org/wiki/Exif) data. Photos sometimes even include GPS coordinates in the file metadata. @@ -150,5 +151,3 @@ The app offers multiple ways to erase metadata from images. chú ý - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/desktop-browsers.md b/i18n/vi/desktop-browsers.md index 864b344f..2ffc43c8 100644 --- a/i18n/vi/desktop-browsers.md +++ b/i18n/vi/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -260,6 +261,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.vi.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/vi/desktop.md b/i18n/vi/desktop.md index 7e8e0958..76917148 100644 --- a/i18n/vi/desktop.md +++ b/i18n/vi/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -176,5 +177,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/dns.md b/i18n/vi/dns.md index 8f26c25c..dc45da28 100644 --- a/i18n/vi/dns.md +++ b/i18n/vi/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -138,8 +137,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.vi.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/vi/email-clients.md b/i18n/vi/email-clients.md index da53467e..6684003d 100644 --- a/i18n/vi/email-clients.md +++ b/i18n/vi/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -237,5 +238,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/email.md b/i18n/vi/email.md index c737142d..1cd3c7cd 100644 --- a/i18n/vi/email.md +++ b/i18n/vi/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
    + +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
    !!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
    + +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
    ### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Nhà cung cấp Cloud/SaaS @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
    + +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
    + Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/encryption.md b/i18n/vi/encryption.md index 569a168d..2be6f6bb 100644 --- a/i18n/vi/encryption.md +++ b/i18n/vi/encryption.md @@ -1,6 +1,7 @@ --- title: "Encryption Software" icon: material/file-lock +description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files. --- Encryption of data is the only way to control who can access it. If you are currently not using encryption software for your hard disk, emails or files, you should pick an option here. @@ -351,5 +352,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/file-sharing.md b/i18n/vi/file-sharing.md index 7e1247fc..a95bb817 100644 --- a/i18n/vi/file-sharing.md +++ b/i18n/vi/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -156,5 +157,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/financial-services.md b/i18n/vi/financial-services.md new file mode 100644 index 00000000..e95547fc --- /dev/null +++ b/i18n/vi/financial-services.md @@ -0,0 +1,106 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! khuyến nghị + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! khuyến nghị + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Framadate + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! cảnh báo + PrivateBin sử dụng JavaScript để xử lý mã hóa, vì vậy bạn phải tin tưởng nhà cung cấp ở mức độ họ không đưa bất kỳ JavaScript độc hại nào vào để lấy khóa cá nhân của bạn. + + ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** là một pastebin trực tuyến mã nguồn mở, tối giản, nơi máy chủ không có kiến ​​thức về dữ liệu đã dán. Dữ liệu được mã hóa/giải mã trong trình duyệt bằng 256-bit AES. tải xuống + + - [:fontawesome-brands-docker: Dockerhub](https://hub.docker.com/r/vaultwarden/server) + - [:fontawesome-brands-github: Mã nguồn](https://github.com/dani-garcia/vaultwarden) + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! khuyến nghị + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! khuyến nghị + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Framadate + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! cảnh báo + PrivateBin sử dụng JavaScript để xử lý mã hóa, vì vậy bạn phải tin tưởng nhà cung cấp ở mức độ họ không đưa bất kỳ JavaScript độc hại nào vào để lấy khóa cá nhân của bạn. + + ![PrivateBin logo](assets/img/productivity/privatebin.svg){ align=right } + + **PrivateBin** là một pastebin trực tuyến mã nguồn mở, tối giản, nơi máy chủ không có kiến ​​thức về dữ liệu đã dán. Dữ liệu được mã hóa/giải mã trong trình duyệt bằng 256-bit AES. tải xuống + + - [:fontawesome-brands-docker: Dockerhub](https://hub.docker.com/r/vaultwarden/server) + - [:fontawesome-brands-github: Mã nguồn](https://github.com/dani-garcia/vaultwarden) + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/vi/frontends.md b/i18n/vi/frontends.md index 89a3f76d..79e9b7b8 100644 --- a/i18n/vi/frontends.md +++ b/i18n/vi/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -270,5 +271,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/index.md b/i18n/vi/index.md index 7357d16d..53990236 100644 --- a/i18n/vi/index.md +++ b/i18n/vi/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/kb-archive.md b/i18n/vi/kb-archive.md index a0b2906e..92daee33 100644 --- a/i18n/vi/kb-archive.md +++ b/i18n/vi/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/meta/brand.md b/i18n/vi/meta/brand.md index fc70c8dd..53cb9ac4 100644 --- a/i18n/vi/meta/brand.md +++ b/i18n/vi/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/meta/git-recommendations.md b/i18n/vi/meta/git-recommendations.md index e641af67..f59b5f81 100644 --- a/i18n/vi/meta/git-recommendations.md +++ b/i18n/vi/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/meta/uploading-images.md b/i18n/vi/meta/uploading-images.md index ad36c356..55f136f8 100644 --- a/i18n/vi/meta/uploading-images.md +++ b/i18n/vi/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/meta/writing-style.md b/i18n/vi/meta/writing-style.md index c7c995ec..b9e47a71 100644 --- a/i18n/vi/meta/writing-style.md +++ b/i18n/vi/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/mobile-browsers.md b/i18n/vi/mobile-browsers.md index ab514a8b..4f51295c 100644 --- a/i18n/vi/mobile-browsers.md +++ b/i18n/vi/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -195,5 +196,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/multi-factor-authentication.md b/i18n/vi/multi-factor-authentication.md index bacd8a93..1b1defde 100644 --- a/i18n/vi/multi-factor-authentication.md +++ b/i18n/vi/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -152,5 +153,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/news-aggregators.md b/i18n/vi/news-aggregators.md index 07484c38..18d1409b 100644 --- a/i18n/vi/news-aggregators.md +++ b/i18n/vi/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/notebooks.md b/i18n/vi/notebooks.md index 6ec59c64..b73afa7c 100644 --- a/i18n/vi/notebooks.md +++ b/i18n/vi/notebooks.md @@ -1,6 +1,7 @@ --- title: "Sổ Ghi Chép" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Theo dõi các ghi chú và nhật ký của bạn mà không đưa chúng cho bên thứ ba. @@ -105,5 +106,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/os/android-overview.md b/i18n/vi/os/android-overview.md index 856fcc71..984df1e0 100644 --- a/i18n/vi/os/android-overview.md +++ b/i18n/vi/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: fontawesome/brands/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/os/linux-overview.md b/i18n/vi/os/linux-overview.md index d4d0d812..8ec2c9e7 100644 --- a/i18n/vi/os/linux-overview.md +++ b/i18n/vi/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/os/qubes-overview.md b/i18n/vi/os/qubes-overview.md index 3f79defc..5bba1170 100644 --- a/i18n/vi/os/qubes-overview.md +++ b/i18n/vi/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: pg/qubes-os +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/passwords.md b/i18n/vi/passwords.md index 7f8c0030..0eccf9b1 100644 --- a/i18n/vi/passwords.md +++ b/i18n/vi/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -246,5 +247,3 @@ These products are minimal password managers that can be used within scripting a - [:fontawesome-brands-github: Mã nguồn](https://github.com/dani-garcia/vaultwarden) - Must be cross-platform. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/productivity.md b/i18n/vi/productivity.md index 4b1a9387..67e6f6cd 100644 --- a/i18n/vi/productivity.md +++ b/i18n/vi/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -167,5 +168,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/real-time-communication.md b/i18n/vi/real-time-communication.md index 23da1c1e..621316c0 100644 --- a/i18n/vi/real-time-communication.md +++ b/i18n/vi/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -195,5 +196,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/router.md b/i18n/vi/router.md index 58b1ab0a..abdf4003 100644 --- a/i18n/vi/router.md +++ b/i18n/vi/router.md @@ -1,6 +1,7 @@ --- title: "Firmware Bộ định tuyến" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Dưới đây là một số hệ điều hành thay thế, có thể được sử dụng trên bộ định tuyến, điểm truy cập Wi-Fi, v.v. @@ -50,5 +51,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/search-engines.md b/i18n/vi/search-engines.md index 4ef4e222..cd43dd43 100644 --- a/i18n/vi/search-engines.md +++ b/i18n/vi/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -109,5 +110,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/tools.md b/i18n/vi/tools.md index 188917ab..87d132c2 100644 --- a/i18n/vi/tools.md +++ b/i18n/vi/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
    -- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
    + +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
    + +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
    + +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
    + +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
    @@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
    @@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
    + +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
    + +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
    @@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    [Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/tor.md b/i18n/vi/tor.md index 9c8d74f1..a1d0514d 100644 --- a/i18n/vi/tor.md +++ b/i18n/vi/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
    - ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
    Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
    -
    - -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -126,5 +121,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/video-streaming.md b/i18n/vi/video-streaming.md index 7d82f9a6..6787f9a7 100644 --- a/i18n/vi/video-streaming.md +++ b/i18n/vi/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -53,5 +54,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/vi/vpn.md b/i18n/vi/vpn.md index d3afeee0..adbd87dc 100644 --- a/i18n/vi/vpn.md +++ b/i18n/vi/vpn.md @@ -1,11 +1,20 @@ --- title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -Find a no-logging VPN operator who isn’t out to sell or read your web traffic. +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? danger "VPNs do not provide anonymity" +
    + +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
    + +!!! danger "VPNs do not provide anonymity" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic. - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Framadate @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.vi.txt" diff --git a/i18n/zh-Hant/404.md b/i18n/zh-Hant/404.md index c5e21f80..25c1c780 100644 --- a/i18n/zh-Hant/404.md +++ b/i18n/zh-Hant/404.md @@ -1,6 +1,10 @@ --- hide: - feedback +meta: + - + property: "robots" + content: "noindex, nofollow" --- # 404 - Not Found @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [Best VPN Providers](vpn.md) - [Privacy Guides Forum](https://discuss.privacyguides.net) - [Our Blog](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/about/criteria.md b/i18n/zh-Hant/about/criteria.md index cf299e43..3084230b 100644 --- a/i18n/zh-Hant/about/criteria.md +++ b/i18n/zh-Hant/about/criteria.md @@ -38,5 +38,3 @@ We have these requirements in regard to developers which wish to submit their pr - Must state what the exact threat model is with their project. - It should be clear to potential users what the project can provide, and what it cannot. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/about/donate.md b/i18n/zh-Hant/about/donate.md index 3924efa1..558ec7b3 100644 --- a/i18n/zh-Hant/about/donate.md +++ b/i18n/zh-Hant/about/donate.md @@ -48,5 +48,3 @@ We host [internet services](https://privacyguides.net) for testing and showcasin 我們偶爾會購買產品和服務,以測試我們的 [推薦工具](../tools.md)。 我們仍在與我們的財政托管機構(Open Collective Foundation)合作,以接收加密貨幣捐贈,目前會計對許多較小的交易是不可行的,但這種情況在未來應該會發生變化。 與此同時,如果您希望捐贈大於 $ 100 美元的加密貨幣,請聯繫 [jonah@privacyguides.org](mailto:jonah@privacyguides.org) - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/about/index.md b/i18n/zh-Hant/about/index.md index 5171c095..619406fe 100644 --- a/i18n/zh-Hant/about/index.md +++ b/i18n/zh-Hant/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "About Privacy Guides" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: Support the project](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. We are a non-profit collective operated entirely by volunteer [team members](https://discuss.privacyguides.net/g/team) and contributors. Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## Our Team @@ -48,9 +76,9 @@ title: "About Privacy Guides" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub! +Additionally, [many people](https://github.com/privacyguides/privacyguides.org/graphs/contributors) have made contributions to the project. You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax deductible in the United States. +Our team members review all changes made to the website and handle administrative duties such as web hosting and financials, however they do not personally profit from any contributions made to this site. Our financials are transparently hosted by the Open Collective Foundation 501(c)(3) at [opencollective.com/privacyguides](https://opencollective.com/privacyguides). Donations to Privacy Guides are generally tax-deductible in the United States. ## Site License @@ -59,5 +87,3 @@ Our team members review all changes made to the website and handle administrativ :fontawesome-brands-creative-commons: :fontawesome-brands-creative-commons-by: :fontawesome-brands-creative-commons-nd: Unless otherwise noted, the original content on this website is made available under the [Creative Commons Attribution-NoDerivatives 4.0 International Public License](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE). This means that you are free to copy and redistribute the material in any medium or format for any purpose, even commercially; as long as you give appropriate credit to `Privacy Guides (www.privacyguides.org)` and provide a link to the license. You may do so in any reasonable manner, but not in any way that suggests Privacy Guides endorses you or your use. If you remix, transform, or build upon the content of this website, you may not distribute the modified material. This license is in place to prevent people from sharing our work without giving proper credit, and to prevent people from modifying our work in a way that could be used to mislead people. If you find the terms of this license too restrictive for the project you're working on, please reach out to us at `jonah@privacyguides.org`. We are happy to provide alternative licensing options for well-intentioned projects in the privacy space! - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/about/notices.md b/i18n/zh-Hant/about/notices.md index 87df542c..bb32edd5 100644 --- a/i18n/zh-Hant/about/notices.md +++ b/i18n/zh-Hant/about/notices.md @@ -41,5 +41,3 @@ You must not conduct any systematic or automated data collection activities on o * Scraping * Data Mining * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/about/privacy-policy.md b/i18n/zh-Hant/about/privacy-policy.md index e6d9462b..26c668d1 100644 --- a/i18n/zh-Hant/about/privacy-policy.md +++ b/i18n/zh-Hant/about/privacy-policy.md @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc We will post any new versions of this statement [here](privacy-policy.md). We may change how we announce changes in future versions of this document. In the meantime we may update our contact information at any time without announcing a change. Please refer to the [Privacy Policy](privacy-policy.md) for the latest contact information at any time. A full revision [history](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) of this page can be found on GitHub. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/about/privacytools.md b/i18n/zh-Hant/about/privacytools.md index 5025f628..515c21f5 100644 --- a/i18n/zh-Hant/about/privacytools.md +++ b/i18n/zh-Hant/about/privacytools.md @@ -116,5 +116,3 @@ This topic has been discussed extensively within our communities in various loca - [Apr 2, 2022 response by u/dng99 to PrivacyTools' accusatory blog post](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [May 16, 2022 response by @TommyTran732 on Twitter](https://twitter.com/TommyTran732/status/1526153497984618496) - [Sep 3, 2022 post on Techlore's forum by @dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/about/services.md b/i18n/zh-Hant/about/services.md index 26384f7b..71f2c95b 100644 --- a/i18n/zh-Hant/about/services.md +++ b/i18n/zh-Hant/about/services.md @@ -36,5 +36,3 @@ We run a number of web services to test out features and promote cool decentrali - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/about/statistics.md b/i18n/zh-Hant/about/statistics.md index 7a967f05..8f17240c 100644 --- a/i18n/zh-Hant/about/statistics.md +++ b/i18n/zh-Hant/about/statistics.md @@ -59,5 +59,3 @@ title: Traffic Statistics }) }) - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/advanced/communication-network-types.md b/i18n/zh-Hant/advanced/communication-network-types.md index 0449d2cf..1f07a2c4 100644 --- a/i18n/zh-Hant/advanced/communication-network-types.md +++ b/i18n/zh-Hant/advanced/communication-network-types.md @@ -1,6 +1,7 @@ --- title: "Types of Communication Networks" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- There are several network architectures commonly used to relay messages between people. These networks can provide different privacy guarantees, which is why it's worth considering your [threat model](../basics/threat-modeling.md) when deciding which app to use. @@ -100,5 +101,3 @@ Self-hosting a node in an anonymous routing network does not provide the hoster - Less reliable if nodes are selected by randomized routing, some nodes may be very far from the sender and receiver, adding latency or even failing to transmit messages if one of the nodes goes offline. - More complex to get started, as the creation and secured backup of a cryptographic private key is required. - Just like other decentralized platforms, adding features is more complex for developers than on a centralized platform. Hence, features may be lacking or incompletely implemented, such as offline message relaying or message deletion. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/advanced/dns-overview.md b/i18n/zh-Hant/advanced/dns-overview.md index b812a909..6374a762 100644 --- a/i18n/zh-Hant/advanced/dns-overview.md +++ b/i18n/zh-Hant/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS 簡介" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- The [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) is the 'phonebook of the Internet'. DNS 將網域名稱轉換為 IP 位址,以便瀏覽器和其他服務可以通過分散的伺服器網路載入網路資源。 @@ -303,5 +304,3 @@ The [EDNS Client Subnet](https://en.wikipedia.org/wiki/EDNS_Client_Subnet) is a It's intended to "speed up" delivery of data by giving the client an answer that belongs to a server that is close to them such as a [content delivery network](https://en.wikipedia.org/wiki/Content_delivery_network), which are often used in video streaming and serving JavaScript web apps. This feature does come at a privacy cost, as it tells the DNS server some information about the client's location. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/advanced/payments.md b/i18n/zh-Hant/advanced/payments.md new file mode 100644 index 00000000..7e046ecd --- /dev/null +++ b/i18n/zh-Hant/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! danger + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/zh-Hant/advanced/tor-overview.md b/i18n/zh-Hant/advanced/tor-overview.md index a6525dc6..8062c723 100644 --- a/i18n/zh-Hant/advanced/tor-overview.md +++ b/i18n/zh-Hant/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor 簡介" icon: 'simple/torproject' +description: Tor 是一個免費使用的去中心化網路,專為盡可能多地使用互聯網而設計。 --- Tor 是一個免費使用的去中心化網路,專為盡可能多地使用互聯網而設計。 如果使用得當,該網路可以實現私人和匿名瀏覽和通信。 @@ -74,8 +75,6 @@ Tor 允許我們連接到服務器,而不需要任何一方知道整個路徑 - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.zh-Hant.txt" - [^1]: The first relay in your circuit is called an "entry guard" or "guard". It is a fast and stable relay that remains the first one in your circuit for 2-3 months in order to protect against a known anonymity-breaking attack. The rest of your circuit changes with every new website you visit, and all together these relays provide the full privacy protections of Tor. For more information on how guard relays work, see this [blog post](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) and [paper](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf) on entry guards. ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: Relay flag: a special (dis-)qualification of relays for circuit positions (for example, "Guard", "Exit", "BadExit"), circuit properties (for example, "Fast", "Stable"), or roles (for example, "Authority", "HSDir"), as assigned by the directory authorities and further defined in the directory protocol specification. ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/zh-Hant/android.md b/i18n/zh-Hant/android.md index 5f3415f3..3da86daa 100644 --- a/i18n/zh-Hant/android.md +++ b/i18n/zh-Hant/android.md @@ -1,6 +1,7 @@ --- title: "Android" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![Android logo](assets/img/android/android.svg){ align=right } @@ -13,8 +14,9 @@ The **Android Open Source Project** is an open-source mobile operating system le These are the Android operating systems, devices, and apps we recommend to maximize your mobile device's security and privacy. To learn more about Android: -- [General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md) -- [Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP Derivatives @@ -349,5 +351,3 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt - Applications on this page must not be applicable to any other software category on the site. - General applications should extend or replace core system functionality. - Applications should receive regular updates and maintenance. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/basics/account-creation.md b/i18n/zh-Hant/basics/account-creation.md index 66910bf4..a2842e33 100644 --- a/i18n/zh-Hant/basics/account-creation.md +++ b/i18n/zh-Hant/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "帳號創建" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- 人們經常不假思索地註冊網路服務。 也許這是一個流媒體服務,所以你可以觀看每個人都在談論的新節目,或者是一個為你最喜歡的快餐店提供折扣的帳戶。 無論在什麼樣的場景,您都應該考慮現在和以後對數據的影響。 @@ -78,5 +79,3 @@ SSO在您可以從服務之間更深入的整合中受益的情況下尤其有 ### 使用者名稱與密碼 某些服務允許您在不使用電子郵件地址的情況下註冊,並且只需要您設置用戶名稱和密碼。 當與 VPN 或 Tor 結合時,這些服務可能會提供更高的匿名性。 請記住,對於這類型的帳號,如果你忘記了你的用戶名或密碼,很可能會有**沒有辦法恢復你的帳號**。 - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/basics/account-deletion.md b/i18n/zh-Hant/basics/account-deletion.md index 5b3d3fe9..4eb27805 100644 --- a/i18n/zh-Hant/basics/account-deletion.md +++ b/i18n/zh-Hant/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "刪除帳號" icon: 'material/account-remove' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- 隨著時間的推移,它可以很容易地積累一些在線帳戶,其中許多你可能不再使用。 刪除這些未使用的帳戶是收回隱私的重要一步,因為休眠帳戶容易受到數據洩露的影響。 資料外洩是指服務的安全性受到破壞,受保護的資訊被未經授權的行為者檢視、傳輸或竊取。 Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. 本指南的目標是幫助您通過令人討厭的帳戶刪除過程,通常由 [欺騙性設計](https://www.deceptive.design/)使您變得困難,以改善您的在線存在。 @@ -59,5 +60,3 @@ Residents of the EEA have additional rights regarding data erasure specified in ## 避免註冊新帳戶 俗話說:「預防更勝治療。」 每當你覺得想要註冊一個新帳戶時,問問自己:「我真的需要註冊這個嗎? 有不需要註冊的替代方案嗎?」 刪除一個帳戶通常比創建一個帳戶要困難得多。 即使刪除或更改帳戶上的資訊,也可能有來自第三方的緩存版本,例如 [Internet Archive](https://archive.org/)。 如果可能的話,不要隨便註冊帳號-未來的你會感謝你現在的決定! - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/basics/common-misconceptions.md b/i18n/zh-Hant/basics/common-misconceptions.md index c7be678c..3dd872b0 100644 --- a/i18n/zh-Hant/basics/common-misconceptions.md +++ b/i18n/zh-Hant/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "常見的迷思" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## 「開源軟體永遠是安全的」或「商業軟體更安全」 @@ -56,6 +57,4 @@ One of the clearest threat models is one where people *know who you are* and one 使用 Tor 可以幫助我們做到這一點。 同樣值得注意的是,通過異步溝通可以實現更大的匿名性:實時溝通容易受到打字模式分析的影響(即不止一段文字,在論壇上分發,通過電子郵件等)。 ---8<-- "includes/abbreviations.zh-Hant.txt" - [^1]: One notable example of this is the [2021 incident in which University of Minnesota researchers introduced three vulnerabilities into the Linux kernel development project](https://cse.umn.edu/cs/linux-incident). diff --git a/i18n/zh-Hant/basics/common-threats.md b/i18n/zh-Hant/basics/common-threats.md index 7308496a..ee087aec 100644 --- a/i18n/zh-Hant/basics/common-threats.md +++ b/i18n/zh-Hant/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "Common Threats" icon: 'material/eye-outline' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- 從廣義上講,我們將我們的建議分為適用於大多數人的 [個威脅](threat-modeling.md) 或目標。 你可能會關心沒有,一個,幾個或所有這些可能性,你使用的工具和服務取決於你的目標是什麼。 您也可能有這些類別之外的特定威脅,這完全有可能! 重要的是要了解您選擇使用的工具的好處和缺點,因為幾乎沒有一種工具可以保護您免受任何威脅。 @@ -140,8 +141,6 @@ People concerned with the threat of censorship can use technologies like [Tor](. You must always consider the risks of trying to bypass censorship, the potential consequences, and how sophisticated your adversary may be. You should be cautious with your software selection, and have a backup plan in case you are caught. ---8<-- "includes/abbreviations.zh-Hant.txt" - [^1]: Wikipedia: [*Mass Surveillance*](https://en.wikipedia.org/wiki/Mass_surveillance) and [*Surveillance*](https://en.wikipedia.org/wiki/Surveillance). [^2]: United States Privacy and Civil Liberties Oversight Board: [*Report on the Telephone Records Program Conducted under Section 215*](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^3]: Wikipedia: [*Surveillance capitalism*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/zh-Hant/basics/email-security.md b/i18n/zh-Hant/basics/email-security.md index a50a2e6e..d7b47354 100644 --- a/i18n/zh-Hant/basics/email-security.md +++ b/i18n/zh-Hant/basics/email-security.md @@ -1,6 +1,7 @@ --- title: 電子郵件安全 icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- 電子郵件本身即非安全的通訊形式。 您可以使用 OpenPGP 等工具提高電子郵件安全性,這些工具為您的消息添加端到端加密,但與其他消息傳遞應用程序中的加密相比, OpenPGP 仍然存在許多缺點,而且由於電子郵件的設計方式,某些電子郵件數據永遠不會加密。 @@ -38,5 +39,3 @@ A smartcard (such as a [Yubikey](https://support.yubico.com/hc/en-us/articles/36 ### Why Can't Metadata be E2EE? 電子郵件元數據對於電子郵件最基本的功能(它來自何處,以及它必須去向何處)至關重要。 E2EE 最初並未內建於電子郵件協議中,而是需要像 OpenPGP 這樣的附加軟件。 由於 OpenPGP 訊息仍必須與傳統的電子郵件供應商合作,因此它無法加密電子郵件元數據,只能加密訊息正文本身。 這意味著即使在使用 OpenPGP 時,外部觀察者也可以看到關於您的消息的大量信息,例如您正在發送電子郵件的人,主題行,當您發送電子郵件時等。 - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/basics/multi-factor-authentication.md b/i18n/zh-Hant/basics/multi-factor-authentication.md index f4bc53f2..d582232b 100644 --- a/i18n/zh-Hant/basics/multi-factor-authentication.md +++ b/i18n/zh-Hant/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "多重身分驗證" icon: 'material/two-factor-authentication' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **多因素認證**(**MFA**)是一種安全機制,除了輸入用戶名(或電子郵件)和密碼之外,還需要其他步驟。 最常見的方法是您會從簡訊或應用程式收到的有時間限制的代碼。 @@ -162,5 +163,3 @@ SSH MFA can also be set up using TOTP. DigitalOcean has provided a tutorial [How ### KeePass (and KeePassXC) KeePass and KeePassXC databases can be secured using Challenge-Response or HOTP as a second-factor authentication. Yubico has provided a document for KeePass [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) and there is also one on the [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) website. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/basics/passwords-overview.md b/i18n/zh-Hant/basics/passwords-overview.md index e9c24db8..c55aa158 100644 --- a/i18n/zh-Hant/basics/passwords-overview.md +++ b/i18n/zh-Hant/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "Introduction to Passwords" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- Passwords are an essential part of our everyday digital lives. We use them to protect our accounts, our devices and our secrets. Despite often being the only thing between us and an adversary who's after our private information, not a lot of thought is put into them, which often leads to people using passwords that can be easily guessed or brute-forced. @@ -108,5 +109,3 @@ There are many good options to choose from, both cloud-based and local. Choose o ### 備份 You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/basics/threat-modeling.md b/i18n/zh-Hant/basics/threat-modeling.md index aacf439e..fc1b3b41 100644 --- a/i18n/zh-Hant/basics/threat-modeling.md +++ b/i18n/zh-Hant/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "Threat Modeling" icon: 'material/target-account' +description: Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. --- Balancing security, privacy, and usability is one of the first and most difficult tasks you'll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, etc. Often, people find that the problem with the tools they see recommended is that they're just too hard to start using! @@ -107,5 +108,3 @@ For people looking to increase their privacy and security online, we've compiled ## Sources - [EFF Surveillance Self Defense: Your Security Plan](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/basics/vpn-overview.md b/i18n/zh-Hant/basics/vpn-overview.md index 27af595a..a1a007f5 100644 --- a/i18n/zh-Hant/basics/vpn-overview.md +++ b/i18n/zh-Hant/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN Overview icon: material/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- Virtual Private Networks are a way of extending the end of your network to exit somewhere else in the world. An ISP can see the flow of internet traffic entering and exiting your network termination device (i.e. modem). -Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). A VPN can help as it can shift trust to a server somewhere else in the world. As a result, the ISP then only sees that you are connected to a VPN and nothing about the activity that you're passing into it. @@ -74,5 +75,3 @@ For situations like these, or if you have another compelling reason, the VPN pro - [Free VPN App Investigation](https://www.top10vpn.com/free-vpn-app-investigation/) - [Hidden VPN owners unveiled: 101 VPN products run by just 23 companies](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [This Chinese company is secretly behind 24 popular apps seeking dangerous permissions](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/calendar.md b/i18n/zh-Hant/calendar.md index 3b697e12..bbcb033a 100644 --- a/i18n/zh-Hant/calendar.md +++ b/i18n/zh-Hant/calendar.md @@ -1,6 +1,7 @@ --- title: "Calendar Sync" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- Calendars contain some of your most sensitive data; use products that implement E2EE at rest to prevent a provider from reading them. @@ -67,5 +68,3 @@ Calendars contain some of your most sensitive data; use products that implement Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - Should integrate with native OS calendar and contact management apps if applicable. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/cloud.md b/i18n/zh-Hant/cloud.md index 375c0a8f..2bcc2596 100644 --- a/i18n/zh-Hant/cloud.md +++ b/i18n/zh-Hant/cloud.md @@ -1,6 +1,7 @@ --- title: "Cloud Storage" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE. @@ -29,7 +30,6 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851) -Proton Drive's mobile clients were released in December 2022 and are not yet open-source. Proton has historically delayed their source code releases until after initial product releases, and [plans to](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) release the source code by the end of 2023. Proton Drive desktop clients are still in development. ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android. - Should support easy file-sharing with other users. - Should offer at least basic file preview and editing functionality on the web interface. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/cryptocurrency.md b/i18n/zh-Hant/cryptocurrency.md new file mode 100644 index 00000000..ba06ba1e --- /dev/null +++ b/i18n/zh-Hant/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! danger + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/zh-Hant/data-redaction.md b/i18n/zh-Hant/data-redaction.md index 21b53909..3fc3f30a 100644 --- a/i18n/zh-Hant/data-redaction.md +++ b/i18n/zh-Hant/data-redaction.md @@ -1,6 +1,7 @@ --- title: "Data and Metadata Redaction" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- 分享檔案時,請務必移除相關的中繼資料。 映像文件通常包含 [Exif](https://en.wikipedia.org/wiki/Exif) 數據。 照片有時甚至在文件元數據中包含GPS坐標。 @@ -142,5 +143,3 @@ The app offers multiple ways to erase metadata from images. Namely: - Apps developed for open-source operating systems must be open-source. - Apps must be free and should not include ads or other limitations. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/desktop-browsers.md b/i18n/zh-Hant/desktop-browsers.md index edaa8052..1c21c296 100644 --- a/i18n/zh-Hant/desktop-browsers.md +++ b/i18n/zh-Hant/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "Desktop Browsers" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- These are our currently recommended desktop web browsers and configurations for standard/non-anonymous browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping your browser extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -258,6 +259,4 @@ Our best-case criteria represents what we would like to see from the perfect pro - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. ---8<-- "includes/abbreviations.zh-Hant.txt" - [^1]: Brave's implementation is detailed at [Brave Privacy Updates: Partitioning network-state for privacy](https://brave.com/privacy-updates/14-partitioning-network-state/). diff --git a/i18n/zh-Hant/desktop.md b/i18n/zh-Hant/desktop.md index e373c175..2db4d119 100644 --- a/i18n/zh-Hant/desktop.md +++ b/i18n/zh-Hant/desktop.md @@ -1,6 +1,7 @@ --- title: "Desktop/PC" icon: simple/linux +description: Linux distributions are commonly recommended for privacy protection and software freedom. --- Linux distributions are commonly recommended for privacy protection and software freedom. If you don't already use Linux, below are some distributions we suggest trying out, as well as some general privacy and security improvement tips that are applicable to many Linux distributions. @@ -180,5 +181,3 @@ Our recommended operating systems: - Must support full-disk encryption during installation. - Must not freeze regular releases for more than 1 year. We [do not recommend](os/linux-overview.md#release-cycle) "Long Term Support" or "stable" distro releases for desktop usage. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/dns.md b/i18n/zh-Hant/dns.md index 84def51f..a8cc21da 100644 --- a/i18n/zh-Hant/dns.md +++ b/i18n/zh-Hant/dns.md @@ -1,13 +1,12 @@ --- title: "DNS Resolvers" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## Recommended Providers @@ -132,8 +131,6 @@ A self-hosted DNS solution is useful for providing filtering on controlled platf [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } ---8<-- "includes/abbreviations.zh-Hant.txt" - [^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) [^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) [^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) diff --git a/i18n/zh-Hant/email-clients.md b/i18n/zh-Hant/email-clients.md index 167d50e3..eec0e292 100644 --- a/i18n/zh-Hant/email-clients.md +++ b/i18n/zh-Hant/email-clients.md @@ -1,6 +1,7 @@ --- title: "Email Clients" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/email.md b/i18n/zh-Hant/email.md index 084c303a..7ab4c31d 100644 --- a/i18n/zh-Hant/email.md +++ b/i18n/zh-Hant/email.md @@ -1,6 +1,7 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. @@ -9,9 +10,21 @@ Email is practically a necessity for using any online service, however we do not For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) + ## OpenPGP Compatible Services -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. + +
    + +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
    !!! warning @@ -49,41 +62,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail doesn't offer a digital legacy feature. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. ### Mailbox.org @@ -101,43 +114,54 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
    + +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
    ### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
    + +- ![AnonAddy logo](assets/img/email/anonaddy.svg#only-light){ .twemoji }![AnonAddy logo](assets/img/email/anonaddy-dark.svg#only-dark){ .twemoji } [AnonAddy](email.md#anonaddy) +- ![SimpleLogin logo](assets/img/email/simplelogin.svg){ .twemoji } [SimpleLogin](email.md#simplelogin) + +
    + Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### Security @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/encryption.md b/i18n/zh-Hant/encryption.md index ca7cb0d2..34634316 100644 --- a/i18n/zh-Hant/encryption.md +++ b/i18n/zh-Hant/encryption.md @@ -1,6 +1,7 @@ --- title: "加密軟體" icon: material/file-lock +description: 數據加密是控制誰可以訪問它的唯一方法。 These tools allow you to encrypt your emails and any other files. --- 數據加密是控制誰可以訪問它的唯一方法。 如果您目前沒有為您的硬盤,電子郵件或文件使用加密軟件,您應該在這裡選擇一個選項。 @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/file-sharing.md b/i18n/zh-Hant/file-sharing.md index 2f3c6591..3e79d791 100644 --- a/i18n/zh-Hant/file-sharing.md +++ b/i18n/zh-Hant/file-sharing.md @@ -1,6 +1,7 @@ --- title: "File Sharing and Sync" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/financial-services.md b/i18n/zh-Hant/financial-services.md new file mode 100644 index 00000000..480c924c --- /dev/null +++ b/i18n/zh-Hant/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/zh-Hant/frontends.md b/i18n/zh-Hant/frontends.md index 0534be7c..7f245f41 100644 --- a/i18n/zh-Hant/frontends.md +++ b/i18n/zh-Hant/frontends.md @@ -1,6 +1,7 @@ --- title: "Frontends" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- Sometimes services will try to force you to sign up for an account by blocking access to content with annoying popups. They might also break without JavaScript enabled. These frontends can allow you to get around these restrictions. @@ -264,5 +265,3 @@ Recommended frontends... We only consider frontends for websites which are... - Not normally accessible without JavaScript. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/index.md b/i18n/zh-Hant/index.md index 6f78bdf1..f60df531 100644 --- a/i18n/zh-Hant/index.md +++ b/i18n/zh-Hant/index.md @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/kb-archive.md b/i18n/zh-Hant/kb-archive.md index 62248502..92daee33 100644 --- a/i18n/zh-Hant/kb-archive.md +++ b/i18n/zh-Hant/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/meta/brand.md b/i18n/zh-Hant/meta/brand.md index 7fbaa29e..53cb9ac4 100644 --- a/i18n/zh-Hant/meta/brand.md +++ b/i18n/zh-Hant/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/meta/git-recommendations.md b/i18n/zh-Hant/meta/git-recommendations.md index 3218ab77..f59b5f81 100644 --- a/i18n/zh-Hant/meta/git-recommendations.md +++ b/i18n/zh-Hant/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/meta/uploading-images.md b/i18n/zh-Hant/meta/uploading-images.md index 2b0b800e..55f136f8 100644 --- a/i18n/zh-Hant/meta/uploading-images.md +++ b/i18n/zh-Hant/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/meta/writing-style.md b/i18n/zh-Hant/meta/writing-style.md index 446fb02e..b9e47a71 100644 --- a/i18n/zh-Hant/meta/writing-style.md +++ b/i18n/zh-Hant/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/mobile-browsers.md b/i18n/zh-Hant/mobile-browsers.md index 45ef1dc7..d7adee8f 100644 --- a/i18n/zh-Hant/mobile-browsers.md +++ b/i18n/zh-Hant/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "Mobile Browsers" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- These are our currently recommended mobile web browsers and configurations for standard/non-anonymous internet browsing. If you need to browse the internet anonymously, you should use [Tor](tor.md) instead. In general, we recommend keeping extensions to a minimum; they have privileged access within your browser, require you to trust the developer, can make you [stand out](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), and [weaken](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) site isolation. @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - Must not replicate built-in browser or OS functionality. - Must directly impact user privacy, i.e. must not simply provide information. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/multi-factor-authentication.md b/i18n/zh-Hant/multi-factor-authentication.md index 09eb8659..41030fe3 100644 --- a/i18n/zh-Hant/multi-factor-authentication.md +++ b/i18n/zh-Hant/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: 'material/two-factor-authentication' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## Hardware Security Keys @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/news-aggregators.md b/i18n/zh-Hant/news-aggregators.md index f72e764e..2dad5ac0 100644 --- a/i18n/zh-Hant/news-aggregators.md +++ b/i18n/zh-Hant/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "News Aggregators" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/notebooks.md b/i18n/zh-Hant/notebooks.md index c7d8ceda..0739f668 100644 --- a/i18n/zh-Hant/notebooks.md +++ b/i18n/zh-Hant/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/os/android-overview.md b/i18n/zh-Hant/os/android-overview.md index 27091970..a78631a2 100644 --- a/i18n/zh-Hant/os/android-overview.md +++ b/i18n/zh-Hant/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android Overview icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- Android is a secure operating system that has strong [app sandboxing](https://source.android.com/security/app-sandbox), [Verified Boot](https://source.android.com/security/verifiedboot) (AVB), and a robust [permission](https://developer.android.com/guide/topics/permissions/overview) control system. @@ -53,9 +54,44 @@ It's important to not use an [end-of-life](https://endoflife.date/android) versi ## Android Permissions -[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. +[Permissions on Android](https://developer.android.com/guide/topics/permissions/overview) grant you control over what apps are allowed to access. Google regularly makes [improvements](https://developer.android.com/about/versions/11/privacy/permissions) on the permission system in each successive version. All apps you install are strictly [sandboxed](https://source.android.com/security/app-sandbox), therefore, there is no need to install any antivirus apps. -Should you want to run an app that you're unsure about, consider using a user or work profile. +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! warning + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## Media Access @@ -131,5 +167,3 @@ You will either be given the option to delete your advertising ID or to *Opt out [SafetyNet](https://developer.android.com/training/safetynet/attestation) and the [Play Integrity APIs](https://developer.android.com/google/play/integrity) are generally used for [banking apps](https://grapheneos.org/usage#banking-apps). Many banking apps will work fine in GrapheneOS with sandboxed Play services, however some non-financial apps have their own crude anti-tampering mechanisms which might fail. GrapheneOS passes the `basicIntegrity` check, but not the certification check `ctsProfileMatch`. Devices with Android 8 or later have hardware attestation support which cannot be bypassed without leaked keys or serious vulnerabilities. As for Google Wallet, we don't recommend this due to their [privacy policy](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en), which states you must opt-out if you don't want your credit rating and personal information shared with affiliate marketing services. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/os/linux-overview.md b/i18n/zh-Hant/os/linux-overview.md index a7d9bcac..edb6f1b6 100644 --- a/i18n/zh-Hant/os/linux-overview.md +++ b/i18n/zh-Hant/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux Overview icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigour applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. +It is often believed that [open-source](https://en.wikipedia.org/wiki/Open-source_software) software is inherently secure because the source code is available. There is an expectation that community verification occurs regularly; however, this isn’t always [the case](https://seirdy.one/posts/2022/02/02/floss-security/). It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. At the moment, desktop Linux does have some areas that could be better improved when compared to their proprietary counterparts, e.g.: @@ -139,5 +140,3 @@ The Fedora Project [counts](https://fedoraproject.org/wiki/Changes/DNF_Better_Co This [option](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) is currently off by default. We recommend adding `countme=false` to `/etc/dnf/dnf.conf` just in case it is enabled in the future. On systems that use `rpm-ostree` such as Silverblue, the countme option is disabled by masking the [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) timer. openSUSE also uses a [unique ID](https://en.opensuse.org/openSUSE:Statistics) to count systems, which can be disabled by deleting the `/var/lib/zypp/AnonymousUniqueId` file. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/os/qubes-overview.md b/i18n/zh-Hant/os/qubes-overview.md index 06bcda1c..17b286b9 100644 --- a/i18n/zh-Hant/os/qubes-overview.md +++ b/i18n/zh-Hant/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes Overview" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) is an operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated virtual machines. Each VM is called a *Qube* and you can assign each Qube a level of trust based on its purpose. As Qubes OS provides security by using isolation, and only permitting actions on a per case basis, it is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/). @@ -52,5 +53,3 @@ For additional information we encourage you to consult the extensive Qubes OS do - J. Rutkowska: [*Software compartmentalization vs. physical separation*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. Rutkowska: [*Partitioning my digital life into security domains*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*Related Articles*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/passwords.md b/i18n/zh-Hant/passwords.md index be3979e0..e81f1186 100644 --- a/i18n/zh-Hant/passwords.md +++ b/i18n/zh-Hant/passwords.md @@ -1,6 +1,7 @@ --- title: "Password Managers" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/productivity.md b/i18n/zh-Hant/productivity.md index 2a4dc476..4490325d 100644 --- a/i18n/zh-Hant/productivity.md +++ b/i18n/zh-Hant/productivity.md @@ -1,6 +1,7 @@ --- title: "Productivity Tools" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/real-time-communication.md b/i18n/zh-Hant/real-time-communication.md index 6046be6f..68f9d767 100644 --- a/i18n/zh-Hant/real-time-communication.md +++ b/i18n/zh-Hant/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "Real-Time Communication" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- These are our recommendations for encrypted real-time communication. @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/router.md b/i18n/zh-Hant/router.md index 186b3169..a494c017 100644 --- a/i18n/zh-Hant/router.md +++ b/i18n/zh-Hant/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - Must support a wide variety of hardware. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/search-engines.md b/i18n/zh-Hant/search-engines.md index 63381443..911525d7 100644 --- a/i18n/zh-Hant/search-engines.md +++ b/i18n/zh-Hant/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/tools.md b/i18n/zh-Hant/tools.md index 93c1cf7b..71809d04 100644 --- a/i18n/zh-Hant/tools.md +++ b/i18n/zh-Hant/tools.md @@ -3,6 +3,7 @@ title: "Privacy Tools" icon: material/tools hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- If you're looking for a specific solution to something, these are the hardware and software tools we recommend in a variety of categories. Our recommended privacy tools are primarily chosen based on security features, with additional emphasis on decentralized and open-source tools. They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -84,7 +85,7 @@ For more details about each project, why they were chosen, and additional tips o
    -- ![Aurora Store logo](/assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) - ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) - ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) - ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) @@ -199,6 +200,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
    + +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
    + +[Learn more :material-arrow-right-drop-circle:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
    + +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
    + +[Learn more :material-arrow-right-drop-circle:](financial-services.md#gift-card-marketplaces) + ### Search Engines
    @@ -226,9 +250,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn) - ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) - ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
    @@ -247,6 +271,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [Learn more :material-arrow-right-drop-circle:](calendar.md) +### Cryptocurrency + +
    + +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
    + +[Learn more :material-arrow-right-drop-circle:](cryptocurrency.md) + ### Data and Metadata Redaction
    @@ -439,5 +473,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    [Learn more :material-arrow-right-drop-circle:](video-streaming.md) - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/tor.md b/i18n/zh-Hant/tor.md index 65e38570..ce93c961 100644 --- a/i18n/zh-Hant/tor.md +++ b/i18n/zh-Hant/tor.md @@ -1,6 +1,7 @@ --- title: "Tor Network" icon: simple/torproject +description: Protect your internet browsing from prying eyes by using the Tor network, a secure network which circumvents censorship. --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } @@ -15,13 +16,7 @@ The **Tor** network is a group of volunteer-operated servers that allows you to Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. -
    - ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
    Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
    -
    - -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +[Detailed Tor Overview :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} ## Connecting to Tor @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/video-streaming.md b/i18n/zh-Hant/video-streaming.md index 29dafe3f..8f8ebd0b 100644 --- a/i18n/zh-Hant/video-streaming.md +++ b/i18n/zh-Hant/video-streaming.md @@ -1,6 +1,7 @@ --- title: "Video Streaming" icon: material/video-wireless +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- The primary threat when using a video streaming platform is that your streaming habits and subscription lists could be used to profile you. You should combine these tools with a [VPN](vpn.md) or [Tor](https://www.torproject.org/) to make it harder to profile your usage. @@ -48,5 +49,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh-Hant/vpn.md b/i18n/zh-Hant/vpn.md index 78524974..9ace3ba3 100644 --- a/i18n/zh-Hant/vpn.md +++ b/i18n/zh-Hant/vpn.md @@ -1,11 +1,20 @@ --- -title: "VPN 服務" +title: "VPN Services" icon: material/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -尋找不會讀取及販賣您流量的 VPN 營運商 +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? 注意 "VPN 不會讓您匿名" +
    + +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
    + +!!! 注意 "VPN 不會讓您匿名" Using a VPN will **not** keep your browsing habits anonymous, nor will it add additional security to non-secure (HTTP) traffic. @@ -15,80 +24,11 @@ icon: material/vpn [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button } -??? question "When are VPNs useful?" - - If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## Recommended Providers -!!! abstract "Criteria" - - Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#our-criteria) for more information. - -### Proton VPN - -!!! recommendation annotate - - ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - - **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - - [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - - ??? downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) - - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) - - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) - - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) - -??? success annotate "67 Countries" - - Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - -1. Last checked: 2022-09-16 - -??? success "Independently Audited" - - As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - -??? success "Open-Source Clients" - - Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - -??? success "Accepts Cash" - - Proton VPN, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, and **cash/local currency** as anonymous forms of payment. - -??? success "WireGuard Support" - - Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - -??? warning "Remote Port Forwarding" - - Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. - -!!! danger "Killswitch feature is broken on Intel-based Macs" - - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Our recommended providers use encryption, accept Monero, support WireGuard & OpenVPN, and have a no logging policy. Read our [full list of criteria](#criteria) for more information. ### IVPN @@ -111,43 +51,44 @@ icon: material/vpn - [:simple-apple: macOS](https://www.ivpn.net/apps-macos/) - [:simple-linux: Linux](https://www.ivpn.net/apps-linux/) -??? success annotate "35 Countries" +#### :material-check:{ .pg-green } 35 Countries - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2022-09-16 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). +#### :material-check:{ .pg-green } Independently Audited -??? success "Open-Source Clients" +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). +#### :material-check:{ .pg-green } Open-Source Clients -??? success "Accepts Cash and Monero" +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. +#### :material-check:{ .pg-green } Accepts Cash and Monero -??? success "WireGuard Support" +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +#### :material-check:{ .pg-green } WireGuard Support -??? success "Remote Port Forwarding" +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). -??? success "Mobile Clients" +#### :material-check:{ .pg-green } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. ### Mullvad @@ -172,55 +113,120 @@ icon: material/vpn - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) -??? success annotate "41 Countries" +#### :material-check:{ .pg-green } 41 Countries - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. - - We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } 1. Last checked: 2023-01-19 -??? success "Independently Audited" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). + +### Proton VPN + +!!! recommendation annotate + + ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ align=right } - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + **Proton VPN** is a strong contender in the VPN space, and they have been in operation since 2016. Proton AG is based in Switzerland and offers a limited free tier, as well as a more featured premium option. - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + [:octicons-home-16: Homepage](https://protonvpn.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://protonvpn.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://protonvpn.com/support/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/ProtonVPN){ .card-link title="Source Code" } - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + ??? downloads - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android) + - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id1437005085) + - [:simple-github: GitHub](https://github.com/ProtonVPN/android-app/releases) + - [:simple-windows11: Windows](https://protonvpn.com/download-windows) + - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? success "Open-Source Clients" +#### :material-check:{ .pg-green } 67 Countries - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (fewer hops) to the destination. +{ .annotate } -??? success "Accepts Cash and Monero" +1. Last checked: 2022-09-16 - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. They also accept Swish and bank wire transfers. +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). -??? success "WireGuard Support" +#### :material-check:{ .pg-green } Independently Audited - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). +As of January 2020, Proton VPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in Proton VPN's Windows, Android, and iOS applications, all of which were "properly fixed" by Proton VPN before the reports were published. None of the issues identified would have provided an attacker remote access to your device or traffic. You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). -??? success "IPv6 Support" +#### :material-check:{ .pg-green } Open-Source Clients - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). -??? success "Remote Port Forwarding" +#### :material-check:{ .pg-green } Accepts Cash - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. -??? success "Mobile Clients" +#### :material-check:{ .pg-green } WireGuard Support - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). +Proton VPN mostly supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). Additionally, WireGuard aims to be simpler and more performant. -??? info "Additional Functionality" +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding + +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. Especially Peer-to-peer applications like Torrent clients. + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. + +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs + +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -255,13 +261,13 @@ We prefer our recommended providers to collect as little data as possible. Not c **Minimum to Qualify:** -- Monero or cash payment option. +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - No personal information required to register: Only username, password, and email at most. **Best Case:** -- Accepts Monero, cash, and other forms of anonymous payment options (gift cards, etc.) -- No personal information accepted (autogenerated username, no email required, etc.) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### Security @@ -319,5 +325,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.zh-Hant.txt" diff --git a/i18n/zh/404.md b/i18n/zh/404.md index b8ca171d..ded3df25 100644 --- a/i18n/zh/404.md +++ b/i18n/zh/404.md @@ -1,11 +1,15 @@ --- hide: - - feedback + - 反馈 +meta: + - + property: "机器人" + content: "索引,nofollow" --- # 404 - 页面不存在 -We couldn't find the page you were looking for! Maybe you were looking for one of these? +我们找不到你请求的页面! 或许你是在找这些吗? - [威胁模型分析简介](basics/threat-modeling.md) - [推荐的DNS提供商](dns.md) @@ -13,5 +17,3 @@ We couldn't find the page you were looking for! Maybe you were looking for one o - [最好的VPN提供商](vpn.md) - [Privacy Guides论坛](https://discuss.privacyguides.net) - [我们的博客](https://blog.privacyguides.org) - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/about/criteria.md b/i18n/zh/about/criteria.md index 4efde1a2..b2110434 100644 --- a/i18n/zh/about/criteria.md +++ b/i18n/zh/about/criteria.md @@ -38,5 +38,3 @@ title: 通用标准 - 必须说明其项目的确切威胁模式是什么。 - 潜在的用户应该清楚地知道该项目能提供什么,以及不能提供什么。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/about/donate.md b/i18n/zh/about/donate.md index 218a86cc..c7ff3e58 100644 --- a/i18n/zh/about/donate.md +++ b/i18n/zh/about/donate.md @@ -48,5 +48,3 @@ title: 支持我们 我们偶尔会购买产品和服务,以测试我们 [推荐的工具](../tools.md)。 我们仍在与我们的财政主机(Open Collective Foundation)合作,以接收加密货币捐款,目前,对于许多较小的交易来说,会计是不可行的,但这在未来应该会改变。 同时,如果您希望进行大额(> $100)加密货币捐赠,请联系 [jonah@privacyguides.org](mailto:jonah@privacyguides.org)。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/about/index.md b/i18n/zh/about/index.md index 7f249fe0..29cc0bd4 100644 --- a/i18n/zh/about/index.md +++ b/i18n/zh/about/index.md @@ -1,10 +1,38 @@ --- +template: schema.html title: "关于隐私指南(Privacy Guides)" +description: Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy. --- -**隐私指南(Privacy Guides)** 是一个有社会动机的网站,提供保护你的数据安全和隐私的信息。 我们是一个非营利性的集体,完全由志愿者 [团队成员](https://discuss.privacyguides.net/g/team) 和贡献者运作。 +![Privacy Guides logo](../assets/brand/png/square/pg-yellow.png){ align=right } -[:material-hand-coin-outline: 支持该项目](donate.md ""){.md-button.md-button--primary} +**Privacy Guides** is a socially motivated website that provides [information](/kb) for protecting your data security and privacy. 我们是一个非营利性的集体,完全由志愿者 [团队成员](https://discuss.privacyguides.net/g/team) 和贡献者运作。 Our website is free of advertisements and not affiliated with any listed providers. + +[:octicons-home-16:](https://www.privacyguides.org/){ .card-link title=Homepage } +[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" } +[:octicons-heart-16:](donate.md){ .card-link title=Contribute } + +The purpose of Privacy Guides is to educate our community on the importance of privacy online and government programs internationally that are designed to monitor all of your online activities. + +> To find [privacy-focused alternative] apps, check out sites like Good Reports and **Privacy Guides**, which list privacy-focused apps in a variety of categories, notably including email providers (usually on paid plans) that aren’t run by the big tech companies. + +— [New York Times](https://www.nytimes.com/wirecutter/guides/online-security-social-media-privacy/) + +> If you're looking for a new VPN, you can go to the discount code of just about any podcast. If you are looking for a **good** VPN, you need professional help. The same goes for email clients, browsers, operating systems and password managers. How do you know which of these is the best, most privacy-friendly option? For that there is **Privacy Guides**, a platform on which a number of volunteers search day in, day out for the best privacy-friendly tools to use on the internet. + +— [Tweakers.net](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html) [Translated from Dutch] + +Also featured on: [Ars Technica](https://arstechnica.com/gadgets/2022/02/is-firefox-ok/), [Wirecutter](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-windows-pc/) [[2](https://www.nytimes.com/wirecutter/guides/practical-guide-to-securing-your-mac/)], and [Wired](https://www.wired.com/story/firefox-mozilla-2022/). + +## History + +Privacy Guides was launched in September 2021 as a continuation of the [defunct](privacytools.md) "PrivacyTools" open-source educational project. We recognized the importance of independent, criteria-focused product recommendations and general knowledge in the privacy space, which is why we needed to preserve the work that had been created by so many contributors since 2015 and make sure that information had a stable home on the web indefinitely. + +In 2022, we completed the transition of our main website framework from Jekyll to MkDocs, using the `mkdocs-material` documentation software. This change made open-source contributions to our site significantly easier for outsiders, because instead of needing to know complicated syntax to write posts effectively, contributing is now as easy as writing a standard Markdown document. + +We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net/) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms. + +So far in 2023 we've launched international translations of our website in [French](/fr/), [Hebrew](/he/), and [Dutch](/nl/), with more languages on the way, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry. ## 我们的团队 @@ -48,9 +76,9 @@ title: "关于隐私指南(Privacy Guides)" - [:simple-github: GitHub](https://github.com/hook9 "@hook9") - [:simple-mastodon: Mastodon](https://mastodon.neat.computer/@oliviablob "@oliviablob@neat.computer"){rel=me} -此外, [多人](https://github.com/privacyguides/privacyguides.org/graphs/contributors) 已经为该项目做了贡献。 你也可以,我们在GitHub上是开源的。 +此外, [多人](https://github.com/privacyguides/privacyguides.org/graphs/contributors) 已经为该项目做了贡献。 You can too, we're open sourced on GitHub, and accepting translation suggestions on [Crowdin](https://crowdin.com/project/privacyguides). -我们的团队成员审查所有对网站的修改,并处理行政职责,如网站托管和财务,但他们个人并不从对本网站的任何贡献中获益。 我们的财务状况由开放集体基金会501(c)(3)透明地托管,网址是: [opencollective.com/privacyguides](https://opencollective.com/privacyguides)。 在美国,对隐私指南的捐赠通常可以抵扣税款。 +我们的团队成员审查所有对网站的修改,并处理行政职责,如网站托管和财务,但他们个人并不从对本网站的任何贡献中获益。 我们的财务状况由开放集体基金会501(c)(3)透明地托管,网址是: [opencollective.com/privacyguides](https://opencollective.com/privacyguides)。 Donations to Privacy Guides are generally tax-deductible in the United States. ## 网站许可证 @@ -59,5 +87,3 @@ title: "关于隐私指南(Privacy Guides)" 除非另有说明,否则本网站上的所有内容均根据 [Creative Commons Attribution-NoDerivatives 4.0国际公共许可证](https://github.com/privacyguides/privacyguides.org/blob/main/LICENSE)的条款提供。 这意味着你可以自由地以任何媒介或形式复制和重新分发材料,用于任何目的,甚至是商业目的;只要你适当地注明 `隐私指南(www.privacyguides.org)` ,并提供许可证的链接。 您可以以任何合理的方式这样做,但不得以任何方式暗示隐私指南认可您或您的使用。 如果您重构、转换或建立在此网站的内容,您可能无法分发修改过的材料。 设立这个许可证是为了防止人们在不给予适当信用的情况下分享我们的作品,并防止人们以可能被用来误导的方式修改我们的作品。 如果你觉得这个许可证的条款对你正在进行的项目来说限制性太大,请与我们联系: `jonah@privacyguides.org`。 我们很高兴为隐私领域的善意项目提供替代的许可选项 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/about/notices.md b/i18n/zh/about/notices.md index e580d137..2a39645a 100644 --- a/i18n/zh/about/notices.md +++ b/i18n/zh/about/notices.md @@ -41,5 +41,3 @@ hide: * Scraping * 数据挖掘 * 'Framing' (IFrames) - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/about/privacy-policy.md b/i18n/zh/about/privacy-policy.md index d6b40e9f..b3058221 100644 --- a/i18n/zh/about/privacy-policy.md +++ b/i18n/zh/about/privacy-policy.md @@ -1,5 +1,5 @@ --- -title: "Privacy Policy" +title: "隐私政策" --- 隐私指南是一个社区项目,由一些活跃的志愿者贡献者运营。 团队成员的公开列表 [可在GitHub](https://github.com/orgs/privacyguides/people)上找到。 @@ -59,5 +59,3 @@ For complaints under GDPR more generally, you may lodge complaints with your loc 我们将 [在此发布](privacy-policy.md)本声明的新版本。 我们可能会更改此文档未来版本中更改公告的方式。 在此期间,我们可以随时更新我们的联系信息,而不会宣布更改。 请随时参阅 [隐私政策](privacy-policy.md) ,了解最新的联系信息。 本页的完整修订版 [历史](https://github.com/privacyguides/privacyguides.org/commits/main/docs/about/privacy-policy.md) ,可在GitHub上找到。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/about/privacytools.md b/i18n/zh/about/privacytools.md index c015d7ba..3891280e 100644 --- a/i18n/zh/about/privacytools.md +++ b/i18n/zh/about/privacytools.md @@ -35,7 +35,6 @@ PrivacyTools由“BurungHantu”于2015年创立,他希望在斯诺登揭露 ## 社区呼吁行动 在2021年7月底,我们 - ,通知PrivacyTools社区,我们打算选择一个新的名字,并在一个新的域名上继续项目,将在2022年8月2日选择 [](https://web.archive.org/web/20210729190935/https://aragon.cloud/apps/forms/cMPxG9KyopapBbcw)。 最后,"Privacy Guides "被选中, `privacyguides.org` 域名已经被Jonah拥有,用于2020年的一个副业项目,但没有得到发展。

    @@ -142,5 +141,3 @@ BurungHantu还在Twitter上发了一篇 [的帖子](https://twitter.com/privacyt - [2022年4月2日u/dng99对PrivacyTools的指责性博文的回应](https://www.reddit.com/comments/tuo7mm/comment/i35kw5a/) - [2022年5月16日,由@TommyTran732在Twitter上回应](https://twitter.com/TommyTran732/status/1526153497984618496) - [2022年9月3日在Techlore的论坛上发表的帖子:@dngray](https://discuss.techlore.tech/t/has-anyone-seen-this-video-wondering-your-thoughts/792/20) - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/about/services.md b/i18n/zh/about/services.md index 70ad60ca..bcedcf04 100644 --- a/i18n/zh/about/services.md +++ b/i18n/zh/about/services.md @@ -36,5 +36,3 @@ - Availability: Semi-Public We host Invidious primarily to serve embedded YouTube videos on our website, this instance is not intended for general-purpose use and may be limited at any time. - Source: [github.com/iv-org/invidious](https://github.com/iv-org/invidious) - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/about/statistics.md b/i18n/zh/about/statistics.md index 3c4e5fc6..bbcd8d29 100644 --- a/i18n/zh/about/statistics.md +++ b/i18n/zh/about/statistics.md @@ -59,5 +59,3 @@ title: 流量统计 }) }) - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/advanced/communication-network-types.md b/i18n/zh/advanced/communication-network-types.md index f8664e13..435e4562 100644 --- a/i18n/zh/advanced/communication-network-types.md +++ b/i18n/zh/advanced/communication-network-types.md @@ -1,11 +1,12 @@ --- title: "通信网络类型" icon: 'material/transit-connection-variant' +description: An overview of several network architectures commonly used by instant messaging applications. --- 有几种网络架构常用于人与人之间的信息传递。 这些网络可以提供不同的隐私保证,这就是为什么在决定使用哪种应用程序时,应该考虑你的 [威胁模型](../basics/threat-modeling.md)。 -[Recommended Instant Messengers](../real-time-communication.md ""){.md-button} +[推荐的即时通讯工具](../real-time-communication.md ""){.md-button} ## 集中式网络 @@ -85,7 +86,6 @@ P2P网络不使用服务器,因为节点之间直接通信,因此不存在 使用 [匿名路由](https://doi.org/10.1007/978-1-4419-5906-5_628) 的Messenger隐藏发送方、接收方的身份或他们一直在通信的证据。 理想情况下,Messenger应该将这三者都隐藏起来。 有 [许多](https://doi.org/10.1145/3182658) 不同的方法来实现匿名网络。 其中最著名的是 - 洋葱路由 (即 [Tor](tor-overview.md)),它通过一个强加密的 [覆盖网络](https://en.wikipedia.org/wiki/Overlay_network) ,隐藏每个节点的位置以及每个信息的接收者和发送者来通信。 发件人和收件人从不直接交互,只通过一个秘密的会合节点会面,这样就不会泄露IP地址或物理位置。 节点不能解密信息,也不能解密最终目的地;只有收件人可以。 每个中间节点只能解密一部分,表明下一步将把仍然加密的信息发送到哪里,直到它到达可以完全解密的收件人那里,因此命名为 "洋葱路由"。

    在匿名网络中自托管一个节点并不为托管者提供额外的隐私,而是有助于整个网络对识别攻击的抗性,对每个人都有好处。 @@ -102,5 +102,3 @@ P2P网络不使用服务器,因为节点之间直接通信,因此不存在 - 如果通过随机路由选择节点,则某些节点可能远离发送方和接收方,增加延迟,甚至在其中一个节点脱机时无法传输消息。 - 开始时比较复杂,因为需要创建和安全备份一个加密私钥。 - 就像其他去中心化平台一样,对开发者来说,增加功能比中心化平台更复杂。 因此,功能可能缺乏或未完全实现,例如脱机消息中继或消息删除。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/advanced/dns-overview.md b/i18n/zh/advanced/dns-overview.md index 7933291a..7e5419b4 100644 --- a/i18n/zh/advanced/dns-overview.md +++ b/i18n/zh/advanced/dns-overview.md @@ -1,6 +1,7 @@ --- title: "DNS简介" icon: material/dns +description: The Domain Name System is the "phonebook of the internet," helping your browser find the website it's looking for. --- [域名系统](https://en.wikipedia.org/wiki/Domain_Name_System) 是“互联网电话簿”。 DNS将域名转换为IP地址,以便浏览器和其他服务可以通过分散的服务器网络加载互联网资源。 @@ -351,5 +352,3 @@ QNAME是一个 "限定名称",例如 `privacyguides.org`。 QNAME最小化减 它的目的是 "加快 "数据的交付,给客户一个属于离他们很近的服务器的答案,如 [内容交付网络](https://en.wikipedia.org/wiki/Content_delivery_network),这通常用于视频流和服务JavaScript网络应用。 这项功能确实是以隐私为代价的,因为它告诉DNS服务器一些关于客户端位置的信息。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/advanced/payments.md b/i18n/zh/advanced/payments.md new file mode 100644 index 00000000..13de5c4d --- /dev/null +++ b/i18n/zh/advanced/payments.md @@ -0,0 +1,84 @@ +--- +title: Private Payments +icon: material/hand-coin +--- + +There's a reason data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately. + +## Cash + +For centuries, **cash** has functioned as the primary form of private payment. Cash has excellent privacy properties in most cases, is widely accepted in most countries, and is **fungible**, meaning it is non-unique and completely interchangable. + +Cash payment laws vary by country. In the United States, special disclosure is required for cash payments over $10,000 to the IRS on [Form 8300](https://www.irs.gov/businesses/small-businesses-self-employed/form-8300-and-reporting-cash-payments-of-over-10000). The receiving business is required to ID verify the payee’s name, address, occupation, date of birth, and Social Security Number or other TIN (with some exceptions). Lower limits without ID such as $3,000 or less exist for exchanges and money transmission. Cash also contains serial numbers. These are almost never tracked by merchants, but they can be used by law enforcement in targeted investigations. + +Despite this, it’s typically the best option. + +## Prepaid Cards & Gift Cards + +It’s relatively simple to purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout to reduce fraud. + +Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (eg: from Visa or Mastercard) usually have limits of up to $1,000 per card. + +Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit. + +Prepaid cards don’t allow cash withdrawals from ATMs or “peer-to-peer” payments in Venmo and similar apps. + +Cash remains the best option for in-person purchases for most people. Gift cards can be useful for the savings they bring. Prepaid cards can be useful for places that don’t accept cash. Gift cards and prepaid cards are easier to use online than cash, and they are easier to acquire with cryptocurrencies than cash. + +### Online Marketplaces + +If you have [cryptocurrency](../cryptocurrency.md), you can purchase gift cards with an online gift card marketplace. Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +When buying gift cards online, there is usually a slight discount. Prepaid cards are usually sold online at face value or with a fee. If you buy prepaid cards and gift cards with cryptocurrencies, you should strongly prefer to pay with Monero which provides strong privacy, more on this below. Paying for a gift card with a traceable payment method negates the benefits a gift card can provide when purchased with cash or Monero. + +- [Online Gift Card Marketplaces :material-arrow-right-drop-circle:](../financial-services.md#gift-card-marketplaces) + +## Virtual Cards + +Another way to protect your information from merchants online is to use virtual, single-use cards which mask your actual banking or billing information. This is primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft. They do **not** assist you in making a purchase completely anonymously, nor do they hide any information from the banking institution themselves. Regular financial institutions which offer virtual cards are subject to "Know Your Customer" (KYC) laws, meaning they may require your ID or other identifying information. + +- [Recommended Payment Masking Services :material-arrow-right-drop-circle:](../financial-services.md#payment-masking-services) + +These tend to be good options for recurring/subscription payments online, while prepaid gift cards are preferred for one-time transactions. + +## Cryptocurrency + +Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a public blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly at any time. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose. + +!!! 危险 + + The vast majority of cryptocurrencies operate on a **public** blockchain, meaning that every transaction is public knowledge. This includes even most well-known cryptocurrencies like Bitcoin and Ethereum. Transactions with these cryptocurrencies should not be considered private and will not protect your anonymity. + + Additionally, many if not most cryptocurrencies are scams. Make transactions carefully with only projects you trust. + +### Privacy Coins + +There are a number of cryptocurrency projects which purport to provide privacy by making transactions anonymous. We recommend using one which provides transaction anonymity **by default** to avoid operational errors. + +- [Recommended Cryptocurrency :material-arrow-right-drop-circle:](../cryptocurrency.md#coins) + +Privacy coins have been subject to increasing scrutiny by government agencies. In 2020, [the IRS published a $625,000 bounty](https://www.forbes.com/sites/kellyphillipserb/2020/09/14/irs-will-pay-up-to-625000-if-you-can-crack-monero-other-privacy-coins/?sh=2e9808a085cc) for tools which can break Bitcoin Lightning Network and/or Monero's transaction privacy. They ultimately [paid two companies](https://sam.gov/opp/5ab94eae1a8d422e88945b64181c6018/view) (Chainalysis and Integra Fec) a combined $1.25 million for tools which purport to do so (it is unknown which cryptocurrency network these tools target). Due to the secrecy surrounding tools like these, ==none of these methods of tracing cryptocurrencies have been independently confirmed.== However, it is quite likely that tools which assist targeted investigations into private coin transactions exist, and that privacy coins only succeed in thwarting mass surveillance. + +### Other Coins (Bitcoin, Ethereum, etc.) + +The vast majority of cryptocurrency projects use a public blockchain, meaning that all transactions are both easily traceable and permanent. As such, we strongly discourage the use of most cryptocurrency for privacy-related reasons. + +Anonymous transactions on a public blockchain are *theoretically* possible, and the Bitcoin wiki [gives one example of a "completely anonymous" transaction](https://en.bitcoin.it/wiki/Privacy#Example_-_A_perfectly_private_donation). However, doing so requires a complicated setup involving Tor and "solo-mining" a block to generate completely independent cryptocurrency, a practice which has not been practical for nearly any enthusiast for many years. + +==Your best option is to avoid these cryptocurrencies entirely and stick with one which provides privacy by default.== Attempting to use other cryptocurrency is outside the scope of this site and strongly discouraged. + +### Wallet Custody + +With cryptocurrency there are two forms of wallets: custodial wallets and noncustodial wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Noncustodial wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, noncustodial wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies. + +### Acquisition + +Acquiring [cryptocurrencies](../cryptocurrency.md) like Monero privately can be difficult. P2P marketplaces like [LocalMonero](https://localmonero.co/), a platform which facilitates trades between people, are one option that can be used. If using an exchange which requires KYC is an acceptable risk for you as long as subsequent transactions can't be traced, a much easier option is to purchase Monero on an exchange like [Kraken](https://kraken.com/), or purchase Bitcoin/Litecoin from a KYC exchange which can then be swapped for Monero. Then, you can withdraw the purchased Monero to your own noncustodial wallet to use privately from that point forward. + +If you go this route, make sure to purchase Monero at different times and in different amounts than where you will spend it. If you purchase $5000 of Monero at an exchange and make a $5000 purchase in Monero an hour later, those actions could potentially be correlated by an outside observer regardless of which path the Monero took. Staggering purchases and purchasing larger amounts of Monero in advance to later spend on multiple smaller transactions can avoid this pitfall. + +## Additional Considerations + +When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself. + +When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address. diff --git a/i18n/zh/advanced/tor-overview.md b/i18n/zh/advanced/tor-overview.md index 41b7b325..a0e72cb3 100644 --- a/i18n/zh/advanced/tor-overview.md +++ b/i18n/zh/advanced/tor-overview.md @@ -1,6 +1,7 @@ --- title: "Tor概述" icon: 'simple/torproject' +description: Tor是一个免费使用的去中心化网络,专为尽量隐私地使用互联网而设计。 --- Tor是一个免费使用的去中心化网络,专为尽量隐私地使用互联网而设计。 如果使用得当,该网络可以实现隐私且匿名地浏览和通信。 @@ -74,8 +75,6 @@ Tor用出口、中间和入口节点的密钥对每个数据包(一个传输 - [How Tor Works - Computerphile](https://invidious.privacyguides.net/embed/QRYzre4bf7I?local=true) (YouTube) - [Tor Onion Services - Computerphile](https://invidious.privacyguides.net/embed/lVcbq_a5N9I?local=true) (YouTube) ---8<-- "includes/abbreviations.zh.txt" - [^1]: 您线路上的第一个中继称为“入口警卫“或“警卫”。 它是一个快速而稳定的中继,会在2-3个月内持续作为你的线路的第一个中继,以防止已知的破坏匿名性的攻击。 你的线路其余部分会随着你访问的每个新网站而改变,所有这些中继器一起提供Tor的全部隐私保护。 关于警卫中继器如何工作的更多信息,请参阅这篇 [博文](https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters) 和 [关于入口警卫的论文](https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf)。 ([https://support.torproject.org/tbb/tbb-2/](https://support.torproject.org/tbb/tbb-2/)) [^2]: 中继标志:由目录权限分配并在目录协议规范中进一步定义的线路位置(例如, “Guard”、“Exit”、“BadExit” )、线路属性(例如, “Fast”、“Stable” )或角色(例如, “Authority”、“HSDir” )的中继的特殊( dis- )限定。 ([https://metrics.torproject.org/glossary.html](https://metrics.torproject.org/glossary.html)) diff --git a/i18n/zh/android.md b/i18n/zh/android.md index f5b2ae27..17488c47 100644 --- a/i18n/zh/android.md +++ b/i18n/zh/android.md @@ -1,6 +1,7 @@ --- title: "安卓" icon: 'simple/android' +description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives. --- ![安卓徽标](assets/img/android/android.svg){ align=right } @@ -13,12 +14,13 @@ icon: 'simple/android' 这些是我们推荐的安卓操作系统、设备和应用程序,以最大限度地提高你的移动设备的安全和隐私。 要了解更多关于安卓的信息。 -- [安卓概况 :material-arrow-right-drop-circle:](os/android-overview.md) -- [为什么我们推荐GrapheneOS而不是CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/) +[General Android Overview :material-arrow-right-drop-circle:](os/android-overview.md ""){.md-button} + +[Why we recommend GrapheneOS over CalyxOS :material-arrow-right-drop-circle:](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ ""){.md-button} ## AOSP 衍生品 -我们建议在你的设备上安装这些定制的安卓操作系统之一,根据你的设备与这些操作系统的兼容性,按偏好顺序列出。 +We recommend installing one of these custom Android operating systems on your device, listed in order of preference, depending on your device's compatibility with these operating systems. !!! note @@ -41,9 +43,9 @@ icon: 'simple/android' [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="源代码" } [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="贡献" } -GrapheneOS支持 [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play),它像其他普通应用程序一样完全在沙盒中运行 [Google Play服务](https://en.wikipedia.org/wiki/Google_Play_Services)。 这意味着你可以利用大多数Google Play服务,如 [推送通知](https://firebase.google.com/docs/cloud-messaging/),同时让你完全控制其权限和访问,同时将其包含在你选择的特定 [工作档案](os/android-overview.md#work-profile) 或 [用户档案](os/android-overview.md#user-profiles)。 +GrapheneOS supports [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs [Google Play Services](https://en.wikipedia.org/wiki/Google_Play_Services) fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as [push notifications](https://firebase.google.com/docs/cloud-messaging/), while giving you full control over their permissions and access, and while containing them to a specific [work profile](os/android-overview.md#work-profile) or [user profile](os/android-overview.md#user-profiles) of your choice. -谷歌Pixel手机是目前唯一符合GrapheneOS的 [硬件安全要求的设备](https://grapheneos.org/faq#device-support)。 +Google Pixel phones are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#device-support). ### DivestOS @@ -60,11 +62,11 @@ GrapheneOS支持 [Sandboxed Google Play](https://grapheneos.org/usage#sandboxed- [:octicons-code-16:](https://grapheneos.org/source){ .card-link title="源代码" } [:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="贡献" } -DivestOS有自动的内核漏洞([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [补丁](https://gitlab.com/divested-mobile/cve_checker),更少的专有blobs,以及一个自定义的 [hosts](https://divested.dev/index.php?page=dnsbl) 文件。 其加固的WebView, [Mulch](https://gitlab.com/divested-mobile/mulch),使 [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) ,用于所有架构和 [网络状态分区](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning),并接收带外更新。 DivestOS还包括来自GrapheneOS的内核补丁,并通过 [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758),启用所有可用的内核安全功能。 所有比3.4版更新的内核都包括全页面 [sanitization](https://lwn.net/Articles/334747/) ,所有~22个Clang编译的内核都启用了 [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471)。 +DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, and a custom [hosts](https://divested.dev/index.php?page=dnsbl) file. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates. DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled. -DivestOS实现了一些最初为GrapheneOS开发的系统加固补丁。 DivestOS 16.0及以上版本实现了GrapheneOS的 [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) 和SENSORS权限切换, [硬化的内存分配器](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)),以及部分 [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) 硬化补丁集。 17.1和更高版本的GrapheneOS的每个网络完全 [MAC随机化](https://en.wikipedia.org/wiki/MAC_address#Randomization) 选项, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) 控制,以及自动重启/Wi-Fi/蓝牙 [超时选项](https://grapheneos.org/features)。 +DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features). -DivestOS使用F-Droid作为其默认应用商店。 通常情况下,我们会建议避免使用F-Droid,因为它有许多 [安全问题](#f-droid)。 然而,在DivestOS上这样做是不可行的;开发者通过他们自己的F-Droid仓库更新他们的应用程序([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2))。 我们建议禁用官方F-Droid应用程序,并使用 [Neo Store](https://github.com/NeoApplications/Neo-Store/) ,启用DivestOS仓库,以保持这些组件的更新。 对于其他应用程序,我们推荐的获取方法仍然适用。 +DivestOS uses F-Droid as its default app store. Normally, we would recommend avoiding F-Droid due to its numerous [security issues](#f-droid). However, doing so on DivestOS isn't viable; the developers update their apps via their own F-Droid repositories ([DivestOS Official](https://divestos.org/fdroid/official/?fingerprint=E4BE8D6ABFA4D9D4FEEF03CDDA7FF62A73FD64B75566F6DD4E5E577550BE8467) and [DivestOS WebView](https://divestos.org/fdroid/webview/?fingerprint=FB426DA1750A53D7724C8A582B4D34174E64A84B38940E5D5A802E1DFF9A40D2)). We recommend disabling the official F-Droid app and using [Neo Store](https://github.com/NeoApplications/Neo-Store/) with the DivestOS repositories enabled to keep those components up to date. For other apps, our recommended methods of obtaining them still apply. !!! 推荐 @@ -74,21 +76,21 @@ DivestOS使用F-Droid作为其默认应用商店。 通常情况下,我们会 ## 安卓设备 -在购买设备时,我们建议尽可能购买新的设备。 移动设备的软件和固件只支持有限的时间,因此购买新的设备可以尽可能地延长这一寿命。 +When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible. -避免从移动网络运营商那里购买电话。 这些产品通常有一个 **锁定的引导加载器** ,不支持 [OEM解锁](https://source.android.com/devices/bootloader/locking_unlocking)。 这些手机变体将阻止你安装任何种类的替代性安卓发行。 +Avoid buying phones from mobile network operators. These often have a **locked bootloader** and do not support [OEM unlocking](https://source.android.com/devices/bootloader/locking_unlocking). These phone variants will prevent you from installing any kind of alternative Android distribution. -对于从网上市场购买二手手机,要非常 **小心**。 始终检查卖家的声誉。 如果设备被盗,有可能 [IMEI黑名单](https://www.gsma.com/security/resources/imei-blacklisting/)。 您与前任所有者的活动相关联的风险也存在。 +Be very **careful** about buying second hand phones from online marketplaces. Always check the reputation of the seller. If the device is stolen, there's a possibility of [IMEI blacklisting](https://www.gsma.com/security/resources/imei-blacklisting/). There is also a risk involved with you being associated with the activity of the previous owner. -还有一些关于安卓设备和操作系统兼容性的提示。 +A few more tips regarding Android devices and operating system compatibility: -- 不要购买已经达到或接近其使用寿命的设备,额外的固件更新必须由制造商提供。 -- 不要购买预装的LineageOS或/e/OS手机或任何没有适当 [核实启动](https://source.android.com/security/verifiedboot) 支持和固件更新的安卓手机。 这些设备也没有办法让你检查它们是否被篡改过。 -- 简而言之,如果一个设备或Android发行版没有在这里列出,可能有一个很好的理由。 请查看我们的 [论坛](https://discuss.privacyguides.net/) ,了解详情! +- Do not buy devices that have reached or are near their end-of-life, additional firmware updates must be provided by the manufacturer. +- Do not buy preloaded LineageOS or /e/ OS phones or any Android phones without proper [Verified Boot](https://source.android.com/security/verifiedboot) support and firmware updates. These devices also have no way for you to check whether they've been tampered with. +- In short, if a device or Android distribution is not listed here, there is probably a good reason. Check out our [forum](https://discuss.privacyguides.net/) to find details! ### Google Pixel -谷歌像素手机是我们推荐购买的 **唯一** 设备。 由于对第三方操作系统的适当AVB支持和谷歌定制的 [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) 安全芯片作为安全元件,Pixel手机的硬件安全性比目前市场上的任何其他安卓设备都强。 +Google Pixel phones are the **only** devices we recommend for purchase. Pixel phones have stronger hardware security than any other Android devices currently on the market, due to proper AVB support for third-party operating systems and Google's custom [Titan](https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html) security chips acting as the Secure Element. !!! recommendation @@ -100,22 +102,22 @@ DivestOS使用F-Droid作为其默认应用商店。 通常情况下,我们会 [:material-shopping: Store](https://store.google.com/category/phones){ .md-button .md-button--primary } -像泰坦M2这样的安全元件比大多数其他手机使用的处理器的可信执行环境更加有限,因为它们只用于秘密存储、硬件证明和速率限制,而不是用于运行 "可信 "程序。 没有安全元件的手机必须使用TEE来 *,所有这些功能的* ,从而导致更大的攻击面。 +Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface. -谷歌Pixel手机使用的是名为Trusty的TEE操作系统,它是 [开源](https://source.android.com/security/trusty#whyTrusty),与其他许多手机不同。 +Google Pixel phones use a TEE OS called Trusty which is [open-source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones. -在Pixel手机上安装GrapheneOS很容易,他们的 [网页安装程序](https://grapheneos.org/install/web)。 如果你觉得自己做起来不舒服,并且愿意多花一点钱,可以看看 [NitroPhone](https://shop.nitrokey.com/shop) ,因为它们预装了GrapheneOS,来自著名的 [Nitrokey](https://www.nitrokey.com/about) 公司。 +The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://www.nitrokey.com/about) company. -购买谷歌Pixel的另外几个提示: +A few more tips for purchasing a Google Pixel: -- 如果你想买到便宜的Pixel设备,我们建议购买"**a**"型号,就在下一个旗舰机发布之后。 通常会有折扣,因为谷歌将试图清理他们的库存。 -- 考虑在实体店提供的打价方案和特价商品。 -- 看看你所在国家的在线社区便宜货网站。 这些可以提醒你有好的销售。 -- 谷歌提供了一个列表,显示了他们每个设备的 [支持周期](https://support.google.com/nexus/answer/4457705)。 设备每天的价格可以计算为。$\text{Cost} \over \text {EOL Date}-\text{Current Date}$,意味着设备使用时间越长,每天的费用越低。 +- If you're after a bargain on a Pixel device, we suggest buying an "**a**" model, just after the next flagship is released. Discounts are usually available because Google will be trying to clear their stock. +- Consider price beating options and specials offered at physical stores. +- Look at online community bargain sites in your country. These can alert you to good sales. +- Google provides a list showing the [support cycle](https://support.google.com/nexus/answer/4457705) for each one of their devices. The price per day for a device can be calculated as: $\text{Cost} \over \text {EOL Date}-\text{Current Date}$, meaning that the longer use of the device the lower cost per day. ## 常规应用程序 -我们在整个网站上推荐了各种各样的安卓应用。 这里列出的应用程序是安卓独有的,专门加强或取代关键的系统功能。 +We recommend a wide variety of Android apps throughout this site. The apps listed here are Android-exclusive and specifically enhance or replace key system functionality. ### Shelter @@ -160,22 +162,17 @@ DivestOS使用F-Droid作为其默认应用商店。 通常情况下,我们会 - [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases) - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases) -Auditor通过以下方式进行鉴证和入侵检测。 +Auditor performs attestation and intrusion detection by: -- 在 *审计员* 和 *被审计者*之间使用 [首次使用信任(TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) 模式,该配对在 - -审计员 *的硬件支持的密钥库 中建立一个私人密钥。 - - - *审计员* ,可以是审计师应用程序的另一个实例,也可以是 [远程认证服务](https://attestation.app)。 -- *审计员* 记录了 *审计对象*的当前状态和配置。 -- 如果在配对完成后发生篡改 *审计对象的操作系统* ,审计人员将意识到设备状态和配置的变化。 -- 你会被提醒注意这一变化。 - -没有个人身份信息被提交给证明服务。 我们建议你用匿名账户注册,并启用远程认证,以进行持续监控。 - -如果你的 [威胁模型](basics/threat-modeling.md) 需要隐私,你可以考虑使用 [Orbot](tor.md#orbot) 或VPN,从证明服务中隐藏你的IP地址。 为了确保你的硬件和操作系统是真实的, [,在设备安装后,在任何互联网连接之前,立即进行本地认证](https://grapheneos.org/install/web#verifying-installation)。 +- Using a [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) model between an *auditor* and *auditee*, the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/) of the *Auditor*. +- The *auditor* can either be another instance of the Auditor app or the [Remote Attestation Service](https://attestation.app). +- The *auditor* records the current state and configuration of the *auditee*. +- Should tampering with the operating system of the *auditee* happen after the pairing is complete, the auditor will be aware of the change in the device state and configurations. +- You will be alerted to the change. +No personally identifiable information is submitted to the attestation service. We recommend that you sign up with an anonymous account and enable remote attestation for continuous monitoring. +If your [threat model](basics/threat-modeling.md) requires privacy, you could consider using [Orbot](tor.md#orbot) or a VPN to hide your IP address from the attestation service. To make sure that your hardware and operating system is genuine, [perform local attestation](https://grapheneos.org/install/web#verifying-installation) immediately after the device has been installed and prior to any internet connection. ### Secure Camera @@ -196,22 +193,18 @@ Auditor通过以下方式进行鉴证和入侵检测。 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.camera.play) - [:simple-github: GitHub](https://github.com/GrapheneOS/Camera/releases) - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases) - -主要隐私功能包括: +Main privacy features include: -- 自动删除 [Exif](https://en.wikipedia.org/wiki/Exif) 元数据(默认启用)。 -- 使用新的 [媒体](https://developer.android.com/training/data-storage/shared/media) API,因此不需要 [存储权限](https://developer.android.com/training/data-storage) -- 除非您想录制声音,否则不需要麦克风权限 +- Auto removal of [Exif](https://en.wikipedia.org/wiki/Exif) metadata (enabled by default) +- Use of the new [Media](https://developer.android.com/training/data-storage/shared/media) API, therefore [storage permissions](https://developer.android.com/training/data-storage) are not required +- Microphone permission not required unless you want to record sound !!! note 目前,元数据没有从视频文件中删除,但这是计划中的。 图像方向元数据未被删除。 如果你启用位置(在安全相机中),**也不会被删除。 如果你以后想删除,你将需要使用一个外部应用程序,如 [ExifEraser](data-redaction.md#exiferaser)。 - - - ### 安全的PDF查看器(Secure PDF Viewer) @@ -233,23 +226,16 @@ Auditor通过以下方式进行鉴证和入侵检测。 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.grapheneos.pdfviewer.play) - [:simple-github: GitHub](https://github.com/GrapheneOS/PdfViewer/releases) - [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases) - - - ## 获取应用程序 - - ### GrapheneOS应用商店 -GrapheneOS的应用商店可在 [GitHub](https://github.com/GrapheneOS/Apps/releases)。 它支持Android 12及更高版本,并且能够自行更新。 该应用商店有GrapheneOS项目建立的独立应用,如 [Auditor](https://attestation.app/)、 [Camera](https://github.com/GrapheneOS/Camera)、 [PDF Viewer](https://github.com/GrapheneOS/PdfViewer)。 如果你正在寻找这些应用程序,我们强烈建议你从GrapheneOS的应用程序商店而不是Play商店获得它们,因为他们商店的应用程序是由GrapheneOS的项目自己的签名,而谷歌无法访问。 - - +GrapheneOS's app store is available on [GitHub](https://github.com/GrapheneOS/Apps/releases). It supports Android 12 and above and is capable of updating itself. The app store has standalone applications built by the GrapheneOS project such as the [Auditor](https://attestation.app/), [Camera](https://github.com/GrapheneOS/Camera), and [PDF Viewer](https://github.com/GrapheneOS/PdfViewer). If you are looking for these applications, we highly recommend that you get them from GrapheneOS's app store instead of the Play Store, as the apps on their store are signed by the GrapheneOS's project own signature that Google does not have access to. ### 奥罗拉商店(Aurora Store) -Google Play商店需要一个Google账户来登录,这对隐私来说不是很好。 你可以通过使用一个替代的客户端,如Aurora Store,来解决这个问题。 +The Google Play Store requires a Google account to login which is not great for privacy. You can get around this by using an alternative client, such as Aurora Store. !!! recommendation @@ -263,47 +249,36 @@ Google Play商店需要一个Google账户来登录,这对隐私来说不是很 ??? 下载 - [:simple-gitlab: GitLab](https://gitlab.com/AuroraOSS/AuroraStore/-/releases) - - -Aurora Store不允许您下载具有匿名帐户功能的付费应用程序。 您可以选择使用Aurora Store登录您的Google帐户下载您购买的应用程序,这确实可以访问您安装到Google的应用程序列表,但是您仍然可以从不需要完整的Google Play客户端和Google Play服务或设备上的microG中受益。 - +Aurora Store does not allow you to download paid apps with their anonymous account feature. You can optionally log in with your Google account with Aurora Store to download apps you have purchased, which does give access to the list of apps you've installed to Google, however you still benefit from not requiring the full Google Play client and Google Play Services or microG on your device. ### 手动使用RSS通知 -对于在GitHub和GitLab等平台上发布的应用程序,你也许可以在你的 [新闻聚合器](/news-aggregators) ,添加一个RSS源,这将有助于你跟踪新版本。 - -![RSS应用](./assets/img/android/rss-apk-light.png#only-light) ![RSS应用](./assets/img/android/rss-apk-dark.png#only-dark) ![APK 变更](./assets/img/android/rss-changes-light.png#only-light) ![APK 变更](./assets/img/android/rss-changes-dark.png#only-dark) - +For apps that are released on platforms like GitHub and GitLab, you may be able to add an RSS feed to your [news aggregator](/news-aggregators) that will help you keep track of new releases. +![RSS APK](./assets/img/android/rss-apk-light.png#only-light) ![RSS APK](./assets/img/android/rss-apk-dark.png#only-dark) ![APK Changes](./assets/img/android/rss-changes-light.png#only-light) ![APK Changes](./assets/img/android/rss-changes-dark.png#only-dark) #### GitHub -在GitHub上,以 [安全相机](#secure-camera) 为例,你可以导航到它的 [发布页](https://github.com/GrapheneOS/Camera/releases) ,并在URL上附加 `.atom`。 +On GitHub, using [Secure Camera](#secure-camera) as an example, you would navigate to its [releases page](https://github.com/GrapheneOS/Camera/releases) and append `.atom` to the URL: `https://github.com/GrapheneOS/Camera/releases.atom` - - #### GitLab -在GitLab上,以 [Aurora Store](#aurora-store) 为例,你可以导航到它的 [项目库](https://gitlab.com/AuroraOSS/AuroraStore) ,并在URL上附加 `/-/tags?format=atom`。 +On GitLab, using [Aurora Store](#aurora-store) as an example, you would navigate to its [project repository](https://gitlab.com/AuroraOSS/AuroraStore) and append `/-/tags?format=atom` to the URL: `https://gitlab.com/AuroraOSS/AuroraStore/-/tags?format=atom` - - #### Verifying APK Fingerprints -如果你下载APK文件进行手动安装,你可以用 [`apksigner`](https://developer.android.com/studio/command-line/apksigner) 工具验证其签名,这是Android [build-tools](https://developer.android.com/studio/releases/build-tools)的一部分。 +If you download APK files to install manually, you can verify their signature with the [`apksigner`](https://developer.android.com/studio/command-line/apksigner) tool, which is a part of Android [build-tools](https://developer.android.com/studio/releases/build-tools). 1. 安装 [Java JDK](https://www.oracle.com/java/technologies/downloads/)。 2. 下载 [Android Studio命令行工具](https://developer.android.com/studio#command-tools)。 -3. 解压缩下载的存档: - - +3. 解压缩下载的存档: ```bash unzip commandlinetools-*.zip @@ -311,19 +286,13 @@ Aurora Store不允许您下载具有匿名帐户功能的付费应用程序。 ./bin/sdkmanager --sdk_root=./ "build-tools;29.0.3" ``` - -4. 运行签名验证命令。 - - +4. 运行签名验证命令。 ```bash ./build-tools/29.0.3/apksigner verify --print-certs ../Camera-37.apk ``` - -5. 然后,所产生的哈希值可以与另一个来源进行比较。 一些开发商,如Signal [,在其网站上显示了指纹](https://signal.org/android/apk/)。 - - +5. 然后,所产生的哈希值可以与另一个来源进行比较。 一些开发商,如Signal [,在其网站上显示了指纹](https://signal.org/android/apk/)。 ```bash Signer #1 certificate DN: CN=GrapheneOS @@ -332,27 +301,21 @@ Aurora Store不允许您下载具有匿名帐户功能的付费应用程序。 Signer #1 certificate MD5 digest: dbbcd0cac71bd6fa2102a0297c6e0dd3 ``` - - - ### F-Droid -![F-Droid徽标](assets/img/android/f-droid.svg){ align=right width=120px } +![F-Droid logo](assets/img/android/f-droid.svg){ align=right width=120px } -==我们 **,而不是** ,目前推荐F-Droid作为获取应用程序的一种方式。==F-Droid经常被推荐为Google Play的替代品,特别是在隐私社区。 添加第三方资源库并不局限于谷歌的围墙花园这一选择导致了它的流行。 F-Droid另外还有 [可复制的构建](https://f-droid.org/en/docs/Reproducible_Builds/) ,用于一些应用程序,并致力于自由和开源软件。 然而,有 [显著的问题](https://privsec.dev/posts/android/f-droid-security-issues/) ,官方F-Droid客户端,他们的质量控制,以及他们如何建立、签署和交付包裹。 +==We do **not** currently recommend F-Droid as a way to obtain apps.== F-Droid is often recommended as an alternative to Google Play, particularly in the privacy community. The option to add third-party repositories and not be confined to Google's walled garden has led to its popularity. F-Droid additionally has [reproducible builds](https://f-droid.org/en/docs/Reproducible_Builds/) for some applications and is dedicated to free and open-source software. However, there are [notable problems](https://privsec.dev/posts/android/f-droid-security-issues/) with the official F-Droid client, their quality control, and how they build, sign, and deliver packages. -由于他们构建应用程序的过程,F-Droid官方资源库中的应用程序经常在更新上落后。 F-Droid维护者在用自己的密钥签署应用程序时也会重复使用包的ID,这并不理想,因为它给了F-Droid团队最终的信任。 +Due to their process of building apps, apps in the official F-Droid repository often fall behind on updates. F-Droid maintainers also reuse package IDs while signing apps with their own keys, which is not ideal as it gives the F-Droid team ultimate trust. -其他流行的第三方资源库,如 [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) ,缓解了其中的一些担忧。 IzzyOnDroid存储库直接从GitHub拉取构建,是开发者自己存储库的下一个最好的东西。 However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. 虽然这是有道理的(因为该特定仓库的目标是在应用程序被接受到F-Droid主仓库之前托管它们),但它可能会让你安装的应用程序不再收到更新。 +Other popular third-party repositories such as [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) alleviate some of these concerns. The IzzyOnDroid repository pulls builds directly from GitHub and is the next best thing to the developers' own repositories. However, it is not something that we can recommend, as apps are typically [removed](https://github.com/vfsfitvnm/ViMusic/issues/240#issuecomment-1225564446) from that respository when they make it to the main F-Droid repository. While that makes sense (since the goal of that particular repository is to host apps before they're accepted into the main F-Droid repository), it can leave you with installed apps which no longer receive updates. -That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. 重要的是要记住,这些资源库中的一些应用程序已经多年没有更新,可能依赖于不支持的库等,构成潜在的安全风险。 在通过这种方法寻找新的应用程序时,你应该使用你的最佳判断力。 +That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](https://apt.izzysoft.de/fdroid/) repositories are home to countless apps, so they can be a useful tool to search for and discover open-source apps that you can then download through Play Store, Aurora Store, or by getting the APK directly from the developer. It is important to keep in mind that some apps in these repositories have not been updated in years and may rely on unsupported libraries, among other things, posing a potential security risk. You should use your best judgement when looking for new apps via this method. !!! note In some rare cases, the developer of an app will only distribute it through F-Droid ([Gadgetbridge](https://gadgetbridge.org/) is one example of this). If you really need an app like that, we recommend using [Neo Store](https://github.com/NeoApplications/Neo-Store/) instead of the official F-Droid app to obtain it. - - - ## Criteria @@ -361,36 +324,27 @@ That said, the [F-Droid](https://f-droid.org/en/packages/) and [IzzyOnDroid](htt !!! example "This section is new" We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - - - ### 服务供应商 - 它必须是开源软件。 -- 必须支持引导器锁定,支持自定义AVB密钥。 -- 必须在发布后0-1个月内接受主要的安卓系统更新。 -- 必须在发布后0-14天内收到安卓功能更新(小版本)。 -- 必须在发布后0-5天内收到定期安全补丁。 -- 必须 **,而不是** ,开箱即 被"root"了。 -- 必须 **,而不是** ,默认启用Google Play服务。 -- 必须 **,而不是** ,需要修改系统以支持Google Play服务。 - - +- Must support bootloader locking with custom AVB key support. +- Must receive major Android updates within 0-1 months of release. +- Must receive Android feature updates (minor version) within 0-14 days of release. +- Must receive regular security patches within 0-5 days of release. +- Must **not** be "rooted" out of the box. +- Must **not** enable Google Play Services by default. +- Must **not** require system modification to support Google Play Services. ### 设备 -- 必须支持至少一个我们推荐的定制操作系统。 -- 必须是目前在商店里销售的新产品。 -- 必须接受至少5年的安全更新。 -- 必须有专门的安全要素硬件。 - - +- Must support at least one of our recommended custom operating systems. +- Must be currently sold new in stores. +- Must receive a minimum of 5 years of security updates. +- Must have dedicated secure element hardware. ### 应用程序 -- 本页的应用程序不得适用于网站上的任何其他软件类别。 -- 一般的应用程序应该扩展或取代核心系统功能。 -- 应用程序应定期得到更新和维护。 - ---8<-- "includes/abbreviations.zh.txt" +- Applications on this page must not be applicable to any other software category on the site. +- General applications should extend or replace core system functionality. +- Applications should receive regular updates and maintenance. diff --git a/i18n/zh/basics/account-creation.md b/i18n/zh/basics/account-creation.md index 1ae405ba..70f5811f 100644 --- a/i18n/zh/basics/account-creation.md +++ b/i18n/zh/basics/account-creation.md @@ -1,6 +1,7 @@ --- title: "账户创建" icon: 'material/account-plus' +description: Creating accounts online is practically an internet necessity, take these steps to make sure you stay private. --- 人们经常不假思索地注册服务。 也许它是一个流媒体服务,这样你就可以看到每个人都在谈论的新节目,或者一个为你最喜欢的快餐店提供折扣的账户。 无论情况如何,你应该考虑现在和以后对你的数据的影响。 @@ -78,5 +79,3 @@ SSO在那些你可以从服务之间的深度整合中获益的情况下,可 ### 用户名和密码 有些服务允许你不使用电子邮件地址进行注册,只要求你设置一个用户名和密码。 这些服务在与VPN或Tor结合使用时,可以提供更多的匿名性。 **请记住,对于这些账户,如果你忘记了你的用户名或密码,很可能没有办法恢复你的账户**。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/basics/account-deletion.md b/i18n/zh/basics/account-deletion.md index 044a895b..b42c7777 100644 --- a/i18n/zh/basics/account-deletion.md +++ b/i18n/zh/basics/account-deletion.md @@ -1,6 +1,7 @@ --- title: "删除帐户" icon: '资料/账户-删除' +description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection. --- 随着时间的推移,很容易积累一些在线账户,其中许多账户你可能不再使用。 删除这些未使用的账户是找回隐私的一个重要步骤,因为休眠账户很容易受到数据泄露的影响。 数据泄露是指一项服务的安全性受到损害,受保护的信息被未经授权的人查看、传输或窃取。 不幸的是,而今数据泄露 [太过于常见](https://haveibeenpwned.com/PwnedWebsites) ,因此保持良好的数字卫生是将它们对你生活的影响降到最低的最好方法。 本指南的目标就是引导您经由令人讨厌的帐户删除过程来优化你的线上生活,这些过程通常采用了 [欺骗性设计](https://www.deceptive.design/)使得其变得更加困难。 @@ -59,5 +60,3 @@ icon: '资料/账户-删除' ## 避免新账户 老话说,"上医治未病"。 每当你觉得被诱惑去注册一个新账户时,问问自己,"我真的需要这个吗? 没有账户,我可以完成我需要的东西吗?" 删除一个账户往往比创建一个账户要难得多。 而且,即使在删除或改变你的账户信息后,可能还有一个来自第三方的缓存版本,如 [Internet Archive](https://archive.org/)。 当你能够避免诱惑时--你未来的自己会感谢你的。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/basics/common-misconceptions.md b/i18n/zh/basics/common-misconceptions.md index 152ffd10..c85133af 100644 --- a/i18n/zh/basics/common-misconceptions.md +++ b/i18n/zh/basics/common-misconceptions.md @@ -1,6 +1,7 @@ --- title: "常见误区" icon: 'material/robot-confused' +description: Privacy isn't a straightforward topic, and it's easy to get caught up in marketing claims and other disinformation. --- ## “开源软件始终是安全的”或“专有软件更安全” @@ -56,6 +57,4 @@ icon: 'material/robot-confused' 使用Tor可以帮助解决这个问题。 还值得注意的是,通过异步通信可以实现更大的匿名性。实时通信容易受到打字模式的分析(即超过一段文字,在论坛上分发,通过电子邮件等)。 ---8<-- "includes/abbreviations.zh.txt" - [^1]: 其中一个明显的例子是 [2021年明尼苏达大学的研究人员将三个漏洞引入了Linux内核开发项目的事件](https://cse.umn.edu/cs/linux-incident)。 diff --git a/i18n/zh/basics/common-threats.md b/i18n/zh/basics/common-threats.md index c0765537..b74eaeb6 100644 --- a/i18n/zh/basics/common-threats.md +++ b/i18n/zh/basics/common-threats.md @@ -1,6 +1,7 @@ --- title: "常见威胁" icon: '资料/视野' +description: Your threat model is personal to you, but these are some of the things many visitors to this site care about. --- 广义而言,可以将我们有关[威胁](threat-modeling.md) 或者适用于大多数人的目标的建议分为这几类。 ==你可能关注其中零个、 一个、 几个、 或所有这些可能性==, 你应该使用的工具和服务取决于你的目标。 你可能也有这些类别之外的特定威胁,这完全可以! 重要的是要去了解您选择的这些工具的优缺点,因为也许任何工具都不能够保护您免受所有可以想象到的威胁。 @@ -140,8 +141,6 @@ icon: '资料/视野' 你必须始终考虑试图绕过审查制度的风险,潜在的后果,以及你的对手可能有多复杂。 你应该谨慎地选择软件,并有一个备份计划,以防被发现。 ---8<-- "includes/abbreviations.zh.txt" - [^1]: 美国隐私和公民自由监督委员会。 [关于根据第215条进行的电话记录计划的报告](https://documents.pclob.gov/prod/Documents/OversightReport/ec542143-1079-424a-84b3-acc354698560/215-Report_on_the_Telephone_Records_Program.pdf) [^2]: 维基百科: [监控资本主义](https://en.wikipedia.org/wiki/Surveillance_capitalism) [^3]: 维基百科。 [*监视资本主义*](https://en.wikipedia.org/wiki/Surveillance_capitalism) diff --git a/i18n/zh/basics/email-security.md b/i18n/zh/basics/email-security.md index d5e67cf8..aae3a0f4 100644 --- a/i18n/zh/basics/email-security.md +++ b/i18n/zh/basics/email-security.md @@ -1,6 +1,7 @@ --- title: 电子邮件安全 icon: material/email +description: Email is inherently insecure in many ways, and these are some of the reasons it isn't our top choice for secure communications. --- 电子邮件在默认情况下是一种不安全的通信形式。 你可以用OpenPGP等工具来提高你的电子邮件的安全性,这些工具为你的邮件增加了端对端加密功能,但OpenPGP与其他消息应用程序的加密相比,仍有一些缺点,而且由于电子邮件的设计方式,一些电子邮件数据永远无法得到固有的加密。 @@ -38,5 +39,3 @@ icon: material/email ### 为什么元数据不能被端到端加密? 电子邮件元数据对于电子邮件最基本的功能(它从哪里来,又要到哪里去)至关重要。 E2EE最初没有内置于电子邮件协议中,而是需要像OpenPGP这样的附加软件。 因为OpenPGP信息仍然要与传统的电子邮件供应商合作,它不能对电子邮件元数据进行加密,只能对信息主体本身进行加密。 这意味着,即使使用OpenPGP,外部观察者也可以看到你的信息的很多信息,如你给谁发电子邮件,主题行,你什么时候发电子邮件,等等。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/basics/multi-factor-authentication.md b/i18n/zh/basics/multi-factor-authentication.md index b97df59a..04812dc4 100644 --- a/i18n/zh/basics/multi-factor-authentication.md +++ b/i18n/zh/basics/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "多因认证" icon: '资料/双因认证' +description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others. --- **多因素认证** 是一种安全机制,除了输入用户名(或电子邮件)和密码外,还需要其他步骤。 最常见的方法可能是你需要从短信或应用程序中收到限时代码。 @@ -162,5 +163,3 @@ SSH MFA也可以使用TOTP进行设置。 DigitalOcean提供了一个教程 [如 ### KeePass (和KeePassXC) KeePass和KeePassXC数据库可以使用质询响应或HOTP作为第二因素身份验证进行保护。 Yubico为KeePass提供了一份文件 [Using Your YubiKey with KeePass](https://support.yubico.com/hc/en-us/articles/360013779759-Using-Your-YubiKey-with-KeePass) ,在 [KeePassXC](https://keepassxc.org/docs/#faq-yubikey-2fa) 网站上也有一份。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/basics/passwords-overview.md b/i18n/zh/basics/passwords-overview.md index dad28d69..32dbf5fd 100644 --- a/i18n/zh/basics/passwords-overview.md +++ b/i18n/zh/basics/passwords-overview.md @@ -1,6 +1,7 @@ --- title: "密码简介" icon: 'material/form-textbox-password' +description: These are some tips and tricks on how to create the strongest passwords and keep your accounts secure. --- 密码是我们日常数字生活的重要组成部分。 我们用它们来保护我们的账户、我们的设备和我们的秘密。 尽管密码可能是挡在觊觎我们私人信息的对手前的唯一屏障,但人们并没有在密码上花很多心思,这往往导致使用的密码很容易被猜出或被破解。 @@ -108,5 +109,3 @@ Diceware是一种创建密码的方法,这种密码容易记忆,但很难猜 ### 备份 你应该在多个存储设备或云存储提供商上存储 [加密的](../encryption.md) 密码备份。 如果你的主要设备或你正在使用的服务发生意外,这可以帮助你访问你的密码。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/basics/threat-modeling.md b/i18n/zh/basics/threat-modeling.md index 1441cff5..d1ae47d9 100644 --- a/i18n/zh/basics/threat-modeling.md +++ b/i18n/zh/basics/threat-modeling.md @@ -1,6 +1,7 @@ --- title: "威胁模型" icon: '资料/目标账户' +description: 在安全、隐私和可用性之间取得平衡是你在隐私之路上面临的首要和最困难的任务之一。 --- 在安全、隐私和可用性之间取得平衡是你在隐私之路上面临的首要和最困难的任务之一。 每件事都是一种权衡:越是安全的东西,一般来说限制性越强或越不方便,等等。 人们经常会发现这些推荐的工具最大的问题就是太难于上手使用! @@ -107,5 +108,3 @@ icon: '资料/目标账户' ## 资料来源 - [EFF 监控自我防卫: 你的安全计划](https://ssd.eff.org/en/module/your-security-plan) - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/basics/vpn-overview.md b/i18n/zh/basics/vpn-overview.md index 44146179..a114a3c5 100644 --- a/i18n/zh/basics/vpn-overview.md +++ b/i18n/zh/basics/vpn-overview.md @@ -1,11 +1,12 @@ --- title: VPN概述 icon: 资料/vpn +description: Virtual Private Networks shift risk away from your ISP to a third-party you trust. You should keep these things in mind. --- 虚拟专用网络是一种将你的网络末端延伸到世界其他地方的方式。 ISP可以看到进入和离开你的网络终端设备(即调制解调器)的互联网流量。 -互联网上普遍使用HTTPS等加密协议,因此他们可能无法准确看到你所发布或阅读的内容,但他们可以了解到你所请求的 [域](dns-overview.md#why-shouldnt-i-use-encrypted-dns)。 +Encryption protocols such as HTTPS are commonly used on the internet, so they may not be able to see exactly what you're posting or reading, but they can get an idea of the [domains you request](../advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns). VPN可以提供帮助,因为它可以将信任转移到世界其他地方的服务器上。 因此,ISP只看到你连接到了VPN,而对你传入的活动一无所知。 @@ -74,5 +75,3 @@ VPN在各种情况下仍可能对您有用,例如: - [免费VPN应用调查](https://www.top10vpn.com/free-vpn-app-investigation/) - [揭开隐蔽VPN所有者的面纱:101个VPN产品仅由23家公司运营](https://vpnpro.com/blog/hidden-vpn-owners-unveiled-97-vpns-23-companies/) - [这家中国公司秘密地在24个流行的应用程序背后寻求危险的权限](https://vpnpro.com/blog/chinese-company-secretly-behind-popular-apps-seeking-dangerous-permissions/) - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/calendar.md b/i18n/zh/calendar.md index 38b2df1b..eb360e48 100644 --- a/i18n/zh/calendar.md +++ b/i18n/zh/calendar.md @@ -1,6 +1,7 @@ --- title: "VPN供应商" icon: material/calendar +description: Calendars contain some of your most sensitive data; use products that implement encryption at rest. --- 日历包含一些最敏感的数据;使用静态实现E2EE的产品,以防止提供商读取它们。 @@ -65,5 +66,3 @@ icon: material/calendar Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page. - 如果适用的话,应该与本地操作系统的日历和联系人管理应用程序集成。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/cloud.md b/i18n/zh/cloud.md index c2879832..d61f4536 100644 --- a/i18n/zh/cloud.md +++ b/i18n/zh/cloud.md @@ -1,6 +1,7 @@ --- title: "路由器固件" icon: material/file-cloud +description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! --- 许多云存储供应商需要你完全信任他们不会查看你的文件。 下面列出的替代方案通过让你控制你的数据或通过实施E2EE来消除对信任的需求。 @@ -29,7 +30,6 @@ icon: material/file-cloud - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive) - [:simple-appstore: Web](https://apps.apple.com/app/id1509667851) -Proton Drive的移动客户端于2022年12月发布,目前尚未开源。 Proton公司历来将他们的源代码发布时间推迟到初始产品发布之后, [,计划在2023年底之前](https://www.reddit.com/r/ProtonDrive/comments/zf14i8/comment/izdwmme/?utm_source=share&utm_medium=web2x&context=3) ,发布源代码。 Proton Drive桌面客户端仍在开发中。 ## Criteria @@ -58,5 +58,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - 这些客户端应该与云存储供应商的本地操作系统工具集成,如iOS上的Files应用集成,或Android上的DocumentsProvider功能。 - 应支持与其他用户轻松分享文件。 - 应在网络界面上至少提供基本的文件预览和编辑功能。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/cryptocurrency.md b/i18n/zh/cryptocurrency.md new file mode 100644 index 00000000..a20ebf51 --- /dev/null +++ b/i18n/zh/cryptocurrency.md @@ -0,0 +1,53 @@ +--- +title: Cryptocurrency +icon: material/bank-circle +--- + +Making payments online is one of the biggest challenges to privacy. These cryptocurrencies provide transaction privacy by default (something which is **not** guaranteed by the majority of cryptocurrencies), provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +!!! 危险 + + Many if not most cryptocurrency projects are scams. Make transactions carefully with only projects you trust. + +## Monero + +!!! recommendation + + ![Monero logo](assets/img/cryptocurrency/monero.svg){ align=right } + + **Monero** uses a blockchain with privacy-enhancing technologies that obfuscate transactions to achieve anonymity. Every Monero transaction hides the transaction amount, sending and receiving addresses, and source of funds without any hoops to jump through, making it an ideal choice for cryptocurrency novices. + + [:octicons-home-16: Homepage](https://www.getmonero.org/){ .md-button .md-button--primary } + [:octicons-info-16:](https://www.getmonero.org/resources/user-guides/){ .card-link title=Documentation} + [:octicons-code-16:](https://github.com/monero-project/monero){ .card-link title="Source Code" } + [:octicons-heart-16:](https://www.getmonero.org/get-started/contributing/){ .card-link title=Contribute } + +With Monero, outside observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories. + +For optimal privacy, make sure to use a noncustodial wallet where the view key stays on the device. This means that only you will have the ability to spend your funds and see incoming and outgoing transactions. If you use a custodial wallet, the provider can see **everything** you do; if you use a “lightweight” wallet where the provider retains your private view key, the provider can see almost everything you do. Some noncustodial wallets include: + +- [Official Monero client](https://getmonero.org/downloads) (Desktop) +- [Cake Wallet](https://cakewallet.com/) (iOS, Android) + - Cake Wallet supports multiple cryptocurrencies. A Monero-only version of Cake Wallet is available at [Monero.com](https://monero.com/). +- [Feather Wallet](https://featherwallet.org/) (Desktop) +- [Monerujo](https://www.monerujo.io/) (Android) + +For maximum privacy (even with a noncustodial wallet), you should run your own Monero node. Using another person’s node will expose some information to them, such as the IP address that you connect to it from, the timestamps that you sync your wallet, and the transactions that you send from your wallet (though no other details about those transactions). Alternatively, you can connect to someone else’s Monero node over Tor or i2p. + +In August 2021, CipherTrace [announced](https://finance.yahoo.com/news/ciphertrace-announces-enhanced-monero-tracing-160000275.html) enhanced Monero tracing capabilities for government agencies. Public postings show that the US Department of the Treasury's Financial Crimes Enforcement Network [licensed](https://sam.gov/opp/d12cbe9afbb94ca68006d0f006d355ac/view) CipherTrace's "Monero Module" in late 2022. + +Monero transaction graph privacy is limited by its relatively small ring signatures, especially against targeted attacks. Monero's privacy features have also been [called into question](https://web.archive.org/web/20180331203053/https://www.wired.com/story/monero-privacy/) by some security researchers, and a number of severe vulnerabilities have been found and patched in the past, so the claims made by organizations like CipherTrace are not out of the question. While it's unlikely that Monero mass surveillance tools exist like they do for Bitcoin and others, it's certain that tracing tools assist with targeted investigations. + +Ultimately, Monero is the strongest contender for a privacy-friendly cryptocurrency, but its privacy claims have **not** been definitively proven one way or the other. More time and research is needed to assess whether Monero is resilient enough to attacks to always provide adequate privacy. + +## Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Cryptocurrency must provide private/untraceable transactions by default. diff --git a/i18n/zh/data-redaction.md b/i18n/zh/data-redaction.md index 23558533..c183901f 100644 --- a/i18n/zh/data-redaction.md +++ b/i18n/zh/data-redaction.md @@ -1,6 +1,7 @@ --- title: "日历/联系人同步" icon: material/tag-remove +description: Use these tools to remove metadata like GPS location and other identifying information from photos and files you share. --- 共享文件时,请务必删除关联的元数据。 图像文件通常包括 [Exif](https://en.wikipedia.org/wiki/Exif) 数据。 照片有时甚至包括文件元数据中的GPS坐标。 @@ -142,5 +143,3 @@ icon: material/tag-remove - 为开源操作系统开发的应用程序必须是开源的。 - 应用程序必须是免费的,不应包括广告或其他限制。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/desktop-browsers.md b/i18n/zh/desktop-browsers.md index 5fb4406c..ed56b49c 100644 --- a/i18n/zh/desktop-browsers.md +++ b/i18n/zh/desktop-browsers.md @@ -1,6 +1,7 @@ --- title: "电脑浏览器" icon: material/laptop +description: Firefox and Brave are our recommendations for standard/non-anonymous browsing. --- 这些是我们目前推荐的用于标准/非匿名浏览的桌面网络浏览器和配置。 如果您需要匿名浏览互联网,则应使用 [Tor](tor.md) 。 一般来说,我们建议尽量减少你的浏览器扩展;它们在你的浏览器内有特权访问,需要你信任开发者,可以使你 [,突出](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint),并且 [,削弱](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) 网站隔离。 @@ -304,8 +305,6 @@ Our best-case criteria represents what we would like to see from the perfect pro - 不得复制内置浏览器或操作系统的功能。 - 必须直接影响用户隐私,即不能简单地提供信息。 ---8<-- "includes/abbreviations.zh.txt" - [^1]: diff --git a/i18n/zh/desktop.md b/i18n/zh/desktop.md index a134bf4b..7b1d9b31 100644 --- a/i18n/zh/desktop.md +++ b/i18n/zh/desktop.md @@ -1,6 +1,7 @@ --- title: "Android 应用" icon: simple/linux +description: 由于隐私保护和软件自由,Linux发行版被普遍推荐。 --- 由于隐私保护和软件自由,Linux发行版被普遍推荐。 如果你还没有使用Linux,下面是我们建议尝试的一些发行版,以及一些适用于许多Linux发行版的一般隐私和安全改进提示。 @@ -180,5 +181,3 @@ Qubes OS操作系统通过将子系统(如网络、USB等)和应用程序隔 - 在安装过程中必须支持全盘加密。 - 不得将定期发布的信息冻结1年以上。 我们 [,不建议将](os/linux-overview.md#release-cycle) "长期支持 "或 "稳定 "的发行版用于桌面使用。 - 必须支持各种各样的硬件。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/dns.md b/i18n/zh/dns.md index 6ccf6848..5f63c24d 100644 --- a/i18n/zh/dns.md +++ b/i18n/zh/dns.md @@ -1,142 +1,139 @@ --- -title: "DNS Resolvers" +title: "DNS解析器" icon: material/dns +description: These are some encrypted DNS providers we recommend switching to, to replace your ISP's default configuration. --- -!!! question "Should I use encrypted DNS?" +Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. 加密的DNS不会帮助你隐藏任何浏览活动。 - Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity. - - [Learn more about DNS](advanced/dns-overview.md){ .md-button } +[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md ""){.md-button} ## 推荐的供应商 -| DNS Provider | Privacy Policy | Protocols | Logging | ECS | Filtering | -| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------ | -| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
    DoH/3
    DoT
    DNSCrypt | Some[^1] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | -| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
    DoH/3
    DoT | Some[^2] | No | Based on server choice. | -| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
    DoH/3
    DoT
    DoQ | Optional[^3] | No | Based on server choice. | -| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
    DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | -| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
    DoH/3
    DoT | Optional[^5] | Optional | Based on server choice. | -| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
    DoH
    DoT
    DNSCrypt | Some[^6] | Optional | Based on server choice, Malware blocking by default. | +| DNS供应商 | 隐私政策 | 协议 | 日志记录 | ECS | 筛选 | +| ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------- | ------ | --- | ----------------------------------------------------------------------------------------------------- | +| [**AdGuard**](https://adguard.com/en/adguard-dns/overview.html) | [:octicons-link-external-24:](https://adguard.com/en/privacy/dns.html) | Cleartext
    DoH/3
    DoT
    DNSCrypt | 一些[^1] | No | 基于服务器的选择。 正在使用的过滤器列表可以在这里找到。 [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | +| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/) | [:octicons-link-external-24:](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) | Cleartext
    DoH/3
    DoT | 一些[^2] | No | 基于服务器的选择。 | +| [**Control D**](https://controld.com/free-dns) | [:octicons-link-external-24:](https://controld.com/privacy) | Cleartext
    DoH/3
    DoT
    DoQ | 可选[^3] | No | 基于服务器的选择。 | +| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | [:octicons-link-external-24:](https://mullvad.net/en/help/no-logging-data-policy/) | DoH
    DoT | No[^4] | No | 基于服务器的选择。 正在使用的过滤器列表可以在这里找到。 [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | +| [**NextDNS**](https://www.nextdns.io) | [:octicons-link-external-24:](https://www.nextdns.io/privacy) | Cleartext
    DoH/3
    DoT | 可选[^5] | 可选 | 基于服务器的选择。 | +| [**Quad9**](https://quad9.net) | [:octicons-link-external-24:](https://quad9.net/privacy/policy/) | Cleartext
    DoH
    DoT
    DNSCrypt | 一些[^6] | 可选 | 基于服务器的选择,默认为恶意软件拦截。 | -## Criteria +## 标准 -**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. +**请注意,我们与我们推荐的任何项目都没有关系。** 除了 [我们的标准标准](about/criteria.md),我们还制定了一套明确的要求,使我们能够提供客观的建议。 我们建议你在选择使用一个项目之前熟悉这个清单,并进行自己的研究以确保它是你的正确选择。 -!!! example "This section is new" +!!! 例如 "本节是新的" - We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + 我们正在努力为我们网站的每个部分建立确定的标准,这可能会有变化。 如果你对我们的标准有任何疑问,请[在我们的论坛上提问](https://discuss.privacyguides.net/latest),如果这里没有列出,不要以为我们在做推荐时没有考虑到什么。 当我们推荐一个项目时,有许多因素被考虑和讨论,而记录每一个因素是一项正在进行的工作。 -- Must support [DNSSEC](advanced/dns-overview.md#what-is-dnssec). -- [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization). -- Allow for [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) to be disabled. -- Prefer [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) support or geo-steering support. +- 必须支持 [DNSSEC](advanced/dns-overview.md#what-is-dnssec)。 +- [QNAME最小化](advanced/dns-overview.md#what-is-qname-minimization). +- 允许 [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) 被禁用。 +- 倾向于 [anycast](https://en.wikipedia.org/wiki/Anycast#Addressing_methods) 支持或地理转向支持。 -## Native Operating System Support +## 本地操作系统支持 ### 安卓 -Android 9 and above support DNS over TLS. The settings can be found in: **Settings** → **Network & Internet** → **Private DNS**. +安卓9及以上系统支持通过TLS的DNS。 这些设置可以在下面找到。 **设置** → **网络 & 互联网** → **私人DNS**。 -### Apple Devices +### 苹果设备 -The latest versions of iOS, iPadOS, tvOS, and macOS, support both DoT and DoH. Both protocols are supported natively via [configuration profiles](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) or through the [DNS Settings API](https://developer.apple.com/documentation/networkextension/dns_settings). +最新版本的iOS、iPadOS、tvOS和macOS,同时支持DoT和DoH。 通过 [配置文件](https://support.apple.com/guide/security/configuration-profile-enforcement-secf6fb9f053/web) ,或通过 [DNS设置API](https://developer.apple.com/documentation/networkextension/dns_settings),这两种协议都得到了本地支持。 -After installation of either a configuration profile or an app that uses the DNS Settings API, the DNS configuration can be selected. If a VPN is active, resolution within the VPN tunnel will use the VPN's DNS settings and not your system-wide settings. +在安装配置文件或使用DNS设置API的应用程序后,可以选择DNS配置。 如果VPN处于激活状态,在VPN隧道内的解析将使用VPN的DNS设置,而不是你整个系统的设置。 -#### Signed Profiles +#### 已签名的配置文件 -Apple does not provide a native interface for creating encrypted DNS profiles. [Secure DNS profile creator](https://dns.notjakob.com/tool.html) is an unofficial tool for creating your own encrypted DNS profiles, however they will not be signed. Signed profiles are preferred; signing validates a profile's origin and helps to ensure the integrity of the profiles. A green "Verified" label is given to signed configuration profiles. For more information on code signing, see [About Code Signing](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html). **Signed profiles** are offered by [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html), [NextDNS](https://apple.nextdns.io), and [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/). +苹果公司没有为创建加密的DNS配置文件提供本地接口。 [安全DNS配置文件创建者](https://dns.notjakob.com/tool.html) 是一个非官方的工具,用于创建你自己的加密DNS配置文件,然而它们将不会被签署。 签名的档案是首选;签名验证了档案的来源,有助于确保档案的完整性。 绿色的 "已验证 "标签被赋予已签署的配置文件。 关于代码签名的更多信息,见 [关于代码签名](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html)。 ** [AdGuard](https://adguard.com/en/blog/encrypted-dns-ios-14.html)、 [NextDNS](https://apple.nextdns.io)和 [Quad9](https://www.quad9.net/news/blog/ios-mobile-provisioning-profiles/)提供了签名的配置文件**。 -!!! info +!!! 信息 - `systemd-resolved`, which many Linux distributions use to do their DNS lookups, doesn't yet [support DoH](https://github.com/systemd/systemd/issues/8639). If you want to use DoH, you'll need to install a proxy like [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) and [configure it](https://wiki.archlinux.org/title/Dnscrypt-proxy) to take all the DNS queries from your system resolver and forward them over HTTPS. + `systemd-resolved`,许多Linux发行版使用它来进行DNS查询,但还不[支持DoH](https://github.com/systemd/systemd/issues/8639)。 如果你想使用DoH,你需要安装一个代理,如 [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy)和[配置它](https://wiki.archlinux.org/title/Dnscrypt-proxy),从你的系统解析器接收所有的DNS查询并通过HTTPS转发。 -## Encrypted DNS Proxies +## 加密DNS代理 -Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns). +加密的DNS代理软件为 [未加密的DNS](advanced/dns-overview.md#unencrypted-dns) 解析器提供一个本地代理转发。 通常情况下,它被用于那些不支持 [加密DNS的平台](advanced/dns-overview.md#what-is-encrypted-dns)。 ### RethinkDNS !!! recommendation ![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right } - ![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right } + ![RethinkDNS标志](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right } - **RethinkDNS** is an open-source Android client supporting [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy along with caching DNS responses, locally logging DNS queries and can be used as a firewall too. + **RethinkDNS**是一个开源的Android客户端,支持 [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh)、 [DNS-over-TLS](advanced/dns-overview.md#dns-over-tls-dot)、 [DNSCrypt](advanced/dns-overview.md#dnscrypt)和DNS Proxy,同时还可以缓存DNS响应,本地记录DNS查询,也可以作为防火墙使用。 - [:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary } - [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="Source Code" } + [:octicons-home-16: 主页](https://rethinkdns.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="隐私政策" } + [:octicons-info-16:](https://docs.rethinkdns.com/){ .card-link title=文档} + [:octicons-code-16:](https://github.com/celzero/rethink-app){ .card-link title="源代码" } - ??? downloads + ??? 下载 - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.celzero.bravedns) - [:simple-github: GitHub](https://github.com/celzero/rethink-app/releases) -### dnscrypt-proxy +### dnscrypt-代理 !!! recommendation - ![dnscrypt-proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right } + ![dnscrypt-proxy标志](assets/img/dns/dnscrypt-proxy.svg) { align=right } - **dnscrypt-proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS). + **dnscrypt-proxy**是一个DNS代理,支持 [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DNS-over-HTTPS](advanced/dns-overview.md#dns-over-https-doh),以及[Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS)。 - !!! warning "The anonymized DNS feature does [**not**](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic." + !!! 警告 "匿名DNS功能不会[***](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns)匿名化其他网络流量。" [:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy){ .md-button .md-button--primary } [:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/DNSCrypt/dnscrypt-proxy){ .card-link title="Source Code" } - [:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title=Contribute } + [:octicons-heart-16:](https://opencollective.com/dnscrypt/contribute){ .card-link title="贡献" } - ??? downloads + ??? 下载 - [:simple-windows11: Windows](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-Windows) - [:simple-apple: macOS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-macOS) - [:simple-linux: Linux](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux) -## Self-hosted Solutions +## 自我托管的解决方案 -A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed. +自我托管的DNS解决方案对于在智能电视和其他物联网设备等受控平台上提供过滤非常有用,因为不需要客户端软件。 ### AdGuard Home !!! recommendation - ![AdGuard Home logo](assets/img/dns/adguard-home.svg){ align=right } + ![AdGuard Home标识](assets/img/dns/adguard-home.svg){ align=right } - **AdGuard Home** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements. + **AdGuard Home**是一个开源的 [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole),它使用[DNS过滤](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/)来阻止不需要的网络内容,如广告。 - AdGuard Home features a polished web interface to view insights and manage blocked content. + AdGuard Home有一个精致的网络界面,可以查看洞察力和管理被阻止的内容。 - [:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } - [:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" } + [:octicons-home-16: 主页](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary } + [:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="隐私政策" } + [:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=文档} + [:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="源代码" } ### Pi-hole !!! recommendation - ![Pi-hole logo](assets/img/dns/pi-hole.svg){ align=right } + ! [Pi-hole标志](assets/img/dns/pi-hole.svg){ align=right } - **Pi-hole** is an open-source [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/) to block unwanted web content, such as advertisements. + **Pi-hole**是一个开源的 [DNS-sinkhole](https://wikipedia.org/wiki/DNS_sinkhole),它使用[DNS过滤](https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/)来阻止不需要的网络内容,如广告。 - Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content. + Pi-hole被设计为在Raspberry Pi上托管,但它并不局限于这种硬件。 该软件具有一个友好的网络界面,可以查看洞察力和管理封锁的内容。 - [:octicons-home-16: Homepage](https://pi-hole.net/){ .md-button .md-button--primary } - [:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" } - [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute } + [:octicons-home-16: 主页](https://pi-hole.net/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://pi-hole.net/privacy/){ .card-link title="隐私政策" } + [:octicons-info-16:](https://docs.pi-hole.net/){ .card-link title=文档} + [:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="源代码" } + [:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title="贡献" } ---8<-- "includes/abbreviations.zh.txt" - -[^1]: AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested in within last 24 hours. "We need this information to identify and block new trackers and threats." "We also log how many times this or that tracker has been blocked. We need this information to remove outdated rules from our filters." [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) -[^2]: Cloudflare collects and stores only the limited DNS query data that is sent to the 1.1.1.1 resolver. The 1.1.1.1 resolver service does not log personal data, and the bulk of the limited non-personally identifiable query data is stored only for 25 hours. [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) -[^3]: Control D only logs for Premium resolvers with custom DNS profiles. Free resolvers do not log data. [https://controld.com/privacy](https://controld.com/privacy) -[^4]: Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way. [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/) -[^5]: NextDNS can provide insights and logging features on an opt-in basis. You can choose retention times and log storage locations for any logs you choose to keep. If it's not specifically requested, no data is logged. [https://nextdns.io/privacy](https://nextdns.io/privacy) -[^6]: Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared, such as for the purpose of security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable. [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/) +[^1]: AdGuard存储其DNS服务器的汇总性能指标,即对特定服务器的完整请求数、被阻止的请求数和处理请求的速度。 他们还保留并存储了过去24小时内请求的域名数据库。 "我们需要这些信息来识别和阻止新的追踪者和威胁。" "我们还记录了这个或那个追踪器被封锁的次数。 我们需要这些信息来从我们的过滤器中删除过时的规则"。 [https://adguard.com/en/privacy/dns.html](https://adguard.com/en/privacy/dns.html) +[^2]: Cloudflare只收集和存储发送到1.1.1.1解析器的有限DNS查询数据。 1.1.1.1解析器服务不记录个人数据,而且大部分有限的非个人识别的查询数据只存储25小时。 [https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/) +[^3]: Control D只记录具有自定义DNS配置文件的高级解析器。 自由解析器不记录数据。 [https://controld.com/privacy](https://controld.com/privacy) +[^4]: Mullvad的DNS服务对Mullvad VPN的订阅者和非订阅者都适用。 他们的隐私政策明确声称他们不会以任何方式记录DNS请求。 [https://mullvad.net/en/help/no-logging-data-policy/](https://mullvad.net/en/help/no-logging-data-policy/) +[^5]: NextDNS可以在选择加入的基础上提供见解和日志记录功能。 你可以为你选择保留的任何日志选择保留时间和日志存储位置。 如果没有特别要求,就不记录数据。 [https://nextdns.io/privacy](https://nextdns.io/privacy) +[^6]: Quad9收集了一些数据,用于威胁监测和应对。 然后,这些数据可能被重新混合和共享,例如为了安全研究的目的。 Quad9不会收集或记录IP地址或其他他们认为可以识别个人身份的数据。 [https://www.quad9.net/privacy/policy/](https://www.quad9.net/privacy/policy/) diff --git a/i18n/zh/email-clients.md b/i18n/zh/email-clients.md index ff15c7d1..3b1b7cd1 100644 --- a/i18n/zh/email-clients.md +++ b/i18n/zh/email-clients.md @@ -1,6 +1,7 @@ --- title: "笔记" icon: material/email-open +description: These email clients are privacy-respecting and support OpenPGP email encryption. --- Our recommendation list contains email clients that support both [OpenPGP](encryption.md#openpgp) and strong authentication such as [Open Authorization (OAuth)](https://en.wikipedia.org/wiki/OAuth). OAuth allows you to use [Multi-Factor Authentication](basics/multi-factor-authentication.md) and prevent account theft. @@ -235,5 +236,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should not collect any telemetry by default. - Should support OpenPGP natively, i.e. without extensions. - Should support storing OpenPGP encrypted emails locally. - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/email.md b/i18n/zh/email.md index f48f1620..97fe7991 100644 --- a/i18n/zh/email.md +++ b/i18n/zh/email.md @@ -1,143 +1,167 @@ --- title: "Email Services" icon: material/email +description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers. --- -Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy. +电子邮件实际上是使用任何在线服务的必需品,但我们不建议使用它进行人与人之间的对话。 与其使用电子邮件与他人联系,不如考虑使用支持前向保密的即时通讯媒介。 -[Recommended Instant Messengers](real-time-communication.md ""){.md-button} +[推荐的即时通讯工具](real-time-communication.md ""){.md-button} -For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features. +对于其他一切,我们根据可持续的商业模式和内置的安全和隐私功能,推荐各种电子邮件供应商。 -## OpenPGP Compatible Services +- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services) +- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers) +- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services) +- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email) -These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it. +## OpenPGP 兼容服务 -!!! 推荐 +These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. 例如,Proton Mail用户可以向Mailbox.org用户发送E2EE信息,或者你可以从支持OpenPGP的互联网服务中收到OpenPGP加密的通知。 - When using E2EE technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about [email metadata](basics/email-security.md#email-metadata-overview). +
    + +- ![Proton Mail logo](assets/img/email/protonmail.svg){ .twemoji } [Proton Mail](email.md#proton-mail) +- ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ .twemoji } [Mailbox.org](email.md#mailboxorg) + +
    + +!!! 警告 + + 当使用像OpenPGP这样的E2EE技术时,电子邮件仍然会有一些元数据没有在电子邮件的标题中进行加密。 阅读更多关于[电子邮件元数据](basics/email-security.md#email-metadata-overview)。 - OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys) + OpenPGP也不支持转发保密,这意味着如果你或收件人的私钥被盗,所有以前用它加密的信息都会暴露。 [如何保护我的私钥?](basics/email-security.md#how-do-i-protect-my-private-keys) ### Proton Mail !!! recommendation - ![Proton Mail logo](assets/img/email/protonmail.svg){ align=right } + ! [Proton Mail徽标] (assets/img/email/protonmail.svg) {align = right} - **Proton Mail** is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since **2013**. Proton AG is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan. + * * Proton Mail * *是一项专注于隐私、加密、安全性和易用性的电子邮件服务。 他们自**2013年**以来一直在运作。 Proton公司总部位于瑞士日内瓦。 他们的免费计划中,账户一开始开始有500MB的存储空间。 - [:octicons-home-16: Homepage](https://proton.me/mail){ .md-button .md-button--primary } - [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="Onion Service" } - [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://proton.me/support/mail){ .card-link title=Documentation} - [:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="Source Code" } + [:octicons-home-16: 首页](https://proton.me/mail){ .md-button .md-button--primary } + [:simple-torbrowser:](https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion){ .card-link title="洋葱服务" } + [:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="隐私政策" } + [:octicons-info-16:](https://proton.me/support/mail){ .card-link title="文档"} + [:octicons-code-16:](https://github.com/ProtonMail){ .card-link title="源代码" } - ??? downloads + ??? 下载 - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail.android) + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=ch.protonmail)。 ndroid) - [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id979659905) - - [:simple-github: GitHub](https://github.com/ProtonMail/proton-mail-android/releases) + - [:simple-github: GitHub](https://github. om/ProtonMail/proton-mail-android/releases) - [:simple-windows11: Windows](https://proton.me/mail/bridge#download) - - [:simple-apple: macOS](https://proton.me/mail/bridge#download) + - [:simple-apple: macOS](https://proton. e/mail/bridge#download) - [:simple-linux: Linux](https://proton.me/mail/bridge#download) - [:octicons-browser-16: Web](https://mail.proton.me) -Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g. Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com). +免费账户有一些限制,如不能搜索正文,不能访问 [Proton Mail Bridge](https://proton.me/mail/bridge),这是使用 [推荐的桌面电子邮件客户端](email-clients.md) (如Thunderbird)所需要的。 付费帐户包括Proton Mail Bridge等功能,额外的存储空间和自定义域支持。 2021年11月9日, [Securitum](https://research.securitum.com),为Proton Mail的应用程序提供了一份 [的证明信](https://proton.me/blog/security-audit-all-proton-apps)。 -If you have the Proton Unlimited, Business, or Visionary Plan, you also get [SimpleLogin](#simplelogin) Premium for free. +如果你有 "Proton Unlimited"、" Business "或 "Visionary "计划,你还可以免费获得 [SimpleLogin](#simplelogin) Premium。 -Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**. + Proton Mail有内部碰撞报告,他们 **,不与第三方分享。 这可以在以下方面禁用。 **设置** > **转到设置** > **帐户** > **安全和隐私** > **发送崩溃报告**。

    -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. +Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain. -??? success "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments. +Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. +Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. 目前还不支持使用U2F安全密钥。 Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you. - - Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon. +Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). 使用零访问加密的数据只有你才能访问。 -??? success "Email Encryption" +Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. 支持零访问加密的联系人字段,如电话号码,会用挂锁图标表示。 - Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - - Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. 给其他Proton Mail账户的邮件是自动加密的,用OpenPGP密钥给非Proton Mail地址加密可以在账户设置中轻松启用。 They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP. - Proton Mail doesn't offer a digital legacy feature. +Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). 这使得不使用Proton Mail的人可以轻松找到Proton Mail账户的OpenPGP密钥,实现跨供应商的E2EE。 -??? info "Account Termination" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period. +Proton Mail不提供数字遗留功能。 -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage. +If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. 30天后,你的账户将成为欠费账户,不会收到来信。 在此期间,您将继续收到账单。 + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Proton Mail提供9.99欧元/月的 "无限 "账户,除了提供多个账户、域名、别名和500GB的存储空间外,还能访问Proton VPN。 ### Mailbox.org !!! recommendation - ![Mailbox.org logo](assets/img/email/mailboxorg.svg){ align=right } + ![Mailbox.org标志](assets/img/email/mailboxorg.svg){ align=right } - **Mailbox.org** is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with 2 GB of storage, which can be upgraded as needed. + **Mailbox.org**是一个专注于安全、无广告、并由100%环保能源私人提供的电子邮件服务。 他们自2014年以来一直在运作。 Mailbox.org总部位于德国柏林。 账户开始时有2GB的存储空间,可根据需要升级。 - [:octicons-home-16: Homepage](https://mailbox.org){ .md-button .md-button--primary } - [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="Privacy Policy" } - [:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title=Documentation} + [:octicons-home-16: 首页](https://mailbox.org){ .md-button .md-button--primary } + [:octicons-eye-16:](https://mailbox.org/en/data-protection-privacy-policy){ .card-link title="隐私政策" } + [:octicons-info-16:](https://kb.mailbox.org/en/private){ .card-link title="文件"} - ??? downloads + ?? 下载 - [:octicons-browser-16: Web](https://login.mailbox.org) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. +Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain. -??? info "Private Payment Methods" +#### :material-check:{ .pg-green } Private Payment Methods - Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung. +Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. 然而,他们确实接受邮寄现金、向银行账户支付现金、银行转账、信用卡、贝宝和几个德国特有的处理器:Paydirekt和Sofortüberweisung。 -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. +Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. - - However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. +Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key. -??? success "Email Encryption" +However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information. - Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - - Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. +#### :material-check:{ .pg-green } Email Encryption -??? success "Digital Legacy" +Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox. - Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. +Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE. -??? info "Account Termination" +#### :material-check:{ .pg-green } Digital Legacy - Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). +Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Account Termination - You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. - - All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. +Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors. + +All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3. + +## More Providers + +These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. + +
    + +- ![StartMail logo](assets/img/email/startmail.svg#only-light){ .twemoji }![StartMail logo](assets/img/email/startmail-dark.svg#only-dark){ .twemoji } [StartMail](email.md#startmail) +- ![Tutanota logo](assets/img/email/tutanota.svg){ .twemoji } [Tutanota](email.md#tutanota) + +
    ### StartMail @@ -156,43 +180,39 @@ Proton Mail has internal crash reports that they **do not** share with third par - [:octicons-browser-16: Web](https://mail.startmail.com/login) -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. +Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available. -??? warning "Private Payment Methods" +#### :material-alert-outline:{ .pg-orange } Private Payment Methods - StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. +StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. +StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication. -??? info "Data Security" +#### :material-information-outline:{ .pg-blue } Data Security - StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. - - StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. +StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key. -??? success "Email Encryption" +StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption. - StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. +#### :material-check:{ .pg-green } Email Encryption -??? warning "Digital Legacy" +StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients. - StartMail does not offer a digital legacy feature. +#### :material-alert-outline:{ .pg-orange } Digital Legacy -??? info "Account Termination" +StartMail does not offer a digital legacy feature. - On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). +#### :material-information-outline:{ .pg-blue } Account Termination -??? info "Additional Functionality" +On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration). - StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. +#### :material-information-outline:{ .pg-blue } Additional Functionality -## More Providers - -These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers. +StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is. ### Tutanota @@ -220,44 +240,51 @@ These providers store your emails with zero-knowledge encryption, making them gr Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders. -??? success "Custom Domains and Aliases" +#### :material-check:{ .pg-green } Custom Domains and Aliases - Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. +Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain. -??? warning "Private Payment Methods" +#### :material-information-outline:{ .pg-blue } Private Payment Methods - Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. +Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore. -??? success "Account Security" +#### :material-check:{ .pg-green } Account Security - Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. +Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F. -??? success "Data Security" +#### :material-check:{ .pg-green } Data Security - Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. +Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you. -??? warning "Email Encryption" +#### :material-information-outline:{ .pg-blue } Email Encryption - Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). +Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external). -??? warning "Digital Legacy" +#### :material-alert-outline:{ .pg-orange } Digital Legacy - Tutanota doesn't offer a digital legacy feature. +Tutanota doesn't offer a digital legacy feature. -??? info "Account Termination" +#### :material-information-outline:{ .pg-blue } Account Termination - Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. +Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay. -??? info "Additional Functionality" +#### :material-information-outline:{ .pg-blue } Additional Functionality - Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. - - Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. +Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount. + +Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y. ## Email Aliasing Services An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address. +
    + +- ![mailcow logo](assets/img/email/mailcow.svg){ .twemoji } [mailcow](email.md#self-hosting-email) +- ![Mail-in-a-Box logo](assets/img/email/mail-in-a-box.svg){ .twemoji } [Mail-in-a-Box](email.md#self-hosting-email) + +
    + Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning. Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain: @@ -411,7 +438,7 @@ We prefer our recommended providers to collect as little data as possible. **Best Case:** -- Accepts Bitcoin, cash, and other forms of cryptocurrency and/or anonymous payment options (gift cards, etc.) +- Accepts [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.) ### 安全性 @@ -428,7 +455,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records. - Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records. - Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`. -- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/). +- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/). - [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used. - Website security standards such as: - [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) @@ -443,7 +470,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w - Bug-bounty programs and/or a coordinated vulnerability-disclosure process. - Website security standards such as: - [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) - - [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct) + - [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/) ### Trust @@ -481,5 +508,3 @@ Must not have any marketing which is irresponsible: ### Additional Functionality While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend. - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/encryption.md b/i18n/zh/encryption.md index f09d2d61..3774d182 100644 --- a/i18n/zh/encryption.md +++ b/i18n/zh/encryption.md @@ -1,6 +1,7 @@ --- title: "加密软件" icon: material/file-lock +description: 对数据进行加密是控制谁能访问数据的唯一方法。 These tools allow you to encrypt your emails and any other files. --- 对数据进行加密是控制谁能访问数据的唯一方法。 如果你目前没有对你的硬盘、电子邮件或文件使用加密软件,你应该在这里挑选一个选项。 @@ -353,5 +354,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Operating System (FDE) encryption apps should utilize hardware security such as a TPM or Secure Enclave. - File encryption apps should have first- or third-party support for mobile platforms. - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/file-sharing.md b/i18n/zh/file-sharing.md index 8e33d4fb..bae918b2 100644 --- a/i18n/zh/file-sharing.md +++ b/i18n/zh/file-sharing.md @@ -1,6 +1,7 @@ --- title: "加密软件" icon: material/share-variant +description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online. --- Discover how to privately share your files between your devices, with your friends and family, or anonymously online. @@ -144,5 +145,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Has mobile clients for iOS and Android, which at least support document previews. - Supports photo backup from iOS and Android, and optionally supports file/folder sync on Android. - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/financial-services.md b/i18n/zh/financial-services.md new file mode 100644 index 00000000..480c924c --- /dev/null +++ b/i18n/zh/financial-services.md @@ -0,0 +1,94 @@ +--- +title: Financial Services +icon: material/bank +--- + +Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases: + +[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md ""){.md-button} + +## Payment Masking Services + +There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously. + +!!! tip "Check your current bank" + + Many banks and credit card providers offer native virtual card functionality. If you use one which provides this option already, you should use it over the following recommendations in most cases. That way you are not trusting multiple parties with your personal information. + +### Privacy.com (US) + +!!! recommendation + + ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ align=right } + ![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ align=right } + + **Privacy.com**'s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank. + + [:octicons-home-16: Homepage](https://privacy.com){ .md-button .md-button--primary } + [:octicons-eye-16:](https://privacy.com/privacy-policy){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.privacy.com/hc/en-us){ .card-link title=Documentation} + +Privacy.com gives information about the merchants you purchase from to your bank by default. Their paid "discreet merchants" feature hides merchant information from your bank, so your bank only sees that a purchase was made with Privacy.com but not where that money was spent, however that is not foolproof, and of course Privacy.com still has knowledge about the merchants you are spending money with. + +### MySudo (US, Paid) + +!!! recommendation + + ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ align=right } + ![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ align=right } + + **MySudo** provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although we typically recommend other [email aliasing providers](email.md) for extensive email aliasing use. + + [:octicons-home-16: Homepage](https://mysudo.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://anonyome.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://support.mysudo.com/hc/en-us){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Allows the creation of multiple cards which function as a shield between the merchant and your personal finances. +- Cards must not require you to provide accurate billing address information to the merchant. + +## Gift Card Marketplaces + +These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, and significantly higher limits for ID verified accounts (if offered). + +### Cake Pay + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/cakepay.svg){ align=right } + + **Cake Pay** allows you to purchase gift cards and related products with Monero. Purchases for USA merchants are available in the Cake Wallet mobile app, while the Cake Pay web app includes a broad selection of global merchants. + + [:octicons-home-16: Homepage](https://cakepay.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://ionia.docsend.com/view/jhjvdn7qq7k3ukwt){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://guides.cakewallet.com/){ .card-link title=Documentation} + +### CoinCards + +!!! recommendation + + ![CakePay logo](assets/img/financial-services/coincards.svg){ align=right } + + **CoinCards** (available in the US, Canada, and UK) allows you to purchase gift cards for a large variety of merchants. + + [:octicons-home-16: Homepage](https://coincards.com/){ .md-button .md-button--primary } + [:octicons-eye-16:](https://coincards.com/privacy-policy/){ .card-link title="Privacy Policy" } + [:octicons-info-16:](https://coincards.com/frequently-asked-questions/){ .card-link title=Documentation} + +### Criteria + +**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you. + +!!! example "This section is new" + + We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. + +- Accepts payment in [a recommended cryptocurrency](cryptocurrency.md). +- No ID requirement. diff --git a/i18n/zh/frontends.md b/i18n/zh/frontends.md index 6c011b13..118fa943 100644 --- a/i18n/zh/frontends.md +++ b/i18n/zh/frontends.md @@ -1,6 +1,7 @@ --- title: "文件共享" icon: material/flip-to-front +description: These open-source frontends for various internet services allow you to access content without JavaScript or other annoyances. --- 有时,一些服务会用烦人的弹窗阻止你访问内容,以此来强迫你注册账户。 此时如果停用JavaScript网站也会崩溃。 这些前端应用可以帮助你绕过这些限制。 @@ -264,5 +265,3 @@ When you are using a Piped instance, make sure to read the privacy policy of tha We only consider frontends for websites which are... - 不启用Javascript就不能正常访问。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/index.md b/i18n/zh/index.md index ef22d9b8..458801ab 100644 --- a/i18n/zh/index.md +++ b/i18n/zh/index.md @@ -3,7 +3,7 @@ template: overrides/home.zh.html hide: - navigation - toc - - feedback + - 反馈 --- @@ -40,5 +40,3 @@ Trying to protect all your data from everyone all the time is impractical, expen [:material-hand-coin-outline:](about/donate.md){ title="Support the project" } It's important for a website like Privacy Guides to always stay up-to-date. We need our audience to keep an eye on software updates for the applications listed on our site and follow recent news about providers that we recommend. It's hard to keep up with the fast pace of the internet, but we try our best. If you spot an error, think a provider should not be listed, notice a qualified provider is missing, believe a browser plugin is no longer the best choice, or uncover any other issue, please let us know. - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/kb-archive.md b/i18n/zh/kb-archive.md index d438962f..92daee33 100644 --- a/i18n/zh/kb-archive.md +++ b/i18n/zh/kb-archive.md @@ -1,6 +1,7 @@ --- title: KB Archive icon: material/archive +description: Some pages that used to be in our knowledge base can now be found on our blog. --- # Pages Moved to Blog @@ -14,5 +15,3 @@ Some pages that used to be in our knowledge base can now be found on our blog: - [Secure Data Erasure](https://blog.privacyguides.org/2022/05/25/secure-data-erasure/) - [Integrating Metadata Removal](https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/) - [iOS Configuration Guide](https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/) - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/meta/brand.md b/i18n/zh/meta/brand.md index 65d9e40d..53cb9ac4 100644 --- a/i18n/zh/meta/brand.md +++ b/i18n/zh/meta/brand.md @@ -20,5 +20,3 @@ Additional branding guidelines can be found at [github.com/privacyguides/brand]( "Privacy Guides" and the shield logo are trademarks owned by Jonah Aragon, unlimited usage is granted to the Privacy Guides project. Without waiving any of its rights, Privacy Guides does not advise others on the scope of its intellectual property rights. Privacy Guides does not permit or consent to any use of its trademarks in any manner that is likely to cause confusion by implying association with or sponsorship by Privacy Guides. If you are aware of any such use, please contact Jonah Aragon at jonah@privacyguides.org. Consult your legal counsel if you have questions. - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/meta/git-recommendations.md b/i18n/zh/meta/git-recommendations.md index e358e9e3..f59b5f81 100644 --- a/i18n/zh/meta/git-recommendations.md +++ b/i18n/zh/meta/git-recommendations.md @@ -44,5 +44,3 @@ If you are working on your own branch, run these commands before submitting a PR git fetch origin git rebase origin/main ``` - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/meta/uploading-images.md b/i18n/zh/meta/uploading-images.md index 1cbc2e8a..55f136f8 100644 --- a/i18n/zh/meta/uploading-images.md +++ b/i18n/zh/meta/uploading-images.md @@ -87,5 +87,3 @@ scour --set-precision=5 \ --protect-ids-noninkscape \ input.svg output.svg ``` - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/meta/writing-style.md b/i18n/zh/meta/writing-style.md index 1df07592..b9e47a71 100644 --- a/i18n/zh/meta/writing-style.md +++ b/i18n/zh/meta/writing-style.md @@ -85,5 +85,3 @@ Source: [plainlanguage.gov](https://www.plainlanguage.gov/guidelines/conversatio > - “must not” for a prohibition > - “may” for a discretionary action > - “should” for a recommendation - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/mobile-browsers.md b/i18n/zh/mobile-browsers.md index 1ef220c8..4c1e9498 100644 --- a/i18n/zh/mobile-browsers.md +++ b/i18n/zh/mobile-browsers.md @@ -1,6 +1,7 @@ --- title: "移动浏览器" icon: material/cellphone-information +description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone. --- 这些是我们当前推荐的移动网络浏览器以及标准/非匿名互联网浏览的配置。 如果您需要匿名浏览互联网,则应使用 [Tor](tor.md) 。 一般来说,我们建议将扩展程序保持在最低限度;它们在您的浏览器中具有特权访问权限,要求您信任开发人员,可以使您 [突出](https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint), [弱化](https://groups.google.com/a/chromium.org/g/chromium-extensions/c/0ei-UCHNm34/m/lDaXwQhzBAAJ) 站点隔离。 @@ -189,5 +190,3 @@ Additional filter lists do slow things down and may increase your attack surface - 不得复制内置浏览器或操作系统的功能。 - 必须直接影响用户隐私,即不能简单地提供信息。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/multi-factor-authentication.md b/i18n/zh/multi-factor-authentication.md index 3592d209..f10c9029 100644 --- a/i18n/zh/multi-factor-authentication.md +++ b/i18n/zh/multi-factor-authentication.md @@ -1,6 +1,7 @@ --- title: "Multi-Factor Authenticators" icon: '资料/双因认证' +description: These tools assist you with securing your internet accounts with Multi-Factor Authentication without sending your secrets to a third-party. --- ## 硬件安全密钥 @@ -140,5 +141,3 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative - Must not require internet connectivity. - Must not sync to a third-party cloud sync/backup service. - **Optional** E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud. - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/news-aggregators.md b/i18n/zh/news-aggregators.md index 469bbf92..63e2b18f 100644 --- a/i18n/zh/news-aggregators.md +++ b/i18n/zh/news-aggregators.md @@ -1,9 +1,10 @@ --- title: "多因素认证工具" icon: material/rss +description: These news aggregator clients let you keep up with your favorite blogs and news sites using internet standards like RSS. --- -A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favourite blogs and news sites. +A [news aggregator](https://en.wikipedia.org/wiki/News_aggregator) is a way to keep up with your favorite blogs and news sites. ## Aggregator clients @@ -169,5 +170,3 @@ You can subscribe YouTube channels without logging in and associating usage info ```text https://www.youtube.com/feeds/videos.xml?channel_id=[CHANNEL ID] ``` - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/notebooks.md b/i18n/zh/notebooks.md index 2be317a8..0739f668 100644 --- a/i18n/zh/notebooks.md +++ b/i18n/zh/notebooks.md @@ -1,6 +1,7 @@ --- title: "Notebooks" icon: material/notebook-edit-outline +description: These encrypted note-taking apps let you keep track of your notes without giving them to a third-party. --- Keep track of your notes and journalings without giving them to a third-party. @@ -111,5 +112,3 @@ Cryptee offers 100MB of storage for free, with paid options if you need more. Si - Local backup/sync functionality should support encryption. - Cloud-based platforms should support document sharing. - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/os/android-overview.md b/i18n/zh/os/android-overview.md index f3f5f702..58225369 100644 --- a/i18n/zh/os/android-overview.md +++ b/i18n/zh/os/android-overview.md @@ -1,6 +1,7 @@ --- title: Android概述 icon: simple/android +description: Android is an open-source operating system with strong security protections, which makes it our top choice for phones. --- 安卓是一个安全的操作系统,它有强大的[应用程序沙箱](https://source.android.com/security/app-sandbox),[启动时验证](https://source.android.com/security/verifiedboot)(AVB),以及一个强大的[权限](https://developer.android.com/guide/topics/permissions/overview)控制系统。 @@ -53,9 +54,44 @@ AFWall+基于 [包过滤](https://en.wikipedia.org/wiki/Firewall_(computing)#Pac ## Android 权限 -[Android上的权限](https://developer.android.com/guide/topics/permissions/overview) ,让你控制哪些应用程序被允许访问。 谷歌定期在每个连续的版本中对权限系统进行 [改善](https://developer.android.com/about/versions/11/privacy/permissions)。 你安装的所有应用程序都是严格的 [沙箱](https://source.android.com/security/app-sandbox),因此,没有必要安装任何杀毒软件。 使用最新版本的安卓系统的智能手机永远比使用付费杀毒软件的旧智能手机更安全。 最好不要为杀毒软件付费,省下钱来买一部新的智能手机,如谷歌Pixel。 +[Android上的权限](https://developer.android.com/guide/topics/permissions/overview) ,让你控制哪些应用程序被允许访问。 谷歌定期在每个连续的版本中对权限系统进行 [改善](https://developer.android.com/about/versions/11/privacy/permissions)。 你安装的所有应用程序都是严格的 [沙箱](https://source.android.com/security/app-sandbox),因此,没有必要安装任何杀毒软件。 -如果你想运行一个你不确定的应用程序,考虑使用用户或工作档案。 +A smartphone with the latest version of Android will always be more secure than an old smartphone with an antivirus that you have paid for. It's better not to pay for antivirus software and to save money to buy a new smartphone such as a Google Pixel. + +Android 10: + +- [Scoped Storage](https://developer.android.com/about/versions/10/privacy/changes#scoped-storage) gives you more control over your files and can limit what can [access external storage](https://developer.android.com/training/data-storage#permissions). Apps can have a specific directory in external storage as well as the ability to store specific types of media there. +- Tighter access on [device location](https://developer.android.com/about/versions/10/privacy/changes#app-access-device-location) by introducing the `ACCESS_BACKGROUND_LOCATION` permission. This prevents apps from accessing the location when running in the background without express permission from the user. + +Android 11: + +- [One-time permissions](https://developer.android.com/about/versions/11/privacy/permissions#one-time) which allows you to grant a permission to an app just once. +- [Auto-reset permissions](https://developer.android.com/about/versions/11/privacy/permissions#auto-reset), which resets [runtime permissions](https://developer.android.com/guide/topics/permissions/overview#runtime) that were granted when the app was opened. +- Granular permissions for accessing [phone number](https://developer.android.com/about/versions/11/privacy/permissions#phone-numbers) related features. + +Android 12: + +- A permission to grant only the [approximate location](https://developer.android.com/about/versions/12/behavior-changes-12#approximate-location). +- Auto-reset of [hibernated apps](https://developer.android.com/about/versions/12/behavior-changes-12#app-hibernation). +- [Data access auditing](https://developer.android.com/about/versions/12/behavior-changes-12#data-access-auditing) which makes it easier to determine what part of an app is performing a specific type of data access. + +Android 13: + +- A permission for [nearby wifi access](https://developer.android.com/about/versions/13/behavior-changes-13#nearby-wifi-devices-permission). The MAC addresses of nearby WiFi access points was a popular way for apps to track a user's location. +- More [granular media permissions](https://developer.android.com/about/versions/13/behavior-changes-13#granular-media-permissions), meaning you can grant access to images, videos or audio files only. +- Background use of sensors now requires the [`BODY_SENSORS`](https://developer.android.com/about/versions/13/behavior-changes-13#body-sensors-background-permission) permission. + +An app may request a permission for a specific feature it has. For example, any app that can scan QR codes will require the camera permission. Some apps can request more permissions than they need. + +[Exodus](https://exodus-privacy.eu.org/) can be useful when comparing apps that have similar purposes. If an app requires a lot of permissions and has a lot of advertising and analytics this is probably a bad sign. We recommend looking at the individual trackers and reading their descriptions rather than simply **counting the total** and assuming all items listed are equal. + +!!! 推荐 + + If an app is mostly a web-based service, the tracking may occur on the server side. [Facebook](https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/) shows "no trackers" but certainly does track users' interests and behavior across the site. Apps may evade detection by not using standard code libraries produced by the advertising industry, though this is unlikely. + +!!! note + + Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/en/reports/com.x8bit.bitwarden/latest/) may show some trackers such as [Google Firebase Analytics](https://reports.exodus-privacy.eu.org/en/trackers/49/). This library includes [Firebase Cloud Messaging](https://en.wikipedia.org/wiki/Firebase_Cloud_Messaging) which can provide [push notifications](https://en.wikipedia.org/wiki/Push_technology) in apps. This [is the case](https://fosstodon.org/@bitwarden/109636825700482007) with Bitwarden. That doesn't mean that Bitwarden is using all of the analytics features that are provided by Google Firebase Analytics. ## 媒体访问 @@ -131,5 +167,3 @@ Android 7及更高版本支持VPN killswitch ,无需安装第三方应用程 [安全网](https://developer.android.com/training/safetynet/attestation) 和 [Play Integrity APIs](https://developer.android.com/google/play/integrity) ,一般用于 [银行应用程序](https://grapheneos.org/usage#banking-apps)。 许多银行应用程序在GrapheneOS中使用沙盒游戏服务可以正常工作,但是一些非金融应用程序有自己的粗略防篡改机制,可能会失败。 GrapheneOS通过了 `basicIntegrity` 检查,但没有通过认证检查 `ctsProfileMatch`。 安卓8或更高版本的设备有硬件认证支持,如果没有泄露的密钥或严重的漏洞,就无法绕过。 至于谷歌钱包,我们不推荐这样做,因为他们的 [隐私政策](https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en),其中规定如果你不希望你的信用等级和个人信息与联盟营销服务共享,你必须选择退出。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/os/linux-overview.md b/i18n/zh/os/linux-overview.md index 26329c14..f45e0a01 100644 --- a/i18n/zh/os/linux-overview.md +++ b/i18n/zh/os/linux-overview.md @@ -1,9 +1,10 @@ --- title: Linux概述 icon: simple/linux +description: Linux is an open-source, privacy-focused desktop operating system alternative, but not all distribitions are created equal. --- -人们通常认为, [开源](https://en.wikipedia.org/wiki/Open-source_software) 软件本身是安全的,因为源代码是可用的。 预期社区验证会定期进行;但这并不总是 [案例](https://seirdy.one/posts/2022/02/02/floss-security/)。 这确实取决于许多因素,如项目活动、开发人员经验、应用于 [代码审查的严格程度](https://en.wikipedia.org/wiki/Code_review),以及对 [代码库](https://en.wikipedia.org/wiki/Codebase) 的特定部分给予关注的频率,这些部分可能多年未被触及。 +人们通常认为, [开源](https://en.wikipedia.org/wiki/Open-source_software) 软件本身是安全的,因为源代码是可用的。 预期社区验证会定期进行;但这并不总是 [案例](https://seirdy.one/posts/2022/02/02/floss-security/)。 It does depend on a number of factors, such as project activity, developer experience, level of rigor applied to [code reviews](https://en.wikipedia.org/wiki/Code_review), and how often attention is given to specific parts of the [codebase](https://en.wikipedia.org/wiki/Codebase) that may go untouched for years. 目前,桌面Linux与它们的专利同行相比,确实有一些可以更好地改进的地方,例如:。 @@ -167,5 +168,3 @@ Fedora 项目 [通过使用一个 [`countme`](https://fedoraproject.org/wiki/Cha 这个 [选项](https://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo) ,目前默认是关闭的。 我们建议将 `countme=false` 添加到 `/etc/dnf/dnf.conf` ,以备将来启用它。 在使用 `rpm-ostree` 的系统上,如Silverblue,通过屏蔽 [rpm-ostree-countme](https://fedoramagazine.org/getting-better-at-counting-rpm-ostree-based-systems/) 计时器来禁用 countme 选项。 openSUSE 还使用一个 [唯一的 ID](https://en.opensuse.org/openSUSE:Statistics) 来计算系统,可以通过删除 `/var/lib/zypp/AnonymousUniqueId` 文件来禁用它。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/os/qubes-overview.md b/i18n/zh/os/qubes-overview.md index 03efbb43..d16528b3 100644 --- a/i18n/zh/os/qubes-overview.md +++ b/i18n/zh/os/qubes-overview.md @@ -1,6 +1,7 @@ --- title: "Qubes概述" icon: simple/qubesos +description: Qubes is an operating system built around isolating apps within virtual machines for heightened security. --- [**Qubes OS**](../desktop.md#qubes-os) 是一个操作系统,它使用 [Xen](https://en.wikipedia.org/wiki/Xen) 管理程序,通过隔离的虚拟机为桌面计算提供强大的安全性。 每个虚拟机被称为 *Qube* ,你可以根据它的目的给每个Qube分配一个信任等级。 由于Qubes操作系统通过使用隔离来提供安全,并且只允许在每个案例的基础上进行操作,它与 [坏性枚举](https://www.ranum.com/security/computer_security/editorials/dumb/)。 @@ -43,7 +44,6 @@ Qubes操作系统利用 [Dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM( ### 虚拟机之间的相互作用 [qrexec框架](https://www.qubes-os.org/doc/qrexec/) 是Qubes的一个核心部分,它允许虚拟机在域之间通信。 它建立在Xen库 *vchan*的基础上,通过策略,促进了 - 隔离。

    @@ -56,5 +56,3 @@ Qubes操作系统利用 [Dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM( - J. 鲁特科夫斯卡。 [*软件区隔与物理分离*](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) - J. 鲁特科夫斯卡。 [*将我的数字生活划分为安全领域*](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) - Qubes OS: [*相关文章*](https://www.qubes-os.org/news/categories/#articles) - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/passwords.md b/i18n/zh/passwords.md index 366d033d..7d4a487b 100644 --- a/i18n/zh/passwords.md +++ b/i18n/zh/passwords.md @@ -1,6 +1,7 @@ --- title: "生产力工具" icon: material/form-textbox-password +description: Password managers allow you to securely store and manage passwords and other credentials. --- Password managers allow you to securely store and manage passwords and other credentials with the use of a master password. @@ -226,5 +227,3 @@ These products are minimal password managers that can be used within scripting a We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress. - Must be cross-platform. - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/productivity.md b/i18n/zh/productivity.md index 8c996d90..ca8122bb 100644 --- a/i18n/zh/productivity.md +++ b/i18n/zh/productivity.md @@ -1,6 +1,7 @@ --- title: "实时通讯" icon: material/file-sign +description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. --- Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The privacy policy may legally protect your rights, but it does not provide technical access constraints. @@ -152,5 +153,3 @@ In general, we define office suites as applications which could reasonably act a [:octicons-server-16:](https://privatebin.info/directory/){ .card-link title="Public Instances"} [:octicons-info-16:](https://github.com/PrivateBin/PrivateBin/wiki/FAQ){ .card-link title=Documentation} [:octicons-code-16:](https://github.com/PrivateBin/PrivateBin){ .card-link title="Source Code" } - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/real-time-communication.md b/i18n/zh/real-time-communication.md index 6e6fb77c..242944ad 100644 --- a/i18n/zh/real-time-communication.md +++ b/i18n/zh/real-time-communication.md @@ -1,6 +1,7 @@ --- title: "实时通讯" icon: material/chat-processing +description: Other instant messengers make all of your private conversations available to the company that runs them. --- 这些是我们对加密实时通讯的建议。 @@ -191,5 +192,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be decentralized, i.e. federated or P2P. - Should use E2EE for all messages by default. - Should support Linux, macOS, Windows, Android, and iOS. - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/router.md b/i18n/zh/router.md index dd8dac1d..6374dcd7 100644 --- a/i18n/zh/router.md +++ b/i18n/zh/router.md @@ -1,6 +1,7 @@ --- title: "Router Firmware" icon: material/router-wireless +description: These alternative operating systems can be used to secure your router or Wi-Fi access point. --- Below are a few alternative operating systems, that can be used on routers, Wi-Fi access points, etc. @@ -47,5 +48,3 @@ OPNsense was originally developed as a fork of [pfSense](https://en.wikipedia.or - Must be open source. - Must receive regular updates. - 必须支持各种各样的硬件。 - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/search-engines.md b/i18n/zh/search-engines.md index f53a0bfc..992127f4 100644 --- a/i18n/zh/search-engines.md +++ b/i18n/zh/search-engines.md @@ -1,6 +1,7 @@ --- title: "Search Engines" icon: material/search-web +description: These privacy-respecting search engines don't build an advertising profile based on your searches. --- Use a search engine that doesn't build an advertising profile based on your searches. @@ -105,5 +106,3 @@ Our best-case criteria represents what we would like to see from the perfect pro - Should be based on open-source software. - Should not block Tor exit node IP addresses. - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/tools.md b/i18n/zh/tools.md index d9f45781..d9f59fa5 100644 --- a/i18n/zh/tools.md +++ b/i18n/zh/tools.md @@ -3,6 +3,7 @@ title: "隐私工具" icon: 资料/工具 hide: - toc +description: Privacy Guides is the most transparent and reliable website for finding software, apps, and services that protect your personal data from mass surveillance programs and other internet threats. --- 如果你正在寻找某项具体解决方案,这里是一些我们推荐的各种类别的软硬件工具。 我们推荐的隐私工具主要依据它们的安全功能来选择,另外还强调了去中心化和开源。 They are applicable to a variety of threat models ranging from protection against global mass surveillance programs and avoiding big tech companies to mitigating attacks, but only you can determine what will work best for your needs. @@ -90,14 +91,11 @@ If you want assistance figuring out the best privacy tools and alternative progr
    -- ![Fedora logo](assets/img/linux-desktop/fedora-workstation.svg){ .twemoji } [Fedora Workstation](linux-desktop.md#fedora-workstation) -- ![openSUSE Tumbleweed logo](assets/img/linux-desktop/opensuse-tumbleweed.svg){ .twemoji } [OpenSUSE Tumbleweed](linux-desktop.md#opensuse-tumbleweed) -- ![Arch logo](assets/img/linux-desktop/archlinux.svg){ .twemoji } [Arch Linux](linux-desktop.md#arch-linux) -- ![Fedora Silverblue logo](assets/img/linux-desktop/fedora-silverblue.svg){ .twemoji } [Fedora Silverblue & Kinoite](linux-desktop.md#fedora-silverblue) -- ![nixOS logo](assets/img/linux-desktop/nixos.svg){ .twemoji } [NixOS](linux-desktop.md#nixos) -- ![Whonix logo](assets/img/linux-desktop/whonix.svg){ .twemoji } [Whonix (Tor)](linux-desktop.md#whonix) -- ![Tails logo](assets/img/linux-desktop/tails.svg){ .twemoji } [Tails (Live Boot)](linux-desktop.md#tails) -- ![Qubes OS logo](assets/img/qubes/qubes_os.svg){ .twemoji } [Qubes OS (Xen VM Distribution)](qubes.md) (1) +- ![Aurora Store logo](assets/img/android/aurora-store.webp){ .twemoji } [Aurora Store (Google Play Client)](android.md#aurora-store) +- ![Shelter logo](assets/img/android/mini/shelter.svg){ .twemoji } [Shelter (Work Profiles)](android.md#shelter) +- ![Auditor logo](assets/img/android/auditor.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/auditor-dark.svg#only-dark){ .twemoji } [Auditor (Supported Devices)](android.md#auditor) +- ![Secure Camera logo](assets/img/android/secure_camera.svg#only-light){ .twemoji }![Secure Camera logo](assets/img/android/secure_camera-dark.svg#only-dark){ .twemoji } [Secure Camera](android.md#secure-camera) +- ![Secure PDF Viewer logo](assets/img/android/secure_pdf_viewer.svg#only-light){ .twemoji }![GrapheneOS logo](assets/img/android/secure_pdf_viewer-dark.svg#only-dark){ .twemoji } [Secure PDF Viewer](android.md#secure-pdf-viewer)
    @@ -206,6 +204,29 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [了解更多 :hero-arrow-circle-right-fill:](email.md#self-hosting-email) +### Financial Services + +#### Payment Masking Services + +
    + +- ![Privacy.com logo](assets/img/financial-services/privacy_com.svg#only-light){ .twemoji }![Privacy.com logo](assets/img/financial-services/privacy_com-dark.svg#only-dark){ .twemoji } [Privacy.com](financial-services.md#privacycom-us-free) +- ![MySudo logo](assets/img/financial-services/mysudo.svg#only-light){ .twemoji }![MySudo logo](assets/img/financial-services/mysudo-dark.svg#only-dark){ .twemoji } [MySudo](financial-services.md#mysudo-us-paid) +
    + +[了解更多 :hero-arrow-circle-right-fill:](financial-services.md#payment-masking-services) + +#### Online Gift Card Marketplaces + +
    + +- ![Cake Pay logo](assets/img/financial-services/cakepay.svg){ .twemoji } [Cake Pay](financial-services.md#cake-pay) +- ![CoinCards logo](assets/img/financial-services/coincards.svg){ .twemoji } [CoinCards](financial-services.md#coincards) + +
    + +[了解更多 :hero-arrow-circle-right-fill:](financial-services.md#gift-card-marketplaces) + ### Search Engines
    @@ -232,9 +253,9 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    -- ![Tutanota logo](assets/img/calendar-contacts/tutanota.svg){ .twemoji } [Tutanota](calendar-contacts.md#tutanota) -- ![EteSync logo](assets/img/calendar-contacts/etesync.svg){ .twemoji } [EteSync](calendar-contacts.md#etesync) -- ![Proton Calendar logo](assets/img/calendar-contacts/proton-calendar.svg){ .twemoji } [Proton Calendar](calendar-contacts.md#proton-calendar) +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](vpn.md#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](vpn.md#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](vpn.md#proton-vpn)
    @@ -255,6 +276,16 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b [了解更多 :hero-arrow-circle-right-fill:](calendar.md) +### Cryptocurrency + +
    + +- ![Monero logo](assets/img/cryptocurrency/monero.svg){ .twemoji }[Monero](cryptocurrency.md#monero) + +
    + +[了解更多 :hero-arrow-circle-right-fill:](cryptocurrency.md) + ### 日历/联系人同步
    @@ -441,5 +472,3 @@ We [recommend](dns.md#recommended-providers) a number of encrypted DNS servers b
    [了解更多 :hero-arrow-circle-right-fill:](video-streaming.md) - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/tor.md b/i18n/zh/tor.md index efd4b7bc..a9735aeb 100644 --- a/i18n/zh/tor.md +++ b/i18n/zh/tor.md @@ -1,11 +1,12 @@ --- title: "桌面端浏览器" icon: simple/torproject +description: 使用Tor网络保护您的互联网浏览免受窥探, Tor网络是一个规避审查的安全网络。 --- ![Tor logo](assets/img/self-contained-networks/tor.svg){ align=right } -The **Tor** network is a group of volunteer-operated servers that allows you to connect for free and improve your privacy and security on the Internet. Individuals and organizations can also share information over the Tor network with ".onion hidden services" without compromising their privacy. Because Tor traffic is difficult to block and trace, Tor is an effective censorship circumvention tool. +**Tor** 网络是一组由志愿者操作的服务器,允许您免费连接以提高您的互联网的隐私和安全。 个人和组织也可以通过Tor网络与".onion隐藏服务"分享信息,而不损害其隐私。 由于Tor流量难以阻止和跟踪,因此Tor是一种有效的审查规避工具。 [:octicons-home-16:](https://www.torproject.org){ .card-link title=Homepage } [:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" } @@ -13,27 +14,21 @@ The **Tor** network is a group of volunteer-operated servers that allows you to [:octicons-code-16:](https://gitweb.torproject.org/tor.git){ .card-link title="Source Code" } [:octicons-heart-16:](https://donate.torproject.org/){ .card-link title=Contribute } -Tor works by routing your internet traffic through those volunteer-operated servers, instead of making a direct connection to the site you're trying to visit. This obfuscates where the traffic is coming from, and no server in the connection path is able to see the full path of where the traffic is coming from and going to, meaning even the servers you are using to connect cannot break your anonymity. +Tor的工作原理是通过这些志愿者操作的服务器路由您的互联网流量,而不是直接连接到您试图访问的网站。 这会混淆流量的来源,并且连接路径中的任何服务器都无法看到流量来自和流向的完整路径,这意味着即使您用于连接的服务器也无法打破您的匿名性。 -
    - ![Tor path](assets/img/how-tor-works/tor-path.svg#only-light) - ![Tor path](assets/img/how-tor-works/tor-path-dark.svg#only-dark) -
    Tor circuit pathway - Nodes in the path can only see the servers they are directly connected to, for example the "Entry" node shown can see your IP address, and the address of the "Middle" node, but has no way to see which website you are visiting.
    -
    +[详细的Tor概述 :material-arrow-right-drop-circle:](advanced/tor-overview.md ""){.md-button} -- [More information about how Tor works :material-arrow-right-drop-circle:](advanced/tor-overview.md) +## 连接到Tor -## Connecting to Tor +有多种方法可以从您的设备连接到Tor网络,最常用的是 **Tor浏览器**,这是Firefox的一个分支,专为桌面计算机和Android的匿名浏览而设计。 除了下面列出的应用程序,还有专门设计用于连接到Tor网络的操作系统,例如 [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os),它提供了比标准Tor浏览器更高的安全性和保护。 -There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for anonymous browsing for desktop computers and Android. In addition to the apps listed below, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser. - -### Tor Browser +### Tor浏览器 !!! recommendation - ![Tor Browser logo](assets/img/browsers/tor.svg){ align=right } + ! [Tor浏览器徽标] (assets/img/browsers/tor.svg) {align = right} - **Tor Browser** is the choice if you need anonymity, as it provides you with access to the Tor network and bridges, and it includes default settings and extensions that are automatically configured by the default security levels: *Standard*, *Safer* and *Safest*. + * * Tor浏览器* *是您需要匿名时的选择,它为您提供了对Tor网络和网桥的访问权限,并且它包括默认安全的默认设置和扩展: *标准* , *更安全*和*最安全*。 [:octicons-home-16: Homepage](https://www.torproject.org){ .md-button .md-button--primary } [:simple-torbrowser:](http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion){ .card-link title="Onion Service" } @@ -54,7 +49,7 @@ There are a variety of ways to connect to the Tor network from your device, the You should **never** install any additional extensions on Tor Browser or edit `about:config` settings, including the ones we suggest for Firefox. Browser extensions and non-standard settings make you stand out from others on the Tor network, thus making your browser easier to [fingerprint](https://support.torproject.org/glossary/browser-fingerprinting). -The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/). +Tor浏览器旨在防止指纹识别,或根据您的浏览器配置识别您。 Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/). ### Orbot @@ -120,5 +115,3 @@ For resistance against traffic analysis attacks, consider enabling *Isolate Dest Snowflake does not increase your privacy in any way, nor is it used to connect to the Tor network within your personal browser. However, if your internet connection is uncensored, you should consider running it to help people in censored networks achieve better privacy themselves. There is no need to worry about which websites people are accessing through your proxy—their visible browsing IP address will match their Tor exit node, not yours. Running a Snowflake proxy is low-risk, even moreso than running a Tor relay or bridge which are already not particularly risky endeavours. However, it does still proxy traffic through your network which can be impactful in some ways, especially if your network is bandwidth-limited. Make sure you understand [how Snowflake works](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) before deciding whether to run a proxy. - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/video-streaming.md b/i18n/zh/video-streaming.md index 3337066b..2aceac4a 100644 --- a/i18n/zh/video-streaming.md +++ b/i18n/zh/video-streaming.md @@ -1,6 +1,7 @@ --- title: "视频串流" icon: 资料/视频-无线 +description: These networks allow you to stream internet content without building an advertising profile based on your interests. --- 使用视频流媒体平台时的主要威胁是,你的流媒体习惯和订阅名单可能被用来对你进行分析。 你应该将这些工具与 [VPN](vpn.md) 或 [Tor](https://www.torproject.org/) 结合起来,以使你的使用情况更难被分析。 @@ -52,5 +53,3 @@ You can disable *Save hosting data to help the LBRY network* option in :gear: ** - Must not require a centralized account to view videos. - Decentralized authentication, such as via a mobile wallet's private key is acceptable. - ---8<-- "includes/abbreviations.zh.txt" diff --git a/i18n/zh/vpn.md b/i18n/zh/vpn.md index 51a76d58..20c65cf6 100644 --- a/i18n/zh/vpn.md +++ b/i18n/zh/vpn.md @@ -1,11 +1,20 @@ --- -title: "VPN服务" +title: "VPN Services" icon: 资料/vpn +description: These are the best VPN services for protecting your privacy and security online. Find a provider here that isn’t out to spy on you. --- -选择无日志的 VPN 供应商,他们不会出卖或读取你的网络流量。 +If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved. We think these providers are a cut above the rest: -??? 危险 "VPNs 不提供匿名性" +
    + +- ![IVPN logo](assets/img/vpn/mini/ivpn.svg){ .twemoji } [IVPN](#ivpn) +- ![Mullvad logo](assets/img/vpn/mullvad.svg){ .twemoji } [Mullvad](#mullvad) +- ![Proton VPN logo](assets/img/vpn/protonvpn.svg){ .twemoji } [Proton VPN](#proton-vpn) + +
    + +!!! 危险 "VPNs 不提供匿名性" 使用VPN **不** 会隐藏你的浏览习惯, 它也不会为不安全(HTTP) 流量额外增加安全性。 @@ -15,17 +24,128 @@ icon: 资料/vpn [Download Tor](https://www.torproject.org/){ .md-button .md-button--primary } [Tor Myths & FAQ](basics/tor-overview.md){ .md-button } -??? 问题 "VPN何时有用?" - - 如果你只是想要从ISP那里、或者在使用公共Wi-Fi网络和给文件做种时提高一些**隐私**,那么只要在了解相关风险的前提下,VPN可能是个解决方案。 - - [More Info](basics/vpn-overview.md){ .md-button } +[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md ""){.md-button} ## 推荐的供应商 -!!! 摘要"准则" +我们推荐的供应商使用加密,接受Monero支付 ,支持WireGuard & OpenVPN ,并且有无日志策略。 Read our [full list of criteria](#criteria) for more information. - 我们推荐的供应商使用加密,接受Monero支付 ,支持WireGuard & OpenVPN ,并且有无日志策略。 请阅读我们的 [full list of criteria](#our-criteria) 了解更多信息。 +### IVPN + +!!! recommendation + + ![IVPN标志](assets/img/vpn/ivpn.svg){ align=right } + + **IVPN**是另一个高级VPN供应商,他们自2009年以来一直在运营。 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。 + + 这是因为到达目的地的路由较短(跳数较少)。 我们还认为,如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案,能提高VPN供应商私人密钥的安全性。 + +#### :material-check:{ .pg-green } 35 Countries + +IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. 这是因为到达目的地的路由较短(跳数较少)。 +{ .annotate } + +1. 如果订阅2年(119.76美元),还可享受10%的折扣。 + +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). + +#### :material-check:{ .pg-green } Independently Audited + +IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. + +#### :material-check:{ .pg-green } WireGuard Support + +IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). 此外, WireGuard旨在更简单、更高效。 + +IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). + +#### :material-check:{ .pg-green } Mobile Clients + +In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. + +### Mullvad + +!!! recommendation + + ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } + + **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。 这是因为到达目的地的路由较短(跳数较少)。 + + 我们还认为,如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案,能提高VPN供应商私人密钥的安全性。 downloads + + - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) + - [:simple-appstore: App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) + - [:simple-github: GitHub](https://github.com/mullvad/mullvadvpn-app/releases) + - [:simple-windows11: Windows](https://mullvad.net/en/download/windows/) + - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) + - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) + +#### :material-check:{ .pg-green } 41 Countries + +Mullvad has [servers in 41 countries](https://mullvad.net/servers/).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. 这是因为到达目的地的路由较短(跳数较少)。 +{ .annotate } + +1. 如果订阅2年(119.76美元),还可享受10%的折扣。 + +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). + +#### :material-check:{ .pg-green } Independently Audited + +Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: + +> Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. + +In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: + +> The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. + +In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). + +#### :material-check:{ .pg-green } Open-Source Clients + +Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). + +#### :material-check:{ .pg-green } Accepts Cash and Monero + +Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. \[WireGuard\](https://www.wireguard.com)是一个较新的协议,使用最先进的 \[cryptography\](https://www.wireguard.com/protocol/)。 + +#### :material-check:{ .pg-green } WireGuard Support + +Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). 此外, WireGuard旨在更简单、更高效。 + +Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). + +#### :material-check:{ .pg-green } IPv6 Support + +Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. + +#### :material-check:{ .pg-green } Remote Port Forwarding + +Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. + +#### :material-check:{ .pg-green } Mobile Clients + +Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). + +#### :material-information-outline:{ .pg-blue } Additional Functionality + +Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). ### Proton VPN @@ -48,162 +168,48 @@ icon: 资料/vpn - [:simple-windows11: Windows](https://protonvpn.com/download-windows) - [:simple-linux: Linux](https://protonvpn.com/support/linux-vpn-setup/) -??? 检查注释 "64个国家" +#### :material-check:{ .pg-green } 67 Countries - Proton VPN有[64个国家的服务器](https://protonvpn.com/vpn-servers) (1)。 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。 这是因为到达目的地的路由较短(跳数较少)。 - - 我们还认为,如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案,能提高VPN供应商私人密钥的安全性。 +Proton VPN has [servers in 67 countries](https://protonvpn.com/vpn-servers).(1) Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. 这是因为到达目的地的路由较短(跳数较少)。 +{ .annotate } 1. 如果订阅2年(119.76美元),还可享受10%的折扣。 -??? 检查"独立审计" +We also think it's better for the security of the VPN provider's private keys if they use [dedicated servers](https://en.wikipedia.org/wiki/Dedicated_hosting_service), instead of cheaper shared solutions (with other customers) such as [virtual private servers](https://en.wikipedia.org/wiki/Virtual_private_server). - 截至2020年1月,Proton VPN已经接受了SEC咨询公司的独立审计。 SEC Consult在Proton VPN的Windows、Android和iOS应用程序中发现了一些中度和低度风险的漏洞,在报告发布前,Proton VPN都已经 "妥善修复"。 所发现的问题中没有任何一个能让攻击者远程访问你的设备或流量。 你可以在 [protonvpn.com](https://protonvpn.com/blog/open-source/)查看每个平台的单独报告。 2022年4月,Proton VPN接受了[另一次审计](https://protonvpn.com/blog/no-logs-audit/),报告是[由Securitum制作](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf)。 A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). +#### :material-check:{ .pg-green } Independently Audited -??? 检查“开源客户端” +截至2020年1月,Proton VPN已经接受了SEC咨询公司的独立审计。 SEC Consult在Proton VPN的Windows、Android和iOS应用程序中发现了一些中度和低度风险的漏洞,在报告发布前,Proton VPN都已经 "妥善修复"。 所发现的问题中没有任何一个能让攻击者远程访问你的设备或流量。 You can view individual reports for each platform at [protonvpn.com](https://protonvpn.com/blog/open-source/). In April 2022 Proton VPN underwent [another audit](https://protonvpn.com/blog/no-logs-audit/) and the report was [produced by Securitum](https://protonvpn.com/blog/wp-content/uploads/2022/04/securitum-protonvpn-nologs-20220330.pdf). A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton VPN's apps on 9th November 2021 by [Securitum](https://research.securitum.com). - Proton VPN在其[GitHub组织](https://github.com/ProtonVPN)中提供其桌面和移动客户端的源代码。 +#### :material-check:{ .pg-green } Open-Source Clients -??? 检查"接受现金" +Proton VPN provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/ProtonVPN). - Proton VPN除了接受信用卡/借记卡和PayPal之外,还接受比特币和**现金/当地货币**作为匿名支付方式。 +#### :material-check:{ .pg-green } Accepts Cash -??? 检查 "WireGuard支持"。 +Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment. - Proton VPN主要支持WireGuard®协议。 [WireGuard](https://www.wireguard.com)是一个较新的协议,使用最先进的 [cryptography](https://www.wireguard.com/protocol/)。 此外, WireGuard旨在更简单、更高效。 - - Proton VPN [recommends](https://protonvpn.com/blog/wireguard/)在其服务中使用WireGuard。 在Proton VPN的Windows、macOS、iOS、Android、ChromeOS和Android TV应用程序中,WireGuard是默认协议;但是,在他们的Linux应用程序中,该协议还没有得到 [support](https://protonvpn.com/support/how-to-change-vpn-protocols/)。 +#### :material-check:{ .pg-green } WireGuard Support -??? 警告 "远程端口转发" +Proton VPN主要支持WireGuard®协议。 [WireGuard](https://www.wireguard.com) is a newer protocol that uses state-of-the-art [cryptography](https://www.wireguard.com/protocol/). 此外, WireGuard旨在更简单、更高效。 - Proton VPN目前只支持Windows上的远程[端口转发](https://protonvpn.com/support/port-forwarding/),这可能会影响一些应用程序。 特别是点对点的应用,如Torrent客户端。 +Proton VPN [recommends](https://protonvpn.com/blog/wireguard/) the use of WireGuard with their service. On Proton VPN's Windows, macOS, iOS, Android, ChromeOS, and Android TV apps, WireGuard is the default protocol; however, [support](https://protonvpn.com/support/how-to-change-vpn-protocols/) for the protocol is not present in their Linux app. -??? success "Mobile Clients" +#### :material-alert-outline:{ .pg-orange } Remote Port Forwarding - In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. +Proton VPN currently only supports remote [port forwarding](https://protonvpn.com/support/port-forwarding/) on Windows, which may impact some applications. 特别是点对点的应用,如Torrent客户端。 -??? info "Additional Functionality" +#### :material-check:{ .pg-green } Mobile Clients - Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. +In addition to providing standard OpenVPN configuration files, Proton VPN has mobile clients for [App Store](https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085), [Google Play](https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US), and [GitHub](https://github.com/ProtonVPN/android-app/releases) allowing for easy connections to their servers. -!!! danger "Killswitch feature is broken on Intel-based Macs" +#### :material-information-outline:{ .pg-blue } Additional Functionality - System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. +Proton VPN clients support two factor authentication on all platforms except Linux at the moment. Proton VPN has their own servers and datacenters in Switzerland, Iceland and Sweden. They offer adblocking and known malware domains blocking with their DNS service. Additionally, Proton VPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using [the official Tor Browser](https://www.torproject.org/) for this purpose. -### IVPN +#### :material-alert-outline:{ .pg-orange } Killswitch feature is broken on Intel-based Macs -!!! recommendation - - ![IVPN标志](assets/img/vpn/ivpn.svg){ align=right } - - **IVPN**是另一个高级VPN供应商,他们自2009年以来一直在运营。 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。 - - 这是因为到达目的地的路由较短(跳数较少)。 我们还认为,如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案,能提高VPN供应商私人密钥的安全性。 - -??? 检查"独立审计" - - IVPN has [servers in 35 countries](https://www.ivpn.net/server-locations) (1). 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。 这是因为到达目的地的路由较短(跳数较少)。 - - 我们还认为,如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案,能提高VPN供应商私人密钥的安全性。 - -1. 如果订阅2年(119.76美元),还可享受10%的折扣。 - -??? 检查"独立审计" - - IVPN has undergone a [no-logging audit from Cure53](https://cure53.de/audit-report_ivpn.pdf) which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a [comprehensive pentest report Cure53](https://cure53.de/summary-report_ivpn_2019.pdf) in January 2020. IVPN has also said they plan to have [annual reports](https://www.ivpn.net/blog/independent-security-audit-concluded) in the future. A further review was conducted [in April 2022](https://www.ivpn.net/blog/ivpn-apps-security-audit-2022-concluded/) and was produced by Cure53 [on their website](https://cure53.de/pentest-report_IVPN_2022.pdf). - -??? 检查“开源客户端” - - As of February 2020 [IVPN applications are now open-source](https://www.ivpn.net/blog/ivpn-applications-are-now-open-source). Source code can be obtained from their [GitHub organization](https://github.com/ivpn). - -??? 检查 "WireGuard支持"。 - - In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin, **Monero** and **cash/local currency** (on annual plans) as anonymous forms of payment. - -??? 检查 "WireGuard支持"。 - - IVPN supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com)是一个较新的协议,使用最先进的 [cryptography](https://www.wireguard.com/protocol/)。 此外, WireGuard旨在更简单、更高效。 - - IVPN [recommends](https://www.ivpn.net/wireguard/) the use of WireGuard with their service and, as such, the protocol is the default on all of IVPN's apps. IVPN also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). - -??? success "Remote Port Forwarding" - - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is possible with a Pro plan. Port forwarding [can be activated](https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html) via the client area. Port forwarding is only available on IVPN when using WireGuard or OpenVPN protocols and is [disabled on US servers](https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html). - -??? success "Mobile Clients" - - In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for [App Store](https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683), [Google Play](https://play.google.com/store/apps/details?id=net.ivpn.client), and [GitHub](https://github.com/ivpn/android-app/releases) allowing for easy connections to their servers. - -??? info "Additional Functionality" - - IVPN clients support two factor authentication (Mullvad's clients do not). IVPN also provides "[AntiTracker](https://www.ivpn.net/antitracker)" functionality, which blocks advertising networks and trackers from the network level. - -### Mullvad - -!!! recommendation - - ![Mullvad logo](assets/img/vpn/mullvad.svg){ align=right } - - **Mullvad** is a fast and inexpensive VPN with a serious focus on transparency and security. 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。 这是因为到达目的地的路由较短(跳数较少)。 - - 我们还认为,如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案,能提高VPN供应商私人密钥的安全性。 downloads - - - [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) - - [:simple-appstore: App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) - - [:simple-github: GitHub](https://github.com/mullvad/mullvadvpn-app/releases) - - [:simple-windows11: Windows](https://mullvad.net/en/download/windows/) - - [:simple-apple: macOS](https://mullvad.net/en/download/macos/) - - [:simple-linux: Linux](https://mullvad.net/en/download/linux/) - -??? 检查"独立审计" - - Mullvad has [servers in 41 countries](https://mullvad.net/servers/) (1). 挑一个拥有离你最近的服务器的VPN供应商将减少你的网络流量的发送延迟。 这是因为到达目的地的路由较短(跳数较少)。 - - 我们还认为,如果VPN供应商使用[专用服务器](https://en.wikipedia.org/wiki/Dedicated_hosting_service),而不是使用[虚拟专用服务器](https://en.wikipedia.org/wiki/Virtual_private_server)等更便宜的(与其他客户)共享的解决方案,能提高VPN供应商私人密钥的安全性。 - -1. 如果订阅2年(119.76美元),还可享受10%的折扣。 - -??? 检查"独立审计" - - Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report [published at cure53.de](https://cure53.de/pentest-report_mullvad_v2.pdf). The security researchers concluded: - - > Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint. - - In 2020 a second audit [was announced](https://mullvad.net/blog/2020/6/25/results-available-audit-mullvad-app/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2020_v2.pdf) was made available on Cure53's website: - - > The results of this May-June 2020 project targeting the Mullvad complex are quite positive. [...] The overall application ecosystem used by Mullvad leaves a sound and structured impression. The overall structure of the application makes it easy to roll out patches and fixes in a structured manner. More than anything, the findings spotted by Cure53 showcase the importance of constantly auditing and re-assessing the current leak vectors, in order to always ensure privacy of the end-users. With that being said, Mullvad does a great job protecting the end-user from common PII leaks and privacy related risks. - - In 2021 an infrastructure audit [was announced](https://mullvad.net/en/blog/2021/1/20/no-pii-or-privacy-leaks-found-cure53s-infrastructure-audit/) and the [final audit report](https://cure53.de/pentest-report_mullvad_2021_v1.pdf) was made available on Cure53's website. Another report was commissioned [in June 2022](https://mullvad.net/en/blog/2022/6/22/vpn-server-audit-found-no-information-leakage-or-logging-of-customer-data/) and is available on [Assured's website](https://www.assured.se/publications/Assured_Mullvad_relay_server_audit_report_2022.pdf). - -??? 检查“开源客户端” - - Mullvad provides the source code for their desktop and mobile clients in their [GitHub organization](https://github.com/mullvad/mullvadvpn-app). - -??? 检查 "WireGuard支持"。 - - Mullvad, in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, **Monero** and **cash/local currency** as anonymous forms of payment. [WireGuard](https://www.wireguard.com)是一个较新的协议,使用最先进的 [cryptography](https://www.wireguard.com/protocol/)。 - -??? 检查 "WireGuard支持"。 - - Mullvad supports the WireGuard® protocol. [WireGuard](https://www.wireguard.com)是一个较新的协议,使用最先进的 [cryptography](https://www.wireguard.com/protocol/)。 此外, WireGuard旨在更简单、更高效。 - - Mullvad [recommends](https://mullvad.net/en/help/why-wireguard/) the use of WireGuard with their service. It is the default or only protocol on Mullvad's Android, iOS, macOS, and Linux apps, but on Windows you have to [manually enable](https://mullvad.net/en/help/how-turn-wireguard-mullvad-app/) WireGuard. Mullvad also offers a WireGuard configuration generator for use with the official WireGuard [apps](https://www.wireguard.com/install/). - -??? success "IPv6 Support" - - Mullvad supports the future of networking [IPv6](https://en.wikipedia.org/wiki/IPv6). Their network allows you to [access services hosted on IPv6](https://mullvad.net/en/blog/2014/9/15/ipv6-support/) as opposed to other providers who block IPv6 connections. - -??? success "Remote Port Forwarding" - - Remote [port forwarding](https://en.wikipedia.org/wiki/Port_forwarding) is allowed for people who make one-time payments, but not allowed for accounts with a recurring/subscription-based payment method. This is to prevent Mullvad from being able to identify you based on your port usage and stored subscription information. See [Port forwarding with Mullvad VPN](https://mullvad.net/help/port-forwarding-and-mullvad/) for more information. - -??? success "Mobile Clients" - - Mullvad has published [App Store](https://apps.apple.com/app/mullvad-vpn/id1488466513) and [Google Play](https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn) clients, both supporting an easy-to-use interface as opposed to requiring you to manually configure your WireGuard connection. The Android client is also available on [GitHub](https://github.com/mullvad/mullvadvpn-app/releases). - -??? info "Additional Functionality" - - Mullvad is very transparent about which nodes they [own or rent](https://mullvad.net/en/servers/). They use [ShadowSocks](https://shadowsocks.org/) in their ShadowSocks + OpenVPN configuration, making them more resistant against firewalls with [Deep Packet Inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) trying to block VPNs. Supposedly, [China has to use a different method to block ShadowSocks servers](https://github.com/net4people/bbs/issues/22). Mullvad's website is also accessible via Tor at [o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion](http://o54hon2e2vj6c7m3aqqu6uyece65by3vgoxxhlqlsvkmacw6a7m7kiad.onion). +System crashes [may occur](https://protonvpn.com/support/macos-t2-chip-kill-switch/) on Intel-based Macs when using the VPN killswitch. If you require this feature, and you are using a Mac with Intel chipset, you should consider using another VPN service. ## Criteria @@ -238,13 +244,13 @@ We prefer our recommended providers to collect as little data as possible. 不 **符合条件的最低要求。** -- Monero或现金支付选项。 +- [Anonymous cryptocurrency](cryptocurrency.md) **or** cash payment option. - 注册时不需要提供个人信息。最多只有用户名、密码和电子邮件。 **Best Case:** -- 接受Monero、现金和其他形式的匿名支付方式(礼品卡等)。 -- 不接受个人信息(自动生成的用户名,不需要电子邮件,等等。) +- Accepts multiple [anonymous payment options](advanced/payments.md). +- No personal information accepted (autogenerated username, no email required, etc.). ### 安全性 @@ -302,5 +308,3 @@ Responsible marketing that is both educational and useful to the consumer could ### Additional Functionality While not strictly requirements, there are some factors we looked into when determining which providers to recommend. These include adblocking/tracker-blocking functionality, warrant canaries, multihop connections, excellent customer support, the number of allowed simultaneous connections, etc. - ---8<-- "includes/abbreviations.zh.txt" diff --git a/includes/abbreviations.de.txt b/includes/abbreviations.de.txt index 48a0974d..6207e02a 100644 --- a/includes/abbreviations.de.txt +++ b/includes/abbreviations.de.txt @@ -1,72 +1,72 @@ -*[2FA]: 2-Factor Authentication +*[2FA]: 2-Faktor-Authentifizierung *[ADB]: Android Debug Bridge -*[AOSP]: Android Open Source Project +*[AOSP]: Android Open-Source Projekt *[ATA]: Advanced Technology Attachment -*[attack surface]: The total number of possible entry points for unauthorized access to a system +*[attack surface]: Die Gesamtzahl der möglichen Einstiegspunkte für einen unbefugten Zugriff auf ein System *[AVB]: Android Verified Boot *[cgroups]: Control Groups -*[CLI]: Command Line Interface -*[CSV]: Comma-Separated Values -*[CVE]: Common Vulnerabilities and Exposures -*[Digital Legacy]: Digital Legacy refers to features that allow you to give other people access to your data when you die -*[DNSSEC]: Domain Name System Security Extensions -*[DNS]: Domain Name System -*[DoH]: DNS over HTTPS -*[DoQ]: DNS over QUIC -*[DoH3]: DNS over HTTP/3 -*[DoT]: DNS over TLS -*[E2EE]: End-to-End Encryption/Encrypted +*[CLI]: Kommandozeilen-Schnittstelle +*[CSV]: Kommagetrennte Werte +*[CVE]: Häufige Schwachstellen und Gefährdungen +*[Digital Legacy]: Funktionen, die es ermöglichen nach dem eigenen Tod anderen Menschen Zugang zu Daten zu gewähren +*[DNSSEC]: Domänennamensystem-Sicherheitserweiterungen +*[DNS]: Domänennamensystem +*[DoH]: DNS über HTTPS +*[DoQ]: DNS über QUIC +*[DoH3]: DNS über HTTP/3 +*[DoT]: DNS über TLS +*[E2EE]: End-to-End-Verschlüsselung/Verschlüsselt *[ECS]: EDNS Client Subnet -*[EEA]: European Economic Area -*[entropy]: A measurement of how unpredictable something is +*[EEA]: Europäischer Wirtschaftsraum +*[entropy]: Ein Maß dafür, wie unvorhersehbar etwas ist *[EOL]: End-of-Life *[Exif]: Exchangeable image file format *[FCM]: Firebase Cloud Messaging -*[FDE]: Full Disk Encryption +*[FDE]: vollständige Festplattenverschlüsselung *[FIDO]: Fast IDentity Online -*[fork]: A new software project created by copying an existing project and adding to it independently -*[GDPR]: General Data Protection Regulation -*[GPG]: GNU Privacy Guard (PGP implementation) -*[GPS]: Global Positioning System -*[GUI]: Graphical User Interface -*[GnuPG]: GNU Privacy Guard (PGP implementation) -*[HDD]: Hard Disk Drive +*[fork]: Ein neues Softwareprojekt, das durch Kopieren eines bestehenden Projekts und das unabhängige Hinzufügen erstellt wird +*[DSGVO]: Datenschutzverordnung +*[GPG]: GNU Privacy Guard (PGP-Implementierung) +*[GPS]: Globales Positionsbestimmungssystem +*[GUI]: Grafische Benutzeroberfläche +*[GnuPG]: GNU Privacy Guard (PGP-Implementierung) +*[HDD]: Festplattenlaufwerk *[HOTP]: HMAC (Hash-based Message Authentication Code) based One-Time Password -*[HTTPS]: Hypertext Transfer Protocol Secure -*[HTTP]: Hypertext Transfer Protocol +*[HTTPS]: sicheres Hypertext-Übertragungsprotokoll +*[HTTP]: Hypertext-Übertragungsprotokoll *[hypervisor]: Computer software, firmware, or hardware that splits the resources of a CPU among multiple operating systems *[ICCID]: Integrated Circuit Card Identifier *[IMAP]: Internet Message Access Protocol *[IMEI]: International Mobile Equipment Identity *[IMSI]: International Mobile Subscriber Identity -*[IP]: Internet Protocol -*[IPv4]: Internet Protocol version 4 -*[IPv6]: Internet Protocol version 6 -*[ISP]: Internet Service Provider -*[ISPs]: Internet Service Providers +*[IP]: Internetprotokoll +*[IPv4]: Internetprotokoll Version 4 +*[IPv6]: Internetprotokoll Version 6 +*[ISP]: Internetdienstanbieter +*[ISPs]: Internetdienstanbieter *[JNI]: Java Native Interface *[LUKS]: Linux Unified Key Setup (Full-Disk Encryption) *[MAC]: Media Access Control *[MDAG]: Microsoft Defender Application Guard *[MEID]: Mobile Equipment Identifier -*[MFA]: Multi-Factor Authentication +*[MFA]: Multi-Faktor-Authentifizierung *[NVMe]: Nonvolatile Memory Express -*[NTP]: Network Time Protocol +*[NTP]: Netzwerk-Zeitprotokoll *[OCI]: Open Container Initiative *[OCSP]: Online Certificate Status Protocol *[OEM]: Original Equipment Manufacturer *[OEMs]: Original Equipment Manufacturers -*[OS]: Operating System -*[OTP]: One-Time Password -*[OTPs]: One-Time Passwords -*[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP) +*[OS]: Betriebssystem +*[OTP]: Einmalpasswort +*[OTPs]: Einmalpasswörter +*[OpenPGP]: Open-Source-Implementierung von Pretty Good Privacy (PGP) *[P2P]: Peer-to-Peer *[PAM]: Linux Pluggable Authentication Modules *[POP3]: Post Office Protocol 3 *[PGP]: Pretty Good Privacy (see OpenPGP) -*[PII]: Personally Identifiable Information +*[PII]: Personenbezogene Daten *[QNAME]: Qualified Name -*[rolling release]: Updates which are released frequently rather than set intervals +*[rolling release]: Updates, die häufig und nicht nur in bestimmten Abständen veröffentlicht werden *[RSS]: Really Simple Syndication *[SELinux]: Security-Enhanced Linux *[SIM]: Subscriber Identity Module @@ -82,13 +82,13 @@ *[TCP]: Transmission Control Protocol *[TEE]: Trusted Execution Environment *[TLS]: Transport Layer Security -*[ToS]: Terms of Service -*[TOTP]: Time-based One-Time Password +*[AGB]: Allgemeine Geschäftsbedingungen +*[TOTP]: Zeitbasiertes Einmalpasswort *[TPM]: Trusted Platform Module -*[U2F]: Universal 2nd Factor +*[U2F]: Universeller 2. Faktor *[UEFI]: Unified Extensible Firmware Interface *[UDP]: User Datagram Protocol -*[VPN]: Virtual Private Network +*[VPN]: Virtuelles Privates Netzwerk *[VoIP]: Voice over IP (Internet Protocol) *[W3C]: World Wide Web Consortium *[XMPP]: Extensible Messaging and Presence Protocol diff --git a/includes/abbreviations.es.txt b/includes/abbreviations.es.txt index 14af6aed..de50665f 100644 --- a/includes/abbreviations.es.txt +++ b/includes/abbreviations.es.txt @@ -21,31 +21,31 @@ *[entropy]: Una medición de qué tan impredecible puede ser algo *[EOL]: Fin de vida *[Exif]: Formato de imagen de archivo intercambiable -*[FCM]: Firebase Cloud Messaging -*[FDE]: Full Disk Encryption -*[FIDO]: Fast IDentity Online -*[fork]: A new software project created by copying an existing project and adding to it independently -*[GDPR]: General Data Protection Regulation -*[GPG]: GNU Privacy Guard (PGP implementation) -*[GPS]: Global Positioning System -*[GUI]: Graphical User Interface -*[GnuPG]: GNU Privacy Guard (PGP implementation) -*[HDD]: Hard Disk Drive -*[HOTP]: HMAC (Hash-based Message Authentication Code) based One-Time Password -*[HTTPS]: Hypertext Transfer Protocol Secure -*[HTTP]: Hypertext Transfer Protocol -*[hypervisor]: Computer software, firmware, or hardware that splits the resources of a CPU among multiple operating systems -*[ICCID]: Integrated Circuit Card Identifier -*[IMAP]: Internet Message Access Protocol -*[IMEI]: International Mobile Equipment Identity -*[IMSI]: International Mobile Subscriber Identity -*[IP]: Internet Protocol -*[IPv4]: Internet Protocol version 4 -*[IPv6]: Internet Protocol version 6 -*[ISP]: Internet Service Provider -*[ISPs]: Internet Service Providers -*[JNI]: Java Native Interface -*[LUKS]: Linux Unified Key Setup (Full-Disk Encryption) +*[FCM]: Mensajería virtual Firebase Cloud Messaging +*[FDE]: Cifrado de disco completo +*[FIDO]: Identidad rápida en línea +*[fork]: Un nuevo proyecto de software creado copiando un proyecto existente y añadiéndole elementos de forma independiente +*[GDPR]: Reglamento General de Protección de Datos +*[GPG]: GNU Privacy Guard (implementación de PGP) +*[GPS]: Sistema de Posicionamiento Global +*[GUI]: Interfaz Gráfica de Usuario +*[GnuPG]: GNU Privacy Guard (implementación de PGP) +*[HDD]: Unidad de Disco Duro +*[HOTP]: Contraseña de un solo uso basada en HMAC (Hash-based Message Authentication Code) +*[HTTPS]: Protocolo de transferencia de hipertexto seguro +*[HTTP]: Protocolo de transferencia de hipertexto +*[hypervisor]: Software, firmware o hardware informático que reparte los recursos de una CPU entre varios sistemas operativos +*[ICCID]: Identificador de tarjeta de circuito integrado +*[IMAP]: Protocolo de acceso a mensajes de Internet +*[IMEI]: Identidad internacional de equipos móviles +*[IMSI]: Identidad de suscriptor móvil internacional +*[IP]: Protocolo de internet +*[IPv4]: Protocolo de Internet versión 4 +*[IPv6]: Protocolo de Internet versión 6 +*[ISP]: Proveedor de servicio de internet +*[ISPs]: Proveedores de servicio de internet +*[JNI]: Interfaz nativa de Java +*[LUKS]: Configuración de clave unificada Linux (cifrado de disco completo) *[MAC]: Media Access Control *[MDAG]: Microsoft Defender Application Guard *[MEID]: Mobile Equipment Identifier @@ -71,25 +71,25 @@ *[SELinux]: Security-Enhanced Linux *[SIM]: Subscriber Identity Module *[SMS]: Short Message Service (standard text messaging) -*[SMTP]: Simple Mail Transfer Protocol -*[SNI]: Server Name Indication -*[SSD]: Solid-State Drive -*[SSH]: Secure Shell -*[SUID]: Set Owner User ID -*[SaaS]: Software as a Service (cloud software) -*[SoC]: System on Chip -*[SSO]: Single sign-on -*[TCP]: Transmission Control Protocol -*[TEE]: Trusted Execution Environment -*[TLS]: Transport Layer Security -*[ToS]: Terms of Service -*[TOTP]: Time-based One-Time Password -*[TPM]: Trusted Platform Module -*[U2F]: Universal 2nd Factor -*[UEFI]: Unified Extensible Firmware Interface -*[UDP]: User Datagram Protocol -*[VPN]: Virtual Private Network -*[VoIP]: Voice over IP (Internet Protocol) -*[W3C]: World Wide Web Consortium -*[XMPP]: Extensible Messaging and Presence Protocol -*[PWA]: Progressive Web App +*[SMTP]: Protocolo simple de transferencia de correo +*[SNI]: Indicación del Nombre del Servidor +*[SSD]: Unidad de disco duro de estado sólido +*[SSH]: Shell seguro +*[SUID]: Establecer ID de usuario propietario +*[SaaS]: Software como servicio (software en la nube) +*[SoC]: Sistema en chip +*[SSO]: Inicio de sesión único +*[TCP]: Protocolo de Control de Transmisión +*[TEE]: Entorno de ejecución de confianza +*[TLS]: Seguridad de la capa de transporte +*[ToS]: Términos del Servicio +*[TOTP]: Contraseña de un solo uso basada en el tiempo +*[TPM]: Módulo de plataforma de confianza +*[U2F]: Segundo factor universal +*[UEFI]: Interfaz de firmware extensible unificada +*[UDP]: Protocolo de Datagramas de Usuario +*[VPN]: Red privada virtual +*[VoIP]: Voz sobre IP (Protocolo de Internet) +*[W3C]: Consorcio World Wide Web +*[XMPP]: Protocolo extensible de mensajería y presencia +*[PWA]: Aplicación web progresiva diff --git a/includes/abbreviations.he.txt b/includes/abbreviations.he.txt index e9bde8e0..cc7fd5d3 100644 --- a/includes/abbreviations.he.txt +++ b/includes/abbreviations.he.txt @@ -2,13 +2,13 @@ *[ADB]: Android Debug Bridge *[AOSP]: פרויקט קוד פתוח של אנדרואיד *[ATA]: Advanced Technology Attachment -*[attack surface]: The total number of possible entry points for unauthorized access to a system +*[משטח התקפה]: The total number of possible entry points for unauthorized access to a system *[AVB]: Android Verified Boot *[cgroups]: Control Groups *[CLI]: Command Line Interface *[CSV]: Comma-Separated Values *[CVE]: Common Vulnerabilities and Exposures -*[Digital Legacy]: Digital Legacy refers to features that allow you to give other people access to your data when you die +*[מורשת דיגיטלית]: Digital Legacy refers to features that allow you to give other people access to your data when you die *[DNSSEC]: Domain Name System Security Extensions *[DNS]: Domain Name System *[DoH]: DNS דרך HTTPS @@ -88,7 +88,7 @@ *[U2F]: גורם שני אוניברסלי *[UEFI]: Unified Extensible Firmware Interface *[UDP]: User Datagram Protocol -*[VPN]: Virtual Private Network +*[VPN]: רשת וירטואלית פרטית *[VoIP]: Voice over IP (Internet Protocol) *[W3C]: World Wide Web Consortium *[XMPP]: Extensible Messaging and Presence Protocol diff --git a/includes/abbreviations.hu.txt b/includes/abbreviations.hu.txt index f84d24ac..78f2c98d 100644 --- a/includes/abbreviations.hu.txt +++ b/includes/abbreviations.hu.txt @@ -1,4 +1,4 @@ -*[2FA]: 2-Factor Authentication - Kétlépcsős Azonosítás +*[2FA]: 2-Factor Authentication - Kétlépcsős Hitelesítés *[ADB]: Android Debug Bridge *[AOSP]: Android Open Source Project - Android Nyílt Forráskódú Projekt *[ATA]: Advanced Technology Attachment diff --git a/includes/abbreviations.id.txt b/includes/abbreviations.id.txt index 7af90dde..71062797 100644 --- a/includes/abbreviations.id.txt +++ b/includes/abbreviations.id.txt @@ -15,81 +15,81 @@ *[DoQ]: DNS melalui QUIC *[DoH3]: DNS melalui HTTP/3 *[DoT]: DNS melalui TLS -*[E2EE]: End-to-End Encryption/Encrypted -*[ECS]: EDNS Client Subnet -*[EEA]: European Economic Area -*[entropy]: A measurement of how unpredictable something is -*[EOL]: End-of-Life -*[Exif]: Exchangeable image file format +*[E2EE]: Enkripsi Ujung ke Ujung/Terenkripsi +*[ECS]: Subnet Klien EDNS +*[EEA]: Wilayah Ekonomi Eropa +*[entropi]: Sebuah pengukuran tentang bagaimana sesuatu yang tidak dapat diprediksi +*[EOL]: Akhir Masa Pakai +*[Exif]: Format berkas gambar yang dapat ditukar *[FCM]: Firebase Cloud Messaging -*[FDE]: Full Disk Encryption -*[FIDO]: Fast IDentity Online -*[fork]: A new software project created by copying an existing project and adding to it independently -*[GDPR]: General Data Protection Regulation -*[GPG]: GNU Privacy Guard (PGP implementation) -*[GPS]: Global Positioning System -*[GUI]: Graphical User Interface -*[GnuPG]: GNU Privacy Guard (PGP implementation) -*[HDD]: Hard Disk Drive -*[HOTP]: HMAC (Hash-based Message Authentication Code) based One-Time Password -*[HTTPS]: Hypertext Transfer Protocol Secure -*[HTTP]: Hypertext Transfer Protocol -*[hypervisor]: Computer software, firmware, or hardware that splits the resources of a CPU among multiple operating systems -*[ICCID]: Integrated Circuit Card Identifier -*[IMAP]: Internet Message Access Protocol -*[IMEI]: International Mobile Equipment Identity -*[IMSI]: International Mobile Subscriber Identity -*[IP]: Internet Protocol -*[IPv4]: Internet Protocol version 4 -*[IPv6]: Internet Protocol version 6 -*[ISP]: Internet Service Provider -*[ISPs]: Internet Service Providers -*[JNI]: Java Native Interface -*[LUKS]: Linux Unified Key Setup (Full-Disk Encryption) -*[MAC]: Media Access Control +*[FDE]: Enkripsi Diska Penuh +*[FIDO]: Fast IDentity Online (Identitas Daring Cepat) +*[fork]: Proyek perangkat lunak baru yang dibuat dengan menyalin proyek yang sudah ada dan menambahkannya secara mandiri +*[GDPR]: Peraturan Perlindungan Data Umum +*[GPG]: GNU Privacy Guard (implementasi PGP) +*[GPS]: Sistem Pemosisian Global +*[GUI]: Antarmuka Pengguna Grafis +*[GnuPG]: GNU Privacy Guard (implementasi PGP) +*[HDD]: Penyimpanan Hard Disk +*[HOTP]: Kata sandi sekali pakai berbasis HMAC (kode autentikasi pesan berbasis hash) +*[HTTPS]: Protokol Transfer Hiperteks Aman +*[HTTP]: Protokol Transfer Hiperteks +*[hypervisor]: Perangkat lunak, perangkat tegar, atau perangkat keras komputer yang membagi sumber daya CPU di antara beberapa sistem operasi +*[ICCID]: Pengidentifikasi Kartu Sirkuit Terpadu +*[IMAP]: Protokol Akses Pesan Internet +*[IMEI]: Identitas Peralatan Seluler Internasional +*[IMSI]: Identitas Pelanggan Seluler Internasional +*[IP]: Protokol Internet +*[IPv4]: Protokol Internet versi 4 +*[IPv6]: Protokol Internet versi 6 +*[ISP]: Penyedia Layanan Internet +*[ISPs]: Penyedia Layanan Internet +*[JNI]: Antarmuka Asli Java +*[LUKS]: Pengaturan Kunci Terpadu Linux (Enkripsi Diska Penuh) +*[MAC]: Kontrol Akses Media *[MDAG]: Microsoft Defender Application Guard -*[MEID]: Mobile Equipment Identifier -*[MFA]: Multi-Factor Authentication -*[NVMe]: Nonvolatile Memory Express -*[NTP]: Network Time Protocol -*[OCI]: Open Container Initiative -*[OCSP]: Online Certificate Status Protocol -*[OEM]: Original Equipment Manufacturer -*[OEMs]: Original Equipment Manufacturers -*[OS]: Operating System -*[OTP]: One-Time Password -*[OTPs]: One-Time Passwords -*[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP) +*[MEID]: Pengidentifikasi Peralatan Seluler +*[MFA]: Autentikasi Multifaktor +*[NVMe]: Memori Ekspres yang Tidak Mudah Menguap +*[NTP]: Protokol Waktu Jaringan +*[OCI]: Inisiatif Kontainer Terbuka +*[OCSP]: Protokol Status Sertifikat Daring +*[OEM]: Produsen Peralatan Asli +*[OEMs]: Produsen Peralatan Asli +*[OS]: Sistem Operasi +*[OTP]: Kata Sandi Sekali Pakai +*[OTPs]: Kata Sandi Sekali Pakai +*[OpenPGP]: Implementasi sumber terbuka dari Pretty Good Privacy (PGP) *[P2P]: Peer-to-Peer -*[PAM]: Linux Pluggable Authentication Modules -*[POP3]: Post Office Protocol 3 -*[PGP]: Pretty Good Privacy (see OpenPGP) -*[PII]: Personally Identifiable Information -*[QNAME]: Qualified Name -*[rolling release]: Updates which are released frequently rather than set intervals +*[PAM]: Modul Otentikasi Linux yang Dapat Dicolokkan +*[POP3]: Protokol Kantor Pos 3 +*[PGP]: Pretty Good Privacy (lihat OpenPGP) +*[PII]: Informasi Identifikasi Pribadi +*[QNAME]: Nama yang Memenuhi Syarat +*[rilis bergulir]: Pembaruan yang sering dirilis daripada interval yang ditetapkan *[RSS]: Really Simple Syndication -*[SELinux]: Security-Enhanced Linux -*[SIM]: Subscriber Identity Module -*[SMS]: Short Message Service (standard text messaging) -*[SMTP]: Simple Mail Transfer Protocol -*[SNI]: Server Name Indication +*[SELinux]: Linux yang Ditingkatkan Keamanannya +*[SIM]: Modul Identitas Pelanggan +*[SMS]: Layanan Pesan Singkat (pesan teks standar) +*[SMTP]: Protokol Transfer Surat Sederhana +*[SNI]: Indikasi Nama Server *[SSD]: Solid-State Drive *[SSH]: Secure Shell -*[SUID]: Set Owner User ID -*[SaaS]: Software as a Service (cloud software) -*[SoC]: System on Chip -*[SSO]: Single sign-on -*[TCP]: Transmission Control Protocol -*[TEE]: Trusted Execution Environment -*[TLS]: Transport Layer Security -*[ToS]: Terms of Service -*[TOTP]: Time-based One-Time Password -*[TPM]: Trusted Platform Module -*[U2F]: Universal 2nd Factor -*[UEFI]: Unified Extensible Firmware Interface -*[UDP]: User Datagram Protocol -*[VPN]: Virtual Private Network -*[VoIP]: Voice over IP (Internet Protocol) -*[W3C]: World Wide Web Consortium -*[XMPP]: Extensible Messaging and Presence Protocol -*[PWA]: Progressive Web App +*[SUID]: Penetapan ID Pengguna Pemilik +*[SaaS]: Perangkat lunak sebagai layanan (perangkat lunak awan) +*[SoC]: Sistem pada Chip +*[SSO]: Sistem masuk tunggal +*[TCP]: Protokol Kontrol Transmisi +*[TEE]: Lingkungan Eksekusi Terpercaya +*[TLS]: Keamanan Lapisan Transportasi +*[ToS]: Ketentuan Layanan +*[TOTP]: Kata Sandi Sekali Pakai Berbasis Waktu +*[TPM]: Modul Platform Tepercaya +*[U2F]: Faktor ke-2 Universal +*[UEFI]: Antarmuka Firmware yang Dapat Diperluas Terpadu +*[UDP]: Protokol Datagram Pengguna +*[VPN]: Jaringan Pribadi Virtual +*[VoIP]: Suara melalui IP (Protokol Internet) +*[W3C]: Konsorsium Waring Wera Wanua +*[XMPP]: Protokol Perpesanan dan Kehadiran yang Dapat Diperluas +*[PWA]: Aplikasi Web Progresif diff --git a/includes/abbreviations.ku.txt b/includes/abbreviations.ku.txt new file mode 100644 index 00000000..48a0974d --- /dev/null +++ b/includes/abbreviations.ku.txt @@ -0,0 +1,95 @@ +*[2FA]: 2-Factor Authentication +*[ADB]: Android Debug Bridge +*[AOSP]: Android Open Source Project +*[ATA]: Advanced Technology Attachment +*[attack surface]: The total number of possible entry points for unauthorized access to a system +*[AVB]: Android Verified Boot +*[cgroups]: Control Groups +*[CLI]: Command Line Interface +*[CSV]: Comma-Separated Values +*[CVE]: Common Vulnerabilities and Exposures +*[Digital Legacy]: Digital Legacy refers to features that allow you to give other people access to your data when you die +*[DNSSEC]: Domain Name System Security Extensions +*[DNS]: Domain Name System +*[DoH]: DNS over HTTPS +*[DoQ]: DNS over QUIC +*[DoH3]: DNS over HTTP/3 +*[DoT]: DNS over TLS +*[E2EE]: End-to-End Encryption/Encrypted +*[ECS]: EDNS Client Subnet +*[EEA]: European Economic Area +*[entropy]: A measurement of how unpredictable something is +*[EOL]: End-of-Life +*[Exif]: Exchangeable image file format +*[FCM]: Firebase Cloud Messaging +*[FDE]: Full Disk Encryption +*[FIDO]: Fast IDentity Online +*[fork]: A new software project created by copying an existing project and adding to it independently +*[GDPR]: General Data Protection Regulation +*[GPG]: GNU Privacy Guard (PGP implementation) +*[GPS]: Global Positioning System +*[GUI]: Graphical User Interface +*[GnuPG]: GNU Privacy Guard (PGP implementation) +*[HDD]: Hard Disk Drive +*[HOTP]: HMAC (Hash-based Message Authentication Code) based One-Time Password +*[HTTPS]: Hypertext Transfer Protocol Secure +*[HTTP]: Hypertext Transfer Protocol +*[hypervisor]: Computer software, firmware, or hardware that splits the resources of a CPU among multiple operating systems +*[ICCID]: Integrated Circuit Card Identifier +*[IMAP]: Internet Message Access Protocol +*[IMEI]: International Mobile Equipment Identity +*[IMSI]: International Mobile Subscriber Identity +*[IP]: Internet Protocol +*[IPv4]: Internet Protocol version 4 +*[IPv6]: Internet Protocol version 6 +*[ISP]: Internet Service Provider +*[ISPs]: Internet Service Providers +*[JNI]: Java Native Interface +*[LUKS]: Linux Unified Key Setup (Full-Disk Encryption) +*[MAC]: Media Access Control +*[MDAG]: Microsoft Defender Application Guard +*[MEID]: Mobile Equipment Identifier +*[MFA]: Multi-Factor Authentication +*[NVMe]: Nonvolatile Memory Express +*[NTP]: Network Time Protocol +*[OCI]: Open Container Initiative +*[OCSP]: Online Certificate Status Protocol +*[OEM]: Original Equipment Manufacturer +*[OEMs]: Original Equipment Manufacturers +*[OS]: Operating System +*[OTP]: One-Time Password +*[OTPs]: One-Time Passwords +*[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP) +*[P2P]: Peer-to-Peer +*[PAM]: Linux Pluggable Authentication Modules +*[POP3]: Post Office Protocol 3 +*[PGP]: Pretty Good Privacy (see OpenPGP) +*[PII]: Personally Identifiable Information +*[QNAME]: Qualified Name +*[rolling release]: Updates which are released frequently rather than set intervals +*[RSS]: Really Simple Syndication +*[SELinux]: Security-Enhanced Linux +*[SIM]: Subscriber Identity Module +*[SMS]: Short Message Service (standard text messaging) +*[SMTP]: Simple Mail Transfer Protocol +*[SNI]: Server Name Indication +*[SSD]: Solid-State Drive +*[SSH]: Secure Shell +*[SUID]: Set Owner User ID +*[SaaS]: Software as a Service (cloud software) +*[SoC]: System on Chip +*[SSO]: Single sign-on +*[TCP]: Transmission Control Protocol +*[TEE]: Trusted Execution Environment +*[TLS]: Transport Layer Security +*[ToS]: Terms of Service +*[TOTP]: Time-based One-Time Password +*[TPM]: Trusted Platform Module +*[U2F]: Universal 2nd Factor +*[UEFI]: Unified Extensible Firmware Interface +*[UDP]: User Datagram Protocol +*[VPN]: Virtual Private Network +*[VoIP]: Voice over IP (Internet Protocol) +*[W3C]: World Wide Web Consortium +*[XMPP]: Extensible Messaging and Presence Protocol +*[PWA]: Progressive Web App diff --git a/includes/abbreviations.pt-BR.txt b/includes/abbreviations.pt-BR.txt index eaf87f12..285ec381 100644 --- a/includes/abbreviations.pt-BR.txt +++ b/includes/abbreviations.pt-BR.txt @@ -82,13 +82,13 @@ *[TCP]: Transmission Control Protocol *[TEE]: Trusted Execution Environment *[TLS]: Transport Layer Security -*[ToS]: Terms of Service +*[ToS]: Termos de Serviço *[TOTP]: Time-based One-Time Password *[TPM]: Trusted Platform Module *[U2F]: Universal 2nd Factor *[UEFI]: Unified Extensible Firmware Interface *[UDP]: User Datagram Protocol -*[VPN]: Virtual Private Network +*[VPN]: Rede Privada Virtual *[VoIP]: Voice over IP (Internet Protocol) *[W3C]: World Wide Web Consortium *[XMPP]: Extensible Messaging and Presence Protocol diff --git a/includes/abbreviations.sv.txt b/includes/abbreviations.sv.txt index 163d24f7..b2af3c72 100644 --- a/includes/abbreviations.sv.txt +++ b/includes/abbreviations.sv.txt @@ -10,86 +10,86 @@ *[CVE]: Vanliga sårbarheter och exponeringar *[Digitalt Arv]: Digitalt arv avser funktioner som gör att du kan ge andra personer tillgång till dina uppgifter när du dör *[DNSSEC]: Säkerhetstillägg för domännamnssystem -*[DNS]: Domain Name System -*[DoH]: DNS over HTTPS -*[DoQ]: DNS over QUIC -*[DoH3]: DNS over HTTP/3 -*[DoT]: DNS over TLS -*[E2EE]: End-to-End Encryption/Encrypted +*[DNS]: Domännamnssystem +*[DoH]: DNS över HTTPS +*[DoQ]: DNS över QUIC +*[DoH3]: DNS över HTTPS +*[DoT]: DNS över TLS +*[E2EE]: End-to-End-kryptering/krypterad *[ECS]: EDNS Client Subnet -*[EEA]: European Economic Area -*[entropy]: A measurement of how unpredictable something is -*[EOL]: End-of-Life -*[Exif]: Exchangeable image file format +*[EEA]: Europeiska ekonomiska samarbetsområdet +*[entropy]: Ett mått på hur oförutsägbart något är +*[EOL]: Slutet av livslängden +*[Exif]: Utbytbart bildfilformat *[FCM]: Firebase Cloud Messaging -*[FDE]: Full Disk Encryption -*[FIDO]: Fast IDentity Online -*[fork]: A new software project created by copying an existing project and adding to it independently -*[GDPR]: General Data Protection Regulation -*[GPG]: GNU Privacy Guard (PGP implementation) -*[GPS]: Global Positioning System -*[GUI]: Graphical User Interface -*[GnuPG]: GNU Privacy Guard (PGP implementation) -*[HDD]: Hard Disk Drive -*[HOTP]: HMAC (Hash-based Message Authentication Code) based One-Time Password -*[HTTPS]: Hypertext Transfer Protocol Secure -*[HTTP]: Hypertext Transfer Protocol -*[hypervisor]: Computer software, firmware, or hardware that splits the resources of a CPU among multiple operating systems -*[ICCID]: Integrated Circuit Card Identifier -*[IMAP]: Internet Message Access Protocol -*[IMEI]: International Mobile Equipment Identity -*[IMSI]: International Mobile Subscriber Identity -*[IP]: Internet Protocol -*[IPv4]: Internet Protocol version 4 -*[IPv6]: Internet Protocol version 6 -*[ISP]: Internet Service Provider -*[ISPs]: Internet Service Providers -*[JNI]: Java Native Interface -*[LUKS]: Linux Unified Key Setup (Full-Disk Encryption) -*[MAC]: Media Access Control +*[FDE]: Fullständig diskkryptering +*[FIDO]: Snabb IDentitet online +*[fork]: Ett nytt programvaruprojekt som skapas genom att ett befintligt projekt kopieras och kompletteras självständigt +*[GDPR]: Allmän dataskyddsförordning +*[GPG]: GNU Privacy Guard (PGP-implementering) +*[GPS]: Globalt positioneringssystem +*[GUI]: Grafiskt användargränssnitt +*[GnuPG]: GNU Privacy Guard (PGP-implementering) +*[HDD]: Hårddisk +*[HOTP]: HMAC-baserat engångslösenord (Hash-based Message Authentication Code) +*[HTTPS]: Hypertext Transfer Protocol Säkert +*[HTTP]: Hypertextöverföringsprotokoll +*[hypervisor]: Datorprogramvara, firmware eller hårdvara som delar upp en processors resurser mellan flera operativsystem +*[ICCID]: Identifierare för integrerat kretskort +*[IMAP]: Protokoll för åtkomst till Internetmeddelanden +*[IMEI]: Internationell identitet för mobil utrustning +*[IMSI]: Internationell identitet för mobil utrustning +*[IP]: Internetprotokoll +*[IPv4]: Internetprotokoll version 4 +*[IPv6]: Internetprotokoll version 6 +*[ISP]: Internetleverantör +*[ISPs]: Internetleverantör +*[JNI]: Java inbyggt gränssnitt +*[LUKS]: Linux Unified Key Setup (Full-Disk Kryptering) +*[MAC]: Medieåtkomstkontroll *[MDAG]: Microsoft Defender Application Guard -*[MEID]: Mobile Equipment Identifier -*[MFA]: Multi-Factor Authentication -*[NVMe]: Nonvolatile Memory Express -*[NTP]: Network Time Protocol -*[OCI]: Open Container Initiative -*[OCSP]: Online Certificate Status Protocol -*[OEM]: Original Equipment Manufacturer -*[OEMs]: Original Equipment Manufacturers -*[OS]: Operating System -*[OTP]: One-Time Password -*[OTPs]: One-Time Passwords -*[OpenPGP]: Open-source implementation of Pretty Good Privacy (PGP) -*[P2P]: Peer-to-Peer -*[PAM]: Linux Pluggable Authentication Modules -*[POP3]: Post Office Protocol 3 -*[PGP]: Pretty Good Privacy (see OpenPGP) -*[PII]: Personally Identifiable Information -*[QNAME]: Qualified Name -*[rolling release]: Updates which are released frequently rather than set intervals -*[RSS]: Really Simple Syndication -*[SELinux]: Security-Enhanced Linux -*[SIM]: Subscriber Identity Module -*[SMS]: Short Message Service (standard text messaging) -*[SMTP]: Simple Mail Transfer Protocol -*[SNI]: Server Name Indication -*[SSD]: Solid-State Drive -*[SSH]: Secure Shell -*[SUID]: Set Owner User ID -*[SaaS]: Software as a Service (cloud software) -*[SoC]: System on Chip +*[MEID]: Identifiering av mobil utrustning +*[MFA]: Multi-Faktor Autentisering +*[NVMe]: Icke-flyktigt minne Express +*[NTP]: Nätverkstidsprotokoll +*[OCI]: Initiativ för öppna behållare +*[OCSP]: Certifikatstatus online +*[OEM]: Originalutrustningstillverkare +*[OEMs]: Originalutrustningstillverkare +*[OS]: Operativsystem +*[OTP]: Engångslösenord +*[OTPs]: Engångslösenord +*[OpenPGP]: Implementering av Pretty Good Privacy (PGP) med öppen källkod +*[P2P]: Peer-To-Peer +*[PAM]: Linux Pluggable autentiseringsmoduler +*[POP3]: Postkontorets protokoll 3 +*[PGP]: Pretty Good Privacy (se OpenPGP) +*[PII]: Personligt identifierbar information +*[QNAME]: Kvalificerat namn +*[rullande utgåva]: Uppdateringar som släpps ofta i stället för med fasta intervaller +*[RSS]: Riktigt enkel syndikering +*[SELinux]: Linux med förbättrad säkerhet +*[SIM]: Modul för abonnentidentitet +*[SMS]: Short Message Service (standardiserade textmeddelanden) +*[SMTP]: Protokoll för enkel överföring av e-post (Simple Mail Transfer Protocol) +*[SNI]: Serverns namnindikering +*[SSD]: Ssd-disk +*[SSH]: Säkert skal +*[SUID]: Ange ägarens användar-ID +*[SaaS]: Programvara som tjänst (molnprogramvara) +*[SoC]: System på chip *[SSO]: Single sign-on -*[TCP]: Transmission Control Protocol -*[TEE]: Trusted Execution Environment -*[TLS]: Transport Layer Security -*[ToS]: Terms of Service -*[TOTP]: Time-based One-Time Password -*[TPM]: Trusted Platform Module -*[U2F]: Universal 2nd Factor -*[UEFI]: Unified Extensible Firmware Interface -*[UDP]: User Datagram Protocol -*[VPN]: Virtual Private Network -*[VoIP]: Voice over IP (Internet Protocol) +*[TCP]: Protokoll för överföringskontroll +*[TEE]: Miljö för tillförlitlig utförande +*[TLS]: Säkerhet för transportlager +*[ToS]: Användarvillkor +*[TOTP]: Tidsbaserat engångslösenord +*[TPM]: Modul för betrodd plattform +*[U2F]: Universell 2-faktor +*[UEFI]: Unified Extensible Firmware-gränssnitt +*[UDP]: Användardatagramprotokoll +*[VPN]: Virtuella privata servrar +*[VoIP]: Röst över IP (Internet Protocol) *[W3C]: World Wide Web Consortium -*[XMPP]: Extensible Messaging and Presence Protocol -*[PWA]: Progressive Web App +*[XMPP]: Utökningsbart meddelande- och närvaroprotokoll +*[PWA]: Progressiv webbapp diff --git a/includes/abbreviations.tr.txt b/includes/abbreviations.tr.txt index 48a0974d..0ac7c92a 100644 --- a/includes/abbreviations.tr.txt +++ b/includes/abbreviations.tr.txt @@ -1,13 +1,13 @@ -*[2FA]: 2-Factor Authentication -*[ADB]: Android Debug Bridge -*[AOSP]: Android Open Source Project -*[ATA]: Advanced Technology Attachment -*[attack surface]: The total number of possible entry points for unauthorized access to a system -*[AVB]: Android Verified Boot -*[cgroups]: Control Groups -*[CLI]: Command Line Interface -*[CSV]: Comma-Separated Values -*[CVE]: Common Vulnerabilities and Exposures +*[2FA]: Çift Faktörlü Doğrulama +*[ADB]: Android Hata Ayıklama Köprüsü +*[AOSP]: Android Açık Kaynak Projesi +*[ATA]: İleri Teknoloji Eklentisi +*[attack surface]: Bir sisteme yetkisiz erişim için olası giriş noktalarının toplam sayısı +*[AVB]: Android Onaylanmış Önyükleme +*[cgroups]: Kontrol Grupları +*[CLI]: Komut satırı arayüzü +*[CSV]: CSV Dosyası +*[CVE]: Yaygın Güvenlik Açıkları ve Maruziyetler *[Digital Legacy]: Digital Legacy refers to features that allow you to give other people access to your data when you die *[DNSSEC]: Domain Name System Security Extensions *[DNS]: Domain Name System @@ -15,11 +15,11 @@ *[DoQ]: DNS over QUIC *[DoH3]: DNS over HTTP/3 *[DoT]: DNS over TLS -*[E2EE]: End-to-End Encryption/Encrypted +*[E2EE]: Uçtan Uca Şifreleme/Şifreli *[ECS]: EDNS Client Subnet *[EEA]: European Economic Area *[entropy]: A measurement of how unpredictable something is -*[EOL]: End-of-Life +*[EOL]: Kullanım Ömrü Sonu *[Exif]: Exchangeable image file format *[FCM]: Firebase Cloud Messaging *[FDE]: Full Disk Encryption diff --git a/theme/overrides/home.ar.html b/theme/overrides/home.ar.html index bf86298b..f807e3e8 100644 --- a/theme/overrides/home.ar.html +++ b/theme/overrides/home.ar.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.bn.html b/theme/overrides/home.bn.html index 21a3cd39..f6798f88 100644 --- a/theme/overrides/home.bn.html +++ b/theme/overrides/home.bn.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.de.html b/theme/overrides/home.de.html index 5712bf27..bef45545 100644 --- a/theme/overrides/home.de.html +++ b/theme/overrides/home.de.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.el.html b/theme/overrides/home.el.html index bf86298b..9aff711c 100644 --- a/theme/overrides/home.el.html +++ b/theme/overrides/home.el.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} @@ -10,10 +10,10 @@
    -

    The guide to restoring your online privacy.

    -

    Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.

    +

    Ο οδηγός για την αποκατάσταση του διαδικτυακού απορρήτου σας.

    +

    Μαζικές οργανώσεις παρακολουθούν τις δραστηριότητές σας στο διαδίκτυο. Ο οδηγός Privacy Guides είναι η κεντρική πηγή προστασίας του απορρήτου σας και της ασφάλειας στο διαδίκτυο.

    - Start Your Privacy Journey + Ξεκινήστε το ταξίδι απορρήτου σας Recommended Tools diff --git a/theme/overrides/home.eo.html b/theme/overrides/home.eo.html index bf86298b..f807e3e8 100644 --- a/theme/overrides/home.eo.html +++ b/theme/overrides/home.eo.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.es.html b/theme/overrides/home.es.html index 653ee850..d850d8ef 100644 --- a/theme/overrides/home.es.html +++ b/theme/overrides/home.es.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.fa.html b/theme/overrides/home.fa.html index 521592d4..0f60e304 100644 --- a/theme/overrides/home.fa.html +++ b/theme/overrides/home.fa.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.fr.html b/theme/overrides/home.fr.html index f7072096..d336d37d 100644 --- a/theme/overrides/home.fr.html +++ b/theme/overrides/home.fr.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.he.html b/theme/overrides/home.he.html index 0c9f5ea6..f533f4c8 100644 --- a/theme/overrides/home.he.html +++ b/theme/overrides/home.he.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.hi.html b/theme/overrides/home.hi.html index bf86298b..f807e3e8 100644 --- a/theme/overrides/home.hi.html +++ b/theme/overrides/home.hi.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.hu.html b/theme/overrides/home.hu.html index 3ea08019..245469a7 100644 --- a/theme/overrides/home.hu.html +++ b/theme/overrides/home.hu.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.id.html b/theme/overrides/home.id.html index 0d871b82..36fd23f9 100644 --- a/theme/overrides/home.id.html +++ b/theme/overrides/home.id.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.it.html b/theme/overrides/home.it.html index d48f3b98..7eb4ff2f 100644 --- a/theme/overrides/home.it.html +++ b/theme/overrides/home.it.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.ku.html b/theme/overrides/home.ku.html new file mode 100644 index 00000000..f807e3e8 --- /dev/null +++ b/theme/overrides/home.ku.html @@ -0,0 +1,25 @@ +{% extends "schema.html" %} +{% block extrahead %} + + {{ super() }} +{% endblock %} +{% block tabs %} + {{ super() }} + +
    +
    +
    +
    +

    The guide to restoring your online privacy.

    +

    Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.

    +     + Start Your Privacy Journey + + + Recommended Tools + +
    +
    +
    +
    +{% endblock %} diff --git a/theme/overrides/home.nl.html b/theme/overrides/home.nl.html index 9d03ecb3..e125f8ec 100644 --- a/theme/overrides/home.nl.html +++ b/theme/overrides/home.nl.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.pl.html b/theme/overrides/home.pl.html index 7e838f94..00b4cd7a 100644 --- a/theme/overrides/home.pl.html +++ b/theme/overrides/home.pl.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.pt-BR.html b/theme/overrides/home.pt-BR.html index d04d8932..2938cff6 100644 --- a/theme/overrides/home.pt-BR.html +++ b/theme/overrides/home.pt-BR.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.pt.html b/theme/overrides/home.pt.html index bf86298b..f807e3e8 100644 --- a/theme/overrides/home.pt.html +++ b/theme/overrides/home.pt.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.ru.html b/theme/overrides/home.ru.html index 5987d091..87bb570f 100644 --- a/theme/overrides/home.ru.html +++ b/theme/overrides/home.ru.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.sv.html b/theme/overrides/home.sv.html index bf86298b..6ae069f8 100644 --- a/theme/overrides/home.sv.html +++ b/theme/overrides/home.sv.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} @@ -10,13 +10,13 @@
    -

    The guide to restoring your online privacy.

    -

    Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.

    - - Start Your Privacy Journey +

    En guide till hur du återställer din integritet på nätet.

    +

    Stora organisationer övervakar dina aktiviteter på nätet. Privacy Guides är din centrala resurs för integritet och säkerhet för att skydda dig själv på nätet.

    +     + Börja din resa i integritetsfrågor - - Recommended Tools + + Rekommenderade verktyg
    diff --git a/theme/overrides/home.tr.html b/theme/overrides/home.tr.html index 67eaf974..c1864c0d 100644 --- a/theme/overrides/home.tr.html +++ b/theme/overrides/home.tr.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.uk.html b/theme/overrides/home.uk.html index 85ed214e..67756ab4 100644 --- a/theme/overrides/home.uk.html +++ b/theme/overrides/home.uk.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.vi.html b/theme/overrides/home.vi.html index 9fdb1d64..099caa6e 100644 --- a/theme/overrides/home.vi.html +++ b/theme/overrides/home.vi.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.zh-Hant.html b/theme/overrides/home.zh-Hant.html index 58b5dca1..4abf1f67 100644 --- a/theme/overrides/home.zh-Hant.html +++ b/theme/overrides/home.zh-Hant.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }} diff --git a/theme/overrides/home.zh.html b/theme/overrides/home.zh.html index b357a998..4539acae 100644 --- a/theme/overrides/home.zh.html +++ b/theme/overrides/home.zh.html @@ -1,4 +1,4 @@ -{% extends "main.html" %} +{% extends "schema.html" %} {% block extrahead %} {{ super() }}